WIP: router: router-2 experiment

Retiring OPNsense will take a while, in the meantime it should work together

flake.lock

@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1740432748,
+        "narHash": "sha256-BCeFtoJ/+LrZc03viRJWHfzAqqG8gPu/ikZeurv05xs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "c12dcc9b61429b2ad437a7d4974399ad8f910319",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixlib": {
       "locked": {
         "lastModified": 1736643958,
@@ -23,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736730523,
+        "lastModified": 1737057290,
-        "narHash": "sha256-mvTZ7fLKA6ggGnA8GZwcXV57EvVReRTCfi26xc08Q3g=",
+        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "74b8e31dd709760c86eed16b6c1d0b88d7360937",
+        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
         "type": "github"
       },
       "original": {
@@ -38,11 +58,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1736701207,
+        "lastModified": 1740367490,
-        "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
+        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
+        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
         "type": "github"
       },
       "original": {
@@ -52,10 +72,35 @@
         "type": "github"
       }
     },
+    "plasma-manager": {
+      "inputs": {
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1739557722,
+        "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=",
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
+        "home-manager": "home-manager",
         "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "plasma-manager": "plasma-manager"
       }
     }
   },

flake.nix

@@ -5,13 +5,22 @@
     nixpkgs = {
       url = "github:NixOS/nixpkgs/nixos-unstable";
     };
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    plasma-manager = {
+      url = "github:nix-community/plasma-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+    };
     nixos-generators = {
       url = "github:nix-community/nixos-generators";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = { self, nixpkgs, nixos-generators }: {
+  outputs = { self, nixpkgs, home-manager, plasma-manager, nixos-generators }: {
     nixosConfigurations = {
       Yura-PC = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
@@ -19,6 +28,17 @@
           ./modules
           ./hosts/common.nix
           ./hosts/Yura-PC
+          # https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-nixos-module
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ];
+
+            home-manager.users.cazzzer = import ./home;
+            # Optionally, use home-manager.extraSpecialArgs to pass
+            # arguments to home.nix
+          }
         ];
       };
       VM = nixpkgs.lib.nixosSystem {

home/default.nix

@@ -0,0 +1,241 @@
+{ config, lib, pkgs, ... }:
+let
+  defaultFont = {
+    family = "Noto Sans";
+    pointSize = 14;
+  };
+in
+{
+  # Home Manager needs a bit of information about you and the paths it should
+  # manage.
+  home.username = "cazzzer";
+  home.homeDirectory = "/home/cazzzer";
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+
+  home.sessionVariables = {
+    EDITOR = "micro";
+    SHELL = "fish";
+  };
+
+  services.gnome-keyring = {
+    enable = true;
+    components = [ "pkcs11" "ssh" ];
+  };
+
+  services.darkman = {
+    enable = true;
+    settings = {
+      lat = 37.3387;
+      lng = -121.8853;
+    };
+    lightModeScripts = {
+      plasma-color = "plasma-apply-colorscheme BreezeLight";
+    };
+    darkModeScripts = {
+      plasma-color = "plasma-apply-colorscheme BreezeDark";
+    };
+  };
+
+  programs.fish = {
+    enable = true;
+    shellInit = "set fish_greeting";
+    shellAliases = {
+      # Replace ls with exa
+      ls = "exa -al --color=always --group-directories-first --icons"; # preferred listing
+      la = "exa -a --color=always --group-directories-first --icons";  # all files and dirs
+      ll = "exa -l --color=always --group-directories-first --icons";  # long format
+      lt = "exa -aT --color=always --group-directories-first --icons"; # tree listing
+      "l." = "exa -a | rg '^\.'";                                      # show only dotfiles
+      
+      # Replace cat with bat
+      cat = "bat";
+    };
+    # alias for nix shell with flake packages
+    functions.add.body = ''
+      set -x packages 'nixpkgs#'(string join ' nixpkgs#' $argv)
+      nix shell $packages --command fish
+    '';
+    interactiveShellInit = ''
+      fastfetch
+    '';
+  };
+
+  programs.starship = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      format = lib.concatStrings [
+        "$all"
+        "$time"
+        "$cmd_duration"
+        "$line_break"
+        "$jobs"
+        "$status"
+        "$character"
+      ];
+      username = {
+        format = " [╭─$user]($style)@";
+        style_user = "bold red";
+        style_root = "bold red";
+        show_always = true;
+      };
+      hostname = {
+        format = "[$hostname]($style) in ";
+        style = "bold dimmed red";
+        ssh_only = false;
+      };
+      directory = {
+        style = "purple";
+        truncation_length = 0;
+        truncate_to_repo = true;
+        truncation_symbol = "repo: ";
+      };
+      git_status = {
+        style = "white";
+        ahead = "⇡\${count}";
+        diverged = "⇕⇡\${ahead_count}⇣\${behind_count}";
+        behind = "⇣\${count}";
+        deleted = "x";
+      };
+      cmd_duration = {
+        min_time = 1000;
+        format = "took [$duration]($style) ";
+      };
+      time = {
+        format = " 🕙 $time($style) ";
+        time_format = "%T";
+        style = "bright-white";
+        disabled = false;
+      };
+      character = {
+        success_symbol = " [╰─λ](bold red)";
+        error_symbol = " [×](bold red)";
+      };
+      status = {
+        symbol = "🔴";
+        format = "[\\[$symbol$status_common_meaning$status_signal_name$status_maybe_int\\]]($style)";
+        map_symbol = true;
+        disabled = false;
+      };
+    };
+  };
+
+  programs.plasma = {
+    enable = true;
+    overrideConfig = true;
+    workspace.iconTheme = "Tela-circle";
+    fonts = {
+      general = defaultFont;
+      fixedWidth = defaultFont // { family = "Hack"; };
+      small = defaultFont // { pointSize = defaultFont.pointSize - 2; };
+      toolbar = defaultFont;
+      menu = defaultFont;
+      windowTitle = defaultFont;
+    };
+    input.keyboard.layouts = [
+      { layout = "us"; displayName = "us"; }
+      { layout = "minimak-4"; displayName = "us4"; }
+      { layout = "ru"; displayName = "ru"; }
+    ];
+    kwin.virtualDesktops.number = 2;
+    session.sessionRestore.restoreOpenApplicationsOnLogin = "startWithEmptySession";
+    shortcuts = {
+      # kmix.mic_mute = "ScrollLock";
+      kmix.mic_mute = ["Microphone Mute" "ScrollLock" "Meta+Volume Mute,Microphone Mute" "Meta+Volume Mute,Mute Microphone"];
+      plasmashell.show-barcode = "Meta+M";
+      kwin."Window Maximize" = [ "Meta+F" "Meta+PgUp,Maximize Window" ];
+      "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+Space";
+    };
+    hotkeys.commands."launch-konsole" = {
+      name = "Launch Konsole";
+      key = "Meta+Alt+C";
+      command = "konsole";
+    };
+    configFile = {
+      kdeglobals.KDE.AnimationDurationFactor = 0.5;
+      kdeglobals.General.accentColorFromWallpaper = true;
+      kwinrc.Wayland.InputMethod = {
+        value = "org.fcitx.Fcitx5.desktop";
+        shellExpand = true;
+      };
+      dolphinrc.General.ShowFullPath = true;
+      kactivitymanagerdrc = {
+        activities."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "Default";
+        activities."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "Fun";
+        activities-icons."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "keyboard";
+        activities-icons."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "preferences-desktop-gaming";
+      };
+    };
+  };
+
+  xdg.configFile = {
+    "fcitx5/conf/wayland.conf".text = "Allow Overriding System XKB Settings=False";
+  };
+
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  home.stateVersion = "24.11"; # Please read the comment before changing.
+
+  # The home.packages option allows you to install Nix packages into your
+  # environment.
+  # home.packages = [
+    # # Adds the 'hello' command to your environment. It prints a friendly
+    # # "Hello, world!" when run.
+    # pkgs.hello
+
+    # # It is sometimes useful to fine-tune packages, for example, by applying
+    # # overrides. You can do that directly here, just don't forget the
+    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
+    # # fonts?
+    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
+
+    # # You can also create simple shell scripts directly inside your
+    # # configuration. For example, this adds a command 'my-hello' to your
+    # # environment:
+    # (pkgs.writeShellScriptBin "my-hello" ''
+    #   echo "Hello, ${config.home.username}!"
+    # '')
+  # ];
+
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  # home.file = {
+    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
+    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
+    # # symlink to the Nix store copy.
+    # ".screenrc".source = dotfiles/screenrc;
+
+    # # You can also set the file content immediately.
+    # ".gradle/gradle.properties".text = ''
+    #   org.gradle.console=verbose
+    #   org.gradle.daemon.idletimeout=3600000
+    # '';
+  # };
+
+  # Home Manager can also manage your environment variables through
+  # 'home.sessionVariables'. These will be explicitly sourced when using a
+  # shell provided by Home Manager. If you don't want to manage your shell
+  # through Home Manager then you have to manually source 'hm-session-vars.sh'
+  # located at either
+  #
+  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  /etc/profiles/per-user/cazzzer/etc/profile.d/hm-session-vars.sh
+  #
+  # home.sessionVariables = {
+    # EDITOR = "emacs";
+  # };
+}

hosts/Yura-PC/default.nix

@@ -23,10 +23,16 @@
     "sysrq_always_enabled=1"
   ];
 
+  # https://nixos.wiki/wiki/OSX-KVM
+  boot.extraModprobeConfig = ''
+    options kvm_amd nested=1
+    options kvm_amd emulate_invalid_guest_state=0
+    options kvm ignore_msrs=1
+  '';
+
   boot.loader.timeout = 3;
   boot.loader.systemd-boot.configurationLimit = 5;
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_12;
-  boot.extraModulePackages = with config.boot.kernelPackages; [ zfs ];
 
   # https://nixos.wiki/wiki/Accelerated_Video_Playback
   hardware.graphics = {
@@ -104,6 +110,7 @@
     group = "cazzzer";
     extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" "geoclue" ];
     packages = with pkgs; [
+      # Python
       python3
       poetry
 
@@ -115,6 +122,13 @@
       nodejs_22
       pnpm
       bun
+
+      # Nix
+      nixd
+
+      # Gleam
+      gleam
+      beamMinimal26Packages.erlang
     ];
   };
 
@@ -142,8 +156,6 @@
   virtualisation.docker.enable = true;
   virtualisation.docker.enableOnBoot = false;
   virtualisation.docker.package = pkgs.docker_27;
-  virtualisation.docker.storageDriver = "zfs";
-  
 
   # https://discourse.nixos.org/t/firefox-does-not-use-kde-window-decorations-and-cursor/32132/3
   # programs.dconf.enable = true;
@@ -171,31 +183,6 @@
     
     # For JetBrains stuff
     # https://github.com/NixOS/nixpkgs/issues/240444
-    curl
-    expat
-    fontconfig
-    freetype
-    fuse
-    fuse3
-    glib
-    icu
-    libclang.lib
-    libdbusmenu
-    libsecret
-    libxcrypt-legacy
-    libxml2
-    nss
-    openssl
-    python3
-    stdenv.cc.cc
-    xorg.libX11
-    xorg.libXcursor
-    xorg.libXext
-    xorg.libXi
-    xorg.libXrender
-    xorg.libXtst
-    xz
-    zlib
   ];
 
   # attempt to fix flatpak firefox cjk fonts
@@ -238,9 +225,10 @@
     gnome-keyring # config for this and some others
     gnumake
     helix
-    jetbrains-toolbox # or maybe do invidual ones?
     # jetbrains.rust-rover
+    # jetbrains.goland
     jetbrains.clion
+    jetbrains.idea-ultimate
     jetbrains.pycharm-professional
     jetbrains.webstorm
     android-studio
@@ -277,8 +265,8 @@
 
   # Open ports in the firewall.
   # networking.nftables.enable = true;
-  networking.firewall.allowedTCPPorts = [ 8080 ];
+  networking.firewall.allowedTCPPorts = [ 8080 22000 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedUDPPorts = [ 22000 ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
 

hosts/vm/default.nix

@@ -22,7 +22,6 @@
 
   boot.loader.systemd-boot.configurationLimit = 5;
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_12;
-  boot.extraModulePackages = with config.boot.kernelPackages; [ zfs ];
 
   environment.etc.hosts.mode = "0644";
 

modules/mods/kb-input.nix

@@ -9,11 +9,21 @@ in {
   options = {
     mods.kb-input = {
       enable = lib.mkEnableOption "input method and custom keyboard layout";
+      enableMinimak = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Enable Minimak keyboard layout";
+      };
+      enableFcitx = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Enable Fcitx5 input method";
+      };
     };
   };
 
   config = lib.mkIf cfg.enable {
-    services.xserver.xkb.extraLayouts = {
+    services.xserver.xkb.extraLayouts = lib.mkIf cfg.enableMinimak {
       minimak-4 = {
         description = "English (US, Minimak-4)";
         languages = [ "eng" ];
@@ -31,9 +41,9 @@ in {
       };
     };
 
-    i18n.inputMethod = {
+    i18n.inputMethod = lib.mkIf cfg.enableFcitx {
-      type = "fcitx5";
       enable = true;
+      type = "fcitx5";
       fcitx5.waylandFrontend = true;
       fcitx5.plasma6Support = true;
       fcitx5.addons = [ pkgs.fcitx5-mozc ];

modules/workarounds/flatpak.nix

@@ -24,7 +24,7 @@ in {
       aggregated = pkgs.buildEnv {
         name = "system-fonts-and-icons";
         paths = builtins.attrValues {
-          inherit (pkgs.libsForQt5) breeze-qt5;
+          inherit (pkgs.kdePackages) breeze;
           inherit
             (pkgs)
             noto-fonts