treewide: cleanup
This commit is contained in:
parent
d772663274
commit
fe8227f279
GPG key ID:
91F97D9ED12639CF
52 changed files with 300 additions and 483 deletions
12
.sops.yaml
12
.sops.yaml
|
|
@ -18,6 +18,18 @@ creation_rules:
|
|||
- age:
|
||||
- *guanranwang
|
||||
- *lightsail-tokyo
|
||||
- path_regex: nixos/profiles/opt-in/mihomo/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *guanranwang
|
||||
- *aristotle
|
||||
- *blacksteel
|
||||
- path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *guanranwang
|
||||
- *aristotle
|
||||
- *blacksteel
|
||||
- path_regex: secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
homebrew = {
|
||||
enable = true;
|
||||
casks = [
|
||||
"altserver"
|
||||
"squirrel"
|
||||
"librewolf"
|
||||
"google-chrome"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
./fonts.nix
|
||||
# ./homebrew.nix
|
||||
./window-manager.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
13
flake.nix
13
flake.nix
|
|
@ -159,7 +159,8 @@
|
|||
// (let
|
||||
mkNixOS = system: modules:
|
||||
inputs.nixpkgs.lib.nixosSystem {
|
||||
inherit system modules;
|
||||
inherit system;
|
||||
modules = [./nixos/profiles/core] ++ modules;
|
||||
specialArgs = {inherit inputs;};
|
||||
};
|
||||
|
||||
|
|
@ -208,12 +209,18 @@
|
|||
};
|
||||
|
||||
"lightsail-tokyo" = {
|
||||
imports = [./hosts/lightsail-tokyo];
|
||||
imports = [
|
||||
./nixos/profiles/core
|
||||
./hosts/lightsail-tokyo
|
||||
];
|
||||
deployment.targetHost = "tyo0.ny4.dev";
|
||||
};
|
||||
|
||||
"blacksteel" = {
|
||||
imports = [./hosts/blacksteel];
|
||||
imports = [
|
||||
./nixos/profiles/core
|
||||
./hosts/blacksteel
|
||||
];
|
||||
deployment.targetHost = "blacksteel"; # thru tailscale
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
# https://www.pixiv.net/en/artworks/49983419
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
"adoptopenjdk-hotspot-bin"
|
||||
"cargo-bootstrap"
|
||||
"cef-binary"
|
||||
"dart"
|
||||
"osu-lazer-bin"
|
||||
"rustc-bootstrap"
|
||||
"rustc-bootstrap-wrapper"
|
||||
|
|
@ -18,14 +19,15 @@
|
|||
allowUnfree = false;
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
"fcitx5-pinyin-minecraft"
|
||||
"fcitx5-pinyin-moegirl"
|
||||
"libXNVCtrl"
|
||||
"nvidia-x11"
|
||||
"osu-lazer-bin"
|
||||
"steam"
|
||||
"steam-original"
|
||||
"steam-run"
|
||||
"xow_dongle-firmware"
|
||||
"fcitx5-pinyin-minecraft"
|
||||
"fcitx5-pinyin-moegirl"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,26 +1,18 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
{pkgs, ...}: {
|
||||
imports = [
|
||||
# OS
|
||||
../../nixos/profiles/laptop
|
||||
../../nixos/profiles/common/opt-in/mihomo
|
||||
../../nixos/profiles/common/opt-in/gaming
|
||||
../../nixos/profiles/opt-in/mihomo
|
||||
../../nixos/profiles/opt-in/wireless
|
||||
|
||||
# Hardware
|
||||
./hardware-configuration.nix
|
||||
./anti-feature.nix
|
||||
../../nixos/profiles/common/opt-in/lanzaboote.nix
|
||||
../../nixos/profiles/common/opt-in/impermanence.nix
|
||||
../../nixos/profiles/common/opt-in/disko.nix
|
||||
./disko.nix
|
||||
./graphical
|
||||
./hardware-configuration.nix
|
||||
./impermanence.nix
|
||||
./lanzaboote.nix
|
||||
];
|
||||
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
networking.hostName = "aristotle";
|
||||
time.timeZone = "Asia/Shanghai";
|
||||
_module.args.disks = ["/dev/nvme0n1"]; # Disko
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
services.tailscale = {
|
||||
|
|
@ -28,45 +20,34 @@
|
|||
openFirewall = true;
|
||||
};
|
||||
|
||||
# Stuff that I only want on my main machine
|
||||
home-manager.users.guanranwang = {
|
||||
imports = map (n: ../../home/applications/${n}) [
|
||||
"thunderbird"
|
||||
"ydict"
|
||||
programs.adb.enable = true;
|
||||
programs.anime-game-launcher.enable = true;
|
||||
programs.steam.enable = true;
|
||||
services.power-profiles-daemon.enable = true;
|
||||
|
||||
# https://wiki.archlinux.org/title/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth
|
||||
hardware.xone.enable = true; # via wired or wireless dongle
|
||||
hardware.xpadneo.enable = true; # via Bluetooth
|
||||
|
||||
### https://wiki.archlinux.org/title/Gaming#Improving_performance
|
||||
systemd.tmpfiles.rules = [
|
||||
"w /proc/sys/vm/min_free_kbytes - - - - 1048576"
|
||||
"w /proc/sys/vm/swappiness - - - - 10"
|
||||
"w /sys/kernel/mm/lru_gen/enabled - - - - 5"
|
||||
"w /proc/sys/vm/zone_reclaim_mode - - - - 0"
|
||||
"w /proc/sys/vm/page_lock_unfairness - - - - 1"
|
||||
"w /proc/sys/kernel/sched_child_runs_first - - - - 0"
|
||||
"w /proc/sys/kernel/sched_autogroup_enabled - - - - 1"
|
||||
"w /proc/sys/kernel/sched_cfs_bandwidth_slice_us - - - - 500"
|
||||
"w /sys/kernel/debug/sched/latency_ns - - - - 1000000"
|
||||
"w /sys/kernel/debug/sched/migration_cost_ns - - - - 500000"
|
||||
"w /sys/kernel/debug/sched/min_granularity_ns - - - - 500000"
|
||||
"w /sys/kernel/debug/sched/wakeup_granularity_ns - - - - 0"
|
||||
"w /sys/kernel/debug/sched/nr_migrate - - - - 8"
|
||||
];
|
||||
|
||||
home.packages =
|
||||
(with pkgs; [
|
||||
amberol
|
||||
fractal
|
||||
gnome-calculator
|
||||
hyperfine
|
||||
mousai
|
||||
])
|
||||
++ (with inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.scripts; [
|
||||
lofi
|
||||
]);
|
||||
|
||||
programs.obs-studio.enable = true;
|
||||
};
|
||||
|
||||
# for udev rules
|
||||
programs.adb.enable = true;
|
||||
|
||||
# fucking hell
|
||||
programs.anime-game-launcher.enable = true;
|
||||
|
||||
# nouveou
|
||||
services.xserver.videoDrivers = [];
|
||||
|
||||
# novideo
|
||||
# hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
|
||||
# environment.sessionVariables."MOZ_ENABLE_WAYLAND" = "0";
|
||||
# networking.networkmanager.enable = false;
|
||||
# services.xserver.desktopManager.gnome.enable = true;
|
||||
# services.xserver.displayManager.gdm.enable = true;
|
||||
# # https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1562
|
||||
# services.udev.extraRules = ''
|
||||
# ENV{DEVNAME}=="/dev/dri/card1", TAG+="mutter-device-preferred-primary"
|
||||
# '';
|
||||
# yubikey
|
||||
environment.systemPackages = [pkgs.yubikey-manager];
|
||||
services.pcscd.enable = true;
|
||||
services.udev.packages = [pkgs.yubikey-personalization];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
{disks ? ["/dev/sda"], ...}: let
|
||||
let
|
||||
disks = ["/dev/nvme0n1"];
|
||||
# compress-force: https://t.me/archlinuxcn_group/3054167
|
||||
mountOptions = ["defaults" "compress-force=zstd" "noatime"];
|
||||
cryptSettings = {
|
||||
|
|
@ -1,14 +1,7 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
{pkgs, ...}: {
|
||||
### home-manager
|
||||
home-manager.users.guanranwang = import ./home;
|
||||
|
||||
# plymouth
|
||||
#boot.plymouth.enable = true;
|
||||
|
||||
# xserver
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
|
@ -21,7 +14,6 @@
|
|||
|
||||
# polkit
|
||||
security.polkit.enable = true;
|
||||
environment.systemPackages = with pkgs; [polkit_gnome];
|
||||
systemd.user.services.polkit-gnome-authentication-agent-1 = {
|
||||
description = "polkit-gnome-authentication-agent-1";
|
||||
wantedBy = ["graphical-session.target"];
|
||||
|
|
@ -36,16 +28,13 @@
|
|||
};
|
||||
};
|
||||
|
||||
### Options
|
||||
my.boot.noLoaderMenu = lib.mkDefault true;
|
||||
|
||||
fonts.enableDefaultPackages = false;
|
||||
security.pam.services.swaylock = {};
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
xdgOpenUsePortal = true;
|
||||
wlr.enable = true;
|
||||
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
|
||||
extraPortals = [pkgs.xdg-desktop-portal-gtk];
|
||||
# https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
|
||||
config."sway" = {
|
||||
default = "gtk";
|
||||
|
|
@ -54,33 +43,24 @@
|
|||
"org.freedesktop.impl.portal.Inhibit" = "none";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
gvfs.enable = true;
|
||||
gnome = {
|
||||
gnome-keyring.enable = true;
|
||||
sushi.enable = true;
|
||||
gnome-online-accounts.enable = true;
|
||||
sushi.enable = true;
|
||||
};
|
||||
};
|
||||
programs = {
|
||||
kdeconnect = {
|
||||
|
||||
programs.kdeconnect = {
|
||||
enable = true;
|
||||
#package = pkgs.gnomeExtensions.gsconnect;
|
||||
package = pkgs.valent;
|
||||
};
|
||||
};
|
||||
services.libinput = {
|
||||
touchpad = {
|
||||
accelProfile = "flat";
|
||||
naturalScrolling = true;
|
||||
middleEmulation = false;
|
||||
};
|
||||
mouse = {
|
||||
accelProfile = "flat";
|
||||
naturalScrolling = true;
|
||||
middleEmulation = false;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [pkgs.localsend];
|
||||
networking.firewall.allowedTCPPorts = [53317];
|
||||
networking.firewall.allowedUDPPorts = [53317];
|
||||
|
||||
### Removes debounce time
|
||||
# https://www.reddit.com/r/linux_gaming/comments/ku6gth
|
||||
65
hosts/aristotle/graphical/home/default.nix
Normal file
65
hosts/aristotle/graphical/home/default.nix
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports =
|
||||
[
|
||||
./fonts
|
||||
./theme.nix
|
||||
./xdg-mime.nix
|
||||
]
|
||||
++ map (n: ../../../../home/applications/${n}) [
|
||||
"fcitx5"
|
||||
"firefox"
|
||||
"foot"
|
||||
"go"
|
||||
"mpv"
|
||||
"nautilus"
|
||||
"nix"
|
||||
"sway"
|
||||
"thunderbird"
|
||||
"ydict"
|
||||
];
|
||||
|
||||
# https://wiki.archlinux.org/title/Fish#Start_X_at_login
|
||||
programs.fish.loginShellInit = ''
|
||||
if test -z "$DISPLAY" -a "$XDG_VTNR" = 1
|
||||
exec sway
|
||||
end
|
||||
'';
|
||||
|
||||
home.packages =
|
||||
(
|
||||
with pkgs; [
|
||||
amberol
|
||||
dconf-editor
|
||||
file-roller
|
||||
fractal
|
||||
gnome-calculator
|
||||
hyperfine
|
||||
loupe
|
||||
mousai
|
||||
seahorse
|
||||
|
||||
(prismlauncher.override {
|
||||
glfw = glfw-wayland-minecraft;
|
||||
gamemodeSupport = false;
|
||||
})
|
||||
mumble
|
||||
osu-lazer-bin
|
||||
]
|
||||
)
|
||||
++ (with inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.scripts; [
|
||||
lofi
|
||||
]);
|
||||
|
||||
home.sessionVariables = {
|
||||
# https://github.com/ppy/osu-framework/pull/6292
|
||||
"OSU_SDL3" = "1";
|
||||
};
|
||||
|
||||
programs.mangohud.enable = true;
|
||||
programs.obs-studio.enable = true;
|
||||
services.ssh-agent.enable = true;
|
||||
}
|
||||
|
|
@ -5,14 +5,41 @@
|
|||
inputs.nixos-sensible.nixosModules.zram
|
||||
];
|
||||
|
||||
hardware.nvidia.nvidiaSettings = false;
|
||||
services.hdapsd.enable = false;
|
||||
my.hardware = {
|
||||
audio.enable = true;
|
||||
bluetooth.enable = true;
|
||||
tpm.enable = true;
|
||||
services.thermald.enable = true;
|
||||
|
||||
security.rtkit.enable = true;
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
settings.General.FastConnectable = true;
|
||||
};
|
||||
|
||||
# nouveou
|
||||
services.xserver.videoDrivers = [];
|
||||
|
||||
# novideo
|
||||
# hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
|
||||
# hardware.nvidia.nvidiaSettings = false;
|
||||
# environment.sessionVariables."MOZ_ENABLE_WAYLAND" = "0";
|
||||
# networking.networkmanager.enable = false;
|
||||
# services.xserver.desktopManager.gnome.enable = true;
|
||||
# services.xserver.displayManager.gdm.enable = true;
|
||||
# # https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1562
|
||||
# services.udev.extraRules = ''
|
||||
# ENV{DEVNAME}=="/dev/dri/card1", TAG+="mutter-device-preferred-primary"
|
||||
# '';
|
||||
|
||||
boot.loader.timeout = 0;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
|
||||
boot.kernelModules = ["kvm-intel"];
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [sbctl];
|
||||
boot.loader.systemd-boot.enable = false;
|
||||
environment.systemPackages = [pkgs.sbctl];
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
|
|
@ -8,13 +8,11 @@
|
|||
builtins.elem (lib.getName pkg) [
|
||||
"adoptopenjdk-hotspot-bin"
|
||||
"cargo-bootstrap"
|
||||
"cef-binary"
|
||||
"minecraft-server"
|
||||
"rustc-bootstrap"
|
||||
"rustc-bootstrap-wrapper"
|
||||
"sof-firmware"
|
||||
"temurin-bin"
|
||||
"vscodium"
|
||||
];
|
||||
|
||||
allowUnfree = false;
|
||||
|
|
@ -22,7 +20,6 @@
|
|||
builtins.elem (lib.getName pkg) [
|
||||
"broadcom-sta"
|
||||
"minecraft-server"
|
||||
"nvidia-x11"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,11 +6,8 @@
|
|||
}: {
|
||||
imports = [
|
||||
# OS
|
||||
# FIXME:
|
||||
../../nixos/profiles/common/core
|
||||
../../nixos/profiles/common/physical
|
||||
../../nixos/profiles/common/mobile
|
||||
../../nixos/profiles/common/opt-in/mihomo
|
||||
../../nixos/profiles/opt-in/mihomo
|
||||
../../nixos/profiles/opt-in/wireless
|
||||
|
||||
# Hardware
|
||||
./hardware-configuration.nix
|
||||
|
|
|
|||
|
|
@ -14,11 +14,7 @@
|
|||
inputs.nixos-sensible.nixosModules.zram
|
||||
];
|
||||
|
||||
my.hardware = {
|
||||
audio.enable = true;
|
||||
bluetooth.enable = true;
|
||||
tpm.enable = true;
|
||||
};
|
||||
services.thermald.enable = true;
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
||||
boot.kernelModules = ["kvm-intel" "wl"];
|
||||
|
|
|
|||
|
|
@ -1,12 +1,5 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
# utils that is used internally
|
||||
./my/boot.nix
|
||||
./my/hardware/audio.nix
|
||||
./my/hardware/bluetooth.nix
|
||||
./my/hardware/tpm.nix
|
||||
|
||||
# nixpkgs styled options
|
||||
./services/hysteria.nix
|
||||
./services/pixivfe.nix
|
||||
./services/rathole.nix
|
||||
|
|
|
|||
|
|
@ -1,29 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.my.boot;
|
||||
in {
|
||||
options = {
|
||||
my.boot = {
|
||||
silentBoot = lib.mkEnableOption "silent boot";
|
||||
noLoaderMenu = lib.mkEnableOption "" // {description = "Whether to disable bootloader menu.";};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
### cfg.noLoaderMenu
|
||||
boot.loader.timeout = lib.mkIf cfg.noLoaderMenu 0;
|
||||
|
||||
### cfg.silentBoot
|
||||
boot.consoleLogLevel = lib.mkIf cfg.silentBoot 0;
|
||||
boot.kernelParams =
|
||||
lib.mkIf cfg.silentBoot
|
||||
(["quiet"]
|
||||
++ lib.optionals config.boot.initrd.systemd.enable [
|
||||
"systemd.show_status=auto"
|
||||
"rd.udev.log_level=3"
|
||||
]);
|
||||
};
|
||||
}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.my.hardware.audio;
|
||||
in {
|
||||
options = {
|
||||
my.hardware.audio.enable = lib.mkEnableOption "audio";
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/PipeWire
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.rtkit.enable = true;
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.my.hardware.bluetooth;
|
||||
in {
|
||||
options = {
|
||||
my.hardware.bluetooth.enable = lib.mkEnableOption "bluetooth";
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/Bluetooth
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = lib.mkIf config.services.xserver.enable (with pkgs; [blueberry]);
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
settings.General.FastConnectable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.my.hardware.tpm;
|
||||
in {
|
||||
options = {
|
||||
my.hardware.tpm.enable = lib.mkEnableOption "TPM";
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/TPM
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.tpm2 = {
|
||||
enable = true;
|
||||
pkcs11.enable = true;
|
||||
tctiEnvironment.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
{
|
||||
boot.kernel.sysctl = {
|
||||
### https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
|
||||
# Kernel self-protection
|
||||
"kernel.kptr_restrict" = "2";
|
||||
"kernel.dmesg_restrict" = "1";
|
||||
"kernel.printk" = "3 3 3 3"; #
|
||||
"kernel.unprivileged_bpf_disabled" = "1";
|
||||
"net.core.bpf_jit_harden" = "2";
|
||||
"dev.tty.ldisc_autoload" = "0";
|
||||
"vm.unprivileged_userfaultfd" = "0";
|
||||
"kernel.kexec_load_disabled" = "1";
|
||||
"kernel.sysrq" = "4"; #
|
||||
#"kernel.unprivileged_userns_clone" = "0"; # does not exist on nixos
|
||||
"kernel.perf_event_paranoid" = "3";
|
||||
|
||||
# Network
|
||||
"net.ipv4.tcp_syncookies" = "1";
|
||||
"net.ipv4.tcp_rfc1337" = "1";
|
||||
"net.ipv4.conf.all.rp_filter" = "1";
|
||||
"net.ipv4.conf.default.rp_filter" = "1";
|
||||
"net.ipv4.conf.all.accept_redirects" = "0";
|
||||
"net.ipv4.conf.default.accept_redirects" = "0";
|
||||
"net.ipv4.conf.all.secure_redirects" = "0";
|
||||
"net.ipv4.conf.default.secure_redirects" = "0";
|
||||
"net.ipv6.conf.all.accept_redirects" = "0";
|
||||
"net.ipv6.conf.default.accept_redirects" = "0";
|
||||
"net.ipv4.conf.all.send_redirects" = "0";
|
||||
"net.ipv4.conf.default.send_redirects" = "0";
|
||||
"net.ipv4.icmp_echo_ignore_all" = "1";
|
||||
"net.ipv4.conf.all.accept_source_route" = "0";
|
||||
"net.ipv4.conf.default.accept_source_route" = "0";
|
||||
"net.ipv6.conf.all.accept_source_route" = "0";
|
||||
"net.ipv6.conf.default.accept_source_route" = "0";
|
||||
"net.ipv6.conf.all.accept_ra" = "0";
|
||||
"net.ipv6.conf.default.accept_ra" = "0";
|
||||
"net.ipv4.tcp_sack" = "0";
|
||||
"net.ipv4.tcp_dsack" = "0";
|
||||
"net.ipv4.tcp_fack" = "0";
|
||||
|
||||
# User Space
|
||||
"kernel.yama.ptrace_scope" = "2";
|
||||
"vm.mmap_rnd_bits" = "32";
|
||||
"vm.mmap_rnd_compat_bits" = "16";
|
||||
"fs.protected_symlinks" = "1";
|
||||
"fs.protected_hardlinks" = "1";
|
||||
"fs.protected_fifos" = "2";
|
||||
"fs.protected_regular" = "2";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
networking.wireless.iwd.enable = lib.mkDefault true;
|
||||
services.resolved.enable = true;
|
||||
|
||||
sops.secrets."wireless/wangxiaobo".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/wangxiaobo.psk";
|
||||
sops.secrets."wireless/OpenWrt".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/OpenWrt.psk";
|
||||
|
||||
### https://wiki.archlinux.org/title/Sysctl#Improving_performance
|
||||
boot.kernelModules = ["tcp_bbr"];
|
||||
boot.kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "cake";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
imports =
|
||||
[
|
||||
./fonts
|
||||
./theme.nix
|
||||
./xdg-mime.nix
|
||||
]
|
||||
++ map (n: ../../../../../home/applications/${n}) [
|
||||
"fcitx5"
|
||||
"firefox"
|
||||
"foot"
|
||||
"go"
|
||||
"mpv"
|
||||
"nautilus"
|
||||
"nix"
|
||||
"sway"
|
||||
];
|
||||
|
||||
# https://wiki.archlinux.org/title/Fish#Start_X_at_login
|
||||
programs.fish.loginShellInit = ''
|
||||
if test -z "$DISPLAY" -a "$XDG_VTNR" = 1
|
||||
exec sway
|
||||
end
|
||||
'';
|
||||
|
||||
home.packages = with pkgs; [
|
||||
loupe
|
||||
gnome-calculator
|
||||
seahorse
|
||||
file-roller
|
||||
dconf-editor
|
||||
];
|
||||
|
||||
services = {
|
||||
ssh-agent.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{modulesPath, ...}: {
|
||||
imports = [
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
];
|
||||
}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
{
|
||||
home-manager.users.guanranwang = import ./home;
|
||||
}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
{
|
||||
services.batsignal.enable = true;
|
||||
}
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
### home-manager
|
||||
home-manager.users.guanranwang.imports = [./home];
|
||||
|
||||
### for steam
|
||||
# https://github.com/NixOS/nixpkgs/issues/47932
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
# https://wiki.archlinux.org/title/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth
|
||||
hardware.xone.enable = true; # via wired or wireless dongle
|
||||
hardware.xpadneo.enable = true; # via Bluetooth
|
||||
|
||||
programs.gamemode = {
|
||||
enable = true;
|
||||
settings.custom = {
|
||||
start = "${lib.getExe pkgs.libnotify} 'GameMode Activated' 'GameMode Activated! Enjoy enhanced performance. 🚀'";
|
||||
end = "${lib.getExe pkgs.libnotify} 'GameMode Deactivated' 'GameMode Deactivated. Back to normal mode. ⏹️'";
|
||||
};
|
||||
};
|
||||
|
||||
# Integrate with NVIDIA Optimus offloading.
|
||||
# https://github.com/FeralInteractive/gamemode#note-for-hybrid-gpu-users
|
||||
environment.sessionVariables = {
|
||||
"GAMEMODERUNEXEC" = let
|
||||
inherit (config.hardware.nvidia.prime) offload;
|
||||
in
|
||||
lib.mkIf
|
||||
(builtins.elem "nvidia" config.services.xserver.videoDrivers && offload.enable && offload.enableOffloadCmd)
|
||||
(lib.mkDefault "nvidia-offload");
|
||||
};
|
||||
|
||||
### https://wiki.archlinux.org/title/Gaming#Improving_performance
|
||||
systemd.tmpfiles.rules = [
|
||||
# Path Mode UID GID Age Argument
|
||||
#"w /proc/sys/vm/compaction_proactiveness - - - - 0"
|
||||
"w /proc/sys/vm/min_free_kbytes - - - - 1048576"
|
||||
"w /proc/sys/vm/swappiness - - - - 10"
|
||||
"w /sys/kernel/mm/lru_gen/enabled - - - - 5"
|
||||
"w /proc/sys/vm/zone_reclaim_mode - - - - 0"
|
||||
#"w /sys/kernel/mm/transparent_hugepage/enabled - - - - never"
|
||||
#"w /sys/kernel/mm/transparent_hugepage/shmem_enabled - - - - never"
|
||||
#"w /sys/kernel/mm/transparent_hugepage/khugepaged/defrag - - - - 0"
|
||||
"w /proc/sys/vm/page_lock_unfairness - - - - 1"
|
||||
"w /proc/sys/kernel/sched_child_runs_first - - - - 0"
|
||||
"w /proc/sys/kernel/sched_autogroup_enabled - - - - 1"
|
||||
"w /proc/sys/kernel/sched_cfs_bandwidth_slice_us - - - - 500"
|
||||
"w /sys/kernel/debug/sched/latency_ns - - - - 1000000"
|
||||
"w /sys/kernel/debug/sched/migration_cost_ns - - - - 500000"
|
||||
"w /sys/kernel/debug/sched/min_granularity_ns - - - - 500000"
|
||||
"w /sys/kernel/debug/sched/wakeup_granularity_ns - - - - 0"
|
||||
"w /sys/kernel/debug/sched/nr_migrate - - - - 8"
|
||||
];
|
||||
}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
programs.mangohud.enable = true;
|
||||
|
||||
home.packages = with pkgs; [
|
||||
(prismlauncher.override {glfw = glfw-wayland-minecraft;})
|
||||
steam
|
||||
mumble
|
||||
osu-lazer-bin
|
||||
];
|
||||
|
||||
home.sessionVariables = {
|
||||
# https://github.com/ppy/osu-framework/pull/6292
|
||||
"OSU_SDL3" = "1";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
networking.stevenblack.enable = true;
|
||||
services.system76-scheduler.enable = true;
|
||||
services.power-profiles-daemon.enable = true;
|
||||
services.thermald.enable = true;
|
||||
|
||||
# YubiKey
|
||||
environment.systemPackages = [pkgs.yubikey-manager];
|
||||
services.pcscd.enable = true;
|
||||
services.udev.packages = [pkgs.yubikey-personalization];
|
||||
}
|
||||
|
|
@ -7,10 +7,10 @@
|
|||
}: {
|
||||
imports =
|
||||
[
|
||||
./hardening
|
||||
./networking
|
||||
./nix
|
||||
./fun.nix
|
||||
./hardening.nix
|
||||
./networking.nix
|
||||
]
|
||||
++ (with inputs; [
|
||||
aagl.nixosModules.default
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
];
|
||||
|
||||
### home-manager
|
||||
home-manager.users.guanranwang = import ../../../../home;
|
||||
home-manager.users.guanranwang = import ../../../home;
|
||||
|
||||
home-manager = {
|
||||
useGlobalPkgs = true;
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
|
||||
};
|
||||
|
||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
|
||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||
|
||||
### Default Programs
|
||||
# In addition of https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/config/system-path.nix
|
||||
|
|
@ -91,7 +91,7 @@
|
|||
|
||||
### sops-nix
|
||||
sops = {
|
||||
defaultSopsFile = ../../../../secrets.yaml;
|
||||
defaultSopsFile = ../../../secrets.yaml;
|
||||
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
gnupg.sshKeyPaths = [];
|
||||
secrets = {
|
||||
|
|
@ -1,15 +1,6 @@
|
|||
{...}: {
|
||||
### Basic hardening
|
||||
# ref: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
|
||||
# ref: https://madaidans-insecurities.github.io/guides/linux-hardening.html
|
||||
imports = [
|
||||
./sysctl.nix
|
||||
];
|
||||
|
||||
{
|
||||
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
|
||||
security.apparmor.enable = true;
|
||||
security.sudo-rs.enable = true;
|
||||
security.sudo-rs.execWheelOnly = true;
|
||||
security.sudo.execWheelOnly = true;
|
||||
|
||||
boot.blacklistedKernelModules = [
|
||||
# Obscure network protocols
|
||||
10
nixos/profiles/core/networking.nix
Normal file
10
nixos/profiles/core/networking.nix
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
services.resolved.enable = true;
|
||||
|
||||
### https://wiki.archlinux.org/title/Sysctl#Improving_performance
|
||||
boot.kernelModules = ["tcp_bbr"];
|
||||
boot.kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "cake";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
}
|
||||
|
|
@ -3,6 +3,5 @@
|
|||
./flake.nix
|
||||
./nix.nix
|
||||
./gc.nix
|
||||
#./monitor.nix
|
||||
];
|
||||
}
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
../common/core
|
||||
../common/graphical
|
||||
../common/physical
|
||||
];
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
../common/core
|
||||
../common/graphical
|
||||
../common/physical
|
||||
../common/mobile
|
||||
];
|
||||
}
|
||||
|
|
@ -25,7 +25,12 @@
|
|||
};
|
||||
|
||||
### sops-nix
|
||||
sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["mihomo.service"];}) {
|
||||
sops.secrets = builtins.mapAttrs (_name: value:
|
||||
value
|
||||
// {
|
||||
restartUnits = ["mihomo.service"];
|
||||
sopsFile = ./secrets.yaml;
|
||||
}) {
|
||||
"clash/secret" = {};
|
||||
"clash/proxies/lightsail" = {};
|
||||
"clash/proxy-providers/efcloud" = {};
|
||||
46
nixos/profiles/opt-in/mihomo/secrets.yaml
Normal file
46
nixos/profiles/opt-in/mihomo/secrets.yaml
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
clash:
|
||||
secret: ENC[AES256_GCM,data:0dikpMbntA==,iv:63yclHF0yUJXWr7/RN0RLMFmASD847i6WAplx6sfvGQ=,tag:Y7lw2sn34CEfAmzy/0IugA==,type:str]
|
||||
proxies:
|
||||
lightsail: ENC[AES256_GCM,data:YfyZsBi3yMIAMIjotAk4g4M+yYYozSSbKE77oz3lwbRHCMVJqxeo5nR04HrG8Hy2mQvVV09et1MbgnDMhEaSERZvsfaBojFUoRE6Du18n1ET8P1/ez5aKgC6ZnHy90a99mktqD4QDGNE8VDX2xBtNcVLF6i9dJ9di9tJEtnOdw+Q,iv:/uqtX6E2I0sqSWt2FmKwzG9zQb2TjdQqfDBZQXLh8cs=,tag:ofvc5GKEPrizajUaevI1jA==,type:str]
|
||||
proxy-providers:
|
||||
flyairport: ENC[AES256_GCM,data:x6li/5tWuAX9ZvLVUETLaBDqjB8pb8vSD9jD8HDMXNiiilq03RVHx7eXTiWMVJMlRUBOxvhTXH1fQxzye34aZQMx4BftMOQzvG5soF/P+K5hGapC9wbFnoH8znHkAdIgRLIeDBHRix3ll2OqGhqCENkWF4jjs/Pxqfz5bJlhcA==,iv:lO59riu5seloBRIy8QG02afNciEKvElzovLyaX90iSA=,tag:/L+elOLB2agQdRvg9tR0WQ==,type:str]
|
||||
efcloud: ENC[AES256_GCM,data:36mToXGiHVAgM4vVQFOYvNPaHHuVf4mtvnNOgMBTyzbZ/mKpT1Exx7rWZ7i9EVBy5eX7SJtKmnHs0CqD48hr7R708W2oW3YNPEfkK7aGDqfQFyS1TVjT+MM=,iv:+qiFyM10fcAjcdyVZCC+0hb83GYENooM52+1GPXpamQ=,tag:wZupiFJMQq8A5ZwJtjXiOg==,type:str]
|
||||
spcloud: ENC[AES256_GCM,data:gmJM+sTTaUrIxQXRBlDtE+K1gEfseMPUC2AQLq1LeY6iQmgq3wK7oJlz+buLbm/LUDitvls9d517905hz/Mpp2F7ohBeW9m1Jkcvdh/Zfgnfqg==,iv:FPe//+/ZMDZloZg2AnQ7JXRzqZdKDjLYs3wqMxqNA/Y=,tag:JPEU/WnUfy8bNlhAgPQwJw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaXJJdVlKb0lpa3pkZ0px
|
||||
UGwveFAydHBUMzdXOU5ibHRBNmg1VllUVWxBCkh5SWQrQUhFSFA2NHA2WWhhYXhV
|
||||
bFlteVVCM1M1VlRoakZ1UW1ENmJWM3cKLS0tIDdpZVo0Z2dQQ29DVnVOQU5kWkMy
|
||||
N2djZElOQUtINXY5bGJKZFROK1VpZWcKMQY/1i3yvoKhDUdkmvQ0boVHzh9vta1Z
|
||||
hz9WY8aYIMsa0PY71FuBMklOfNtaPKbewx9XXfLDetFLQ7tmWnIzFg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVzFrcWdBNlYvdWRzNVNr
|
||||
T3YyQ3JBakRQcnd2MzMyNnN4Z3h0TkN3S1NvCmdCZnFaeVdFcCtoVzh6OGRnd2o3
|
||||
cVpxTCtpV1RYRjloUElLek9NcDlrMWsKLS0tIEdtZWVNUXY4VDAzSUxkUGhodjlJ
|
||||
UHFlbi9JYTBVYWIyOGZ6SnBZcWo4K1kK9TkNUwrKIywSaXoExUaBb3y4L5Gg+2CT
|
||||
0eI/CUL8LuYSSGeGRtypMPklHUQS4qV3UmXbnNSKctdLrNcDRperXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MHd3Qjl1ODJzVWlwN3VB
|
||||
L3ZFdVBPbmRzQUJBbWdiRUtqVzJYeVlHdkZJCit4YzExQ1UweXcrRkpVMEVKQlB3
|
||||
NGt0VHE1alFvSkJGKzU5ZzM5akFwUG8KLS0tIGdvNS9ZYWU4TXM2Y1hVbjl2Z3cy
|
||||
QStSb1FJb0xUUkV5cjg1Qk5ORDRQMzQKiTUdlCbgRX0zRPURsolB4O0dvxl9+lkn
|
||||
0cIBYnVxzSdlDj+TXnTR2zL2cqZg94cNaTz0qWk/kmkmgmqm80hZ7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-09T22:04:17Z"
|
||||
mac: ENC[AES256_GCM,data:iKwYqxBllI8SydCUjyK2cJkcUKVj4CqjmfDSMNJtLwM6IWUoOScV4Pu0YJz0aui5F8nbyC92vdDwsE599GZMTWdCH20MeWEMo7pbkPFxxL1bY5BMCNNE3Tm354nz4ihmBXMB9aI1JRiSareV5yQ1v6lOxzDargDigMrPI/6DRfo=,iv:JRvJQ3YdFZsBstT55xKcCMGJODy42FImugHbwEbpV2I=,tag:go33lpTdouZoFk53g9FXTw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
8
nixos/profiles/opt-in/wireless/default.nix
Normal file
8
nixos/profiles/opt-in/wireless/default.nix
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
{lib, ...}: {
|
||||
sops.secrets = builtins.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
|
||||
"wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk";
|
||||
"wireless/OpenWrt".path = "/var/lib/iwd/OpenWrt.psk";
|
||||
};
|
||||
|
||||
networking.wireless.iwd.enable = lib.mkDefault true;
|
||||
}
|
||||
41
nixos/profiles/opt-in/wireless/secrets.yaml
Normal file
41
nixos/profiles/opt-in/wireless/secrets.yaml
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
wireless:
|
||||
wangxiaobo: ENC[AES256_GCM,data:D9m+JRZ2Tw1a4mukW+WU3QLYIRiTiRkGz1ddD7zvkctbuYg+BZXtRgDR0FOIn586t0DsgA1wBDEN/WWiLRTrArgWTHiv7OsOa1NI7+BuL1cFb1TNbk04zbtc6cCOpDBH8qivx0jdZIqrJ5JzIaeZ9T78tj1jMmp3pyt3RiEcZLqxjnPiJhJVaZ8iUNDTvuX3DpsmqybYiLO+Hz7qvIHwM1euc/vyraZ2SR/y5DjTjwVK1jiAs3glPy2oYayVhv+RPs/AHVDnslbtPxGrPhRXxZT3t9LnBw+I0VgrdKUl39ym38PurGnVoBJ7EUVWl3SUPQjnDfQI/XQiDyI3DZ8uA5MGwlR9mny5N/ojs+q7J/k4YiSThCasA5tA24SNRZQWI9lFevoortU+is9FTTGkfzgrrcuURDs6E3ShbbHgn4tvHPhB87J1mP9D7UMIFFfVyvqp5fRgBMHcrEA8xln2xvvQdRDDj/JJYIj3ex8PpTqvAi1EwnAFWhBgqIchcHRFcfQRWOsR7h8M1UQpnge85UZfePMropq5zJ3TSF4AKa2A4UqhgkvLm8qrMI1lvsEnH4TMoyV5Z59T4sPd4Eb3FV26wey6DTdw6cCuywh0AQ==,iv:nbD9EcQYaAf4XwvTLKRy+IjTkV7aHsHK+gBD/Ooc/l8=,tag:VHD3X0ONH4YTp/BTcnpLDQ==,type:str]
|
||||
OpenWrt: ENC[AES256_GCM,data:KaRLfzoXPTyAscYjJ9mpMAKtsP29PjNvm1G89ne/7N3MtgO9/GfO2JHrmeU2KZBLCJEllovbw82TFsfG7q0ID0sGTVHEZ52yQdOD5wUiuKaiCoN4jaSsU/VsOfOF7ZGt9lWjl+JrGLLWfqAfvN6Jy85jb8XnaOT4jxqjHtTcMDU/ZkL3IJPdTB1RwuIua/UYFYW96kyOyKh5CKloFV9yZTdAmvI3f5Wjm7f7yHMchRI/G0Jk5QLCLSWeXyD2o2iy+vU2a9/0X3hNgoHhzEsB96PHLjtOdSDvWLl598aHelzqKP7GOy71KMTM7cW5i7eyWLNe7+4f3wTl1JQPIGx8T+/Y1G1T+BGWzhWxLHC5V1JQcSHysDfO7Q2ITdQC9jScNKROFlphvinMqItrBWDgWz/ESHViCVqW3qeCqDFFTMhKTTfBnwaOhSb+M99Rd+nCzmyLQrDgq/CSHzXhVtkQJV5MugZ1+wCUl59ylxroFsIS9csy2uRWGiWQh5Q59zc6kUbjPKDx53b2DXC8WuGhgD4XgT1fkSN2SOXxYiyPullF9T9ljCX4Qny9AQ3X6tvk+2MviKS40vlevdFLS4xFkf3BxzP+oAyB+X+py7kpD+RoH+jrSEC3lBPNwPd65J4TSDa4ZpFJeNX7Us7R6bIc8kesW+IWu9+vZjcD0Gji1xbQ5FtL/5YzdrO7hzEWVQbkl6kuRtvZ1AwWjeM+nT34RWal7XcdcFzeV0NPwNQ=,iv:IbLwzWe6vis4hH/4T5tzaVJflYFXZFjSlzYeBAqcaZs=,tag:WTYuVWCsrzSvNrCuGaXsRA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtSktSV1ByUnF2TGJaMzh3
|
||||
a3RoaHptWHF1MjdsUFc5R2pySEFYa1IzQVE0CjZoUkVhaktldDJvL2dmRjdGa1B5
|
||||
MEtoUHpoaENNUVRtS3B4aXJQMHNCT2sKLS0tIGd5dEt0RWpkd3ZPVGkvM1JWWUdh
|
||||
ZDBtRFJTMlZmUmtlNVc3ZW5oa3V0WGsKcqjqj+oPnGxAzeWpPYSpBBfS9GhN+O4/
|
||||
Mt9NT1LWfiUDhxz5GYmcLKe1tRNXpGeG02HcY65WgcVd1Y7n4mMJRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZnRDOHZ1MWViV0dhS3JO
|
||||
dmY2N2lyVHUxNmZnMStpcFMwbzMyZXBaaEJZCjZqWk0rOEdnMVNLTVRHMDNzUm5u
|
||||
OFZTV2ZGTFQ5QlQrM3gzNUhQQ2xXMkEKLS0tIGUzeTEwZmYxekQ0cTJrU2Vhb3Zp
|
||||
M2FjUFFrREphODFQUm1kRlJNOGRpTTQKF7k5/oPjoILtFEf2sO6nnF0Ar6ebTN3r
|
||||
TdXYtTek0sIlSdYfVSxLmhiymz2mKi7TKPcKH6POmp0uuVX8HFEAJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eWIvamwrRGthdzlYRmJm
|
||||
SjNQTG92TzlvckJCMTM3SytHdUVodVJFYkVJCmRLSjg5TGF4RkZ1WitRNVVrSlNT
|
||||
ZnQ5TnRPTGI5Uk1vaWpvMWh2NHR4NmsKLS0tIFRtbm5Kemo1WVMyMFZ3SDAwdDBn
|
||||
dEN1cEJFZU82bVFRVlVqcTIzckRHQjgKHgRyq4UOcZyiFnK9fq1NLtxRktFCs3V8
|
||||
EQhl+CPWTRZTZkttJ5MclGlvTNbiH3Iy9syKns6qvOw75wqtXIdIWQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-09T22:04:02Z"
|
||||
mac: ENC[AES256_GCM,data:m3EXpaGra4uT0m2w9B8D6p03PBXeYWn4AiStPtdN15/JwvTRsJvYeOE4CirZvDT3nq7ne/8j/62Z7sCkb7t8W48MfjrnvAYRFJvKT2hSmJnzqXH6446Srel88BfVmiMdcts4OvAea3Dg4oTMMIn5d2L+rIT8zuPY208tqo4vCPY=,iv:LI5WRb46DZLSL9rndXDo/xzDzXUArRANBqrEx8bmGIc=,tag:2K3vKFmb88Zjru1miwR7Dw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
@ -1,14 +1,5 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
{inputs, ...}: {
|
||||
imports = [
|
||||
../common/core
|
||||
# ../common/minimal
|
||||
inputs.srvos.nixosModules.mixins-terminfo
|
||||
];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages;
|
||||
networking.wireless.iwd.enable = false;
|
||||
}
|
||||
|
|
|
|||
17
secrets.yaml
17
secrets.yaml
|
|
@ -1,16 +1,5 @@
|
|||
hashed-passwd: ENC[AES256_GCM,data:KPOh1bYW2eruBI7Z9OKqqRmoXAxQ/k5sghAmHDFyUeJTNavelU9hcGfBq69KSU+MeFVfRmwHZncZYyiDkF4hFI2YFgFY0M2jzA==,iv:h7XtrT/4/T1b4SPGx10w5g84DMCA/FE3mjinwcLn0tI=,tag:jS8XnwEdEH2QYkNJVRwkcA==,type:str]
|
||||
nix-access-tokens: ENC[AES256_GCM,data:lUeCDT0r1AnTFG4s8eLxSlGRVQAJ4eyXVW80pkgAL5aVrG86+G7NOLVfQYUxthLBRFFXnGA2rQD4h4c2VWknd0YDFdS+me8RBbN2mqJm6YqEYdMEW2Lgv9iSz/zXuDT9FFdDWRdv71lTTwyP2Gie4Y8UkBrAV3ue,iv:HyDyQ5H2nDzi4nIUKoelOrzF4K3sIMlB5HoQR9EMc0s=,tag:vgn2TtQRE8Qd+/zjlOSuAw==,type:str]
|
||||
wireless:
|
||||
wangxiaobo: ENC[AES256_GCM,data:Lz1gAdJn2aBn/TdcQRjErSrIAJHlq0mT9qsE72ocEMxNqx6TW6dJkbRfKZ6IDe/a2HNP3zUpX3MjjRbCepBkZIHmsg1SwkGfA7wWysQOxXRXYCoqWH+NbP4xm6r0QV5RGTmXU+bnKubrrJZ8Z2M2n5LDp3bf16XL22Wjsyakju4z36d1K7NPBUoCIHoVKJaLam29rWDyIaBOfZbzG+M5reGLt1hVPDWWYGjnB4xC4lqQE5bpyKrVtoU+XATCWIIx3ZZWqJsf3TVzEDvu1aCb127PMCP2lqI55Hf94RgsZPWWgoLrAhaI8t067hAWPOfdfZEEGetO4BjzJwRyCNQAvqx+YLe0RJOz3lriUP3ie1mYmft4AyhV8JUmVZhEsJ7peATt+ds11BUuGw2SU9cKSa2NHM/K7e1x23Kofl1qrFF+ylr1Sy8OCZhfBozdFnPDzcYsuApe0xvMYCt4fsHFjB/kGtIG7rdGapJnvgAwhewd3dTtg4mAKPgvYr4FdWgDSr7GqrDdgqT2W8nbtJ5oQQnYmDnX+0tfLcF15EgvEN9mLIpsdNfVX3eOp1e/Z6fsbdMtpyNuMRwNDAi9V1tsYTDM/+U9xvZK3DWNX6XTYQ==,iv:nq2Hj7aY+M8QJoA08oyvg55UuxJdnoGTT2KQNu3B8Z8=,tag:sYV4ZE2evYb3U4JRPCJT3Q==,type:str]
|
||||
OpenWrt: ENC[AES256_GCM,data:tlZJExED1Brv4/hOJjbgEbyLMQZVfNhl/5ux94IDM5jSL2lEBYy74qf4VVn2SKMYUuu7bjV7UlnwrD/jzDRuO/gWfkeuoZ5uh3pX0s2wv5E2Z7nJjkYtVn0XDlr8m/4Y6R14ahSIqKJKY4LAAeuQo0t7jEeYv4E3kuyhXUNE5jjrdD9mW+ObS1WV/DpBqUZc3dJe+88EVzgVa5F/L+VWQ3Klz5TduQzqfOyjjoNe+z8gwODzHczfPZCdplfo4PbrMWV8FlyUdJUX37nkZiEkyUpPuksZHb5OPAtx9fCh/KF5y/txS9oZTwOkiE4LBQBpj2NcLMQGOEdtRYLzJekyaOGChrtD+mFfL9LBuLwQLAzHLUI4oZ3PUgu3zXYevtmyrSSwlK/2iama71swmNu+qYws+WkjMVyF4MB/KCtMJULbZW9XJp7tw7cfSzek0RMizlk3MgrEyF2w3J9vx6Q4OHPSE48kgK2Kw0kg93wl9uO6kCRq0QiTJ6lZHopsWyWHTcs1,iv:kvBRYkhFAmDCSdU5Nkc66VblbjQfWHp7ls8x0d46ueA=,tag:Y/oa7vgoI/VsZ+OyJUjZ/g==,type:str]
|
||||
clash:
|
||||
secret: ENC[AES256_GCM,data:eCq/pDlSOw==,iv:QGNKxqmkj9BWFBJGj/O4fUL8Ey8zGEHMsWX02DrM82U=,tag:z2vVCBSt6mw47ca2xoxg9A==,type:str]
|
||||
proxies:
|
||||
lightsail: ENC[AES256_GCM,data:o84OgvKdogV8EmeyRLu/gexre5QY8kaf2txXTi2Id2Ya+cWJ08WBiNGYdLKGVKSr1bflbeTirTnUgBJ7ozAw3seWDxOuFRrdvy2jZx+x8doOVwP3FsKQUeCJd4yr4M7FuA3lA0dvBpAX/W5nvz82F15x4o6AYKx0AOTh+QbVTdX4,iv:ojvL+sSORq2DYHdVDUCvN1nCt44Th7SM++I1ZRB9KyQ=,tag:z+er0P7gHa+rn4MiMyJnmg==,type:str]
|
||||
proxy-providers:
|
||||
flyairport: ENC[AES256_GCM,data:akHdU/2o8D65sG2b/mcj76HASwhg3WvoEcrpgkXPyh7kuc+Ci42hmmmmBk9I29vuvZjTtCTs8mMzaLK1wm8TS/K1A1zeAGULxSsqhpV4cA19Q4vAtQ2+FyuGiaFszuaHK6BSlZAosfmCGoM1nZRYuOnsdeR0vnHBIHhJFNhaLw==,iv:VeVT3cEaOO/90gcqpm2yOacThbEyaXuBRhp4buX/XOY=,tag:kojJbqwYk/DNFBcJMY2eXg==,type:str]
|
||||
efcloud: ENC[AES256_GCM,data:GvKNMscPknhlBy9Qp8iuYoxF10oX2ZIOKo+XKRH2NOGGDiMk/GwdGfA5+gf3ZcEEGFGw/8CrBddjJCivyxqwF+oAEHJyjdcFhGyyOopsx9s3waq8Hge/KzE=,iv:WXAd3yA5cTZp+ttKHXPf6cbsk6pRXq5/xMysNUAs1Rk=,tag:HygexRSW8ICa+RIFmrRKRQ==,type:str]
|
||||
spcloud: ENC[AES256_GCM,data:Uz0SLmSxzV/hcsBuYtlsZ5G5E8wjzmHcFMGCyBrEewOr6gAdBQvC4njotYbMIdQAQRTgAE2wBukdSxXWCTrNph7uoVhskz1YkNjxnQVPUO5WfQ==,iv:TwHPdeATx+LanfhHeD7M5sSf3M2NLBWBAAaFTwgsK7A=,tag:9DMgcSoy4ksYl/dPWwA+dA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -53,8 +42,8 @@ sops:
|
|||
SC9YMFk4dUNOUDJYMXErck8yTmJmZmcKp66bHZTD6VitAOfzIr8VJr02+R9f5mxH
|
||||
c5n2CWurDsZsNTKk7pgxQo78ySyAG3rzvOqgK0NFesyHy9dRl8xHCQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-01T09:25:25Z"
|
||||
mac: ENC[AES256_GCM,data:rQ0ZRb1Js05XWfrXSGjdJd8g3heaAmNHyRoPxmvZe36a1DXFi3eCKvBs8JjOFdtAp9XCJ9OYjzDsCpBvUSfuApjmBoMZUVqjrf88sAxT7j/4e1tdkBZto0ReondIxwt7hTEcNpuawdouPk+yehTqmw3Nyovnd/mztw/I9zhHPuk=,iv:EXvTgLqRp2JZtpiEcSW4XyQdKZ+aSoKKPgx6q8BFkhY=,tag:gbPiWetjaFm+mEmjsl9kww==,type:str]
|
||||
lastmodified: "2024-07-09T22:04:25Z"
|
||||
mac: ENC[AES256_GCM,data:d8ml8uokaSlD/nJQVM732OoEXZB0a7dpq5Koq1/Nz8iW9xDmwvrWONRmI6EPHMHJ+vFXKS09iLBtaWRo83H1KPIEfN6slVY8wrVYychz38A/jXx3TWd1oh00otJpkmjzWfEbhYYB6K0D2lTP/rfu009b29OzBNbqcIfVrJRz4vQ=,iv:/PBfFIf+SZ4zmRdOba8NKV29JRWHzCGwK5Oo2EGq/90=,tag:5eHt2FPi+5uSNEd3GlFkcQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.0
|
||||
|
|
|
|||
|
|
@ -23,8 +23,10 @@
|
|||
### misc
|
||||
programs.prettier.enable = true;
|
||||
settings.formatter.prettier.excludes = [
|
||||
"secrets.yaml"
|
||||
"hosts/blacksteel/secrets.yaml"
|
||||
"hosts/lightsail-tokyo/secrets.yaml"
|
||||
"nixos/profiles/opt-in/mihomo/secrets.yaml"
|
||||
"nixos/profiles/opt-in/wireless/secrets.yaml"
|
||||
"secrets.yaml"
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue