primrose/.files
1
0
Fork 0
mirror of https://codeberg.org/leana8959/.files.git synced 2025-12-06 22:59:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

hydrogen: init

Browse source
This commit is contained in:
Primrose 2025-11-01 13:04:03 +08:00
parent 16a1666570
commit a00bdb82be
Signed by: primrose
GPG key ID: 4E887A4CA9714ADA
10 changed files with 555 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
default.nix
View file

@ -8,6 +8,10 @@
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./nix/configurations/vanadium.nix]; modules = [./nix/configurations/vanadium.nix];
}; };
hydrogen = {
system = "aarch64-linux";
modules = [./nix/configurations/hydrogen.nix];
};
installer = { installer = {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./nix/configurations/installer.nix]; modules = [./nix/configurations/installer.nix];

133
nix/configurations/hydrogen.nix Normal file
View file

@ -0,0 +1,133 @@
let
sources = import ../../npins;
hostname = "hydrogen";
username = "leana";
in
{
modulesPath,
config,
pkgs,
lib,
...
}: let
inherit (lib.modules) mkAliasOptionModule;
in {
imports = [
# The generator and hardware configuration
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
#
# Shorthands
#
(mkAliasOptionModule ["me"] ["users" "users" username])
(mkAliasOptionModule ["hm"] ["home-manager" "users" username])
#
# hostname
#
{_module.args = {inherit hostname;};}
#
# nixpkgs
#
{
nixpkgs = {
overlays =
map import
[
../overlays/agenix.nix
../overlays/nur.nix
../overlays/nix-tree.nix
../packages/overlay.nix
]
# use lix everywhere and wrap it with nom
++ [
(import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;})
(import ../overlays/nix-monitored.nix)
];
# Set NIX_PATH and flake registry at the same time
# https://github.com/NixOS/nixpkgs/pull/254405
flake.source = sources.nixpkgs;
};
nix.package = pkgs.nix-monitored;
system.nixos.version = lib.substring 0 8 sources.nixpkgs.revision;
}
./hydrogen/nixos/misc.nix
./hydrogen/nixos/programs.nix
./hydrogen/nixos/connectivity.nix
./hydrogen/nixos/secure_dns.nix
../nixosModules/common/disable-command-not-found.nix
../nixosModules/common/network.nix
../nixosModules/common/sudo-conf.nix
../nixosModules/common/system-nixconf.nix
../nixosModules/extra/leana.nix
#
# Extern modules
#
(sources.agenix + "/modules/age.nix")
(sources.nixos-hardware + "/raspberry-pi/4")
#
# home-manager
#
(sources.home-manager + "/nixos")
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = [{home.stateVersion = lib.mkDefault config.system.stateVersion;}];
};
hm.imports = [
#
# hostname
#
{_module.args = {inherit hostname;};}
#
# home modules
#
./hydrogen/home/programs.nix
../homeModules/common/btop
../homeModules/common/fish
../homeModules/common/starship
../homeModules/common/tmux
../homeModules/common/vim
../homeModules/common/direnv.nix
../homeModules/common/git.nix
../homeModules/common/gpg.nix
../homeModules/common/leana.nix
../homeModules/common/locale.nix
../homeModules/common/packages.nix
../homeModules/common/tealdeer.nix
../homeModules/extra/tmux-fish-integration.nix
#
# Extern modules
#
(sources.agenix + "/modules/age-home.nix")
(import sources.wired-notify).homeManagerModules.default
];
}
#
# Secrets
#
{
age.secrets = {
wpa_password.file = "${../secrets/wpa_password.age}";
};
}
];
}

64
nix/configurations/hydrogen/home/programs.nix Normal file
View file

@ -0,0 +1,64 @@
{
pkgs,
lib,
config,
...
}: {
home.sessionVariables = let
fishCfg = config.programs.fish;
in {
"SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package);
};
home.packages = [
pkgs.nmap
pkgs.stow
pkgs.zip
pkgs.unzip
pkgs.gnutar
pkgs.p7zip
pkgs.bc
pkgs.dig
pkgs.hutils
pkgs.miniserve
pkgs.agenix
pkgs.nix-which
# pretty tui tools
pkgs.du-dust
pkgs.tokei
pkgs.hyperfine
pkgs.watchexec
pkgs.onefetch
pkgs.just
# nix tools
pkgs.alejandra
pkgs.nurl
pkgs.npins
pkgs.nix-tree
pkgs.nh
];
programs = {
neovim = {
enable = true;
defaultEditor = true;
};
lazygit.enable = true;
fish.enable = true;
starship.enable = true;
tmux.enable = true;
direnv.enable = true;
ripgrep.enable = true;
btop.enable = true;
# OCaml fails to build on aarch64-linux
git.patdiff.enable = lib.mkForce false;
};
services = {
gpg-agent.enable = true;
};
}

71
nix/configurations/hydrogen/nixos/connectivity.nix Normal file
View file

@ -0,0 +1,71 @@
{
config,
lib,
...
}: {
# https://unix.stackexchange.com/questions/592775/how-can-i-enable-apple-ios-fast-charge-support
services.udev.extraRules = ''
SUBSYSTEM=="usb", ACTION=="add", DRIVER=="apple-mfi-fastcharge", RUN+="/bin/sh -c 'echo Fast > /sys/class/power_supply/apple_mfi_fastcharge/charge_type'"
'';
users.users.root.openssh.authorizedKeys.keys = let
ids = import ../../../identities.nix;
in
builtins.concatMap builtins.attrValues (builtins.attrValues ids);
networking = {
networkmanager.enable = lib.mkForce false;
firewall.allowedTCPPorts = [
8080
# For 'localsend'
# https://github.com/localsend/localsend?tab=readme-ov-file#setup
53317
];
# To enable roaming https://wiki.archlinux.org/title/Wpa_supplicant#Roaming
wireless = {
enable = true;
userControlled.enable = true;
secretsFile = config.age.secrets.wpa_password.path;
scanOnLowSignal = false;
networks = let
# wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
escapePwdKey = lib.replaceStrings ["="] ["_"];
fromList = ns: let
go = networkArgs @ {
ssid,
# Custom fields wrapping nixpkgs module options
hasPassword ? false,
scanOnLowSignal ? false,
randomizeMac ? false,
...
}: {
${ssid} = lib.mkMerge [
(builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
(lib.optionalAttrs hasPassword {
pskRaw = "ext:${escapePwdKey ssid}";
})
(lib.optionalAttrs scanOnLowSignal {
extraConfig = ''
bgscan="simple:30:-70:3600"
'';
})
(lib.optionalAttrs randomizeMac {
extraConfig = ''
mac_addr=1
'';
})
];
};
in
lib.mkMerge (map go ns);
in
fromList (import ./connectivity/networks.nix);
};
};
hardware.bluetooth.enable = true;
}

97
nix/configurations/hydrogen/nixos/connectivity/networks.nix Normal file
View file

@ -0,0 +1,97 @@
let
preferredPriority = 20;
privatePriority = 10;
limitedPriority = -10;
in [
{
ssid = "~";
priority = preferredPriority;
hasPassword = true;
}
{
ssid = "Peis Wifi";
priority = privatePriority;
hasPassword = true;
}
{
ssid = "girlypop-net";
priority = privatePriority;
hasPassword = true;
}
{
ssid = "annapurna";
priority = privatePriority;
hasPassword = true;
scanOnLowSignal = true;
}
{
ssid = "5526-1"; # TODO: set bssid preference ?
priority = privatePriority;
hasPassword = true;
}
{
ssid = "eduroam";
priority = privatePriority;
scanOnLowSignal = true;
authProtocols = ["WPA-EAP"];
auth = ''
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="${./universite_de_rennes.pem}"
identity="ychiang@etudiant.univ-rennes.fr"
altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
phase2="auth=MSCHAPV2"
password=ext:EDUROAM
anonymous_identity="anonymous@univ-rennes.fr"
'';
}
{
ssid = "A-WAY";
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "CAT.jpgcafe";
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "LOUISA"; # 區公所
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "LouisaCoffee"; # 七張
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "MetroTaipei x Louisa"; # 大安
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{ssid = "_SNCF_WIFI_INOUI";}
{ssid = "_WIFI_LYRIA";}
{ssid = "EurostarTrainsWiFi";}
{ssid = "SBB-FREE";}
{ssid = "AOT Airport Free Wi-Fi by NT";}
{ssid = "NewTaipei";}
{ssid = "Fami-WiFi";}
{
ssid = "iPhone de Léana ";
priority = limitedPriority;
hasPassword = true;
}
]

97
nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem Normal file
View file

@ -0,0 +1,97 @@
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
-----END CERTIFICATE-----

10
nix/configurations/hydrogen/nixos/misc.nix Normal file
View file

@ -0,0 +1,10 @@
{
system.stateVersion = "25.05";
swapDevices = [
{
device = "/var/swapfile";
size = 1024; # MB
}
];
}

16
nix/configurations/hydrogen/nixos/programs.nix Normal file
View file

@ -0,0 +1,16 @@
{pkgs, ...}: {
environment.systemPackages = [
pkgs.man-pages
pkgs.man-pages-posix
];
#
# Programs
#
programs = {
vim.enable = true;
vim.defaultEditor = true;
git.enable = true;
};
}

57
nix/configurations/hydrogen/nixos/secure_dns.nix Normal file
View file

@ -0,0 +1,57 @@
# https://nixos.wiki/wiki/Encrypted_DNS
{
lib,
pkgs,
...
}: {
networking = {
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
# networkmanager.dns = "none";
};
services.resolved.enable = false;
services.dnscrypt-proxy2 = {
enable = true;
# Settings reference:
# https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
settings = {
listen_addresses = ["127.0.0.1:53"];
ipv4_servers = true;
require_dnssec = true;
require_nolog = true;
require_nofilter = true;
lb_strategy = "p2";
lb_estimator = true;
# Blocklists are made of one pattern per line.
# https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75
blocked_names.blocked_names_file = pkgs.concatText "dnsblocklist_combined" [
# Prevent building up reliance on chatbots
# Gotta preserve that thinking ability of my smoof bwain
pkgs.ai_blocklist
pkgs.hategroup_blocklist
# Gotta purify my smoos brain for a while
(pkgs.writeText "extra_dns_blocklist" ''
instagram.com
youtube.com
'')
];
# Add this to test if dnscrypt-proxy is actually used to resolve DNS requests
# query_log.file = "/var/log/dnscrypt-proxy/query.log";
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/cache/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
}

7
nix/configurations/vanadium/nixos/misc.nix
View file

@ -1,4 +1,4 @@
{ {config, ...}: {
system.stateVersion = "24.11"; system.stateVersion = "24.11";
boot.loader = { boot.loader = {
@ -13,4 +13,9 @@
# https://community.frame.work/t/stability-issues-random-crashes-reboots-and-boot-freezes/62675/4 # https://community.frame.work/t/stability-issues-random-crashes-reboots-and-boot-freezes/62675/4
"pcie_aspm=off" "pcie_aspm=off"
]; ];
# Cross building
# https://discourse.nixos.org/t/how-do-i-get-my-aarch64-linux-machine-to-build-x86-64-linux-extra-platforms-doesnt-seem-to-work/38106/2?u=leana8959
boot.binfmt.emulatedSystems = ["aarch64-linux"];
nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
} }