s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

treewide: upstreaming changes

Browse source 
Signed-off-by: s0me1newithhand7s <117505144+s0me1newithhand7s@users.noreply.github.com>
This commit is contained in:
s0me1newithhand7s 2025-10-24 20:48:35 +03:00
parent d159232b37
commit e4e1b03c7e
No known key found for this signature in database
160 changed files with 3408 additions and 5474 deletions
Download patch file Download diff file Expand all files Collapse all files

1
s0meMiniPC-nix/boot/kernel.nix
View file

@ -16,6 +16,7 @@
};
};
kernelPackages = pkgs.linuxPackages_cachyos-server;
extraModulePackages = with config.boot.kernelPackages; [
rtl8821ce
yt6801

2
s0meMiniPC-nix/boot/lanzaboote.nix
View file

@ -1,7 +1,7 @@
{...}: {
boot = {
lanzaboote = {
enable = true;
enable = false;
configurationLimit = 7;
pkiBundle = "/var/lib/sbctl";
settings = {

4
s0meMiniPC-nix/boot/loader/systemd-boot.nix
View file

@ -1,8 +1,8 @@
{lib, ...}: {
{...}: {
boot = {
loader = {
systemd-boot = {
enable = lib.mkForce false;
enable = false;
sortKey = "nixos";
memtest86 = {
enable = true;

1
s0meMiniPC-nix/boot/zfs.nix
View file

@ -1,6 +1,7 @@
{...}: {
boot = {
zfs = {
package = pkgs.zfs_cachyos;
allowHibernation = false;
removeLinuxDRM = false;
};

132
s0meMiniPC-nix/default.nix
View file

@ -1,69 +1,75 @@
{self, ...}: {
imports = [
./boot/initrd.nix
./boot/kernel.nix
./boot/lanzaboote.nix
./boot/plymouth.nix
./boot/tmp.nix
./boot/loader/systemd-boot.nix
./boot/zfs.nix
"${self}/s0meMiniPC-nix/boot/initrd.nix"
"${self}/s0meMiniPC-nix/boot/kernel.nix"
"${self}/s0meMiniPC-nix/boot/lanzaboote.nix"
"${self}/s0meMiniPC-nix/boot/plymouth.nix"
"${self}/s0meMiniPC-nix/boot/tmp.nix"
"${self}/s0meMiniPC-nix/boot/loader/systemd-boot.nix"
"${self}/s0meMiniPC-nix/boot/zfs.nix"
./console/console.nix
"${self}/s0meMiniPC-nix/disko/disk.nix"
"${self}/s0meMiniPC-nix/disko/lvm_vg.nix"
./environment/systemPackages.nix
./environment/variables.nix
"${self}/s0meMiniPC-nix/console/console.nix"
./hardware/cpu.nix
./hardware/graphics.nix
./hardware/zram.nix
"${self}/s0meMiniPC-nix/environment/systemPackages.nix"
"${self}/s0meMiniPC-nix/environment/variables.nix"
./home-manager/users.nix
"${self}/s0meMiniPC-nix/hardware/cpu.nix"
"${self}/s0meMiniPC-nix/hardware/graphics.nix"
"${self}/s0meMiniPC-nix/hardware/zram.nix"
./i18n/locales.nix
"${self}/s0meMiniPC-nix/home-manager/users.nix"
./networking/dhcp.nix
./networking/firewall.nix
./networking/hostname.nix
./networking/networkmanager.nix
./networking/wireguard.nix
./networking/nameservers.nix
./networking/hosts.nix
./networking/hostId.nix
"${self}/s0meMiniPC-nix/i18n/locales.nix"
./nix/package.nix
./nix/settings/allowed-users.nix
./nix/settings/experimental-features.nix
./nix/settings/substituters.nix
./nix/settings/trusted-public-keys.nix
./nix/settings/trusted-users.nix
./nix/settings/auto-optimise-store.nix
"${self}/s0meMiniPC-nix/networking/dhcp.nix"
"${self}/s0meMiniPC-nix/networking/firewall.nix"
"${self}/s0meMiniPC-nix/networking/hostname.nix"
"${self}/s0meMiniPC-nix/networking/networkmanager.nix"
"${self}/s0meMiniPC-nix/networking/wireguard.nix"
"${self}/s0meMiniPC-nix/networking/nameservers.nix"
"${self}/s0meMiniPC-nix/networking/hosts.nix"
"${self}/s0meMiniPC-nix/networking/hostId.nix"
"${self}/s0meMiniPC-nix/networking/interfaces.nix"
./nixpkgs/config.nix
./nixpkgs/system.nix
"${self}/s0meMiniPC-nix/nix/package.nix"
"${self}/s0meMiniPC-nix/nix/settings/allowed-users.nix"
"${self}/s0meMiniPC-nix/nix/settings/experimental-features.nix"
"${self}/s0meMiniPC-nix/nix/settings/substituters.nix"
"${self}/s0meMiniPC-nix/nix/settings/trusted-public-keys.nix"
"${self}/s0meMiniPC-nix/nix/settings/trusted-users.nix"
"${self}/s0meMiniPC-nix/nix/settings/auto-optimise-store.nix"
./programs/nh.nix
./programs/ssh.nix
"${self}/s0meMiniPC-nix/nixpkgs/config.nix"
"${self}/s0meMiniPC-nix/nixpkgs/system.nix"
./security/polkit.nix
./security/rtkit.nix
./security/sudo.nix
./security/sudo-rs.nix
"${self}/s0meMiniPC-nix/programs/nh.nix"
"${self}/s0meMiniPC-nix/programs/ssh.nix"
./services/greetd.nix
./services/libinput.nix
./services/openssh.nix
./services/pipewire.nix
./services/netbird.nix
./services/scx.nix
./services/xserver.nix
./services/zapret.nix
./services/zerotier.nix
./services/yggdrasil.nix
./services/usbmuxd.nix
./services/irqbalance.nix
"${self}/s0meMiniPC-nix/security/polkit.nix"
"${self}/s0meMiniPC-nix/security/rtkit.nix"
"${self}/s0meMiniPC-nix/security/sudo.nix"
"${self}/s0meMiniPC-nix/security/sudo-rs.nix"
./sops/defaults.nix
./sops/secrets.nix
"${self}/s0meMiniPC-nix/services/greetd.nix"
"${self}/s0meMiniPC-nix/services/libinput.nix"
"${self}/s0meMiniPC-nix/services/openssh.nix"
"${self}/s0meMiniPC-nix/services/pipewire.nix"
"${self}/s0meMiniPC-nix/services/netbird.nix"
"${self}/s0meMiniPC-nix/services/scx.nix"
"${self}/s0meMiniPC-nix/services/xserver.nix"
"${self}/s0meMiniPC-nix/services/zapret.nix"
"${self}/s0meMiniPC-nix/services/zerotier.nix"
"${self}/s0meMiniPC-nix/services/usbmuxd.nix"
"${self}/s0meMiniPC-nix/services/irqbalance.nix"
"${self}/s0meMiniPC-nix/services/forgejo.nix"
"${self}/s0meMiniPC-nix/services/privatebin.nix"
"${self}/s0meMiniPC-nix/services/homepage.nix"
"${self}/s0meMiniPC-nix/services/zitadel.nix"
"${self}/s0meMiniPC-nix/sops/defaults.nix"
"${self}/s0meMiniPC-nix/sops/secrets.nix"
"${self}/hand7s/stylix/base16Scheme.nix"
"${self}/hand7s/stylix/cursor.nix"
@ -71,20 +77,20 @@
"${self}/hand7s/stylix/fonts.nix"
"${self}/hand7s/stylix/image.nix"
./system/name.nix
./system/stateVersion.nix
"${self}/s0meMiniPC-nix/system/name.nix"
"${self}/s0meMiniPC-nix/system/stateVersion.nix"
./systemd/oomd.nix
./systemd/slices/system-slice.nix
./systemd/slices/user-slice.nix
./systemd/slices/root-slice.nix
"${self}/s0meMiniPC-nix/systemd/oomd.nix"
"${self}/s0meMiniPC-nix/systemd/slices/system-slice.nix"
"${self}/s0meMiniPC-nix/systemd/slices/user-slice.nix"
"${self}/s0meMiniPC-nix/systemd/slices/root-slice.nix"
./time/timeZone.nix
"${self}/s0meMiniPC-nix/time/timeZone.nix"
./users/users/hand7s.nix
./users/users/root.nix
./users/mutableUsers.nix
"${self}/s0meMiniPC-nix/users/users/hand7s.nix"
"${self}/s0meMiniPC-nix/users/users/root.nix"
"${self}/s0meMiniPC-nix/users/mutableUsers.nix"
./virtualisation/docker.nix
"${self}/s0meMiniPC-nix/virtualisation/docker.nix"
];
}

39
s0meMiniPC-nix/disko/disk.nix Normal file
View file

@ -0,0 +1,39 @@
{
disko = {
devices = {
disk = {
main = {
device = "/dev/disk/by-id/ata-EAGET_SSD_256GB_EAGET20250505V00003";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1024M";
name = "boot";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"fmask=0022"
"dmask=0022"
];
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
};
}

34
s0meMiniPC-nix/disko.nix → s0meMiniPC-nix/disko/lvm_vg.nix
View file

@ -1,40 +1,6 @@
{
disko = {
devices = {
disk = {
main = {
device = "/dev/disk/by-id/ata-EAGET_SSD_256GB_EAGET20250505V00003";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1024M";
name = "boot";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"fmask=0022"
"dmask=0022"
];
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";

2
s0meMiniPC-nix/environment/systemPackages.nix
View file

@ -6,8 +6,6 @@
environment = {
systemPackages = with pkgs; [
(lib.hiPrio uutils-coreutils-noprefix)
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
uutils-findutils
uutils-diffutils
home-manager

6
s0meMiniPC-nix/environment/variables.nix
View file

@ -7,15 +7,13 @@
SDL_VIDEODRIVER = "wayland";
CLUTTER_BACKEND = "wayland";
GDK_BACKEND = "wayland";
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "wayland";
XDG_SESSION_DESKTOP = "wayland";
NIXPKGS_ALLOW_UNFREE = "1";
NIXPKGS_ALLOW_INSECURE = "1";
NIXOS_OZONE_WL = "1";
NIX_SSHOPTS = "-p 6969";
GRIMBLAST_HIDE_CURSOR = "0";
TERM = "xterm-256color";
};
enableAllTerminfo = true;
};
}

2
s0meMiniPC-nix/home-manager/users.nix
View file

@ -12,6 +12,8 @@
inputs.hyprland.homeManagerModules.default
inputs.chaotic.homeManagerModules.default
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index
];
};
};

17
s0meMiniPC-nix/networking/firewall.nix
View file

@ -4,6 +4,23 @@
allowPing = true;
enable = true;
checkReversePath = false;
allowedUDPPorts = [
80
8080
8443
53350
53351
53353
];
allowedTCPPorts = [
80
8080
8443
53350
53351
53353
];
};
};
}

29
s0meMiniPC-nix/networking/interfaces.nix Normal file
View file

@ -0,0 +1,29 @@
{...}: {
networking = {
firewall = {
interfaces = {
wt0 = {
allowedUDPPorts = [
25
6969
8080
8443
53350
53351
53352
];
allowedTCPPorts = [
25
6969
8080
8443
53350
53351
53352
];
};
};
};
};
}

1
s0meMiniPC-nix/nix/settings/substituters.nix
View file

@ -3,7 +3,6 @@
settings = {
substituters = [
# cache.nixos.org
"https://nixos-cache-proxy.cofob.dev"
"https://cache.nixos.org"
# cache.garnix.org
"https://cache.garnix.io"

3
s0meMiniPC-nix/nixpkgs/overlays.nix
View file

@ -1,7 +1,6 @@
{inputs, ...}: {
{...}: {
nixpkgs = {
overlays = [
inputs.hyprpanel.overlay
];
};
}

123
s0meMiniPC-nix/services/forgejo.nix Normal file
View file

@ -0,0 +1,123 @@
{...}: {
services = {
forgejo = {
enable = true;
database = {
type = "postgres";
port = "${dbport}";
};
settings = {
DEFAULT = {
APP_NAME = "Forgejo";
APP_SLOGAN = "hand7s'es instance";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME}: {APP_SLOGAN}.";
RUN_MODE = "prod";
};
repository = {
DEFAULT_PRIVATE = "last";
PREFERRED_LICENSES = "MIT";
DISABLE_HTTP_GIT = true;
USE_COMPAT_SSH_URI = true;
GO_GET_CLONE_URL_PROTOCOL = "ssh";
DEFAULT_BRANCH = "master";
};
"repository.pull-request" = {
WORK_IN_PROGRESS_PREFIXES = "[WIP]:";
};
"repository.issue" = {
MAX_PINNED = 2;
};
"repository.upload" = {
ENABLED = true;
FILE_MAX_SIZE = 25;
MAX_FILES = 10;
};
"repository.signing" = {
FORMAT = "openssh";
INITIAL_COMMIT = "always";
WIKI = "always";
CRUD_ACTIONS = "always";
MERGES = "always";
};
badges = {
ENABLED = false;
};
cors = {
ENABLED = false;
};
actions = {
ENABLED = false;
};
mailer = {
ENABLED = false;
};
cron = {
ENABLED = false;
};
metrics = {
ENABLED = false;
};
federation = {
ENABLED = false;
};
ui = {
DEFAULT_THEME = "forgejo-auto-tritanopia";
};
"ui.meta" = {
AUTHOR = "hand7s'es Forgejo instance";
DESCRIPTION = "Forgejo - by Codeberg.";
};
log = {
LEVEL = "Warn";
};
service = {
DISABLE_REGISTRATION = true;
};
"service.explore" = {
DISABLE_ORGANIZATIONS_PAGE = true;
};
server = {
DOMAIN = "git.hand7s.org";
ROOT_URL = "https://git.hand7s.org";
HTTP_PORT = 53350;
START_SSH_SERVER = false;
LFS_START_SERVER = false;
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
cache = {
ADAPTER = "redis";
INTERVAL = "900";
HOST = "";
ITEM_TTL = "1h";
};
};
};
};
}

91
s0meMiniPC-nix/services/homepage.nix Normal file
View file

@ -0,0 +1,91 @@
{...}: {
services = {
homepage-dashboard = {
enable = true;
listenPort = 8080;
settings = {
title = "hand7s homepage";
description = "duh";
theme = "dark";
background = "https://w.wallhaven.cc/full/1q/wallhaven-1q87xv.png";
color = "violet";
headerStyle = "boxed";
layout = [
{
Dev = {
iconsOnly = true;
};
}
];
};
bookmarks = [
{
Dev = [
{
GitHub = [
{
abbr = "GH";
href = "https://github.com/";
}
];
}
{
Forgejo = [
{
abbr = "Forge";
href = "https://git.hand7s.org/";
}
];
}
{
PivateBin = [
{
abbr = "PB";
href = "https://bin.hand7s.org/";
}
];
}
];
}
];
services = [
];
widgets = [
{
greeting = {
text_size = "xl";
text = "Hi, hand7s.";
};
}
{
search = {
provider = "google";
target = "_blank";
focus = true;
};
}
{
resources = {
cpu = true;
memory = true;
disk = "/";
cputemp = true;
uptime = true;
units = "metric";
refresh = 3000;
network = true;
};
}
];
};
};
}

2
s0meMiniPC-nix/services/openssh.nix
View file

@ -5,7 +5,7 @@
allowSFTP = true;
openFirewall = true;
ports = [
5896
47345
];
settings = {

43
s0meMiniPC-nix/services/privatebin.nix Normal file
View file

@ -0,0 +1,43 @@
{...}: {
services = {
privatebin = {
enable = true;
enableNginx = true;
virtualHost = "bin.hand7s.org";
settings = {
main = {
name = "hand7s bin";
discussion = false;
qrcode = false;
compression = "none";
defaultformatter = "plaintext";
fileupload = false;
languageselection = false;
password = true;
sizelimit = 10 * 1000 * 1000;
template = "bootstrap5";
};
expire = {
default = "1week";
clone = false;
};
formatter_options = {
markdown = "Markdown";
plaintext = "Plain Text";
syntaxhighlighting = "Source Code";
};
traffic = {
limit = 5;
};
purge = {
limit = 0;
batchsize = 10;
};
};
};
};
}

4
s0meMiniPC-nix/services/scx.nix
View file

@ -1,8 +1,8 @@
{pkgs, ...}: {
{...}: {
services = {
scx = {
enable = true;
package = pkgs.scx_git.full;
# package = pkgs.scx_git.full;
scheduler = "scx_lavd";
};
};

2
s0meMiniPC-nix/services/xserver.nix
View file

@ -13,7 +13,7 @@
];
videoDrivers = [
"amdgpu"
"modesetting"
];
xkb = {

62
s0meMiniPC-nix/services/yggdrasil.nix
View file

@ -1,62 +0,0 @@
{...}: {
services = {
yggdrasil = {
enable = true;
persistentKeys = false;
settings = {
Peers = [
# Germany :Erm:
"tcp://s-fra-0.sergeysedoy97.ru:65533"
"tls://s-fra-0.sergeysedoy97.ru:65534"
"tcp://x-fra-0.sergeysedoy97.ru:65533"
"tls://x-fra-0.sergeysedoy97.ru:65534"
"quic://x-fra-0.sergeysedoy97.ru:65535"
"tls://helium.avevad.com:13378"
"tcp://bode.theender.net:42069"
"tls://bode.theender.net:42169?key=f91b909f43829f8b20732b3bcf80cbc4bb078dd47b41638379a078e35984c9a4"
# Russia
"tcp://s-mow-0.sergeysedoy97.ru:65533"
"tls://s-mow-0.sergeysedoy97.ru:65534"
"tcp://x-mow-0.sergeysedoy97.ru:65533"
"tls://x-mow-0.sergeysedoy97.ru:65534"
"quic://x-mow-0.sergeysedoy97.ru:65535"
"tcp://s-mow-1.sergeysedoy97.ru:65533"
"tls://s-mow-1.sergeysedoy97.ru:65534"
"tcp://x-mow-1.sergeysedoy97.ru:65533"
"tls://x-mow-1.sergeysedoy97.ru:65534"
"quic://x-mow-1.sergeysedoy97.ru:65535"
"quic://kursk.cleverfox.org:15015"
"tls://kursk.cleverfox.org:15015"
"ws://kursk.cleverfox.org:15016"
"tcp://kzn1.neonxp.ru:7991"
"tls://kzn1.neonxp.ru:7992"
"ws://kzn1.neonxp.ru:7993"
"quic://kzn1.neonxp.ru:7994"
];
Listen = [
#
];
MulticastInterfaces = [
{
Regex = ".*";
Beacon = true;
Listen = false;
Password = "";
}
];
AllowedPublicKeys = [
#
];
IfName = "auto";
IfMTU = 65535;
NodeInfoPrivacy = false;
};
};
};
}

4
s0meMiniPC-nix/services/zerotier.nix
View file

@ -1,9 +1,9 @@
{...}: {
services = {
zerotierone = {
enable = true;
enable = false;
joinNetworks = [
# no
# nope
];
};
};

77
s0meMiniPC-nix/services/zitadel.nix Normal file
View file

@ -0,0 +1,77 @@
{config, ...}: {
services = {
zitadel = {
enable = true;
tlsMode = "external";
masterKeyFile = config.sops.secrets.zitadelMasterKey;
steps = {
FirstInstance = {
InstanceName = "zitadel.hand7s.org";
DefaultLanguage = "en";
LoginPolicy = {
AllowRegister = false;
};
Org = {
Name = "ZITADEL";
Human = {
UserName = "admin";
FirstName = "Bogdan";
LastName = "Litvinov";
DisplayName = "hand7s";
PasswordChangeRequired = true;
PreferredLanguage = "en";
Email = {
Address = "me@hand7s.org";
Verified = true;
};
};
};
};
};
settings = {
Port = 8443;
ExternalPort = 8443;
ExternalDomain = "zitadel.hand7s.org";
ExternalSecure = true;
Log = {
Level = "debug";
};
Telemetry = {
Enabled = false;
};
Database = {
postgres = {
Host = "${dbhost}";
Port = "${dbport}";
Database = "zitadel";
User = {
Username = "zitadel";
SSL = {
Mode = "disable";
};
};
};
};
Caches = {
Connectors = {
Redis = {
Enabled = true;
Addr = "${cahceaddress}";
Password = "${cahcepass}";
PoolSize = "900";
PoolTimeout = "1800s";
};
};
};
};
};
};
}

8
s0meMiniPC-nix/users/users/hand7s.nix
View file

@ -11,14 +11,6 @@
"networkmanager"
"docker"
];
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com"
];
};
};
};
};
};