From 957d87f6e844264c3b4cc122c425e62c51ca7493 Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Thu, 5 Oct 2023 17:45:31 +0200 Subject: [PATCH] Add basic modularization --- README.md | 30 ++ configuration.nix | 106 +----- home-mods/dev/default.nix | 132 ++++++++ home-mods/firefox/default.nix | 212 ++++++++++++ plasma.nix => home-mods/plasma/default.nix | 0 home-mods/virt/default.nix | 41 +++ home.nix | 372 +-------------------- os-mods/network/default.nix | 33 ++ os-mods/virt/default.nix | 45 +++ 9 files changed, 507 insertions(+), 464 deletions(-) create mode 100644 home-mods/dev/default.nix create mode 100644 home-mods/firefox/default.nix rename plasma.nix => home-mods/plasma/default.nix (100%) create mode 100644 home-mods/virt/default.nix create mode 100644 os-mods/network/default.nix create mode 100644 os-mods/virt/default.nix diff --git a/README.md b/README.md index c753983..b686d81 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,36 @@ diff plasma.nix plasma.new.nix # copy over as needed ``` +## 🛠️ Nix Configuration Structure + +Here's a brief rundown of the directory structure: + +### Top-Level Files + +- `flake.nix`: Nix Flake configuration file. +- `configuration.nix`: Main NixOS system configuration entry point. +- `disko.nix`: Disk and filesystem configuration. +- `hardware.nix`: Hardware-related configurations like drivers. +- `home.nix`: Configurations related to user home directories. (home-manager) +- `users.nix`: User account and privilege settings. + +### `home-mods` Directory + +Stores modules related to specific user applications or environments. + +- `dev/default.nix`: Developer-specific configurations. +- `firefox/default.nix`: Firefox browser settings. +- `plasma/default.nix`: KDE Plasma desktop settings. +- `virt/default.nix`: Virtualization-related settings. + +### `os-mods` Directory + +Holds system-level modules for network, virtualization, etc. + +- `network/default.nix`: Network-related settings. +- `virt/default.nix`: OS-level virtualization settings. + + ## 🙏 Made possible by - NixOS: https://nixos.org/ diff --git a/configuration.nix b/configuration.nix index ee79846..5443de8 100644 --- a/configuration.nix +++ b/configuration.nix @@ -7,42 +7,10 @@ }: { imports = [ ./hardware.nix + ./os-mods/network + ./os-mods/virt ]; - systemd.user.services.set-wallpaper = { - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = "yes"; - }; - script = '' - FILE="$HOME/.config/plasma-org.kde.plasma.desktop-appletsrc" - IMAGE_PATH="$HOME/.background" - - if [[ ! -f "$IMAGE_PATH" ]]; then - echo "Image not found at $IMAGE_PATH. Skipping setting the image." - exit 0 - fi - - # Extract all containment numbers - CONTAINMENTS=$(${pkgs.ripgrep}/bin/rg "\[Containments\]\[(\d+)\]" -o ~/.config/plasma-org.kde.plasma.desktop-appletsrc -r \$1 | sort | uniq) - - for CONTAINMENT in $CONTAINMENTS; do - echo Containment: $CONTAINMENT - ${pkgs.libsForQt5.kconfig}/bin/kwriteconfig5 \ - --file $FILE \ - --group Containments --group $CONTAINMENT \ - --key "wallpaperplugin" "org.kde.image"; - - ${pkgs.libsForQt5.kconfig}/bin/kwriteconfig5 \ - --file $FILE \ - --group Containments --group $CONTAINMENT \ - --group Wallpaper --group org.kde.image \ - --group General \ - --key Image "$IMAGE_PATH"; - done - ''; - }; - nix = { package = pkgs.nixFlakes; extraOptions = '' @@ -71,26 +39,9 @@ ]; networking.hostName = "nixos-pulse"; - networking.networkmanager.enable = true; - networking.nameservers = [ - "45.90.28.0#921984.dns.nextdns.io" - "45.90.30.0#921984.dns.nextdns.io" - "2a07:a8c0::#921984.dns.nextdns.io" - "2a07:a8c1::#921984.dns.nextdns.io" - ]; services.fwupd.enable = true; - services.resolved = { - enable = true; - dnssec = "true"; - domains = ["~."]; - fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"]; - extraConfig = '' - DNSOverTLS=yes - ''; - }; - time.timeZone = "Europe/Berlin"; i18n = { @@ -113,15 +64,6 @@ }; }; - services.tailscale = { - enable = true; - useRoutingFeatures = "both"; - }; - - services.mozillavpn = { - enable = true; - }; - services.xserver = { enable = true; layout = "us"; @@ -129,11 +71,11 @@ desktopManager.plasma5.enable = true; - # Sddm displayManager = { - sddm.enable = true; defaultSession = "plasmawayland"; + sddm.enable = true; + # autoLogin = { # enable = true; # user = "tristand"; @@ -165,8 +107,6 @@ environment.sessionVariables = { EDITOR = "nvim"; - MOZ_USE_XINPUT2 = "1"; - MOZ_ENABLE_WAYLAND = "1"; }; environment.systemPackages = with pkgs; [ @@ -177,10 +117,6 @@ neovim veracrypt vim - virtiofsd - virt-manager - virt-viewer - virt-top wl-clipboard wget ]; @@ -210,44 +146,12 @@ services.openssh.enable = true; - networking.firewall.allowedTCPPorts = [22 80 443]; + networking.firewall.allowedTCPPorts = [22]; # networking.firewall.allowedUDPPorts = [ ... ]; # Samba networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; - virtualisation.docker = { - enable = true; - storageDriver = "btrfs"; - }; - virtualisation.libvirtd = { - enable = true; - - onShutdown = "suspend"; - onBoot = "ignore"; - - qemu = { - package = pkgs.qemu_kvm; - ovmf.enable = true; - ovmf.packages = [pkgs.OVMFFull.fd]; - swtpm.enable = true; - runAsRoot = false; - }; - }; - - # virtualisation.libvirtd.allowedBridges = [ - # "virbr0" - # "testbr0" - # ]; - - # networking.bridges = { - # testbr0 = { - # interfaces = [ - # "enp5s0f4u1u1c2" - # ]; - # }; - # }; - powerManagement.powertop.enable = true; systemd.services.powertop.postStart = '' HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) diff --git a/home-mods/dev/default.nix b/home-mods/dev/default.nix new file mode 100644 index 0000000..6fa0291 --- /dev/null +++ b/home-mods/dev/default.nix @@ -0,0 +1,132 @@ +{ + lib, + pkgs, + config, + inputs, + ... +}: { + programs.alacritty = { + enable = true; + settings = { + window.opacity = 0.88; + window.dimensions = { + lines = 40; + columns = 150; + }; + }; + }; + + home.sessionVariables = { + TERMINAL = "alacritty"; + }; + + programs.fish = { + enable = true; + + interactiveShellInit = '' + any-nix-shell fish --info-right | source + direnv hook fish | source + ''; + loginShellInit = '' + direnv hook fish | source + ''; + + functions = { + ec = "emacsclient $argv"; + ecc = "emacsclient -c $argv"; + ecr = "emacsclient -r $argv"; + ecrr = "emacsclient -r $argv"; + }; + }; + + programs.git = { + enable = true; + userName = "Tristan Druyen"; + userEmail = "tristan@vault81.de"; + aliases = { + ci = "commit"; + co = "checkout"; + s = "status"; + }; + extraConfig = { + user.signingkey = "/home/tristand/.ssh/id_ed25519"; + commit.gpgsign = true; + gpg.format = "ssh"; + }; + }; + + programs.nix-index = { + enable = true; + enableFishIntegration = true; + }; + + programs.ssh = { + enable = true; + + matchBlocks = { + "he3" = { + host = "he3"; + hostname = "he3.vault81.de"; + user = "root"; + identityFile = "~/.ssh/id_hetz_ed25519"; + }; + "he2" = { + host = "he2"; + hostname = "he2.vault81.de"; + user = "root"; + identityFile = "~/.ssh/id_v81_ed25519"; + }; + "desk-arch" = { + host = "desk-arch"; + hostname = "tristan-desk-arch"; + user = "tristand"; + identityFile = "~/.ssh/id_v81_ed25519"; + }; + }; + }; + + programs.gpg = { + enable = true; + }; + + services.gpg-agent = { + enable = true; + + enableExtraSocket = true; + enableSshSupport = true; + }; + + services.lorri.enable = true; + + services.emacs = { + enable = true; + defaultEditor = true; + package = pkgs.emacs-unstable-pgtk; + }; + + home.packages = with pkgs; [ + any-nix-shell + atool + aspell + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + aspellDicts.de + binutils + cmake + direnv + fd + gnutls + gnumake + gcc + imagemagick + pandoc + libtool + (lib.mkIf (config.services.gpg-agent.enable) + pinentry_emacs) + (ripgrep.override {withPCRE2 = true;}) + rnix-lsp + texlive.combined.scheme-full + zstd + ]; +} diff --git a/home-mods/firefox/default.nix b/home-mods/firefox/default.nix new file mode 100644 index 0000000..d44f59e --- /dev/null +++ b/home-mods/firefox/default.nix @@ -0,0 +1,212 @@ +{ + config, + lib, + pkgs, + ... +}: { + programs.firefox = { + enable = true; + + profiles = { + default = { + isDefault = true; + + settings = { + # Extensions are managed with Nix, so don't update. + "extensions.update.autoUpdateDefault" = false; + "extensions.update.enabled" = false; + + # Sync + # "services.sync.username" = config.etu.user.email; + + "services.sync.engine.addons" = false; # Do not sync extensions. + + "general.autoScroll" = true; # Middle click to scroll + + "browser.startup.page" = 3; # Restore previous windows and tabs. + + # Privacy enhancements + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + + # Improve performance + "gfx.webrender.all" = true; + + # Do Not Track header + "privacy.donottrackheader.enabled" = true; + "privacy.donottrackheader.value" = 1; + + # Enable userChrome customisations + # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; + + extensions = with config.nur.repos.rycee.firefox-addons; [ + bitwarden + clearurls + consent-o-matic + darkreader + localcdn + plasma-integration + privacy-badger + rust-search-extension + sidebery + skip-redirect + sponsorblock + tab-stash + ublock-origin + unpaywall + ]; + + search = { + force = true; + default = "DuckDuckGo"; + order = ["DuckDuckGo" "Nix Packages" "Nix Options" "NixOS Wiki"]; + + engines = { + "DuckDuckGo".metaData = { + alias = "@ddg"; + }; + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + + icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + + definedAliases = ["@np"]; + }; + "Nix Options" = { + urls = [ + { + template = "https://search.nixos.org/options"; + params = [ + { + name = "type"; + value = "options"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + + icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + + definedAliases = ["@no"]; + }; + "Home-Manager Options" = { + urls = [ + { + template = "https://mipmip.github.io/home-manager-option-search"; + params = [ + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + + icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + + definedAliases = ["@ho"]; + }; + + "NixOS Wiki" = { + urls = [ + { + template = "https://nixos.wiki/index.php?search={searchTerms}"; + } + ]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; + definedAliases = ["@nw"]; + }; + + "Bing".metaData.hidden = true; + "Amazon.de".metaData.hidden = true; + "Google".metaData = { + alias = "@g"; + hidden = true; + }; + }; + }; + + bookmarks = [ + { + toolbar = true; + bookmarks = [ + { + name = "Home Manager"; + url = "https://nixos.wiki/wiki/Home_Manager"; + } + ]; + } + { + name = "wikipedia"; + tags = ["wiki"]; + keyword = "wiki"; + url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go"; + } + { + name = "kernel.org"; + url = "https://www.kernel.org"; + } + { + name = "Nix sites"; + bookmarks = [ + { + name = "homepage"; + url = "https://nixos.org/"; + } + { + name = "wiki"; + tags = ["wiki" "nix"]; + url = "https://nixos.wiki/"; + } + { + name = "Nix sites"; + bookmarks = [ + { + name = "homepage"; + url = "https://nixos.org/"; + } + { + name = "wiki"; + url = "https://nixos.wiki/"; + } + ]; + } + ]; + } + ]; + }; + }; + }; + + home.sessionVariables = { + BROWSER = "firefox"; + MOZ_USE_XINPUT2 = "1"; + MOZ_ENABLE_WAYLAND = "1"; + }; +} diff --git a/plasma.nix b/home-mods/plasma/default.nix similarity index 100% rename from plasma.nix rename to home-mods/plasma/default.nix diff --git a/home-mods/virt/default.nix b/home-mods/virt/default.nix new file mode 100644 index 0000000..dcb3804 --- /dev/null +++ b/home-mods/virt/default.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + pkgs, + ... +}: { + dconf.settings = { + "org/virt-manager/virt-manager/connections" = { + autoconnect = ["qemu:///system"]; + uris = ["qemu:///system"]; + }; + }; + + xdg.desktopEntries = { + win10 = { + name = "Win 10 VM"; + type = "Application"; + icon = "windows"; + comment = "start the win10 vm"; + exec = pkgs.lib.strings.concatStrings [ + "bash -c \"" + "virsh --connect=qemu:///system start win10; " + "virt-viewer -a -w -c qemu:///system win10 " + "&& virsh --connect=qemu:///system managedsave win10\"" + ]; + }; + win11 = { + name = "Win 11 VM"; + type = "Application"; + icon = "windows"; + comment = "start the win11 vm"; + exec = pkgs.lib.strings.concatStrings [ + "bash -c \"" + "virsh --connect=qemu:///system start win11; " + "virsh --connect=qemu:///system resume win11; " + "virt-viewer -a -w -c qemu:///system win11 " + "&& virsh --connect=qemu:///system managedsave win11\"" + ]; + }; + }; +} diff --git a/home.nix b/home.nix index 3c1af26..d56c9a4 100644 --- a/home.nix +++ b/home.nix @@ -11,356 +11,35 @@ wallpaperPath = "${wallpaper}/share/wallpapers/nixos-wallpaper.png"; in { imports = [ - ./plasma.nix + ./home-mods/dev + ./home-mods/firefox + ./home-mods/plasma + ./home-mods/virt ]; - dconf.settings = { - "org/virt-manager/virt-manager/connections" = { - autoconnect = ["qemu:///system"]; - uris = ["qemu:///system"]; - }; - }; - - programs.alacritty = { - enable = true; - settings = { - window.opacity = 0.88; - window.dimensions = { - lines = 40; - columns = 150; - }; - }; - }; - - services.lorri.enable = true; - services.emacs = { - enable = true; - defaultEditor = true; - package = pkgs.emacs-unstable-pgtk; - }; - - programs.nix-index = { - enable = true; - enableFishIntegration = true; - }; - - programs.fish = { - enable = true; - - interactiveShellInit = '' - any-nix-shell fish --info-right | source - direnv hook fish | source - ''; - loginShellInit = '' - direnv hook fish | source - ''; - - functions = { - ec = "emacsclient $argv"; - ecc = "emacsclient -c $argv"; - ecr = "emacsclient -r $argv"; - ecrr = "emacsclient -r $argv"; - }; - }; - - programs.firefox = { - enable = true; - - profiles = { - default = { - isDefault = true; - - settings = { - # Extensions are managed with Nix, so don't update. - "extensions.update.autoUpdateDefault" = false; - "extensions.update.enabled" = false; - - # Sync - # "services.sync.username" = config.etu.user.email; - - "services.sync.engine.addons" = false; # Do not sync extensions. - - "general.autoScroll" = true; # Middle click to scroll - - "browser.startup.page" = 3; # Restore previous windows and tabs. - - # Privacy enhancements - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.newtabpage.activity-stream.feeds.snippets" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; - "browser.newtabpage.activity-stream.showSponsored" = false; - "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - - # Improve performance - "gfx.webrender.all" = true; - - # Do Not Track header - "privacy.donottrackheader.enabled" = true; - "privacy.donottrackheader.value" = 1; - - # Enable userChrome customisations - # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - }; - - extensions = with config.nur.repos.rycee.firefox-addons; [ - bitwarden - clearurls - consent-o-matic - darkreader - localcdn - plasma-integration - privacy-badger - rust-search-extension - sidebery - skip-redirect - sponsorblock - tab-stash - ublock-origin - unpaywall - ]; - - search = { - force = true; - default = "DuckDuckGo"; - order = ["DuckDuckGo" "Nix Packages" "Nix Options" "NixOS Wiki"]; - - engines = { - "DuckDuckGo".metaData = { - alias = "@ddg"; - }; - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - - icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - - definedAliases = ["@np"]; - }; - "Nix Options" = { - urls = [ - { - template = "https://search.nixos.org/options"; - params = [ - { - name = "type"; - value = "options"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - - icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - - definedAliases = ["@no"]; - }; - "Home-Manager Options" = { - urls = [ - { - template = "https://mipmip.github.io/home-manager-option-search"; - params = [ - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - - icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - - definedAliases = ["@ho"]; - }; - - "NixOS Wiki" = { - urls = [ - { - template = "https://nixos.wiki/index.php?search={searchTerms}"; - } - ]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; - definedAliases = ["@nw"]; - }; - - "Bing".metaData.hidden = true; - "Amazon.de".metaData.hidden = true; - "Google".metaData = { - alias = "@g"; - hidden = true; - }; - }; - }; - - bookmarks = [ - { - toolbar = true; - bookmarks = [ - { - name = "Home Manager"; - url = "https://nixos.wiki/wiki/Home_Manager"; - } - ]; - } - { - name = "wikipedia"; - tags = ["wiki"]; - keyword = "wiki"; - url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go"; - } - { - name = "kernel.org"; - url = "https://www.kernel.org"; - } - { - name = "Nix sites"; - bookmarks = [ - { - name = "homepage"; - url = "https://nixos.org/"; - } - { - name = "wiki"; - tags = ["wiki" "nix"]; - url = "https://nixos.wiki/"; - } - { - name = "Nix sites"; - bookmarks = [ - { - name = "homepage"; - url = "https://nixos.org/"; - } - { - name = "wiki"; - url = "https://nixos.wiki/"; - } - ]; - } - ]; - } - ]; - }; - }; - }; - - programs.git = { - enable = true; - userName = "Tristan Druyen"; - userEmail = "tristan@vault81.de"; - aliases = { - ci = "commit"; - co = "checkout"; - s = "status"; - }; - extraConfig = { - user.signingkey = "/home/tristand/.ssh/id_ed25519"; - commit.gpgsign = true; - gpg.format = "ssh"; - }; - }; - - programs.ssh = { - enable = true; - - matchBlocks = { - "he3" = { - host = "he3"; - hostname = "he3.vault81.de"; - user = "root"; - identityFile = "~/.ssh/id_hetz_ed25519"; - }; - "he2" = { - host = "he2"; - hostname = "he2.vault81.de"; - user = "root"; - identityFile = "~/.ssh/id_v81_ed25519"; - }; - "desk-arch" = { - host = "desk-arch"; - hostname = "tristan-desk-arch"; - user = "tristand"; - identityFile = "~/.ssh/id_v81_ed25519"; - }; - }; - }; - - programs.gpg = { - enable = true; - }; - - services.gpg-agent = { - enable = true; - - enableExtraSocket = true; - enableSshSupport = true; - }; - + home.file.".background".source = wallpaperPath; home.username = "tristand"; home.homeDirectory = "/home/tristand"; - home.file.".background".source = wallpaperPath; - home.packages = with pkgs; [ - any-nix-shell - cavalier alejandra - atool - alacritty - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - aspellDicts.de bitwarden - binutils brave btop - cmake - emacs-unstable-pgtk - firefox + cavalier + direnv + imagemagick inkscape jellyfin-media-player + kate neofetch nextcloud-client onlyoffice-bin - kate rcm rustup - direnv rust-motd - (ripgrep.override {withPCRE2 = true;}) - gnutls - gnumake - gcc - pandoc - libtool - fd - imagemagick - pinentry-emacs python311Full zstd - rnix-lsp - texlive.combined.scheme-full rustdesk tutanota-desktop signal-desktop @@ -371,38 +50,5 @@ in { zellij ]; - home.sessionVariables = { - BROWSER = "firefox"; - TERMINAL = "alacritty"; - }; - - xdg.desktopEntries = { - win10 = { - name = "Win 10 VM"; - type = "Application"; - icon = "windows"; - comment = "start the win10 vm"; - exec = pkgs.lib.strings.concatStrings [ - "bash -c \"" - "virsh --connect=qemu:///system start win10; " - "virt-viewer -a -w -c qemu:///system win10 " - "&& virsh --connect=qemu:///system managedsave win10\"" - ]; - }; - win11 = { - name = "Win 11 VM"; - type = "Application"; - icon = "windows"; - comment = "start the win11 vm"; - exec = pkgs.lib.strings.concatStrings [ - "bash -c \"" - "virsh --connect=qemu:///system start win11; " - "virsh --connect=qemu:///system resume win11; " - "virt-viewer -a -w -c qemu:///system win11 " - "&& virsh --connect=qemu:///system managedsave win11\"" - ]; - }; - }; - home.stateVersion = "23.05"; } diff --git a/os-mods/network/default.nix b/os-mods/network/default.nix new file mode 100644 index 0000000..4ce046b --- /dev/null +++ b/os-mods/network/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: { + networking.networkmanager.enable = true; + networking.nameservers = [ + "45.90.28.0#921984.dns.nextdns.io" + "45.90.30.0#921984.dns.nextdns.io" + "2a07:a8c0::#921984.dns.nextdns.io" + "2a07:a8c1::#921984.dns.nextdns.io" + ]; + + services.resolved = { + enable = true; + dnssec = "true"; + domains = ["~."]; + fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"]; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + + services.mozillavpn = { + enable = true; + }; +} diff --git a/os-mods/virt/default.nix b/os-mods/virt/default.nix new file mode 100644 index 0000000..9912c2f --- /dev/null +++ b/os-mods/virt/default.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + virtiofsd + virt-manager + virt-viewer + virt-top + ]; + + virtualisation.docker = { + enable = true; + storageDriver = "btrfs"; + }; + virtualisation.libvirtd = { + enable = true; + + onShutdown = "suspend"; + onBoot = "ignore"; + + qemu = { + package = pkgs.qemu_kvm; + ovmf.enable = true; + ovmf.packages = [pkgs.OVMFFull.fd]; + swtpm.enable = true; + runAsRoot = false; + }; + }; + + # virtualisation.libvirtd.allowedBridges = [ + # "virbr0" + # "testbr0" + # ]; + + # networking.bridges = { + # testbr0 = { + # interfaces = [ + # "enp5s0f4u1u1c2" + # ]; + # }; + # }; +}