From 0ee989b8473bcdf3f7e4c2bb68217cbaab25cdd1 Mon Sep 17 00:00:00 2001 From: Silas Schöffel Date: Tue, 23 Jun 2026 02:56:12 +0200 Subject: treewide: rename paths to jaki --- modules/nixos/default.nix | 2 +- modules/nixos/jaki/apparmor.nix | 14 +++ modules/nixos/jaki/basesystem.nix | 48 +++++++++ modules/nixos/jaki/bluetooth.nix | 12 +++ modules/nixos/jaki/bootloader.nix | 30 ++++++ modules/nixos/jaki/default.nix | 33 ++++++ modules/nixos/jaki/disks.nix | 132 +++++++++++++++++++++++ modules/nixos/jaki/docker.nix | 24 +++++ modules/nixos/jaki/environment.nix | 45 ++++++++ modules/nixos/jaki/firejail.nix | 24 +++++ modules/nixos/jaki/font.nix | 28 +++++ modules/nixos/jaki/fprintd.nix | 19 ++++ modules/nixos/jaki/gnome.nix | 19 ++++ modules/nixos/jaki/graphics.nix | 12 +++ modules/nixos/jaki/hyprland.nix | 15 +++ modules/nixos/jaki/impermanence.nix | 43 ++++++++ modules/nixos/jaki/meta.nix | 31 ++++++ modules/nixos/jaki/networking.nix | 63 +++++++++++ modules/nixos/jaki/nix.nix | 66 ++++++++++++ modules/nixos/jaki/pamconfig.nix | 29 +++++ modules/nixos/jaki/plasma.nix | 29 +++++ modules/nixos/jaki/plymouth.nix | 12 +++ modules/nixos/jaki/printing.nix | 44 ++++++++ modules/nixos/jaki/roles.nix | 86 +++++++++++++++ modules/nixos/jaki/sound.nix | 20 ++++ modules/nixos/jaki/steam.nix | 19 ++++ modules/nixos/jaki/sudo.nix | 24 +++++ modules/nixos/jaki/sway.nix | 15 +++ modules/nixos/jaki/tailscale.nix | 52 +++++++++ modules/nixos/jaki/theming/default.nix | 18 ++++ modules/nixos/jaki/theming/tokyo-night-dark.yaml | 18 ++++ modules/nixos/jaki/tor.nix | 23 ++++ modules/nixos/sils/apparmor.nix | 14 --- modules/nixos/sils/basesystem.nix | 48 --------- modules/nixos/sils/bluetooth.nix | 12 --- modules/nixos/sils/bootloader.nix | 30 ------ modules/nixos/sils/default.nix | 33 ------ modules/nixos/sils/disks.nix | 132 ----------------------- modules/nixos/sils/docker.nix | 24 ----- modules/nixos/sils/environment.nix | 45 -------- modules/nixos/sils/firejail.nix | 24 ----- modules/nixos/sils/font.nix | 28 ----- modules/nixos/sils/fprintd.nix | 19 ---- modules/nixos/sils/gnome.nix | 19 ---- modules/nixos/sils/graphics.nix | 12 --- modules/nixos/sils/hyprland.nix | 15 --- modules/nixos/sils/impermanence.nix | 43 -------- modules/nixos/sils/meta.nix | 31 ------ modules/nixos/sils/networking.nix | 63 ----------- modules/nixos/sils/nix.nix | 66 ------------ modules/nixos/sils/pamconfig.nix | 29 ----- modules/nixos/sils/plasma.nix | 29 ----- modules/nixos/sils/plymouth.nix | 12 --- modules/nixos/sils/printing.nix | 44 -------- modules/nixos/sils/roles.nix | 86 --------------- modules/nixos/sils/sound.nix | 20 ---- modules/nixos/sils/steam.nix | 19 ---- modules/nixos/sils/sudo.nix | 24 ----- modules/nixos/sils/sway.nix | 15 --- modules/nixos/sils/tailscale.nix | 52 --------- modules/nixos/sils/theming/default.nix | 18 ---- modules/nixos/sils/theming/tokyo-night-dark.yaml | 18 ---- modules/nixos/sils/tor.nix | 23 ---- 63 files changed, 1048 insertions(+), 1048 deletions(-) create mode 100644 modules/nixos/jaki/apparmor.nix create mode 100644 modules/nixos/jaki/basesystem.nix create mode 100644 modules/nixos/jaki/bluetooth.nix create mode 100644 modules/nixos/jaki/bootloader.nix create mode 100644 modules/nixos/jaki/default.nix create mode 100644 modules/nixos/jaki/disks.nix create mode 100644 modules/nixos/jaki/docker.nix create mode 100644 modules/nixos/jaki/environment.nix create mode 100644 modules/nixos/jaki/firejail.nix create mode 100644 modules/nixos/jaki/font.nix create mode 100644 modules/nixos/jaki/fprintd.nix create mode 100644 modules/nixos/jaki/gnome.nix create mode 100644 modules/nixos/jaki/graphics.nix create mode 100644 modules/nixos/jaki/hyprland.nix create mode 100644 modules/nixos/jaki/impermanence.nix create mode 100644 modules/nixos/jaki/meta.nix create mode 100644 modules/nixos/jaki/networking.nix create mode 100644 modules/nixos/jaki/nix.nix create mode 100644 modules/nixos/jaki/pamconfig.nix create mode 100644 modules/nixos/jaki/plasma.nix create mode 100644 modules/nixos/jaki/plymouth.nix create mode 100644 modules/nixos/jaki/printing.nix create mode 100644 modules/nixos/jaki/roles.nix create mode 100644 modules/nixos/jaki/sound.nix create mode 100644 modules/nixos/jaki/steam.nix create mode 100644 modules/nixos/jaki/sudo.nix create mode 100644 modules/nixos/jaki/sway.nix create mode 100644 modules/nixos/jaki/tailscale.nix create mode 100644 modules/nixos/jaki/theming/default.nix create mode 100644 modules/nixos/jaki/theming/tokyo-night-dark.yaml create mode 100644 modules/nixos/jaki/tor.nix delete mode 100644 modules/nixos/sils/apparmor.nix delete mode 100644 modules/nixos/sils/basesystem.nix delete mode 100644 modules/nixos/sils/bluetooth.nix delete mode 100644 modules/nixos/sils/bootloader.nix delete mode 100644 modules/nixos/sils/default.nix delete mode 100644 modules/nixos/sils/disks.nix delete mode 100644 modules/nixos/sils/docker.nix delete mode 100644 modules/nixos/sils/environment.nix delete mode 100644 modules/nixos/sils/firejail.nix delete mode 100644 modules/nixos/sils/font.nix delete mode 100644 modules/nixos/sils/fprintd.nix delete mode 100644 modules/nixos/sils/gnome.nix delete mode 100644 modules/nixos/sils/graphics.nix delete mode 100644 modules/nixos/sils/hyprland.nix delete mode 100644 modules/nixos/sils/impermanence.nix delete mode 100644 modules/nixos/sils/meta.nix delete mode 100644 modules/nixos/sils/networking.nix delete mode 100644 modules/nixos/sils/nix.nix delete mode 100644 modules/nixos/sils/pamconfig.nix delete mode 100644 modules/nixos/sils/plasma.nix delete mode 100644 modules/nixos/sils/plymouth.nix delete mode 100644 modules/nixos/sils/printing.nix delete mode 100644 modules/nixos/sils/roles.nix delete mode 100644 modules/nixos/sils/sound.nix delete mode 100644 modules/nixos/sils/steam.nix delete mode 100644 modules/nixos/sils/sudo.nix delete mode 100644 modules/nixos/sils/sway.nix delete mode 100644 modules/nixos/sils/tailscale.nix delete mode 100644 modules/nixos/sils/theming/default.nix delete mode 100644 modules/nixos/sils/theming/tokyo-night-dark.yaml delete mode 100644 modules/nixos/sils/tor.nix (limited to 'modules/nixos') diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index fae14fc..c349d32 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./roles.nix - ./sils + ./jaki ]; } diff --git a/modules/nixos/jaki/apparmor.nix b/modules/nixos/jaki/apparmor.nix new file mode 100644 index 0000000..69cec21 --- /dev/null +++ b/modules/nixos/jaki/apparmor.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.apparmor; +in { + options.sils.apparmor.enable = lib.mkEnableOption "apparmor"; + config = lib.mkIf cfg.enable { + security.apparmor = { + enable = true; + }; + }; +} diff --git a/modules/nixos/jaki/basesystem.nix b/modules/nixos/jaki/basesystem.nix new file mode 100644 index 0000000..0e9f6de --- /dev/null +++ b/modules/nixos/jaki/basesystem.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: let + cfg = config.sils.basesystem; +in { + options.sils.basesystem.enable = lib.mkEnableOption "basesystem"; + + config = lib.mkIf cfg.enable { + networking.hostName = config.sils.meta.hostname; + + boot = { + initrd = { + systemd.enable = true; + availableKernelModules = ["xhci_pci" "nvme" "rtsx_pci_sdmmc"]; + kernelModules = []; + }; + kernelModules = ["kvm-intel"]; + extraModulePackages = []; + kernelPackages = pkgs.linuxPackages_latest; + }; + + system.stateVersion = "23.05"; + + i18n.defaultLocale = "en_US.UTF-8"; + + time.timeZone = "Europe/Berlin"; + + nixpkgs.hostPlatform = config.sils.meta.system; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware = { + cpu.intel.updateMicrocode = true; + enableRedistributableFirmware = true; + }; + + services.xserver.xkb = { + layout = "de"; + options = "grp:win_space_toggle"; + }; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + }; +} diff --git a/modules/nixos/jaki/bluetooth.nix b/modules/nixos/jaki/bluetooth.nix new file mode 100644 index 0000000..2d67717 --- /dev/null +++ b/modules/nixos/jaki/bluetooth.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.bluetooth; +in { + options.sils.bluetooth.enable = lib.mkEnableOption "bluetooth"; + config = lib.mkIf cfg.enable { + hardware.bluetooth.enable = true; + }; +} diff --git a/modules/nixos/jaki/bootloader.nix b/modules/nixos/jaki/bootloader.nix new file mode 100644 index 0000000..fc0e0f3 --- /dev/null +++ b/modules/nixos/jaki/bootloader.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + ... +}: let + btl = config.sils.bootloader; +in { + options.sils.bootloader = lib.mkOption { + type = lib.types.enum ["lanzaboote" "grub"]; + default = "lanzaboote"; + description = "Which bootloader to use."; + }; + config.boot = + if btl == "lanzaboote" + then { + lanzaboote = { + enable = true; + configurationLimit = 10; + pkiBundle = "/etc/secureboot"; + settings = { + editor = false; + }; + }; + } + else if btl == "grub" + then { + loader.grub.enable = true; + } + else {}; +} diff --git a/modules/nixos/jaki/default.nix b/modules/nixos/jaki/default.nix new file mode 100644 index 0000000..db27868 --- /dev/null +++ b/modules/nixos/jaki/default.nix @@ -0,0 +1,33 @@ +{...}: { + imports = [ + ./apparmor.nix + ./basesystem.nix + ./bluetooth.nix + ./bootloader.nix + ./disks.nix + ./docker.nix + ./environment.nix + ./firejail.nix + ./font.nix + ./fprintd.nix + ./gnome.nix + ./graphics.nix + ./hyprland.nix + ./impermanence.nix + ./meta.nix + ./networking.nix + ./nix.nix + ./pamconfig.nix + ./plasma.nix + ./plymouth.nix + ./printing.nix + ./roles.nix + ./sound.nix + ./steam.nix + ./sudo.nix + ./sway.nix + ./theming + ./tailscale.nix + ./tor.nix + ]; +} diff --git a/modules/nixos/jaki/disks.nix b/modules/nixos/jaki/disks.nix new file mode 100644 index 0000000..bf0e2b0 --- /dev/null +++ b/modules/nixos/jaki/disks.nix @@ -0,0 +1,132 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.disks; + defaultMountOptions = [ + "noatime" # should have some performance upsides, and I don't use it anyways + "lazytime" # make time changes in memory + ]; +in { + options.sils.disks = { + enable = lib.mkEnableOption "disk setup with disko"; + + disk = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression "/dev/disk/by-uuid/0442cb6d-f13a-4635-b487-fa76189774c5"; + description = "The disk used for installing the OS."; + }; + + #swap = { + # uuid = lib.mkOption { + # type = lib.types.str; + # example = lib.literalExpression "d1d20ae7-3d8a-44da-86da-677dbbb10c89"; + # description = "The uuid of the swapfile"; + # }; + # resumeOffset = lib.mkOption { + # type = lib.types.str; + # example = lib.literalExpression "134324224"; + # description = "The resume offset of the swapfile"; + # }; + #}; + }; + + config = lib.mkIf cfg.enable { + disko.devices = { + disk = { + main = { + device = cfg.disk; + content = { + type = "gpt"; + partitions = { + root = { + size = "100%"; + name = "root"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = ["--allow-discards"]; + content = { + type = "btrfs"; + extraArgs = ["-f" "--label nixos"]; # Override existing partitions + subvolumes = { + "root" = { + mountpoint = "/"; + mountOptions = defaultMountOptions; + }; + "nix" = { + mountpoint = "/nix"; + mountOptions = defaultMountOptions; + }; + "persistent-storage" = { + mountpoint = "/srv"; + mountOptions = defaultMountOptions; + }; + "persistent-storage@snapshots" = { + mountpoint = "/srv/snapshots"; + mountOptions = defaultMountOptions; + }; + "swap" = { + mountpoint = "/swap"; + mountOptions = defaultMountOptions; + }; + "home" = { + mountpoint = "/home"; + mountOptions = defaultMountOptions; + }; + }; + }; + }; + }; + MBR = { + type = "EF02"; + size = "1M"; + priority = 1; + }; + boot = { + type = "EF00"; + size = "4096M"; + name = "boot"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + }; + }; + }; + }; + nodev = { + "/tmp" = { + fsType = "tmpfs"; + mountOptions = ["defaults" "size=30G" "mode=755"]; + }; + }; + }; + fileSystems = { + "/srv" = { + neededForBoot = true; + }; + "/swap" = { + neededForBoot = true; + }; + }; + swapDevices = [ + #{ + # device = "/swap/swapfile"; + # priority = 1; # lower than zramSwap, just in case + # # size = 2048; # TODO: can nixos create a btrfs swapfile correctly? + #} + ]; + boot = { + kernelParams = [ + #"resume_offset=${cfg.swap.resumeOffset}" + ]; + #resumeDevice = "/dev/disk/by-uuid/${cfg.swap.uuid}"; + }; + }; +} diff --git a/modules/nixos/jaki/docker.nix b/modules/nixos/jaki/docker.nix new file mode 100644 index 0000000..131b857 --- /dev/null +++ b/modules/nixos/jaki/docker.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.docker; +in { + options.sils.docker.enable = lib.mkEnableOption "docker"; + config = lib.mkIf cfg.enable { + virtualisation.docker = { + enable = true; + storageDriver = "btrfs"; + }; + users.users.jaki.extraGroups = ["docker"]; + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/docker"; + user = "docker"; + group = "docker"; + mode = "0755"; + } + ]; + }; +} diff --git a/modules/nixos/jaki/environment.nix b/modules/nixos/jaki/environment.nix new file mode 100644 index 0000000..0ffa422 --- /dev/null +++ b/modules/nixos/jaki/environment.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.environment; +in { + options.sils.environment.enable = lib.mkEnableOption "custom env vars"; + config = lib.mkIf cfg.enable { + environment = { + sessionVariables = { + XDG_CACHE_HOME = "\${HOME}/.cache"; + XDG_CONFIG_HOME = "\${HOME}/.config"; + XDG_BIN_HOME = "\${HOME}/.local/bin"; + XDG_DATA_HOME = "\${HOME}/.local/share"; + XDG_STATE_HOME = "\${HOME}/.local/state"; + ZDOTDIR = "\${HOME}/.config/zsh"; + CARGO_HOME = "\${HOME}/.local/share/cargo"; + ANDROID_HOME = "\${HOME}/.local/share/android"; + ANSIBLE_HOME = "\${HOME}/.local/share/ansible"; + #_JAVA_OPTIONS = '-Djava.util.prefs.userRoot="\${XDG_CONFIG_HOME}/java"'; + WINEPREFIX = "\${HOME}/.local/share/wine"; + GRADLE_USER_HOME = "\${HOME}/.local/share/gradle"; + GTK2_RC_FILES = "\${HOME}/.config/gtk-2.0/gtkrc"; + EDITOR = "nvim"; + GOPATH = "\${HOME}/.local/share/go"; + XCOMPOSECACHE = "\${HOME}/.cache/X11/xcompose"; + CDPATH = ".:\${HOME}:\${HOME}/repos/:\${HOME}/srv"; + NIXOS_OZONE_WL = "1"; # wayland for electron apps + + #PYTHONSTARTUP="/etc/python/pythonrc"; + + PATH = [ + "\${XDG_BIN_HOME}" + ]; + }; + etc.crypttab = { + enable = true; + text = '' + storage UUID=f4ba9aae-e34f-4a72-98ab-88787f7c1986 none tpm2-device=auto,noauto + ''; + }; + }; + }; +} diff --git a/modules/nixos/jaki/firejail.nix b/modules/nixos/jaki/firejail.nix new file mode 100644 index 0000000..5886918 --- /dev/null +++ b/modules/nixos/jaki/firejail.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.firejail; +in { + options.sils.firejail.enable = lib.mkEnableOption "firejail"; + config = lib.mkIf cfg.enable { + sils.apparmor.enable = true; + programs.firejail = { + enable = true; + wrappedBinaries = { + firefox = { + executable = "${lib.getExe pkgs.firefox}"; # config.home-manager.users.jaki.programs.firefox.package}"; + profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; + }; + }; + }; + + home-manager.users.jaki.programs.firefox.package = null; + }; +} diff --git a/modules/nixos/jaki/font.nix b/modules/nixos/jaki/font.nix new file mode 100644 index 0000000..e079c99 --- /dev/null +++ b/modules/nixos/jaki/font.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.font; +in { + options.sils.font.enable = lib.mkEnableOption "font config"; + config = lib.mkIf cfg.enable { + fonts = { + packages = with pkgs; [ + nerd-fonts.fira-code + nerd-fonts.droid-sans-mono + nerd-fonts.lilex + nerd-fonts.symbols-only + ]; + fontconfig = { + defaultFonts = { + serif = ["Lilex"]; + sansSerif = ["Droid Sans Mono"]; + monospace = ["FiraCode"]; + }; + }; + fontDir.enable = true; + }; + }; +} diff --git a/modules/nixos/jaki/fprintd.nix b/modules/nixos/jaki/fprintd.nix new file mode 100644 index 0000000..dd5c1cc --- /dev/null +++ b/modules/nixos/jaki/fprintd.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.fingerprint; +in { + options.sils.fingerprint.enable = lib.mkEnableOption "fingerprint auth"; + config = lib.mkIf cfg.enable { + services.fprintd = { + enable = true; + tod = { + enable = true; + driver = pkgs.libfprint-2-tod1-vfs0090; + }; + }; + }; +} diff --git a/modules/nixos/jaki/gnome.nix b/modules/nixos/jaki/gnome.nix new file mode 100644 index 0000000..7b798d9 --- /dev/null +++ b/modules/nixos/jaki/gnome.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.gnome; +in { + options.sils.gnome.enable = lib.mkEnableOption "The Gnome DE"; + config = lib.mkIf cfg.enable { + services = { + xserver.enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + tlp.enable = lib.mkForce false; + greetd.enable = lib.mkForce false; + gnome.gnome-keyring.enable = lib.mkForce false; + }; + }; +} diff --git a/modules/nixos/jaki/graphics.nix b/modules/nixos/jaki/graphics.nix new file mode 100644 index 0000000..77f58d8 --- /dev/null +++ b/modules/nixos/jaki/graphics.nix @@ -0,0 +1,12 @@ +{ + lib, + config, + ... +}: let + cfg = config.sils.graphics; +in { + options.sils.graphics.enable = lib.mkEnableOption "graphics"; + config = lib.mkIf cfg.enable { + hardware.graphics.enable = true; + }; +} diff --git a/modules/nixos/jaki/hyprland.nix b/modules/nixos/jaki/hyprland.nix new file mode 100644 index 0000000..73ba9c2 --- /dev/null +++ b/modules/nixos/jaki/hyprland.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.hyprland; +in { + options.sils.hyprland.enable = lib.mkEnableOption "hyprland"; + config = lib.mkIf cfg.enable { + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + }; +} diff --git a/modules/nixos/jaki/impermanence.nix b/modules/nixos/jaki/impermanence.nix new file mode 100644 index 0000000..cf67a91 --- /dev/null +++ b/modules/nixos/jaki/impermanence.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.impermanence; +in { + options.sils.impermanence.enable = lib.mkEnableOption "impermanence to persist directories"; + config = lib.mkIf cfg.enable { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/bluetooth"; + user = "root"; + group = "root"; + mode = "0700"; + } + { + directory = "/root"; + user = "root"; + group = "root"; + mode = "0700"; + } + { + directory = "/var/lib/waydroid"; + user = "root"; + group = "root"; + mode = "0700"; + } + { + directory = "/var/lib/nixos"; + user = "root"; + group = "root"; + mode = "0755"; + } + { + directory = "/var/log"; + user = "root"; + group = "root"; + mode = "0755"; + } + ]; + }; +} diff --git a/modules/nixos/jaki/meta.nix b/modules/nixos/jaki/meta.nix new file mode 100644 index 0000000..57ef081 --- /dev/null +++ b/modules/nixos/jaki/meta.nix @@ -0,0 +1,31 @@ +{lib, ...}: let + nullable = type: lib.types.nullOr type; +in { + options.sils.meta = { + bootPart = lib.mkOption { + type = nullable lib.types.str; + default = null; + }; + bootstrapSystem = lib.mkEnableOption; + globalDataDir = lib.mkOption { + type = nullable lib.types.str; + default = null; + }; + hostname = lib.mkOption { + type = nullable lib.types.str; + default = null; + }; + mainDisk = lib.mkOption { + type = nullable lib.types.str; + default = null; + }; + rootPart = lib.mkOption { + type = nullable lib.types.str; + default = null; + }; + system = lib.mkOption { + type = nullable lib.types.str; + default = null; + }; + }; +} diff --git a/modules/nixos/jaki/networking.nix b/modules/nixos/jaki/networking.nix new file mode 100644 index 0000000..9ec34ab --- /dev/null +++ b/modules/nixos/jaki/networking.nix @@ -0,0 +1,63 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.sils.networking; +in { + options.sils.networking.enable = lib.mkEnableOption "networking"; + config = lib.mkIf cfg.enable { + services.resolved.enable = true; + networking = { + enableIPv6 = false; + useNetworkd = false; + #useDHCP = true; + networkmanager = { + enable = true; + plugins = with pkgs; [ + networkmanager-openvpn + ]; + }; + nftables.enable = true; + firewall = { + enable = true; + }; + #nameservers = ["2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112"]; + #wireless = { + # enable = false; # TODO: Reenable + # environmentFile = config.age.secrets.wireless.path; + # networks = { + # # Important: Never forget the second '@'! + # "@SSID_N0@".psk = "@PSK_N0@"; + # "@SSID_N1@".psk = "@PSK_N1@"; + # "@SSID_N2@" = { + # hidden = true; + # psk = "@PSK_N2@"; + # }; + # "@SSID_N3@".psk = "@PSK_N3@"; + # "@SSID_N4@" = { + # auth = '' + # proto=RSN + # key_mgmt=WPA-EAP + # pairwise=CCMP + # auth_alg=OPEN + # eap=PEAP + # identity="@IDENTITY_N4@" + # password="@PSK_N4@" + # ca_cert="${self}/files/DNSX-CA.pem" + # ''; + # }; + # "@SSID_N5@".psk = "@PSK_N5@"; + # "GPN-Open".auth = '' + # key_mgmt=OWE + # ''; + # }; + # userControlled = { + # enable = true; + # group = "wheel"; # TODO: Change this? + # }; + #}; + }; + }; +} diff --git a/modules/nixos/jaki/nix.nix b/modules/nixos/jaki/nix.nix new file mode 100644 index 0000000..9d73fcd --- /dev/null +++ b/modules/nixos/jaki/nix.nix @@ -0,0 +1,66 @@ +{ + self, + config, + nixpkgs, + lib, + ... +}: let + cfg = config.sils.nix-config; +in { + options.sils.nix-config = { + enable = lib.mkEnableOption "nix config"; + remoteBuild = lib.mkEnableOption "remote builds"; + }; + config = { + nix = { + registry = { + nixpkgs.flake = self.inputs.nixpkgs; + n.flake = self.inputs.nixpkgs; + self.flake = self; + s.flake = self; + }; + channel.enable = false; + distributedBuilds = cfg.remoteBuild; + buildMachines = [ + { + hostName = "server1.vhack.eu"; + protocol = "ssh-ng"; + system = "x86_64-linux"; + supportedFeatures = ["big-parallel"]; + } + ]; + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 3"; + }; + settings = { + auto-optimise-store = true; + commit-lockfile-summary = "flake.lock: update"; + experimental-features = ["nix-command" "flakes"]; + substituters = [ + "https://cache.garnix.io" + "https://hyprland.cachix.org" + ]; + trusted-public-keys = [ + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + ]; + }; + }; + home-manager.users.root.home = { + #lib.mkIf cfg.remoteBuild { TODO Why does this fail? + username = "root"; + homeDirectory = "/root"; + stateVersion = "23.05"; + file.".ssh/config" = { + text = '' + Host server1.vhack.eu + IdentitiesOnly yes + IdentityFIle ${config.age.secrets.nixremote.path} + User nixremote + ''; + }; + }; + }; +} diff --git a/modules/nixos/jaki/pamconfig.nix b/modules/nixos/jaki/pamconfig.nix new file mode 100644 index 0000000..4e9f3eb --- /dev/null +++ b/modules/nixos/jaki/pamconfig.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.pamconfig; +in { + options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig"; + config = lib.mkIf cfg.enable { + security.pam = { + services = { + swaylock = {}; + sudo = { + u2fAuth = true; + }; + login = { + u2fAuth = true; + }; + }; + u2f = { + enable = true; + settings = { + cue = true; + authFile = config.age.secrets.pamu2f-mappings.path; + }; + }; + }; + }; +} diff --git a/modules/nixos/jaki/plasma.nix b/modules/nixos/jaki/plasma.nix new file mode 100644 index 0000000..f196447 --- /dev/null +++ b/modules/nixos/jaki/plasma.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.plasma; +in { + options.sils.plasma.enable = lib.mkEnableOption "KDE Plasma"; + config = lib.mkIf cfg.enable { + services = { + greetd.enable = lib.mkForce false; + tlp.enable = lib.mkForce false; + displayManager.sddm = { + enable = true; + settings.General.DisplayServer = "wayland"; + wayland.enable = true; + }; + desktopManager.plasma6 = { + enable = true; + }; + }; + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + kwallet + kwallet-pam + kwalletmanager + ]; + }; +} diff --git a/modules/nixos/jaki/plymouth.nix b/modules/nixos/jaki/plymouth.nix new file mode 100644 index 0000000..8e39220 --- /dev/null +++ b/modules/nixos/jaki/plymouth.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.plymouth; +in { + options.sils.plymouth.enable = lib.mkEnableOption "Enable Plymouth"; + config = lib.mkIf cfg.enable { + boot.plymouth.enable = true; + }; +} diff --git a/modules/nixos/jaki/printing.nix b/modules/nixos/jaki/printing.nix new file mode 100644 index 0000000..44b2a10 --- /dev/null +++ b/modules/nixos/jaki/printing.nix @@ -0,0 +1,44 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.printing; +in { + options.sils.printing.enable = lib.mkEnableOption "printing configuration"; + config = lib.mkIf cfg.enable { + services = { + printing = { + enable = true; + cups-pdf.enable = true; + startWhenNeeded = true; + webInterface = true; + stateless = true; + drivers = with pkgs; [epson-escpr epson-escpr2 hplip]; + }; + avahi = { + enable = true; + nssmdns4 = true; + nssmdns6 = true; + openFirewall = true; + }; + }; + + hardware.printers = { + ensureDefaultPrinter = "EPSON_ET-2720_Series"; + ensurePrinters = [ + { + name = "EPSON_ET-2720_Series"; + description = "EPSON ET-2720 Series"; + model = "epson-inkjet-printer-escpr/Epson-ET-2720_Series-epson-escpr-en.ppd"; + location = "Home Network"; + deviceUri = "dnssd://EPSON%20ET-2720%20Series._ipp._tcp.local/?uuid=cfe92100-67c4-11d4-a45f-e0bb9edcdbb9"; + ppdOptions = { + PageSize = "A4"; + }; + } + ]; + }; + }; +} diff --git a/modules/nixos/jaki/roles.nix b/modules/nixos/jaki/roles.nix new file mode 100644 index 0000000..52bfb54 --- /dev/null +++ b/modules/nixos/jaki/roles.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + ... +}: let + roleCmp = string: config.role.sils == string; +in { + config.sils = + if roleCmp "laptop" + then { + apparmor.enable = lib.mkDefault true; + basesystem.enable = lib.mkDefault true; + bluetooth.enable = lib.mkDefault true; + bootloader = lib.mkDefault "lanzaboote"; + disks.enable = lib.mkDefault true; + gnome.enable = lib.mkDefault true; + graphics.enable = lib.mkDefault true; + environment.enable = lib.mkDefault true; + firejail.enable = false; + font.enable = lib.mkDefault true; + hyprland.enable = lib.mkDefault true; + impermanence.enable = lib.mkDefault true; + networking.enable = lib.mkDefault true; + nix-config.enable = lib.mkDefault true; + pamconfig.enable = lib.mkDefault true; + plasma.enable = lib.mkDefault false; + plymouth.enable = lib.mkDefault true; + printing.enable = lib.mkDefault true; + sound.enable = lib.mkDefault true; + steam.enable = lib.mkDefault true; + sway.enable = lib.mkDefault false; + theming.enable = lib.mkDefault true; + tailscale = { + enable = lib.mkDefault false; + role = "client"; + }; + tor.enable = lib.mkDefault true; + } + else if roleCmp "laptop-light" + then { + apparmor.enable = lib.mkDefault true; + basesystem.enable = lib.mkDefault true; + bluetooth.enable = lib.mkDefault true; + bootloader = lib.mkDefault "lanzaboote"; + disks.enable = lib.mkDefault true; + graphics.enable = lib.mkDefault true; + environment.enable = lib.mkDefault true; + firejail.enable = false; + font.enable = lib.mkDefault true; + hyprland.enable = lib.mkDefault true; + impermanence.enable = lib.mkDefault true; + networking.enable = lib.mkDefault true; + nix-config.enable = lib.mkDefault true; + pamconfig.enable = lib.mkDefault true; + plymouth.enable = lib.mkDefault false; + printing.enable = lib.mkDefault true; + sound.enable = lib.mkDefault true; + sway.enable = lib.mkDefault false; + theming.enable = lib.mkDefault true; + } + else if roleCmp "vm" + then {} + else if roleCmp "workstation" + then { + apparmor.enable = lib.mkDefault true; + basesystem.enable = lib.mkDefault true; + bluetooth.enable = lib.mkDefault true; + bootloader = lib.mkDefault "lanzaboote"; + disks.enable = lib.mkDefault true; + graphics.enable = lib.mkDefault true; + environment.enable = lib.mkDefault true; + firejail.enable = false; + font.enable = lib.mkDefault true; + hyprland.enable = lib.mkDefault true; + impermanence.enable = lib.mkDefault true; + networking.enable = lib.mkDefault true; + nix-config.enable = lib.mkDefault true; + pamconfig.enable = lib.mkDefault true; + plymouth.enable = lib.mkDefault false; + printing.enable = lib.mkDefault true; + sound.enable = lib.mkDefault true; + sway.enable = lib.mkDefault false; + theming.enable = lib.mkDefault true; + } + else {}; +} diff --git a/modules/nixos/jaki/sound.nix b/modules/nixos/jaki/sound.nix new file mode 100644 index 0000000..3ad26fb --- /dev/null +++ b/modules/nixos/jaki/sound.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.sound; +in { + options.sils.sound.enable = lib.mkEnableOption "sound config"; + config = lib.mkIf cfg.enable { + services.pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; + }; +} diff --git a/modules/nixos/jaki/steam.nix b/modules/nixos/jaki/steam.nix new file mode 100644 index 0000000..3c834a6 --- /dev/null +++ b/modules/nixos/jaki/steam.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.steam; +in { + options.sils.steam.enable = lib.mkEnableOption "Steam"; + config = lib.mkIf cfg.enable { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "steam" + "steam-unwrapped" + ]; + programs.steam = { + enable = true; + }; + }; +} diff --git a/modules/nixos/jaki/sudo.nix b/modules/nixos/jaki/sudo.nix new file mode 100644 index 0000000..2ad117f --- /dev/null +++ b/modules/nixos/jaki/sudo.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + persistentLecture = !config.sils.sudo.persistentLecture.disable; +in { + options.sils.sudo.persistentLecture.disable = lib.mkEnableOption "sudo lecture after every boot"; + config = { + security.sudo = { + enable = true; + }; + environment.persistence.${config.sils.meta.globalDataDir}.files = lib.mkIf persistentLecture [ + { + file = "/var/db/sudo/lectured/${builtins.toString config.users.users.jaki.uid}"; + parentDirectory = { + user = "root"; + group = config.users.users.jaki.group; + mode = "0600"; + }; + } + ]; + }; +} diff --git a/modules/nixos/jaki/sway.nix b/modules/nixos/jaki/sway.nix new file mode 100644 index 0000000..4aac2f4 --- /dev/null +++ b/modules/nixos/jaki/sway.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.sway; +in { + options.sils.sway.enable = lib.mkEnableOption "sway"; + config = lib.mkIf cfg.enable { + programs.sway = { + enable = true; + package = null; + }; + }; +} diff --git a/modules/nixos/jaki/tailscale.nix b/modules/nixos/jaki/tailscale.nix new file mode 100644 index 0000000..e1f49a4 --- /dev/null +++ b/modules/nixos/jaki/tailscale.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.tailscale; +in { + options.sils.tailscale = { + enable = lib.mkEnableOption "Tailscale"; + openFirewall = true; + role = lib.mkOption { + type = lib.types.enum [ + "client" + "server" + ]; + }; + }; + config = lib.mkIf cfg.enable { + services.tailscale = { + enable = true; + authKeyFile = config.age.secrets.tailscale.path; + useRoutingFeatures = cfg.role; + extraDaemonFlags = [ + "--no-logs-no-support" + ]; + extraSetFlags = [ + "--accept-routes" + ]; + }; + networking.firewall = { + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; + checkReversePath = "loose"; + }; + systemd = { + services.tailscaled.serviceConfig.Environment = [ + "TS_DEBUG_FIREWALL_MODE=nftables" + ]; + network.wait-online.enable = false; + }; + boot.initrd.systemd.network.wait-online.enable = false; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/tailscale"; + user = "root"; + group = "root"; + mode = "0700"; + } + ]; + }; +} diff --git a/modules/nixos/jaki/theming/default.nix b/modules/nixos/jaki/theming/default.nix new file mode 100644 index 0000000..2d5d2fd --- /dev/null +++ b/modules/nixos/jaki/theming/default.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.theming; +in { + options.sils.theming.enable = lib.mkEnableOption "theming"; + config = lib.mkIf cfg.enable { + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-dark.yaml"; + image = ../../../../files/wallpaper.jpg; + polarity = "dark"; + }; + }; +} diff --git a/modules/nixos/jaki/theming/tokyo-night-dark.yaml b/modules/nixos/jaki/theming/tokyo-night-dark.yaml new file mode 100644 index 0000000..ec29944 --- /dev/null +++ b/modules/nixos/jaki/theming/tokyo-night-dark.yaml @@ -0,0 +1,18 @@ +scheme: "Tokyo Night Dark" +author: "Michaël Ball" +base00: "1A1B26" +base01: "16161E" +base02: "2F3549" +base03: "444B6A" +base04: "787C99" +base05: "A9B1D6" +base06: "CBCCD1" +base07: "D5D6DB" +base08: "C0CAF5" +base09: "A9B1D6" +base0A: "0DB9D7" +base0B: "9ECE6A" +base0C: "B4F9F8" +base0D: "2AC3DE" +base0E: "BB9AF7" +base0F: "F7768E" diff --git a/modules/nixos/jaki/tor.nix b/modules/nixos/jaki/tor.nix new file mode 100644 index 0000000..01fdc1f --- /dev/null +++ b/modules/nixos/jaki/tor.nix @@ -0,0 +1,23 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.sils.tor; +in { + options.sils.tor.enable = lib.mkEnableOption "tor"; + config = lib.mkIf cfg.enable { + services = { + tor = { + enable = true; + torsocks.enable = true; + client.enable = true; + }; + snowflake-proxy = { + enable = true; + capacity = 5; + }; + }; + }; +} diff --git a/modules/nixos/sils/apparmor.nix b/modules/nixos/sils/apparmor.nix deleted file mode 100644 index 69cec21..0000000 --- a/modules/nixos/sils/apparmor.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.apparmor; -in { - options.sils.apparmor.enable = lib.mkEnableOption "apparmor"; - config = lib.mkIf cfg.enable { - security.apparmor = { - enable = true; - }; - }; -} diff --git a/modules/nixos/sils/basesystem.nix b/modules/nixos/sils/basesystem.nix deleted file mode 100644 index 0e9f6de..0000000 --- a/modules/nixos/sils/basesystem.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: let - cfg = config.sils.basesystem; -in { - options.sils.basesystem.enable = lib.mkEnableOption "basesystem"; - - config = lib.mkIf cfg.enable { - networking.hostName = config.sils.meta.hostname; - - boot = { - initrd = { - systemd.enable = true; - availableKernelModules = ["xhci_pci" "nvme" "rtsx_pci_sdmmc"]; - kernelModules = []; - }; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; - kernelPackages = pkgs.linuxPackages_latest; - }; - - system.stateVersion = "23.05"; - - i18n.defaultLocale = "en_US.UTF-8"; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.hostPlatform = config.sils.meta.system; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware = { - cpu.intel.updateMicrocode = true; - enableRedistributableFirmware = true; - }; - - services.xserver.xkb = { - layout = "de"; - options = "grp:win_space_toggle"; - }; - console = { - font = "Lat2-Terminus16"; - keyMap = "de"; - }; - }; -} diff --git a/modules/nixos/sils/bluetooth.nix b/modules/nixos/sils/bluetooth.nix deleted file mode 100644 index 2d67717..0000000 --- a/modules/nixos/sils/bluetooth.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.bluetooth; -in { - options.sils.bluetooth.enable = lib.mkEnableOption "bluetooth"; - config = lib.mkIf cfg.enable { - hardware.bluetooth.enable = true; - }; -} diff --git a/modules/nixos/sils/bootloader.nix b/modules/nixos/sils/bootloader.nix deleted file mode 100644 index fc0e0f3..0000000 --- a/modules/nixos/sils/bootloader.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - ... -}: let - btl = config.sils.bootloader; -in { - options.sils.bootloader = lib.mkOption { - type = lib.types.enum ["lanzaboote" "grub"]; - default = "lanzaboote"; - description = "Which bootloader to use."; - }; - config.boot = - if btl == "lanzaboote" - then { - lanzaboote = { - enable = true; - configurationLimit = 10; - pkiBundle = "/etc/secureboot"; - settings = { - editor = false; - }; - }; - } - else if btl == "grub" - then { - loader.grub.enable = true; - } - else {}; -} diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix deleted file mode 100644 index db27868..0000000 --- a/modules/nixos/sils/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{...}: { - imports = [ - ./apparmor.nix - ./basesystem.nix - ./bluetooth.nix - ./bootloader.nix - ./disks.nix - ./docker.nix - ./environment.nix - ./firejail.nix - ./font.nix - ./fprintd.nix - ./gnome.nix - ./graphics.nix - ./hyprland.nix - ./impermanence.nix - ./meta.nix - ./networking.nix - ./nix.nix - ./pamconfig.nix - ./plasma.nix - ./plymouth.nix - ./printing.nix - ./roles.nix - ./sound.nix - ./steam.nix - ./sudo.nix - ./sway.nix - ./theming - ./tailscale.nix - ./tor.nix - ]; -} diff --git a/modules/nixos/sils/disks.nix b/modules/nixos/sils/disks.nix deleted file mode 100644 index bf0e2b0..0000000 --- a/modules/nixos/sils/disks.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.disks; - defaultMountOptions = [ - "noatime" # should have some performance upsides, and I don't use it anyways - "lazytime" # make time changes in memory - ]; -in { - options.sils.disks = { - enable = lib.mkEnableOption "disk setup with disko"; - - disk = lib.mkOption { - type = lib.types.path; - example = lib.literalExpression "/dev/disk/by-uuid/0442cb6d-f13a-4635-b487-fa76189774c5"; - description = "The disk used for installing the OS."; - }; - - #swap = { - # uuid = lib.mkOption { - # type = lib.types.str; - # example = lib.literalExpression "d1d20ae7-3d8a-44da-86da-677dbbb10c89"; - # description = "The uuid of the swapfile"; - # }; - # resumeOffset = lib.mkOption { - # type = lib.types.str; - # example = lib.literalExpression "134324224"; - # description = "The resume offset of the swapfile"; - # }; - #}; - }; - - config = lib.mkIf cfg.enable { - disko.devices = { - disk = { - main = { - device = cfg.disk; - content = { - type = "gpt"; - partitions = { - root = { - size = "100%"; - name = "root"; - content = { - type = "luks"; - name = "cryptroot"; - extraOpenArgs = ["--allow-discards"]; - content = { - type = "btrfs"; - extraArgs = ["-f" "--label nixos"]; # Override existing partitions - subvolumes = { - "root" = { - mountpoint = "/"; - mountOptions = defaultMountOptions; - }; - "nix" = { - mountpoint = "/nix"; - mountOptions = defaultMountOptions; - }; - "persistent-storage" = { - mountpoint = "/srv"; - mountOptions = defaultMountOptions; - }; - "persistent-storage@snapshots" = { - mountpoint = "/srv/snapshots"; - mountOptions = defaultMountOptions; - }; - "swap" = { - mountpoint = "/swap"; - mountOptions = defaultMountOptions; - }; - "home" = { - mountpoint = "/home"; - mountOptions = defaultMountOptions; - }; - }; - }; - }; - }; - MBR = { - type = "EF02"; - size = "1M"; - priority = 1; - }; - boot = { - type = "EF00"; - size = "4096M"; - name = "boot"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - }; - }; - }; - }; - nodev = { - "/tmp" = { - fsType = "tmpfs"; - mountOptions = ["defaults" "size=30G" "mode=755"]; - }; - }; - }; - fileSystems = { - "/srv" = { - neededForBoot = true; - }; - "/swap" = { - neededForBoot = true; - }; - }; - swapDevices = [ - #{ - # device = "/swap/swapfile"; - # priority = 1; # lower than zramSwap, just in case - # # size = 2048; # TODO: can nixos create a btrfs swapfile correctly? - #} - ]; - boot = { - kernelParams = [ - #"resume_offset=${cfg.swap.resumeOffset}" - ]; - #resumeDevice = "/dev/disk/by-uuid/${cfg.swap.uuid}"; - }; - }; -} diff --git a/modules/nixos/sils/docker.nix b/modules/nixos/sils/docker.nix deleted file mode 100644 index 131b857..0000000 --- a/modules/nixos/sils/docker.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.docker; -in { - options.sils.docker.enable = lib.mkEnableOption "docker"; - config = lib.mkIf cfg.enable { - virtualisation.docker = { - enable = true; - storageDriver = "btrfs"; - }; - users.users.jaki.extraGroups = ["docker"]; - environment.persistence."/srv".directories = [ - { - directory = "/var/lib/docker"; - user = "docker"; - group = "docker"; - mode = "0755"; - } - ]; - }; -} diff --git a/modules/nixos/sils/environment.nix b/modules/nixos/sils/environment.nix deleted file mode 100644 index 0ffa422..0000000 --- a/modules/nixos/sils/environment.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.environment; -in { - options.sils.environment.enable = lib.mkEnableOption "custom env vars"; - config = lib.mkIf cfg.enable { - environment = { - sessionVariables = { - XDG_CACHE_HOME = "\${HOME}/.cache"; - XDG_CONFIG_HOME = "\${HOME}/.config"; - XDG_BIN_HOME = "\${HOME}/.local/bin"; - XDG_DATA_HOME = "\${HOME}/.local/share"; - XDG_STATE_HOME = "\${HOME}/.local/state"; - ZDOTDIR = "\${HOME}/.config/zsh"; - CARGO_HOME = "\${HOME}/.local/share/cargo"; - ANDROID_HOME = "\${HOME}/.local/share/android"; - ANSIBLE_HOME = "\${HOME}/.local/share/ansible"; - #_JAVA_OPTIONS = '-Djava.util.prefs.userRoot="\${XDG_CONFIG_HOME}/java"'; - WINEPREFIX = "\${HOME}/.local/share/wine"; - GRADLE_USER_HOME = "\${HOME}/.local/share/gradle"; - GTK2_RC_FILES = "\${HOME}/.config/gtk-2.0/gtkrc"; - EDITOR = "nvim"; - GOPATH = "\${HOME}/.local/share/go"; - XCOMPOSECACHE = "\${HOME}/.cache/X11/xcompose"; - CDPATH = ".:\${HOME}:\${HOME}/repos/:\${HOME}/srv"; - NIXOS_OZONE_WL = "1"; # wayland for electron apps - - #PYTHONSTARTUP="/etc/python/pythonrc"; - - PATH = [ - "\${XDG_BIN_HOME}" - ]; - }; - etc.crypttab = { - enable = true; - text = '' - storage UUID=f4ba9aae-e34f-4a72-98ab-88787f7c1986 none tpm2-device=auto,noauto - ''; - }; - }; - }; -} diff --git a/modules/nixos/sils/firejail.nix b/modules/nixos/sils/firejail.nix deleted file mode 100644 index 5886918..0000000 --- a/modules/nixos/sils/firejail.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.firejail; -in { - options.sils.firejail.enable = lib.mkEnableOption "firejail"; - config = lib.mkIf cfg.enable { - sils.apparmor.enable = true; - programs.firejail = { - enable = true; - wrappedBinaries = { - firefox = { - executable = "${lib.getExe pkgs.firefox}"; # config.home-manager.users.jaki.programs.firefox.package}"; - profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; - }; - }; - }; - - home-manager.users.jaki.programs.firefox.package = null; - }; -} diff --git a/modules/nixos/sils/font.nix b/modules/nixos/sils/font.nix deleted file mode 100644 index e079c99..0000000 --- a/modules/nixos/sils/font.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.font; -in { - options.sils.font.enable = lib.mkEnableOption "font config"; - config = lib.mkIf cfg.enable { - fonts = { - packages = with pkgs; [ - nerd-fonts.fira-code - nerd-fonts.droid-sans-mono - nerd-fonts.lilex - nerd-fonts.symbols-only - ]; - fontconfig = { - defaultFonts = { - serif = ["Lilex"]; - sansSerif = ["Droid Sans Mono"]; - monospace = ["FiraCode"]; - }; - }; - fontDir.enable = true; - }; - }; -} diff --git a/modules/nixos/sils/fprintd.nix b/modules/nixos/sils/fprintd.nix deleted file mode 100644 index dd5c1cc..0000000 --- a/modules/nixos/sils/fprintd.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.fingerprint; -in { - options.sils.fingerprint.enable = lib.mkEnableOption "fingerprint auth"; - config = lib.mkIf cfg.enable { - services.fprintd = { - enable = true; - tod = { - enable = true; - driver = pkgs.libfprint-2-tod1-vfs0090; - }; - }; - }; -} diff --git a/modules/nixos/sils/gnome.nix b/modules/nixos/sils/gnome.nix deleted file mode 100644 index 7b798d9..0000000 --- a/modules/nixos/sils/gnome.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.gnome; -in { - options.sils.gnome.enable = lib.mkEnableOption "The Gnome DE"; - config = lib.mkIf cfg.enable { - services = { - xserver.enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - tlp.enable = lib.mkForce false; - greetd.enable = lib.mkForce false; - gnome.gnome-keyring.enable = lib.mkForce false; - }; - }; -} diff --git a/modules/nixos/sils/graphics.nix b/modules/nixos/sils/graphics.nix deleted file mode 100644 index 77f58d8..0000000 --- a/modules/nixos/sils/graphics.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib, - config, - ... -}: let - cfg = config.sils.graphics; -in { - options.sils.graphics.enable = lib.mkEnableOption "graphics"; - config = lib.mkIf cfg.enable { - hardware.graphics.enable = true; - }; -} diff --git a/modules/nixos/sils/hyprland.nix b/modules/nixos/sils/hyprland.nix deleted file mode 100644 index 73ba9c2..0000000 --- a/modules/nixos/sils/hyprland.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.hyprland; -in { - options.sils.hyprland.enable = lib.mkEnableOption "hyprland"; - config = lib.mkIf cfg.enable { - programs.hyprland = { - enable = true; - xwayland.enable = true; - }; - }; -} diff --git a/modules/nixos/sils/impermanence.nix b/modules/nixos/sils/impermanence.nix deleted file mode 100644 index cf67a91..0000000 --- a/modules/nixos/sils/impermanence.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.impermanence; -in { - options.sils.impermanence.enable = lib.mkEnableOption "impermanence to persist directories"; - config = lib.mkIf cfg.enable { - environment.persistence."/srv".directories = [ - { - directory = "/var/lib/bluetooth"; - user = "root"; - group = "root"; - mode = "0700"; - } - { - directory = "/root"; - user = "root"; - group = "root"; - mode = "0700"; - } - { - directory = "/var/lib/waydroid"; - user = "root"; - group = "root"; - mode = "0700"; - } - { - directory = "/var/lib/nixos"; - user = "root"; - group = "root"; - mode = "0755"; - } - { - directory = "/var/log"; - user = "root"; - group = "root"; - mode = "0755"; - } - ]; - }; -} diff --git a/modules/nixos/sils/meta.nix b/modules/nixos/sils/meta.nix deleted file mode 100644 index 57ef081..0000000 --- a/modules/nixos/sils/meta.nix +++ /dev/null @@ -1,31 +0,0 @@ -{lib, ...}: let - nullable = type: lib.types.nullOr type; -in { - options.sils.meta = { - bootPart = lib.mkOption { - type = nullable lib.types.str; - default = null; - }; - bootstrapSystem = lib.mkEnableOption; - globalDataDir = lib.mkOption { - type = nullable lib.types.str; - default = null; - }; - hostname = lib.mkOption { - type = nullable lib.types.str; - default = null; - }; - mainDisk = lib.mkOption { - type = nullable lib.types.str; - default = null; - }; - rootPart = lib.mkOption { - type = nullable lib.types.str; - default = null; - }; - system = lib.mkOption { - type = nullable lib.types.str; - default = null; - }; - }; -} diff --git a/modules/nixos/sils/networking.nix b/modules/nixos/sils/networking.nix deleted file mode 100644 index 9ec34ab..0000000 --- a/modules/nixos/sils/networking.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.sils.networking; -in { - options.sils.networking.enable = lib.mkEnableOption "networking"; - config = lib.mkIf cfg.enable { - services.resolved.enable = true; - networking = { - enableIPv6 = false; - useNetworkd = false; - #useDHCP = true; - networkmanager = { - enable = true; - plugins = with pkgs; [ - networkmanager-openvpn - ]; - }; - nftables.enable = true; - firewall = { - enable = true; - }; - #nameservers = ["2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112"]; - #wireless = { - # enable = false; # TODO: Reenable - # environmentFile = config.age.secrets.wireless.path; - # networks = { - # # Important: Never forget the second '@'! - # "@SSID_N0@".psk = "@PSK_N0@"; - # "@SSID_N1@".psk = "@PSK_N1@"; - # "@SSID_N2@" = { - # hidden = true; - # psk = "@PSK_N2@"; - # }; - # "@SSID_N3@".psk = "@PSK_N3@"; - # "@SSID_N4@" = { - # auth = '' - # proto=RSN - # key_mgmt=WPA-EAP - # pairwise=CCMP - # auth_alg=OPEN - # eap=PEAP - # identity="@IDENTITY_N4@" - # password="@PSK_N4@" - # ca_cert="${self}/files/DNSX-CA.pem" - # ''; - # }; - # "@SSID_N5@".psk = "@PSK_N5@"; - # "GPN-Open".auth = '' - # key_mgmt=OWE - # ''; - # }; - # userControlled = { - # enable = true; - # group = "wheel"; # TODO: Change this? - # }; - #}; - }; - }; -} diff --git a/modules/nixos/sils/nix.nix b/modules/nixos/sils/nix.nix deleted file mode 100644 index 9d73fcd..0000000 --- a/modules/nixos/sils/nix.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - self, - config, - nixpkgs, - lib, - ... -}: let - cfg = config.sils.nix-config; -in { - options.sils.nix-config = { - enable = lib.mkEnableOption "nix config"; - remoteBuild = lib.mkEnableOption "remote builds"; - }; - config = { - nix = { - registry = { - nixpkgs.flake = self.inputs.nixpkgs; - n.flake = self.inputs.nixpkgs; - self.flake = self; - s.flake = self; - }; - channel.enable = false; - distributedBuilds = cfg.remoteBuild; - buildMachines = [ - { - hostName = "server1.vhack.eu"; - protocol = "ssh-ng"; - system = "x86_64-linux"; - supportedFeatures = ["big-parallel"]; - } - ]; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 3"; - }; - settings = { - auto-optimise-store = true; - commit-lockfile-summary = "flake.lock: update"; - experimental-features = ["nix-command" "flakes"]; - substituters = [ - "https://cache.garnix.io" - "https://hyprland.cachix.org" - ]; - trusted-public-keys = [ - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - ]; - }; - }; - home-manager.users.root.home = { - #lib.mkIf cfg.remoteBuild { TODO Why does this fail? - username = "root"; - homeDirectory = "/root"; - stateVersion = "23.05"; - file.".ssh/config" = { - text = '' - Host server1.vhack.eu - IdentitiesOnly yes - IdentityFIle ${config.age.secrets.nixremote.path} - User nixremote - ''; - }; - }; - }; -} diff --git a/modules/nixos/sils/pamconfig.nix b/modules/nixos/sils/pamconfig.nix deleted file mode 100644 index 4e9f3eb..0000000 --- a/modules/nixos/sils/pamconfig.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.pamconfig; -in { - options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig"; - config = lib.mkIf cfg.enable { - security.pam = { - services = { - swaylock = {}; - sudo = { - u2fAuth = true; - }; - login = { - u2fAuth = true; - }; - }; - u2f = { - enable = true; - settings = { - cue = true; - authFile = config.age.secrets.pamu2f-mappings.path; - }; - }; - }; - }; -} diff --git a/modules/nixos/sils/plasma.nix b/modules/nixos/sils/plasma.nix deleted file mode 100644 index f196447..0000000 --- a/modules/nixos/sils/plasma.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.plasma; -in { - options.sils.plasma.enable = lib.mkEnableOption "KDE Plasma"; - config = lib.mkIf cfg.enable { - services = { - greetd.enable = lib.mkForce false; - tlp.enable = lib.mkForce false; - displayManager.sddm = { - enable = true; - settings.General.DisplayServer = "wayland"; - wayland.enable = true; - }; - desktopManager.plasma6 = { - enable = true; - }; - }; - environment.plasma6.excludePackages = with pkgs.kdePackages; [ - kwallet - kwallet-pam - kwalletmanager - ]; - }; -} diff --git a/modules/nixos/sils/plymouth.nix b/modules/nixos/sils/plymouth.nix deleted file mode 100644 index 8e39220..0000000 --- a/modules/nixos/sils/plymouth.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.plymouth; -in { - options.sils.plymouth.enable = lib.mkEnableOption "Enable Plymouth"; - config = lib.mkIf cfg.enable { - boot.plymouth.enable = true; - }; -} diff --git a/modules/nixos/sils/printing.nix b/modules/nixos/sils/printing.nix deleted file mode 100644 index 44b2a10..0000000 --- a/modules/nixos/sils/printing.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.printing; -in { - options.sils.printing.enable = lib.mkEnableOption "printing configuration"; - config = lib.mkIf cfg.enable { - services = { - printing = { - enable = true; - cups-pdf.enable = true; - startWhenNeeded = true; - webInterface = true; - stateless = true; - drivers = with pkgs; [epson-escpr epson-escpr2 hplip]; - }; - avahi = { - enable = true; - nssmdns4 = true; - nssmdns6 = true; - openFirewall = true; - }; - }; - - hardware.printers = { - ensureDefaultPrinter = "EPSON_ET-2720_Series"; - ensurePrinters = [ - { - name = "EPSON_ET-2720_Series"; - description = "EPSON ET-2720 Series"; - model = "epson-inkjet-printer-escpr/Epson-ET-2720_Series-epson-escpr-en.ppd"; - location = "Home Network"; - deviceUri = "dnssd://EPSON%20ET-2720%20Series._ipp._tcp.local/?uuid=cfe92100-67c4-11d4-a45f-e0bb9edcdbb9"; - ppdOptions = { - PageSize = "A4"; - }; - } - ]; - }; - }; -} diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix deleted file mode 100644 index 52bfb54..0000000 --- a/modules/nixos/sils/roles.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ - config, - lib, - ... -}: let - roleCmp = string: config.role.sils == string; -in { - config.sils = - if roleCmp "laptop" - then { - apparmor.enable = lib.mkDefault true; - basesystem.enable = lib.mkDefault true; - bluetooth.enable = lib.mkDefault true; - bootloader = lib.mkDefault "lanzaboote"; - disks.enable = lib.mkDefault true; - gnome.enable = lib.mkDefault true; - graphics.enable = lib.mkDefault true; - environment.enable = lib.mkDefault true; - firejail.enable = false; - font.enable = lib.mkDefault true; - hyprland.enable = lib.mkDefault true; - impermanence.enable = lib.mkDefault true; - networking.enable = lib.mkDefault true; - nix-config.enable = lib.mkDefault true; - pamconfig.enable = lib.mkDefault true; - plasma.enable = lib.mkDefault false; - plymouth.enable = lib.mkDefault true; - printing.enable = lib.mkDefault true; - sound.enable = lib.mkDefault true; - steam.enable = lib.mkDefault true; - sway.enable = lib.mkDefault false; - theming.enable = lib.mkDefault true; - tailscale = { - enable = lib.mkDefault false; - role = "client"; - }; - tor.enable = lib.mkDefault true; - } - else if roleCmp "laptop-light" - then { - apparmor.enable = lib.mkDefault true; - basesystem.enable = lib.mkDefault true; - bluetooth.enable = lib.mkDefault true; - bootloader = lib.mkDefault "lanzaboote"; - disks.enable = lib.mkDefault true; - graphics.enable = lib.mkDefault true; - environment.enable = lib.mkDefault true; - firejail.enable = false; - font.enable = lib.mkDefault true; - hyprland.enable = lib.mkDefault true; - impermanence.enable = lib.mkDefault true; - networking.enable = lib.mkDefault true; - nix-config.enable = lib.mkDefault true; - pamconfig.enable = lib.mkDefault true; - plymouth.enable = lib.mkDefault false; - printing.enable = lib.mkDefault true; - sound.enable = lib.mkDefault true; - sway.enable = lib.mkDefault false; - theming.enable = lib.mkDefault true; - } - else if roleCmp "vm" - then {} - else if roleCmp "workstation" - then { - apparmor.enable = lib.mkDefault true; - basesystem.enable = lib.mkDefault true; - bluetooth.enable = lib.mkDefault true; - bootloader = lib.mkDefault "lanzaboote"; - disks.enable = lib.mkDefault true; - graphics.enable = lib.mkDefault true; - environment.enable = lib.mkDefault true; - firejail.enable = false; - font.enable = lib.mkDefault true; - hyprland.enable = lib.mkDefault true; - impermanence.enable = lib.mkDefault true; - networking.enable = lib.mkDefault true; - nix-config.enable = lib.mkDefault true; - pamconfig.enable = lib.mkDefault true; - plymouth.enable = lib.mkDefault false; - printing.enable = lib.mkDefault true; - sound.enable = lib.mkDefault true; - sway.enable = lib.mkDefault false; - theming.enable = lib.mkDefault true; - } - else {}; -} diff --git a/modules/nixos/sils/sound.nix b/modules/nixos/sils/sound.nix deleted file mode 100644 index 3ad26fb..0000000 --- a/modules/nixos/sils/sound.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.sound; -in { - options.sils.sound.enable = lib.mkEnableOption "sound config"; - config = lib.mkIf cfg.enable { - services.pipewire = { - enable = true; - alsa = { - enable = true; - support32Bit = true; - }; - pulse.enable = true; - jack.enable = true; - }; - }; -} diff --git a/modules/nixos/sils/steam.nix b/modules/nixos/sils/steam.nix deleted file mode 100644 index 3c834a6..0000000 --- a/modules/nixos/sils/steam.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.steam; -in { - options.sils.steam.enable = lib.mkEnableOption "Steam"; - config = lib.mkIf cfg.enable { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "steam" - "steam-unwrapped" - ]; - programs.steam = { - enable = true; - }; - }; -} diff --git a/modules/nixos/sils/sudo.nix b/modules/nixos/sils/sudo.nix deleted file mode 100644 index 2ad117f..0000000 --- a/modules/nixos/sils/sudo.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - ... -}: let - persistentLecture = !config.sils.sudo.persistentLecture.disable; -in { - options.sils.sudo.persistentLecture.disable = lib.mkEnableOption "sudo lecture after every boot"; - config = { - security.sudo = { - enable = true; - }; - environment.persistence.${config.sils.meta.globalDataDir}.files = lib.mkIf persistentLecture [ - { - file = "/var/db/sudo/lectured/${builtins.toString config.users.users.jaki.uid}"; - parentDirectory = { - user = "root"; - group = config.users.users.jaki.group; - mode = "0600"; - }; - } - ]; - }; -} diff --git a/modules/nixos/sils/sway.nix b/modules/nixos/sils/sway.nix deleted file mode 100644 index 4aac2f4..0000000 --- a/modules/nixos/sils/sway.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.sway; -in { - options.sils.sway.enable = lib.mkEnableOption "sway"; - config = lib.mkIf cfg.enable { - programs.sway = { - enable = true; - package = null; - }; - }; -} diff --git a/modules/nixos/sils/tailscale.nix b/modules/nixos/sils/tailscale.nix deleted file mode 100644 index e1f49a4..0000000 --- a/modules/nixos/sils/tailscale.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.tailscale; -in { - options.sils.tailscale = { - enable = lib.mkEnableOption "Tailscale"; - openFirewall = true; - role = lib.mkOption { - type = lib.types.enum [ - "client" - "server" - ]; - }; - }; - config = lib.mkIf cfg.enable { - services.tailscale = { - enable = true; - authKeyFile = config.age.secrets.tailscale.path; - useRoutingFeatures = cfg.role; - extraDaemonFlags = [ - "--no-logs-no-support" - ]; - extraSetFlags = [ - "--accept-routes" - ]; - }; - networking.firewall = { - trustedInterfaces = ["tailscale0"]; - allowedUDPPorts = [config.services.tailscale.port]; - checkReversePath = "loose"; - }; - systemd = { - services.tailscaled.serviceConfig.Environment = [ - "TS_DEBUG_FIREWALL_MODE=nftables" - ]; - network.wait-online.enable = false; - }; - boot.initrd.systemd.network.wait-online.enable = false; - - environment.persistence."/srv".directories = [ - { - directory = "/var/lib/tailscale"; - user = "root"; - group = "root"; - mode = "0700"; - } - ]; - }; -} diff --git a/modules/nixos/sils/theming/default.nix b/modules/nixos/sils/theming/default.nix deleted file mode 100644 index 2d5d2fd..0000000 --- a/modules/nixos/sils/theming/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.sils.theming; -in { - options.sils.theming.enable = lib.mkEnableOption "theming"; - config = lib.mkIf cfg.enable { - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-dark.yaml"; - image = ../../../../files/wallpaper.jpg; - polarity = "dark"; - }; - }; -} diff --git a/modules/nixos/sils/theming/tokyo-night-dark.yaml b/modules/nixos/sils/theming/tokyo-night-dark.yaml deleted file mode 100644 index ec29944..0000000 --- a/modules/nixos/sils/theming/tokyo-night-dark.yaml +++ /dev/null @@ -1,18 +0,0 @@ -scheme: "Tokyo Night Dark" -author: "Michaël Ball" -base00: "1A1B26" -base01: "16161E" -base02: "2F3549" -base03: "444B6A" -base04: "787C99" -base05: "A9B1D6" -base06: "CBCCD1" -base07: "D5D6DB" -base08: "C0CAF5" -base09: "A9B1D6" -base0A: "0DB9D7" -base0B: "9ECE6A" -base0C: "B4F9F8" -base0D: "2AC3DE" -base0E: "BB9AF7" -base0F: "F7768E" diff --git a/modules/nixos/sils/tor.nix b/modules/nixos/sils/tor.nix deleted file mode 100644 index 01fdc1f..0000000 --- a/modules/nixos/sils/tor.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.sils.tor; -in { - options.sils.tor.enable = lib.mkEnableOption "tor"; - config = lib.mkIf cfg.enable { - services = { - tor = { - enable = true; - torsocks.enable = true; - client.enable = true; - }; - snowflake-proxy = { - enable = true; - capacity = 5; - }; - }; - }; -} -- cgit v1.3.1