Added configuration for Andrej

Use librewolf instead of firefox

disko/ext4-swap.nix

@@ -0,0 +1,54 @@
+{ device, swapSize ? 16 }:
+{
+  disko.devices = {
+    disk.${device} = {
+      type = "disk";
+      inherit device;
+      content = {
+        type = "gpt"; # Initialize the disk with a GPT partition table
+        partitions = {
+          ESP = { # Setup the EFI System Partition
+            type = "EF00"; # Set the partition type
+            size = "1000M"; # Make the partition a gig
+            content = {
+              type = "filesystem";
+              format = "vfat"; # Format it as a FAT32 filesystem
+              mountpoint = "/boot"; # Mount it to /boot
+            };
+          };
+          primary = { # Setup the LVM partition
+            size = "100%"; # Fill up the rest of the drive with it
+            content = {
+              type = "lvm_pv"; # pvcreate
+              vg = "vg1";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = { # vgcreate
+      vg1 = { # /dev/vg1
+        type = "lvm_vg";
+        lvs = { # lvcreate
+          swap = { # Logical Volume = "swap", /dev/vg1/swap
+            size = "${swapSize}G";
+            content = {
+              type = "swap";
+            };
+          };
+          root = { # Logical Volume = "root", /dev/vg1/root
+            size = "100%FREE"; # Use the remaining space in the Volume Group
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}

disko/ext4.nix

@@ -0,0 +1,24 @@
+{ device, mountpoint ? "/run/extraDrive" }:
+{
+  disko.devices = {
+    disk = {
+      "${device}" = {
+        inherit device;
+        type = "disk";
+        content = {
+          type = "gpt";
+	  partitions = {
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                inherit mountpoint;
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

flake.nix

@@ -102,6 +102,17 @@
            # rocmSupport = true;
           };
         };
+    andrej-pc-pkgs = nixpkgs: import nixpkgs {
+          system = x86;
+          overlays = [
+            #nativePackagesOverlay
+          ];
+          config = {
+            #allowBroken = true;
+            allowUnfree = true;
+            #cudaSupport = true;
+          };
+        };
     nativePackagesOverlay = self: super: {
               stdenv = super.impureUseNativeOptimizations super.stdenv;
             };
@@ -169,6 +180,27 @@
           ./nixos/configuration.nix
         ];
       };
+      "andrej-pc" = nixpkgs.lib.nixosSystem {
+        specialArgs = {
+          hwconfig = {
+            hostname = "andrej-pc";
+            isLaptop = false;
+            system = x86;
+            useImpermanence = false;
+          };
+          inherit first-nixos-install;
+          inherit inputs;
+	  unstable-pkgs = andrej-pc-pkgs nixpkgs-unstable;
+        };
+
+        system = x86;
+        pkgs = andrej-pc-pkgs nixpkgs;
+        modules = [
+          (import ./disko/ext4-swap.nix {device = "/dev/sda"; swapSize = 16;})
+	  (import ./disko/ext4.nix {device = "/dev/sdb";})
+          ./nixos/hosts/andrej-pc/configuration.nix
+        ];
+      };
     };
   };
 }

nixos/home.nix

@@ -13,9 +13,10 @@ in
 {
   imports =
     [
-      ./modules/fastfetch
+      #./modules/fastfetch
       #./modules/tmux/home.nix
     ]
+++ lib.optional (lib.strings.hasInfix "kylekrein" hwconfig.hostname) ./modules/fastfetch
     ++ lib.optional (hwconfig.useImpermanence) (
       import ./modules/impermanence/home.nix {
         inherit username;

nixos/hosts/andrej-pc/configuration.nix

@@ -0,0 +1,294 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  lib,
+  pkgs,
+  hwconfig,
+  first-nixos-install,
+  inputs,
+  unstable-pkgs,
+  ...
+}:
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+    inputs.stylix.nixosModules.stylix
+    inputs.nixos-facter-modules.nixosModules.facter
+    inputs.home-manager.nixosModules.default
+    inputs.disko.nixosModules.default
+
+    ../../modules/firefox
+    ../../modules/flatpak
+    ../../modules/steam
+    ../../modules/ly
+    ../../modules/sddm
+    ../../modules/services/autoupgrade
+    ../../modules/sops
+    #../../modules/emacs
+    ./default.nix
+  ] ++ lib.optional (hwconfig.useImpermanence) ./modules/impermanence;
+  facter.reportPath = ./facter.json;
+  kylekrein.services.autoUpgrade = {
+    enable = false;
+    pushUpdates = false;
+    configDir = "/etc/nixos-config";
+    user = "root";
+  };
+
+  boot = {
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    # Hide the OS choice for bootloaders.
+    # It's still possible to open the bootloader list by pressing any key
+    # It will just not appear on screen unless a key is pressed
+    loader.timeout = 0;
+  };
+
+  networking.hostName = hwconfig.hostname;
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  #flatpak
+  kk.services.flatpak.enable = true;
+  services.flatpak.packages = [
+    
+  ];
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "ru_RU.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us,ru";
+    variant = "";
+    options = "grp:caps_toggle";
+  };
+  console.keyMap = "us";
+
+  services.udisks2.enable = true;
+
+  users = {
+    mutableUsers = false;
+    users = {
+      root = {
+        # disable root login here, and also when installing nix by running nixos-install --no-root-passwd
+        # https://discourse.nixos.org/t/how-to-disable-root-user-account-in-configuration-nix/13235/3
+        hashedPassword = "!"; # disable root logins, nothing hashes to !
+      };
+    };
+  };
+
+  #qt = {
+  #  enable = true;
+  #  platformTheme = "qt5ct";
+  #  style = "kvantum";
+  #};
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    system-config-printer
+    libreoffice
+    killall
+    eza
+    fd
+    gparted
+    exfatprogs
+    lazygit
+    fastfetch
+    telegram-desktop
+    vlc
+    wl-clipboard
+    git
+    git-credential-manager
+    egl-wayland
+    btop
+    obs-studio
+    blender
+    vscodium-fhs
+    discord
+    whatsapp-for-linux
+  ];
+  programs.kdeconnect.enable = true;
+  programs.kdeconnect.package = lib.mkDefault pkgs.kdePackages.kdeconnect-kde;
+
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 4d --keep 3";
+    flake = "/etc/nixos-config";
+  };
+  fonts.packages = with unstable-pkgs; [ #TODO change to pkgs when 25.05 comes out
+    nerd-fonts.jetbrains-mono
+    font-awesome
+    nerd-fonts.symbols-only
+    hack-font
+    # microsoft fonts:
+    #corefonts
+    #vistafonts
+  ];
+  environment.sessionVariables = {
+    NIXOS_OZONE_WL = "1";
+    MANPAGER = "emacsclient -c -a 'emacs' +Man!";
+    EDITOR = "emacsclient -c -a 'emacs'";
+  };
+  hardware = {
+    graphics = {
+      enable = true;
+    };
+    logitech.wireless.enable = true;
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+      settings = {
+        General = {
+          Experimental = true;
+        };
+      };
+    };
+  };
+  services.blueman.enable = true;
+
+  security.polkit.enable = true;
+
+      security.rtkit.enable = true;
+      services.pipewire = {
+        enable = true;
+        alsa.enable = true;
+        alsa.support32Bit = true;
+        pulse.enable = true;
+        jack.enable = true;
+      };
+
+      home-manager = {
+        useGlobalPkgs = true;
+        useUserPackages = true;
+      };
+      stylix = {
+        enable = false;
+        image = "${../../modules/hyprland/wallpaper.jpg}";
+        autoEnable = true;
+        opacity = {
+          desktop = 0.0;#0.5;
+        };
+        targets = {
+          gtk.enable = true;
+          plymouth = {
+            enable = true;
+            #logo = ./fastfetch/nixos.png;
+            logoAnimated = false;
+          };
+        };
+        fonts = {
+          sizes = {
+            applications = 14;
+            desktop = 12;
+            popups = 12;
+            terminal = 16;
+          };
+        };
+        polarity = "dark";
+        base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
+      };
+
+      programs.bash = {
+        shellAliases = {
+          ls = "${pkgs.eza}/bin/eza --icons=always";
+        };
+      };
+
+      #printing
+      services.printing.enable = true;
+      services.avahi = {
+        enable = true;
+        nssmdns4 = true;
+        openFirewall = true;
+      };
+
+      #services.flatpak.enable = true;
+      #services.flatpak.packages = [
+        #	"flathub:app/org.kde.dolphin//stable"
+        # ];
+
+        # Some programs need SUID wrappers, can be configured further or are
+        # started in user sessions.
+        # programs.mtr.enable = true;
+        # programs.gnupg.agent = {
+          #   enable = true;
+          #   enableSSHSupport = true;
+          # };
+
+          kk.steam.enable = true;
+
+          # List services that you want to enable:
+
+          # Enable the OpenSSH daemon.
+          services.openssh = {
+            enable = true;
+            # require public key authentication for better security
+            #settings.PasswordAuthentication = false;
+            #settings.KbdInteractiveAuthentication = false;
+            #settings.PermitRootLogin = "no";
+            #extraConfig = "HostKey ${config.sops.secrets."ssh_keys/${hwconfig.hostname}".path}";
+          };
+
+          # Open ports in the firewall.
+          networking.firewall.allowedTCPPorts = [ 22 ];
+          networking.firewall.allowedUDPPorts = [ 22 ];
+          # Or disable the firewall altogether.
+          #networking.firewall.enable = false;
+
+          # This value determines the NixOS release from which the default
+          # settings for stateful data, like file locations and database versions
+          # on your system were taken. It‘s perfectly fine and recommended to leave
+          # this value at the release version of the first install of this system.
+          # Before changing this value read the documentation for this option
+          # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+          system.stateVersion = "24.11"; # Did you read the comment?
+
+          nix = {
+            settings = {
+              experimental-features = [
+                "nix-command"
+                "flakes"
+              ];
+              auto-optimise-store = true;
+              substituters = [
+                "https://hyprland.cachix.org"
+                "https://nix-gaming.cachix.org"
+                "https://nix-community.cachix.org"
+              ];
+              trusted-public-keys = [
+                "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+                "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
+                "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+              ];
+            };
+          };
+}

nixos/hosts/andrej-pc/default.nix

@@ -0,0 +1,20 @@
+{
+  pkgs,
+  lib,
+  hwconfig,
+  inputs,
+  ...
+}: {
+  imports = [
+    ../../hardware/nvidia
+
+    ../../modules/kde-plasma
+
+    ../../users/kylekrein
+
+    ../../users/andrej
+  ];
+
+  #sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
+  systemd.network.wait-online.enable = lib.mkForce false;
+}

nixos/hosts/kylekrein-mac/default.nix

@@ -3,6 +3,7 @@
   lib,
   hwconfig,
   inputs,
+  config,
   ...
 }: {
   imports = [
@@ -16,6 +17,8 @@
   ];
   sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
   facter.reportPath = lib.mkForce null; #fails to generate
+  boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
+  nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
   
   services.displayManager.sddm = {
       wayland.enable = lib.mkForce false; # black screen

nixos/modules/firefox/aarch64-linux.nix

@@ -14,6 +14,17 @@
                       --set MOZ_GMP_PATH "$out/gmp-widevinecdm/system-installed"
             '';
         });
+	librewolf = prev.librewolf.overrideAttrs (old: {
+          buildCommand =
+            old.buildCommand
+            + ''
+              mkdir -p $out/gmp-widevinecdm/system-installed
+              ln -s "${pkgs.widevine-cdm}/share/google/chrome/WidevineCdm/_platform_specific/linux_arm64/libwidevinecdm.so" $out/gmp-widevinecdm/system-installed/libwidevinecdm.so
+              ln -s "${pkgs.widevine-cdm}/share/google/chrome/WidevineCdm/manifest.json" $out/gmp-widevinecdm/system-installed/manifest.json
+              wrapProgram "$oldExe" \
+                      --set MOZ_GMP_PATH "$out/gmp-widevinecdm/system-installed"
+            '';
+        });
     })];
   };
 }

nixos/modules/firefox/default.nix

@@ -14,6 +14,7 @@
   imports = [] ++ lib.optional (hwconfig.system == "aarch64-linux") ./aarch64-linux.nix;
   programs = {
     firefox = {
+      package = pkgs.librewolf;
       enable = true;
       languagePacks = [ "de" "en-US" "ru"];
 

nixos/modules/hyprland/hyprland.nix

@@ -58,7 +58,7 @@ in {
       "$emacs" = "emacsclient -c";
       "$fileManager" = "$emacs --eval '(dired \"/home/${username}\")'"; # "$terminal ${pkgs.yazi}/bin/yazi";
       "$fileManager2" = "${pkgs.kdePackages.dolphin}/bin/dolphin";
-      "$browser" = "${pkgs.firefox}/bin/firefox";
+      "$browser" = "${pkgs.librewolf}/bin/librewolf";
       "$menu" = "emacsclient -cF '((visibility . nil))' -e '(emacs-run-app-launcher)'"; #"${pkgs.wofi}/bin/wofi --show drun";
       "$emojiPicker" = "emacsclient -cF '((visibility . nil))' -e '(emacs-run-emoji-picker)'";
       "$clipboardManager" = "$terminal --class clipse -e 'clipse'";

nixos/modules/kde-plasma/default.nix

@@ -5,5 +5,5 @@
 
     programs.dconf.enable = true;
 
-    stylix.targets.qt.platform = "qtct";
+    #stylix.targets.qt.platform = "qtct";
 }

nixos/modules/sops/secrets/secrets.yaml

@@ -1,6 +1,7 @@
 users:
     kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str]
     tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str]
+    andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str]
 ssh_keys:
     kylekrein-mac: ENC[AES256_GCM,data:Gnh34OQWO6eQfNfyYZsVfvktknmZorQYF+lNMKYvV7XkKjZ3RQNHyJ3UWOX+sVwWdtF7EboXkBPdHvnyLvDVIyv7trxTU5IXQzOI+34AKfPHa828HuOLk0AclCmm6GcNq/X4dKTX5DADG4cE4/V+KtdjvSMtLX7I1cjlfsN7JzcsnjERbK8Q0pTMuA44IUdnh0odH9xFEP/f/hVZZZhc5vrMfAqSx3lQxCF62c0wJaorobsPSM7BTzorVgnMnc3zJRAlgQnCnAe306/6g4hurBteIVeGFhA8gSk1fjZh2fm0opo/lgvHRJOwfpvRWJGEedx7hEpjsDr8BRxeBc2OHaRO5UP+fYh8Qtki8ZeFUjr/psjRRz128Kr0C+NS0AByZtwg54d705uwsnf79jPdM1ewGryCcsxqYWCvT0174cIg3sLdQvPnESbV1zU+QsVskFZwYL+gLtzuAwExPW7cM12M/HS+Eb5xtWvRA46FZ/dnKFwQkUA/VgSi08eC5/EYg8dFBht9hDK+kiLPGHML8A6a3CoiMf0pd+DbdOxA21F0Tw==,iv:oEXxrvWosuiH2wSoSkP7YMwBQu3JKIhn/YeiaTL/UT4=,tag:XgBw2q/6LPWg2zuOC9Wb+w==,type:str]
     kylekrein-homepc: ENC[AES256_GCM,data:/7b7wHk9jX+2Gel3157KO4YHia+IyEurUic0BX9flNKdsjIyG/3N8lORAkIjwnPlFaN2VqGu6o1pFgW2dzkSAyATQIUeWpqL5rjxsG3mJ9/9TLh58Y7MIpFKx2r8AeUY0xEAhT1A4BCbnDMsneQtM9gBkgPdhhv6vVpe4XJS3n+dGPER/bQxxRbEt260EjxvL1OPf5C7Z7qNVhOzxNdgdJMQvXxyhRGlXRrrHFRdbw0nChStevgBL4+FoMuBFkqF/aJSoapwe8PNxp8z+Hk5Em+BQv/ieFcscESssCK1gSbvfz6MQyX+5ig+Gy+t28yy56/ir44PHwX47IOILzg7lABSvN+Uyt+sRKyBfx124hJjqgXf65YQ/fgknQt0NDKwZyP/gPSLC9HiLKdva/P9nuenfSnlLrGtfugejBAVQBMOP2HTp/ZKtveeKLVIzM7NLeHAw8ul1OL8OlOgyO3vhEkEVagLwtQYHqwoF7+z30TzTtGyDzuhohbhUH36D8BD/LTaPHxnnVIzWq/IBOmAU06U/EvS5x/JJtqMm8aaDFFEYA==,iv:+4umMhsr8s0IuiYuEdhDAOfLjAELEHbFVvWqaVyF2yQ=,tag:eE9gCZ3pC4wDLeMs5cQGZg==,type:str]
@@ -19,8 +20,8 @@ sops:
             M0hSNWNYbGM3a21McUVMaGNqWTdmNTQK3VRFV4EaC8K8AJi2PUt6TeBgueEmPLI8
             Vdwwbh89+xD5xf4Zm0LctPRlxxM6diubv0gIZZPy/ZXZfiU32ZnM0w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-12T16:02:33Z"
-    mac: ENC[AES256_GCM,data:SAkjnY4i2KmGhtaqdzPPmnM1RUGRXpy6nBZef4H12GDWbh4WgniouBQ8d15S8u/44YQfcktBuDMvNbWMly3lfjhcbnhOe82zjgZRFZ1jSSZbotpKeydyr2FUM6PhO+0s2MUEv3hTvWN/4ZJ98MJgamDaj27U6aZpFcyr4KtLHqs=,iv:+5+Z/hhNT2x+ONlfBL2S2E2LKxSCIITw6pugn/ni4hI=,tag:WcUog3mDF7efrl3L4GlAHQ==,type:str]
+    lastmodified: "2025-02-21T18:58:11Z"
+    mac: ENC[AES256_GCM,data:8MZQ486ZMZ6aH71vR7VE1qAmS6Yg2+cVVIrb16aq744/YtennNl70lSkGrpTU2asFaN1tBOkuL5pnhJmJfLIHzI94oQOUZonSoG50HHpo2deTVZLRVqcZjiKobJKA23aChqTI+VR1KM3XCO7KTkjCGt8Kj2r/J9yfjmxh+tmrOo=,iv:n7QK6mH9Y805n3t2KBLw8wgTLaistdk6TYVlKvaTQm0=,tag:2au0n94JerEdNTpq5BFrtQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4

nixos/users/andrej/default.nix

@@ -0,0 +1,24 @@
+{ pkgs, config, lib, hwconfig, inputs, first-nixos-install, ... }:
+let username = "andrej";
+in
+{
+    imports = [
+    ];
+    users.users.${username} = {
+	    isNormalUser = true;
+	    description = "Andrej Lebedev";
+	    extraGroups = [ "networkmanager" ];
+	    #initialPassword = "1234";
+	    hashedPasswordFile = config.sops.secrets."users/${username}".path;
+	    packages = with pkgs; [
+	    ];
+    };
+    sops.secrets = {
+	"users/${username}" = {
+	    neededForUsers = true;
+	};
+    };
+
+    home-manager.users."${username}" = import ../../home.nix { inherit lib; inherit username; inherit inputs; inherit first-nixos-install; inherit hwconfig; inherit config; inherit pkgs; };
+    systemd.tmpfiles.rules = (if hwconfig.useImpermanence then ["d /persist/home/${username} 0700 ${username} users -"] else []); # /persist/home/<user> created, owned by that user
+}