s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

s0mePC-nix: init

Browse source 
Signed-off-by: s0me1newithhand7s <117505144+s0me1newithhand7s@users.noreply.github.com>
This commit is contained in:
s0me1newithhand7s 2025-08-25 00:18:32 +03:00
parent 918f893bf2
commit be4f7798f9
No known key found for this signature in database
71 changed files with 1200 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -6,7 +6,6 @@ s0melapt0p-nix/sops
# ignored hosts
s0men0de-nix/
s0meMiniPC-nix/
# env shit
.env/

27
s0meMiniPC-nix/boot/initrd.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"btrfs"
];
supportedFilesystems = {
vfat = true;
btrfs = true;
zfs = lib.mkForce true;
};
systemd = {
enable = true;
};
verbose = false;
};
};
}

82
s0meMiniPC-nix/boot/kernel.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
pkgs,
lib,
...
}: {
boot = {
kernel = {
sysctl = {
"vm.swappiness" = 100;
"vm.dirty_background_bytes" = 67108864;
"vm.dirty_bytes" = 268435456;
"vm.dirty_expire_centisecs" = 1500;
"vm.dirty_writeback_centisecs" = 100;
"vm.vfs_cache_pressure" = 50;
"vm.max_map_count" = 1048576;
};
};
kernelPackages = pkgs.linuxPackages_cachyos;
extraModulePackages = with config.boot.kernelPackages; [
rtl8821ce
yt6801
];
kernelParams = [
"intel_pstate=passive"
"udev.log_priority=3"
"quiet"
"splash"
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"page_alloc.shuffle=1"
"page_poison=1"
"slab_nomerge"
"kernel.watchdog=0"
"oops=panic"
];
blacklistedKernelModules = [
"ax25"
"netrom"
"rose"
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"ntfs"
"omfs"
"qnx4"
"qnx6"
"sysv"
"ufs"
"sp5100-tco"
"iTCO_wdt"
"rtw88_8821ce"
];
supportedFilesystems = {
vfat = true;
btrfs = true;
zfs = lib.mkForce true;
};
consoleLogLevel = 0;
};
}

13
s0meMiniPC-nix/boot/lanzaboote.nix Normal file
View file

@ -0,0 +1,13 @@
{...}: {
boot = {
lanzaboote = {
enable = true;
configurationLimit = 7;
pkiBundle = "/var/lib/sbctl";
settings = {
timeout = 2;
sortKey = "lanza";
};
};
};
}

19
s0meMiniPC-nix/boot/loader/systemd-boot.nix Normal file
View file

@ -0,0 +1,19 @@
{lib,...}: {
boot = {
loader = {
systemd-boot = {
enable = lib.mkForce false;
sortKey = "nixos";
memtest86 = {
enable = true;
sortKey = "o_memtest86";
};
netbootxyz = {
enable = false;
sortKey = "o_netbootxyz";
};
};
};
};
}

10
s0meMiniPC-nix/boot/plymouth.nix Normal file
View file

@ -0,0 +1,10 @@
{pkgs, ...}: {
boot = {
plymouth = {
enable = true;
themePackages = with pkgs; [
nixos-bgrt-plymouth
];
};
};
}

8
s0meMiniPC-nix/boot/tmp.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
boot = {
tmp = {
useTmpfs = true;
cleanOnBoot = true;
};
};
}

9
s0meMiniPC-nix/boot/zfs.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
boot = {
zfs = {
package = pkgs.zfs_cachyos;
allowHibernation = false;
removeLinuxDRM = false;
};
};
}

5
s0meMiniPC-nix/console/console.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
console = {
useXkbConfig = true;
};
}

90
s0meMiniPC-nix/default.nix Normal file
View file

@ -0,0 +1,90 @@
{self, ...}: {
imports = [
./boot/initrd.nix
./boot/kernel.nix
./boot/lanzaboote.nix
./boot/plymouth.nix
./boot/tmp.nix
./boot/loader/systemd-boot.nix
./boot/zfs.nix
./console/console.nix
./environment/systemPackages.nix
./environment/variables.nix
./hardware/cpu.nix
./hardware/graphics.nix
./hardware/zram.nix
./home-manager/users.nix
./i18n/locales.nix
./networking/dhcp.nix
./networking/firewall.nix
./networking/hostname.nix
./networking/networkmanager.nix
./networking/wireguard.nix
./networking/nameservers.nix
./networking/hosts.nix
./networking/hostId.nix
./nix/package.nix
./nix/settings/allowed-users.nix
./nix/settings/experimental-features.nix
./nix/settings/substituters.nix
./nix/settings/trusted-public-keys.nix
./nix/settings/trusted-users.nix
./nix/settings/auto-optimise-store.nix
./nixpkgs/config.nix
./nixpkgs/system.nix
./programs/nh.nix
./programs/ssh.nix
./security/polkit.nix
./security/rtkit.nix
./security/sudo.nix
./security/sudo-rs.nix
./services/greetd.nix
./services/libinput.nix
./services/openssh.nix
./services/pipewire.nix
./services/netbird.nix
./services/scx.nix
./services/xserver.nix
./services/zapret.nix
./services/zerotier.nix
./services/yggdrasil.nix
./services/usbmuxd.nix
./services/irqbalance.nix
./sops/defaults.nix
./sops/secrets.nix
"${self}/hand7s/stylix/base16Scheme.nix"
"${self}/hand7s/stylix/cursor.nix"
"${self}/hand7s/stylix/defaults.nix"
"${self}/hand7s/stylix/fonts.nix"
"${self}/hand7s/stylix/image.nix"
./system/name.nix
./system/stateVersion.nix
./systemd/oomd.nix
./systemd/slices/system-slice.nix
./systemd/slices/user-slice.nix
./systemd/slices/root-slice.nix
./time/timeZone.nix
./users/users/hand7s.nix
./users/users/root.nix
./users/mutableUsers.nix
./virtualisation/docker.nix
];
}

85
s0meMiniPC-nix/disko.nix Normal file
View file

@ -0,0 +1,85 @@
{
disko = {
devices = {
disk = {
main = {
device = "/dev/disk/by-id/ata-EAGET_SSD_256GB_EAGET20250505V00003";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1024M";
name = "boot";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"fmask=0022"
"dmask=0022"
];
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [
"-f"
];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
"discard=async"
];
};
"/home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
"discard=async"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
"discard=async"
];
};
};
};
};
};
};
};
};
};
}

16
s0meMiniPC-nix/environment/systemPackages.nix Normal file
View file

@ -0,0 +1,16 @@
{
pkgs,
lib,
...
}: {
environment = {
systemPackages = with pkgs; [
(lib.hiPrio uutils-coreutils-noprefix)
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
uutils-findutils
uutils-diffutils
home-manager
];
};
}

21
s0meMiniPC-nix/environment/variables.nix Normal file
View file

@ -0,0 +1,21 @@
{config, ...}: {
environment = {
variables = {
AMD_VULKAN_ICD = "RADV";
HOSTNAME = config.networking.hostName;
QT_QPA_PLATFORM = "wayland";
SDL_VIDEODRIVER = "wayland";
CLUTTER_BACKEND = "wayland";
GDK_BACKEND = "wayland";
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "wayland";
XDG_SESSION_DESKTOP = "wayland";
NIXPKGS_ALLOW_UNFREE = "1";
NIXPKGS_ALLOW_INSECURE = "1";
NIXOS_OZONE_WL = "1";
NIX_SSHOPTS = "-p 6969";
GRIMBLAST_HIDE_CURSOR = "0";
TERM = "xterm-256color";
};
};
}

10
s0meMiniPC-nix/hardware/cpu.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
hardware = {
enableRedistributableFirmware = true;
cpu = {
intel = {
updateMicrocode = true;
};
};
};
}

8
s0meMiniPC-nix/hardware/graphics.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
};
}

8
s0meMiniPC-nix/hardware/zram.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
zramSwap = {
enable = true;
algorithm = "zstd";
priority = 100;
memoryPercent = 100;
};
}

24
s0meMiniPC-nix/home-manager/users.nix Normal file
View file

@ -0,0 +1,24 @@
{
inputs,
self,
...
}: {
home-manager = {
users = {
hand7s = {
imports = [
"${self}/hand7s/default.nix"
inputs.spicetify-nix.homeManagerModules.default
inputs.hyprland.homeManagerModules.default
inputs.chaotic.homeManagerModules.default
];
};
};
backupFileExtension = "backup";
extraSpecialArgs = {
inherit inputs self;
};
};
}

9
s0meMiniPC-nix/i18n/locales.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
};
}

10
s0meMiniPC-nix/networking/dhcp.nix Normal file
View file

@ -0,0 +1,10 @@
{lib, ...}: {
networking = {
useDHCP = lib.mkDefault true;
dhcpcd = {
enable = true;
persistent = false;
wait = "any";
};
};
}

9
s0meMiniPC-nix/networking/firewall.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
networking = {
firewall = {
allowPing = true;
enable = true;
checkReversePath = false;
};
};
}

5
s0meMiniPC-nix/networking/hostId.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
networking = {
hostId = "5c79d46a";
};
}

5
s0meMiniPC-nix/networking/hostname.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
networking = {
hostName = "s0meMiniPC-nix";
};
}

7
s0meMiniPC-nix/networking/hosts.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
networking = {
hosts = {
# nope
};
};
}

29
s0meMiniPC-nix/networking/nameservers.nix Normal file
View file

@ -0,0 +1,29 @@
{...}: {
networking = {
nameservers = [
# cf dns
"1.1.1.1"
"1.0.0.1"
"2606:4700:4700::1111"
"2606:4700:4700::1001"
# google dns
"8.8.8.8"
"8.8.4.4"
"2001:4860:4860::8888"
"2001:4860:4860::8844"
# q9 dns
"9.9.9.9"
"149.112.112.112"
"2620:fe::fe"
"2620:fe::9"
# open dns
"208.67.222.222"
"208.67.220.220"
"2620:119:35::35"
"2620:119:53::53"
];
};
}

9
s0meMiniPC-nix/networking/networkmanager.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
networking = {
networkmanager = {
enable = false;
};
useNetworkd = true;
};
}

10
s0meMiniPC-nix/networking/timeServers.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
networking = {
timeServers = [
"0.nixos.pool.ntp.org"
"1.nixos.pool.ntp.org"
"2.nixos.pool.ntp.org"
"3.nixos.pool.ntp.org"
];
};
}

7
s0meMiniPC-nix/networking/wireguard.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
networking = {
wireguard = {
enable = true;
};
};
}

5
s0meMiniPC-nix/nix/package.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
nix = {
package = pkgs.nixVersions.latest;
};
}

10
s0meMiniPC-nix/nix/settings/allowed-users.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
nix = {
settings = {
sandbox = true;
allowed-users = [
"@wheel"
];
};
};
}

7
s0meMiniPC-nix/nix/settings/auto-optimise-store.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
nix = {
settings = {
auto-optimise-store = true;
};
};
}

10
s0meMiniPC-nix/nix/settings/experimental-features.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
};
}

20
s0meMiniPC-nix/nix/settings/substituters.nix Normal file
View file

@ -0,0 +1,20 @@
{...}: {
nix = {
settings = {
substituters = [
# cache.nixos.org
"https://nixos-cache-proxy.cofob.dev"
"https://cache.nixos.org"
# cache.garnix.org
"https://cache.garnix.io"
# cachix
"https://nix-community.cachix.org/"
"https://chaotic-nyx.cachix.org/"
"https://ags.cachix.org"
"https://hyprland.cachix.org"
"https://chaotic-nyx.cachix.org/"
"https://colmena.cachix.org"
];
};
};
}

19
s0meMiniPC-nix/nix/settings/trusted-public-keys.nix Normal file
View file

@ -0,0 +1,19 @@
{...}: {
nix = {
settings = {
trusted-public-keys = [
# cache.nixos.org
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
# cache.garnix.io
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
# cachix.org
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
];
};
};
}

9
s0meMiniPC-nix/nix/settings/trusted-users.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
nix = {
settings = {
trusted-users = [
"@wheel"
];
};
};
}

8
s0meMiniPC-nix/nixpkgs/config.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
nixpkgs = {
config = {
allowUnfree = true;
allowBroken = true;
};
};
}

7
s0meMiniPC-nix/nixpkgs/overlays.nix Normal file
View file

@ -0,0 +1,7 @@
{inputs, ...}: {
nixpkgs = {
overlays = [
inputs.hyprpanel.overlay
];
};
}

6
s0meMiniPC-nix/nixpkgs/system.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
nixpkgs = {
system = "x86_64-linux";
hostPlatform = "x86_64-linux";
};
}

12
s0meMiniPC-nix/programs/nh.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
programs = {
nh = {
enable = true;
clean = {
enable = true;
dates = "weekly";
extraArgs = "--keep 2 --keep-since 2d";
};
};
};
}

7
s0meMiniPC-nix/programs/ssh.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
programs = {
ssh = {
startAgent = true;
};
};
}

10
s0meMiniPC-nix/security/polkit.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
security = {
polkit = {
enable = true;
adminIdentities = [
"unix-group:wheel"
];
};
};
}

7
s0meMiniPC-nix/security/rtkit.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
security = {
rtkit = {
enable = true;
};
};
}

9
s0meMiniPC-nix/security/sudo-rs.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
security = {
sudo-rs = {
enable = true;
wheelNeedsPassword = true;
execWheelOnly = true;
};
};
}

7
s0meMiniPC-nix/security/sudo.nix Normal file
View file

@ -0,0 +1,7 @@
{lib, ...}: {
security = {
sudo = {
enable = lib.mkDefault false;
};
};
}

18
s0meMiniPC-nix/services/greetd.nix Normal file
View file

@ -0,0 +1,18 @@
{
pkgs,
lib,
...
}: {
services = {
greetd = {
enable = true;
restart = false;
settings = {
default_session = {
command = "${lib.getExe pkgs.tuigreet} -r -t -c ${lib.getExe pkgs.fish}";
user = "greeter";
};
};
};
};
}

7
s0meMiniPC-nix/services/irqbalance.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
services = {
irqbalance = {
enable = true;
};
};
}

15
s0meMiniPC-nix/services/libinput.nix Normal file
View file

@ -0,0 +1,15 @@
{...}: {
services = {
libinput = {
enable = true;
mouse = {
accelProfile = "flat";
accelSpeed = "-1.0";
buttonMapping = "1 2 3 4 5 6 7 8 9";
horizontalScrolling = true;
leftHanded = false;
naturalScrolling = true;
};
};
};
}

7
s0meMiniPC-nix/services/netbird.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
services = {
netbird = {
enable = true;
};
};
}

22
s0meMiniPC-nix/services/openssh.nix Normal file
View file

@ -0,0 +1,22 @@
{config, ...}: {
services = {
openssh = {
enable = true;
allowSFTP = true;
openFirewall = true;
ports = [
5896
];
settings = {
PrintMotd = false;
PermitRootLogin = "no";
PasswordAuthentication = false;
};
authorizedKeysFiles = [
config.sops.secrets.sshKey.path
];
};
};
}

65
s0meMiniPC-nix/services/pipewire.nix Normal file
View file

@ -0,0 +1,65 @@
{...}: {
services = {
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
audio = {
enable = true;
};
pulse = {
enable = true;
};
jack = {
enable = true;
};
wireplumber = {
enable = true;
};
extraConfig = {
pipewire = {
"92-low-latency" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [
44100
48000
88200
96000
];
"default.clock.min-quantum" = 512;
"default.clock.quantum" = 4096;
"default.clock.max-quantum" = 8192;
};
};
"93-no-resampling" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.allowed-rates" = [
44100
48000
96000
192000
];
};
};
"94-no-upmixing" = {
"stream.properties" = {
"channelmix.upmix" = false;
};
};
};
};
};
};
}

9
s0meMiniPC-nix/services/scx.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
services = {
scx = {
enable = true;
package = pkgs.scx_git.full;
scheduler = "scx_lavd";
};
};
}

8
s0meMiniPC-nix/services/usbmuxd.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs, ...}: {
services = {
usbmuxd = {
enable = true;
package = pkgs.usbmuxd2;
};
};
}

26
s0meMiniPC-nix/services/xserver.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
pkgs,
...
}: {
services = {
xserver = {
display = lib.mkForce 0;
enable = true;
excludePackages = with pkgs; [
xterm
];
videoDrivers = [
"amdgpu"
];
xkb = {
layout = "us, ru";
variant = "";
options = "grp:caps_toggle";
};
};
};
}

63
s0meMiniPC-nix/services/yggdrasil.nix Normal file
View file

@ -0,0 +1,63 @@
{...}: {
services = {
yggdrasil = {
enable = true;
persistentKeys = false;
settings = {
Peers = [
# Germany :Erm:
"tcp://s-fra-0.sergeysedoy97.ru:65533"
"tls://s-fra-0.sergeysedoy97.ru:65534"
"tcp://x-fra-0.sergeysedoy97.ru:65533"
"tls://x-fra-0.sergeysedoy97.ru:65534"
"quic://x-fra-0.sergeysedoy97.ru:65535"
"tls://helium.avevad.com:13378"
"tcp://bode.theender.net:42069"
"tls://bode.theender.net:42169?key=f91b909f43829f8b20732b3bcf80cbc4bb078dd47b41638379a078e35984c9a4"
# Russia
"tcp://s-mow-0.sergeysedoy97.ru:65533"
"tls://s-mow-0.sergeysedoy97.ru:65534"
"tcp://x-mow-0.sergeysedoy97.ru:65533"
"tls://x-mow-0.sergeysedoy97.ru:65534"
"quic://x-mow-0.sergeysedoy97.ru:65535"
"tcp://s-mow-1.sergeysedoy97.ru:65533"
"tls://s-mow-1.sergeysedoy97.ru:65534"
"tcp://x-mow-1.sergeysedoy97.ru:65533"
"tls://x-mow-1.sergeysedoy97.ru:65534"
"quic://x-mow-1.sergeysedoy97.ru:65535"
"quic://kursk.cleverfox.org:15015"
"tls://kursk.cleverfox.org:15015"
"ws://kursk.cleverfox.org:15016"
"tcp://kzn1.neonxp.ru:7991"
"tls://kzn1.neonxp.ru:7992"
"ws://kzn1.neonxp.ru:7993"
"quic://kzn1.neonxp.ru:7994"
];
Listen = [
#
];
MulticastInterfaces = [
{
Regex = ".*";
Beacon = true;
Listen = false;
Password = "";
}
];
AllowedPublicKeys = [
#
];
IfName = "auto";
IfMTU = 65535;
NodeInfoPrivacy = false;
};
};
};
}

145
s0meMiniPC-nix/services/zapret.nix Normal file
View file

@ -0,0 +1,145 @@
{...}: {
services = {
zapret = {
enable = true;
configureFirewall = true;
qnum = 350;
params = [
"--wssize 1:6"
"--filter-tcp=80"
"--dpi-desync=multisplit"
"--dpi-desync-split-pos=10"
"--dpi-desync-repeats=6"
"--new"
"--filter-tcp=443"
"--dpi-desync=multidisorder"
"--dpi-desync-split-pos=1,midsld"
"--new"
"--filter-tcp=443"
"--dpi-desync=syndata"
"--dpi-desync-fake-syndata=0x00000000"
"--dpi-desync-ttl=10"
"--new"
"--filter-udp=443"
"--dpi-desync=fake"
"--dpi-desync-repeats=6"
"--dpi-desync-fake-quic=0x00000000"
"--new"
"--filter-udp=443"
"--dpi-desync=fake,udplen"
"--dpi-desync-udplen-increment=5"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-cutoff=n3"
"--dpi-desync-repeats=2"
"--new"
"--filter-tcp=443"
"--dpi-desync=split"
"--dpi-desync-fooling=md5sig,badseq"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync-repeats=10"
"--new"
"--filter-tcp=443"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-seqovl=2"
"--dpi-desync-split-pos=2"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=443"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-seqovl=2"
"--dpi-desync-split-pos=2"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=80"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=80"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync=fake,split2"
"--dpi-desync-repeats=6"
"--dpi-desync-fooling=md5sig"
"--new"
];
whitelist = [
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"youtubeembeddedplayer.googleapis.com"
"ytimg.l.google.com"
"ytimg.com"
"jnn-pa.googleapis.com"
"youtube-nocookie.com"
"youtube-ui.l.google.com"
"yt-video-upload.l.google.com"
"wide-youtube.l.google.com"
"youtubekids.com"
"ggpht.com"
"music.youtube.com"
"test.googlevideo.com"
"discord.com"
"gateway.discord.gg"
"cdn.discordapp.com"
"discordapp.net"
"discordapp.com"
"discord.gg"
"media.discordapp.net"
"images-ext-1.discordapp.net"
"discord.app"
"discord.media"
"discordcdn.com"
"discord.dev"
"discord.new"
"discord.gift"
"discordstatus.com"
"dis.gd"
"discord.co"
"discord-attachments-uploads-prd.storage.googleapis.com"
"7tv.app"
"7tv.io"
"10tv.app"
"x.com"
"t.co"
"ads-twitter.com"
"twimg.com"
"twitter.com"
"pscp.tv"
"twtrdns.net"
"twttr.com"
"periscope.tv"
"tweetdeck.com"
"twitpic.com"
"twitter.co"
"twitterinc.com"
"twitteroauth.com"
"twitterstat.us"
];
};
};
}

10
s0meMiniPC-nix/services/zerotier.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
services = {
zerotierone = {
enable = true;
joinNetworks = [
# no
];
};
};
}

5
s0meMiniPC-nix/system/name.nix Normal file
View file

@ -0,0 +1,5 @@
{config, ...}: {
system = {
name = config.networking.hostName;
};
}

5
s0meMiniPC-nix/system/stateVersion.nix Normal file
View file

@ -0,0 +1,5 @@
{config, ...}: {
system = {
stateVersion = config.system.nixos.release;
};
}

10
s0meMiniPC-nix/systemd/oomd.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
systemd = {
oomd = {
enable = true;
enableUserSlices = true;
enableSystemSlice = true;
enableRootSlice = true;
};
};
}

14
s0meMiniPC-nix/systemd/slices/root-slice.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
systemd = {
slices = {
root = {
sliceConfig = {
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "40%";
ManagedOOMMemoryPressureDurationSec = 0;
};
};
};
};
}

14
s0meMiniPC-nix/systemd/slices/system-slice.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
systemd = {
slices = {
system = {
sliceConfig = {
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "40%";
ManagedOOMMemoryPressureDurationSec = 0;
};
};
};
};
}

14
s0meMiniPC-nix/systemd/slices/user-slice.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
systemd = {
slices = {
user = {
sliceConfig = {
ManagedOOMSwap = "kill";
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "40%";
ManagedOOMMemoryPressureDurationSec = 0;
};
};
};
};
}

6
s0meMiniPC-nix/time/timeZone.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
time = {
timeZone = "Europe/Moscow";
hardwareClockInLocalTime = true;
};
}

5
s0meMiniPC-nix/users/mutableUsers.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
users = {
mutableUsers = false;
};
}

25
s0meMiniPC-nix/users/users/hand7s.nix Normal file
View file

@ -0,0 +1,25 @@
{...}: {
users = {
users = {
hand7s = {
description = "me";
isSystemUser = false;
isNormalUser = true;
initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/";
extraGroups = [
"wheel"
"networkmanager"
"docker"
];
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com"
];
};
};
};
};
};
}

9
s0meMiniPC-nix/users/users/root.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
users = {
users = {
root = {
initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0";
};
};
};
}

10
s0meMiniPC-nix/virtualisation/docker.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
virtualisation = {
docker = {
enable = true;
rootless = {
enable = true;
};
};
};
}

6
s0melapt0p-nix/system/sops/defaults.nix
View file

@ -1,6 +0,0 @@
{...}: {
sops = {
defaultSopsFile = ./.sops.yaml;
defaultSopsFormat = "yaml";
};
}

19
s0melapt0p-nix/system/sops/secrets.nix
View file

@ -1,19 +0,0 @@
{...}: {
sops = {
secrets = {
sshKey = {
format = "yaml";
sopsFile = ./secrets/sshKey.yaml;
};
sshKey_pub = {
format = "yaml";
sopsFile = ./secrets/sshKey_pub.yaml;
};
passwd = {
neededForUsers = true;
format = "yaml";
sopsFile = ./secrets/passwd.yaml;
};
};
};
}

30
s0melapt0p-nix/system/sops/secrets/passwd.yaml
View file

@ -1,30 +0,0 @@
passwd: ENC[AES256_GCM,data:RVG5xA+HBSuCdlKfufH4W47c41bS509opilnXeElqMu8nJuFuwVsnWTmXFX5VvRLfwHWVED2rRk0MHsJHihscMPeFfTQkX3l,iv:NoyFvCYBcBmf7PFAJFblu+D53Rl/edINAYrwHz+P5ec=,tag:ceClZyTgYmjR3XvPNFlAnw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1u3vp87cq74mw56echraqtstgpgtn3hqkl8lxsd8qjn0ezvmyuvdse6z2em
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzclhDSmVScy9XTzJ6aUM2
cXFraXV6VFdzVkx1ekJtM3JwSzdvTm05aGlzCmZNTWNyN3VKdlhSTU02aFlXSTFX
SWpQczRpMGxBRlVOd0kyMnpjSHFTTTgKLS0tIEo1M05CZzFKcEF6WGwvSzg5N09v
UjJMaXZKNVJtK0c3enFoUnlBRFdvVlkKdPT562h1h21zdVsjbYCJNDq1m3vDw7mT
5wiWVXfzdRNUR1UcPGk0YTfWPO0yS7Sf7wNoCFttMaIWRKM5MbDaxA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kua3y9ek92kz9qds4ssjgvk9w0pd7qv9w7tskq2e3rtytw5wdquqvqr6qy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxKzZHeldhQkJhcU9oYWVp
VTdQcGU5RWpHT2E5QjhUWSsvbVE2UUd3YWg0CmFWejJwa1I0M1l3a01tZ2U3RjRQ
Y1J1WWFBSTZHNm03eU9hbWJ4dzlKVjAKLS0tIGZvbG5xaVF2aWVXN1dWM0svTGtk
NHlQdGI4NzZVenMwbDZTZTVNUVF2ZlEK479N7LHDMa/Cg31WI4pTpdy4aSPNVSrv
fuAZlELqsWpoTatYIl/jsm1CbxbTIggUlSAtO0KbfVjPugF0ol9kDw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T18:46:09Z"
mac: ENC[AES256_GCM,data:5EjKk8hgPRdUIGOwdSnioKj+8lKcPqJvTFpjDdA4Qxze/HZzFMc03mIapnRsbTdKSTz9t1aVHUlj/J/ls72+uMoOxsEGux7xfT+rT0uX5BMoqXY+z6D0cjsmV+R2+H1IjNDv7zEUpyG7YYrOU/X44nwGF4V7A2hd5t0pF/BkL1s=,iv:hARXj8bKU/Kl7t9kKMozow8cCPst42avMdvzF/Nl7Tc=,tag:/hZCommlkxSzuuy1HFY3PQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

30
s0melapt0p-nix/system/sops/secrets/sshKey.yaml
View file

@ -1,30 +0,0 @@
sshKey: ENC[AES256_GCM,data:ifZ/c1HmTT3pjm38w6RO4TBCT161btgZ3LTaOIeqLqX/q1NnXlTb7fS+jTwqyFtTArBgvgmewOvYD/uShzSX1WzSEHt5u2UDTHEbMlP707PR61O4t69J9JD6m+TR3ODC7R8m76AYrqA0msTZA4FzelSBs1xnL0Y82Z2v/k6E4Ofu+QWOKZmBemrXFC8oH6JLXfDWl81ca8KmlAfsP5yHDYnLOyuJMCpMtfb2m0C7H3c/a5tDEwBnPXUMb48UFV6HZLkQTNIK7IrfjMQklLCQL0Q+m7N4M3di9dnWluRUNt+FBojR8Q6hOEY0Jc726RKTVv5AsFex9mkAf282t9DauN+GomtCq1NOYfV3pt/aMzHnTbdfCyEgxzb1cjAU+hONDlwbP0HgBI0OJvJhNxbirV5N8cURQs7bvarZd4+LYWR4yxUfN5iNnpM/oWyKgQ5JMeSuUZOKrF+pXWenPHikGr+gDVivgIyBL7Zmo4ZEqABg6xwHXG1TGzhRbUEbI4kshKySxXn+EoCA9/SCz8VQ8vaX2qD3FgNVs7QF,iv:AbFcghPKmQIhBtt4l77gz4aRmyehdw0EOGnVLR0lN88=,tag:TFg+QwWR8L07DA4shcVRHg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1u3vp87cq74mw56echraqtstgpgtn3hqkl8lxsd8qjn0ezvmyuvdse6z2em
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5eVVZNEpFbWpkM09IV21X
ajNKZ1l0TlpyazdubjlYdDVYVjR1T1lBZ2owCjlrNGZBV0VldnhzVGQ4eGY1UDFk
UHBxMWFhbEZTN3NWUDU0Uk1BbHRrZ2MKLS0tIC94YjFjRTNBVlVOeEJIRmtMV3pU
TzY3TFA5NzVsRUIzb0E2bjJLYkVXNkEKmIjm4pfuDkneeC8S+myNx7lRUy9Ujd67
TzgtrZ8VJz0J3SajM/41OJ76+mfyQ0dXEWU1zxJNFN9v7OTPu7bJ5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kua3y9ek92kz9qds4ssjgvk9w0pd7qv9w7tskq2e3rtytw5wdquqvqr6qy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVT29SMEVSTm5TWlBhS3hz
QjdTd3o4UGxiYldNYlNHOEcrOVJyZ2hQSFFJClhmQ2xvTFRnNnplV3F6UFhIanJP
TFJEcUJGOHZycUxzWDVzdCtzdnkwUlkKLS0tIGVVRHh6YTY2ai8ySWRyMjFCbG9V
NGxqNVhUQXJGVUt1S1loK2RBc1E4R2sKPeP+A/SKcKJYNjMd+45pvTxYlLsGtJWU
0bVNN6RgG1toD9MK2I63C2J3fje/HcvIwF2KTXT+6V5/QSYuua6//A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T16:23:47Z"
mac: ENC[AES256_GCM,data:frYagxOItf4yJx5BeelPjj/eICIaeQRz/Pz6D+tuGo1N7UKPr9Rh8ReTiRTjtCBCV38yU8fjS97uMYm4h8kC1Ca0udbKzItwl9I3rTT8uAJDbA0mImJ2DaTWo2SoHw3b/DnKQYgJ2cwf2+CEJqSe6PtY0lsl4IewcWmqKiqOdZU=,iv:9R95bXnA56LlmNlTY7VNHCJix33SSFoXi131Lp495pI=,tag:qiUvTQigFa/qXTJjmd9FvQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

30
s0melapt0p-nix/system/sops/secrets/sshKey_pub.yaml
View file

@ -1,30 +0,0 @@
sshKey_pub: ENC[AES256_GCM,data:HgoZiHFZx2PQEPWtIANdBLllD7OXDYMNDCJteEb/GXZX3DFrxxPfUQEfP3kbDREpOFrkJ5GblJQT2rgxwuB3u9eYnaLyjYtun/eDnSGb+K3M6Nj2yWrMhrf6dIhj3VoB9bAhEn4=,iv:orirqwujM3jEtmjfmALsaFnmv+KS765GyPNKUZPhSFs=,tag:4JLQZ8jkU/wb0OIIUiZ0bQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1u3vp87cq74mw56echraqtstgpgtn3hqkl8lxsd8qjn0ezvmyuvdse6z2em
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqM212a2VNK1psSWFQcXBU
Zm5NU3FTa2hjSFBaQUc2bHNQZERVdkg4bzMwCklJUmRET29sZlVjcVp3Q3FHVmcz
QzlPTUd3RU0rclgwN21rdFVrWXByOTAKLS0tIGJKSnBaczVDR2FNVXc4MkFWWWJi
Z0xjZkEyOEFiRnVNbG8rZXA2TlZCNTgK5/Lk+FDjZQuU9C2+c2yaJpBk372CjEgD
79WXvN3rz3RTDQ42tIuAp5jnRn78J33iN3LxjeU114tNBPkezgxNCQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kua3y9ek92kz9qds4ssjgvk9w0pd7qv9w7tskq2e3rtytw5wdquqvqr6qy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMN3hiSmlEYnFvRDFndVQ0
UHNLUHdaU1JkVktSb3dXdDFxMlJTaXhDSFVvCnFoR3kxeVNMbmpkT0R6Rm5aV1J5
MEZlWnM0QWx1V20zQXRNMDd5Y3ZJWTQKLS0tIDBYb1dNVTFraTVsdHhaeUM4SUdk
L1pKbnRVdGNBV3pRTDlzQjlneHlwZGcK2vlZIuX/TeB4Lh61qlvEH6uaAB/ONVt/
3ngxrV+R+WHU+a8JNZEAuHH6rARexX8WXzKB3YyI8e5j9pHJiTNh/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T19:10:53Z"
mac: ENC[AES256_GCM,data:PMHV8WE082M9+APgYnsG/ZPXFKapMNpm+EKLp9Al7SCb5BBC5XZVDOUvOa1CwGzukDcaC3CIGa2tiC0WSVPe4TivaiHjyRKUz6UWPg2fX1tuQpOqrIaF5pIVSi4FJA9oBrwI+fuxDEdRi5LmsFtfwW2TefdGUgXl5+yU1E0Sur4=,iv:NjuL252O3moLHSjFi0dMEJj0c+rDOIfWR82F2/i9CYY=,tag:R819dGXLa+/zb8WsVdBWIQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3