kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: move to wivrn, vencord

Browse source
This commit is contained in:
Kat Inskip 2025-08-22 00:43:54 -07:00
parent 5c7dc38a13
commit 62a07510f9
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
18 changed files with 321 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -10,6 +10,7 @@ keys:
- &daiyousei age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
- &goliath age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
- &goliath_kat age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz
- &syncthing age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594
creation_rules:
- path_regex: tf/terraform.tfvars.sops$
shamir_threshold: 1
@ -31,6 +32,7 @@ creation_rules:
- *daiyousei
- *goliath
- *goliath_kat
- *syncthing
- path_regex: ci/.*\.yaml
shamir_threshold: 1
key_groups:
@ -43,6 +45,12 @@ creation_rules:
- pgp:
- *kat
age: *age_common
- path_regex: microvms/[^/]+/.*\.yaml
shamir_threshold: 1
key_groups:
- pgp:
- *kat
age: *age_common
- path_regex: nixos/[^/]+/.*\.yaml
shamir_threshold: 1
key_groups:

23
flake.lock generated
View file

@ -810,15 +810,15 @@
"lix": {
"flake": false,
"locked": {
"lastModified": 1753223229,
"narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=",
"rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a",
"lastModified": 1753306948,
"narHash": "sha256-Y733rfa66tmE+kzYEgeOThOPWRRMy/0QN+Mmj7uHBNE=",
"rev": "88302eaaf423897d5cc84272fc00846749261d1b",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a"
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/88302eaaf423897d5cc84272fc00846749261d1b.tar.gz?rev=88302eaaf423897d5cc84272fc00846749261d1b"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
}
},
"lix-module": {
@ -831,16 +831,16 @@
]
},
"locked": {
"lastModified": 1755512154,
"narHash": "sha256-/ySltwXacRewWwY/ze3TandOYMTH8GB11JQGazvw23c=",
"ref": "release-2.93",
"rev": "6a343d03d6497aefe98013b215d21d06a59e4442",
"revCount": 152,
"lastModified": 1751239988,
"narHash": "sha256-/yAP5zHAs5hT3NUYWaKnVuaLuxVLDMmn3jPdWAMOVNo=",
"ref": "release-2.92",
"rev": "91b03e3ace9005f50b2fbe81d2533d988e19df6e",
"revCount": 136,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
"original": {
"ref": "release-2.93",
"ref": "release-2.92",
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
}
@ -865,6 +865,7 @@
},
"original": {
"owner": "microvm-nix",
"ref": "main",
"repo": "microvm.nix",
"type": "github"
}

4
flake.nix
View file

@ -31,7 +31,7 @@
};
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.93";
url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92";
inputs.nixpkgs.follows = "nixpkgs";
#inputs.lix = {
# url = "git+https://git.lix.systems/lix-project/lix";
@ -39,7 +39,7 @@
#};
};
microvm = {
url = "github:microvm-nix/microvm.nix";
url = "github:microvm-nix/microvm.nix/main";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";

170
home/environments/niri/autostart.nix
View file

@ -23,89 +23,97 @@ in {
${pkgs.glib}/bin/gsettings set "$gnome_schema" font-name "$font_name"
'';
systemctl = getExe' pkgs.systemd "systemctl";
in [
{
packageExe' = pkgAttr: getExe' pkgs.${pkgAttr} pkgAttr;
packageExe = pkgAttr: getExe pkgs.${pkgAttr};
packageCommand = attr: {
command = [
"${getExe import-gsettings}"
(packageExe attr)
];
}
{
};
packageCommand' = attr: {
command = [
"${systemctl}"
"--user"
"start"
"waybar.service"
(packageExe' attr)
];
}
{
command = [
"${systemctl}"
"--user"
"restart"
"konawall-py.service"
];
}
{
command = [
"${systemctl}"
"--user"
"start"
"swaync.service"
];
}
#{
# command = [
# "${pkgs.xwayland-satellite}/bin/xwayland-satellite"
# ];
#}
# program autostart
{
command = [
"${getExe' config.programs.niriswitcher.package "niriswitcher"}"
];
}
{
command = [
"${getExe' pkgs.dbus "dbus-update-activation-environment"}"
"--all"
];
}
{
command = [
"${getExe' config.programs.vesktop.package "vesktop"}"
"--enable-features=WaylandLinuxDrmSyncobj,UseOzonePlatform"
"--ozone-platform=wayland"
];
}
{
command = [
"${getExe' config.programs.thunderbird.package "thunderbird"}"
];
}
{
command = [
"${getExe' pkgs.udiskie "udiskie"}"
];
}
{
command = [
"${getExe' pkgs.easyeffects "easyeffects"}"
];
}
{
command = [
"${getExe pkgs.pasystray}"
];
}
{
command = [
"${getExe pkgs.networkmanagerapplet}"
];
}
{
command = [
"firefox"
];
}
];
};
packages' = [
"udiskie"
"easyeffects"
"pasystray"
];
packages = [
"pasystray"
"pavucontrol"
"networkmanagerapplet"
];
packageCommands = let
packageCommands' = map packageCommand' packages';
packageCommands'' = map packageCommand packages;
in
packageCommands' ++ packageCommands'';
in
packageCommands
++ [
{
command = [
"${getExe import-gsettings}"
];
}
{
command = [
"${systemctl}"
"--user"
"restart"
"waybar.service"
];
}
{
command = [
"${systemctl}"
"--user"
"restart"
"konawall-py.service"
];
}
{
command = [
"${systemctl}"
"--user"
"restart"
"swaync.service"
];
}
{
command = [
"${getExe' config.programs.niriswitcher.package "niriswitcher"}"
];
}
{
command = [
"${getExe' pkgs.dbus "dbus-update-activation-environment"}"
"--all"
];
}
{
command = [
"discord"
"--enable-features=WaylandLinuxDrmSyncobj,UseOzonePlatform"
"--ozone-platform=wayland"
];
}
{
command = [
"thunderbird"
];
}
{
command = [
"obsidian"
];
}
{
command = [
"zen-beta"
];
}
];
}

6
home/environments/niri/binds.nix
View file

@ -38,16 +38,18 @@ in {
"Mod+D".action = sh ''${getExe config.programs.fuzzel.package} -D no -T "${getExe config.programs.alacritty.package} --command"'';
"Mod+Escape".action = sh ''${getExe config.programs.wlogout.package} -p layer-shell'';
"Mod+Shift+Escape".action = sh ''${getExe config.programs.swaylock.package} -f'';
"Mod+Alt+Tab" = {
"Mod+Tab" = {
#repeat = false;
cooldown-ms = 150;
action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"];
};
"Mod+Alt+Shift+Tab" = {
"Mod+Shift+Tab" = {
cooldown-ms = 150;
#repeat = false;
action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"];
};
"Mod+Shift+Ctrl+Page_Down".action.move-workspace-to-monitor-previous = {};
"Mod+Shift+Ctrl+Page_Up".action.move-workspace-to-monitor-next = {};
};
# ▄ █
# ▄▄▄ ▄▄█▄▄ ▄▄▄ ▄▄▄ █ ▄

34
home/environments/niri/niri.nix
View file

@ -70,16 +70,36 @@ in {
};
};
debug = {
wait-for-frame-completion-in-pipewire = {};
deactivate-unfocused-windows = {};
};
workspaces = {
browser = {};
mail = {};
chat = {};
vidya = {};
media = {};
audio = {};
"01-notes" = {
name = "notes";
};
"02-chat" = {
name = "chat";
};
"03-browser" = {
name = "browser";
};
"04-code" = {
name = "code";
};
"05-term" = {
name = "term";
};
"06-mail" = {
name = "mail";
};
"07-game" = {
name = "game";
};
"08-video" = {
name = "video";
};
"09-audio" = {
name = "audio";
};
};
environment = {
MOZ_ENABLE_WAYLAND = "1";

8
home/environments/niri/swaync.nix
View file

@ -1,5 +1,13 @@
_: {
stylix.targets.swaync.enable = true;
systemd.user.services.swaync = {
Service = {
Environment = [
"GSK_RENDERER=gl"
"GTK_DISABLE_VULKAN=1"
];
};
};
services.swaync = {
enable = true;
settings = {

2
home/profiles/common/stylix.nix
View file

@ -19,7 +19,7 @@
opacity = {
desktop = 1.0;
applications = 1.0;
terminal = 0.9;
terminal = 1.0;
popups = 0.8;
};
fonts = {

9
home/profiles/graphical/discord.nix
View file

@ -1,7 +1,12 @@
_: {
{pkgs, ...}: {
stylix.targets.vesktop.enable = false;
home.packages = [
(pkgs.discord.override {
withVencord = true;
})
];
programs.vesktop = {
enable = true;
enable = false;
settings = {
autoUpdate = false;
autoUpdateNotification = false;

1
home/profiles/graphical/packages.nix
View file

@ -25,7 +25,6 @@
cryptsetup # Encrypted block devices
yubikey-manager # Yubikey
v4l-utils # Webcam
obsidian
remmina
alsa-utils
pwvucontrol

19
home/profiles/shell/packages.nix
View file

@ -1,34 +1,25 @@
{pkgs, ...}: {
home.packages = with pkgs; [
# task managers
watchexec
htop
btop
# disk usage
duc
# nix formatting
gdu
nixpkgs-fmt
# show type of files
file
# command monitoring
pv
# sed replacement
sd
# sops
sops
# find replacement
fd
# ripgrep / grep replacement
ripgrep
# rename with sed
rename
# remote tmux
tmate
# remote utilities
socat
rsync
wget
whois
# nix-search
jc
hyperfine
poop
nix-search-cli
];
}

4
microvms/syncthing.nix → microvms/syncthing/default.nix
View file

@ -4,14 +4,14 @@
...
}: {
imports = with tree.nixos; [
microvm.default
microvm
servers.syncthing
];
sops.secrets."${config.networking.hostName}-sops-age-key" = {
sopsFile = ./. + "${config.networking.hostName}.yaml";
};
microvm.credentialFiles = {
SOPS_AGE_KEY = sops.secrets."${config.networking.hostName}-sops-age-key".path;
SOPS_AGE_KEY = config.sops.secrets."${config.networking.hostName}-sops-age-key".path;
};
networking.hostName = "syncthing";
services.syncthing.device_name = "daiyousei-syncthing";

119
microvms/syncthing/syncthing.yaml Normal file
View file

@ -0,0 +1,119 @@
syncthing-sops-age-key: ENC[AES256_GCM,data:XPd9TvJjULpI34LWwVoMh9uENxvoapt9QfetMkfbfdM5N9NxwFpVm7dH5S5qJ7d4XQ02Q8PNN1UtOmZPHdGeONTMZLt2f+CBvhQ=,iv:8cdlFWnY8J8YiBqzm6G9fza5swBZLili5AkAzmO/Kp8=,tag:+xS0SnkSeQZR+qnL3BB49w==,type:str]
sops:
shamir_threshold: 1
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEpXdWxWYjZzeWFLM01v
cmM4cGh1RmZQNUNrb0ExS1hlQnBIWWZmOGpvCjBFV0hHVWFBcitEQUlhV3NNZWh2
Tk5vd2VQRWVrSE9XaHExK05IVHJ6WmsKLS0tIFJWZytzTko4OTBWK0RGdmd6b05a
WEFXR2t1T1Awenp4REFZNGlWbWRTVHMKh0ZPinvFOGkaU66eTkAiV8WZcCQoEIEa
IN5w/Xpnsf6Z/bvtjIGKagJte/peyLmzbiBYiatVtZk/s6GUo+IGKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bXZyZVRLNk5qSTR4TUo0
Z0drNEYwQ3FFRG1uZjVqU011OHZCZmcxaEZRCmhZYzR5T29tSlhhQ3VWbkZ3Y2xW
YzFqcm9qMm9sMzM2bklFVVhRaHFUT0UKLS0tIC9LOFRYVW5xKzY5MFhwWFlwUWJZ
bE1qeitDMVhrZWtNUE1CRDdid1hUWm8KZusEpks37c1akMtbv9cOS7fih/EMYD3t
dy266p8Y+TYMFmyEysFTGqpnWAL4buZYUSbiZSs7YJXpUlCukIcW2A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a0m73qr8hhuz8xemv4vymf4wmpghm2hst8wgrn3pn65ext5mf4ksk0vsdm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR3RRdFY0RnFXNnZ5MVVt
YWhFMHRTMlRwVXV5N3o5MlFtMHE5dFpNZFQwCkU4aWUzNTVQOVBvUkEraG5iZndV
QlZUelFSZWc3RHB5dkxuaFMrb2U2VHMKLS0tIFBaS1lHeGo1UjREMDZOM1IycmVp
dkRsVVhEcnEycGlyVnZCZEVuTG9PYU0KIIjA5v1Hm9Xc18KAoJqPL1fRtr+kAn//
ugYTX361iC4D6U4J9ioYgYh8dJcNY2TeaBnYfI0BNcUoj+uZ7T7avA==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eFhIVU1uNWZSM1o3WTE4
YTMzc0tsMGFUc3RtYktCNEhnMWtIUzZjd3o4CmUwWHRYUXVObERLN2hBcC83SlFV
ZGhBbHFYZkJpaUJRNStFMy95VlRsK2sKLS0tIGR1b1NQTDM2ZVpiQzladmUzNVUw
Nis2Wm1MQi9Ha2xIVFNpNmV5ZHE4U1UKiC+t8gHVaMGX2q4r4jrz2A4TayihXj1a
NKoFZztUDgvfUd5X3l1B8rSU4DlxGZWX/WbHgBYQTHuU/Jzu74iN5g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWGkvMkV5aDM4dGp0VVNK
eEhKdG9KTXhaSGNGUFZzeXJjK3NwY0Jwd2lRCm5iTzIyQnQ5Zmtnazk2YzBJMkZm
NDhnMnduZDlhNEVvbXkyYURSYzlYM2sKLS0tIGdGeTMwK2lDRzZEYXZRcDlHZ2po
MlNmbjFQZzlxN0hkTlFFNE1sd2tLYWsKK2IO3UuJrdqZerqcMOzFzrDT81DHBy87
2v6FFpgqSmA3BzHMxwU+T5BMs87ltPOwdhxt0jIYX9RzEQFm5cv0BA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaT2lTV09yako4V3RGNGJ5
THJRcC92YStKMk9KZThBa1JrUkFWUzZZaXpJClFENGpMdjJuci9CS3NjbE5TbkZT
Y09SSGtQR0dsWnExbURoQnJqc1B5aGsKLS0tIDdJSHY2RW41cUNKWVZaaU83SnF1
dmFyL21VanM2UzJ0UDh0RWY1cTV4UTAKJjgo+epeWpGhNnT7KXLIUCE2llrIeRMz
u8K7heqBt+Okuf7dQ25pPMwG+2pmVsEt5SyD7NPATs37BtOr92E3dw==
-----END AGE ENCRYPTED FILE-----
- recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNllyUThHZG5GeHpxZVJX
WFUrY25hbXRUazVzOEk3Rk9kd0VRMXFrUkFNCmF5NzI3OEhkTTdDd21pTHVvcmJo
cjBGTENNWmxPc0xqdjBqaXg2dmN1YUUKLS0tIGU3ZjB4Zm1pWkY0MzJWNjNMMk13
ajdOb2NIT0VNS0syOWtmbGsyR2dyL3cKh6pAJgRNDKUeDKfiABuuYQXSihRfuANX
LKhkys8nRYYLIMNx/qHiCmItv//iXee1+rLKi2gI21tefb0UsqVeSA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWDYxa0VDL295c1BUVnFG
ak1yaUFFb1NoMko0aElrSlZmNnJtdWhYOFFVCmpiTHJzOEdKUUx3dDlPSjhYb1NR
bVc3N1cxYXZsc1g2aUluclllUHFyQTgKLS0tIEM2WnNsZDRTVXliODdOZ1EwU1Nu
WlhtZHM3Z2dteE0vZUF1aTFsVm9ycHcKY2iwYH1ObfRfeSBgvjp5t4lUC9tGc8Ky
RdVoc+8ZIh2cCOn07WcVnepA5zVVDgYRtKaV+6y1SjhQJDcG9MG6oQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5S09qRkVrdUNJUlVhc2Ux
QnBJQ2FvaHZ5dEd0eGdOOUpWR2gvdU1oTm1zCk1mUU56TG43QVpPL1NLTTdpUDNL
T25EcVprR2s3cG1Sellza1JmQ25neG8KLS0tIEZkN3FIMXpJcjEvZ3NLSHNHc29R
aW9jYUFYQkZZL3BwMjZmL25vZGVsbjAK+Rs6/S5LnuW1w1xzo9zZqcrIsgNT6e4k
QNlG9rphFC8mzJ5/xyDypXH23Q46rG+1VfMAlYIarv9OZR5OZj3hIw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbGN1VnR3Q3BDNUhqSkM3
c3RpYUorSDNuTFQwSXlleVV4M3lDKzBDaDFRCmNaV25NRE9qQ08yR1lEd2NSVzJT
dzVid1d2RWFSaHdPdk9pZ2VZOUJjUFUKLS0tIDh0cGNteUZRTXkvNlQ3NGRRRjVX
SWc2VzdSN0dScE55WGpJcVV2bDByVzgK3MzbiLNK2PYj5peq7lFd6uwg0Buf7uYl
8g2UYiWp5hpOM+gNxxubi6oMcP1+KuAIP4sZL+0rVKMkRNZc3v9T6A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-21T10:19:32Z"
mac: ENC[AES256_GCM,data:SX7oXbhhsuh9k64Txz+MbHmvcZ3LOgkzNnPaYADB89ynYcyRCdMU9zshXKmikoTdGvj1uUtxLZYZ0MtsK8E+YRdbSdtuHBcH8nGcqbvHJqCwrZ9Z7a4imY8lpuX4xqqEI2BtPaavyG7sAHZD9t1x+m1k1wdjLfGNRStRHbic5UQ=,iv:IjwhOlezLBRhqQwSUYrSFiz2J8lYjHKjA9ZcQJgrSRk=,tag:p2uWlZCaXKGXGLg7/jYTbA==,type:str]
pgp:
- created_at: "2025-08-21T10:19:15Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/+IHaxp1vwytlW/ha2LD4ZIc7DR1+GH06uRwqqeQAHNEK1
0EDzczMXlnQ6xqZdZUtHZX4o5cm8ulsMJZLzIOyzhYsyl7GQ+Lfxa5k2/K5ZMrxO
/FUiHHcf98dJRWBsK8hrgiAOAJPnEB/IG2eqM6jI0oRy3M1FirIBj7TfZM5M9Ncl
rrtop64zL8YcU1E0t+ti5vkJI8htfdG31dsVDNbpWcEtE7LzVgQGu9Y6cd3bK/B4
cSCDaomRie7J78n5FwcOIuloWhMBQT8qVxDECL0NEUNOy9s2tkry4dJxk6JllTNf
lMbiZIxd2eER6xeP2MEnVxGwxjdrTw6ITOQYgSlnKGkSKp+cX7lgkQRApY2gSrze
FqaqT+T2uVeREyouHQtHo/HlGqNpUoJalpIn2MEj1sGMYnEjg4ydG9IY1G72NBdM
9Zh4bjQ6hRX33issImiQSaLcWEH9z5ZVX1Vqc3FHgFSbv99bHlURl0Q2JsMsZ6BC
D2frhIlVJEH1HjVctWwr3Xo7HucLeMRc4NL40SNBm52uxdEPC4G7UMlPB/WH0Uk0
6g6Tl6XXDn33X7+GPA5wnZh/dk6nbVhC9Pe/Wh4xrIDnzq/eDnw3O0zTEk68SyHE
/3HK44WS4K3D98yHPLzV5FGpt9ZFCJKv7rXkucbPjbooNCzYSqXo+eIHWZL3UybS
XgGp8QAHWGLsjxIztNhkSDTuVfJ1kvDOSqVO5kGXvn/EDiHSwJzHngR5cSx38RyZ
PK5ZkBkbTzfEUpLRXQ9vdu+NSdB0QX874t/i2u/FqU2hxcyswRmVTU4HcPNAwlg=
=i/Sg
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.10.2

47
nixos/microvm/default.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkDefault;
@ -13,7 +14,6 @@ in {
vcpu = 2;
mem = 2048;
initialBalloonMem = 256;
balloon = true;
volumes = [
{
autoCreate = true;
@ -34,6 +34,28 @@ in {
boot = {
loader.grub.enable = false;
loader.systemd-boot.enable = false;
initrd.kernelModules = [
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
"nf_conntrack"
];
kernel.sysctl = let
limit = 2 * 1024;
mem =
if (config?microvm)
then config.microvm.mem
else limit;
in
lib.optionalAttrs (mem <= limit) {
# table overflow causing packets from nginx to the service to drop
# nf_conntrack: nf_conntrack: table full, dropping packet
"net.netfilter.nf_conntrack_max" = lib.mkDefault "65536";
};
kernelParams = [
# mitigations which cost the most performance and are the least real world relevant
# NOTE: keep in sync with baremetal.nix
"retbleed=off"
"gather_data_sampling=off" # Downfall
];
};
fileSystems = {
@ -48,29 +70,6 @@ in {
};
hardware.enableRedistributableFirmware = false;
initrd.kernelModules = [
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
"nf_conntrack"
];
kernel.sysctl = let
limit = 2 * 1024;
mem =
if (config?microvm)
then config.microvm.mem
else limit;
in
lib.optionalAttrs (mem <= limit) {
# table overflow causing packets from nginx to the service to drop
# nf_conntrack: nf_conntrack: table full, dropping packet
"net.netfilter.nf_conntrack_max" = lib.mkDefault "65536";
};
kernelParams = [
# mitigations which cost the most performance and are the least real world relevant
# NOTE: keep in sync with baremetal.nix
"retbleed=off"
"gather_data_sampling=off" # Downfall
];
system.build.installBootLoader = getExe' pkgs.coreutils "true";
systemd.tmpfiles.rules = [

21
nixos/profiles/gaming/vr.nix
View file

@ -1,20 +1,14 @@
{pkgs, ...}: {
programs.envision = {
enable = false;
openFirewall = true; # This is set true by default
};
/*
services.wivrn = {
services.wivrn = {
enable = true;
openFirewall = true;
package = pkgs.wivrn.override { cudaSupport = true; };
package = pkgs.wivrn.override {cudaSupport = true;};
defaultRuntime = true;
config = {
enable = true;
json = {
scale = [ 0.5 0.5 ];
bitrate = 300*1000;
scale = [0.5 0.5];
bitrate = 300 * 1000;
encoders = [
{
encoder = "nvenc";
@ -32,12 +26,11 @@
};
};
};
*/
environment.systemPackages = with pkgs; [
#wlx-overlay-s
#monado-vulkan-layers
#bs-manager
wlx-overlay-s
monado-vulkan-layers
bs-manager
];
networking.firewall = {

7
nixos/profiles/graphical/packages.nix
View file

@ -1,13 +1,8 @@
{
pkgs,
inputs,
...
}: {
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
jmtpfs
dnsutils
usbutils
inputs.push2talk.defaultPackage.${pkgs.system}
];
services.udev.packages = [
pkgs.android-udev-rules

8
nixos/servers/syncthing/default.nix
View file

@ -4,9 +4,9 @@
lib,
...
}: let
inherit (lib.modules) mkOption;
inherit (lib.options) mkOption;
inherit (lib.types) str nullOr;
inherit (lib.attrsets) filterAttrs mapAttrs;
inherit (lib.attrsets) filterAttrs mapAttrs mapAttrs' nameValuePair;
enabledHosts = filterAttrs (_n: v: v.config.services.syncthing.enable) self.nixosConfigurations;
enabledSyncthings = mapAttrs (_n: _v: config.services.syncthing) enabledHosts;
enabledDevices = mapAttrs' (_n: v: (nameValuePair v.device_name {id = v.device_id;})) enabledSyncthings;
@ -44,8 +44,8 @@ in {
# `syncthing generate --no-default-folder --config meep/`
# I hope this helps! That's what the content of those secrets are from.
key = sops.secrets.syncthing-key.path;
cert = sops.secrets.syncthing-cert.path;
key = config.sops.secrets.syncthing-key.path;
cert = config.sops.secrets.syncthing-cert.path;
};
};
}

2
tree.nix
View file

@ -28,6 +28,8 @@
common.functor.enable = true;
"microvms/*".functor.enable = true;
"home/*".functor.enable = true;
"home/profiles/*".functor.enable = true;
"home/environments/*".functor.enable = true;