thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: thunderbottom:381924aee19816d40769bd160f11acab73a48a7c
Branches Tags
thunderbottom:main
thunderbottom:master
..
compare: thunderbottom:8f4c7fe4cc7fe14236a746afef4e123c84508542
Branches Tags
thunderbottom:main
thunderbottom:master

No commits in common. "381924aee19816d40769bd160f11acab73a48a7c" and "8f4c7fe4cc7fe14236a746afef4e123c84508542" have entirely different histories.
381924aee1 ... 8f4c7fe4cc

5 changed files with 130 additions and 202 deletions
Show Stats Expand all files Collapse all files

10
flake.nix
View File

@ -19,14 +19,14 @@
systems.modules.nixos = with inputs; [ systems.modules.nixos = with inputs; [
agenix.nixosModules.age agenix.nixosModules.age
chaotic.nixosModules.default
disko.nixosModules.disko disko.nixosModules.disko
nur.nixosModules.nur
srvos.nixosModules.common srvos.nixosModules.common
srvos.nixosModules.mixins-systemd-boot srvos.nixosModules.mixins-systemd-boot
]; ];
systems.hosts.thonkpad.modules = [ systems.hosts.thonkpad.modules = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
]; ];
systems.hosts.thonkpad.specialArgs = { systems.hosts.thonkpad.specialArgs = {
@ -39,10 +39,6 @@
}; };
systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server]; systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server];
homes.modules = with inputs; [
nur.hmModules.nur
];
overlays = [(_: prev: {inherit (inputs.maych-in.packages.${prev.system}) maych-in;})]; overlays = [(_: prev: {inherit (inputs.maych-in.packages.${prev.system}) maych-in;})];
channels-config.allowUnfree = true; channels-config.allowUnfree = true;
@ -74,8 +70,6 @@
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "nixpkgs"; agenix.inputs.home-manager.follows = "nixpkgs";
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs";

246
homes/x86_64-linux/chnmy@thonkpad/default.nix
View File

@ -1,6 +1,6 @@
{ {
config, config,
lib, inputs,
pkgs, pkgs,
... ...
}: { }: {
@ -31,170 +31,100 @@
programs.firefox = { programs.firefox = {
enable = true; enable = true;
policies = { package = inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.override {
DisableFirefoxStudies = true; cfg = {
EnableTrackingProtection = { pipewireSupport = true;
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
OfferToSaveLoginsDefault = false;
DisableTelemetry = true;
DisablePocket = true;
DisableFirefoxAccounts = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
DisplayMenuBar = "default-off";
SearchBar = "unified";
NoDefaultBookmarks = true;
DisplayBookmarksToolbar = "never";
Preferences = let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = false;
Status = "locked";
};
lock-empty-string = {
Value = false;
Status = "locked";
};
in {
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
# Remove poluting defaults
"extensions.pocket.enabled" = lock-false;
# Remove default top sites
"browser.topsites.contile.enabled" = lock-false;
"browser.urlbar.suggest.topsites" = lock-false;
# Remove sponsored sites
"browser.newtabpage.pinned" = lock-empty-string;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
# Remove firefox shiny buttons
"browser.tabs.firefox-view" = false;
"browser.tabs.firefox-view-next" = false;
# Style
"browser.compactmode.show" = lock-true;
"browser.uidensity" = {
Value = 1;
Status = "locked";
};
# Fonts - make web pages follow system font
"browser.display.use_document_fonts" = {
Value = 0;
Status = "locked";
};
}; };
}; };
profiles.ff = { # extensions = with config.nur.repos.rycee.firefox-addons; [
extensions = with config.nur.repos.rycee.firefox-addons; [ # bitwarden
bitwarden # clearurls
clearurls # duckduckgo-privacy-essentials
duckduckgo-privacy-essentials # reddit-enhancement-suite
reddit-enhancement-suite # sponsorblock
sponsorblock # ublock-origin
ublock-origin # ];
]; # policies = {
bookmarks = {}; # DisableFirefoxStudies = true;
settings = { # EnableTrackingProtection = {
"browser.startup.homepage" = "about:home"; # Value = true;
# Locked = true;
# Cryptomining = true;
# Fingerprinting = true;
# };
# OfferToSaveLoginsDefault = false;
# Disable irritating first-run stuff # DisableTelemetry = true;
"browser.disableResetPrompt" = true; # DisablePocket = true;
"browser.download.panel.shown" = true; # DisableFirefoxAccounts = true;
"browser.feeds.showFirstRunUI" = false; # OverrideFirstRunPage = "";
"browser.messaging-system.whatsNewPanel.enabled" = false; # OverridePostUpdatePage = "";
"browser.rights.3.shown" = true; # DontCheckDefaultBrowser = true;
"browser.shell.checkDefaultBrowser" = false; # DisplayMenuBar = "default-off";
"browser.shell.defaultBrowserCheckCount" = 1; # SearchBar = "unified";
"browser.startup.homepage_override.mstone" = "ignore"; # NoDefaultBookmarks = true;
"browser.uitour.enabled" = false; # DisplayBookmarksToolbar = "never";
"startup.homepage_override_url" = ""; # Preferences = let
"trailhead.firstrun.didSeeAboutWelcome" = true; # lock-false = {
"browser.bookmarks.restore_default_bookmarks" = false; # Value = false;
"browser.bookmarks.addedImportButton" = true; # Status = "locked";
# };
# lock-true = {
# Value = false;
# Status = "locked";
# };
# lock-empty-string = {
# Value = false;
# Status = "locked";
# };
# in {
# "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
# Don't ask for download dir # # Remove poluting defaults
"browser.download.useDownloadDir" = false; # "extensions.pocket.enabled" = lock-false;
# Disable crappy home activity stream page # # Remove default top sites
"browser.newtabpage.activity-stream.feeds.topsites" = false; # "browser.topsites.contile.enabled" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false; # "browser.urlbar.suggest.topsites" = lock-false;
"browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false;
"browser.newtabpage.blocked" = lib.genAttrs [
# Youtube
"26UbzFJ7qT9/4DhodHKA1Q=="
# Facebook
"4gPpjkxgZzXPVtuEoAL9Ig=="
# Wikipedia
"eV8/WsSLxHadrTL1gAxhug=="
# Reddit
"gLv0ja2RYVgxKdp0I5qwvA=="
# Amazon
"K00ILysCaEq8+bEqV/3nuw=="
# Twitter
"T9nJot5PurhJSy8n038xGA=="
] (_: 1);
# Disable some telemetry # # Remove sponsored sites
"app.shield.optoutstudies.enabled" = false; # "browser.newtabpage.pinned" = lock-empty-string;
"browser.discovery.enabled" = false; # "browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false; # "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.telemetry" = false; # "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
"browser.ping-centre.telemetry" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.sessions.current.clean" = true;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = 2;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
# Disable fx accounts # # Remove firefox shiny buttons
"identity.fxaccounts.enabled" = false; # "browser.tabs.firefox-view" = false;
# Disable "save password" prompt # "browser.tabs.firefox-view-next" = false;
"signon.rememberSignons" = false; # # Style
# Harden # "browser.compactmode.show" = lock-true;
"privacy.trackingprotection.enabled" = true; # "browser.uidensity" = {
"dom.security.https_only_mode" = true; # Value = 1;
"browser.tabs.loadInBackground" = true; # Status = "locked";
"gfx.canvas.accelerated" = true; # };
"gfx.webrender.enabled" = true; # # Fonts - make web pages follow system font
"gfx.x11-egl.force-enabled" = true; # "browser.display.use_document_fonts" = {
"layers.acceleration.force-enabled" = true; # Value = 0;
"media.av1.enabled" = false; # Status = "locked";
"media.ffmpeg.vaapi.enabled" = true; # };
"media.hardware-video-decoding.force-enabled" = true;
"media.rdd-ffmpeg.enabled" = true; # "browser.tabs.loadInBackground" = true;
"widget.dmabuf.force-enabled" = true; # "gfx.canvas.accelerated" = true;
"svg.context-properties.content.enabled" = true; # "gfx.webrender.enabled" = true;
"gnomeTheme.hideSingleTab" = true; # "gfx.x11-egl.force-enabled" = true;
"gnomeTheme.bookmarksToolbarUnderTabs" = true; # "layers.acceleration.force-enabled" = true;
"gnomeTheme.normalWidthTabs" = false; # "media.av1.enabled" = false;
"gnomeTheme.tabsAsHeaderbar" = false; # "media.ffmpeg.vaapi.enabled" = true;
}; # "media.hardware-video-decoding.force-enabled" = true;
}; # "media.rdd-ffmpeg.enabled" = true;
# "widget.dmabuf.force-enabled" = true;
# "svg.context-properties.content.enabled" = true;
# "gnomeTheme.hideSingleTab" = true;
# "gnomeTheme.bookmarksToolbarUnderTabs" = true;
# "gnomeTheme.normalWidthTabs" = false;
# "gnomeTheme.tabsAsHeaderbar" = false;
# };
# };
}; };
home.packages = [ home.packages = [

4
modules/nixos/desktop/default.nix
View File

@ -46,6 +46,10 @@
services.xserver.excludePackages = [pkgs.xterm]; services.xserver.excludePackages = [pkgs.xterm];
services.xserver.desktopManager.xterm.enable = false; services.xserver.desktopManager.xterm.enable = false;
# Enable profile-sync-daemon for browsers.
# ref: https://wiki.archlinux.org/title/profile-sync-daemon
services.psd.enable = true;
# Add udev rules for ADB. # Add udev rules for ADB.
services.udev.packages = [pkgs.android-udev-rules]; services.udev.packages = [pkgs.android-udev-rules];

3
modules/nixos/networking/netbird/default.nix
View File

@ -17,6 +17,9 @@
# ref: https://github.com/NixOS/nixpkgs/issues/113589 # ref: https://github.com/NixOS/nixpkgs/issues/113589
wireguard.enable = true; wireguard.enable = true;
# netbird requires iproute2 route tables.
# iproute2.enable = true;
}; };
services.netbird.enable = true; services.netbird.enable = true;

69
systems/x86_64-linux/thonkpad/hardware.nix
View File

@ -3,60 +3,58 @@ _: {
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"xhci_pci" "xhci_pci"
"thunderbolt" "xhci_hcd"
"nvme" "nvme"
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
]; ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/9de352ea-128f-4d56-a720-36d81dfd9b92"; luks.devices."cryptroot".device = "/dev/disk/by-uuid/312b4d84-64dc-4721-9be3-bb0148199b16";
luks.devices."cryptroot".preLVM = true;
}; };
kernelModules = [ kernelModules = [
"kvm-intel" "kvm-intel"
"thinkpad_acpi" "thinkpad_acpi"
# "iwlwifi" "iwlwifi"
"xe" "i915"
]; ];
kernelParams = [ blacklistedKernelModules = [
"quiet" "iTCO_wdt"
"xe.force_probe=7d55"
"i915.force_probe=!7d55"
# "resume_offset=2465529"
"intel_pstate=active"
"thinkpad_acpi.fan_control=1"
]; ];
# resumeDevice = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; kernelParams = ["resume_offset=2465529" "intel_pstate=active" "i915.enable_gvt=1" "i915.enable_guc=3" "thinkpad_acpi.fan_control=1"];
resumeDevice = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
supportedFilesystems = ["btrfs"];
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
"autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
"subvol=@" "subvol=@"
"discard=async"
]; ];
neededForBoot = true; neededForBoot = true;
}; };
"/home" = { "/home" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
"autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
"subvol=@home" "subvol=@home"
"discard=async"
]; ];
}; };
"/.snapshots" = { "/.snapshots" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -64,37 +62,38 @@ _: {
"noatime" "noatime"
"ssd" "ssd"
"subvol=@snapshots" "subvol=@snapshots"
"discard=async"
]; ];
}; };
"/var/log" = { "/var/log" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
"autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
"subvol=@log" "subvol=@log"
"discard=async"
]; ];
}; };
"/var/cache" = { "/var/cache" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
"autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
"subvol=@cache" "subvol=@cache"
"discard=async"
]; ];
}; };
"/etc/nixos" = { "/etc/nixos" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -106,34 +105,32 @@ _: {
}; };
"/nix" = { "/nix" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
"autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
"subvol=@nix-store" "subvol=@nix-store"
"discard=async"
]; ];
}; };
# TODO: setup swap
# ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/ # ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/
# "/swap" = { "/swap" = {
# device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
# fsType = "btrfs"; fsType = "btrfs";
# options = [ options = [
# "subvol=@swap" "subvol=@swap"
# "noatime" "noatime"
# ]; ];
# }; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/7FBB-9E80"; device = "/dev/disk/by-uuid/90A5-35FF";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
}; };
}; };
swapDevices = []; swapDevices = [{device = "/swap/swapfile";}];
} }