thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: thunderbottom:381924aee19816d40769bd160f11acab73a48a7c
Branches Tags
thunderbottom:main
thunderbottom:master
..
compare: thunderbottom:8f4c7fe4cc7fe14236a746afef4e123c84508542
Branches Tags
thunderbottom:main
thunderbottom:master

No commits in common. "381924aee19816d40769bd160f11acab73a48a7c" and "8f4c7fe4cc7fe14236a746afef4e123c84508542" have entirely different histories.
381924aee1 ... 8f4c7fe4cc

5 changed files with 130 additions and 202 deletions
Show Stats Expand all files Collapse all files

10
flake.nix
View File

@ -19,14 +19,14 @@
systems.modules.nixos = with inputs; [
agenix.nixosModules.age
chaotic.nixosModules.default
disko.nixosModules.disko
nur.nixosModules.nur
srvos.nixosModules.common
srvos.nixosModules.mixins-systemd-boot
];
systems.hosts.thonkpad.modules = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
inputs.lanzaboote.nixosModules.lanzaboote
];
systems.hosts.thonkpad.specialArgs = {
@ -39,10 +39,6 @@
};
systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server];
homes.modules = with inputs; [
nur.hmModules.nur
];
overlays = [(_: prev: {inherit (inputs.maych-in.packages.${prev.system}) maych-in;})];
channels-config.allowUnfree = true;
@ -74,8 +70,6 @@
agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "nixpkgs";
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";

244
homes/x86_64-linux/chnmy@thonkpad/default.nix
View File

@ -1,6 +1,6 @@
{
config,
lib,
inputs,
pkgs,
...
}: {
@ -31,170 +31,100 @@
programs.firefox = {
enable = true;
policies = {
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
package = inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.override {
cfg = {
pipewireSupport = true;
};
OfferToSaveLoginsDefault = false;
DisableTelemetry = true;
DisablePocket = true;
DisableFirefoxAccounts = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
DisplayMenuBar = "default-off";
SearchBar = "unified";
NoDefaultBookmarks = true;
DisplayBookmarksToolbar = "never";
Preferences = let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = false;
Status = "locked";
};
lock-empty-string = {
Value = false;
Status = "locked";
};
in {
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
# extensions = with config.nur.repos.rycee.firefox-addons; [
# bitwarden
# clearurls
# duckduckgo-privacy-essentials
# reddit-enhancement-suite
# sponsorblock
# ublock-origin
# ];
# policies = {
# DisableFirefoxStudies = true;
# EnableTrackingProtection = {
# Value = true;
# Locked = true;
# Cryptomining = true;
# Fingerprinting = true;
# };
# OfferToSaveLoginsDefault = false;
# Remove poluting defaults
"extensions.pocket.enabled" = lock-false;
# DisableTelemetry = true;
# DisablePocket = true;
# DisableFirefoxAccounts = true;
# OverrideFirstRunPage = "";
# OverridePostUpdatePage = "";
# DontCheckDefaultBrowser = true;
# DisplayMenuBar = "default-off";
# SearchBar = "unified";
# NoDefaultBookmarks = true;
# DisplayBookmarksToolbar = "never";
# Preferences = let
# lock-false = {
# Value = false;
# Status = "locked";
# };
# lock-true = {
# Value = false;
# Status = "locked";
# };
# lock-empty-string = {
# Value = false;
# Status = "locked";
# };
# in {
# "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
# Remove default top sites
"browser.topsites.contile.enabled" = lock-false;
"browser.urlbar.suggest.topsites" = lock-false;
# # Remove poluting defaults
# "extensions.pocket.enabled" = lock-false;
# Remove sponsored sites
"browser.newtabpage.pinned" = lock-empty-string;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
# # Remove default top sites
# "browser.topsites.contile.enabled" = lock-false;
# "browser.urlbar.suggest.topsites" = lock-false;
# Remove firefox shiny buttons
"browser.tabs.firefox-view" = false;
"browser.tabs.firefox-view-next" = false;
# Style
"browser.compactmode.show" = lock-true;
"browser.uidensity" = {
Value = 1;
Status = "locked";
};
# Fonts - make web pages follow system font
"browser.display.use_document_fonts" = {
Value = 0;
Status = "locked";
};
};
};
profiles.ff = {
extensions = with config.nur.repos.rycee.firefox-addons; [
bitwarden
clearurls
duckduckgo-privacy-essentials
reddit-enhancement-suite
sponsorblock
ublock-origin
];
bookmarks = {};
settings = {
"browser.startup.homepage" = "about:home";
# # Remove sponsored sites
# "browser.newtabpage.pinned" = lock-empty-string;
# "browser.newtabpage.activity-stream.showSponsored" = lock-false;
# "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
# "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
# Disable irritating first-run stuff
"browser.disableResetPrompt" = true;
"browser.download.panel.shown" = true;
"browser.feeds.showFirstRunUI" = false;
"browser.messaging-system.whatsNewPanel.enabled" = false;
"browser.rights.3.shown" = true;
"browser.shell.checkDefaultBrowser" = false;
"browser.shell.defaultBrowserCheckCount" = 1;
"browser.startup.homepage_override.mstone" = "ignore";
"browser.uitour.enabled" = false;
"startup.homepage_override_url" = "";
"trailhead.firstrun.didSeeAboutWelcome" = true;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.bookmarks.addedImportButton" = true;
# # Remove firefox shiny buttons
# "browser.tabs.firefox-view" = false;
# "browser.tabs.firefox-view-next" = false;
# # Style
# "browser.compactmode.show" = lock-true;
# "browser.uidensity" = {
# Value = 1;
# Status = "locked";
# };
# # Fonts - make web pages follow system font
# "browser.display.use_document_fonts" = {
# Value = 0;
# Status = "locked";
# };
# Don't ask for download dir
"browser.download.useDownloadDir" = false;
# Disable crappy home activity stream page
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false;
"browser.newtabpage.blocked" = lib.genAttrs [
# Youtube
"26UbzFJ7qT9/4DhodHKA1Q=="
# Facebook
"4gPpjkxgZzXPVtuEoAL9Ig=="
# Wikipedia
"eV8/WsSLxHadrTL1gAxhug=="
# Reddit
"gLv0ja2RYVgxKdp0I5qwvA=="
# Amazon
"K00ILysCaEq8+bEqV/3nuw=="
# Twitter
"T9nJot5PurhJSy8n038xGA=="
] (_: 1);
# Disable some telemetry
"app.shield.optoutstudies.enabled" = false;
"browser.discovery.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.sessions.current.clean" = true;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = 2;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
# Disable fx accounts
"identity.fxaccounts.enabled" = false;
# Disable "save password" prompt
"signon.rememberSignons" = false;
# Harden
"privacy.trackingprotection.enabled" = true;
"dom.security.https_only_mode" = true;
"browser.tabs.loadInBackground" = true;
"gfx.canvas.accelerated" = true;
"gfx.webrender.enabled" = true;
"gfx.x11-egl.force-enabled" = true;
"layers.acceleration.force-enabled" = true;
"media.av1.enabled" = false;
"media.ffmpeg.vaapi.enabled" = true;
"media.hardware-video-decoding.force-enabled" = true;
"media.rdd-ffmpeg.enabled" = true;
"widget.dmabuf.force-enabled" = true;
"svg.context-properties.content.enabled" = true;
"gnomeTheme.hideSingleTab" = true;
"gnomeTheme.bookmarksToolbarUnderTabs" = true;
"gnomeTheme.normalWidthTabs" = false;
"gnomeTheme.tabsAsHeaderbar" = false;
};
};
# "browser.tabs.loadInBackground" = true;
# "gfx.canvas.accelerated" = true;
# "gfx.webrender.enabled" = true;
# "gfx.x11-egl.force-enabled" = true;
# "layers.acceleration.force-enabled" = true;
# "media.av1.enabled" = false;
# "media.ffmpeg.vaapi.enabled" = true;
# "media.hardware-video-decoding.force-enabled" = true;
# "media.rdd-ffmpeg.enabled" = true;
# "widget.dmabuf.force-enabled" = true;
# "svg.context-properties.content.enabled" = true;
# "gnomeTheme.hideSingleTab" = true;
# "gnomeTheme.bookmarksToolbarUnderTabs" = true;
# "gnomeTheme.normalWidthTabs" = false;
# "gnomeTheme.tabsAsHeaderbar" = false;
# };
# };
};
home.packages = [

4
modules/nixos/desktop/default.nix
View File

@ -46,6 +46,10 @@
services.xserver.excludePackages = [pkgs.xterm];
services.xserver.desktopManager.xterm.enable = false;
# Enable profile-sync-daemon for browsers.
# ref: https://wiki.archlinux.org/title/profile-sync-daemon
services.psd.enable = true;
# Add udev rules for ADB.
services.udev.packages = [pkgs.android-udev-rules];

3
modules/nixos/networking/netbird/default.nix
View File

@ -17,6 +17,9 @@
# ref: https://github.com/NixOS/nixpkgs/issues/113589
wireguard.enable = true;
# netbird requires iproute2 route tables.
# iproute2.enable = true;
};
services.netbird.enable = true;

69
systems/x86_64-linux/thonkpad/hardware.nix
View File

@ -3,60 +3,58 @@ _: {
initrd = {
availableKernelModules = [
"xhci_pci"
"thunderbolt"
"xhci_hcd"
"nvme"
"usb_storage"
"sd_mod"
];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/9de352ea-128f-4d56-a720-36d81dfd9b92";
luks.devices."cryptroot".device = "/dev/disk/by-uuid/312b4d84-64dc-4721-9be3-bb0148199b16";
luks.devices."cryptroot".preLVM = true;
};
kernelModules = [
"kvm-intel"
"thinkpad_acpi"
# "iwlwifi"
"xe"
"iwlwifi"
"i915"
];
kernelParams = [
"quiet"
"xe.force_probe=7d55"
"i915.force_probe=!7d55"
# "resume_offset=2465529"
"intel_pstate=active"
"thinkpad_acpi.fan_control=1"
blacklistedKernelModules = [
"iTCO_wdt"
];
# resumeDevice = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
kernelParams = ["resume_offset=2465529" "intel_pstate=active" "i915.enable_gvt=1" "i915.enable_guc=3" "thinkpad_acpi.fan_control=1"];
resumeDevice = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
supportedFilesystems = ["btrfs"];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@"
"discard=async"
];
neededForBoot = true;
};
"/home" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@home"
"discard=async"
];
};
"/.snapshots" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
@ -64,37 +62,38 @@ _: {
"noatime"
"ssd"
"subvol=@snapshots"
"discard=async"
];
};
"/var/log" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@log"
"discard=async"
];
};
"/var/cache" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@cache"
"discard=async"
];
};
"/etc/nixos" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
@ -106,34 +105,32 @@ _: {
};
"/nix" = {
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@nix-store"
"discard=async"
];
};
# TODO: setup swap
# ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/
# "/swap" = {
# device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
# fsType = "btrfs";
# options = [
# "subvol=@swap"
# "noatime"
# ];
# };
"/swap" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"subvol=@swap"
"noatime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/7FBB-9E80";
device = "/dev/disk/by-uuid/90A5-35FF";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [];
swapDevices = [{device = "/swap/swapfile";}];
}