viola: upstream

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>

.re-commit-config.yaml

@@ -0,0 +1 @@
+/nix/store/0nibh6zrkxhh7qc1q6kkq5810iqd0059-pre-commit-config.json

viola/boot/initrd.nix

@@ -1,4 +1,4 @@
-{lib, ...}: {
+_: {
   boot = {
     initrd = {
       availableKernelModules = [
@@ -14,7 +14,6 @@
       supportedFilesystems = {
         vfat = true;
         btrfs = true;
-        zfs = lib.mkForce true;
       };
 
       systemd = {

viola/boot/kernel.nix

@@ -1,8 +1,4 @@
-{
+{config, ...}: {
-  config,
-  lib,
-  ...
-}: {
   boot = {
     kernel = {
       sysctl = {
@@ -16,7 +12,6 @@
       };
     };
 
-    kernelPackages = pkgs.linuxPackages_cachyos-server;
     extraModulePackages = with config.boot.kernelPackages; [
       rtl8821ce
       yt6801
@@ -35,6 +30,7 @@
       "page_alloc.shuffle=1"
       "page_poison=1"
       "slab_nomerge"
+      "zswap.enabled=0"
 
       "kernel.watchdog=0"
       "oops=panic"
@@ -73,7 +69,6 @@
     supportedFilesystems = {
       vfat = true;
       btrfs = true;
-      zfs = lib.mkForce true;
     };
 
     consoleLogLevel = 0;

viola/boot/lanzaboote.nix

@@ -1,7 +1,7 @@
-{...}: {
+_: {
   boot = {
     lanzaboote = {
-      enable = false;
+      enable = true;
       configurationLimit = 7;
       pkiBundle = "/var/lib/sbctl";
       settings = {

viola/boot/loader/systemd-boot.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   boot = {
     loader = {
       systemd-boot = {

viola/boot/tmp.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   boot = {
     tmp = {
       useTmpfs = true;

viola/boot/zfs.nix

@@ -1,9 +0,0 @@
-{...}: {
-  boot = {
-    zfs = {
-      package = pkgs.zfs_cachyos;
-      allowHibernation = false;
-      removeLinuxDRM = false;
-    };
-  };
-}

viola/console/console.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   console = {
     useXkbConfig = true;
   };

viola/default.nix

@@ -6,7 +6,6 @@
     "${self}/viola/boot/plymouth.nix"
     "${self}/viola/boot/tmp.nix"
     "${self}/viola/boot/loader/systemd-boot.nix"
-    "${self}/viola/boot/zfs.nix"
 
     "${self}/viola/disko/disk.nix"
     "${self}/viola/disko/lvm_vg.nix"
@@ -60,14 +59,19 @@
     "${self}/viola/services/netbird.nix"
     "${self}/viola/services/scx.nix"
     "${self}/viola/services/xserver.nix"
-    "${self}/viola/services/zapret.nix"
-    "${self}/viola/services/zerotier.nix"
     "${self}/viola/services/usbmuxd.nix"
     "${self}/viola/services/irqbalance.nix"
     "${self}/viola/services/forgejo.nix"
+    "${self}/viola/services/postgresql.nix"
+    "${self}/viola/services/vaultwarden.nix"
     "${self}/viola/services/privatebin.nix"
+    "${self}/viola/services/woodpecker.nix"
+    "${self}/viola/services/stalwart.nix"
     "${self}/viola/services/homepage.nix"
+    "${self}/viola/services/redis.nix"
     "${self}/viola/services/zitadel.nix"
+    "${self}/viola/services/garage.nix"
+
     "${self}/viola/sops/defaults.nix"
     "${self}/viola/sops/secrets.nix"
 

viola/environment/systemPackages.nix

@@ -10,5 +10,7 @@
       uutils-diffutils
       home-manager
     ];
+
+    enableAllTerminfo = false;
   };
 }

viola/environment/variables.nix

@@ -13,7 +13,5 @@
       GRIMBLAST_HIDE_CURSOR = "0";
       TERM = "xterm-256color";
     };
-
-    enableAllTerminfo = true;
   };
 }

viola/hardware/cpu.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   hardware = {
     enableRedistributableFirmware = true;
     cpu = {

viola/hardware/graphics.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   hardware = {
     graphics = {
       enable = true;

viola/hardware/zram.nix

@@ -1,8 +1,8 @@
-{...}: {
+_: {
   zramSwap = {
     enable = true;
     algorithm = "zstd";
     priority = 100;
-    memoryPercent = 100;
+    memoryPercent = 200;
   };
 }

viola/home-manager/users.nix

@@ -1,19 +1,16 @@
-{
+{self, ...}: {
-  inputs,
-  self,
-  ...
-}: {
   home-manager = {
     users = {
-      hand7s = {
+      "hand7s" = {
         imports = [
           "${self}/hand7s/"
-          inputs.spicetify-nix.homeManagerModules.default
+          self.inputs.agenix.homeManagerModules.default
-          inputs.hyprland.homeManagerModules.default
+          self.inputs.spicetify-nix.homeManagerModules.default
-          inputs.chaotic.homeManagerModules.default
+          self.inputs.hyprland.homeManagerModules.default
-          inputs.sops-nix.homeManagerModules.sops
+          self.inputs.chaotic.homeManagerModules.default
+          self.inputs.sops-nix.homeManagerModules.sops
 
-          inputs.nix-index-database.homeModules.nix-index
+          self.inputs.nix-index-database.homeModules.nix-index
         ];
       };
     };
@@ -22,7 +19,6 @@
 
     extraSpecialArgs = {
       inherit
-        inputs
         self
         ;
     };

viola/i18n/locales.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   i18n = {
     defaultLocale = "en_US.UTF-8";
     supportedLocales = [

viola/networking/firewall.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     firewall = {
       allowPing = true;
@@ -8,18 +8,48 @@
         80
         8080
         8443
+        8980
         53350
         53351
         53353
+
+        # mc
+        25565
+
+        # mail
+        24
+        25
+        110
+        143
+        465
+        587
+        993
+        995
+        4190
       ];
 
       allowedTCPPorts = [
         80
         8080
         8443
+        8980
         53350
         53351
         53353
+
+        # mc
+        25565
+
+        # mail
+        24
+        25
+        110
+        143
+        465
+        587
+        993
+        995
+        4190
       ];
     };
   };

viola/networking/hostId.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     hostId = "5c79d46a";
   };

viola/networking/hostname.nix

@@ -1,5 +1,5 @@
-{...}: {
+_: {
   networking = {
-    hostName = "s0meMiniPC-nix";
+    hostName = "viola";
   };
 }

viola/networking/hosts.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     hosts = {
       # nope

viola/networking/interfaces.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     firewall = {
       interfaces = {
@@ -8,6 +8,7 @@
             6969
             8080
             8443
+            8980
             53350
             53351
             53352
@@ -18,6 +19,7 @@
             6969
             8080
             8443
+            8980
             53350
             53351
             53352

viola/networking/nameservers.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     nameservers = [
       # cf dns

viola/networking/networkmanager.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     networkmanager = {
       enable = false;

viola/networking/timeServers.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     timeServers = [
       "0.nixos.pool.ntp.org"

viola/networking/wireguard.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   networking = {
     wireguard = {
       enable = true;

viola/nix/settings/allowed-users.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nix = {
     settings = {
       sandbox = true;

viola/nix/settings/auto-optimise-store.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nix = {
     settings = {
       auto-optimise-store = true;

viola/nix/settings/experimental-features.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nix = {
     settings = {
       experimental-features = [

viola/nix/settings/substituters.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nix = {
     settings = {
       substituters = [
@@ -9,10 +9,10 @@
         # cachix
         "https://nix-community.cachix.org/"
         "https://chaotic-nyx.cachix.org/"
-        "https://ags.cachix.org"
         "https://hyprland.cachix.org"
         "https://chaotic-nyx.cachix.org/"
-        "https://colmena.cachix.org"
+        # nix-community
+        "https://hydra.nix-community.org/"
       ];
     };
   };

viola/nix/settings/trusted-public-keys.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nix = {
     settings = {
       trusted-public-keys = [

viola/nix/settings/trusted-users.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nix = {
     settings = {
       trusted-users = [

viola/nixpkgs/config.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nixpkgs = {
     config = {
       allowUnfree = true;

viola/nixpkgs/overlays.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nixpkgs = {
     overlays = [
     ];

viola/nixpkgs/system.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   nixpkgs = {
     system = "x86_64-linux";
     hostPlatform = "x86_64-linux";

viola/programs/nh.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   programs = {
     nh = {
       enable = true;

viola/programs/ssh.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   programs = {
     ssh = {
       startAgent = true;

viola/security/polkit.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   security = {
     polkit = {
       enable = true;

viola/security/rtkit.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   security = {
     rtkit = {
       enable = true;

viola/security/sudo-rs.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   security = {
     sudo-rs = {
       enable = true;

viola/services/garage.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  services = {
+    garage = {
+      enable = true;
+      package = pkgs.garage;
+      logLevel = "error";
+      settings = {
+        # nope
+      };
+    };
+  };
+}

viola/services/irqbalance.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   services = {
     irqbalance = {
       enable = true;

viola/services/libinput.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   services = {
     libinput = {
       enable = true;

viola/services/netbird.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   services = {
     netbird = {
       enable = true;

viola/services/pipewire.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   services = {
     pipewire = {
       enable = true;

viola/services/postgresql.nix

@@ -0,0 +1,56 @@
+{pkgs, ...}: {
+  services = {
+    postgresql = {
+      enable = true;
+      enableTCPIP = true;
+      checkConfig = true;
+
+      ensureUsers = [
+        {
+          name = "forgejo";
+          ensureDBOwnership = true;
+        }
+
+        {
+          name = "vaultwarden";
+          ensureDBOwnership = true;
+        }
+
+        {
+          name = "woodpecker";
+          ensureDBOwnership = true;
+        }
+
+        {
+          name = "zitadel";
+          ensureDBOwnership = true;
+          ensureClauses = {
+            login = true;
+            superuser = true;
+          };
+        }
+
+        {
+          name = "stalwart";
+          ensureDBOwnership = true;
+        }
+      ];
+
+      ensureDatabases = [
+        "vaultwarden"
+        "forgejo"
+        "woodpecker"
+        "stalwart"
+        "zitadel"
+      ];
+
+      initialScript = ""; # nope
+ 
+      authentication = ""; #nope
+
+      settings = {
+        port = ${dbport};
+      };
+    };
+  };
+}

viola/services/redis.nix

@@ -0,0 +1,152 @@
+{pkgs, ...}: {
+  services = {
+    redis = {
+      package = pkgs.valkey;
+      servers = {
+        "forgejo" = {
+          enable = true;
+          port = ${cacheport1};
+          logLevel = "warning";
+          databases = 16;
+          maxclients = 10000;
+          requirePass = ${cachepass1};
+
+          settings = {
+            stop-writes-on-bgsave-error = "yes";
+            rdbcompression = "yes";
+            rdbchecksum = "yes";
+
+            maxmemory = "1GB";
+            maxmemory-policy = "volatile-lru";
+            maxmemory-samples = 3;
+          };
+
+          save = [
+            [
+              900
+              1
+            ]
+
+            [
+              300
+              10
+            ]
+
+            [
+              60
+              1000
+            ]
+          ];
+        };
+
+        "woodpecker" = {
+          enable = false;
+          port = ${cacheport2};
+          logLevel = "warning";
+          databases = 16;
+          maxclients = 10000;
+          requirePass = ${cachepass2};
+
+          settings = {
+            stop-writes-on-bgsave-error = "yes";
+            rdbcompression = "yes";
+            rdbchecksum = "yes";
+
+            maxmemory = "1GB";
+            maxmemory-policy = "volatile-lru";
+            maxmemory-samples = 3;
+          };
+
+          save = [
+            [
+              900
+              1
+            ]
+
+            [
+              300
+              10
+            ]
+
+            [
+              60
+              1000
+            ]
+          ];
+        };
+
+        "stalwart" = {
+          enable = true;
+          port = ${cacheport3};
+          logLevel = "warning";
+          databases = 16;
+          maxclients = 10000;
+          requirePass = ${cachepass3};
+
+          settings = {
+            stop-writes-on-bgsave-error = "yes";
+            rdbcompression = "yes";
+            rdbchecksum = "yes";
+
+            maxmemory = "1GB";
+            maxmemory-policy = "volatile-lru";
+            maxmemory-samples = 3;
+          };
+
+          save = [
+            [
+              900
+              1
+            ]
+
+            [
+              300
+              10
+            ]
+
+            [
+              60
+              1000
+            ]
+          ];
+        };
+
+        "zitadel" = {
+          enable = true;
+          port = ${cacheport4};
+          logLevel = "warning";
+          databases = 16;
+          maxclients = 10000;
+          requirePass = ${cachepass4};
+
+          settings = {
+            stop-writes-on-bgsave-error = "yes";
+            rdbcompression = "yes";
+            rdbchecksum = "yes";
+
+            maxmemory = "1GB";
+            maxmemory-policy = "volatile-lru";
+            maxmemory-samples = 3;
+          };
+
+          save = [
+            [
+              900
+              1
+            ]
+
+            [
+              300
+              10
+            ]
+
+            [
+              60
+              1000
+            ]
+          ];
+        };
+      };
+    };
+  };
+}

viola/services/scx.nix

@@ -1,8 +1,7 @@
-{...}: {
+_: {
   services = {
     scx = {
       enable = true;
-      # package = pkgs.scx_git.full;
       scheduler = "scx_lavd";
     };
   };

viola/services/stalwart.nix

@@ -0,0 +1,135 @@
+_: {
+  services = {
+    stalwart-mail = {
+      enable = true;
+      settings = {
+        acme = {
+          "cloudflare" = {
+            default = true;
+            challenge = "dns-01";
+            provider = "cloudflare";
+            origin = "hand7s.org";
+            secret = ${mail_secret};
+            contact = [
+              "me@hand7s.org"
+            ];
+
+            email = "me@hand7s.org";
+            directory = "https://acme-staging-v02.api.letsencrypt.org/directory";
+            domains = [
+              "mail.hand7s.org"
+            ];
+          };
+        };
+
+        server = {
+          hostname = "mail.hand7s.org";
+
+          proxy = {
+            trusted-networks = [
+              "::1"
+              "100.109.213.170/16"
+            ];
+          };
+
+          listener = {
+            "lmtp" = {
+              bind = "[::]:24";
+              protocol = "lmtp";
+            };
+
+            "smtp" = {
+              bind = "[::]:25";
+              protocol = "smtp";
+            };
+
+            "pop3" = {
+              bind = "[::]:110";
+              protocol = "pop3";
+            };
+
+            "imap" = {
+              bind = "[::]:143";
+              protocol = "imap";
+            };
+
+            "submissions" = {
+              bind = "[::]:465";
+              protocol = "smtp";
+            };
+
+            "submission" = {
+              bind = "[::]:587";
+              protocol = "smtp";
+            };
+
+            "imaptls" = {
+              bind = "[::]:993";
+              protocol = "smtp";
+            };
+
+            "pop3s" = {
+              bind = "[::]:995";
+              protocol = "pop3";
+            };
+
+            "sieve" = {
+              bind = "[::]:4190";
+              protocol = "managesieve";
+            };
+
+            "management" = {
+              protocol = "http";
+              bind = [
+                "127.0.0.1:8980"
+              ];
+            };
+          };
+        };
+
+        lookup = {
+          default = {
+            hostname = "mail.hand7s.org";
+            domain = "hand7s.org";
+          };
+        };
+
+        storage = {
+          data = "postgresql";
+          blob = "s3";
+          fts = "postgresql";
+          lookup = "redis";
+        };
+
+        store = {
+          # nope
+          # i'm not redacting my main config
+          # here to show it here
+          # refer to stalwart mail
+          # ty
+        };
+
+        authentication = {
+          fallback-admin = {
+            user = "admin";
+            secret = "admin";
+          };
+        };
+
+        tracer = {
+          journal = {
+            enable = true;
+            type = "journal";
+            level = "debug";
+          };
+
+          console = {
+            enable = true;
+            type = "console";
+            level = "trace";
+          };
+        };
+      };
+    };
+  };
+}

viola/services/vaultwarden.nix

@@ -0,0 +1,12 @@
+_: {
+  services = {
+    vaultwarden = {
+      enable = true;
+      dbBackend = "postgresql";
+      config = {
+        # holy private thing
+        # im NOT sharing it here
+      };
+    };
+  };
+}

viola/services/woodpecker.nix

@@ -0,0 +1,20 @@
+_: {
+  services = {
+    woodpecker-server = {
+      enable = false;
+      environment = {
+        WOODPECKER_OPEN = "true";
+        WOODPECKER_DATABASE_DRIVER = "postgres";
+        WOODPECKER_DATABASE_DATASOURCE = ${pqsql_socket};
+        WOODPECKER_SERVER_ADDR = ${ciport1};
+        WOODPECKER_GRPC_ADDR = ${ciport1};
+        WOODPECKER_HOST = "https://cicd.hand7s.org";
+
+        WOODPECKER_FORGEJO = "true";
+        WOODPECKER_FORGEJO_URL = "https://git.hand7s.org";
+        WOODPECKER_FORGEJO_CLIENT = ${cisecret1};
+        FORGEJO_SECRET = ${cisecret2};
+      };
+    };
+  };
+}

viola/services/zapret.nix

@@ -1,145 +0,0 @@
-{...}: {
-  services = {
-    zapret = {
-      enable = true;
-      configureFirewall = true;
-      qnum = 350;
-      params = [
-        "--wssize 1:6"
-
-        "--filter-tcp=80"
-        "--dpi-desync=multisplit"
-        "--dpi-desync-split-pos=10"
-        "--dpi-desync-repeats=6"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=multidisorder"
-        "--dpi-desync-split-pos=1,midsld"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=syndata"
-        "--dpi-desync-fake-syndata=0x00000000"
-        "--dpi-desync-ttl=10"
-        "--new"
-
-        "--filter-udp=443"
-        "--dpi-desync=fake"
-        "--dpi-desync-repeats=6"
-        "--dpi-desync-fake-quic=0x00000000"
-        "--new"
-
-        "--filter-udp=443"
-        "--dpi-desync=fake,udplen"
-        "--dpi-desync-udplen-increment=5"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-cutoff=n3"
-        "--dpi-desync-repeats=2"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=split"
-        "--dpi-desync-fooling=md5sig,badseq"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-pos=1"
-        "--dpi-desync-repeats=10"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-fooling=md5sig"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-seqovl=2"
-        "--dpi-desync-split-pos=2"
-
-        "--dpi-desync-autottl"
-        "--new"
-        "--filter-tcp=443"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-fooling=md5sig"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-seqovl=2"
-        "--dpi-desync-split-pos=2"
-        "--dpi-desync-autottl"
-        "--new"
-
-        "--filter-tcp=80"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-fooling=md5sig"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-autottl"
-        "--new"
-
-        "--filter-tcp=80"
-        "--dpi-desync-ttl=1"
-        "--dpi-desync-autottl=2"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-pos=1"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-repeats=6"
-        "--dpi-desync-fooling=md5sig"
-        "--new"
-      ];
-
-      whitelist = [
-        "googlevideo.com"
-        "youtu.be"
-        "youtube.com"
-        "youtubei.googleapis.com"
-        "googlevideo.com"
-        "youtu.be"
-        "youtube.com"
-        "youtubei.googleapis.com"
-        "youtubeembeddedplayer.googleapis.com"
-        "ytimg.l.google.com"
-        "ytimg.com"
-        "jnn-pa.googleapis.com"
-        "youtube-nocookie.com"
-        "youtube-ui.l.google.com"
-        "yt-video-upload.l.google.com"
-        "wide-youtube.l.google.com"
-        "youtubekids.com"
-        "ggpht.com"
-        "music.youtube.com"
-        "test.googlevideo.com"
-        "discord.com"
-        "gateway.discord.gg"
-        "cdn.discordapp.com"
-        "discordapp.net"
-        "discordapp.com"
-        "discord.gg"
-        "media.discordapp.net"
-        "images-ext-1.discordapp.net"
-        "discord.app"
-        "discord.media"
-        "discordcdn.com"
-        "discord.dev"
-        "discord.new"
-        "discord.gift"
-        "discordstatus.com"
-        "dis.gd"
-        "discord.co"
-        "discord-attachments-uploads-prd.storage.googleapis.com"
-        "7tv.app"
-        "7tv.io"
-        "10tv.app"
-        "x.com"
-        "t.co"
-        "ads-twitter.com"
-        "twimg.com"
-        "twitter.com"
-        "pscp.tv"
-        "twtrdns.net"
-        "twttr.com"
-        "periscope.tv"
-        "tweetdeck.com"
-        "twitpic.com"
-        "twitter.co"
-        "twitterinc.com"
-        "twitteroauth.com"
-        "twitterstat.us"
-      ];
-    };
-  };
-}

viola/services/zerotier.nix

@@ -1,10 +0,0 @@
-{...}: {
-  services = {
-    zerotierone = {
-      enable = false;
-      joinNetworks = [
-        # nope
-      ];
-    };
-  };
-}

viola/systemd/oomd.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   systemd = {
     oomd = {
       enable = true;

viola/systemd/slices/root-slice.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   systemd = {
     slices = {
       root = {

viola/systemd/slices/system-slice.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   systemd = {
     slices = {
       system = {

viola/systemd/slices/user-slice.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   systemd = {
     slices = {
       user = {

viola/time/timeZone.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   time = {
     timeZone = "Europe/Moscow";
     hardwareClockInLocalTime = true;

viola/users/mutableUsers.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   users = {
     mutableUsers = false;
   };

viola/users/users/hand7s.nix

@@ -1,14 +1,13 @@
-{...}: {
+_: {
   users = {
     users = {
-      hand7s = {
+      "hand7s" = {
         description = "me";
         isSystemUser = false;
         isNormalUser = true;
         initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/";
         extraGroups = [
           "wheel"
-          "networkmanager"
           "docker"
         ];
       };

viola/users/users/root.nix

@@ -1,7 +1,7 @@
-{...}: {
+_: {
   users = {
     users = {
-      root = {
+      "root" = {
         initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0";
       };
     };

viola/virtualisation/docker.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   virtualisation = {
     docker = {
       enable = true;