s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

s0meMiniPC-nix -> viola: rename

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-02-08 22:18:49 +03:00
parent cbd0c3661c
commit 7b5e5f218b
72 changed files with 101 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

27
viola/boot/initrd.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"btrfs"
];
supportedFilesystems = {
vfat = true;
btrfs = true;
zfs = lib.mkForce true;
};
systemd = {
enable = true;
};
verbose = false;
};
};
}

81
viola/boot/kernel.nix Normal file
View file

@ -0,0 +1,81 @@
{
config,
lib,
...
}: {
boot = {
kernel = {
sysctl = {
"vm.swappiness" = 100;
"vm.dirty_background_bytes" = 67108864;
"vm.dirty_bytes" = 268435456;
"vm.dirty_expire_centisecs" = 1500;
"vm.dirty_writeback_centisecs" = 100;
"vm.vfs_cache_pressure" = 50;
"vm.max_map_count" = 1048576;
};
};
kernelPackages = pkgs.linuxPackages_cachyos-server;
extraModulePackages = with config.boot.kernelPackages; [
rtl8821ce
yt6801
];
kernelParams = [
"intel_pstate=passive"
"udev.log_priority=3"
"quiet"
"splash"
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"page_alloc.shuffle=1"
"page_poison=1"
"slab_nomerge"
"kernel.watchdog=0"
"oops=panic"
];
blacklistedKernelModules = [
"ax25"
"netrom"
"rose"
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"ntfs"
"omfs"
"qnx4"
"qnx6"
"sysv"
"ufs"
"sp5100-tco"
"iTCO_wdt"
"rtw88_8821ce"
];
supportedFilesystems = {
vfat = true;
btrfs = true;
zfs = lib.mkForce true;
};
consoleLogLevel = 0;
};
}

13
viola/boot/lanzaboote.nix Normal file
View file

@ -0,0 +1,13 @@
{...}: {
boot = {
lanzaboote = {
enable = false;
configurationLimit = 7;
pkiBundle = "/var/lib/sbctl";
settings = {
timeout = 2;
sortKey = "lanza";
};
};
};
}

19
viola/boot/loader/systemd-boot.nix Normal file
View file

@ -0,0 +1,19 @@
{...}: {
boot = {
loader = {
systemd-boot = {
enable = false;
sortKey = "nixos";
memtest86 = {
enable = true;
sortKey = "o_memtest86";
};
netbootxyz = {
enable = false;
sortKey = "o_netbootxyz";
};
};
};
};
}

10
viola/boot/plymouth.nix Normal file
View file

@ -0,0 +1,10 @@
{pkgs, ...}: {
boot = {
plymouth = {
enable = true;
themePackages = with pkgs; [
nixos-bgrt-plymouth
];
};
};
}

8
viola/boot/tmp.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
boot = {
tmp = {
useTmpfs = true;
cleanOnBoot = true;
};
};
}

9
viola/boot/zfs.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
boot = {
zfs = {
package = pkgs.zfs_cachyos;
allowHibernation = false;
removeLinuxDRM = false;
};
};
}

5
viola/console/console.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
console = {
useXkbConfig = true;
};
}

96
viola/default.nix Normal file
View file

@ -0,0 +1,96 @@
{self, ...}: {
imports = [
"${self}/viola/boot/initrd.nix"
"${self}/viola/boot/kernel.nix"
"${self}/viola/boot/lanzaboote.nix"
"${self}/viola/boot/plymouth.nix"
"${self}/viola/boot/tmp.nix"
"${self}/viola/boot/loader/systemd-boot.nix"
"${self}/viola/boot/zfs.nix"
"${self}/viola/disko/disk.nix"
"${self}/viola/disko/lvm_vg.nix"
"${self}/viola/console/console.nix"
"${self}/viola/environment/systemPackages.nix"
"${self}/viola/environment/variables.nix"
"${self}/viola/hardware/cpu.nix"
"${self}/viola/hardware/graphics.nix"
"${self}/viola/hardware/zram.nix"
"${self}/viola/home-manager/users.nix"
"${self}/viola/i18n/locales.nix"
"${self}/viola/networking/dhcp.nix"
"${self}/viola/networking/firewall.nix"
"${self}/viola/networking/hostname.nix"
"${self}/viola/networking/networkmanager.nix"
"${self}/viola/networking/wireguard.nix"
"${self}/viola/networking/nameservers.nix"
"${self}/viola/networking/hosts.nix"
"${self}/viola/networking/hostId.nix"
"${self}/viola/networking/interfaces.nix"
"${self}/viola/nix/package.nix"
"${self}/viola/nix/settings/allowed-users.nix"
"${self}/viola/nix/settings/experimental-features.nix"
"${self}/viola/nix/settings/substituters.nix"
"${self}/viola/nix/settings/trusted-public-keys.nix"
"${self}/viola/nix/settings/trusted-users.nix"
"${self}/viola/nix/settings/auto-optimise-store.nix"
"${self}/viola/nixpkgs/config.nix"
"${self}/viola/nixpkgs/system.nix"
"${self}/viola/programs/nh.nix"
"${self}/viola/programs/ssh.nix"
"${self}/viola/security/polkit.nix"
"${self}/viola/security/rtkit.nix"
"${self}/viola/security/sudo.nix"
"${self}/viola/security/sudo-rs.nix"
"${self}/viola/services/greetd.nix"
"${self}/viola/services/libinput.nix"
"${self}/viola/services/openssh.nix"
"${self}/viola/services/pipewire.nix"
"${self}/viola/services/netbird.nix"
"${self}/viola/services/scx.nix"
"${self}/viola/services/xserver.nix"
"${self}/viola/services/zapret.nix"
"${self}/viola/services/zerotier.nix"
"${self}/viola/services/usbmuxd.nix"
"${self}/viola/services/irqbalance.nix"
"${self}/viola/services/forgejo.nix"
"${self}/viola/services/privatebin.nix"
"${self}/viola/services/homepage.nix"
"${self}/viola/services/zitadel.nix"
"${self}/viola/sops/defaults.nix"
"${self}/viola/sops/secrets.nix"
"${self}/hand7s/stylix/base16Scheme.nix"
"${self}/hand7s/stylix/cursor.nix"
"${self}/hand7s/stylix/defaults.nix"
"${self}/hand7s/stylix/fonts.nix"
"${self}/hand7s/stylix/image.nix"
"${self}/viola/system/name.nix"
"${self}/viola/system/stateVersion.nix"
"${self}/viola/systemd/oomd.nix"
"${self}/viola/systemd/slices/system-slice.nix"
"${self}/viola/systemd/slices/user-slice.nix"
"${self}/viola/systemd/slices/root-slice.nix"
"${self}/viola/time/timeZone.nix"
"${self}/viola/users/users/hand7s.nix"
"${self}/viola/users/users/root.nix"
"${self}/viola/users/mutableUsers.nix"
"${self}/viola/virtualisation/docker.nix"
];
}

39
viola/disko/disk.nix Normal file
View file

@ -0,0 +1,39 @@
{
disko = {
devices = {
disk = {
main = {
device = "/dev/disk/by-id/ata-EAGET_SSD_256GB_EAGET20250505V00003";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1024M";
name = "boot";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"fmask=0022"
"dmask=0022"
];
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
};
}

51
viola/disko/lvm_vg.nix Normal file
View file

@ -0,0 +1,51 @@
{
disko = {
devices = {
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [
"-f"
];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
"discard=async"
];
};
"/home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
"discard=async"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
"discard=async"
];
};
};
};
};
};
};
};
};
};
}

14
viola/environment/systemPackages.nix Normal file
View file

@ -0,0 +1,14 @@
{
pkgs,
lib,
...
}: {
environment = {
systemPackages = with pkgs; [
(lib.hiPrio uutils-coreutils-noprefix)
uutils-findutils
uutils-diffutils
home-manager
];
};
}

19
viola/environment/variables.nix Normal file
View file

@ -0,0 +1,19 @@
{config, ...}: {
environment = {
variables = {
AMD_VULKAN_ICD = "RADV";
HOSTNAME = config.networking.hostName;
QT_QPA_PLATFORM = "wayland";
SDL_VIDEODRIVER = "wayland";
CLUTTER_BACKEND = "wayland";
GDK_BACKEND = "wayland";
NIXPKGS_ALLOW_UNFREE = "1";
NIXPKGS_ALLOW_INSECURE = "1";
NIXOS_OZONE_WL = "1";
GRIMBLAST_HIDE_CURSOR = "0";
TERM = "xterm-256color";
};
enableAllTerminfo = true;
};
}

10
viola/hardware/cpu.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
hardware = {
enableRedistributableFirmware = true;
cpu = {
intel = {
updateMicrocode = true;
};
};
};
}

8
viola/hardware/graphics.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
};
}

8
viola/hardware/zram.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
zramSwap = {
enable = true;
algorithm = "zstd";
priority = 100;
memoryPercent = 100;
};
}

30
viola/home-manager/users.nix Normal file
View file

@ -0,0 +1,30 @@
{
inputs,
self,
...
}: {
home-manager = {
users = {
hand7s = {
imports = [
"${self}/hand7s/"
inputs.spicetify-nix.homeManagerModules.default
inputs.hyprland.homeManagerModules.default
inputs.chaotic.homeManagerModules.default
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index
];
};
};
backupFileExtension = "force";
extraSpecialArgs = {
inherit
inputs
self
;
};
};
}

9
viola/i18n/locales.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
};
}

10
viola/networking/dhcp.nix Normal file
View file

@ -0,0 +1,10 @@
{lib, ...}: {
networking = {
useDHCP = lib.mkDefault true;
dhcpcd = {
enable = true;
persistent = false;
wait = "any";
};
};
}

26
viola/networking/firewall.nix Normal file
View file

@ -0,0 +1,26 @@
{...}: {
networking = {
firewall = {
allowPing = true;
enable = true;
checkReversePath = false;
allowedUDPPorts = [
80
8080
8443
53350
53351
53353
];
allowedTCPPorts = [
80
8080
8443
53350
53351
53353
];
};
};
}

5
viola/networking/hostId.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
networking = {
hostId = "5c79d46a";
};
}

5
viola/networking/hostname.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
networking = {
hostName = "s0meMiniPC-nix";
};
}

7
viola/networking/hosts.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
networking = {
hosts = {
# nope
};
};
}

29
viola/networking/interfaces.nix Normal file
View file

@ -0,0 +1,29 @@
{...}: {
networking = {
firewall = {
interfaces = {
wt0 = {
allowedUDPPorts = [
25
6969
8080
8443
53350
53351
53352
];
allowedTCPPorts = [
25
6969
8080
8443
53350
53351
53352
];
};
};
};
};
}

29
viola/networking/nameservers.nix Normal file
View file

@ -0,0 +1,29 @@
{...}: {
networking = {
nameservers = [
# cf dns
"1.1.1.1"
"1.0.0.1"
"2606:4700:4700::1111"
"2606:4700:4700::1001"
# google dns
"8.8.8.8"
"8.8.4.4"
"2001:4860:4860::8888"
"2001:4860:4860::8844"
# q9 dns
"9.9.9.9"
"149.112.112.112"
"2620:fe::fe"
"2620:fe::9"
# open dns
"208.67.222.222"
"208.67.220.220"
"2620:119:35::35"
"2620:119:53::53"
];
};
}

9
viola/networking/networkmanager.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
networking = {
networkmanager = {
enable = false;
};
useNetworkd = true;
};
}

10
viola/networking/timeServers.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
networking = {
timeServers = [
"0.nixos.pool.ntp.org"
"1.nixos.pool.ntp.org"
"2.nixos.pool.ntp.org"
"3.nixos.pool.ntp.org"
];
};
}

7
viola/networking/wireguard.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
networking = {
wireguard = {
enable = true;
};
};
}

5
viola/nix/package.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
nix = {
package = pkgs.nixVersions.latest;
};
}

10
viola/nix/settings/allowed-users.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
nix = {
settings = {
sandbox = true;
allowed-users = [
"@wheel"
];
};
};
}

7
viola/nix/settings/auto-optimise-store.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
nix = {
settings = {
auto-optimise-store = true;
};
};
}

10
viola/nix/settings/experimental-features.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
};
}

19
viola/nix/settings/substituters.nix Normal file
View file

@ -0,0 +1,19 @@
{...}: {
nix = {
settings = {
substituters = [
# cache.nixos.org
"https://cache.nixos.org"
# cache.garnix.org
"https://cache.garnix.io"
# cachix
"https://nix-community.cachix.org/"
"https://chaotic-nyx.cachix.org/"
"https://ags.cachix.org"
"https://hyprland.cachix.org"
"https://chaotic-nyx.cachix.org/"
"https://colmena.cachix.org"
];
};
};
}

19
viola/nix/settings/trusted-public-keys.nix Normal file
View file

@ -0,0 +1,19 @@
{...}: {
nix = {
settings = {
trusted-public-keys = [
# cache.nixos.org
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
# cache.garnix.io
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
# cachix.org
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
];
};
};
}

9
viola/nix/settings/trusted-users.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
nix = {
settings = {
trusted-users = [
"@wheel"
];
};
};
}

8
viola/nixpkgs/config.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
nixpkgs = {
config = {
allowUnfree = true;
allowBroken = true;
};
};
}

6
viola/nixpkgs/overlays.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
nixpkgs = {
overlays = [
];
};
}

6
viola/nixpkgs/system.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
nixpkgs = {
system = "x86_64-linux";
hostPlatform = "x86_64-linux";
};
}

12
viola/programs/nh.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
programs = {
nh = {
enable = true;
clean = {
enable = true;
dates = "weekly";
extraArgs = "--keep 2 --keep-since 2d";
};
};
};
}

7
viola/programs/ssh.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
programs = {
ssh = {
startAgent = true;
};
};
}

10
viola/security/polkit.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
security = {
polkit = {
enable = true;
adminIdentities = [
"unix-group:wheel"
];
};
};
}

7
viola/security/rtkit.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
security = {
rtkit = {
enable = true;
};
};
}

9
viola/security/sudo-rs.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
security = {
sudo-rs = {
enable = true;
wheelNeedsPassword = true;
execWheelOnly = true;
};
};
}

7
viola/security/sudo.nix Normal file
View file

@ -0,0 +1,7 @@
{lib, ...}: {
security = {
sudo = {
enable = lib.mkDefault false;
};
};
}

123
viola/services/forgejo.nix Normal file
View file

@ -0,0 +1,123 @@
{...}: {
services = {
forgejo = {
enable = true;
database = {
type = "postgres";
port = "${dbport}";
};
settings = {
DEFAULT = {
APP_NAME = "Forgejo";
APP_SLOGAN = "hand7s'es instance";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME}: {APP_SLOGAN}.";
RUN_MODE = "prod";
};
repository = {
DEFAULT_PRIVATE = "last";
PREFERRED_LICENSES = "MIT";
DISABLE_HTTP_GIT = true;
USE_COMPAT_SSH_URI = true;
GO_GET_CLONE_URL_PROTOCOL = "ssh";
DEFAULT_BRANCH = "master";
};
"repository.pull-request" = {
WORK_IN_PROGRESS_PREFIXES = "[WIP]:";
};
"repository.issue" = {
MAX_PINNED = 2;
};
"repository.upload" = {
ENABLED = true;
FILE_MAX_SIZE = 25;
MAX_FILES = 10;
};
"repository.signing" = {
FORMAT = "openssh";
INITIAL_COMMIT = "always";
WIKI = "always";
CRUD_ACTIONS = "always";
MERGES = "always";
};
badges = {
ENABLED = false;
};
cors = {
ENABLED = false;
};
actions = {
ENABLED = false;
};
mailer = {
ENABLED = false;
};
cron = {
ENABLED = false;
};
metrics = {
ENABLED = false;
};
federation = {
ENABLED = false;
};
ui = {
DEFAULT_THEME = "forgejo-auto-tritanopia";
};
"ui.meta" = {
AUTHOR = "hand7s'es Forgejo instance";
DESCRIPTION = "Forgejo - by Codeberg.";
};
log = {
LEVEL = "Warn";
};
service = {
DISABLE_REGISTRATION = true;
};
"service.explore" = {
DISABLE_ORGANIZATIONS_PAGE = true;
};
server = {
DOMAIN = "git.hand7s.org";
ROOT_URL = "https://git.hand7s.org";
HTTP_PORT = 53350;
START_SSH_SERVER = false;
LFS_START_SERVER = false;
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
cache = {
ADAPTER = "redis";
INTERVAL = "900";
HOST = "";
ITEM_TTL = "1h";
};
};
};
};
}

18
viola/services/greetd.nix Normal file
View file

@ -0,0 +1,18 @@
{
pkgs,
lib,
...
}: {
services = {
greetd = {
enable = true;
restart = false;
settings = {
default_session = {
command = "${lib.getExe pkgs.tuigreet} -r -t -c ${lib.getExe pkgs.fish}";
user = "greeter";
};
};
};
};
}

91
viola/services/homepage.nix Normal file
View file

@ -0,0 +1,91 @@
{...}: {
services = {
homepage-dashboard = {
enable = true;
listenPort = 8080;
settings = {
title = "hand7s homepage";
description = "duh";
theme = "dark";
background = "https://w.wallhaven.cc/full/1q/wallhaven-1q87xv.png";
color = "violet";
headerStyle = "boxed";
layout = [
{
Dev = {
iconsOnly = true;
};
}
];
};
bookmarks = [
{
Dev = [
{
GitHub = [
{
abbr = "GH";
href = "https://github.com/";
}
];
}
{
Forgejo = [
{
abbr = "Forge";
href = "https://git.hand7s.org/";
}
];
}
{
PivateBin = [
{
abbr = "PB";
href = "https://bin.hand7s.org/";
}
];
}
];
}
];
services = [
];
widgets = [
{
greeting = {
text_size = "xl";
text = "Hi, hand7s.";
};
}
{
search = {
provider = "google";
target = "_blank";
focus = true;
};
}
{
resources = {
cpu = true;
memory = true;
disk = "/";
cputemp = true;
uptime = true;
units = "metric";
refresh = 3000;
network = true;
};
}
];
};
};
}

7
viola/services/irqbalance.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
services = {
irqbalance = {
enable = true;
};
};
}

15
viola/services/libinput.nix Normal file
View file

@ -0,0 +1,15 @@
{...}: {
services = {
libinput = {
enable = true;
mouse = {
accelProfile = "flat";
accelSpeed = "-1.0";
buttonMapping = "1 2 3 4 5 6 7 8 9";
horizontalScrolling = true;
leftHanded = false;
naturalScrolling = true;
};
};
};
}

7
viola/services/netbird.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
services = {
netbird = {
enable = true;
};
};
}

22
viola/services/openssh.nix Normal file
View file

@ -0,0 +1,22 @@
{config, ...}: {
services = {
openssh = {
enable = true;
allowSFTP = true;
openFirewall = true;
ports = [
47345
];
settings = {
PrintMotd = false;
PermitRootLogin = "no";
PasswordAuthentication = false;
};
authorizedKeysFiles = [
config.sops.secrets.sshKey.path
];
};
};
}

65
viola/services/pipewire.nix Normal file
View file

@ -0,0 +1,65 @@
{...}: {
services = {
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
audio = {
enable = true;
};
pulse = {
enable = true;
};
jack = {
enable = true;
};
wireplumber = {
enable = true;
};
extraConfig = {
pipewire = {
"92-low-latency" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [
44100
48000
88200
96000
];
"default.clock.min-quantum" = 512;
"default.clock.quantum" = 4096;
"default.clock.max-quantum" = 8192;
};
};
"93-no-resampling" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [
44100
48000
96000
192000
];
};
};
"94-no-upmixing" = {
"stream.properties" = {
"channelmix.upmix" = false;
};
};
};
};
};
};
}

43
viola/services/privatebin.nix Normal file
View file

@ -0,0 +1,43 @@
{...}: {
services = {
privatebin = {
enable = true;
enableNginx = true;
virtualHost = "bin.hand7s.org";
settings = {
main = {
name = "hand7s bin";
discussion = false;
qrcode = false;
compression = "none";
defaultformatter = "plaintext";
fileupload = false;
languageselection = false;
password = true;
sizelimit = 10 * 1000 * 1000;
template = "bootstrap5";
};
expire = {
default = "1week";
clone = false;
};
formatter_options = {
markdown = "Markdown";
plaintext = "Plain Text";
syntaxhighlighting = "Source Code";
};
traffic = {
limit = 5;
};
purge = {
limit = 0;
batchsize = 10;
};
};
};
};
}

9
viola/services/scx.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
services = {
scx = {
enable = true;
# package = pkgs.scx_git.full;
scheduler = "scx_lavd";
};
};
}

8
viola/services/usbmuxd.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs, ...}: {
services = {
usbmuxd = {
enable = true;
package = pkgs.usbmuxd2;
};
};
}

26
viola/services/xserver.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
pkgs,
...
}: {
services = {
xserver = {
display = lib.mkForce 0;
enable = true;
excludePackages = with pkgs; [
xterm
];
videoDrivers = [
"modesetting"
];
xkb = {
layout = "us, ru";
variant = "";
options = "grp:caps_toggle";
};
};
};
}

145
viola/services/zapret.nix Normal file
View file

@ -0,0 +1,145 @@
{...}: {
services = {
zapret = {
enable = true;
configureFirewall = true;
qnum = 350;
params = [
"--wssize 1:6"
"--filter-tcp=80"
"--dpi-desync=multisplit"
"--dpi-desync-split-pos=10"
"--dpi-desync-repeats=6"
"--new"
"--filter-tcp=443"
"--dpi-desync=multidisorder"
"--dpi-desync-split-pos=1,midsld"
"--new"
"--filter-tcp=443"
"--dpi-desync=syndata"
"--dpi-desync-fake-syndata=0x00000000"
"--dpi-desync-ttl=10"
"--new"
"--filter-udp=443"
"--dpi-desync=fake"
"--dpi-desync-repeats=6"
"--dpi-desync-fake-quic=0x00000000"
"--new"
"--filter-udp=443"
"--dpi-desync=fake,udplen"
"--dpi-desync-udplen-increment=5"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-cutoff=n3"
"--dpi-desync-repeats=2"
"--new"
"--filter-tcp=443"
"--dpi-desync=split"
"--dpi-desync-fooling=md5sig,badseq"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync-repeats=10"
"--new"
"--filter-tcp=443"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-seqovl=2"
"--dpi-desync-split-pos=2"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=443"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-seqovl=2"
"--dpi-desync-split-pos=2"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=80"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=80"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync=fake,split2"
"--dpi-desync-repeats=6"
"--dpi-desync-fooling=md5sig"
"--new"
];
whitelist = [
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"youtubeembeddedplayer.googleapis.com"
"ytimg.l.google.com"
"ytimg.com"
"jnn-pa.googleapis.com"
"youtube-nocookie.com"
"youtube-ui.l.google.com"
"yt-video-upload.l.google.com"
"wide-youtube.l.google.com"
"youtubekids.com"
"ggpht.com"
"music.youtube.com"
"test.googlevideo.com"
"discord.com"
"gateway.discord.gg"
"cdn.discordapp.com"
"discordapp.net"
"discordapp.com"
"discord.gg"
"media.discordapp.net"
"images-ext-1.discordapp.net"
"discord.app"
"discord.media"
"discordcdn.com"
"discord.dev"
"discord.new"
"discord.gift"
"discordstatus.com"
"dis.gd"
"discord.co"
"discord-attachments-uploads-prd.storage.googleapis.com"
"7tv.app"
"7tv.io"
"10tv.app"
"x.com"
"t.co"
"ads-twitter.com"
"twimg.com"
"twitter.com"
"pscp.tv"
"twtrdns.net"
"twttr.com"
"periscope.tv"
"tweetdeck.com"
"twitpic.com"
"twitter.co"
"twitterinc.com"
"twitteroauth.com"
"twitterstat.us"
];
};
};
}

10
viola/services/zerotier.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
services = {
zerotierone = {
enable = false;
joinNetworks = [
# nope
];
};
};
}

77
viola/services/zitadel.nix Normal file
View file

@ -0,0 +1,77 @@
{config, ...}: {
services = {
zitadel = {
enable = true;
tlsMode = "external";
masterKeyFile = config.sops.secrets.zitadelMasterKey;
steps = {
FirstInstance = {
InstanceName = "zitadel.hand7s.org";
DefaultLanguage = "en";
LoginPolicy = {
AllowRegister = false;
};
Org = {
Name = "ZITADEL";
Human = {
UserName = "admin";
FirstName = "Bogdan";
LastName = "Litvinov";
DisplayName = "hand7s";
PasswordChangeRequired = true;
PreferredLanguage = "en";
Email = {
Address = "me@hand7s.org";
Verified = true;
};
};
};
};
};
settings = {
Port = 8443;
ExternalPort = 8443;
ExternalDomain = "zitadel.hand7s.org";
ExternalSecure = true;
Log = {
Level = "debug";
};
Telemetry = {
Enabled = false;
};
Database = {
postgres = {
Host = "${dbhost}";
Port = "${dbport}";
Database = "zitadel";
User = {
Username = "zitadel";
SSL = {
Mode = "disable";
};
};
};
};
Caches = {
Connectors = {
Redis = {
Enabled = true;
Addr = "${cahceaddress}";
Password = "${cahcepass}";
PoolSize = "900";
PoolTimeout = "1800s";
};
};
};
};
};
};
}

5
viola/system/name.nix Normal file
View file

@ -0,0 +1,5 @@
{config, ...}: {
system = {
name = config.networking.hostName;
};
}

5
viola/system/stateVersion.nix Normal file
View file

@ -0,0 +1,5 @@
{config, ...}: {
system = {
stateVersion = config.system.nixos.release;
};
}

10
viola/systemd/oomd.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
systemd = {
oomd = {
enable = true;
enableUserSlices = true;
enableSystemSlice = true;
enableRootSlice = true;
};
};
}

14
viola/systemd/slices/root-slice.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
systemd = {
slices = {
root = {
sliceConfig = {
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "40%";
ManagedOOMMemoryPressureDurationSec = 0;
};
};
};
};
}

14
viola/systemd/slices/system-slice.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
systemd = {
slices = {
system = {
sliceConfig = {
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "40%";
ManagedOOMMemoryPressureDurationSec = 0;
};
};
};
};
}

14
viola/systemd/slices/user-slice.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
systemd = {
slices = {
user = {
sliceConfig = {
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "40%";
ManagedOOMMemoryPressureDurationSec = 0;
};
};
};
};
}

6
viola/time/timeZone.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
time = {
timeZone = "Europe/Moscow";
hardwareClockInLocalTime = true;
};
}

5
viola/users/mutableUsers.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
users = {
mutableUsers = false;
};
}

17
viola/users/users/hand7s.nix Normal file
View file

@ -0,0 +1,17 @@
{...}: {
users = {
users = {
hand7s = {
description = "me";
isSystemUser = false;
isNormalUser = true;
initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/";
extraGroups = [
"wheel"
"networkmanager"
"docker"
];
};
};
};
}

9
viola/users/users/root.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
users = {
users = {
root = {
initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0";
};
};
};
}

10
viola/virtualisation/docker.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
virtualisation = {
docker = {
enable = true;
rootless = {
enable = true;
};
};
};
}