Add basic modularization

2023-10-05 17:45:31 +02:00 · 2023-10-05 17:45:31 +02:00 · 957d87f6e8
commit 957d87f6e8
parent 3fcf1952b7
9 changed files with 507 additions and 464 deletions
--- a/README.md
+++ b/README.md
@ -55,6 +55,36 @@ diff plasma.nix plasma.new.nix
 # copy over as needed
 ```
 ## 🛠️ Nix Configuration Structure
 Here's a brief rundown of the directory structure:
 ### Top-Level Files
 - `flake.nix`: Nix Flake configuration file.
 - `configuration.nix`: Main NixOS system configuration entry point.
 - `disko.nix`: Disk and filesystem configuration.
 - `hardware.nix`: Hardware-related configurations like drivers.
 - `home.nix`: Configurations related to user home directories. (home-manager)
 - `users.nix`: User account and privilege settings.
 ### `home-mods` Directory
 Stores modules related to specific user applications or environments.
 - `dev/default.nix`: Developer-specific configurations.
 - `firefox/default.nix`: Firefox browser settings.
 - `plasma/default.nix`: KDE Plasma desktop settings.
 - `virt/default.nix`: Virtualization-related settings.
 ### `os-mods` Directory
 Holds system-level modules for network, virtualization, etc.
 - `network/default.nix`: Network-related settings.
 - `virt/default.nix`: OS-level virtualization settings.
 ## 🙏 Made possible by
 - NixOS: https://nixos.org/
--- a/configuration.nix
+++ b/configuration.nix
@ -7,42 +7,10 @@
 }: {
  imports = [
    ./hardware.nix
    ./os-mods/network
    ./os-mods/virt
  ];
  systemd.user.services.set-wallpaper = {
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = "yes";
    };
    script = ''
      FILE="$HOME/.config/plasma-org.kde.plasma.desktop-appletsrc"
      IMAGE_PATH="$HOME/.background"
      if [[ ! -f "$IMAGE_PATH" ]]; then
        echo "Image not found at $IMAGE_PATH. Skipping setting the image."
        exit 0
      fi
      # Extract all containment numbers
      CONTAINMENTS=$(${pkgs.ripgrep}/bin/rg "\[Containments\]\[(\d+)\]" -o ~/.config/plasma-org.kde.plasma.desktop-appletsrc -r \$1 | sort | uniq)
      for CONTAINMENT in $CONTAINMENTS; do
        echo Containment: $CONTAINMENT
        ${pkgs.libsForQt5.kconfig}/bin/kwriteconfig5 \
          --file $FILE \
          --group Containments --group $CONTAINMENT \
          --key "wallpaperplugin" "org.kde.image";
        ${pkgs.libsForQt5.kconfig}/bin/kwriteconfig5 \
          --file $FILE \
          --group Containments --group $CONTAINMENT \
          --group Wallpaper --group org.kde.image \
          --group General \
          --key Image "$IMAGE_PATH";
      done
    '';
  };
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
@ -71,26 +39,9 @@
  ];
  networking.hostName = "nixos-pulse";
  networking.networkmanager.enable = true;
  networking.nameservers = [
    "45.90.28.0#921984.dns.nextdns.io"
    "45.90.30.0#921984.dns.nextdns.io"
    "2a07:a8c0::#921984.dns.nextdns.io"
    "2a07:a8c1::#921984.dns.nextdns.io"
  ];
  services.fwupd.enable = true;
  services.resolved = {
    enable = true;
    dnssec = "true";
    domains = ["~."];
    fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
    extraConfig = ''
      DNSOverTLS=yes
    '';
  };
  time.timeZone = "Europe/Berlin";
  i18n = {
@ -113,15 +64,6 @@
    };
  };
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
  };
  services.mozillavpn = {
    enable = true;
  };
  services.xserver = {
    enable = true;
    layout = "us";
@ -129,11 +71,11 @@
    desktopManager.plasma5.enable = true;
    # Sddm
    displayManager = {
      sddm.enable = true;
      defaultSession = "plasmawayland";
      sddm.enable = true;
      # autoLogin = {
      #  enable = true;
      #  user = "tristand";
@ -165,8 +107,6 @@
  environment.sessionVariables = {
    EDITOR = "nvim";
    MOZ_USE_XINPUT2 = "1";
    MOZ_ENABLE_WAYLAND = "1";
  };
  environment.systemPackages = with pkgs; [
@ -177,10 +117,6 @@
    neovim
    veracrypt
    vim
    virtiofsd
    virt-manager
    virt-viewer
    virt-top
    wl-clipboard
    wget
  ];
@ -210,44 +146,12 @@
  services.openssh.enable = true;
-  networking.firewall.allowedTCPPorts = [22 80 443];
+  networking.firewall.allowedTCPPorts = [22];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Samba
  networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
  virtualisation.docker = {
    enable = true;
    storageDriver = "btrfs";
  };
  virtualisation.libvirtd = {
    enable = true;
    onShutdown = "suspend";
    onBoot = "ignore";
    qemu = {
      package = pkgs.qemu_kvm;
      ovmf.enable = true;
      ovmf.packages = [pkgs.OVMFFull.fd];
      swtpm.enable = true;
      runAsRoot = false;
    };
  };
  # virtualisation.libvirtd.allowedBridges = [
  #   "virbr0"
  #   "testbr0"
  # ];
  # networking.bridges = {
  #   testbr0 = {
  #     interfaces = [
  #       "enp5s0f4u1u1c2"
  #     ];
  #   };
  # };
  powerManagement.powertop.enable = true;
  systemd.services.powertop.postStart = ''
    HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u)
--- a/home-mods/dev/default.nix
+++ b/home-mods/dev/default.nix
@ -0,0 +1,132 @@
 {
  lib,
  pkgs,
  config,
  inputs,
  ...
 }: {
  programs.alacritty = {
    enable = true;
    settings = {
      window.opacity = 0.88;
      window.dimensions = {
        lines = 40;
        columns = 150;
      };
    };
  };
  home.sessionVariables = {
    TERMINAL = "alacritty";
  };
  programs.fish = {
    enable = true;
    interactiveShellInit = ''
      any-nix-shell fish --info-right | source
      direnv hook fish | source
    '';
    loginShellInit = ''
      direnv hook fish | source
    '';
    functions = {
      ec = "emacsclient $argv";
      ecc = "emacsclient -c $argv";
      ecr = "emacsclient -r $argv";
      ecrr = "emacsclient -r $argv";
    };
  };
  programs.git = {
    enable = true;
    userName = "Tristan Druyen";
    userEmail = "tristan@vault81.de";
    aliases = {
      ci = "commit";
      co = "checkout";
      s = "status";
    };
    extraConfig = {
      user.signingkey = "/home/tristand/.ssh/id_ed25519";
      commit.gpgsign = true;
      gpg.format = "ssh";
    };
  };
  programs.nix-index = {
    enable = true;
    enableFishIntegration = true;
  };
  programs.ssh = {
    enable = true;
    matchBlocks = {
      "he3" = {
        host = "he3";
        hostname = "he3.vault81.de";
        user = "root";
        identityFile = "~/.ssh/id_hetz_ed25519";
      };
      "he2" = {
        host = "he2";
        hostname = "he2.vault81.de";
        user = "root";
        identityFile = "~/.ssh/id_v81_ed25519";
      };
      "desk-arch" = {
        host = "desk-arch";
        hostname = "tristan-desk-arch";
        user = "tristand";
        identityFile = "~/.ssh/id_v81_ed25519";
      };
    };
  };
  programs.gpg = {
    enable = true;
  };
  services.gpg-agent = {
    enable = true;
    enableExtraSocket = true;
    enableSshSupport = true;
  };
  services.lorri.enable = true;
  services.emacs = {
    enable = true;
    defaultEditor = true;
    package = pkgs.emacs-unstable-pgtk;
  };
  home.packages = with pkgs; [
    any-nix-shell
    atool
    aspell
    aspellDicts.en
    aspellDicts.en-computers
    aspellDicts.en-science
    aspellDicts.de
    binutils
    cmake
    direnv
    fd
    gnutls
    gnumake
    gcc
    imagemagick
    pandoc
    libtool
    (lib.mkIf (config.services.gpg-agent.enable)
      pinentry_emacs)
    (ripgrep.override {withPCRE2 = true;})
    rnix-lsp
    texlive.combined.scheme-full
    zstd
  ];
 }
--- a/home-mods/firefox/default.nix
+++ b/home-mods/firefox/default.nix
@ -0,0 +1,212 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  programs.firefox = {
    enable = true;
    profiles = {
      default = {
        isDefault = true;
        settings = {
          # Extensions are managed with Nix, so don't update.
          "extensions.update.autoUpdateDefault" = false;
          "extensions.update.enabled" = false;
          # Sync
          # "services.sync.username" = config.etu.user.email;
          "services.sync.engine.addons" = false; # Do not sync extensions.
          "general.autoScroll" = true; # Middle click to scroll
          "browser.startup.page" = 3; # Restore previous windows and tabs.
          # Privacy enhancements
          "browser.newtabpage.activity-stream.feeds.telemetry" = false;
          "browser.newtabpage.activity-stream.telemetry" = false;
          "browser.newtabpage.activity-stream.feeds.snippets" = false;
          "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
          "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
          "browser.newtabpage.activity-stream.showSponsored" = false;
          "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false;
          "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
          # Improve performance
          "gfx.webrender.all" = true;
          # Do Not Track header
          "privacy.donottrackheader.enabled" = true;
          "privacy.donottrackheader.value" = 1;
          # Enable userChrome customisations
          # "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
        };
        extensions = with config.nur.repos.rycee.firefox-addons; [
          bitwarden
          clearurls
          consent-o-matic
          darkreader
          localcdn
          plasma-integration
          privacy-badger
          rust-search-extension
          sidebery
          skip-redirect
          sponsorblock
          tab-stash
          ublock-origin
          unpaywall
        ];
        search = {
          force = true;
          default = "DuckDuckGo";
          order = ["DuckDuckGo" "Nix Packages" "Nix Options" "NixOS Wiki"];
          engines = {
            "DuckDuckGo".metaData = {
              alias = "@ddg";
            };
            "Nix Packages" = {
              urls = [
                {
                  template = "https://search.nixos.org/packages";
                  params = [
                    {
                      name = "type";
                      value = "packages";
                    }
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
              icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
              definedAliases = ["@np"];
            };
            "Nix Options" = {
              urls = [
                {
                  template = "https://search.nixos.org/options";
                  params = [
                    {
                      name = "type";
                      value = "options";
                    }
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
              icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
              definedAliases = ["@no"];
            };
            "Home-Manager Options" = {
              urls = [
                {
                  template = "https://mipmip.github.io/home-manager-option-search";
                  params = [
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
              icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
              definedAliases = ["@ho"];
            };
            "NixOS Wiki" = {
              urls = [
                {
                  template = "https://nixos.wiki/index.php?search={searchTerms}";
                }
              ];
              iconUpdateURL = "https://nixos.wiki/favicon.png";
              updateInterval = 24 * 60 * 60 * 1000;
              definedAliases = ["@nw"];
            };
            "Bing".metaData.hidden = true;
            "Amazon.de".metaData.hidden = true;
            "Google".metaData = {
              alias = "@g";
              hidden = true;
            };
          };
        };
        bookmarks = [
          {
            toolbar = true;
            bookmarks = [
              {
                name = "Home Manager";
                url = "https://nixos.wiki/wiki/Home_Manager";
              }
            ];
          }
          {
            name = "wikipedia";
            tags = ["wiki"];
            keyword = "wiki";
            url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go";
          }
          {
            name = "kernel.org";
            url = "https://www.kernel.org";
          }
          {
            name = "Nix sites";
            bookmarks = [
              {
                name = "homepage";
                url = "https://nixos.org/";
              }
              {
                name = "wiki";
                tags = ["wiki" "nix"];
                url = "https://nixos.wiki/";
              }
              {
                name = "Nix sites";
                bookmarks = [
                  {
                    name = "homepage";
                    url = "https://nixos.org/";
                  }
                  {
                    name = "wiki";
                    url = "https://nixos.wiki/";
                  }
                ];
              }
            ];
          }
        ];
      };
    };
  };
  home.sessionVariables = {
    BROWSER = "firefox";
    MOZ_USE_XINPUT2 = "1";
    MOZ_ENABLE_WAYLAND = "1";
  };
 }
--- a/home-mods/plasma/default.nix
+++ b/home-mods/plasma/default.nix
--- a/home-mods/virt/default.nix
+++ b/home-mods/virt/default.nix
@ -0,0 +1,41 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  dconf.settings = {
    "org/virt-manager/virt-manager/connections" = {
      autoconnect = ["qemu:///system"];
      uris = ["qemu:///system"];
    };
  };
  xdg.desktopEntries = {
    win10 = {
      name = "Win 10 VM";
      type = "Application";
      icon = "windows";
      comment = "start the win10 vm";
      exec = pkgs.lib.strings.concatStrings [
        "bash -c \""
        "virsh --connect=qemu:///system start win10; "
        "virt-viewer -a -w -c qemu:///system win10 "
        "&& virsh --connect=qemu:///system managedsave win10\""
      ];
    };
    win11 = {
      name = "Win 11 VM";
      type = "Application";
      icon = "windows";
      comment = "start the win11 vm";
      exec = pkgs.lib.strings.concatStrings [
        "bash -c \""
        "virsh --connect=qemu:///system start win11; "
        "virsh --connect=qemu:///system resume win11; "
        "virt-viewer -a -w -c qemu:///system win11 "
        "&& virsh --connect=qemu:///system managedsave win11\""
      ];
    };
  };
 }
--- a/home.nix
+++ b/home.nix
@ -11,356 +11,35 @@
  wallpaperPath = "${wallpaper}/share/wallpapers/nixos-wallpaper.png";
 in {
  imports = [
-    ./plasma.nix
+    ./home-mods/dev
    ./home-mods/firefox
    ./home-mods/plasma
    ./home-mods/virt
  ];
-  dconf.settings = {
+  home.file.".background".source = wallpaperPath;
    "org/virt-manager/virt-manager/connections" = {
      autoconnect = ["qemu:///system"];
      uris = ["qemu:///system"];
    };
  };
  programs.alacritty = {
    enable = true;
    settings = {
      window.opacity = 0.88;
      window.dimensions = {
        lines = 40;
        columns = 150;
      };
    };
  };
  services.lorri.enable = true;
  services.emacs = {
    enable = true;
    defaultEditor = true;
    package = pkgs.emacs-unstable-pgtk;
  };
  programs.nix-index = {
    enable = true;
    enableFishIntegration = true;
  };
  programs.fish = {
    enable = true;
    interactiveShellInit = ''
      any-nix-shell fish --info-right | source
      direnv hook fish | source
    '';
    loginShellInit = ''
      direnv hook fish | source
    '';
    functions = {
      ec = "emacsclient $argv";
      ecc = "emacsclient -c $argv";
      ecr = "emacsclient -r $argv";
      ecrr = "emacsclient -r $argv";
    };
  };
  programs.firefox = {
    enable = true;
    profiles = {
      default = {
        isDefault = true;
        settings = {
          # Extensions are managed with Nix, so don't update.
          "extensions.update.autoUpdateDefault" = false;
          "extensions.update.enabled" = false;
          # Sync
          # "services.sync.username" = config.etu.user.email;
          "services.sync.engine.addons" = false; # Do not sync extensions.
          "general.autoScroll" = true; # Middle click to scroll
          "browser.startup.page" = 3; # Restore previous windows and tabs.
          # Privacy enhancements
          "browser.newtabpage.activity-stream.feeds.telemetry" = false;
          "browser.newtabpage.activity-stream.telemetry" = false;
          "browser.newtabpage.activity-stream.feeds.snippets" = false;
          "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
          "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
          "browser.newtabpage.activity-stream.showSponsored" = false;
          "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false;
          "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
          # Improve performance
          "gfx.webrender.all" = true;
          # Do Not Track header
          "privacy.donottrackheader.enabled" = true;
          "privacy.donottrackheader.value" = 1;
          # Enable userChrome customisations
          # "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
        };
        extensions = with config.nur.repos.rycee.firefox-addons; [
          bitwarden
          clearurls
          consent-o-matic
          darkreader
          localcdn
          plasma-integration
          privacy-badger
          rust-search-extension
          sidebery
          skip-redirect
          sponsorblock
          tab-stash
          ublock-origin
          unpaywall
        ];
        search = {
          force = true;
          default = "DuckDuckGo";
          order = ["DuckDuckGo" "Nix Packages" "Nix Options" "NixOS Wiki"];
          engines = {
            "DuckDuckGo".metaData = {
              alias = "@ddg";
            };
            "Nix Packages" = {
              urls = [
                {
                  template = "https://search.nixos.org/packages";
                  params = [
                    {
                      name = "type";
                      value = "packages";
                    }
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
              icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
              definedAliases = ["@np"];
            };
            "Nix Options" = {
              urls = [
                {
                  template = "https://search.nixos.org/options";
                  params = [
                    {
                      name = "type";
                      value = "options";
                    }
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
              icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
              definedAliases = ["@no"];
            };
            "Home-Manager Options" = {
              urls = [
                {
                  template = "https://mipmip.github.io/home-manager-option-search";
                  params = [
                    {
                      name = "query";
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
              icon = "/run/current-system/sw/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
              definedAliases = ["@ho"];
            };
            "NixOS Wiki" = {
              urls = [
                {
                  template = "https://nixos.wiki/index.php?search={searchTerms}";
                }
              ];
              iconUpdateURL = "https://nixos.wiki/favicon.png";
              updateInterval = 24 * 60 * 60 * 1000;
              definedAliases = ["@nw"];
            };
            "Bing".metaData.hidden = true;
            "Amazon.de".metaData.hidden = true;
            "Google".metaData = {
              alias = "@g";
              hidden = true;
            };
          };
        };
        bookmarks = [
          {
            toolbar = true;
            bookmarks = [
              {
                name = "Home Manager";
                url = "https://nixos.wiki/wiki/Home_Manager";
              }
            ];
          }
          {
            name = "wikipedia";
            tags = ["wiki"];
            keyword = "wiki";
            url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go";
          }
          {
            name = "kernel.org";
            url = "https://www.kernel.org";
          }
          {
            name = "Nix sites";
            bookmarks = [
              {
                name = "homepage";
                url = "https://nixos.org/";
              }
              {
                name = "wiki";
                tags = ["wiki" "nix"];
                url = "https://nixos.wiki/";
              }
              {
                name = "Nix sites";
                bookmarks = [
                  {
                    name = "homepage";
                    url = "https://nixos.org/";
                  }
                  {
                    name = "wiki";
                    url = "https://nixos.wiki/";
                  }
                ];
              }
            ];
          }
        ];
      };
    };
  };
  programs.git = {
    enable = true;
    userName = "Tristan Druyen";
    userEmail = "tristan@vault81.de";
    aliases = {
      ci = "commit";
      co = "checkout";
      s = "status";
    };
    extraConfig = {
      user.signingkey = "/home/tristand/.ssh/id_ed25519";
      commit.gpgsign = true;
      gpg.format = "ssh";
    };
  };
  programs.ssh = {
    enable = true;
    matchBlocks = {
      "he3" = {
        host = "he3";
        hostname = "he3.vault81.de";
        user = "root";
        identityFile = "~/.ssh/id_hetz_ed25519";
      };
      "he2" = {
        host = "he2";
        hostname = "he2.vault81.de";
        user = "root";
        identityFile = "~/.ssh/id_v81_ed25519";
      };
      "desk-arch" = {
        host = "desk-arch";
        hostname = "tristan-desk-arch";
        user = "tristand";
        identityFile = "~/.ssh/id_v81_ed25519";
      };
    };
  };
  programs.gpg = {
    enable = true;
  };
  services.gpg-agent = {
    enable = true;
    enableExtraSocket = true;
    enableSshSupport = true;
  };
  home.username = "tristand";
  home.homeDirectory = "/home/tristand";
  home.file.".background".source = wallpaperPath;
  home.packages = with pkgs; [
    any-nix-shell
    cavalier
    alejandra
    atool
    alacritty
    aspell
    aspellDicts.en
    aspellDicts.en-computers
    aspellDicts.en-science
    aspellDicts.de
    bitwarden
    binutils
    brave
    btop
-    cmake
+    cavalier
-    emacs-unstable-pgtk
+    direnv
-    firefox
+    imagemagick
    inkscape
    jellyfin-media-player
    kate
    neofetch
    nextcloud-client
    onlyoffice-bin
    kate
    rcm
    rustup
    direnv
    rust-motd
    (ripgrep.override {withPCRE2 = true;})
    gnutls
    gnumake
    gcc
    pandoc
    libtool
    fd
    imagemagick
    pinentry-emacs
    python311Full
    zstd
    rnix-lsp
    texlive.combined.scheme-full
    rustdesk
    tutanota-desktop
    signal-desktop
@ -371,38 +50,5 @@ in {
    zellij
  ];
  home.sessionVariables = {
    BROWSER = "firefox";
    TERMINAL = "alacritty";
  };
  xdg.desktopEntries = {
    win10 = {
      name = "Win 10 VM";
      type = "Application";
      icon = "windows";
      comment = "start the win10 vm";
      exec = pkgs.lib.strings.concatStrings [
        "bash -c \""
        "virsh --connect=qemu:///system start win10; "
        "virt-viewer -a -w -c qemu:///system win10 "
        "&& virsh --connect=qemu:///system managedsave win10\""
      ];
    };
    win11 = {
      name = "Win 11 VM";
      type = "Application";
      icon = "windows";
      comment = "start the win11 vm";
      exec = pkgs.lib.strings.concatStrings [
        "bash -c \""
        "virsh --connect=qemu:///system start win11; "
        "virsh --connect=qemu:///system resume win11; "
        "virt-viewer -a -w -c qemu:///system win11 "
        "&& virsh --connect=qemu:///system managedsave win11\""
      ];
    };
  };
  home.stateVersion = "23.05";
 }
--- a/os-mods/network/default.nix
+++ b/os-mods/network/default.nix
@ -0,0 +1,33 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  networking.networkmanager.enable = true;
  networking.nameservers = [
    "45.90.28.0#921984.dns.nextdns.io"
    "45.90.30.0#921984.dns.nextdns.io"
    "2a07:a8c0::#921984.dns.nextdns.io"
    "2a07:a8c1::#921984.dns.nextdns.io"
  ];
  services.resolved = {
    enable = true;
    dnssec = "true";
    domains = ["~."];
    fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
    extraConfig = ''
      DNSOverTLS=yes
    '';
  };
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
  };
  services.mozillavpn = {
    enable = true;
  };
 }
--- a/os-mods/virt/default.nix
+++ b/os-mods/virt/default.nix
@ -0,0 +1,45 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  environment.systemPackages = with pkgs; [
    virtiofsd
    virt-manager
    virt-viewer
    virt-top
  ];
  virtualisation.docker = {
    enable = true;
    storageDriver = "btrfs";
  };
  virtualisation.libvirtd = {
    enable = true;
    onShutdown = "suspend";
    onBoot = "ignore";
    qemu = {
      package = pkgs.qemu_kvm;
      ovmf.enable = true;
      ovmf.packages = [pkgs.OVMFFull.fd];
      swtpm.enable = true;
      runAsRoot = false;
    };
  };
  # virtualisation.libvirtd.allowedBridges = [
  #   "virbr0"
  #   "testbr0"
  # ];
  # networking.bridges = {
  #   testbr0 = {
  #     interfaces = [
  #       "enp5s0f4u1u1c2"
  #     ];
  #   };
  # };
 }