uhhhhhhhhh

add secrets
refactor things

common/base.nix

@@ -1,7 +1,6 @@
 { config, pkgs, ... }:
 
 {
-
   nix = {
     package = pkgs.nixUnstable;
     extraOptions = ''
@@ -15,7 +14,8 @@
       automatic = true;
       options = "--delete-older-than 7d";
     };
-
+    daemonCPUSchedPolicy = "idle";
+    daemonIOSchedClass = "idle";
   };
 
   environment.systemPackages = with pkgs; [
@@ -27,19 +27,7 @@
     pciutils
     coreutils-full
     killall
+    git-crypt
   ];
 
-  networking.networkmanager.enable = true;
-  networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
-
-  services.timesyncd.enable = true;
-  networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
-
-  i18n.defaultLocale = "ru_RU.UTF-8";
-  console = {
-    font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz";
-    keyMap = "us";
-    packages = with pkgs; [ terminus_font ];
-  };
-
 }

common/laptop.nix

@@ -5,8 +5,9 @@
     powertop
     lm_sensors
   ];
+
+  boot.plymouth.enable = true;
+  
   services.tlp.enable = true;
   services.upower.enable = true;
-
-  networking.wireless.iwd.enable = true;
 }

common/locale.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+  time.timeZone = "Europe/Moscow";
+
+  i18n.defaultLocale = "ru_RU.UTF-8";
+  console = {
+    font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz";
+    keyMap = "us";
+    packages = with pkgs; [ terminus_font ];
+  };
+}

common/networking.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  networking.wireless.iwd.enable = true;
+  networking.wireless.iwd.settings = {
+    General = {
+      EnableNetworkConfiguration = true;
+    };
+  };
+
+  networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
+
+  services.timesyncd.enable = true;
+  networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
+}

common/remote-access.nix

@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+  };
+  programs.mosh.enable = true;
+}

common/user.nix

@@ -1,9 +1,12 @@
 { config, pkgs, ... }:
 
-{
+let
+  secrets = import ../secrets.nix;
+in {
   users.users.ivabus = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
+    uid = 1000;
     packages = with pkgs; [
       tree
       cargo
@@ -12,6 +15,11 @@
       gitFull
     ];
     shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      # Air M2 macOS
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
+    ];
+    hashedPassword = secrets.hashed-password;
   };
 
   programs.zsh = {
@@ -21,7 +29,47 @@
   programs.gnupg.agent.enable = true;
   programs.ssh.startAgent = true;
 
-  programs.git = {
-    enable = true;
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+  home-manager.users.ivabus = {
+    gtk = {
+      enable = true;
+      theme = {
+        name = "Catppuccin-Macchiato-Standard-Blue-dark";
+        package = pkgs.catppuccin-gtk.override {
+          accents = [ "blue" ];
+          tweaks = [ "rimless" ];
+          size = "standard";
+          variant = "macchiato";
+        };
+      };
+      iconTheme = {
+        name = "Mint-Y-Blue";
+        package = pkgs.cinnamon.mint-y-icons;
+      };
+      cursorTheme = {
+        name = "Catppuccin-Macchiato-Dark-Cursors";
+        package = pkgs.catppuccin-cursors.macchiatoDark;
+      };
+      font = {
+        name = "Ubuntu";
+        size = 9;
+        package = pkgs.ubuntu_font_family;
+      };
+    };
+    home.pointerCursor = {
+      name = "Catppuccin-Macchiato-Dark-Cursors";
+      package = pkgs.catppuccin-cursors.macchiatoDark;
+      x11.defaultCursor = "Catppuccin-Macchiato-Dark-Cursors";
+    };
+    programs.git = {
+      enable = true;
+      userName = "Ivan Bushchik";
+      userEmail = "ivabus@ivabus.dev";
+      signing.key = "DF1D910360471F0CCF076E449F6DDABE11A2674D";
+      signing.signByDefault = true;
+      package = pkgs.gitAndTools.gitFull;
+    };
+    home.stateVersion = "23.05";
   };
 }

flake.nix

@@ -11,16 +11,22 @@
   };
 
 
-  outputs = { self, nixpkgs, ... }@inputs: {
+  outputs = { self, nixpkgs, home-manager, ... }@inputs: {
     # Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
     nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
+        home-manager.nixosModules.home-manager
         ./common/base.nix
         ./common/user.nix
-        ./roles/laptop.nix
+        ./common/laptop.nix
+        ./common/networking.nix
+        ./common/locale.nix
+        ./common/remote-access.nix
         ./roles/graphical.nix
-        ./roles/gaming.nix
+        #./roles/gaming.nix
+        ./roles/devel.nix
+        ./roles/yggdrasil-client.nix
         ./machines/stella/configuration.nix
         ./machines/stella/hardware.nix
       ];

machines/stella/configuration.nix

@@ -6,16 +6,10 @@
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.hostName = "stella";
-  time.timeZone = "Europe/Moscow";
 
   services.xserver.videoDrivers=["amdgpu"];
   boot.initrd.kernelModules=["amdgpu"];
 
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-  };
-
   system.stateVersion = "23.05";
 }
 

machines/stella/hardware.nix

@@ -39,5 +39,5 @@
     STOP_CHARGE_THRESH_BAT0 = 80;
   };
   powerManagement.enable = true;
-  powerManagement.cpuFreqGovernor = "powersave";
+  powerManagement.cpuFreqGovernor = "performance";
 }

roles/devel.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{
+  nixpkgs.config.allowUnfree = true;
+  environment.systemPackages = with pkgs; [
+    jetbrains.clion
+    rustc
+    cargo
+    rustup
+    vscode
+    clang
+    llvm
+    lld
+  ];
+}

roles/gaming.nix

@@ -1,3 +1,4 @@
+
 { config, pkgs, ... }:
 
 {

roles/graphical.nix

@@ -9,11 +9,12 @@
     mpv
     glib
     ffmpeg
-    cinnamon.mint-y-icons
+    cinnamon.nemo
     usbmuxd
     telegram-desktop
+    keepassxc
   ];
-  services.fwupd.enable = true;
+
   services.greetd = {
     enable = true;
     vt = 7;
@@ -37,7 +38,6 @@
       swaylock
       poweralertd
       kanshi
-      catppuccin-cursors
       libsForQt5.qt5ct
       mako
       pulseaudio
@@ -55,15 +55,29 @@
     enable = true;
     alsa.enable = true;
     pulse.enable = true;
+    alsa.support32Bit = true;
+    jack.enable = true;
+  };
+
+  qt = {
+    enable = true;
+    platformTheme = "gtk2";
+    style = "gtk2";
   };
 
   services.dbus.enable = true;
 
-  fonts.fonts = with pkgs; [
+  fonts.packages = with pkgs; [
     noto-fonts
     noto-fonts-cjk
     noto-fonts-emoji
     jetbrains-mono
     font-awesome
+    #google-fonts
+    liberation_ttf
+    open-sans
+    roboto
+    roboto-mono
+    kochi-substitute
   ];
 }

roles/yggdrasil-client.nix

@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  services.yggdrasil = {
+    enable = true;
+    persistentKeys = true;
+    settings = {
+      Peers = [
+        "tls://ygg.iva.bz:50002"
+      ];
+    };
+  };
+}

secrets.nix

@@ -0,0 +1,9 @@
+
+let
+  canaryHash = builtins.hashFile "sha256" ./secrets/canary;
+  expectedHash = "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
+in
+  if canaryHash != expectedHash then abort "Secrets are not readable. Have you run `git-crypt unlock`?"
+  else {
+    hashed-password = builtins.readFile ./secrets/hashed-password;
+  }

secrets/.gitattributes

@@ -0,0 +1,2 @@
+* filter=git-crypt diff=git-crypt
+.gitattributes !filter !diff