kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: move to wivrn, vencord

Browse source
This commit is contained in:
Kat Inskip 2025-08-22 00:43:54 -07:00
parent 5c7dc38a13
commit 62a07510f9
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
18 changed files with 321 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -10,6 +10,7 @@ keys:
- &daiyousei age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5 - &daiyousei age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
- &goliath age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9 - &goliath age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
- &goliath_kat age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz - &goliath_kat age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz
- &syncthing age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594
creation_rules: creation_rules:
- path_regex: tf/terraform.tfvars.sops$ - path_regex: tf/terraform.tfvars.sops$
shamir_threshold: 1 shamir_threshold: 1
@ -31,6 +32,7 @@ creation_rules:
- *daiyousei - *daiyousei
- *goliath - *goliath
- *goliath_kat - *goliath_kat
- *syncthing
- path_regex: ci/.*\.yaml - path_regex: ci/.*\.yaml
shamir_threshold: 1 shamir_threshold: 1
key_groups: key_groups:
@ -43,6 +45,12 @@ creation_rules:
- pgp: - pgp:
- *kat - *kat
age: *age_common age: *age_common
- path_regex: microvms/[^/]+/.*\.yaml
shamir_threshold: 1
key_groups:
- pgp:
- *kat
age: *age_common
- path_regex: nixos/[^/]+/.*\.yaml - path_regex: nixos/[^/]+/.*\.yaml
shamir_threshold: 1 shamir_threshold: 1
key_groups: key_groups:

23
flake.lock generated
View file

@ -810,15 +810,15 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753223229, "lastModified": 1753306948,
"narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", "narHash": "sha256-Y733rfa66tmE+kzYEgeOThOPWRRMy/0QN+Mmj7uHBNE=",
"rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", "rev": "88302eaaf423897d5cc84272fc00846749261d1b",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/88302eaaf423897d5cc84272fc00846749261d1b.tar.gz?rev=88302eaaf423897d5cc84272fc00846749261d1b"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
@ -831,16 +831,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755512154, "lastModified": 1751239988,
"narHash": "sha256-/ySltwXacRewWwY/ze3TandOYMTH8GB11JQGazvw23c=", "narHash": "sha256-/yAP5zHAs5hT3NUYWaKnVuaLuxVLDMmn3jPdWAMOVNo=",
"ref": "release-2.93", "ref": "release-2.92",
"rev": "6a343d03d6497aefe98013b215d21d06a59e4442", "rev": "91b03e3ace9005f50b2fbe81d2533d988e19df6e",
"revCount": 152, "revCount": 136,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
"original": { "original": {
"ref": "release-2.93", "ref": "release-2.92",
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
} }
@ -865,6 +865,7 @@
}, },
"original": { "original": {
"owner": "microvm-nix", "owner": "microvm-nix",
"ref": "main",
"repo": "microvm.nix", "repo": "microvm.nix",
"type": "github" "type": "github"
} }

4
flake.nix
View file

@ -31,7 +31,7 @@
}; };
}; };
lix-module = { lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.93"; url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
#inputs.lix = { #inputs.lix = {
# url = "git+https://git.lix.systems/lix-project/lix"; # url = "git+https://git.lix.systems/lix-project/lix";
@ -39,7 +39,7 @@
#}; #};
}; };
microvm = { microvm = {
url = "github:microvm-nix/microvm.nix"; url = "github:microvm-nix/microvm.nix/main";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils"; flake-utils.follows = "flake-utils";

170
home/environments/niri/autostart.nix
View file

@ -23,89 +23,97 @@ in {
${pkgs.glib}/bin/gsettings set "$gnome_schema" font-name "$font_name" ${pkgs.glib}/bin/gsettings set "$gnome_schema" font-name "$font_name"
''; '';
systemctl = getExe' pkgs.systemd "systemctl"; systemctl = getExe' pkgs.systemd "systemctl";
in [ packageExe' = pkgAttr: getExe' pkgs.${pkgAttr} pkgAttr;
{ packageExe = pkgAttr: getExe pkgs.${pkgAttr};
packageCommand = attr: {
command = [ command = [
"${getExe import-gsettings}" (packageExe attr)
]; ];
} };
{ packageCommand' = attr: {
command = [ command = [
"${systemctl}" (packageExe' attr)
"--user"
"start"
"waybar.service"
]; ];
} };
{ packages' = [
command = [ "udiskie"
"${systemctl}" "easyeffects"
"--user" "pasystray"
"restart" ];
"konawall-py.service" packages = [
]; "pasystray"
} "pavucontrol"
{ "networkmanagerapplet"
command = [ ];
"${systemctl}" packageCommands = let
"--user" packageCommands' = map packageCommand' packages';
"start" packageCommands'' = map packageCommand packages;
"swaync.service" in
]; packageCommands' ++ packageCommands'';
} in
#{ packageCommands
# command = [ ++ [
# "${pkgs.xwayland-satellite}/bin/xwayland-satellite" {
# ]; command = [
#} "${getExe import-gsettings}"
# program autostart ];
{ }
command = [ {
"${getExe' config.programs.niriswitcher.package "niriswitcher"}" command = [
]; "${systemctl}"
} "--user"
{ "restart"
command = [ "waybar.service"
"${getExe' pkgs.dbus "dbus-update-activation-environment"}" ];
"--all" }
]; {
} command = [
{ "${systemctl}"
command = [ "--user"
"${getExe' config.programs.vesktop.package "vesktop"}" "restart"
"--enable-features=WaylandLinuxDrmSyncobj,UseOzonePlatform" "konawall-py.service"
"--ozone-platform=wayland" ];
]; }
} {
{ command = [
command = [ "${systemctl}"
"${getExe' config.programs.thunderbird.package "thunderbird"}" "--user"
]; "restart"
} "swaync.service"
{ ];
command = [ }
"${getExe' pkgs.udiskie "udiskie"}" {
]; command = [
} "${getExe' config.programs.niriswitcher.package "niriswitcher"}"
{ ];
command = [ }
"${getExe' pkgs.easyeffects "easyeffects"}" {
]; command = [
} "${getExe' pkgs.dbus "dbus-update-activation-environment"}"
{ "--all"
command = [ ];
"${getExe pkgs.pasystray}" }
]; {
} command = [
{ "discord"
command = [ "--enable-features=WaylandLinuxDrmSyncobj,UseOzonePlatform"
"${getExe pkgs.networkmanagerapplet}" "--ozone-platform=wayland"
]; ];
} }
{ {
command = [ command = [
"firefox" "thunderbird"
]; ];
} }
]; {
command = [
"obsidian"
];
}
{
command = [
"zen-beta"
];
}
];
} }

6
home/environments/niri/binds.nix
View file

@ -38,16 +38,18 @@ in {
"Mod+D".action = sh ''${getExe config.programs.fuzzel.package} -D no -T "${getExe config.programs.alacritty.package} --command"''; "Mod+D".action = sh ''${getExe config.programs.fuzzel.package} -D no -T "${getExe config.programs.alacritty.package} --command"'';
"Mod+Escape".action = sh ''${getExe config.programs.wlogout.package} -p layer-shell''; "Mod+Escape".action = sh ''${getExe config.programs.wlogout.package} -p layer-shell'';
"Mod+Shift+Escape".action = sh ''${getExe config.programs.swaylock.package} -f''; "Mod+Shift+Escape".action = sh ''${getExe config.programs.swaylock.package} -f'';
"Mod+Alt+Tab" = { "Mod+Tab" = {
#repeat = false; #repeat = false;
cooldown-ms = 150; cooldown-ms = 150;
action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"]; action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"];
}; };
"Mod+Alt+Shift+Tab" = { "Mod+Shift+Tab" = {
cooldown-ms = 150; cooldown-ms = 150;
#repeat = false; #repeat = false;
action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"]; action.spawn = ["${getExe' pkgs.glib "gdbus"}" "call" "--session" "--dest" "io.github.isaksamsten.Niriswitcher" "--object-path" "/io/github/isaksamsten/Niriswitcher" "--method" "io.github.isaksamsten.Niriswitcher.application"];
}; };
"Mod+Shift+Ctrl+Page_Down".action.move-workspace-to-monitor-previous = {};
"Mod+Shift+Ctrl+Page_Up".action.move-workspace-to-monitor-next = {};
}; };
# ▄ █ # ▄ █
# ▄▄▄ ▄▄█▄▄ ▄▄▄ ▄▄▄ █ ▄ # ▄▄▄ ▄▄█▄▄ ▄▄▄ ▄▄▄ █ ▄

34
home/environments/niri/niri.nix
View file

@ -70,16 +70,36 @@ in {
}; };
}; };
debug = { debug = {
wait-for-frame-completion-in-pipewire = {};
deactivate-unfocused-windows = {}; deactivate-unfocused-windows = {};
}; };
workspaces = { workspaces = {
browser = {}; "01-notes" = {
mail = {}; name = "notes";
chat = {}; };
vidya = {}; "02-chat" = {
media = {}; name = "chat";
audio = {}; };
"03-browser" = {
name = "browser";
};
"04-code" = {
name = "code";
};
"05-term" = {
name = "term";
};
"06-mail" = {
name = "mail";
};
"07-game" = {
name = "game";
};
"08-video" = {
name = "video";
};
"09-audio" = {
name = "audio";
};
}; };
environment = { environment = {
MOZ_ENABLE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1";

8
home/environments/niri/swaync.nix
View file

@ -1,5 +1,13 @@
_: { _: {
stylix.targets.swaync.enable = true; stylix.targets.swaync.enable = true;
systemd.user.services.swaync = {
Service = {
Environment = [
"GSK_RENDERER=gl"
"GTK_DISABLE_VULKAN=1"
];
};
};
services.swaync = { services.swaync = {
enable = true; enable = true;
settings = { settings = {

2
home/profiles/common/stylix.nix
View file

@ -19,7 +19,7 @@
opacity = { opacity = {
desktop = 1.0; desktop = 1.0;
applications = 1.0; applications = 1.0;
terminal = 0.9; terminal = 1.0;
popups = 0.8; popups = 0.8;
}; };
fonts = { fonts = {

9
home/profiles/graphical/discord.nix
View file

@ -1,7 +1,12 @@
_: { {pkgs, ...}: {
stylix.targets.vesktop.enable = false; stylix.targets.vesktop.enable = false;
home.packages = [
(pkgs.discord.override {
withVencord = true;
})
];
programs.vesktop = { programs.vesktop = {
enable = true; enable = false;
settings = { settings = {
autoUpdate = false; autoUpdate = false;
autoUpdateNotification = false; autoUpdateNotification = false;

1
home/profiles/graphical/packages.nix
View file

@ -25,7 +25,6 @@
cryptsetup # Encrypted block devices cryptsetup # Encrypted block devices
yubikey-manager # Yubikey yubikey-manager # Yubikey
v4l-utils # Webcam v4l-utils # Webcam
obsidian
remmina remmina
alsa-utils alsa-utils
pwvucontrol pwvucontrol

19
home/profiles/shell/packages.nix
View file

@ -1,34 +1,25 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
# task managers watchexec
htop htop
btop btop
# disk usage gdu
duc
# nix formatting
nixpkgs-fmt nixpkgs-fmt
# show type of files
file file
# command monitoring
pv pv
# sed replacement
sd sd
# sops
sops sops
# find replacement
fd fd
# ripgrep / grep replacement
ripgrep ripgrep
# rename with sed
rename rename
# remote tmux
tmate tmate
# remote utilities
socat socat
rsync rsync
wget wget
whois whois
# nix-search jc
hyperfine
poop
nix-search-cli nix-search-cli
]; ];
} }

4
microvms/syncthing.nix → microvms/syncthing/default.nix
View file

@ -4,14 +4,14 @@
... ...
}: { }: {
imports = with tree.nixos; [ imports = with tree.nixos; [
microvm.default microvm
servers.syncthing servers.syncthing
]; ];
sops.secrets."${config.networking.hostName}-sops-age-key" = { sops.secrets."${config.networking.hostName}-sops-age-key" = {
sopsFile = ./. + "${config.networking.hostName}.yaml"; sopsFile = ./. + "${config.networking.hostName}.yaml";
}; };
microvm.credentialFiles = { microvm.credentialFiles = {
SOPS_AGE_KEY = sops.secrets."${config.networking.hostName}-sops-age-key".path; SOPS_AGE_KEY = config.sops.secrets."${config.networking.hostName}-sops-age-key".path;
}; };
networking.hostName = "syncthing"; networking.hostName = "syncthing";
services.syncthing.device_name = "daiyousei-syncthing"; services.syncthing.device_name = "daiyousei-syncthing";

119
microvms/syncthing/syncthing.yaml Normal file
View file

@ -0,0 +1,119 @@
syncthing-sops-age-key: ENC[AES256_GCM,data:XPd9TvJjULpI34LWwVoMh9uENxvoapt9QfetMkfbfdM5N9NxwFpVm7dH5S5qJ7d4XQ02Q8PNN1UtOmZPHdGeONTMZLt2f+CBvhQ=,iv:8cdlFWnY8J8YiBqzm6G9fza5swBZLili5AkAzmO/Kp8=,tag:+xS0SnkSeQZR+qnL3BB49w==,type:str]
sops:
shamir_threshold: 1
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEpXdWxWYjZzeWFLM01v
cmM4cGh1RmZQNUNrb0ExS1hlQnBIWWZmOGpvCjBFV0hHVWFBcitEQUlhV3NNZWh2
Tk5vd2VQRWVrSE9XaHExK05IVHJ6WmsKLS0tIFJWZytzTko4OTBWK0RGdmd6b05a
WEFXR2t1T1Awenp4REFZNGlWbWRTVHMKh0ZPinvFOGkaU66eTkAiV8WZcCQoEIEa
IN5w/Xpnsf6Z/bvtjIGKagJte/peyLmzbiBYiatVtZk/s6GUo+IGKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bXZyZVRLNk5qSTR4TUo0
Z0drNEYwQ3FFRG1uZjVqU011OHZCZmcxaEZRCmhZYzR5T29tSlhhQ3VWbkZ3Y2xW
YzFqcm9qMm9sMzM2bklFVVhRaHFUT0UKLS0tIC9LOFRYVW5xKzY5MFhwWFlwUWJZ
bE1qeitDMVhrZWtNUE1CRDdid1hUWm8KZusEpks37c1akMtbv9cOS7fih/EMYD3t
dy266p8Y+TYMFmyEysFTGqpnWAL4buZYUSbiZSs7YJXpUlCukIcW2A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a0m73qr8hhuz8xemv4vymf4wmpghm2hst8wgrn3pn65ext5mf4ksk0vsdm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR3RRdFY0RnFXNnZ5MVVt
YWhFMHRTMlRwVXV5N3o5MlFtMHE5dFpNZFQwCkU4aWUzNTVQOVBvUkEraG5iZndV
QlZUelFSZWc3RHB5dkxuaFMrb2U2VHMKLS0tIFBaS1lHeGo1UjREMDZOM1IycmVp
dkRsVVhEcnEycGlyVnZCZEVuTG9PYU0KIIjA5v1Hm9Xc18KAoJqPL1fRtr+kAn//
ugYTX361iC4D6U4J9ioYgYh8dJcNY2TeaBnYfI0BNcUoj+uZ7T7avA==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eFhIVU1uNWZSM1o3WTE4
YTMzc0tsMGFUc3RtYktCNEhnMWtIUzZjd3o4CmUwWHRYUXVObERLN2hBcC83SlFV
ZGhBbHFYZkJpaUJRNStFMy95VlRsK2sKLS0tIGR1b1NQTDM2ZVpiQzladmUzNVUw
Nis2Wm1MQi9Ha2xIVFNpNmV5ZHE4U1UKiC+t8gHVaMGX2q4r4jrz2A4TayihXj1a
NKoFZztUDgvfUd5X3l1B8rSU4DlxGZWX/WbHgBYQTHuU/Jzu74iN5g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWGkvMkV5aDM4dGp0VVNK
eEhKdG9KTXhaSGNGUFZzeXJjK3NwY0Jwd2lRCm5iTzIyQnQ5Zmtnazk2YzBJMkZm
NDhnMnduZDlhNEVvbXkyYURSYzlYM2sKLS0tIGdGeTMwK2lDRzZEYXZRcDlHZ2po
MlNmbjFQZzlxN0hkTlFFNE1sd2tLYWsKK2IO3UuJrdqZerqcMOzFzrDT81DHBy87
2v6FFpgqSmA3BzHMxwU+T5BMs87ltPOwdhxt0jIYX9RzEQFm5cv0BA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaT2lTV09yako4V3RGNGJ5
THJRcC92YStKMk9KZThBa1JrUkFWUzZZaXpJClFENGpMdjJuci9CS3NjbE5TbkZT
Y09SSGtQR0dsWnExbURoQnJqc1B5aGsKLS0tIDdJSHY2RW41cUNKWVZaaU83SnF1
dmFyL21VanM2UzJ0UDh0RWY1cTV4UTAKJjgo+epeWpGhNnT7KXLIUCE2llrIeRMz
u8K7heqBt+Okuf7dQ25pPMwG+2pmVsEt5SyD7NPATs37BtOr92E3dw==
-----END AGE ENCRYPTED FILE-----
- recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNllyUThHZG5GeHpxZVJX
WFUrY25hbXRUazVzOEk3Rk9kd0VRMXFrUkFNCmF5NzI3OEhkTTdDd21pTHVvcmJo
cjBGTENNWmxPc0xqdjBqaXg2dmN1YUUKLS0tIGU3ZjB4Zm1pWkY0MzJWNjNMMk13
ajdOb2NIT0VNS0syOWtmbGsyR2dyL3cKh6pAJgRNDKUeDKfiABuuYQXSihRfuANX
LKhkys8nRYYLIMNx/qHiCmItv//iXee1+rLKi2gI21tefb0UsqVeSA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWDYxa0VDL295c1BUVnFG
ak1yaUFFb1NoMko0aElrSlZmNnJtdWhYOFFVCmpiTHJzOEdKUUx3dDlPSjhYb1NR
bVc3N1cxYXZsc1g2aUluclllUHFyQTgKLS0tIEM2WnNsZDRTVXliODdOZ1EwU1Nu
WlhtZHM3Z2dteE0vZUF1aTFsVm9ycHcKY2iwYH1ObfRfeSBgvjp5t4lUC9tGc8Ky
RdVoc+8ZIh2cCOn07WcVnepA5zVVDgYRtKaV+6y1SjhQJDcG9MG6oQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5S09qRkVrdUNJUlVhc2Ux
QnBJQ2FvaHZ5dEd0eGdOOUpWR2gvdU1oTm1zCk1mUU56TG43QVpPL1NLTTdpUDNL
T25EcVprR2s3cG1Sellza1JmQ25neG8KLS0tIEZkN3FIMXpJcjEvZ3NLSHNHc29R
aW9jYUFYQkZZL3BwMjZmL25vZGVsbjAK+Rs6/S5LnuW1w1xzo9zZqcrIsgNT6e4k
QNlG9rphFC8mzJ5/xyDypXH23Q46rG+1VfMAlYIarv9OZR5OZj3hIw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbGN1VnR3Q3BDNUhqSkM3
c3RpYUorSDNuTFQwSXlleVV4M3lDKzBDaDFRCmNaV25NRE9qQ08yR1lEd2NSVzJT
dzVid1d2RWFSaHdPdk9pZ2VZOUJjUFUKLS0tIDh0cGNteUZRTXkvNlQ3NGRRRjVX
SWc2VzdSN0dScE55WGpJcVV2bDByVzgK3MzbiLNK2PYj5peq7lFd6uwg0Buf7uYl
8g2UYiWp5hpOM+gNxxubi6oMcP1+KuAIP4sZL+0rVKMkRNZc3v9T6A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-21T10:19:32Z"
mac: ENC[AES256_GCM,data:SX7oXbhhsuh9k64Txz+MbHmvcZ3LOgkzNnPaYADB89ynYcyRCdMU9zshXKmikoTdGvj1uUtxLZYZ0MtsK8E+YRdbSdtuHBcH8nGcqbvHJqCwrZ9Z7a4imY8lpuX4xqqEI2BtPaavyG7sAHZD9t1x+m1k1wdjLfGNRStRHbic5UQ=,iv:IjwhOlezLBRhqQwSUYrSFiz2J8lYjHKjA9ZcQJgrSRk=,tag:p2uWlZCaXKGXGLg7/jYTbA==,type:str]
pgp:
- created_at: "2025-08-21T10:19:15Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/+IHaxp1vwytlW/ha2LD4ZIc7DR1+GH06uRwqqeQAHNEK1
0EDzczMXlnQ6xqZdZUtHZX4o5cm8ulsMJZLzIOyzhYsyl7GQ+Lfxa5k2/K5ZMrxO
/FUiHHcf98dJRWBsK8hrgiAOAJPnEB/IG2eqM6jI0oRy3M1FirIBj7TfZM5M9Ncl
rrtop64zL8YcU1E0t+ti5vkJI8htfdG31dsVDNbpWcEtE7LzVgQGu9Y6cd3bK/B4
cSCDaomRie7J78n5FwcOIuloWhMBQT8qVxDECL0NEUNOy9s2tkry4dJxk6JllTNf
lMbiZIxd2eER6xeP2MEnVxGwxjdrTw6ITOQYgSlnKGkSKp+cX7lgkQRApY2gSrze
FqaqT+T2uVeREyouHQtHo/HlGqNpUoJalpIn2MEj1sGMYnEjg4ydG9IY1G72NBdM
9Zh4bjQ6hRX33issImiQSaLcWEH9z5ZVX1Vqc3FHgFSbv99bHlURl0Q2JsMsZ6BC
D2frhIlVJEH1HjVctWwr3Xo7HucLeMRc4NL40SNBm52uxdEPC4G7UMlPB/WH0Uk0
6g6Tl6XXDn33X7+GPA5wnZh/dk6nbVhC9Pe/Wh4xrIDnzq/eDnw3O0zTEk68SyHE
/3HK44WS4K3D98yHPLzV5FGpt9ZFCJKv7rXkucbPjbooNCzYSqXo+eIHWZL3UybS
XgGp8QAHWGLsjxIztNhkSDTuVfJ1kvDOSqVO5kGXvn/EDiHSwJzHngR5cSx38RyZ
PK5ZkBkbTzfEUpLRXQ9vdu+NSdB0QX874t/i2u/FqU2hxcyswRmVTU4HcPNAwlg=
=i/Sg
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.10.2

47
nixos/microvm/default.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: let }: let
inherit (lib.modules) mkDefault; inherit (lib.modules) mkDefault;
@ -13,7 +14,6 @@ in {
vcpu = 2; vcpu = 2;
mem = 2048; mem = 2048;
initialBalloonMem = 256; initialBalloonMem = 256;
balloon = true;
volumes = [ volumes = [
{ {
autoCreate = true; autoCreate = true;
@ -34,6 +34,28 @@ in {
boot = { boot = {
loader.grub.enable = false; loader.grub.enable = false;
loader.systemd-boot.enable = false; loader.systemd-boot.enable = false;
initrd.kernelModules = [
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
"nf_conntrack"
];
kernel.sysctl = let
limit = 2 * 1024;
mem =
if (config?microvm)
then config.microvm.mem
else limit;
in
lib.optionalAttrs (mem <= limit) {
# table overflow causing packets from nginx to the service to drop
# nf_conntrack: nf_conntrack: table full, dropping packet
"net.netfilter.nf_conntrack_max" = lib.mkDefault "65536";
};
kernelParams = [
# mitigations which cost the most performance and are the least real world relevant
# NOTE: keep in sync with baremetal.nix
"retbleed=off"
"gather_data_sampling=off" # Downfall
];
}; };
fileSystems = { fileSystems = {
@ -48,29 +70,6 @@ in {
}; };
hardware.enableRedistributableFirmware = false; hardware.enableRedistributableFirmware = false;
initrd.kernelModules = [
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
"nf_conntrack"
];
kernel.sysctl = let
limit = 2 * 1024;
mem =
if (config?microvm)
then config.microvm.mem
else limit;
in
lib.optionalAttrs (mem <= limit) {
# table overflow causing packets from nginx to the service to drop
# nf_conntrack: nf_conntrack: table full, dropping packet
"net.netfilter.nf_conntrack_max" = lib.mkDefault "65536";
};
kernelParams = [
# mitigations which cost the most performance and are the least real world relevant
# NOTE: keep in sync with baremetal.nix
"retbleed=off"
"gather_data_sampling=off" # Downfall
];
system.build.installBootLoader = getExe' pkgs.coreutils "true"; system.build.installBootLoader = getExe' pkgs.coreutils "true";
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

21
nixos/profiles/gaming/vr.nix
View file

@ -1,20 +1,14 @@
{pkgs, ...}: { {pkgs, ...}: {
programs.envision = { services.wivrn = {
enable = false;
openFirewall = true; # This is set true by default
};
/*
services.wivrn = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
package = pkgs.wivrn.override { cudaSupport = true; }; package = pkgs.wivrn.override {cudaSupport = true;};
defaultRuntime = true; defaultRuntime = true;
config = { config = {
enable = true; enable = true;
json = { json = {
scale = [ 0.5 0.5 ]; scale = [0.5 0.5];
bitrate = 300*1000; bitrate = 300 * 1000;
encoders = [ encoders = [
{ {
encoder = "nvenc"; encoder = "nvenc";
@ -32,12 +26,11 @@
}; };
}; };
}; };
*/
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
#wlx-overlay-s wlx-overlay-s
#monado-vulkan-layers monado-vulkan-layers
#bs-manager bs-manager
]; ];
networking.firewall = { networking.firewall = {

7
nixos/profiles/graphical/packages.nix
View file

@ -1,13 +1,8 @@
{ {pkgs, ...}: {
pkgs,
inputs,
...
}: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jmtpfs jmtpfs
dnsutils dnsutils
usbutils usbutils
inputs.push2talk.defaultPackage.${pkgs.system}
]; ];
services.udev.packages = [ services.udev.packages = [
pkgs.android-udev-rules pkgs.android-udev-rules

8
nixos/servers/syncthing/default.nix
View file

@ -4,9 +4,9 @@
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkOption; inherit (lib.options) mkOption;
inherit (lib.types) str nullOr; inherit (lib.types) str nullOr;
inherit (lib.attrsets) filterAttrs mapAttrs; inherit (lib.attrsets) filterAttrs mapAttrs mapAttrs' nameValuePair;
enabledHosts = filterAttrs (_n: v: v.config.services.syncthing.enable) self.nixosConfigurations; enabledHosts = filterAttrs (_n: v: v.config.services.syncthing.enable) self.nixosConfigurations;
enabledSyncthings = mapAttrs (_n: _v: config.services.syncthing) enabledHosts; enabledSyncthings = mapAttrs (_n: _v: config.services.syncthing) enabledHosts;
enabledDevices = mapAttrs' (_n: v: (nameValuePair v.device_name {id = v.device_id;})) enabledSyncthings; enabledDevices = mapAttrs' (_n: v: (nameValuePair v.device_name {id = v.device_id;})) enabledSyncthings;
@ -44,8 +44,8 @@ in {
# `syncthing generate --no-default-folder --config meep/` # `syncthing generate --no-default-folder --config meep/`
# I hope this helps! That's what the content of those secrets are from. # I hope this helps! That's what the content of those secrets are from.
key = sops.secrets.syncthing-key.path; key = config.sops.secrets.syncthing-key.path;
cert = sops.secrets.syncthing-cert.path; cert = config.sops.secrets.syncthing-cert.path;
}; };
}; };
} }

2
tree.nix
View file

@ -28,6 +28,8 @@
common.functor.enable = true; common.functor.enable = true;
"microvms/*".functor.enable = true;
"home/*".functor.enable = true; "home/*".functor.enable = true;
"home/profiles/*".functor.enable = true; "home/profiles/*".functor.enable = true;
"home/environments/*".functor.enable = true; "home/environments/*".functor.enable = true;