massive refactoring

2026-05-09 16:17:24 +03:00
parent fa9f084702
commit 79483c0b9b
26 changed files with 370 additions and 507 deletions
@@ -1,28 +0,0 @@
 { ... }:
 {
 	nix.buildMachines = [ {
 	 hostName = "builder";
 	 system = "x86_64-linux";
         protocol = "ssh-ng";
 	 # if the builder supports building for multiple architectures, 
 	 # replace the previous line by, e.g.
 	 # systems = ["x86_64-linux" "aarch64-linux"];
 	 maxJobs = 16;
 	 speedFactor = 8;
 	 supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
 	 mandatoryFeatures = [ ];
 	}] ;
 	nix.distributedBuilds = true;
 	# optional, useful when the builder has a faster internet connection than yours
 	nix.extraOptions = ''
 	  builders-use-substitutes = true
 	'';
 	programs.ssh.extraConfig = ''
        Host builder	
 	HostName 192.168.1.222
 	Port 22
 	StrictHostKeyChecking=accept-new
        '';
 }
@@ -1,4 +0,0 @@
 { ... }:
 {
  	services.xserver.desktopManager.xfce.enable = true;
 }
@@ -1,8 +0,0 @@
 {...}:
 {
  # Enable the COSMIC login manager
  services.displayManager.cosmic-greeter.enable = true;
  # Enable the COSMIC desktop environment
  services.desktopManager.cosmic.enable = true;
 }
@@ -46,19 +46,26 @@
        modules = [
          impermanence.nixosModules.impermanence
          asus-numberpad-driver.nixosModules.default
          ./desktop/kde.nix
          ./hosts/generic/configuration_generic.nix
          ./hosts/generic/users.nix
-          ./hosts/Ratchet/hardware-Ratchet.nix
+          ./hosts/generic/networking.nix
          ./hosts/Ratchet/fingerprint.nix
          ./hosts/Ratchet/misc_Ratchet.nix
          ./hosts/generic/persistence.nix
          ./hosts/generic/cups.nix
          ./hosts/generic/security_quirks.nix
          ./desktop/kde.nix
          ./hosts/generic/unfree_allow.nix
-          ./hosts/generic/virtualization.nix
+          ./hosts/generic/persistence.nix
          ./hosts/generic/printing.nix
          ./hosts/generic/plymouth.nix
          ./hosts/generic/virtualization.nix
          ./hosts/generic/security_quirks.nix
          ./hosts/Ratchet/hardware.nix
          ./hosts/Ratchet/filesystems.nix
          ./hosts/Ratchet/fingerprint.nix
          ./hosts/Ratchet/misc.nix
          ./home/yaroslav/steam.nix
          lanzaboote.nixosModules.lanzaboote
          ({ pkgs, lib, ... }: {
            # Lanzaboote currently replaces the systemd-boot module.
@@ -84,27 +91,31 @@
          }
        ];
      };
      Aphelion = nixpkgs-unstable.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { inherit inputs; };
        modules = [
          #lix-module.nixosModules.default
          impermanence.nixosModules.impermanence
-          ./hosts/generic/persistence.nix
+          ./desktop/kde.nix
          ./hosts/generic/configuration_generic.nix
          ./hosts/generic/users.nix
          ./hosts/generic/networking.nix
          ./hosts/generic/persistence.nix
          ./hosts/generic/plymouth.nix
          ./hosts/generic/virtualization.nix
          ./hosts/generic/unfree_allow.nix
-          ./hosts/Aphelion/hardware-Aphelion.nix
+          ./hosts/generic/printing.nix
-          ./hosts/Aphelion/sunshine.nix
+          ./hosts/generic/nix-ld.nix
-          ./desktop/kde.nix
+
          ./hosts/Aphelion/hardware.nix
          ./hosts/Aphelion/filesystems.nix
          ./hosts/Aphelion/media.nix
          ./hosts/Aphelion/misc.nix
          ./home/yaroslav/steam.nix
-          ./hosts/generic/teamspeak.nix
+
          ./hosts/Aphelion/nfs.nix
          ./hosts/generic/cups.nix
 #          ./hosts/generic/zapret.nix
          ./hosts/Aphelion/dlna.nix
          ./hosts/Aphelion/Aphelion_misc.nix
          lanzaboote.nixosModules.lanzaboote
          ({ pkgs, lib, ... }: {
            # Lanzaboote currently replaces the systemd-boot module.
@@ -117,6 +128,7 @@
              pkiBundle = "/var/lib/sbctl";
            };
          })
          home-manager.nixosModules.home-manager
          {
            home-manager.useUserPackages = true;
@@ -130,6 +142,7 @@
          }
        ];
      };
      Qwark = nixpkgs-stable.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { inherit inputs; };
@@ -141,7 +154,6 @@
 	        ./hosts/Quark/smb.nix
 	        ./hosts/Quark/sound.nix
          ./hosts/generic/virtualization.nix
 	  ./desktop/cinnamon.nix
          hm-stable.nixosModules.home-manager {
            home-manager.useUserPackages = true;
            home-manager.users.yaroslav = {
@@ -0,0 +1,53 @@
 # filesystem and storage specific options for Aphelion
 {...}:
 {
  boot.initrd.clevis = {
    enable = true;
    devices."aphelion-zroot/data/sensitive".secretFile = ../../secrets/Aphelion/sensitive.jwe;
    devices."aphelion-zroot/nix-enc".secretFile = ../../secrets/Aphelion/sensitive.jwe;
  };
  fileSystems = {
    "/" = { 
      device = "none";
      fsType = "tmpfs";
      options = ["defaults" "mode=755"];
    };
    "/boot" = { 
      device = "/dev/disk/by-uuid/278A-0FB0";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
    "/nix" = { 
      device = "aphelion-zroot/nix-enc";
      fsType = "zfs";
    };
    "/home" = {
      device = "aphelion-zroot/home";
      fsType = "zfs";
    };
    "/home/yaroslav/.local/share/Steam"= { 
      device = "aphelion-zroot/data/steam";
      fsType = "zfs";
    };
    "/Volumes/Trash" = {
        device = "/dev/yarikpc/trash";
        fsType = "ext4";
        options = [ "x-mount.mkdir" "rw" ];
    };
    "/Volumes/Games" = {
        device = "/dev/yarikpc/games";
        fsType = "ext4";
        options = [ "x-mount.mkdir" "rw" ];
    };
    "/Volumes/Sensitive" = {
        device = "aphelion-zroot/data/sensitive";
        fsType = "zfs";
        options = [ "x-mount.mkdir" "rw" ];
    };
  };
  services.nfs.server.enable = true;
  services.nfs.server.exports = ''
    /Volumes/Trash  192.168.1.0/24(rw)
    '';
 }
@@ -1,113 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.supportedFilesystems = [ "zfs" ];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.zfs.package = pkgs.zfs_2_4;
  boot.initrd.clevis = {
    enable = true;
    devices."aphelion-zroot/data/sensitive".secretFile = ../../secrets/Aphelion/sensitive.jwe;
    devices."aphelion-zroot/nix-enc".secretFile = ../../secrets/Aphelion/sensitive.jwe;
  };
  fileSystems."/" =
    { device = "none";
    fsType = "tmpfs";
    options = ["defaults" "mode=755"];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/278A-0FB0";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  fileSystems."/nix" =
    { device = "aphelion-zroot/nix-enc";
      fsType = "zfs";
    };
  fileSystems."/home" =
    { device = "aphelion-zroot/home";
      fsType = "zfs";
    };
  fileSystems."/home/yaroslav/.local/share/Steam"=
    { device = "aphelion-zroot/data/steam";
      fsType = "zfs";
    };
    fileSystems."/Volumes/Trash" =
      {
        device = "/dev/yarikpc/trash";
        fsType = "ext4";
        options = [ "x-mount.mkdir" "rw" ];
      };
    fileSystems."/Volumes/Games" =
      {
        device = "/dev/yarikpc/games";
        fsType = "ext4";
        options = [ "x-mount.mkdir" "rw" ];
      };
    fileSystems."/Volumes/Sensitive" =
      {
        device = "aphelion-zroot/data/sensitive";
        fsType = "zfs";
        options = [ "x-mount.mkdir" "rw" ];
      };
 #    fileSystems."/Volumes/ssd_g" =
 #      {
 #        device = "/dev/disk/by-id/ata-KINGSTON_SA400S37240G_50026B77846D940A-part1";
 #        fsType = "btrfs";
 #        options = [ "x-mount.mkdir" "rw" ];
 #      };
  swapDevices = [ ];
  hardware.graphics.extraPackages = with pkgs; [
    rocmPackages.clr.icd
  ];
  systemd.tmpfiles.rules = [
    "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
  ];
  #chaotic.mesa-git.enable = true;
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  networking.firewall.allowedTCPPorts = [ 42420 25565 ];
  networking.firewall.allowedUDPPorts = [ 5900 ];
  networking.firewall.trustedInterfaces = [ "enp12s0" "wlp11s0" "wg0"];
  #networking.firewall.enable = false;
  # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
  hardware.bluetooth.enable = true; # enables support for Bluetooth
  hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
  services.lact = {
    enable = true;
  };
  services.hardware.openrgb.enable = true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  system.stateVersion = "25.11";
  networking.hostName = "Aphelion";
  networking.hostId = "b7fa9c25";
 }
@@ -0,0 +1,47 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.supportedFilesystems = [ "zfs" ];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.zfs.package = pkgs.zfs_2_4;
  swapDevices = [ ];
  hardware.graphics.extraPackages = with pkgs; [
    rocmPackages.clr.icd
  ];
  systemd.tmpfiles.rules = [
    "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  #networking.firewall.enable = false;
  # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
  hardware.bluetooth.enable = true; # enables support for Bluetooth
  hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
  services.lact = {
    enable = true;
  };
  services.hardware.openrgb.enable = true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  system.stateVersion = "25.11";
  networking.hostName = "Aphelion";
  networking.hostId = "b7fa9c25";
 }
@@ -1,3 +1,4 @@
 # various entertainment-related services
 { ... }:
 {
  services.minidlna = {
@@ -10,4 +11,11 @@
    };
    openFirewall = true;
  };
  services.sunshine = {
    enable = true;
    autoStart = true;
    capSysAdmin = true;
    openFirewall = true;
  };
  programs.noisetorch.enable = true;
 }
@@ -4,8 +4,7 @@
  nixpkgs.overlays = [ inputs.millennium.overlays.default ];
  virtualisation.waydroid.enable = true;
  services.flatpak.enable = true;
-  programs.throne.enable = true;
+  
  programs.throne.tunMode.enable = true;
  programs.obs-studio.enable = true;
  programs.obs-studio.enableVirtualCamera = true;
  boot.extraModulePackages = with config.boot.kernelPackages; [
@@ -15,36 +14,15 @@
  boot.extraModprobeConfig = ''
    options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
  '';
  security.polkit.enable = true;
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "ida-free"
    "pantum-driver"
  ];
  programs.hyprland.enable = true;
  networking.interfaces.enp12s0.wakeOnLan.enable = true;
  networking.interfaces.enp12s0.wakeOnLan.policy = [ "magic" ];
  # build substituter
  users.users.nixremote = {
    isNormalUser = true;
    createHome = false;
    group = "nixremote";
    openssh.authorizedKeys.keys = [  
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIt6Ts4SNWXv2hObOOKyyxXr/6iZBRZXEwE0mtEpCa8X root@Ratchet"
    ];
  };
  users.groups.nixremote = {};
  services.nix-serve.secretKeyFile = "/home/store_secret.pem";
-  nix.settings.trusted-users = [ "nixremote" ];
+  services.displayManager.plasma-login-manager.enable = true;
 #  services.xrdp.enable = true;
 #  services.xrdp.defaultWindowManager = "startplasma-x11";
 #  services.xrdp.openFirewall = true;
 }
@@ -0,0 +1,12 @@
 {...} : 
 {
  networking.firewall.allowedTCPPorts = [ 42420 25565 2049 ]; # 2049 - nfs, 25565 - generic
  networking.firewall.allowedUDPPorts = [ 5900 ]; # 5900 - vnc
  networking.firewall.trustedInterfaces = [ "enp12s0" "wlp11s0"];
  # WoL
  networking.interfaces.enp12s0.wakeOnLan.enable = true;
  networking.interfaces.enp12s0.wakeOnLan.policy = [ "magic" ];
  # throne
  programs.throne.enable = true;
  programs.throne.tunMode.enable = true;
 }
@@ -1,8 +0,0 @@
 { ... }:
 {
  services.nfs.server.enable = true;
  services.nfs.server.exports = ''
    /Volumes/Trash  192.168.1.0/24(rw)
    '';
  networking.firewall.allowedTCPPorts = [ 2049 ];
 }
@@ -1,12 +0,0 @@
 { ... }:
 { 
  boot.initrd.kernelModules = [ "nvidia" ];
  hardware.graphics.enable = true;
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = true;
    open = true;
    nvidiaSettings = true;
  };
 }
@@ -1,10 +0,0 @@
 { ... }:
 {
  services.sunshine = {
    enable = true;
    autoStart = true;
    capSysAdmin = true;
    openFirewall = true;
  };
  programs.noisetorch.enable = true;
 }
@@ -0,0 +1,49 @@
 {...}:
 {
  boot.initrd.clevis = {
    enable = true;
    devices."luks-zroot".secretFile = ../../secrets/Ratchet/main.jwe;
    devices."luks-swap".secretFile = ../../secrets/Ratchet/main.jwe;
  };
  boot.initrd.luks.devices = {
    luks-zroot.device = "/dev/nvme0n1p2";
    luks-swap.device = "/dev/nvme0n1p3";
  };
  boot.zfs.requestEncryptionCredentials = [ ];
  swapDevices = [ { device = "/dev/mapper/luks-swap"; } ];
  boot.kernel.sysctl."vm.swappiness" = 0;
  fileSystems = {
    "/" = {
      device = "none";
      fsType = "tmpfs";
      options = ["defaults" "size=1G" "mode=755"];
    };
    "/nix" = { 
      device = "ratchet-zroot/system/nix";
      fsType = "zfs";
    };
    "/home" = {
      device = "ratchet-zroot/system/home";
      fsType = "zfs";
    };
    "/boot" = { 
      device = "/dev/nvme0n1p1";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
    "/home/yaroslav/tmp" = {
      device = "none";
      fsType = "tmpfs";
    };
    "/Volumes/Trash" = {
      device = "aphelion:/Volumes/Trash";
      options = ["x-mount.mkdir" "user" "rw" "noauto" ];
      fsType = "nfs";
    };
  };
 }
@@ -5,19 +5,5 @@
    wantedBy = [ "multi-user.target" ];
    serviceConfig.Type = "simple";
  };
 # Install the driver
  services.fprintd.enable = true;
 # If simply enabling fprintd is not enough, try enabling fprintd.tod...
  #services.fprintd.tod.enable = true;
 # ...and use one of the next four drivers
  #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # Goodix driver module
 # services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan; # Elan(04f3:0c4b) driver
 # services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # (Marked as broken as of 2025/04/23!) driver for 2016 ThinkPads
 # services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo)
 # however for focaltech 2808:a658, use fprintd with overidden package (without tod)
 # services.fprintd.package = pkgs.fprintd.override {
 #   libfprint = pkgs.libfprint-focaltech-2808-a658;
 # };
 }
@@ -1,6 +1,3 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
@@ -14,55 +11,8 @@
  boot.extraModulePackages = [ ];
  boot.extraModprobeConfig = "options kvm_amd nested=1";
  boot.initrd.clevis = {
    enable = true;
    devices."luks-zroot".secretFile = ../../secrets/Ratchet/main.jwe;
    devices."luks-swap".secretFile = ../../secrets/Ratchet/main.jwe;
  };
  boot.initrd.luks.devices = {
    luks-zroot.device = "/dev/nvme0n1p2";
    luks-swap.device = "/dev/nvme0n1p3";
  };
  fileSystems."/" =
    { device = "none";
      fsType = "tmpfs";
      options = ["defaults" "size=1G" "mode=755"];
    };
  fileSystems."/nix" =
    { device = "ratchet-zroot/system/nix";
      fsType = "zfs";
    };
  fileSystems."/home" =
    { device = "ratchet-zroot/system/home";
      fsType = "zfs";
    };
  fileSystems."/boot" =
    { device = "/dev/nvme0n1p1";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  fileSystems."/home/yaroslav/tmp" =
    {
      device = "none";
      fsType = "tmpfs";
    };
  fileSystems."/Volumes/Trash" = 
  {
    device = "aphelion:/Volumes/Trash";
    options = ["x-mount.mkdir" "user" "rw" "noauto" ];
    fsType = "nfs";
  };
  boot.zfs.requestEncryptionCredentials = [
  ];
  services.nfs.server.enable = true;
-  swapDevices = [ { device = "/dev/mapper/luks-swap"; } ];
+  
  boot.kernel.sysctl."vm.swappiness" = 0;
  boot.zfs.allowHibernation = true;
  boot.zfs.forceImportRoot = false;
  boot.supportedFilesystems = [ "zfs" ];
@@ -83,15 +33,12 @@
    };
  };
 # chaotic.mesa-git.enable = true;
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
  networking.hostName = "Ratchet";
  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@@ -0,0 +1,15 @@
 { inputs, config, pkgs, ...}:
 {
  virtualisation.waydroid.enable = true;
  hardware.opentabletdriver.enable = true;
  # Required by OpenTabletDriver
  hardware.uinput.enable = true;
  boot.kernelModules = [ "uinput" ];
  # millenium steam
  nixpkgs.overlays = [ inputs.millennium.overlays.default ];
  services.flatpak.enable = true;
  programs.throne.enable = true;
  programs.throne.tunMode.enable = true;
 }
@@ -1,37 +0,0 @@
 { inputs, config, pkgs, ...}:
 {
  nix.buildMachines = [ {
 	 hostName = "Aphelion";
 	 system = "x86_64-linux";
         protocol = "ssh-ng";
 	 # if the builder supports building for multiple architectures, 
 	 # replace the previous line by, e.g.
 	 # systems = ["x86_64-linux" "aarch64-linux"];
 	 maxJobs = 16;
 	 speedFactor = 2;
 	 supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
 	 mandatoryFeatures = [ ];
 	}] ;
 #	nix.distributedBuilds = true;
 	# optional, useful when the builder has a faster internet connection than yours
 #	nix.extraOptions = ''
 #	  builders-use-substitutes = true
 #       '';
 #       nix.settings.trusted-public-keys = [
 #         "Aphelion:8l9lrL3kszDTXkpA/R4ZFhSifiBoogiOIt1srgLb6Vw="
 #       ];
 #       nix.settings.extra-substituters = [
 #         "ssh-ng://nixremote@Aphelion"
 #       ];
  virtualisation.waydroid.enable = true;
  hardware.opentabletdriver.enable = true;
  # Required by OpenTabletDriver
  hardware.uinput.enable = true;
  boot.kernelModules = [ "uinput" ];
  # millenium steam
  nixpkgs.overlays = [ inputs.millennium.overlays.default ];
  services.flatpak.enable = true;
  programs.throne.enable = true;
  programs.throne.tunMode.enable = true;
 }
@@ -1,15 +1,12 @@
 { config, lib, pkgs, ... }:
 {
  nix.settings.experimental-features = [ "nix-command" "flakes"];
  time.timeZone = "Europe/Moscow";
  # loader setup
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  }; 
  # timezone
  time.timeZone = "Europe/Moscow";
  programs.zsh.enable = true;
  programs.fish.enable = true;
@@ -19,8 +16,6 @@
    nfs-utils
    sbctl
  ];
  #enable scanner support
  hardware.sane.enable = true;
  nixpkgs.config.allowUnfree = true;
@@ -37,154 +32,6 @@
  services.openssh.enable = true;
  services.openssh.settings.X11Forwarding = true;
  # networking
  networking.networkmanager = {
    enable = true;
    plugins = with pkgs; [
      networkmanager-openvpn
    ];
  };
  networking.firewall.allowedTCPPorts = [ 22 3240 2049 25565 554 80 27040 8044 38008 47989 48010 48000];
  networking.firewall.allowedUDPPorts = [ 38401 25565 554 80 27031 27032 27033 27034 27035 27036 3658 38008 47998 47999 47800 48010 48000];
  networking.nftables.enable = true;
  # tailscale
  services.tailscale.enable = true;
  # fking nix-ld
  programs.nix-ld = {
    enable = true;
    libraries = with pkgs; [
      ## Put here any library that is required when running a package
      ## ...
      ## Uncomment if you want to use the libraries provided by default in the steam distribution
      ## but this is quite far from being exhaustive
      ## https://github.com/NixOS/nixpkgs/issues/354513
      (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib")
      kdePackages.qtwayland
      kdePackages.qtbase
      kdePackages.qtsvg
      kdePackages.qtmultimedia
      SDL
      SDL2
      SDL2_image
      SDL2_mixer
      SDL2_ttf
      SDL_image
      SDL_mixer
      SDL_ttf
      alsa-lib
      at-spi2-atk
      at-spi2-core
      atk
      bzip2
      cairo
      cups
      curlWithGnuTls
      dbus
      dbus-glib
      desktop-file-utils
      e2fsprogs
      expat
      flac
      fontconfig
      freeglut
      freetype
      fribidi
      fuse
      fuse3
      gdk-pixbuf
      glew110
      glib
      gmp
      gst_all_1.gst-plugins-base
      gst_all_1.gst-plugins-ugly
      gst_all_1.gstreamer
      gtk2
      harfbuzz
      icu
      keyutils.lib
      libGL
      libGLU
      libappindicator-gtk2
      libcaca
      libcanberra
      libcap
      libclang.lib
      libdbusmenu
      libdrm
      libgcrypt
      libgpg-error
      libidn
      libjack2
      libjpeg
      libmikmod
      libogg
      libpng12
      libpulseaudio
      librsvg
      libsamplerate
      libsecret
      libthai
      libtheora
      libtiff
      libudev0-shim
      libusb1
      libuuid
      libvdpau
      libvorbis
      libvpx
      libxcrypt-legacy
      libxkbcommon
      libxml2
      mesa
      nspr
      nss
      openssl
      p11-kit
      pango
      pixman
      python3
      speex
      stdenv.cc.cc
      tbb
      udev
      vulkan-loader
      wayland
      webkitgtk_4_1
      libICE
      libSM
      libX11
      libXScrnSaver
      libXcomposite
      libXcursor
      libXdamage
      libXext
      libXfixes
      libXft
      libXi
      libXinerama
      libXmu
      libXrandr
      libXrender
      libXt
      libXtst
      libXxf86vm
      libpciaccess
      libxcb
      xcbutil
      xcbutilimage
      xcbutilkeysyms
      xcbutilrenderutil
      xcbutilwm
      xkeyboardconfig
      xz
      zlib
    ];
  };
  ## Uncomment if you used steamrun's libraries
  networking.hosts = {
    "192.168.1.116" = [ "Clank" ];
    "192.168.1.222" = [ "Aphelion" ];
@@ -0,0 +1,13 @@
 {lib, pkgs, ...}: {
  networking.useDHCP = lib.mkDefault true;
  networking.networkmanager = {
    enable = true;
    plugins = with pkgs; [
      networkmanager-openvpn
    ];
  };
  # tailscale
  services.tailscale.enable = true;
  networking.nftables.enable = true;
 }
@@ -0,0 +1,129 @@
 { pkgs, ...}:
 {
  # fking nix-ld
  programs.nix-ld = {
    enable = true;
    libraries = with pkgs; [
      (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib")
      kdePackages.qtwayland
      kdePackages.qtbase
      kdePackages.qtsvg
      kdePackages.qtmultimedia
      SDL
      SDL2
      SDL2_image
      SDL2_mixer
      SDL2_ttf
      SDL_image
      SDL_mixer
      SDL_ttf
      alsa-lib
      at-spi2-atk
      at-spi2-core
      atk
      bzip2
      cairo
      cups
      curlWithGnuTls
      dbus
      dbus-glib
      desktop-file-utils
      e2fsprogs
      expat
      flac
      fontconfig
      freeglut
      freetype
      fribidi
      fuse
      fuse3
      gdk-pixbuf
      glew_1_10
      glib
      gmp
      gst_all_1.gst-plugins-base
      gst_all_1.gst-plugins-ugly
      gst_all_1.gstreamer
      gtk2
      harfbuzz
      icu
      keyutils.lib
      libGL
      libGLU
      libappindicator-gtk2
      libcaca
      libcanberra
      libcap
      libclang.lib
      libdbusmenu
      libdrm
      libgcrypt
      libgpg-error
      libidn
      libjack2
      libjpeg
      libmikmod
      libogg
      libpng12
      libpulseaudio
      librsvg
      libsamplerate
      libsecret
      libthai
      libtheora
      libtiff
      libudev0-shim
      libusb1
      libuuid
      libvdpau
      libvorbis
      libvpx
      libxcrypt-legacy
      libxkbcommon
      libxml2
      mesa
      nspr
      nss
      openssl
      p11-kit
      pango
      pixman
      python3
      speex
      stdenv.cc.cc
      tbb
      udev
      vulkan-loader
      wayland
      webkitgtk_4_1
      libICE
      libSM
      libX11
      libXScrnSaver
      libXcomposite
      libXcursor
      libXdamage
      libXext
      libXfixes
      libXft
      libXi
      libXinerama
      libXmu
      libXrandr
      libXrender
      libXt
      libXtst
      libXxf86vm
      libpciaccess
      libxcb
      xcbutil
      xcbutilimage
      xcbutilkeysyms
      xcbutilrenderutil
      xcbutilwm
      xkeyboardconfig
      xz
      zlib
    ];
  };
 }
@@ -1,6 +1,5 @@
 { pkgs, ... }: {
  boot = {
    plymouth = {
      enable = true;
      theme = "nixos-bgrt";
@@ -9,7 +8,6 @@
        nixos-bgrt-plymouth
      ];
    };
    # Enable "Silent boot"
    consoleLogLevel = 3;
    initrd.verbose = false;
@@ -20,9 +18,5 @@
      "udev.log_priority=3"
      "rd.systemd.show_status=auto"
    ];
    # Hide the OS choice for bootloaders.
    # It's still possible to open the bootloader list by pressing any key
    # It will just not appear on screen unless a key is pressed
  };
 }
@@ -6,4 +6,6 @@
    nssmdns4 = true;
    openFirewall = true;
  };
  #enable scanner support
  hardware.sane.enable = true;
 }
@@ -1,7 +0,0 @@
 { ... }:
 {
  services.teamspeak3 = {
    enable = true;
    openFirewall = true;
  };
 }
@@ -21,10 +21,8 @@
    virtualisation = {
      podman = {
        enable = true;
      # Create a `docker` alias for podman, to use it as a drop-in replacement
        dockerCompat = true;
      # Required for containers under podman-compose to be able to talk to each other.
        defaultNetwork.settings.dns_enabled = true;
      };