nixos-config/hosts/ytnix/default.nix

{
  config,
  pkgs,
  lib,
  ...
}:
{
  imports = [
    ./hardware-configuration.nix
    ../common.nix
    ../zsh.nix
  ];

  sops.age.keyFile = "/root/.config/sops/age/keys.txt";
  sops.secrets = {
    "borg/rsyncnet" = {
      sopsFile = ../../secrets/borg/yt.yaml;
    };
    "services/ntfy" = {
      sopsFile = ../../secrets/services/ntfy.yaml;
    };
    "wireguard/private" = {
      sopsFile = ../../secrets/wireguard/yt.yaml;
    };
    "wireguard/psk" = {
      sopsFile = ../../secrets/wireguard/yt.yaml;
    };
    "rsyncnet/id_ed25519" = {
      sopsFile = ../../secrets/zh5061/yt.yaml;
    };
    "newsboat/miniflux" = {
      sopsFile = ../../secrets/newsboat.yaml;
      owner = "yt";
    };
  };

  boot = {
    loader = {
      # lanzaboote replaces systemd-boot
      systemd-boot.enable = lib.mkForce false;
      efi.canTouchEfiVariables = false; # toggle when installing
    };
    tmp.cleanOnBoot = true;
    kernelPackages = pkgs.linuxKernel.packages.linux_zen;
    kernelPatches = [
      {
        name = "zen";
        patch = null;
        extraStructuredConfig = with lib.kernel; {
          CONFIG_SCHED_MUQSS = yes;
        };
      }
    ];
    # kernelPackages = with pkgs.linuxKernel; packagesFor kernels.linux_zen;
    extraModulePackages = with config.boot.kernelPackages; [
      rtl8821ce
    ];
    kernelParams = [
      # see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management
      "pcie_aspm=off"
    ];
    # see https://github.com/tomaspinho/rtl8821ce#wi-fi-not-working-for-kernel--59
    extraModprobeConfig = ''
      blacklist rtw88_8821ce
    '';
    lanzaboote = {
      enable = true;
      pkiBundle = "/var/lib/sbctl";
    };
    kernel.sysctl."kernel.sysrq" = 1;
  };

  networking = {
    hostName = "ytnix";
    wireless.iwd = {
      enable = true;
      settings = {
        Rank = {
          # disable 2.4 GHz cause i have a shitty wireless card
          # that interferes with bluetooth otherwise
          BandModifier2_4GHz = 0.0;
        };
      };
    };
    networkmanager = {
      enable = true;
      dns = "none";
      wifi.backend = "iwd";
    };
    resolvconf.enable = true;
    firewall = {
      allowedUDPPorts = [ 51820 ]; # for wireguard
      trustedInterfaces = [ "wg0" ];
    };
  };
  programs.nm-applet.enable = true;

  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    pulse.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    wireplumber.extraConfig.bluetoothEnhancements = {
      "wireplumber.settings" = {
        "bluetooth.autoswitch-to-headset-profile" = false;
      };
      "monitor.bluez.properties" = {
        "bluez5.enable-sbc-xq" = true;
        "bluez5.enable-msbc" = true;
        "bluez5.enable-hw-volume" = true;
        "bluez5.roles" = [
          "a2dp_sink"
          "a2dp_source"
        ];
      };
    };
    # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters
    wireplumber.extraConfig.disableSuspend = {
      "monitor.bluez.rules" = {
        matches = [
          {
            "node.name" = "bluez_output.*";
          }
        ];
      };
      actions = {
        update-props = {
          "session.suspend-timeout-seconds" = 0;
        };
      };
    };
  };

  services.libinput.enable = true;

  users.users.yt.extraGroups = [
    "wheel"
    "libvirtd"
    "docker"
  ];

  environment.systemPackages = with pkgs; [
    tmux
    vim
    wget
    neovim
    git
    python3
    wl-clipboard
    mako
    tree
    kitty
    borgbackup
    brightnessctl
    alsa-utils
    nixd
    bluetuith
    libimobiledevice
    pass-wayland
    htop
    file
    dnsutils
    age
    compsize
    wireguard-tools
    traceroute
    sops
    restic
    haskell-language-server
    ghc
    sbctl # secure boot
  ];

  environment.sessionVariables = {
    NIXOS_OZONE_WL = "1";
  };

  system.stateVersion = "24.05";

  programs.gnupg.agent.enable = true;

  services.displayManager = {
    enable = true;
    autoLogin.user = "yt";
  };

  fonts.packages = with pkgs; [
    nerd-fonts.roboto-mono
    ibm-plex
  ];
  fonts.enableDefaultPackages = true;

  hardware.enableAllFirmware = true;
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;
  };
  services.blueman.enable = true;

  my.backup = {
    enable = true;
    jobName = "ytnixRsync";
    exclude = [
      "/var/lib/private/ollama"
      "/home/**/Downloads"
      "/home/yt/fun"
      "/home/yt/.local/share/Steam"
      "**/.wine"
      "/home/yt/Games"
    ];
    repo = "yt";
    passFile = config.sops.secrets."borg/rsyncnet".path;
    sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path;
  };

  services.btrbk.instances.local = {
    onCalendar = "hourly";
    # only create snapshots automatically. backups are triggered manually with `btrbk resume`
    snapshotOnly = true;
    settings = {
      snapshot_preserve_min = "latest";
      target_preserve = "*d";
      target_preserve_min = "no";
      target = "/mnt/external/btr_backup/ytnix";
      stream_compress = "zstd";
      stream_compress_level = "8";
      snapshot_dir = "/snapshots";
      subvolume = {
        "/home" = { };
        "/" = { };
      };
    };
  };

  programs.steam = {
    enable = true;
    extest.enable = true;
    extraCompatPackages = with pkgs; [ proton-ge-bin ];
  };
  hardware.steam-hardware.enable = true;

  services.logind = {
    lidSwitch = "hibernate";
    powerKey = "hibernate";
  };

  xdg.mime.defaultApplications = {
    "application/pdf" = "okular.desktop";
    "image/*" = "gwenview.desktop";
    "*/html" = "chromium-browser.desktop";
  };

  programs.thunar = {
    enable = true;
    plugins = with pkgs.xfce; [
      thunar-archive-plugin
      thunar-volman
    ];
  };
  # preference changes don't work in thunar without this
  programs.xfconf.enable = true;
  # mount, trash and stuff in thunar
  services.gvfs.enable = true;
  # thumbnails in thunar
  services.tumbler.enable = true;

  virtualisation = {
    libvirtd.enable = true;
    docker.enable = true;
  };
  programs.virt-manager.enable = true;

  services.usbmuxd.enable = true;
  programs.nix-ld.enable = true;
  programs.evolution.enable = true;

  xdg.portal = {
    enable = true;
    wlr.enable = true;
  };

  programs.obs-studio = {
    enable = true;
    plugins = with pkgs.obs-studio-plugins; [
      wlrobs
    ];
  };

  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver
      intel-media-sdk
    ];
  };

  services.ollama.enable = true;

  # wireguard setup
  networking.wg-quick.interfaces.wg0 = {
    autostart = false;
    address = [
      "10.0.0.2/24"
      "fdc9:281f:04d7:9ee9::2/64"
    ];
    privateKeyFile = config.sops.secrets."wireguard/private".path;
    peers = [
      {
        publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
        allowedIPs = [
          "0.0.0.0/0"
          "::/0"
        ];
        endpoint = "31.59.129.225:51820";
        persistentKeepalive = 25;
        presharedKeyFile = config.sops.secrets."wireguard/psk".path;
      }
    ];
  };

  services.trezord.enable = true;

  my.niri = {
    enable = true;
    package = pkgs.niri-unstable;
  };
}
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`{`
first attempt 2024-12-12 23:35:10 -05:00			`config,`
			`pkgs,`
setup secure boot 2025-01-01 02:07:32 -05:00			`lib,`
first attempt 2024-12-12 23:35:10 -05:00			`...`
use rfc-style formatter 2024-12-19 02:32:58 -05:00			`}:`
			`{`
first attempt 2024-12-12 23:35:10 -05:00			`imports = [`
			`./hardware-configuration.nix`
common hosts file 2024-12-13 22:26:27 -05:00			`../common.nix`
name things better 2024-12-30 23:44:48 -05:00			`../zsh.nix`
first attempt 2024-12-12 23:35:10 -05:00			`];`

secrets/ytnix: fix structure and path 2024-12-16 22:17:39 -05:00			`sops.age.keyFile = "/root/.config/sops/age/keys.txt";`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`sops.secrets = {`
secrets/ytnix: fix structure and path 2024-12-16 22:17:39 -05:00			`"borg/rsyncnet" = {`
			`sopsFile = ../../secrets/borg/yt.yaml;`
secrets: migrate ytnix to new structure 2024-12-16 21:45:58 -05:00			`};`
			`"services/ntfy" = {`
			`sopsFile = ../../secrets/services/ntfy.yaml;`
			`};`
secrets/ytnix: fix structure and path 2024-12-16 22:17:39 -05:00			`"wireguard/private" = {`
secrets: migrate ytnix to new structure 2024-12-16 21:45:58 -05:00			`sopsFile = ../../secrets/wireguard/yt.yaml;`
			`};`
secrets/ytnix: fix structure and path 2024-12-16 22:17:39 -05:00			`"wireguard/psk" = {`
secrets: migrate ytnix to new structure 2024-12-16 21:45:58 -05:00			`sopsFile = ../../secrets/wireguard/yt.yaml;`
			`};`
borg: use new ssh keys and add -x flag 2024-12-20 18:43:11 -05:00			`"rsyncnet/id_ed25519" = {`
migrate to new rsync.net host 2025-01-06 19:10:07 -05:00			`sopsFile = ../../secrets/zh5061/yt.yaml;`
borg: use new ssh keys and add -x flag 2024-12-20 18:43:11 -05:00			`};`
add newsboat and fzf-tab 2024-12-25 02:32:01 -05:00			`"newsboat/miniflux" = {`
			`sopsFile = ../../secrets/newsboat.yaml;`
			`owner = "yt";`
			`};`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`};`
better secrets management 2024-11-23 21:41:28 -05:00
clean(?) stuff 2024-11-26 01:09:13 -05:00			`boot = {`
			`loader = {`
setup secure boot 2025-01-01 02:07:32 -05:00			`# lanzaboote replaces systemd-boot`
			`systemd-boot.enable = lib.mkForce false;`
enable default fonts and disable efitouchvariables efitouchvariables should only be enabled when installing 2025-01-01 14:39:22 -05:00			`efi.canTouchEfiVariables = false; # toggle when installing`
clean(?) stuff 2024-11-26 01:09:13 -05:00			`};`
fix legacy 2024-11-29 20:12:35 -05:00			`tmp.cleanOnBoot = true;`
overlay zen 2025-01-21 04:04:08 -05:00			`kernelPackages = pkgs.linuxKernel.packages.linux_zen;`
use kernelpatches instead of overlay 2025-01-22 11:04:48 -05:00			`kernelPatches = [`
			`{`
			`name = "zen";`
			`patch = null;`
			`extraStructuredConfig = with lib.kernel; {`
			`CONFIG_SCHED_MUQSS = yes;`
			`};`
			`}`
			`];`
			`# kernelPackages = with pkgs.linuxKernel; packagesFor kernels.linux_zen;`
fix bluetooth not work after resume 2024-11-28 01:49:43 -05:00			`extraModulePackages = with config.boot.kernelPackages; [`
Revert "(try to) fix bluetooth" This reverts commit 87c61c300c4894f56a5d032840a6475a1f258ba0. 2025-01-01 00:25:58 -05:00			`rtl8821ce`
fix bluetooth not work after resume 2024-11-28 01:49:43 -05:00			`];`
maybe this will fix bluetooth sigh 2025-01-01 01:06:33 -05:00			`kernelParams = [`
			`# see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management`
			`"pcie_aspm=off"`
			`];`
			`# see https://github.com/tomaspinho/rtl8821ce#wi-fi-not-working-for-kernel--59`
			`extraModprobeConfig = ''`
			`blacklist rtw88_8821ce`
			`'';`
setup secure boot 2025-01-01 02:07:32 -05:00			`lanzaboote = {`
			`enable = true;`
			`pkiBundle = "/var/lib/sbctl";`
			`};`
enable sysrq 2025-01-01 03:06:18 -05:00			`kernel.sysctl."kernel.sysrq" = 1;`
clean(?) stuff 2024-11-26 01:09:13 -05:00			`};`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`networking = {`
			`hostName = "ytnix";`
			`wireless.iwd = {`
			`enable = true;`
			`settings = {`
			`Rank = {`
			`# disable 2.4 GHz cause i have a shitty wireless card`
			`# that interferes with bluetooth otherwise`
			`BandModifier2_4GHz = 0.0;`
			`};`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`};`
			`};`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`networkmanager = {`
			`enable = true;`
			`dns = "none";`
Revert "(try to) fix bluetooth" This reverts commit 87c61c300c4894f56a5d032840a6475a1f258ba0. 2025-01-01 00:25:58 -05:00			`wifi.backend = "iwd";`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`};`
			`resolvconf.enable = true;`
			`firewall = {`
use rfc-style formatter 2024-12-19 02:32:58 -05:00			`allowedUDPPorts = [ 51820 ]; # for wireguard`
			`trustedInterfaces = [ "wg0" ];`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`};`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`};`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`programs.nm-applet.enable = true;`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`security.rtkit.enable = true;`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`services.pipewire = {`
			`enable = true;`
			`pulse.enable = true;`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`alsa.enable = true;`
			`alsa.support32Bit = true;`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`wireplumber.extraConfig.bluetoothEnhancements = {`
			`"wireplumber.settings" = {`
			`"bluetooth.autoswitch-to-headset-profile" = false;`
			`};`
			`"monitor.bluez.properties" = {`
			`"bluez5.enable-sbc-xq" = true;`
			`"bluez5.enable-msbc" = true;`
			`"bluez5.enable-hw-volume" = true;`
use rfc-style formatter 2024-12-19 02:32:58 -05:00			`"bluez5.roles" = [`
			`"a2dp_sink"`
			`"a2dp_source"`
			`];`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`};`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`};`
try to fix bluetooth 2024-12-15 21:14:57 -05:00			`# https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters`
			`wireplumber.extraConfig.disableSuspend = {`
			`"monitor.bluez.rules" = {`
			`matches = [`
			`{`
			`"node.name" = "bluez_output.*";`
			`}`
			`];`
flake update and nix fmt 2024-12-16 11:40:19 -05:00			`};`
			`actions = {`
try to fix bluetooth 2024-12-15 21:14:57 -05:00			`update-props = {`
			`"session.suspend-timeout-seconds" = 0;`
			`};`
flake update and nix fmt 2024-12-16 11:40:19 -05:00			`};`
try to fix bluetooth 2024-12-15 21:14:57 -05:00			`};`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`};`

			`services.libinput.enable = true;`

titan doesn't need a home 2024-12-30 18:06:16 -05:00			`users.users.yt.extraGroups = [`
			`"wheel"`
			`"libvirtd"`
			`"docker"`
			`];`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00
			`environment.systemPackages = with pkgs; [`
			`tmux`
			`vim`
			`wget`
			`neovim`
nix fmt 2024-12-09 02:14:11 -05:00			`git`
			`python3`
			`wl-clipboard`
			`mako`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`tree`
			`kitty`
			`borgbackup`
			`brightnessctl`
			`alsa-utils`
			`nixd`
			`bluetuith`
			`libimobiledevice`
borgbackup setup 2024-11-22 01:39:38 -05:00			`pass-wayland`
make hibernate work 2024-11-22 19:18:02 -05:00			`htop`
			`file`
libvirt and wgnord 2024-11-23 14:40:08 -05:00			`dnsutils`
			`age`
			`compsize`
			`wireguard-tools`
minor-ish changes 2024-11-23 20:47:43 -05:00			`traceroute`
better secrets management 2024-11-23 21:41:28 -05:00			`sops`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`restic`
haskell stuff 2024-12-16 02:07:54 -05:00			`haskell-language-server`
			`ghc`
setup secure boot 2025-01-01 02:07:32 -05:00			`sbctl # secure boot`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`];`

nix flake update 2024-12-08 14:19:35 -05:00			`environment.sessionVariables = {`
			`NIXOS_OZONE_WL = "1";`
			`};`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`system.stateVersion = "24.05";`

			`programs.gnupg.agent.enable = true;`

rm sddm cause crashes frequently 2025-01-01 02:29:45 -05:00			`services.displayManager = {`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`enable = true;`
rm sddm cause crashes frequently 2025-01-01 02:29:45 -05:00			`autoLogin.user = "yt";`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`};`

			`fonts.packages = with pkgs; [`
use ntfy for backup notifications override anki (successfully this time) install evolution and nix-index use home-manager to configure gtk and qt theme and update a bunch of stuff 2024-11-30 20:24:04 -05:00			`nerd-fonts.roboto-mono`
switch font to IBM Plex 2024-12-31 23:04:06 -05:00			`ibm-plex`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`];`
enable default fonts and disable efitouchvariables efitouchvariables should only be enabled when installing 2025-01-01 14:39:22 -05:00			`fonts.enableDefaultPackages = true;`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00
fix bluetooth not work after resume 2024-11-28 01:49:43 -05:00			`hardware.enableAllFirmware = true;`
so many new stuff (nix and hyprland) 2024-11-22 00:58:04 -05:00			`hardware.bluetooth = {`
			`enable = true;`
			`powerOnBoot = true;`
			`};`
			`services.blueman.enable = true;`

setup backup on titan and nix fmt 2024-12-30 23:14:50 -05:00			`my.backup = {`
Revert "rsync.net cutoff" This reverts commit 5c7d5ee4f2e7ca76435c820d45ce2a58af7060d8. 2025-01-06 18:43:50 -05:00			`enable = true;`
implement backup module and use on ytnix 2024-12-30 21:54:25 -05:00			`jobName = "ytnixRsync";`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`exclude = [`
don't repurpose suspend key 2024-12-12 15:53:17 -05:00			`"/var/lib/private/ollama"`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`"/home/**/Downloads"`
more borg excludes on yt 2024-12-29 12:34:22 -05:00			`"/home/yt/fun"`
dont backup steam games data 2024-12-28 23:35:59 -05:00			`"/home/yt/.local/share/Steam"`
more borg exludes for yt 2024-12-29 13:20:25 -05:00			`"**/.wine"`
more borg excludes on yt 2024-12-29 12:34:22 -05:00			`"/home/yt/Games"`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`];`
implement backup module and use on ytnix 2024-12-30 21:54:25 -05:00			`repo = "yt";`
			`passFile = config.sops.secrets."borg/rsyncnet".path;`
			`sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path;`
restic backup to azure archive on master 2024-11-24 03:53:24 -05:00			`};`
nix fmt 2024-12-09 02:14:11 -05:00
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`services.btrbk.instances.local = {`
			`onCalendar = "hourly";`
btrbk: no local snapshots 2025-01-05 00:20:45 -05:00			# only create snapshots automatically. backups are triggered manually with `btrbk resume`
use my branch for btrbk 2024-12-30 14:49:57 -05:00			`snapshotOnly = true;`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`settings = {`
btrbk: no local snapshots 2025-01-05 00:20:45 -05:00			`snapshot_preserve_min = "latest";`
change btrbk retention 2024-12-30 13:15:23 -05:00			`target_preserve = "*d";`
add btrbk backup to external and increase borg compression 2024-12-26 21:24:10 -05:00			`target_preserve_min = "no";`
			`target = "/mnt/external/btr_backup/ytnix";`
			`stream_compress = "zstd";`
btrbk: no local snapshots 2025-01-05 00:20:45 -05:00			`stream_compress_level = "8";`
some more network and bluetooth-fu 2024-11-25 20:10:53 -05:00			`snapshot_dir = "/snapshots";`
make hibernate work 2024-11-22 19:18:02 -05:00			`subvolume = {`
use rfc-style formatter 2024-12-19 02:32:58 -05:00			`"/home" = { };`
			`"/" = { };`
make hibernate work 2024-11-22 19:18:02 -05:00			`};`
			`};`
			`};`
install steam and setup snapper 2024-11-22 02:09:31 -05:00
make bitwarden float again 2024-12-28 17:56:18 -05:00			`programs.steam = {`
			`enable = true;`
			`extest.enable = true;`
			`extraCompatPackages = with pkgs; [ proton-ge-bin ];`
			`};`
			`hardware.steam-hardware.enable = true;`
install steam and setup snapper 2024-11-22 02:09:31 -05:00
make hibernate work 2024-11-22 19:18:02 -05:00			`services.logind = {`
			`lidSwitch = "hibernate";`
minor-ish changes 2024-11-23 20:47:43 -05:00			`powerKey = "hibernate";`
install steam and setup snapper 2024-11-22 02:09:31 -05:00			`};`
use thunar 2024-11-22 20:46:58 -05:00
			`xdg.mime.defaultApplications = {`
			`"application/pdf" = "okular.desktop";`
			`"image/*" = "gwenview.desktop";`
nix flake update 2024-12-08 14:19:35 -05:00			`"*/html" = "chromium-browser.desktop";`
use thunar 2024-11-22 20:46:58 -05:00			`};`

			`programs.thunar = {`
			`enable = true;`
			`plugins = with pkgs.xfce; [`
			`thunar-archive-plugin`
			`thunar-volman`
			`];`
			`};`
			`# preference changes don't work in thunar without this`
			`programs.xfconf.enable = true;`
			`# mount, trash and stuff in thunar`
			`services.gvfs.enable = true;`
			`# thumbnails in thunar`
nix fmt 2024-12-09 02:14:11 -05:00			`services.tumbler.enable = true;`
libvirt and wgnord 2024-11-23 14:40:08 -05:00
install docker 2024-11-26 01:53:01 -05:00			`virtualisation = {`
			`libvirtd.enable = true;`
			`docker.enable = true;`
			`};`
libvirt and wgnord 2024-11-23 14:40:08 -05:00			`programs.virt-manager.enable = true;`

usbmuxd 2024-11-26 13:31:57 -05:00			`services.usbmuxd.enable = true;`
use anki rc (dont think it worked tho) 2024-11-26 17:27:35 -05:00			`programs.nix-ld.enable = true;`
use ntfy for backup notifications override anki (successfully this time) install evolution and nix-index use home-manager to configure gtk and qt theme and update a bunch of stuff 2024-11-30 20:24:04 -05:00			`programs.evolution.enable = true;`

change btrbk snapshot preserve and xdg.portal 2024-12-06 01:54:12 -05:00			`xdg.portal = {`
			`enable = true;`
			`wlr.enable = true;`
			`};`
remove restic azure 2024-12-07 03:29:15 -05:00
make obs work and use correct spilit keys in tmux 2024-12-09 01:12:35 -05:00			`programs.obs-studio = {`
			`enable = true;`
			`plugins = with pkgs.obs-studio-plugins; [`
			`wlrobs`
			`];`
			`};`

			`hardware.graphics = {`
			`enable = true;`
			`extraPackages = with pkgs; [`
			`intel-media-driver`
			`intel-media-sdk`
			`];`
			`};`
don't repurpose suspend key 2024-12-12 15:53:17 -05:00
			`services.ollama.enable = true;`
make wireguard finally work on client 2024-12-14 18:22:05 -05:00
			`# wireguard setup`
Revert "server down migrate website" about time This reverts commit 8e187e6b3a7cb1d45d5502b520f67c39401330e1. 2024-12-15 17:34:27 -05:00			`networking.wg-quick.interfaces.wg0 = {`
dont autostart wireguard 2024-12-28 22:45:53 -05:00			`autostart = false;`
use rfc-style formatter 2024-12-19 02:32:58 -05:00			`address = [`
			`"10.0.0.2/24"`
			`"fdc9:281f:04d7:9ee9::2/64"`
			`];`
secrets/ytnix: fix structure and path 2024-12-16 22:17:39 -05:00			`privateKeyFile = config.sops.secrets."wireguard/private".path;`
Revert "server down migrate website" about time This reverts commit 8e187e6b3a7cb1d45d5502b520f67c39401330e1. 2024-12-15 17:34:27 -05:00			`peers = [`
			`{`
			`publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";`
use rfc-style formatter 2024-12-19 02:32:58 -05:00			`allowedIPs = [`
			`"0.0.0.0/0"`
			`"::/0"`
			`];`
Revert "server down migrate website" about time This reverts commit 8e187e6b3a7cb1d45d5502b520f67c39401330e1. 2024-12-15 17:34:27 -05:00			`endpoint = "31.59.129.225:51820";`
			`persistentKeepalive = 25;`
secrets/ytnix: fix structure and path 2024-12-16 22:17:39 -05:00			`presharedKeyFile = config.sops.secrets."wireguard/psk".path;`
Revert "server down migrate website" about time This reverts commit 8e187e6b3a7cb1d45d5502b520f67c39401330e1. 2024-12-15 17:34:27 -05:00			`}`
			`];`
make wireguard finally work on client 2024-12-14 18:22:05 -05:00			`};`
add trezor stuff 2024-12-19 18:29:19 -05:00
			`services.trezord.enable = true;`
init niri 2025-01-18 20:39:51 -05:00
			`my.niri = {`
			`enable = true;`
			`package = pkgs.niri-unstable;`
			`};`
borgbackup setup 2024-11-22 01:39:38 -05:00			`}`