- commit
- 5f4387a
- parent
- 5f4387a
- author
- Triple oh
- date
- 2025-09-07 01:57:28 -0400 EDT
Initial.
17 files changed,
+980,
-0
+15,
-0
1@@ -0,0 +1,15 @@
2+{
3+ config,
4+ pkgs,
5+ lib,
6+ ...
7+}: {
8+ imports = [
9+ ];
10+
11+ config = {
12+ boot.loader.systemd-boot.enable = true;
13+ boot.loader.efi.canTouchEfiVariables = true;
14+ boot.loader.efi.efiSysMountPoint = "/efi";
15+ };
16+}
+44,
-0
1@@ -0,0 +1,44 @@
2+{
3+ config,
4+ pkgs,
5+ lib,
6+ ...
7+}: {
8+ imports = [];
9+
10+ config = {
11+ i18n.extraLocaleSettings = {
12+ LC_ADDRESS = "en_US.UTF-8";
13+ LC_IDENTIFICATION = "en_US.UTF-8";
14+ LC_MEASUREMENT = "en_US.UTF-8";
15+ LC_MONETARY = "en_US.UTF-8";
16+ LC_NAME = "en_US.UTF-8";
17+ LC_NUMERIC = "en_US.UTF-8";
18+ LC_PAPER = "en_US.UTF-8";
19+ LC_TELEPHONE = "en_US.UTF-8";
20+ LC_TIME = "en_US.UTF-8";
21+ };
22+
23+ services.xserver.displayManager.autoLogin.enable = true;
24+ services.xserver.displayManager.autoLogin.user = "tosh";
25+
26+ nixpkgs.config.allowUnfree = false;
27+ # TODO
28+
29+ system.stateVersion = "25.05";
30+
31+ networking.hostName = "nixos-qubes";
32+ networking.networkmanager.enable = true;
33+ time.timeZone = "America/New_York";
34+
35+ # networking.proxy.default = "http://user:password@proxy:port/";
36+ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
37+
38+ i18n.defaultLocale = "en_US.UTF-8";
39+ console = {
40+ font = "Lat2-Terminus16";
41+ keyMap = "us";
42+ useXkbConfig = true; # use xkb.options in tty.
43+ };
44+ };
45+}
+68,
-0
1@@ -0,0 +1,68 @@
2+{
3+ config,
4+ lib,
5+ pkgs,
6+ ...
7+}: {
8+ imports = [
9+ ./hardware-configuration.nix
10+ ];
11+
12+ networking.hostName = "nixos-qubes";
13+ networking.networkmanager.enable = true;
14+ time.timeZone = "America/New_York";
15+
16+ # networking.proxy.default = "http://user:password@proxy:port/";
17+ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
18+
19+ i18n.defaultLocale = "en_US.UTF-8";
20+ console = {
21+ font = "Lat2-Terminus16";
22+ keyMap = "us";
23+ useXkbConfig = true; # use xkb.options in tty.
24+ };
25+
26+ services.xserver.enable = true;
27+ services.xserver.xkb.layout = "us";
28+ services.xserver.xkb.options = "eurosign:e,caps:escape";
29+
30+ services.pipewire = {
31+ enable = true;
32+ pulse.enable = true;
33+ };
34+
35+ services.libinput.enable = true;
36+
37+ users.users.user = {
38+ isNormalUser = true;
39+ extraGroups = ["wheel"];
40+ packages = with pkgs; [
41+ tree
42+ mc
43+ alejandra
44+ git
45+ ];
46+ };
47+
48+ programs.firefox.enable = true;
49+
50+ environment.systemPackages = with pkgs; [
51+ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
52+ wget
53+ mc
54+ git
55+ lazygit
56+ ];
57+
58+ programs.gnupg.agent = {
59+ enable = true;
60+ enableSSHSupport = true;
61+ };
62+
63+ services.openssh.enable = true;
64+
65+ # networking.firewall.allowedTCPPorts = [ ... ];
66+ # networking.firewall.allowedUDPPorts = [ ... ];
67+
68+ system.stateVersion = "25.05";
69+}
+201,
-0
1@@ -0,0 +1,201 @@
2+{
3+ "nodes": {
4+ "flake-parts": {
5+ "inputs": {
6+ "nixpkgs-lib": [
7+ "nixos-qubes",
8+ "nixpkgs"
9+ ]
10+ },
11+ "locked": {
12+ "lastModified": 1738453229,
13+ "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
14+ "owner": "hercules-ci",
15+ "repo": "flake-parts",
16+ "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
17+ "type": "github"
18+ },
19+ "original": {
20+ "owner": "hercules-ci",
21+ "repo": "flake-parts",
22+ "type": "github"
23+ }
24+ },
25+ "home-manager": {
26+ "inputs": {
27+ "nixpkgs": [
28+ "nixpkgs"
29+ ]
30+ },
31+ "locked": {
32+ "lastModified": 1756261190,
33+ "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=",
34+ "owner": "nix-community",
35+ "repo": "home-manager",
36+ "rev": "77f348da3176dc68b20a73dab94852a417daf361",
37+ "type": "github"
38+ },
39+ "original": {
40+ "owner": "nix-community",
41+ "repo": "home-manager",
42+ "rev": "77f348da3176dc68b20a73dab94852a417daf361",
43+ "type": "github"
44+ }
45+ },
46+ "nix-index": {
47+ "inputs": {
48+ "nixpkgs": [
49+ "nixpkgs-unstable"
50+ ]
51+ },
52+ "locked": {
53+ "lastModified": 1757215509,
54+ "narHash": "sha256-wCp1wHGzTSTtY3A8BLEJKRqbnD2oFlBBD4NKwZimRqw=",
55+ "owner": "nix-community",
56+ "repo": "nix-index-database",
57+ "rev": "b33c3aadca9343dbbcba8be71cb741d095aab8a9",
58+ "type": "github"
59+ },
60+ "original": {
61+ "owner": "nix-community",
62+ "repo": "nix-index-database",
63+ "type": "github"
64+ }
65+ },
66+ "nixos-hardware": {
67+ "locked": {
68+ "lastModified": 1757103352,
69+ "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=",
70+ "owner": "NixOS",
71+ "repo": "nixos-hardware",
72+ "rev": "11b2a10c7be726321bb854403fdeec391e798bf0",
73+ "type": "github"
74+ },
75+ "original": {
76+ "owner": "NixOS",
77+ "repo": "nixos-hardware",
78+ "type": "github"
79+ }
80+ },
81+ "nixos-qubes": {
82+ "inputs": {
83+ "flake-parts": "flake-parts",
84+ "nixpkgs": [
85+ "nixpkgs"
86+ ],
87+ "nixpkgs-libvirt_10_5": "nixpkgs-libvirt_10_5",
88+ "shelly": "shelly",
89+ "treefmt-nix": "treefmt-nix"
90+ },
91+ "locked": {
92+ "lastModified": 1739756077,
93+ "narHash": "sha256-31GJQaxJjDP1PuiJv3Aw+M9ZPQmbqGOzXziBVAXMtmA=",
94+ "owner": "CertainLach",
95+ "repo": "nixos-qubes",
96+ "rev": "b6dc187b06b917151db963c08b8826fac5048bc6",
97+ "type": "github"
98+ },
99+ "original": {
100+ "owner": "CertainLach",
101+ "repo": "nixos-qubes",
102+ "type": "github"
103+ }
104+ },
105+ "nixpkgs": {
106+ "locked": {
107+ "lastModified": 1757020766,
108+ "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
109+ "owner": "NixOS",
110+ "repo": "nixpkgs",
111+ "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
112+ "type": "github"
113+ },
114+ "original": {
115+ "owner": "NixOS",
116+ "ref": "nixos-25.05",
117+ "repo": "nixpkgs",
118+ "type": "github"
119+ }
120+ },
121+ "nixpkgs-libvirt_10_5": {
122+ "locked": {
123+ "lastModified": 1727211877,
124+ "narHash": "sha256-zy/ar3GpnzuGRCwrr6zV/QicoZcqd2kNNhkRDECfStU=",
125+ "owner": "NixOS",
126+ "repo": "nixpkgs",
127+ "rev": "e0464e47880a69896f0fb1810f00e0de469f770a",
128+ "type": "github"
129+ },
130+ "original": {
131+ "owner": "NixOS",
132+ "repo": "nixpkgs",
133+ "rev": "e0464e47880a69896f0fb1810f00e0de469f770a",
134+ "type": "github"
135+ }
136+ },
137+ "nixpkgs-unstable": {
138+ "locked": {
139+ "lastModified": 1754800730,
140+ "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=",
141+ "owner": "NixOS",
142+ "repo": "nixpkgs",
143+ "rev": "641d909c4a7538f1539da9240dedb1755c907e40",
144+ "type": "github"
145+ },
146+ "original": {
147+ "owner": "NixOS",
148+ "repo": "nixpkgs",
149+ "rev": "641d909c4a7538f1539da9240dedb1755c907e40",
150+ "type": "github"
151+ }
152+ },
153+ "root": {
154+ "inputs": {
155+ "home-manager": "home-manager",
156+ "nix-index": "nix-index",
157+ "nixos-hardware": "nixos-hardware",
158+ "nixos-qubes": "nixos-qubes",
159+ "nixpkgs": "nixpkgs",
160+ "nixpkgs-unstable": "nixpkgs-unstable"
161+ }
162+ },
163+ "shelly": {
164+ "locked": {
165+ "lastModified": 1737089050,
166+ "narHash": "sha256-SQ22z9L7fSC8FWNIlImpKeBGBUPoWpsTy9uc75o7uK0=",
167+ "owner": "CertainLach",
168+ "repo": "shelly",
169+ "rev": "b5fa6bb56dcd1541ec399ceab1e95a74872ecd34",
170+ "type": "github"
171+ },
172+ "original": {
173+ "owner": "CertainLach",
174+ "repo": "shelly",
175+ "type": "github"
176+ }
177+ },
178+ "treefmt-nix": {
179+ "inputs": {
180+ "nixpkgs": [
181+ "nixos-qubes",
182+ "nixpkgs"
183+ ]
184+ },
185+ "locked": {
186+ "lastModified": 1738953846,
187+ "narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=",
188+ "owner": "numtide",
189+ "repo": "treefmt-nix",
190+ "rev": "4f09b473c936d41582dd744e19f34ec27592c5fd",
191+ "type": "github"
192+ },
193+ "original": {
194+ "owner": "numtide",
195+ "repo": "treefmt-nix",
196+ "type": "github"
197+ }
198+ }
199+ },
200+ "root": "root",
201+ "version": 7
202+}
+123,
-0
1@@ -0,0 +1,123 @@
2+{
3+ description = "toshix/easix + qubes";
4+ /*
5+ description = "A simple flake for NixOS and Home Manager using flake-parts";
6+ */
7+
8+ inputs = {
9+ nixos-hardware.url = "github:NixOS/nixos-hardware";
10+
11+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
12+ nixpkgs-unstable.url = "github:NixOS/nixpkgs/641d909c4a7538f1539da9240dedb1755c907e40";
13+
14+ nix-index.url = "github:nix-community/nix-index-database";
15+ ##nix-index.url = "tarball:///etc/nixos/codeload/nix-index-database_b7fcd4e26d67fca48e77de9b0d0f954b18ae9562.tar.gz";
16+ nix-index.inputs.nixpkgs.follows = "nixpkgs-unstable";
17+
18+ home-manager = {
19+ url = "github:nix-community/home-manager/77f348da3176dc68b20a73dab94852a417daf361";
20+ inputs.nixpkgs.follows = "nixpkgs";
21+ };
22+
23+ #disko.url = "github:nix-community/disko";
24+ #disko.inputs.nixpkgs.follows = "nixpkgs";
25+
26+ /*
27+ # add zeditor and a couple other time-wasters here
28+ # also remote/foreign flakes
29+ */
30+
31+ nixos-qubes = {
32+ url = "github:CertainLach/nixos-qubes";
33+ inputs.nixpkgs.follows = "nixpkgs";
34+ };
35+ };
36+
37+ outputs = {
38+ self,
39+ nixpkgs,
40+ nix-index,
41+ #disko,
42+ home-manager,
43+ nixos-hardware,
44+ nixos-qubes,
45+ ...
46+ } @ inputs: let
47+ inherit (self) outputs;
48+
49+ stateVersion = "25.05"; ## todo read this from identity (nix or json)
50+
51+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
52+ system = "x86_64-linux";
53+ in {
54+ nixosConfigurations = {
55+ nixos-qubes = nixpkgs.lib.nixosSystem {
56+ modules = [
57+ # ./installs/almost-dead
58+ nixos-hardware.nixosModules.common-cpu-intel # todo "dynamic/generated" and expanded
59+ nixos-hardware.nixosModules.common-pc
60+ nixos-hardware.nixosModules.common-pc-ssd
61+ # ./profiles/hilarious/hila-nix.nix # see in installs, doesnt work
62+ # ./optional/machine.nix
63+ ./optional/novix/clean-tmp.nix
64+
65+ inputs.nixos-qubes.nixosModules.default
66+ ./qubes.nix
67+ ];
68+
69+ specialArgs = {inherit inputs;};
70+ };
71+ };
72+
73+ homeConfigurations = {
74+ "olu@nixos-qubes" = home-manager.lib.homeManagerConfiguration {
75+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
76+ modules = [
77+ {
78+ home.stateVersion = "25.05";
79+ home.username = "olu";
80+ home.homeDirectory = "/home/qubes-olu";
81+ # the stuff that's actually sposed to be here
82+ }
83+ ];
84+ # extraSpecialArgs = {inherit inputs;};
85+ };
86+ };
87+
88+ packages.x86_64-linux.default = self.nixosConfigurations.nixos-qubes.config.system.build.isoImage;
89+
90+ # formatter checks hydraJobs
91+
92+ devShells.${system}.default = pkgs.mkShell {
93+ nativeBuildInputs = with pkgs; [
94+ mc # how did we miss this? (it's always included); ok, so start to customize it
95+ ## emacs (yeah right)
96+ ## elijah pushing into a tiny c compiler
97+ ## janet (the docs/not like anything else problem)
98+ ## erlang (calm down)
99+ ## babashka (we do not want a jvm here)
100+ sanoid
101+ ripgrep
102+ busybox
103+ git
104+ gnumake
105+ just
106+ go
107+ nix-output-monitor
108+ home-manager.packages.${system}.default
109+ lazygit
110+ alejandra
111+ lazygit
112+ nixos-install-tools
113+ #self.diodon or whatever it's called
114+ # daktari (py), lmt (go), xxx (go)
115+ screen
116+ tmux
117+ byobu # !! learn this
118+ ##disko
119+ ##factor
120+ ##debooostrap,etc
121+ ];
122+ };
123+ };
124+}
+34,
-0
1@@ -0,0 +1,34 @@
2+{
3+ config,
4+ lib,
5+ pkgs,
6+ modulesPath,
7+ ...
8+}: {
9+ imports = [
10+ (modulesPath + "/installer/scan/not-detected.nix")
11+ ];
12+
13+ boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc"];
14+ boot.initrd.kernelModules = ["dm-snapshot"];
15+ boot.kernelModules = ["kvm-intel"];
16+ boot.extraModulePackages = [];
17+
18+ fileSystems."/" = {
19+ device = "/dev/disk/by-uuid/7b9f2f97-2c9b-47c1-88d3-8a4f1c4134f1";
20+ fsType = "btrfs";
21+ };
22+
23+ fileSystems."/efi" = {
24+ device = "/dev/disk/by-uuid/B3B6-BF9C";
25+ fsType = "vfat";
26+ options = ["fmask=0022" "dmask=0022"];
27+ };
28+
29+ swapDevices = [
30+ {device = "/dev/mapper/dev-disk-byx2dpartlabel-toshx2dswap2";}
31+ ];
32+
33+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
34+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
35+}
+68,
-0
1@@ -0,0 +1,68 @@
2+## https://rossabaker.com/configs/hosts/abe/
3+{
4+ config,
5+ lib,
6+ pkgs,
7+ ...
8+}: let
9+ cfg = config.services.mastodon;
10+
11+ inherit (builtins) concatStringsSep map;
12+ streamingSocket = i: "unix//run/mastodon-streaming/streaming-${toString i}.socket";
13+ streamingSockets = concatStringsSep " " (map streamingSocket (lib.range 1 cfg.streamingProcesses));
14+in {
15+ options = {
16+ #novix.mastodon
17+ cfg.enable = lib.mkEnableOption {
18+ services.mastodon = {
19+ enable = true;
20+ package = pkgs.mastodon;
21+ localDomain = "bunchofzeros.top";
22+ extraConfig = {
23+ WEB_DOMAIN = "social.bunchofzeros.top";
24+ };
25+ configureNginx = false;
26+ smtp.fromAddress = "";
27+ streamingProcesses = 7;
28+ };
29+
30+ networking.firewall.allowedTCPPorts = [80 443];
31+
32+ # The default module configures localDomain. We need to configure
33+ # the WEB_DOMAIN. This is a nasty copy-and-paste.
34+ services.caddy.virtualHosts."${cfg.extraConfig.WEB_DOMAIN}".extraConfig = ''
35+ import hardening
36+ import iocaine
37+
38+ handle {
39+ handle_path /system/* {
40+ root /var/lib/mastodon/public-system
41+ file_server
42+ }
43+
44+ handle /api/v1/streaming/* {
45+ reverse_proxy ${streamingSockets} {
46+ lb_policy least_conn
47+ }
48+ }
49+
50+ handle {
51+ request_body /api/v2/media {
52+ max_size 150MB
53+ }
54+
55+ route {
56+ file_server {
57+ root ${cfg.package}/public/
58+ pass_thru
59+ }
60+ reverse_proxy unix//run/mastodon-web/web.socket
61+ }
62+ }
63+ }
64+ '';
65+
66+ users.groups.${cfg.group}.members = [config.services.caddy.user];
67+ };
68+ };
69+}
+18,
-0
1@@ -0,0 +1,18 @@
2+{
3+ config,
4+ pkgs,
5+ lib,
6+ ...
7+}: let
8+ cfg = config.novix.home.program.terminal.alacritty;
9+in {
10+ # imports = [];
11+
12+ options = {
13+ novix.home.program.terminal.alacritty = lib.mkEnableOption "Alacritty terminal";
14+ };
15+
16+ config = lib.mkIf cfg.enable {
17+ environment.systemPackages = [pkgs.alacritty];
18+ };
19+}
+12,
-0
1@@ -0,0 +1,12 @@
2+{
3+ config,
4+ lib,
5+ pkgs,
6+ ...
7+}: {
8+ imports = [
9+ # ./_mastodon.nix
10+ ./nix-ld.nix
11+ ./grub.nix
12+ ];
13+}
+18,
-0
1@@ -0,0 +1,18 @@
2+{
3+ inputs,
4+ lib,
5+ config,
6+ pkgs,
7+ ...
8+}: {
9+ imports = [
10+ ];
11+
12+ options = {
13+ novix.services.forgejo-actions = lib.mkEnableOption {
14+ environment.systemPackages = [
15+ pkgs.forgejo-actions-runner
16+ ];
17+ };
18+ };
19+}
+21,
-0
1@@ -0,0 +1,21 @@
2+{
3+ config,
4+ lib,
5+ pkgs,
6+ ...
7+}: let
8+ cfg =
9+ config.novix.system.grub-efi;
10+in {
11+ options = {
12+ novix.system.grub-efi = lib.mkOption {
13+ type = lib.types.string;
14+ description = "The mountpoint for grub efi";
15+ default = "/boot/efi";
16+ };
17+ };
18+
19+ config = lib.mkIf config.boot.loader.grub.enable {
20+ boot.loader.efi.efiSysMountPoint = cfg;
21+ };
22+}
+124,
-0
1@@ -0,0 +1,124 @@
2+{
3+ config,
4+ lib,
5+ fn,
6+ ...
7+}:
8+with builtins;
9+with lib; let
10+ cfg = config.machine;
11+ pkgsetList = fn.makeOptionTypeList (toString ../profiles/derped/pkgsets);
12+ serviceList = fn.makeOptionTypeList (toString ../profiles/derped/services);
13+ pkgOption = pname: {
14+ name = pname;
15+ value = rec {
16+ pkgwrap = mkOption {
17+ type = with types; oneOf [package (listOf package)];
18+ default = fn.pkgFilter cfg.pkgsets."${pname}".pkgs;
19+ description = ''
20+ Package Wrapper for packages using a wrapper function (like python, emacs, haskell, ...)
21+ '';
22+ };
23+ pkgs = mkOption {
24+ type = types.unspecified;
25+ default = [];
26+ description = ''
27+ ${pname} package list.
28+ '';
29+ };
30+ };
31+ };
32+in {
33+ options.machine = {
34+ pkgs = mkOption {
35+ type = types.listOf (types.enum pkgsetList);
36+ default = ["base"];
37+ description = ''
38+ The list of metapackages to be installed.
39+ '';
40+ };
41+ # Package names containing '::' are sub packages and should not have their own pkgset.
42+ pkgsets = listToAttrs (map pkgOption (lists.filter (v: !(strings.hasInfix "::" v)) pkgsetList));
43+ services = mkOption {
44+ type = types.listOf (types.enum serviceList);
45+ default = [];
46+ description = ''
47+ List of services to be enabled.
48+ '';
49+ };
50+ conffiles = mkOption {
51+ type = types.listOf types.str;
52+ default = ["zsh"];
53+ description = ''
54+ List of configuration files to be enabled.
55+ '';
56+ };
57+ hostName = mkOption {
58+ type = types.str;
59+ description = ''
60+ The Machines HostName
61+ '';
62+ };
63+ networkD = {
64+ enable = mkOption {
65+ type = types.bool;
66+ default = false;
67+ description = ''
68+ Disables dhcpcd and enables networkd.
69+ '';
70+ };
71+ waitOnline = mkOption {
72+ type = types.bool;
73+ default = true;
74+ description = ''
75+ Enables/disables systemd-networkd-wait-online service.
76+ '';
77+ };
78+ };
79+ binaryCaches = mkOption {
80+ type = types.listOf types.str;
81+ default = [];
82+ description = ''
83+ Adds binary caches to both nix.trustedBinaryCaches and nix.binaryCaches. ("https://cache.nixos.org" is kept by default)
84+ '';
85+ };
86+ administrators = mkOption {
87+ type = types.listOf types.attrs;
88+ description = ''
89+ List of administrative users.
90+ '';
91+ };
92+ domain = mkOption {
93+ type = types.str;
94+ default = "localhost";
95+ description = ''
96+ The Machines domain name.
97+ '';
98+ };
99+ extraDomains = mkOption {
100+ type = types.listOf types.str;
101+ default = [];
102+ description = ''
103+ Extra domains used in various services.
104+ '';
105+ };
106+ mailAccounts = mkOption {
107+ type = types.listOf types.attrs;
108+ default = [];
109+ description = ''
110+ List of mail account user names.
111+ '';
112+ };
113+ vHosts = mkOption {
114+ type = types.listOf types.attrs;
115+ default = [];
116+ description = ''
117+ Domain - Service mappings for nginx vHost config.
118+ '';
119+ };
120+ };
121+ imports = [
122+ (mkAliasOptionModule ["machine" "firewall"] ["networking" "firewall"])
123+ (mkAliasOptionModule ["machine" "allowUnfree"] ["nixpkgs" "config" "allowUnfree"])
124+ ];
125+}
+137,
-0
1@@ -0,0 +1,137 @@
2+{
3+ config,
4+ lib,
5+ pkgs,
6+ ...
7+}: let
8+ cfg = config.novix.nix-ld;
9+in {
10+ # imports = [];
11+
12+ options = {
13+ novix.nix-ld.enable = lib.mkEnableOption "nix=-ld for Jetbrains Toolbox";
14+ };
15+
16+ config = lib.mkIf cfg.enable {
17+ ## https://nixos.wiki/wiki/Jetbrains_Tools
18+ programs.nix-ld.enable = true;
19+
20+ ## Might be unstable
21+ ##programs.nix-ld.dev.enable = false;
22+ programs.nix-ld.libraries = with pkgs; [
23+ SDL
24+ SDL2
25+ SDL2_image
26+ SDL2_mixer
27+ SDL2_ttf
28+ SDL_image
29+ SDL_mixer
30+ SDL_ttf
31+ alsa-lib
32+ at-spi2-atk
33+ at-spi2-core
34+ atk
35+ bzip2
36+ cairo
37+ cups
38+ curlWithGnuTls
39+ dbus
40+ dbus-glib
41+ desktop-file-utils
42+ e2fsprogs
43+ expat
44+ flac
45+ fontconfig
46+ freeglut
47+ freetype
48+ fribidi
49+ fuse
50+ fuse3
51+ gdk-pixbuf
52+ glew110
53+ glib
54+ gmp
55+ gst_all_1.gst-plugins-base
56+ gst_all_1.gst-plugins-ugly
57+ gst_all_1.gstreamer
58+ gtk2
59+ harfbuzz
60+ icu
61+ keyutils.lib
62+ libGL
63+ libGLU
64+ libappindicator-gtk2
65+ libcaca
66+ libcanberra
67+ libcap
68+ libclang.lib
69+ libdbusmenu
70+ libdrm
71+ libgcrypt
72+ libgpg-error
73+ libidn
74+ libjack2
75+ libjpeg
76+ libmikmod
77+ libogg
78+ libpng12
79+ libpulseaudio
80+ librsvg
81+ libsamplerate
82+ libthai
83+ libtheora
84+ libtiff
85+ libudev0-shim
86+ libusb1
87+ libuuid
88+ libvdpau
89+ libvorbis
90+ libvpx
91+ libxcrypt-legacy
92+ libxkbcommon
93+ libxml2
94+ mesa
95+ nspr
96+ nss
97+ openssl
98+ p11-kit
99+ pango
100+ pixman
101+ python3
102+ speex
103+ stdenv.cc.cc
104+ tbb
105+ udev
106+ vulkan-loader
107+ wayland
108+ xorg.libICE
109+ xorg.libSM
110+ xorg.libX11
111+ xorg.libXScrnSaver
112+ xorg.libXcomposite
113+ xorg.libXcursor
114+ xorg.libXdamage
115+ xorg.libXext
116+ xorg.libXfixes
117+ xorg.libXft
118+ xorg.libXi
119+ xorg.libXinerama
120+ xorg.libXmu
121+ xorg.libXrandr
122+ xorg.libXrender
123+ xorg.libXt
124+ xorg.libXtst
125+ xorg.libXxf86vm
126+ xorg.libpciaccess
127+ xorg.libxcb
128+ xorg.xcbutil
129+ xorg.xcbutilimage
130+ xorg.xcbutilkeysyms
131+ xorg.xcbutilrenderutil
132+ xorg.xcbutilwm
133+ xorg.xkeyboardconfig
134+ xz
135+ zlib
136+ ];
137+ };
138+}
+38,
-0
1@@ -0,0 +1,38 @@
2+{pkgs, ...}: {
3+ systemd.services.clean-tmp2 = {
4+ description = "Clean /tmp at boot";
5+ wantedBy = ["multi-user.target"];
6+ path = [
7+ pkgs.coreutils
8+ # pkgs.odate
9+ ];
10+ serviceConfig = {
11+ Type = "oneshot"; # Run once and exit
12+ User = "root"; # Run as root if needed
13+ };
14+ script = ''
15+ set -xe
16+ export D=$(date +"%y-%m-%d-%s")
17+ mkdir /m/crazy-temp/$D
18+ ${pkgs.rsync}/bin/rsync -av --exclude /tmp/tmpfs --remove-source-files /tmp/* /m/crazy-temp/$D/
19+ '';
20+ };
21+
22+ # systemd.services.clean-tmp = {
23+ # description = "Clean /tmp at boot";
24+ # wantedBy = ["multi-user.target"];
25+ # before = ["local-fs.target"];
26+ # serviceConfig = {
27+ # Type = "oneshot";
28+ # ExecStart = "/run/current-system/sw/bin/rm -rf /tmp/*";
29+ # };
30+ # };
31+
32+ fileSystems."/tmp/tmpfs" = {
33+ device = "tmpfs";
34+ fsType = "tmpfs";
35+ # Adjust size as needed
36+ # Technically, we want to expand (This is not ramfs)
37+ options = ["mode=1777" "size=2G"];
38+ };
39+}
+1,
-0
1@@ -0,0 +1 @@
2+{...}: {}
+23,
-0
1@@ -0,0 +1,23 @@
2+{
3+ inputs,
4+ lib,
5+ config,
6+ pkgs,
7+ ...
8+}: {
9+ imports = [];
10+
11+ config = {
12+ services.locate = {
13+ enable = true;
14+ package = pkgs.plocate;
15+ #localuser = users.users.plocate.uid;
16+ };
17+
18+ # users.users.plocate = { isSystemUser = true; defaultShell = "/dev/null"; };
19+
20+ environment.systemPackages = [
21+ pkgs.plocate
22+ ];
23+ };
24+}
+35,
-0
1@@ -0,0 +1,35 @@
2+{
3+ config,
4+ lib,
5+ pkgs,
6+ ...
7+}: {
8+ config = {
9+ virtualisation.qubes = {
10+ dom0.enable = true;
11+
12+ # Current qubes module implementation is not as secure as QubesOS, this option is mandatory to clarify that.
13+ secure = false;
14+
15+ # Insert your primary username here, qubes is single-user system. Only this user will be able to use qubes utilities.
16+ user = "tosh";
17+
18+ # All those options are opt-outs, I.e only keep options here that you want to be active
19+ # Configuration I provide here is supposed to keep your system running as-is for now,
20+ # I.e you will have USB, internet access, and qubes module will not mess with your system configuration too much.
21+ optOutRecommendedConfiguration = [
22+ "disable-smt" # Do not disable SMT
23+ "hostname-dom0" # Use current machine hostname, do not reset it to dom0
24+ "dom0-restricted-usb" # Do not block USB devices in dom0
25+ "dedicated-sys-usb" # Allow USB devices in dom0
26+ "dedicated-sys-net" # Allow networking in dom0
27+ ];
28+ };
29+
30+ nixpkgs.config.allowUnfreePredicate = pkg:
31+ builtins.elem (lib.getName pkg) [
32+ "qubes-vmm-stubdom-linux"
33+ "qubes-artwork"
34+ ];
35+ };
36+}