diff --git a/flake.nix b/flake.nix index aae7e1f9..9cf03138 100644 --- a/flake.nix +++ b/flake.nix @@ -80,26 +80,34 @@ nix-vscode-extensions = inputs.nix-vscode-extensions.extensions."${prev.system}"; } )]; }) - ( import ./modules/basic/basic.nix { hostname = "chn-PC"; }) + + ( import ./modules/basic.nix { hostName = "chn-PC"; }) + ./modules/fonts.nix + ( import ./modules/i18n.nix { fcitx = true; } ) + ./modules/kde.nix + ./modules/sops.nix ( import ./modules/boot/basic.nix { efi = true; }) ./modules/boot/chn-PC.nix - ./modules/display/basic.nix - ./modules/display/chn-PC.nix ./modules/filesystem/chn-PC.nix - ./modules/fonts/basic.nix - ./modules/fonts/basic.nix - ( import ./modules/i18n/basic.nix { fcitx = true; } ) - ./modules/kvm/guest.nix + ./modules/hardware/bluetooth.nix + ./modules/hardware/joystick.nix + ( import ./modules/hardware/nvidia-prime.nix { intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; } ) + ./modules/hardware/printer.nix + ./modules/hardware/sound.nix ./modules/networking/basic.nix - ./modules/packages/basic.nix - ./modules/printer/basic.nix - ./modules/sops/basic.nix - ./modules/sound/basic.nix - ./modules/ssh/basic.nix - ./modules/user/basic.nix - ./modules/waydroid/basic.nix - ./modules/zsh/basic.nix - ./home/basic.nix + ./modules/networking/ssh.nix + ./modules/networking/wall_client.nix + ./modules/networking/xmunet.nix + ./modules/networking/chn-PC.nix + ./modules/packages/terminal.nix + ./modules/packages/gui.nix + ./modules/packages/gaming.nix + ./modules/packages/hpc.nix + ./modules/users/root.nix + ./modules/users/chn.nix + ./modules/virtualisation/kvm_guest.nix + ./modules/virtualisation/kvm_host.nix + ./modules/virtualisation/waydroid.nix ]; }; }; diff --git a/modules/basic.nix b/modules/basic.nix new file mode 100644 index 00000000..d8d1f8d5 --- /dev/null +++ b/modules/basic.nix @@ -0,0 +1,12 @@ +{ hostName }: { pkgs, ... }@inputs: +{ + config = + { + nixpkgs.hostPlatform = "x86_64-linux"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + networking.hostName = hostName; + time.timeZone = "Asia/Shanghai"; + system.stateVersion = "22.11"; + nixpkgs.config.allowUnfree = true; + }; +} diff --git a/modules/basic/basic.nix b/modules/basic/basic.nix deleted file mode 100644 index caebcfa2..00000000 --- a/modules/basic/basic.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ hostname }: { pkgs, ... }@inputs: -{ - config = - { - nixpkgs.hostPlatform = "x86_64-linux"; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = hostname; - time.timeZone = "Asia/Shanghai"; - system.stateVersion = "22.11"; - nixpkgs.config.allowUnfree = true; - - - programs.firejail.enable = true; - hardware.xone.enable = true; - hardware.xpadneo.enable = true; - hardware.bluetooth.enable = true; - services.xserver.synaptics.enable = false; - services.xserver.libinput.enable = true; - virtualisation.libvirtd.enable = true; - - nixpkgs.config.packageOverrides = pkgs: rec { - wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: { - patches = attrs.patches ++ [ ../../patches/xmunet.patch ]; - }); - }; - - environment.sessionVariables."GTK_USE_PORTAL" = "1"; - xdg.portal.extraPortals = with inputs.pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; - virtualisation.spiceUSBRedirection.enable = true; - networking.resolvconf.enable = false; - environment.etc."resolv.conf".text = - '' - nameserver 127.0.0.1 - ''; - programs.xwayland.enable = true; - }; -} diff --git a/modules/boot/chn-PC.nix b/modules/boot/chn-PC.nix index 65d746af..fbe60f84 100644 --- a/modules/boot/chn-PC.nix +++ b/modules/boot/chn-PC.nix @@ -7,7 +7,7 @@ inputs: initrd.availableKernelModules = [ "ahci" "nvme" "sr_mod" "usb_storage" "virtio_blk" "virtio_pci" "xhci_pci" ]; kernelModules = [ "kvm-intel" ]; - extraModulePackages = with inputs.config.boot.kernelPackages; [ cpupower xone xpadneo ]; + extraModulePackages = with inputs.config.boot.kernelPackages; [ cpupower ]; extraModprobeConfig = "options kvm_intel nested=1"; }; hardware.cpu.intel.updateMicrocode = true; diff --git a/modules/display/basic.nix b/modules/display/basic.nix deleted file mode 100644 index 54e4a4a8..00000000 --- a/modules/display/basic.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - config.services.xserver = - { - enable = true; - displayManager.sddm.enable = true; - desktopManager.plasma5.enable = true; - }; -} diff --git a/modules/display/chn-PC.nix b/modules/display/chn-PC.nix deleted file mode 100644 index 73dacc13..00000000 --- a/modules/display/chn-PC.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config = - { - services.xserver.videoDrivers = [ "nvidia" "intel" "qxl" ]; - hardware.nvidia.prime = - { - offload.enable = true; - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:1:0:0"; - }; - }; -} diff --git a/modules/fonts/basic.nix b/modules/fonts.nix similarity index 100% rename from modules/fonts/basic.nix rename to modules/fonts.nix diff --git a/modules/hardware/bluetooth.nix b/modules/hardware/bluetooth.nix new file mode 100644 index 00000000..db80e6fa --- /dev/null +++ b/modules/hardware/bluetooth.nix @@ -0,0 +1 @@ +{ config.hardware.bluetooth.enable = true; } diff --git a/modules/hardware/joystick.nix b/modules/hardware/joystick.nix new file mode 100644 index 00000000..068633cf --- /dev/null +++ b/modules/hardware/joystick.nix @@ -0,0 +1 @@ +{ config.hardware = { xone.enable = true; xpadneo.enable = true; }; } diff --git a/modules/hardware/nvidia-prime.nix b/modules/hardware/nvidia-prime.nix new file mode 100644 index 00000000..0256234a --- /dev/null +++ b/modules/hardware/nvidia-prime.nix @@ -0,0 +1,24 @@ +{ intelBusId, nvidiaBusId }: { pkgs, ... }@inputs: +{ + config = + { + services.xserver.videoDrivers = [ "nvidia" "intel" ]; + hardware.nvidia.prime = + { + offload.enable = true; + intelBusId = intelBusId; + nvidiaBusId = nvidiaBusId; + }; + environment.systemPackages = + [( + inputs.pkgs.writeShellScriptBin "nvidia-offload" + '' + export __NV_PRIME_RENDER_OFFLOAD=1 + export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 + export __GLX_VENDOR_LIBRARY_NAME=nvidia + export __VK_LAYER_NV_optimus=NVIDIA_only + exec "$@" + '' + )]; + }; +} diff --git a/modules/hardware/printer.nix b/modules/hardware/printer.nix new file mode 100644 index 00000000..36c0f48c --- /dev/null +++ b/modules/hardware/printer.nix @@ -0,0 +1 @@ +{ config.services.printing.enable = true; } diff --git a/modules/sound/basic.nix b/modules/hardware/sound.nix similarity index 78% rename from modules/sound/basic.nix rename to modules/hardware/sound.nix index 45d2141d..6de47b3a 100644 --- a/modules/sound/basic.nix +++ b/modules/hardware/sound.nix @@ -7,8 +7,7 @@ services.pipewire = { enable = true; - alsa.enable = true; - alsa.support32Bit = true; + alsa = { enable = true; support32Bit = true; }; pulse.enable = true; }; }; diff --git a/modules/i18n/basic.nix b/modules/i18n.nix similarity index 75% rename from modules/i18n/basic.nix rename to modules/i18n.nix index 8f607642..ae4dec18 100644 --- a/modules/i18n/basic.nix +++ b/modules/i18n.nix @@ -12,7 +12,7 @@ inputMethod = { enabled = "fcitx5"; - fcitx5.addons = with inputs.pkgs; [fcitx5-rime fcitx5-chinese-addons fcitx5-mozc]; + fcitx5.addons = with inputs.pkgs; [ fcitx5-rime fcitx5-chinese-addons fcitx5-mozc ]; }; } else {} diff --git a/modules/kde.nix b/modules/kde.nix new file mode 100644 index 00000000..c78b5f4a --- /dev/null +++ b/modules/kde.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }@inputs: +{ + config = + { + services.xserver = + { + enable = true; + displayManager.sddm.enable = true; + desktopManager.plasma5.enable = true; + }; + environment = + { + sessionVariables."GTK_USE_PORTAL" = "1"; + systemPackages = [ inputs.pkgs.libsForQt5.qtstyleplugin-kvantum ]; + }; + xdg.portal.extraPortals = with inputs.pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; + programs.xwayland.enable = true; + }; +} diff --git a/modules/kvm/guest.nix b/modules/kvm/guest.nix deleted file mode 100644 index b7d803d5..00000000 --- a/modules/kvm/guest.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - config.services = - { - qemuGuest.enable = true; - spice-vdagentd.enable = true; - }; -} diff --git a/modules/networking/basic.nix b/modules/networking/basic.nix index 999c2a98..7239e618 100644 --- a/modules/networking/basic.nix +++ b/modules/networking/basic.nix @@ -1,48 +1 @@ -inputs: -{ - config.networking.networkmanager.enable = true; - config.services.dnsmasq = - { - enable = true; - settings = { - no-poll = true; - server = [ "127.0.0.1#10853" ]; - listen-address = "127.0.0.1"; - bind-interfaces = true; - address = [ - "/mirism.one/216.24.188.24" - "/beta.mirism.one/216.24.188.24" - "/ng01.mirism.one/216.24.188.24" - "/debug.mirism.one/127.0.0.1" - ]; - ipset = [ - "/developer.download.nvidia.com/noproxy_net" - "/yuanshen.com/noproxy_net" - "/zoom.us/noproxy_net" - ]; - }; - }; - config.services.xray = { enable = true; settingsFile = inputs.config.sops.secrets."xray.json".path; }; - config.sops.secrets."xray.json" = - { mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; }; - config.systemd.services.xray.serviceConfig = - { - DynamicUser = inputs.lib.mkForce false; - User = "v2ray"; - Group = "v2ray"; - CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; - AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; - }; - config.users.users.v2ray = { isSystemUser = true; group = "v2ray"; }; - config.users.groups.v2ray = {}; - config.services.v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; }; - config.boot.kernel.sysctl = - { - "net.ipv4.conf.all.route_localnet" = true; - "net.ipv4.conf.default.route_localnet" = true; - "net.ipv4.conf.all.accept_local" = true; - "net.ipv4.conf.default.accept_local" = true; - "net.ipv4.ip_forward" = true; - "net.ipv4.ip_nonlocal_bind" = true; - }; -} +{ config.networking.networkmanager.enable = true; } diff --git a/modules/networking/chn-PC.nix b/modules/networking/chn-PC.nix new file mode 100644 index 00000000..7ca9f3ff --- /dev/null +++ b/modules/networking/chn-PC.nix @@ -0,0 +1,9 @@ +{ + config.services.dnsmasq.settings.address = + [ + "/mirism.one/216.24.188.24" + "/beta.mirism.one/216.24.188.24" + "/ng01.mirism.one/216.24.188.24" + "/debug.mirism.one/127.0.0.1" + ]; +} diff --git a/modules/networking/ssh.nix b/modules/networking/ssh.nix new file mode 100644 index 00000000..f19993ad --- /dev/null +++ b/modules/networking/ssh.nix @@ -0,0 +1 @@ +{ config.services.openssh.enable = true; } \ No newline at end of file diff --git a/modules/networking/wall_client.nix b/modules/networking/wall_client.nix new file mode 100644 index 00000000..8de2b39d --- /dev/null +++ b/modules/networking/wall_client.nix @@ -0,0 +1,49 @@ +inputs: +{ + config = + { + services = + { + dnsmasq = + { + enable = true; + settings = + { + no-poll = true; + server = [ "127.0.0.1#10853" ]; + listen-address = "127.0.0.1"; + bind-interfaces = true; + ipset = + [ + "/developer.download.nvidia.com/noproxy_net" + "/yuanshen.com/noproxy_net" + "/zoom.us/noproxy_net" + ]; + }; + }; + xray = { enable = true; settingsFile = inputs.config.sops.secrets."xray.json".path; }; + v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; }; + }; + sops.secrets."xray.json" = + { mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; }; + systemd.services.xray.serviceConfig = + { + DynamicUser = inputs.lib.mkForce false; + User = "v2ray"; + Group = "v2ray"; + CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; + AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; + }; + users = { users.v2ray = { isSystemUser = true; group = "v2ray"; }; groups.v2ray = {}; }; + boot.kernel.sysctl = + { + "net.ipv4.conf.all.route_localnet" = true; + "net.ipv4.conf.default.route_localnet" = true; + "net.ipv4.conf.all.accept_local" = true; + "net.ipv4.conf.default.accept_local" = true; + "net.ipv4.ip_forward" = true; + "net.ipv4.ip_nonlocal_bind" = true; + }; + environment.etc."resolv.conf".text = "nameserver 127.0.0.1"; + }; +} diff --git a/modules/networking/xmunet.nix b/modules/networking/xmunet.nix new file mode 100644 index 00000000..020ba927 --- /dev/null +++ b/modules/networking/xmunet.nix @@ -0,0 +1,7 @@ +{ + config.nixpkgs.config.packageOverrides = pkgs: + { + wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs ( attrs: + { patches = attrs.patches ++ [ ./xmunet.patch ]; }); + }; +} diff --git a/patches/xmunet.patch b/modules/networking/xmunet.patch similarity index 100% rename from patches/xmunet.patch rename to modules/networking/xmunet.patch diff --git a/modules/packages/basic.nix b/modules/packages/basic.nix deleted file mode 100644 index ba9f9378..00000000 --- a/modules/packages/basic.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ pkgs, ... }@inputs: -{ - config.environment.systemPackages = with inputs.pkgs; - [ - beep neofetch screen dos2unix tldr gnugrep - pciutils usbutils lshw powertop - zsh ksh zsh-powerlevel10k zsh-autosuggestions zsh-syntax-highlighting - vim nano - ( - vscode-with-extensions.override - { - vscodeExtensions = (with vscode-extensions; - [ - ms-vscode.cpptools - llvm-vs-code-extensions.vscode-clangd - ms-vscode.cmake-tools - ms-ceintl.vscode-language-pack-zh-hans - github.copilot - github.github-vscode-theme - ms-vscode.hexeditor - oderwat.indent-rainbow - james-yu.latex-workshop - pkief.material-icon-theme - ms-vscode-remote.remote-ssh - ]) - ++ (with nix-vscode-extensions.vscode-marketplace; - [ - twxs.cmake - ms-vscode.cpptools-themes - guyutongxue.cpp-reference - ]); - } - ) - ( - pkgs.writeShellScriptBin "nvidia-offload" - '' - export __NV_PRIME_RENDER_OFFLOAD=1 - export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 - export __GLX_VENDOR_LIBRARY_NAME=nvidia - export __VK_LAYER_NV_optimus=NVIDIA_only - exec "$@" - '' - ) - wget aria2 curl yt-dlp qbittorrent - tree git autojump exa - nix-output-monitor comma - docker docker-compose - apacheHttpd certbot-full - pigz rar unrar upx unzip zip - util-linux snapper gparted snapper-gui - firefox google-chrome - qemu_full virt-manager - zotero ocrmypdf pdfgrep texlive.combined.scheme-full libreoffice-qt - ovito paraview gimp # vsim vesta - (python3.withPackages (ps: with ps; [ phonopy ])) - element-desktop tdesktop discord qq inputs.config.nur.repos.xddxdd.wechat-uos inputs.config.nur.repos.linyinfeng.wemeet - remmina - bitwarden openssl ssh-to-age gnupg age sops - spotify yesplaymusic # netease-cloud-music-gtk inputs.config.nur.repos.eh5.netease-cloud-music - crow-translate - scrcpy - ipset iptables iproute2 wireshark dig nettools - touchix.v2ray-forwarder - mathematica - gcc cudaPackages.cudatoolkit clang-tools - inputs.config.nur.repos.ataraxiasjel.proton-ge - octave root - libsForQt5.qtstyleplugin-kvantum - ] - ++ (with inputs.lib; filter isDerivation (attrValues pkgs.plasma5Packages.kdeGear)); - config.programs = - { - wireshark.enable = true; - anime-game-launcher.enable = true; - honkers-railway-launcher.enable = true; - nix-index-database.comma.enable = true; - nix-index.enable = true; - command-not-found.enable = false; - steam.enable = true; - }; - config.nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1u" "electron-19.0.7" ]; - config.nix.settings.substituters = [ "https://xddxdd.cachix.org" ]; - config.nix.settings.trusted-public-keys = [ "xddxdd.cachix.org-1:ay1HJyNDYmlSwj5NXQG065C8LfoqqKaTNCyzeixGjf8=" ]; -} diff --git a/modules/packages/gaming.nix b/modules/packages/gaming.nix new file mode 100644 index 00000000..7dc74833 --- /dev/null +++ b/modules/packages/gaming.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }@inputs: +{ + config = + { + environment.systemPackages = [ inputs.config.nur.repos.ataraxiasjel.proton-ge ]; + programs = + { + anime-game-launcher.enable = true; + honkers-railway-launcher.enable = true; + steam.enable = true; + }; + }; +} diff --git a/modules/packages/gui.nix b/modules/packages/gui.nix new file mode 100644 index 00000000..afe7126a --- /dev/null +++ b/modules/packages/gui.nix @@ -0,0 +1,44 @@ +{ pkgs, ... }@inputs: +{ + config.environment.systemPackages = with inputs.pkgs; + [ + ( vscode-with-extensions.override + { + vscodeExtensions = (with vscode-extensions; + [ + ms-vscode.cpptools + llvm-vs-code-extensions.vscode-clangd + ms-vscode.cmake-tools + ms-ceintl.vscode-language-pack-zh-hans + github.copilot + github.github-vscode-theme + ms-vscode.hexeditor + oderwat.indent-rainbow + james-yu.latex-workshop + pkief.material-icon-theme + ms-vscode-remote.remote-ssh + ]) + ++ (with nix-vscode-extensions.vscode-marketplace; + [ + twxs.cmake + ms-vscode.cpptools-themes + guyutongxue.cpp-reference + ]); + } ) + qbittorrent # tunder + gparted snapper-gui + firefox google-chrome + zotero texlive.combined.scheme-full libreoffice-qt + element-desktop tdesktop discord + # jail + qq inputs.config.nur.repos.xddxdd.wechat-uos inputs.config.nur.repos.linyinfeng.wemeet + remmina + bitwarden + spotify yesplaymusic + crow-translate + scrcpy + ] + ++ (with inputs.lib; filter isDerivation (attrValues pkgs.plasma5Packages.kdeGear)); + config.programs.wireshark.enable = true; + config.nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1u" "electron-19.0.7" ]; +} diff --git a/modules/packages/hpc.nix b/modules/packages/hpc.nix new file mode 100644 index 00000000..946323d8 --- /dev/null +++ b/modules/packages/hpc.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }@inputs: +{ + config.environment.systemPackages = with inputs.pkgs; + [ + ovito paraview # vsim vesta + (python3.withPackages (ps: with ps; [ phonopy ])) + mathematica octave root + ]; +} diff --git a/modules/packages/terminal.nix b/modules/packages/terminal.nix new file mode 100644 index 00000000..c57391d6 --- /dev/null +++ b/modules/packages/terminal.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }@inputs: +{ + config = + { + environment.systemPackages = with inputs.pkgs; + [ + beep neofetch screen dos2unix tldr gnugrep + pciutils usbutils lshw powertop + ksh + vim nano + wget aria2 curl yt-dlp + tree git autojump exa + nix-output-monitor comma + apacheHttpd certbot-full + pigz rar unrar upx unzip zip + util-linux snapper + ocrmypdf pdfgrep + openssl ssh-to-age gnupg age sops + ipset iptables iproute2 dig nettools + gcc clang-tools + ]; + programs = + { + nix-index-database.comma.enable = true; + nix-index.enable = true; + command-not-found.enable = false; + zsh = + { + enable = true; + syntaxHighlighting.enable = true; + autosuggestions.enable = true; + enableCompletion = true; + ohMyZsh = + { + enable = true; + plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ]; + }; + }; + }; + }; +} diff --git a/modules/printer/basic.nix b/modules/printer/basic.nix deleted file mode 100644 index 792f23c9..00000000 --- a/modules/printer/basic.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - config.services.printing.enable = true; -} diff --git a/modules/sops/basic.nix b/modules/sops.nix similarity index 50% rename from modules/sops/basic.nix rename to modules/sops.nix index 082a2da7..1035c115 100644 --- a/modules/sops/basic.nix +++ b/modules/sops.nix @@ -1,7 +1,8 @@ +inputs: { config.sops = { - defaultSopsFile = ../../secrets/chn-PC.yaml; + defaultSopsFile = ../secrets/${inputs.config.networking.hostName}.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; } diff --git a/modules/ssh/basic.nix b/modules/ssh/basic.nix deleted file mode 100644 index 1a7f9fe1..00000000 --- a/modules/ssh/basic.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - config.services.openssh.enable = true; -} diff --git a/modules/user/basic.nix b/modules/user/basic.nix deleted file mode 100644 index 5d7e021d..00000000 --- a/modules/user/basic.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }@inputs: -{ - config = - { - users = - { - users.chn = - { - isNormalUser = true; - extraGroups = inputs.lib.intersectLists - [ "networkmanager" "wheel" "wireshark" "libvirtd" ] - (builtins.attrNames inputs.config.users.groups); - passwordFile = inputs.config.sops.secrets."password/chn".path; - shell = inputs.pkgs.zsh; - }; - mutableUsers = false; - }; - sops.secrets."password/chn".neededForUsers = true; - }; -} diff --git a/modules/users/chn.nix b/modules/users/chn.nix new file mode 100644 index 00000000..b1ee6b3f --- /dev/null +++ b/modules/users/chn.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }@inputs: +{ + config = + { + users.users.chn = + { + isNormalUser = true; + extraGroups = inputs.lib.intersectLists + [ "networkmanager" "wheel" "wireshark" "libvirtd" ] + (builtins.attrNames inputs.config.users.groups); + passwordFile = inputs.config.sops.secrets."password/chn".path; + shell = inputs.pkgs.zsh; + }; + sops.secrets."password/chn".neededForUsers = true; + }; +} diff --git a/modules/users/root.nix b/modules/users/root.nix new file mode 100644 index 00000000..3c59d48b --- /dev/null +++ b/modules/users/root.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }@inputs: +{ + config = + { + users = + { + users.root = + { + passwordFile = inputs.config.sops.secrets."password/root".path; + shell = inputs.pkgs.zsh; + }; + mutableUsers = false; + }; + sops.secrets."password/root".neededForUsers = true; + }; +} diff --git a/modules/virtualisation/kvm_guest.nix b/modules/virtualisation/kvm_guest.nix new file mode 100644 index 00000000..79252470 --- /dev/null +++ b/modules/virtualisation/kvm_guest.nix @@ -0,0 +1 @@ +{ config.services = { qemuGuest.enable = true; spice-vdagentd.enable = true; xserver.videoDrivers = [ "qxl" ]; }; } diff --git a/modules/virtualisation/kvm_host.nix b/modules/virtualisation/kvm_host.nix new file mode 100644 index 00000000..85f33cf8 --- /dev/null +++ b/modules/virtualisation/kvm_host.nix @@ -0,0 +1,2 @@ +# TODO: disable auto usb redirection +{ config.virtualisation = { libvirtd.enable = true; spiceUSBRedirection.enable = true; }; } diff --git a/modules/virtualisation/waydroid.nix b/modules/virtualisation/waydroid.nix new file mode 100644 index 00000000..05114703 --- /dev/null +++ b/modules/virtualisation/waydroid.nix @@ -0,0 +1 @@ +{ config.virtualisation = { waydroid.enable = true; lxd.enable = true; }; } diff --git a/modules/waydroid/basic.nix b/modules/waydroid/basic.nix deleted file mode 100644 index 71fef57f..00000000 --- a/modules/waydroid/basic.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - config.virtualisation = - { - waydroid.enable = true; - lxd.enable = true; - }; -} diff --git a/modules/zsh/basic.nix b/modules/zsh/basic.nix deleted file mode 100644 index 22f67771..00000000 --- a/modules/zsh/basic.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config.programs.zsh = - { - enable = true; - syntaxHighlighting.enable = true; - autosuggestions.enable = true; - enableCompletion = true; - ohMyZsh = - { - enable = true; - plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ]; - }; - }; -} diff --git a/secrets/chn-PC.yaml b/secrets/chn-PC.yaml index f6a13339..c6e56359 100644 --- a/secrets/chn-PC.yaml +++ b/secrets/chn-PC.yaml @@ -1,4 +1,5 @@ password: + root: ENC[AES256_GCM,data:WlD/i0GDlzeVsc4uJXVK+cRLvjATZGSbVCRedenTBayPeMebC6jrGPhsK4SSZIv3uw9RKztGGkziBTe61CCKwg/Rm0oFuF661A==,iv:YBPmukuz2tiVmIEBMClYjgzPf33NjmdqihcydD1gdhg=,tag:uURlnbNmEgo1qfoU0gPwEg==,type:str] chn: ENC[AES256_GCM,data:NMTdEfxBMqJP5bnLqinzQ1NP/4eCM3zzH5aR2HOoeu/p8BNp3JDspyuE+DkjVlb/uuVugnFPTOSASRZeEliG0B6NvpZ8gP1O/g==,iv:SNVxJ/xfdfAiVljlRMd5maIhxH0RBs90bqrypBubM6w=,tag:A7Wemy4eLcIUfV/sZ6//VA==,type:str] xray.json: ENC[AES256_GCM,data:eog9U3zt+Lx4QOlr0F4PGP73uUXrZcxa8NDVq13hmVpfu2T/CoF+Lwf8saJN9IdAOcECfgkrI2DiUZdAUO5LGQDDEyJywiJ/CnL6u+kwmkO9doidvG9ctB1VR2CG4M5wqXnybJp8b6osG6iL83q4prjo3YjFfGQFA/X05ssuzLneugK1pQrr9yaF7PvXvFBRwOKDbsmqDqSurTkU3QZMx3is2f0OeLYZEYk9XVNE7xeL1/33gObsP4KF5O2h466+7ezI7kP2vC2rl1VPQFtYAssoxK6qxWKErPhMCu+cDDYDMxqkeYmkgGBJEefpuk6IMNXctuwWwjojX5SEMN73kOHzJxykE/NhCbRDeNQjWz9qTpDaMZ36IFTc+U7nThYD85h9ppaedsXsQtLxhG29KM45h0CByBwJPY8Q1TNkV+jYsJWk6+DqSnWwMPsAKXnj/bhtpbslWlqk7uHn/6jzexu95y89ObjNtiR6YViufCAHlAGovijXv9lEjsZk+1xMNnD418a58jrUXoBGQjr+FT+i01zDnJga61KqAkhjgblG6j5pNVzsopITs1f90cxJjoNFvqh01EgPma3OlD6x5RmY3g/Mzc4yXreWS0KhICSvZwNT27DKCTVpSWRwz20yNU0OYy4MIo1CbZtvv9uQ6pO9m681IjHLZSP5pX19rqG0hfTkP3Wvya/G8hkHhmRDHUeptzKuZII1GVU3g9JfL4KbEeLZXeZRqKJ5N5kFwyUXytWEZpmj4XYdZF65BsGnC251EI0+LJdJy6vDcGTelbMHoyW8tZ50pQysy5gukf+hERuzgw0l81P5iRZoz9Mt/dNy2sA/EFxElZayDrIRlBilKvlTUr8qgswjj2kdR0sPgfM0aaD1mZFQ65MHVcJSua2gO/B5yXNmoLtZxFSYOuqHqHXN84T1rj8DxU5XXlatvK00U6nb73Xkwdjfe14bUTR05E3DvXwYLJ/LZL+nRgHgASnS2ECDn/DAw7UigwmXSaEPz6eQbOucNvtoq6xceJgeWuNM7ZSIq5JRufL6QnLXjoHmd8OgSG6xaR7wvQkg+YwnbhhpDbi+3AB+RlJkYSVoUUdPTi8sSxYZi4x+gRys20tRCWxUuvrIKhoimFi/lNDZn4fW93EEZT1KpoHxOzD424hdVWZ/9dV2O57ZArOVvnG8WQPGsFqVQ55dzpA4QI34GNDHkeQGNJb6JF1f+8x5AJGJPbRWqDBNRmjewr8xKZwRSpYl+OH9ijU4qk9dxpiynFXY6t2cJIzhMIgRBnvgD+zFAgbOX0t1jvguLeTDxq+5ZJLc9g15gKtQKOLyBx0XAV8xtpmqQX8KuPj+CKmKUJQ1WNWUkd9THXwsYjskb3L6frOubYo0M0pnXaF+hlyHpsJoz4pdUmsFRnByAr+QQAYUUnx2oxZ3gybpIkFHUOekuXVwx4ox87buJA3YsgDYUE6QP7AUgUdpUo4pssZw4Ym8IpqCuam6F04uC9RMdTfeJ0URTaP/fY91zlvU7zJjeG97N30uLiVx60rGeJXfwK5PxcjUH6DNSZL9utX9F25+D2tbHXgP+zYPQFRThIfF5FZtcMaEA1jBFByc5YifrD+UveMwcZhJvoLy+LG635GrhuJodX0f+UB5FqxiW5+jxseXxVXhnN76UvTa1gc2sUC0/wKHeNEkO0HSoTsI5vFDldD+Vl8NFCEe90hlmBDDS89C4RBYB38tSnGicngiki089N1D8jVl5zF+Ssek6pLk/IjIhPC3F7TEshnkJpakHa009B5b50HizuJofbe5+c37BSgiCSzo3iGXQDVC/0dB8uEzKXFbeo9sGT1ESUFSwFGHLeNNC1UkMRfam6KyRqC5/PtRA+kQzk2+vJ0gk4ghGzgzFAXMgH1FovYBIc0JnwxmTyZssXdYkv8kn1fM7I+VcdEAqMMwuzZk1Q1cV2lcAFH3agodLKkMNrur0r14kdLYhoOghcedJtzQVm288exYoMxyXNm70VKcA3IiMW9GXoGY4BAFCWLKbrTQWqGzr5+MY7lyQOK6umcDeH0+R1yDmuNIrv7oog0KYQeHl++upEAyDzbjxtvlsWlB0fXRM0chvh0NZ0dPHK+qPaYlCXXucTSnNu9QKnMr34xOGY1CazPAXV4Bvyf9BxLKVxnNd9E/NPA43XCrJhKwspM4GzAGss5k1icb4za7GocMIqFfMO4y93Ug8nbZkHKJ1kzbqnx0JjfQfEH2QBznRAkhCQN0crs1Zvewcx46oOPZNzoFZLpKrP2yVnQTl93gcsmS1iw/F62BscRtW7kwSvQ+GInUoF2PWlicX90ZvkoImtzcyNLmUJ219cBxdghng12vKwgj2qMXilGWfIdHSh6UF96DjGlhWbURXUlGT2aQL7qQtC6M/sLewjs3SVT1g2xj/5SrsxCs3Id6mIcKRZTX+OiKKTY1xAvL/Ga7I/M+nN+BBSqurWMHIDbnA4jJEQcWZKPcskVve4WHJlo9qUbHznWJQl1aA6ypUJQNk2+ztLbn2TJlXPj8MN5ET2ZAtzZ1E7BUKFfxQafB0MqRygpK8d+Vtz3AP1eyn8/J6lQ9iS5JSWZ7kokFZ2362klit+ogiDGfLAAgVd4vSSDyObEZLGA+bMAxDqEb0Uc9q69I7Phf3IZN9TD9uZFJjr/H6QdS8UEF5510GilqQAanzBRLGCKO74t+Dv7qLrk3wqXZihAYevalJ5BVak8dxXQd3xDLGst+qSUiyFWxIgIBA5GX1YdPXQN4R+WhARV9v1VFaOIUtLMJfRJHni3ZjVX0yjN8R3xFSKmKgKaOc+LuO8mY3gdXBkEc0dzfhhRFMaaLb8rLNwPnp/7pL6fkltxY7e7GxwCOXQXERDQqb0e8ocYb+Mfv/ua/xc7fkxYt9bksrhqmPUxz+XdfLb86QzSs/X2rrxkZWCiFdnRHOkrgRiymbJTPAeQX+ERA39YTZJkiRlEROK3kDm15oAT4iJ+WQQpExthNtUAbPtkptQt+iG1IK6cEFiNI/RQuaqRhSjViZ0RkFraZYCBxBfQZG5WAecItvuS4awGbTM/cd1N5aNU43DbuMNlkoaX81K7w6WKkaTOcQkGtwdEBsXKbeO9KRZmO8QauUjV+g5jH2ctz+PgYUg9gGIcHsdnA0dyp6ie4HNxqa2vLMln4nj7aJzyzE0lYDB6FHrC18TOZ3UNl6Pk5u0vJB+BZdp7MMCScLo/boxloKY0IRspCsRPDmJg0W/JlQ4ezmYHUYq/wplw8V6bI07bIr4TgTFXIWK61mH1Lz/fflu4/6hj3aCklY7KKESU7uf0JGrAmGTa8y3WHtlc9/ETXq1hJv0ulUzNcBe2fxn9FiNKOMRWtfhatMuWrtaSQIk0tYWW1xJ0ZvsJeGOfM1Edf56QhSW37SJin1gvbZE6mW1IjGW1tSUn1K6vebsKpLNXYDIZ4Pbi0ZZ4njhY90GgSiw2hSvUsdrklIabRP0/s4aVdPXSHmPVNGnxQHfjiMUDaXqqGJDRS7kLgOFq5ipmNQ3bP1J2U+PYgkAxL4TA5fXu9q1H5OTgrMzemAlvp5jI7MXOPlUaD+PBn0oBVM+l7KfqEOWFyX5XIZyrJCg1+PtIMy1/V3B45PVC4yuzkWNU3m+wzaYn/UDX7XpvgxywXXSq5AO63/nn7lnbl21e48BReXlDJ7aDjAPR97qOUEEvJoVuiWk4JONEdJVt9j5ad/Z1n,iv:KROMY3fOYmtbYVdtVnN1SJyRZEhU2tzJXxFvt3yitn4=,tag:7fAjJ3ARKZpOh2InLZihBg==,type:str] sops: @@ -25,8 +26,8 @@ sops: OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-27T12:56:16Z" - mac: ENC[AES256_GCM,data:MLRCHM7bPTOXzejkGAh2YcHxvxtAWfRop0sj7zHV5fIxBN7GP4H9JgKIFZAXRQJgP7UCRY7dGAVb9QM7kRUvOFxm4hSeFRRwfvt4er4a5x+SQocU+z6+50Q5qtOnkP7++SnJMfT0zfnmWe6MSCsebIOGAOVqMd06aVbSgO1mnD4=,iv:WZuETYLp4MISSsAGqjweK3+iWKHrf9CYJ5mkahM9LJw=,tag:6o9FB5zqD1ASMkQOVMkmkQ==,type:str] + lastmodified: "2023-06-09T12:41:46Z" + mac: ENC[AES256_GCM,data:EjQwSxxxCaFAngTnwDWM+VpR/nhNYrw1nQb6oEWckzic5ItTQ2+jFLwCjU6kGHCKH+jojxl6XhC6duLmYSn4fqPwxm/8ZjS9gMRuhG/P59exHlT8bUOq4Y3wqufm0DmNE5NEzgKD9f6A2oC7Ze20QHt+1z15dzBEaE9mt/kjytI=,iv:XbWY0/jFNy/VYYI/C2eYtTeWQmSDLw9dCYNqTN/GroI=,tag:NmQQzT/uezkb0cN/7upe6w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3