imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

init: public

Browse Source
This commit is contained in:
imxyy_soope_
2025-04-13 15:09:14 +08:00
parent 5995c2050b
commit 50247d94e8
253 changed files with 12964 additions and 567 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/hosts/imxyy-nix/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./nixos.nix
./hardware.nix
./home.nix
./virt.nix
./net.nix
];
}

165
config/hosts/imxyy-nix/hardware.nix Normal file
View File

@@ -0,0 +1,165 @@
{
config,
lib,
pkgs,
username,
...
}:
{
boot = {
initrd = {
kernelModules = [ "amdgpu" ];
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
verbose = false;
};
kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_zen;
kernelModules = [ "kvm-amd" ];
tmp.useTmpfs = true;
kernel.sysctl = {
"fs.file-max" = 9223372036854775807;
};
resumeDevice = "/dev/disk/by-uuid/0404de0a-9c4d-4c98-b3e5-b8ff8115f36c";
kernelParams = [
"resume_offset=6444127"
# "quiet"
# "splash"
# "log_level=3"
];
consoleLogLevel = 3;
/*
plymouth = {
enable = true;
theme = "bgrt";
themePackages = [ pkgs.nixos-bgrt-plymouth ];
};
*/
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/0404de0a-9c4d-4c98-b3e5-b8ff8115f36c";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=root"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/843c36ae-f6d0-46a1-b5c7-8ab569e1e63f";
fsType = "btrfs";
options = [ "compress=zstd" ];
};
fileSystems."/persistent" = {
device = "/dev/disk/by-uuid/0404de0a-9c4d-4c98-b3e5-b8ff8115f36c";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=persistent"
];
neededForBoot = true;
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/0404de0a-9c4d-4c98-b3e5-b8ff8115f36c";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=swap"
];
neededForBoot = true;
};
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/disk/by-uuid/0404de0a-9c4d-4c98-b3e5-b8ff8115f36c /btrfs_tmp
mkdir -p /btrfs_tmp/old_roots
if [[ -e /btrfs_tmp/root ]]; then
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B7DC-E9AC";
fsType = "vfat";
};
fileSystems."/home/${username}/Documents" = {
device = "/dev/disk/by-uuid/a4e37dcd-764a-418c-aa1c-484f1fbd4bbe";
fsType = "ext4";
};
fileSystems."/home/${username}/Downloads" = {
device = "/dev/disk/by-uuid/18717cb4-49ac-40fa-95d4-29523a458dd0";
fsType = "ext4";
};
fileSystems."/home/${username}/Videos" = {
device = "/dev/disk/by-uuid/b67bbeab-58bc-4814-b5e3-08404e78b25e";
fsType = "ext4";
};
fileSystems."/home/${username}/Pictures" = {
device = "/dev/disk/by-uuid/a31bfe7e-cc17-4bd2-af74-ae5de9be35d3";
fsType = "ext4";
};
fileSystems."/home/${username}/Music" = {
device = "//192.168.3.2/share/imxyy_soope_/Music";
fsType = "cifs";
options = [
"username=nas"
"password=nasshare"
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
"nodev"
"nofail"
"uid=1000"
"gid=100"
"vers=3"
"rw"
];
};
swapDevices = [
{
device = "/swap/swapfile";
size = 32 * 1024;
}
];
networking.useDHCP = lib.mkDefault false;
hardware.enableRedistributableFirmware = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
}

215
config/hosts/imxyy-nix/home.nix Normal file
View File

@@ -0,0 +1,215 @@
{
config,
lib,
pkgs,
username,
...
}:
{
my.home = {
home.packages = with pkgs; [
localsend
rclone
wpsoffice-cn
wps-office-fonts
evince
# siyuan-unlock
anki
ayugram-desktop
telegram-desktop
signal-desktop
cinny-desktop
discord
qq
gnome-clocks
wineWowPackages.waylandFull
pavucontrol
pamixer
];
programs.zsh = {
shellAliases = {
cageterm = "cage -m DP-2 -s -- alacritty -o font.size=20";
cagefoot = "cage -m DP-2 -s -- foot --font=monospace:size=20";
cagekitty = "cage -m DP-2 -s -- kitty -o font_size=20";
};
sessionVariables = {
no_proxy = "192.168.3.0/24";
PATH = "/home/${username}/bin:$PATH";
};
profileExtra = ''
if [ `tty` = "/dev/tty1" -a $XDG_RUNTIME_DIR ]; then
echo 'Starting Niri...'
exec uwsm start niri-uwsm.desktop
elif [ `tty` = "/dev/tty6" ]; then
clear
fi
'';
};
programs.niri.settings.outputs = {
DP-2 = {
enable = true;
mode = {
width = 2560;
height = 1440;
refresh = 75.033;
};
scale = 1.25;
position = {
x = 0;
y = 0;
};
};
DP-3 = {
enable = true;
mode = {
width = 2560;
height = 1440;
refresh = 75.033;
};
scale = 1.25;
};
};
};
my = {
autologin = {
enable = true;
user = "${username}";
ttys = [
1
6
];
};
gpg.enable = true;
cmd.all.enable = true;
coding.all.enable = true;
desktop.all.enable = true;
desktop.wm.dwm.enable = lib.mkForce false;
desktop.browser.librewolf.enable = lib.mkForce false;
i18n.fcitx5.enable = true;
xdg = {
enable = true;
defaultApplications =
let
browser = [ "chromium-browser.desktop" ];
editor = [ "codium.desktop" ];
imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ];
in
{
"inode/directory" = [ "nemo.desktop" ];
"application/pdf" = [ "evince.desktop" ];
"text/*" = editor;
"application/json" = editor;
"text/html" = editor;
"text/xml" = editor;
"application/xml" = editor;
"application/xhtml+xml" = editor;
"application/xhtml_xml" = editor;
"application/rdf+xml" = editor;
"application/rss+xml" = editor;
"application/x-extension-htm" = editor;
"application/x-extension-html" = editor;
"application/x-extension-shtml" = editor;
"application/x-extension-xht" = editor;
"application/x-extension-xhtml" = editor;
"x-scheme-handler/about" = browser;
"x-scheme-handler/ftp" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"x-scheme-handler/unknown" = browser;
"audio/*" = imageviewer;
"video/*" = imageviewer;
"image/*" = imageviewer;
"image/gif" = imageviewer;
"image/jpeg" = imageviewer;
"image/png" = imageviewer;
"image/webp" = imageviewer;
};
extraBookmarks =
let
homedir = config.my.home.home.homeDirectory;
in
[
"file://${homedir}/Documents/%E7%8F%AD%E7%BA%A7%E4%BA%8B%E5%8A%A1 "
"file://${homedir}/NAS NAS"
"file://${homedir}/NAS/imxyy_soope_ NAS imxyy_soope_"
"file://${homedir}/NAS/imxyy_soope_/OS NAS OS"
];
};
persist = {
enable = true;
homeDirs = [
".android"
"Android"
".ssh"
"bin"
"workspace"
"WineApps"
"Virt"
".cache"
".local/state"
".local/share/Anki2"
".local/share/dooit"
".local/share/nvim"
".local/share/shotwell"
".local/share/Steam"
".local/share/SteamOS"
".local/share/Trash"
".local/share/cheat.sh"
".local/share/Kingsoft"
".local/share/oss.krtirtho.spotube"
".local/share/AyuGramDesktop"
".local/share/TelegramDesktop"
".local/share/cinny"
".config/Signal"
".config/discord"
".config/QQ"
".config/Kingsoft"
".config/dconf"
".config/gh"
".config/pulse"
".config/chromium"
".config/go-musicfox/db"
".config/tmux/plugins"
".config/pip"
".config/obs-studio"
".config/libreoffice"
".config/Moonlight Game Streaming Project"
".config/sunshine"
];
nixosDirs = [
"/etc/ssh"
];
homeFiles = [
".config/mpd/mpd.db" # requires bindfs
".config/go-musicfox/cookie"
".hmcl.json"
];
nixosFiles = [
"/etc/davfs2/secrets"
];
};
};
}

136
config/hosts/imxyy-nix/net.nix Normal file
View File

@@ -0,0 +1,136 @@
{
config,
lib,
pkgs,
sopsRoot,
...
}:
{
boot.kernelParams = [
"biosdevname=0"
"net.ifnames=0"
];
networking = {
useDHCP = lib.mkForce false;
dhcpcd = {
wait = "background";
IPv6rs = true;
extraConfig = ''
interface eth0
noipv4
'';
};
interfaces = {
eth0 = {
useDHCP = lib.mkForce true;
wakeOnLan.enable = true;
macAddress = "3C:7C:3F:7C:D3:9D";
ipv4 = {
addresses = [
{
address = "192.168.3.3";
prefixLength = 24;
}
];
};
};
};
defaultGateway = {
address = "192.168.3.1";
interface = "eth0";
};
nameservers = [
"192.168.3.2"
];
firewall.enable = false;
nftables = {
enable = true;
flushRuleset = true;
ruleset = ''
table inet firewall {
set LANv4 {
type ipv4_addr
flags interval
elements = { 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
}
set LANv6 {
type ipv6_addr
flags interval
elements = { fd00::/8, fe80::/10 }
}
chain output {
type filter hook output priority 100; policy accept;
}
chain input {
type filter hook input priority 0; policy drop;
iif lo accept
ct state invalid drop
ct state established,related accept
ip saddr @LANv4 accept
ip6 saddr @LANv6 accept
}
chain forward {
type filter hook forward priority 0; policy drop;
}
}
'';
};
};
sops.secrets.dae-imxyy-nix = {
sopsFile = sopsRoot + /dae-imxyy-nix.dae;
format = "binary";
};
services.dae = {
enable = true;
configFile = config.sops.secrets.dae-imxyy-nix.path;
};
systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = {
sopsFile = sopsRoot + /mihomo.yaml;
format = "yaml";
key = "";
};
systemd.services.mihomo.after = [ "sops-nix.service" ];
services.mihomo = {
enable = true;
configFile = config.sops.secrets.mihomo.path;
webui = pkgs.metacubexd;
};
services.tailscale.enable = true;
sops.secrets.et-imxyy-nix = {
sopsFile = sopsRoot + /et-imxyy-nix.toml;
format = "binary";
};
environment.systemPackages = [ pkgs.easytier ];
systemd.services."easytier" = {
enable = true;
script = "easytier-core -c ${config.sops.secrets.et-imxyy-nix.path}";
serviceConfig = {
Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m";
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
User = "root";
};
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"sops-nix.service"
];
path = with pkgs; [
easytier
iproute2
bash
];
};
}

319
config/hosts/imxyy-nix/nixos.nix Normal file
View File

@@ -0,0 +1,319 @@
{
lib,
pkgs,
username,
...
}:
let
btreset = pkgs.writeScriptBin "btreset" ''
#!${lib.getExe pkgs.python3}
import subprocess
import os
import sys
SYM = "BT"
def action(line: str) -> bool:
if line.find(SYM) == -1:
return False
temp = line.split(" ")
bus = temp[1]
device = temp[3][:-1]
subprocess.run(["${lib.getExe usbreset}", f"/dev/bus/usb/{bus}/{device}"])
return True
if __name__ == "__main__":
if os.path.exists("/tmp/.btreseted") and len(sys.argv) == 1 and "-f" not in sys.argv[1:]:
exit(0)
res_byte = subprocess.check_output("/run/current-system/sw/bin/lsusb")
res = res_byte.decode()
lst = res.split("\n")
if any(tuple(map(action, lst))):
with open("/tmp/.btreseted", "w"):
...
'';
usbreset = pkgs.writeCBin "usbreset" ''
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <linux/usbdevice_fs.h>
int main(int argc, char **argv)
{
const char *filename;
int fd;
int rc;
if (argc != 2) {
fprintf(stderr, "Usage: usbreset device-filename\n");
return 1;
}
filename = argv[1];
fd = open(filename, O_WRONLY);
if (fd < 0) {
perror("Error opening output file");
return 1;
}
printf("Resetting USB device %s\n", filename);
rc = ioctl(fd, USBDEVFS_RESET, 0);
if (rc < 0) {
perror("Error in ioctl");
return 1;
}
printf("Reset successful\n");
close(fd);
return 0;
}
'';
in
{
security.pam.loginLimits = [
{
domain = "*";
type = "soft";
item = "nofile";
value = "524288";
}
];
systemd.services.btreset = {
script = lib.getExe btreset;
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
};
boot.kernelParams = [
"usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter)
"fsck.mode=skip"
];
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
grub.enable = false;
timeout = 0;
};
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/cache/nix";
serviceConfig.CacheDirectory = "nix";
};
environment.variables.NIX_REMOTE = "daemon";
# services.pipewire.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
alsa.enable = false;
alsa.support32Bit = false;
pulse.enable = false;
audio.enable = false;
configPackages = [
/*
(pkgs.writeTextDir "share/pipewire/media-session.d/bluez-monitor.conf" ''
rules = [
{
actions = {
update-props = {
bluez5.autoswitch-profile = true;
}
}
}
]
'')
*/
];
};
services.pipewire.wireplumber.extraConfig = {
/*
"10-bluez" = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
*/
/*
"11-bluetooth-policy" = {
"wireplumber.settings" = {
"bluetooth.autoswitch-to-headset-profile" = false;
};
};
*/
};
services.pulseaudio = {
enable = true;
support32Bit = true;
package = pkgs.pulseaudioFull;
extraConfig = ''
load-module module-switch-on-connect
unload-module module-suspend-on-idle
'';
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General.Enable = "Source,Sink,Media,Socket";
};
};
users.extraUsers.${username}.extraGroups = [ "audio" ];
fonts = {
enableDefaultPackages = false;
fontDir.enable = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
jetbrains-mono
nerd-fonts.symbols-only
];
fontconfig.defaultFonts = {
serif = [
"Noto Serif CJK SC"
"Noto Serif"
"Symbols Nerd Font"
"Noto Color Emoji"
];
sansSerif = [
"Noto Sans CJK SC"
"Noto Sans"
"Symbols Nerd Font"
"Noto Color Emoji"
];
monospace = [
"JetBrains Mono"
"Noto Sans Mono CJK SC"
"Symbols Nerd Font Mono"
"Noto Color Emoji"
];
emoji = [ "Noto Color Emoji" ];
};
};
services.printing.enable = true;
services.keyd = {
enable = true;
keyboards.default.settings = {
main = {
capslock = "overload(control, esc)";
home = "end";
};
shift = {
home = "home";
};
control = {
delete = "print";
};
};
};
services.gvfs.enable = true;
virtualisation.waydroid.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
users.users.${username}.extraGroups = [ "wireshark" ];
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
applications.apps = [
{
name = "Desktop";
image-path = "desktop.png";
}
];
};
services.openssh = {
enable = true;
settings = {
# Forbid root login through SSH.
PermitRootLogin = null;
PasswordAuthentication = true;
};
};
environment.systemPackages = [
pkgs.rclone
btreset
];
fileSystems =
let
config = pkgs.writeText "rclone.conf" ''
[Nextcloud]
type = webdav
url = https://192.168.3.2/remote.php/dav/files/imxyy_soope_
vendor = nextcloud
user = imxyy_soope_
pass = C2UUiMyPoynWWKS9kf_Fr8rcoXxgUswPYi4s
[NAS]
type = smb
host = 192.168.3.2
user = nas
pass = O74S6-7jDFykwCvZ8vuIxohh00Ty7XJF
'';
in
{
"/home/${username}/Nextcloud" = {
device = "Nextcloud:";
fsType = "rclone";
options = [
"nodev"
"nofail"
"allow_other"
"args2env"
"config=${toString config}"
"uid=1000"
"gid=100"
"rw"
"no-check-certificate"
"vfs-cache-mode=full"
];
};
"/home/${username}/NAS" = {
device = "//192.168.3.2/share";
fsType = "cifs";
options = [
"username=nas"
"password=nasshare"
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
"nodev"
"nofail"
"uid=1000"
"gid=100"
"vers=3"
"rw"
];
};
};
}

35
config/hosts/imxyy-nix/rule_sets/steamcn.json Normal file
View File

@@ -0,0 +1,35 @@
{
"version": 1,
"rules": [
{
"domain": [
"cm.steampowered.com",
"ol.epicgames.com",
"csgo.wmsj.cn",
"dota2.wmsj.cn",
"wmsjsteam.com",
"dl.steam.clngaa.com",
"dl.steam.ksyna.com",
"gstore.val.manlaxy.com",
"st.dl.bscstorage.net",
"st.dl.eccdnx.com",
"st.dl.pinyuncloud.com",
"steampipe.steamcontent.tnkjmec.com",
"steampowered.com.8686c.com",
"steamstatic.com.8686c.com",
"steambroadcast.akamaized.net",
"steamcdn-a.akamaihd.net",
"steamcommunity-a.akamaihd.net",
"steamstore-a.akamaihd.net",
"steamusercontent-a.akamaihd.net",
"steamuserimages-a.akamaihd.net"
],
"domain_suffix": [
".steamcontent.com",
".steamserver.net",
".steamchina.com"
],
"invert": false
}
]
}

12
config/hosts/imxyy-nix/virt.nix Normal file
View File

@@ -0,0 +1,12 @@
{
...
}:
{
hardware.graphics.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
my.virt = {
enable = true;
moonlight.enable = true;
};
}