Compare commits
No commits in common. "381924aee19816d40769bd160f11acab73a48a7c" and "8f4c7fe4cc7fe14236a746afef4e123c84508542" have entirely different histories.
381924aee1
...
8f4c7fe4cc
10
flake.nix
10
flake.nix
@ -19,14 +19,14 @@
|
||||
|
||||
systems.modules.nixos = with inputs; [
|
||||
agenix.nixosModules.age
|
||||
chaotic.nixosModules.default
|
||||
disko.nixosModules.disko
|
||||
nur.nixosModules.nur
|
||||
srvos.nixosModules.common
|
||||
srvos.nixosModules.mixins-systemd-boot
|
||||
];
|
||||
|
||||
systems.hosts.thonkpad.modules = [
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
];
|
||||
systems.hosts.thonkpad.specialArgs = {
|
||||
@ -39,10 +39,6 @@
|
||||
};
|
||||
systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server];
|
||||
|
||||
homes.modules = with inputs; [
|
||||
nur.hmModules.nur
|
||||
];
|
||||
|
||||
overlays = [(_: prev: {inherit (inputs.maych-in.packages.${prev.system}) maych-in;})];
|
||||
|
||||
channels-config.allowUnfree = true;
|
||||
@ -74,8 +70,6 @@
|
||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
agenix.inputs.home-manager.follows = "nixpkgs";
|
||||
|
||||
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
|
||||
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
@ -31,170 +31,100 @@
|
||||
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
policies = {
|
||||
DisableFirefoxStudies = true;
|
||||
EnableTrackingProtection = {
|
||||
Value = true;
|
||||
Locked = true;
|
||||
Cryptomining = true;
|
||||
Fingerprinting = true;
|
||||
};
|
||||
OfferToSaveLoginsDefault = false;
|
||||
DisableTelemetry = true;
|
||||
DisablePocket = true;
|
||||
DisableFirefoxAccounts = true;
|
||||
OverrideFirstRunPage = "";
|
||||
OverridePostUpdatePage = "";
|
||||
DontCheckDefaultBrowser = true;
|
||||
DisplayMenuBar = "default-off";
|
||||
SearchBar = "unified";
|
||||
NoDefaultBookmarks = true;
|
||||
DisplayBookmarksToolbar = "never";
|
||||
Preferences = let
|
||||
lock-false = {
|
||||
Value = false;
|
||||
Status = "locked";
|
||||
};
|
||||
lock-true = {
|
||||
Value = false;
|
||||
Status = "locked";
|
||||
};
|
||||
lock-empty-string = {
|
||||
Value = false;
|
||||
Status = "locked";
|
||||
};
|
||||
in {
|
||||
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
|
||||
|
||||
# Remove poluting defaults
|
||||
"extensions.pocket.enabled" = lock-false;
|
||||
|
||||
# Remove default top sites
|
||||
"browser.topsites.contile.enabled" = lock-false;
|
||||
"browser.urlbar.suggest.topsites" = lock-false;
|
||||
|
||||
# Remove sponsored sites
|
||||
"browser.newtabpage.pinned" = lock-empty-string;
|
||||
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
|
||||
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
|
||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
|
||||
|
||||
# Remove firefox shiny buttons
|
||||
"browser.tabs.firefox-view" = false;
|
||||
"browser.tabs.firefox-view-next" = false;
|
||||
# Style
|
||||
"browser.compactmode.show" = lock-true;
|
||||
"browser.uidensity" = {
|
||||
Value = 1;
|
||||
Status = "locked";
|
||||
};
|
||||
# Fonts - make web pages follow system font
|
||||
"browser.display.use_document_fonts" = {
|
||||
Value = 0;
|
||||
Status = "locked";
|
||||
};
|
||||
package = inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.override {
|
||||
cfg = {
|
||||
pipewireSupport = true;
|
||||
};
|
||||
};
|
||||
profiles.ff = {
|
||||
extensions = with config.nur.repos.rycee.firefox-addons; [
|
||||
bitwarden
|
||||
clearurls
|
||||
duckduckgo-privacy-essentials
|
||||
reddit-enhancement-suite
|
||||
sponsorblock
|
||||
ublock-origin
|
||||
];
|
||||
bookmarks = {};
|
||||
settings = {
|
||||
"browser.startup.homepage" = "about:home";
|
||||
# extensions = with config.nur.repos.rycee.firefox-addons; [
|
||||
# bitwarden
|
||||
# clearurls
|
||||
# duckduckgo-privacy-essentials
|
||||
# reddit-enhancement-suite
|
||||
# sponsorblock
|
||||
# ublock-origin
|
||||
# ];
|
||||
# policies = {
|
||||
# DisableFirefoxStudies = true;
|
||||
# EnableTrackingProtection = {
|
||||
# Value = true;
|
||||
# Locked = true;
|
||||
# Cryptomining = true;
|
||||
# Fingerprinting = true;
|
||||
# };
|
||||
# OfferToSaveLoginsDefault = false;
|
||||
|
||||
# Disable irritating first-run stuff
|
||||
"browser.disableResetPrompt" = true;
|
||||
"browser.download.panel.shown" = true;
|
||||
"browser.feeds.showFirstRunUI" = false;
|
||||
"browser.messaging-system.whatsNewPanel.enabled" = false;
|
||||
"browser.rights.3.shown" = true;
|
||||
"browser.shell.checkDefaultBrowser" = false;
|
||||
"browser.shell.defaultBrowserCheckCount" = 1;
|
||||
"browser.startup.homepage_override.mstone" = "ignore";
|
||||
"browser.uitour.enabled" = false;
|
||||
"startup.homepage_override_url" = "";
|
||||
"trailhead.firstrun.didSeeAboutWelcome" = true;
|
||||
"browser.bookmarks.restore_default_bookmarks" = false;
|
||||
"browser.bookmarks.addedImportButton" = true;
|
||||
# DisableTelemetry = true;
|
||||
# DisablePocket = true;
|
||||
# DisableFirefoxAccounts = true;
|
||||
# OverrideFirstRunPage = "";
|
||||
# OverridePostUpdatePage = "";
|
||||
# DontCheckDefaultBrowser = true;
|
||||
# DisplayMenuBar = "default-off";
|
||||
# SearchBar = "unified";
|
||||
# NoDefaultBookmarks = true;
|
||||
# DisplayBookmarksToolbar = "never";
|
||||
# Preferences = let
|
||||
# lock-false = {
|
||||
# Value = false;
|
||||
# Status = "locked";
|
||||
# };
|
||||
# lock-true = {
|
||||
# Value = false;
|
||||
# Status = "locked";
|
||||
# };
|
||||
# lock-empty-string = {
|
||||
# Value = false;
|
||||
# Status = "locked";
|
||||
# };
|
||||
# in {
|
||||
# "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
|
||||
|
||||
# Don't ask for download dir
|
||||
"browser.download.useDownloadDir" = false;
|
||||
# # Remove poluting defaults
|
||||
# "extensions.pocket.enabled" = lock-false;
|
||||
|
||||
# Disable crappy home activity stream page
|
||||
"browser.newtabpage.activity-stream.feeds.topsites" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||
"browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false;
|
||||
"browser.newtabpage.blocked" = lib.genAttrs [
|
||||
# Youtube
|
||||
"26UbzFJ7qT9/4DhodHKA1Q=="
|
||||
# Facebook
|
||||
"4gPpjkxgZzXPVtuEoAL9Ig=="
|
||||
# Wikipedia
|
||||
"eV8/WsSLxHadrTL1gAxhug=="
|
||||
# Reddit
|
||||
"gLv0ja2RYVgxKdp0I5qwvA=="
|
||||
# Amazon
|
||||
"K00ILysCaEq8+bEqV/3nuw=="
|
||||
# Twitter
|
||||
"T9nJot5PurhJSy8n038xGA=="
|
||||
] (_: 1);
|
||||
# # Remove default top sites
|
||||
# "browser.topsites.contile.enabled" = lock-false;
|
||||
# "browser.urlbar.suggest.topsites" = lock-false;
|
||||
|
||||
# Disable some telemetry
|
||||
"app.shield.optoutstudies.enabled" = false;
|
||||
"browser.discovery.enabled" = false;
|
||||
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
|
||||
"browser.newtabpage.activity-stream.telemetry" = false;
|
||||
"browser.ping-centre.telemetry" = false;
|
||||
"datareporting.healthreport.service.enabled" = false;
|
||||
"datareporting.healthreport.uploadEnabled" = false;
|
||||
"datareporting.policy.dataSubmissionEnabled" = false;
|
||||
"datareporting.sessions.current.clean" = true;
|
||||
"devtools.onboarding.telemetry.logged" = false;
|
||||
"toolkit.telemetry.archive.enabled" = false;
|
||||
"toolkit.telemetry.bhrPing.enabled" = false;
|
||||
"toolkit.telemetry.enabled" = false;
|
||||
"toolkit.telemetry.firstShutdownPing.enabled" = false;
|
||||
"toolkit.telemetry.hybridContent.enabled" = false;
|
||||
"toolkit.telemetry.newProfilePing.enabled" = false;
|
||||
"toolkit.telemetry.prompted" = 2;
|
||||
"toolkit.telemetry.rejected" = true;
|
||||
"toolkit.telemetry.reportingpolicy.firstRun" = false;
|
||||
"toolkit.telemetry.server" = "";
|
||||
"toolkit.telemetry.shutdownPingSender.enabled" = false;
|
||||
"toolkit.telemetry.unified" = false;
|
||||
"toolkit.telemetry.unifiedIsOptIn" = false;
|
||||
"toolkit.telemetry.updatePing.enabled" = false;
|
||||
# # Remove sponsored sites
|
||||
# "browser.newtabpage.pinned" = lock-empty-string;
|
||||
# "browser.newtabpage.activity-stream.showSponsored" = lock-false;
|
||||
# "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
|
||||
# "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
|
||||
|
||||
# Disable fx accounts
|
||||
"identity.fxaccounts.enabled" = false;
|
||||
# Disable "save password" prompt
|
||||
"signon.rememberSignons" = false;
|
||||
# Harden
|
||||
"privacy.trackingprotection.enabled" = true;
|
||||
"dom.security.https_only_mode" = true;
|
||||
"browser.tabs.loadInBackground" = true;
|
||||
"gfx.canvas.accelerated" = true;
|
||||
"gfx.webrender.enabled" = true;
|
||||
"gfx.x11-egl.force-enabled" = true;
|
||||
"layers.acceleration.force-enabled" = true;
|
||||
"media.av1.enabled" = false;
|
||||
"media.ffmpeg.vaapi.enabled" = true;
|
||||
"media.hardware-video-decoding.force-enabled" = true;
|
||||
"media.rdd-ffmpeg.enabled" = true;
|
||||
"widget.dmabuf.force-enabled" = true;
|
||||
"svg.context-properties.content.enabled" = true;
|
||||
"gnomeTheme.hideSingleTab" = true;
|
||||
"gnomeTheme.bookmarksToolbarUnderTabs" = true;
|
||||
"gnomeTheme.normalWidthTabs" = false;
|
||||
"gnomeTheme.tabsAsHeaderbar" = false;
|
||||
};
|
||||
};
|
||||
# # Remove firefox shiny buttons
|
||||
# "browser.tabs.firefox-view" = false;
|
||||
# "browser.tabs.firefox-view-next" = false;
|
||||
# # Style
|
||||
# "browser.compactmode.show" = lock-true;
|
||||
# "browser.uidensity" = {
|
||||
# Value = 1;
|
||||
# Status = "locked";
|
||||
# };
|
||||
# # Fonts - make web pages follow system font
|
||||
# "browser.display.use_document_fonts" = {
|
||||
# Value = 0;
|
||||
# Status = "locked";
|
||||
# };
|
||||
|
||||
# "browser.tabs.loadInBackground" = true;
|
||||
# "gfx.canvas.accelerated" = true;
|
||||
# "gfx.webrender.enabled" = true;
|
||||
# "gfx.x11-egl.force-enabled" = true;
|
||||
# "layers.acceleration.force-enabled" = true;
|
||||
# "media.av1.enabled" = false;
|
||||
# "media.ffmpeg.vaapi.enabled" = true;
|
||||
# "media.hardware-video-decoding.force-enabled" = true;
|
||||
# "media.rdd-ffmpeg.enabled" = true;
|
||||
# "widget.dmabuf.force-enabled" = true;
|
||||
# "svg.context-properties.content.enabled" = true;
|
||||
# "gnomeTheme.hideSingleTab" = true;
|
||||
# "gnomeTheme.bookmarksToolbarUnderTabs" = true;
|
||||
# "gnomeTheme.normalWidthTabs" = false;
|
||||
# "gnomeTheme.tabsAsHeaderbar" = false;
|
||||
# };
|
||||
# };
|
||||
};
|
||||
|
||||
home.packages = [
|
||||
|
@ -46,6 +46,10 @@
|
||||
services.xserver.excludePackages = [pkgs.xterm];
|
||||
services.xserver.desktopManager.xterm.enable = false;
|
||||
|
||||
# Enable profile-sync-daemon for browsers.
|
||||
# ref: https://wiki.archlinux.org/title/profile-sync-daemon
|
||||
services.psd.enable = true;
|
||||
|
||||
# Add udev rules for ADB.
|
||||
services.udev.packages = [pkgs.android-udev-rules];
|
||||
|
||||
|
@ -17,6 +17,9 @@
|
||||
|
||||
# ref: https://github.com/NixOS/nixpkgs/issues/113589
|
||||
wireguard.enable = true;
|
||||
|
||||
# netbird requires iproute2 route tables.
|
||||
# iproute2.enable = true;
|
||||
};
|
||||
|
||||
services.netbird.enable = true;
|
||||
|
@ -3,60 +3,58 @@ _: {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"xhci_hcd"
|
||||
"nvme"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
luks.devices."cryptroot".device = "/dev/disk/by-uuid/9de352ea-128f-4d56-a720-36d81dfd9b92";
|
||||
luks.devices."cryptroot".device = "/dev/disk/by-uuid/312b4d84-64dc-4721-9be3-bb0148199b16";
|
||||
luks.devices."cryptroot".preLVM = true;
|
||||
};
|
||||
kernelModules = [
|
||||
"kvm-intel"
|
||||
"thinkpad_acpi"
|
||||
# "iwlwifi"
|
||||
"xe"
|
||||
"iwlwifi"
|
||||
"i915"
|
||||
];
|
||||
kernelParams = [
|
||||
"quiet"
|
||||
"xe.force_probe=7d55"
|
||||
"i915.force_probe=!7d55"
|
||||
# "resume_offset=2465529"
|
||||
"intel_pstate=active"
|
||||
"thinkpad_acpi.fan_control=1"
|
||||
blacklistedKernelModules = [
|
||||
"iTCO_wdt"
|
||||
];
|
||||
# resumeDevice = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
kernelParams = ["resume_offset=2465529" "intel_pstate=active" "i915.enable_gvt=1" "i915.enable_guc=3" "thinkpad_acpi.fan_control=1"];
|
||||
resumeDevice = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
supportedFilesystems = ["btrfs"];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
"autodefrag"
|
||||
"compress-force=zstd"
|
||||
"noatime"
|
||||
"ssd"
|
||||
"subvol=@"
|
||||
"discard=async"
|
||||
];
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
"autodefrag"
|
||||
"compress-force=zstd"
|
||||
"noatime"
|
||||
"ssd"
|
||||
"subvol=@home"
|
||||
"discard=async"
|
||||
];
|
||||
};
|
||||
|
||||
"/.snapshots" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
@ -64,37 +62,38 @@ _: {
|
||||
"noatime"
|
||||
"ssd"
|
||||
"subvol=@snapshots"
|
||||
"discard=async"
|
||||
];
|
||||
};
|
||||
|
||||
"/var/log" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
"autodefrag"
|
||||
"compress-force=zstd"
|
||||
"noatime"
|
||||
"ssd"
|
||||
"subvol=@log"
|
||||
"discard=async"
|
||||
];
|
||||
};
|
||||
|
||||
"/var/cache" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
"autodefrag"
|
||||
"compress-force=zstd"
|
||||
"noatime"
|
||||
"ssd"
|
||||
"subvol=@cache"
|
||||
"discard=async"
|
||||
];
|
||||
};
|
||||
|
||||
"/etc/nixos" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
@ -106,34 +105,32 @@ _: {
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"defaults"
|
||||
"autodefrag"
|
||||
"compress-force=zstd"
|
||||
"noatime"
|
||||
"ssd"
|
||||
"subvol=@nix-store"
|
||||
"discard=async"
|
||||
];
|
||||
};
|
||||
|
||||
# TODO: setup swap
|
||||
# ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/
|
||||
# "/swap" = {
|
||||
# device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
|
||||
# fsType = "btrfs";
|
||||
# options = [
|
||||
# "subvol=@swap"
|
||||
# "noatime"
|
||||
# ];
|
||||
# };
|
||||
"/swap" = {
|
||||
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"subvol=@swap"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/7FBB-9E80";
|
||||
device = "/dev/disk/by-uuid/90A5-35FF";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0022" "dmask=0022"];
|
||||
};
|
||||
};
|
||||
swapDevices = [];
|
||||
swapDevices = [{device = "/swap/swapfile";}];
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user