wanda: new host (NixOS-WSL)

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-02-08 22:23:05 +03:00 · 2026-02-08 22:23:05 +03:00 · 3640ca2a81
commit 3640ca2a81
parent 7b5e5f218b
66 changed files with 914 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -593,6 +593,29 @@
              inputs.nix-mineral.nixosModules.nix-mineral
            ];
          };
+
+          # WSL2
+          "wanda" = inputs.nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            specialArgs = {
+              inherit
+                inputs
+                self
+                ;
+            };
+
+            modules = [
+              "${self}/wanda/"
+              inputs.agenix.nixosModules.default
+              inputs.nixos-wsl.nixosModules.default
+              inputs.stylix.nixosModules.stylix
+              inputs.home-manager.nixosModules.default
+              inputs.sops-nix.nixosModules.sops
+              inputs.nix-index-database.nixosModules.nix-index
+              inputs.nix-bwrapper.nixosModules.default
+              inputs.nix-mineral.nixosModules.nix-mineral
+            ];
+          };
        };

        # deploy-rs
--- a/wanda/console/console.nix
+++ b/wanda/console/console.nix
@ -0,0 +1,5 @@
+_: {
+  console = {
+    useXkbConfig = true;
+  };
+}
--- a/wanda/default.nix
+++ b/wanda/default.nix
@ -0,0 +1,89 @@
+{self, ...}: {
+  imports = [
+    "${self}/wanda/console/console.nix"
+
+    "${self}/wanda/environment/systemPackages.nix"
+    "${self}/wanda/environment/variables.nix"
+
+    "${self}/wanda/hardware/zram.nix"
+    "${self}/wanda/hardware/"
+
+    "${self}/wanda/home-manager/users.nix"
+
+    "${self}/wanda/i18n/locales.nix"
+
+    "${self}/wanda/networking/dhcp.nix"
+    "${self}/wanda/networking/firewall.nix"
+    "${self}/wanda/networking/hostname.nix"
+    "${self}/wanda/networking/networkmanager.nix"
+    "${self}/wanda/networking/wireguard.nix"
+    "${self}/wanda/networking/nameservers.nix"
+    "${self}/wanda/networking/hosts.nix"
+    "${self}/wanda/networking/hostId.nix"
+
+    "${self}/wanda/nix/package.nix"
+    "${self}/wanda/nix/settings/allowed-users.nix"
+    "${self}/wanda/nix/settings/experimental-features.nix"
+    "${self}/wanda/nix/settings/substituters.nix"
+    "${self}/wanda/nix/settings/trusted-public-keys.nix"
+    "${self}/wanda/nix/settings/trusted-substituters.nix"
+    "${self}/wanda/nix/settings/trusted-users.nix"
+    "${self}/wanda/nix/settings/auto-optimise-store.nix"
+
+    "${self}/wanda/nixpkgs/config.nix"
+    "${self}/wanda/nixpkgs/system.nix"
+
+    "${self}/wanda/programs/nh.nix"
+    "${self}/wanda/programs/ssh.nix"
+
+    "${self}/wanda/security/polkit.nix"
+    "${self}/wanda/security/rtkit.nix"
+    "${self}/wanda/security/sudo.nix"
+    "${self}/wanda/security/sudo-rs.nix"
+    "${self}/wanda/security/pam/yubico.nix"
+
+    "${self}/wanda/services/greetd.nix"
+    "${self}/wanda/services/libinput.nix"
+    "${self}/wanda/services/openssh.nix"
+    "${self}/wanda/services/pipewire.nix"
+    "${self}/wanda/services/netbird.nix"
+    "${self}/wanda/services/qmk.nix"
+    "${self}/wanda/services/scx.nix"
+    "${self}/wanda/services/xserver.nix"
+    "${self}/wanda/services/sunshine.nix"
+    "${self}/wanda/services/usbmuxd.nix"
+    "${self}/wanda/services/irqbalance.nix"
+    "${self}/wanda/services/yubikey-agent.nix"
+    "${self}/wanda/services/resolved.nix"
+
+    "${self}/wanda/sops/defaults.nix"
+    "${self}/wanda/sops/secrets.nix"
+
+    "${self}/hand7s/stylix/base16Scheme.nix"
+    "${self}/hand7s/stylix/cursor.nix"
+    "${self}/hand7s/stylix/defaults.nix"
+    "${self}/hand7s/stylix/fonts.nix"
+    "${self}/hand7s/stylix/image.nix"
+
+    "${self}/wanda/system/name.nix"
+    "${self}/wanda/system/stateVersion.nix"
+
+    "${self}/wanda/systemd/oomd.nix"
+    "${self}/wanda/systemd/slices/system-slice.nix"
+    "${self}/wanda/systemd/slices/user-slice.nix"
+    "${self}/wanda/systemd/slices/root-slice.nix"
+
+    "${self}/wanda/time/timeZone.nix"
+
+    "${self}/wanda/users/users/hand7s.nix"
+    "${self}/wanda/users/users/root.nix"
+    "${self}/wanda/users/mutableUsers.nix"
+
+    "${self}/wanda/wsl/"
+    "${self}/wanda/wsl/wslConf.nix"
+
+    "${self}/wanda/xdg/icons.nix"
+    "${self}/wanda/xdg/mime.nix"
+    "${self}/wanda/xdg/portal.nix"
+  ];
+}
--- a/wanda/environment/systemPackages.nix
+++ b/wanda/environment/systemPackages.nix
@ -0,0 +1,17 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  environment = {
+    systemPackages = with pkgs; [
+      (lib.hiPrio uutils-coreutils-noprefix)
+      uutils-findutils
+      uutils-diffutils
+      xdg-desktop-portal
+      xdg-desktop-portal-gtk
+      xdg-desktop-portal-hyprland
+      home-manager
+    ];
+  };
+}
--- a/wanda/environment/variables.nix
+++ b/wanda/environment/variables.nix
@ -0,0 +1,17 @@
+{config, ...}: {
+  environment = {
+    variables = {
+      AMD_VULKAN_ICD = "AMDVLK";
+      HOSTNAME = config.networking.hostName;
+      QT_QPA_PLATFORM = "wayland";
+      SDL_VIDEODRIVER = "wayland";
+      CLUTTER_BACKEND = "wayland";
+      GDK_BACKEND = "wayland";
+      NIXPKGS_ALLOW_UNFREE = "1";
+      NIXPKGS_ALLOW_INSECURE = "1";
+      NIXOS_OZONE_WL = "1";
+      GRIMBLAST_HIDE_CURSOR = "0";
+      TERM = "xterm-256color";
+    };
+  };
+}
--- a/wanda/hardware/default.nix
+++ b/wanda/hardware/default.nix
@ -0,0 +1,8 @@
+_: {
+  hardware = {
+    enableAllFirmware = true;
+    enableAllHardware = true;
+    enableRedistributableFirmware = true;
+    firmwareCompression = "zstd";
+  };
+}
--- a/wanda/hardware/zram.nix
+++ b/wanda/hardware/zram.nix
@ -0,0 +1,8 @@
+_: {
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+    priority = 100;
+    memoryPercent = 100;
+  };
+}
--- a/wanda/home-manager/users.nix
+++ b/wanda/home-manager/users.nix
@ -0,0 +1,28 @@
+{self, ...}: {
+  home-manager = {
+    users = {
+      "hand7s" = {
+        imports = [
+          "${self}/hand7s/"
+          self.inputs.agenix.homeManagerModules.default
+          self.inputs.agenix.homeManagerModules.default
+          self.inputs.spicetify-nix.homeManagerModules.default
+          self.inputs.hyprland.homeManagerModules.default
+          self.inputs.chaotic.homeManagerModules.default
+          self.inputs.sops-nix.homeManagerModules.sops
+
+          self.inputs.nix-index-database.homeModules.nix-index
+          self.inputs.noctalia.homeModules.default
+        ];
+      };
+    };
+
+    backupFileExtension = "force";
+
+    extraSpecialArgs = {
+      inherit
+        self
+        ;
+    };
+  };
+}
--- a/wanda/i18n/locales.nix
+++ b/wanda/i18n/locales.nix
@ -0,0 +1,9 @@
+_: {
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    supportedLocales = [
+      "en_US.UTF-8/UTF-8"
+      "ru_RU.UTF-8/UTF-8"
+    ];
+  };
+}
--- a/wanda/networking/dhcp.nix
+++ b/wanda/networking/dhcp.nix
@ -0,0 +1,10 @@
+{lib, ...}: {
+  networking = {
+    useDHCP = lib.mkDefault true;
+    dhcpcd = {
+      enable = true;
+      persistent = false;
+      wait = "any";
+    };
+  };
+}
--- a/wanda/networking/firewall.nix
+++ b/wanda/networking/firewall.nix
@ -0,0 +1,8 @@
+_: {
+  networking = {
+    firewall = {
+      allowPing = true;
+      enable = true;
+    };
+  };
+}
--- a/wanda/networking/hostId.nix
+++ b/wanda/networking/hostId.nix
@ -0,0 +1,5 @@
+_: {
+  networking = {
+    hostId = "5c79d468";
+  };
+}
--- a/wanda/networking/hostname.nix
+++ b/wanda/networking/hostname.nix
@ -0,0 +1,5 @@
+_: {
+  networking = {
+    hostName = "wanda";
+  };
+}
--- a/wanda/networking/hosts.nix
+++ b/wanda/networking/hosts.nix
@ -0,0 +1,7 @@
+_: {
+  networking = {
+    hosts = {
+      # nope.
+    };
+  };
+}
--- a/wanda/networking/nameservers.nix
+++ b/wanda/networking/nameservers.nix
@ -0,0 +1,29 @@
+_: {
+  networking = {
+    nameservers = [
+      # cf dns
+      "1.1.1.1"
+      "1.0.0.1"
+      "2606:4700:4700::1111"
+      "2606:4700:4700::1001"
+
+      # google dns
+      "8.8.8.8"
+      "8.8.4.4"
+      "2001:4860:4860::8888"
+      "2001:4860:4860::8844"
+
+      # q9 dns
+      "9.9.9.9"
+      "149.112.112.112"
+      "2620:fe::fe"
+      "2620:fe::9"
+
+      # open dns
+      "208.67.222.222"
+      "208.67.220.220"
+      "2620:119:35::35"
+      "2620:119:53::53"
+    ];
+  };
+}
--- a/wanda/networking/networkmanager.nix
+++ b/wanda/networking/networkmanager.nix
@ -0,0 +1,9 @@
+_: {
+  networking = {
+    networkmanager = {
+      enable = false;
+    };
+
+    useNetworkd = true;
+  };
+}
--- a/wanda/networking/timeServers.nix
+++ b/wanda/networking/timeServers.nix
@ -0,0 +1,10 @@
+_: {
+  networking = {
+    timeServers = [
+      "0.nixos.pool.ntp.org"
+      "1.nixos.pool.ntp.org"
+      "2.nixos.pool.ntp.org"
+      "3.nixos.pool.ntp.org"
+    ];
+  };
+}
--- a/wanda/networking/wireguard.nix
+++ b/wanda/networking/wireguard.nix
@ -0,0 +1,7 @@
+_: {
+  networking = {
+    wireguard = {
+      enable = true;
+    };
+  };
+}
--- a/wanda/nix/package.nix
+++ b/wanda/nix/package.nix
@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  nix = {
+    package = pkgs.nixVersions.latest;
+  };
+}
--- a/wanda/nix/settings/allowed-users.nix
+++ b/wanda/nix/settings/allowed-users.nix
@ -0,0 +1,10 @@
+_: {
+  nix = {
+    settings = {
+      sandbox = true;
+      allowed-users = [
+        "@wheel"
+      ];
+    };
+  };
+}
--- a/wanda/nix/settings/auto-optimise-store.nix
+++ b/wanda/nix/settings/auto-optimise-store.nix
@ -0,0 +1,7 @@
+_: {
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+    };
+  };
+}
--- a/wanda/nix/settings/experimental-features.nix
+++ b/wanda/nix/settings/experimental-features.nix
@ -0,0 +1,10 @@
+_: {
+  nix = {
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+    };
+  };
+}
--- a/wanda/nix/settings/substituters.nix
+++ b/wanda/nix/settings/substituters.nix
@ -0,0 +1,19 @@
+_: {
+  nix = {
+    settings = {
+      substituters = [
+        # cache.nixos.org
+        "https://cache.nixos.org"
+        # cache.garnix.org
+        "https://cache.garnix.io"
+        # cachix
+        "https://nix-community.cachix.org/"
+        "https://chaotic-nyx.cachix.org/"
+        "https://hyprland.cachix.org"
+        "https://chaotic-nyx.cachix.org/"
+        # nix-community
+        "https://hydra.nix-community.org/"
+      ];
+    };
+  };
+}
--- a/wanda/nix/settings/trusted-public-keys.nix
+++ b/wanda/nix/settings/trusted-public-keys.nix
@ -0,0 +1,19 @@
+_: {
+  nix = {
+    settings = {
+      trusted-public-keys = [
+        # cache.nixos.org
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        # cache.garnix.io
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        # cachix.org
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+        "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
+      ];
+    };
+  };
+}
--- a/wanda/nix/settings/trusted-substituters.nix
+++ b/wanda/nix/settings/trusted-substituters.nix
@ -0,0 +1,19 @@
+_: {
+  nix = {
+    settings = {
+      trusted-substituters = [
+        # cache.nixos.org
+        "https://nixos-cache-proxy.cofob.dev"
+        "https://cache.nixos.org"
+        # cache.garnix.org
+        "https://cache.garnix.io"
+        # cachix
+        "https://nix-community.cachix.org/"
+        "https://chaotic-nyx.cachix.org/"
+        "https://ags.cachix.org"
+        "https://hyprland.cachix.org"
+        "https://chaotic-nyx.cachix.org/"
+      ];
+    };
+  };
+}
--- a/wanda/nix/settings/trusted-users.nix
+++ b/wanda/nix/settings/trusted-users.nix
@ -0,0 +1,9 @@
+_: {
+  nix = {
+    settings = {
+      trusted-users = [
+        "@wheel"
+      ];
+    };
+  };
+}
--- a/wanda/nixpkgs/config.nix
+++ b/wanda/nixpkgs/config.nix
@ -0,0 +1,8 @@
+_: {
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+    };
+  };
+}
--- a/wanda/nixpkgs/overlays.nix
+++ b/wanda/nixpkgs/overlays.nix
@ -0,0 +1,6 @@
+_: {
+  nixpkgs = {
+    overlays = [
+    ];
+  };
+}
--- a/wanda/nixpkgs/system.nix
+++ b/wanda/nixpkgs/system.nix
@ -0,0 +1,6 @@
+_: {
+  nixpkgs = {
+    system = "x86_64-linux";
+    hostPlatform = "x86_64-linux";
+  };
+}
--- a/wanda/programs/nh.nix
+++ b/wanda/programs/nh.nix
@ -0,0 +1,12 @@
+_: {
+  programs = {
+    nh = {
+      enable = true;
+      clean = {
+        enable = true;
+        dates = "weekly";
+        extraArgs = "--keep 2 --keep-since 2d";
+      };
+    };
+  };
+}
--- a/wanda/programs/ssh.nix
+++ b/wanda/programs/ssh.nix
@ -0,0 +1,8 @@
+_: {
+  programs = {
+    ssh = {
+      startAgent = true;
+      agentTimeout = "12h";
+    };
+  };
+}
--- a/wanda/security/pam/yubico.nix
+++ b/wanda/security/pam/yubico.nix
@ -0,0 +1,15 @@
+_: {
+  security = {
+    pam = {
+      yubico = {
+        enable = false;
+        debug = true;
+        mode = "challenge-response";
+        control = "sufficient";
+        id = [
+          "1873055870"
+        ];
+      };
+    };
+  };
+}
--- a/wanda/security/polkit.nix
+++ b/wanda/security/polkit.nix
@ -0,0 +1,10 @@
+_: {
+  security = {
+    polkit = {
+      enable = true;
+      adminIdentities = [
+        "unix-group:wheel"
+      ];
+    };
+  };
+}
--- a/wanda/security/rtkit.nix
+++ b/wanda/security/rtkit.nix
@ -0,0 +1,7 @@
+_: {
+  security = {
+    rtkit = {
+      enable = true;
+    };
+  };
+}
--- a/wanda/security/sudo-rs.nix
+++ b/wanda/security/sudo-rs.nix
@ -0,0 +1,9 @@
+_: {
+  security = {
+    sudo-rs = {
+      enable = true;
+      wheelNeedsPassword = true;
+      execWheelOnly = true;
+    };
+  };
+}
--- a/wanda/security/sudo.nix
+++ b/wanda/security/sudo.nix
@ -0,0 +1,7 @@
+{lib, ...}: {
+  security = {
+    sudo = {
+      enable = lib.mkDefault false;
+    };
+  };
+}
--- a/wanda/services/greetd.nix
+++ b/wanda/services/greetd.nix
@ -0,0 +1,18 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  services = {
+    greetd = {
+      enable = true;
+      restart = false;
+      settings = {
+        default_session = {
+          command = "${lib.getExe pkgs.tuigreet} -r -t -c ${lib.getExe' pkgs.hyprland "start-hyprland"} --greet-align center";
+          user = "greeter";
+        };
+      };
+    };
+  };
+}
--- a/wanda/services/irqbalance.nix
+++ b/wanda/services/irqbalance.nix
@ -0,0 +1,7 @@
+_: {
+  services = {
+    irqbalance = {
+      enable = true;
+    };
+  };
+}
--- a/wanda/services/libinput.nix
+++ b/wanda/services/libinput.nix
@ -0,0 +1,15 @@
+_: {
+  services = {
+    libinput = {
+      enable = true;
+      mouse = {
+        accelProfile = "flat";
+        accelSpeed = "-1.0";
+        buttonMapping = "1 2 3 4 5 6 7 8 9";
+        horizontalScrolling = true;
+        leftHanded = false;
+        naturalScrolling = true;
+      };
+    };
+  };
+}
--- a/wanda/services/netbird.nix
+++ b/wanda/services/netbird.nix
@ -0,0 +1,7 @@
+_: {
+  services = {
+    netbird = {
+      enable = true;
+    };
+  };
+}
--- a/wanda/services/openssh.nix
+++ b/wanda/services/openssh.nix
@ -0,0 +1,22 @@
+{config, ...}: {
+  services = {
+    openssh = {
+      enable = true;
+      allowSFTP = true;
+      openFirewall = true;
+      ports = [
+        48630
+      ];
+
+      settings = {
+        PrintMotd = false;
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+
+      authorizedKeysFiles = [
+        config.sops.secrets.sshKey.path
+      ];
+    };
+  };
+}
--- a/wanda/services/pipewire.nix
+++ b/wanda/services/pipewire.nix
@ -0,0 +1,66 @@
+_: {
+  services = {
+    pipewire = {
+      enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+
+      audio = {
+        enable = true;
+      };
+
+      pulse = {
+        enable = true;
+      };
+
+      jack = {
+        enable = true;
+      };
+
+      wireplumber = {
+        enable = true;
+      };
+
+      extraConfig = {
+        pipewire = {
+          # PIPEWIRE_PROPS=node.force-rate=0
+          "92-low-latency" = {
+            "context.properties" = {
+              "default.clock.rate" = 48000;
+              "default.clock.allowed-rates" = [
+                44100
+                48000
+                88200
+                96000
+              ];
+
+              "default.clock.min-quantum" = 512;
+              "default.clock.quantum" = 4096;
+              "default.clock.max-quantum" = 8192;
+            };
+          };
+
+          "93-no-resampling" = {
+            "context.properties" = {
+              "default.clock.rate" = 48000;
+              "default.clock.allowed-rates" = [
+                44100
+                48000
+                96000
+                192000
+              ];
+            };
+          };
+
+          "94-no-upmixing" = {
+            "stream.properties" = {
+              "channelmix.upmix" = false;
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/wanda/services/qmk.nix
+++ b/wanda/services/qmk.nix
@ -0,0 +1,9 @@
+{pkgs, ...}: {
+  services = {
+    udev = {
+      packages = with pkgs; [
+        qmk-udev-rules
+      ];
+    };
+  };
+}
--- a/wanda/services/resolved.nix
+++ b/wanda/services/resolved.nix
@ -0,0 +1,39 @@
+_: {
+  services = {
+    resolved = {
+      enable = true;
+      dnsovertls = "true";
+      dnssec = "true";
+      llmnr = "true";
+      domains = [
+        "~."
+      ];
+
+      fallbackDns = [
+        # cf dns
+        "1.1.1.1"
+        "1.0.0.1"
+        "2606:4700:4700::1111"
+        "2606:4700:4700::1001"
+
+        # google dns
+        "8.8.8.8"
+        "8.8.4.4"
+        "2001:4860:4860::8888"
+        "2001:4860:4860::8844"
+
+        # q9 dns
+        "9.9.9.9"
+        "149.112.112.112"
+        "2620:fe::fe"
+        "2620:fe::9"
+
+        # open dns
+        "208.67.222.222"
+        "208.67.220.220"
+        "2620:119:35::35"
+        "2620:119:53::53"
+      ];
+    };
+  };
+}
--- a/wanda/services/scx.nix
+++ b/wanda/services/scx.nix
@ -0,0 +1,8 @@
+_: {
+  services = {
+    scx = {
+      enable = true;
+      scheduler = "scx_cosmos";
+    };
+  };
+}
--- a/wanda/services/sunshine.nix
+++ b/wanda/services/sunshine.nix
@ -0,0 +1,10 @@
+_: {
+  services = {
+    sunshine = {
+      enable = true;
+      capSysAdmin = true;
+      openFirewall = true;
+      autoStart = true;
+    };
+  };
+}
--- a/wanda/services/usbmuxd.nix
+++ b/wanda/services/usbmuxd.nix
@ -0,0 +1,8 @@
+{pkgs, ...}: {
+  services = {
+    usbmuxd = {
+      enable = true;
+      package = pkgs.usbmuxd2;
+    };
+  };
+}
--- a/wanda/services/xserver.nix
+++ b/wanda/services/xserver.nix
@ -0,0 +1,26 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  services = {
+    xserver = {
+      display = lib.mkForce 0;
+      enable = true;
+
+      excludePackages = with pkgs; [
+        xterm
+      ];
+
+      videoDrivers = [
+        "modesetting"
+      ];
+
+      xkb = {
+        layout = "us, ru";
+        variant = "";
+        options = "grp:caps_toggle";
+      };
+    };
+  };
+}
--- a/wanda/services/yubikey-agent.nix
+++ b/wanda/services/yubikey-agent.nix
@ -0,0 +1,8 @@
+{pkgs, ...}: {
+  services = {
+    yubikey-agent = {
+      package = pkgs.yubikey-agent;
+      enable = false;
+    };
+  };
+}
--- a/wanda/services/zerotier.nix
+++ b/wanda/services/zerotier.nix
@ -0,0 +1,10 @@
+_: {
+  services = {
+    zerotierone = {
+      enable = true;
+      joinNetworks = [
+        #
+      ];
+    };
+  };
+}
--- a/wanda/system/name.nix
+++ b/wanda/system/name.nix
@ -0,0 +1,5 @@
+{config, ...}: {
+  system = {
+    name = config.networking.hostName;
+  };
+}
--- a/wanda/system/stateVersion.nix
+++ b/wanda/system/stateVersion.nix
@ -0,0 +1,5 @@
+{config, ...}: {
+  system = {
+    stateVersion = config.system.nixos.release;
+  };
+}
--- a/wanda/systemd/oomd.nix
+++ b/wanda/systemd/oomd.nix
@ -0,0 +1,10 @@
+_: {
+  systemd = {
+    oomd = {
+      enable = true;
+      enableUserSlices = true;
+      enableSystemSlice = true;
+      enableRootSlice = true;
+    };
+  };
+}
--- a/wanda/systemd/slices/root-slice.nix
+++ b/wanda/systemd/slices/root-slice.nix
@ -0,0 +1,14 @@
+_: {
+  systemd = {
+    slices = {
+      root = {
+        sliceConfig = {
+          ManagedOOMSwap = "kill";
+          ManagedOOMMemoryPressure = "kill";
+          ManagedOOMMemoryPressureLimit = "40%";
+          ManagedOOMMemoryPressureDurationSec = 0;
+        };
+      };
+    };
+  };
+}
--- a/wanda/systemd/slices/system-slice.nix
+++ b/wanda/systemd/slices/system-slice.nix
@ -0,0 +1,14 @@
+_: {
+  systemd = {
+    slices = {
+      system = {
+        sliceConfig = {
+          ManagedOOMSwap = "kill";
+          ManagedOOMMemoryPressure = "kill";
+          ManagedOOMMemoryPressureLimit = "40%";
+          ManagedOOMMemoryPressureDurationSec = 0;
+        };
+      };
+    };
+  };
+}
--- a/wanda/systemd/slices/user-slice.nix
+++ b/wanda/systemd/slices/user-slice.nix
@ -0,0 +1,14 @@
+_: {
+  systemd = {
+    slices = {
+      user = {
+        sliceConfig = {
+          ManagedOOMSwap = "kill";
+          ManagedOOMMemoryPressure = "kill";
+          ManagedOOMMemoryPressureLimit = "40%";
+          ManagedOOMMemoryPressureDurationSec = 0;
+        };
+      };
+    };
+  };
+}
--- a/wanda/time/timeZone.nix
+++ b/wanda/time/timeZone.nix
@ -0,0 +1,6 @@
+_: {
+  time = {
+    timeZone = "Europe/Moscow";
+    hardwareClockInLocalTime = true;
+  };
+}
--- a/wanda/users/mutableUsers.nix
+++ b/wanda/users/mutableUsers.nix
@ -0,0 +1,5 @@
+_: {
+  users = {
+    mutableUsers = false;
+  };
+}
--- a/wanda/users/users/hand7s.nix
+++ b/wanda/users/users/hand7s.nix
@ -0,0 +1,15 @@
+_: {
+  users = {
+    users = {
+      "hand7s" = {
+        description = "me";
+        isSystemUser = false;
+        isNormalUser = true;
+        initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/";
+        extraGroups = [
+          "wheel"
+        ];
+      };
+    };
+  };
+}
--- a/wanda/users/users/root.nix
+++ b/wanda/users/users/root.nix
@ -0,0 +1,9 @@
+_: {
+  users = {
+    users = {
+      "root" = {
+        initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0";
+      };
+    };
+  };
+}
--- a/wanda/virtualisation/docker.nix
+++ b/wanda/virtualisation/docker.nix
@ -0,0 +1,10 @@
+_: {
+  virtualisation = {
+    docker = {
+      enable = true;
+      rootless = {
+        enable = true;
+      };
+    };
+  };
+}
--- a/wanda/wsl/default.nix
+++ b/wanda/wsl/default.nix
@ -0,0 +1,8 @@
+_: {
+  wsl = {
+    enable = true;
+    defaultUser = "hand7s";
+    startMenuLaunchers = true;
+    useWindowsDriver = true;
+  };
+}
--- a/wanda/wsl/wslConf.nix
+++ b/wanda/wsl/wslConf.nix
@ -0,0 +1,13 @@
+_: {
+  wsl = {
+    wslConf = {
+      automount = {
+        enable = true;
+      };
+
+      user = {
+        default = "hand7s";
+      };
+    };
+  };
+}
--- a/wanda/xdg/icons.nix
+++ b/wanda/xdg/icons.nix
@ -0,0 +1,7 @@
+_: {
+  xdg = {
+    icons = {
+      enable = true;
+    };
+  };
+}
--- a/wanda/xdg/mime.nix
+++ b/wanda/xdg/mime.nix
@ -0,0 +1,11 @@
+_: {
+  xdg = {
+    mime = {
+      enable = true;
+      defaultApplications = {
+        "x-scheme-handler/http" = "google-chrome.desktop";
+        "x-scheme-handler/https" = "google-chrome.desktop";
+      };
+    };
+  };
+}
--- a/wanda/xdg/portal.nix
+++ b/wanda/xdg/portal.nix
@ -0,0 +1,35 @@
+{pkgs, ...}: {
+  xdg = {
+    portal = {
+      enable = true;
+
+      config = {
+        common = {
+          "org.freedesktop.impl.portal.FileChooser" = "termfilechooser";
+
+          default = [
+            "gtk"
+          ];
+        };
+
+        hyprland = {
+          "org.freedesktop.impl.portal.FileChooser" = [
+            "termfilechooser"
+          ];
+
+          preferred = [
+            "gtk"
+            "hyprland"
+          ];
+        };
+      };
+
+      extraPortals = with pkgs; [
+        xdg-desktop-portal
+        xdg-desktop-portal-gtk
+        xdg-desktop-portal-hyprland
+        xdg-desktop-portal-termfilechooser
+      ];
+    };
+  };
+}