geekiot/nixos-config
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add (host options): integrate host options into geekiot config

Browse source 
* add host options into geekiot host config
* add all my previous host configurations from old nixo-config
This commit is contained in:
Kirill Samoylenkov 2025-09-27 15:26:09 +05:00
parent 71f677ee67
commit a78ecc46a9
8 changed files with 283 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

0
users/geekiot/home/env.nix Normal file
View file

19
users/geekiot/host/default.nix
View file

@ -11,5 +11,22 @@
efibootmgr efibootmgr
]; ];
system.stateVersion = "25.05"; host = {
locale = {
enable = true;
timeZone = "Asia/Yekaterinburg";
};
nix = {
enable = true;
optimization.enable = false;
};
polkit.enable = true;
window_managers.kde = {
enable = true;
sddm.enable = true;
powerProfiles.enable = false;
};
xserver.enable = true;
version = "25.05";
};
} }

10
users/geekiot/host/env.nix Normal file
View file

@ -0,0 +1,10 @@
{
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
MOZ_ENABLE_WAYLAND = "1";
WRL_NO_HARDWARE_CURSORS = "1";
GTK_USE_PORTAL = "1";
};
}

9
users/geekiot/host/firewall.nix Normal file
View file

@ -0,0 +1,9 @@
{
networking.nftables.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
allowPing = false;
};
}

10
users/geekiot/host/network_manager.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
networking.networkmanager = {
enable = true;
package = pkgs.networkmanager;
wifi = {
macAddress = "random";
};
};
}

197
users/geekiot/host/proxy.nix Normal file
View file

@ -0,0 +1,197 @@
{
pkgs,
config,
...
}:
let
flow = config.sops.secrets."sing_box/flow".path;
packet_encoding = config.sops.secrets."sing_box/packet_encoding".path;
server = config.sops.secrets."sing_box/server".path;
public_key = config.sops.secrets."sing_box/public_key".path;
short_id = config.sops.secrets."sing_box/short_id".path;
server_name = config.sops.secrets."sing_box/server_name".path;
fingerprint = config.sops.secrets."sing_box/fingerprint".path;
uuid = config.sops.secrets."sing_box/uuid".path;
type = config.sops.secrets."sing_box/type".path;
in
{
# Sops
sops.secrets = {
"sing_box/flow" = { };
"sing_box/packet_encoding" = { };
"sing_box/server" = { };
"sing_box/public_key" = { };
"sing_box/short_id" = { };
"sing_box/server_name" = { };
"sing_box/fingerprint" = { };
"sing_box/uuid" = { };
"sing_box/type" = { };
};
networking.proxy = {
httpsProxy = "http://127.0.0.1:12634";
httpProxy = "http://127.0.0.1:12634";
};
# Sing-box
services.sing-box = {
enable = true;
package = pkgs.old.sing-box;
};
services.sing-box.settings.log = {
level = "panic";
};
services.sing-box.settings.experimental = {
cache_file = {
enabled = true;
path = "clash.db";
};
};
services.sing-box.settings.dns = {
independent_cache = true;
servers = [
{
tag = "dns-remote";
address = "udp://1.1.1.1";
detour = "proxy";
address_resolver = "dns-direct";
}
{
tag = "dns-direct";
address = "1.1.1.1";
address_resolver = "dns-local";
detour = "direct";
}
{
tag = "dns-local";
address = "local";
detour = "direct";
}
{
tag = "dns-block";
address = "rcode://success";
}
];
rules = [
{
domain = "cp.cloudflare.com";
server = "dns-remote";
rewrite_ttl = 3000;
}
{
rule_set = [
"geoip-ru"
"geosite-ru"
];
server = "dns-direct";
}
{
server = "dns-block";
domain_suffix = ".lan";
query_type = [
32
33
];
}
];
};
services.sing-box.settings.inbounds = [
{
type = "mixed";
tag = "mixed-in";
listen = "127.0.0.1";
listen_port = 12634;
sniff = true;
sniff_override_destination = true;
}
{
type = "direct";
tag = "dns-in";
listen = "127.0.0.1";
listen_port = 16450;
}
];
services.sing-box.settings.outbounds = [
{
domain_strategy = "prefer_ipv4";
flow._secret = flow;
packet_encoding._secret = packet_encoding;
server._secret = server;
server_port = 443;
tls = {
enabled = true;
insecure = false;
reality = {
enabled = true;
public_key._secret = public_key;
short_id._secret = short_id;
};
server_name._secret = server_name;
utls = {
enabled = true;
fingerprint._secret = fingerprint;
};
};
uuid._secret = uuid;
tag = "proxy";
type._secret = type;
}
{
type = "dns";
tag = "dns-out";
}
{
type = "direct";
tag = "direct";
}
{
type = "direct";
tag = "bypass";
}
{
type = "block";
tag = "block";
}
];
services.sing-box.settings.route = {
rules = [
{
rule_set = [
"geoip-ru"
"geosite-ru"
];
outbound = "direct";
}
{
inbound = "dns-in";
outbound = "dns-out";
}
{
port = 53;
outbound = "dns-out";
}
];
rule_set = [
{
type = "remote";
tag = "geoip-ru";
format = "binary";
url = "https://raw.githubusercontent.com/hiddify/hiddify-geo/rule-set/country/geoip-ru.srs";
update_interval = "120h0m0s";
}
{
type = "remote";
tag = "geosite-ru";
format = "binary";
url = "https://raw.githubusercontent.com/hiddify/hiddify-geo/rule-set/country/geosite-ru.srs";
update_interval = "120h0m0s";
}
];
};
}

3
users/geekiot/host/steam.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.steam.enable = true;
}

36
users/geekiot/host/users.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, userData, ... }:
let
name = userData.info.userName;
home = userData.paths.homeDir;
in
{
users.users = {
${name} = {
inherit name home;
isNormalUser = true;
description = name;
createHome = true;
homeMode = "700";
extraGroups = [
"networkmanager"
"wheel"
];
};
hotcat = {
name = "hotcat";
isNormalUser = true;
description = "HotCat";
createHome = true;
homeMode = "700";
extraGroups = [
"networkmanager"
"wheel"
];
packages = with pkgs; [
librewolf
];
};
};
}