summary refs log tree commit diff
diff options
context:
space:
mode:
authortzlil <tzlils@protonmail.com>2022-12-13 15:21:30 +0200
committertzlil <tzlils@protonmail.com>2022-12-13 15:21:30 +0200
commitf51f8e398fffe33dcbb4b9f9db95708e7a3dde82 (patch)
tree08a9c853a29b01c53be526aecc8d2505f5086af5
parent24637dfdfdd6dc8d116542f16a07d808c9e43c36 (diff)
stuff
-rw-r--r--.gitignore1
-rw-r--r--flake.lock131
-rw-r--r--flake.nix4
-rw-r--r--hosts/vm/cfg.nix63
-rw-r--r--mixins/cli.nix33
-rw-r--r--mixins/greet.nix34
-rw-r--r--mixins/pipewire.nix15
-rw-r--r--mixins/sway.nix258
-rw-r--r--mixins/tailscale.nix2
-rw-r--r--profiles/core.nix5
-rw-r--r--profiles/graphical.nix34
-rw-r--r--profiles/network.nix24
-rw-r--r--profiles/ssh.nix34
-rw-r--r--profiles/user.nix16
14 files changed, 622 insertions, 32 deletions
diff --git a/.gitignore b/.gitignore
index af6411a..ba15d45 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 *.img
 *.fd
+*.tgz
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..64aec97
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,131 @@
+{
+  "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1665870395,
+        "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1670513770,
+        "narHash": "sha256-muL74fsbGA8K8WlZSPNWddOiuBnC54kAajncX6nXrh4=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "054d9e3187ca00479e8036dc0e92900a384f30fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1668668915,
+        "narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "5df9108b346f8a42021bf99e50de89c9caa251c3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1670174919,
+        "narHash": "sha256-XdQr3BUnrvVLRFunLWrZORhwYHDG0+9jUUe0Jv1pths=",
+        "owner": "nixos",
+        "repo": "nixos-hardware",
+        "rev": "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1665732960,
+        "narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4428e23312933a196724da2df7ab78eb5e67a88e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1670841420,
+        "narHash": "sha256-mSEia1FzrsHbfqjorMyYiX8NXdDVeR1Pw1k55jMJlJY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "33e0d99cbedf2acfd7340d2150837fbb28039a64",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "agenix": "agenix",
+        "home-manager": "home-manager",
+        "impermanence": "impermanence",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
index 299e906..7854f0e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "tzlil's system";
+  description = "tzlil's system(s)";
 	
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
@@ -24,7 +24,7 @@
       ]);
   in {
     nixosConfigurations = {
-      # pc = mkSystem inputs.nixpkgs "x86_64-linux" "pc";
+      pc = mkSystem inputs.nixpkgs "x86_64-linux" "lilith";
       vm = mkSystem inputs.nixpkgs "x86_64-linux" "vm";
     };
   };
diff --git a/hosts/vm/cfg.nix b/hosts/vm/cfg.nix
index 1b17ea6..30f55a7 100644
--- a/hosts/vm/cfg.nix
+++ b/hosts/vm/cfg.nix
@@ -1,17 +1,68 @@
-{config}: {
+{config, lib, pkgs, ...}: {
   imports = [
-    "../profiles/core.nix"
-    "../profiles/user.nix"
-    "../mixins/tailscale.nix"
-  ]
+    ../../profiles/core.nix
+    ../../profiles/user.nix
+    ../../profiles/ssh.nix
+    ../../profiles/graphical.nix
+    ../../mixins/tailscale.nix
+    ../../mixins/cli.nix
+    ../../mixins/greet.nix
+    ../../mixins/sway.nix
+  ];
 
   config = {
+    networking.hostName = "vm";
     boot.supportedFilesystems = ["9p"];
     fileSystems."/flake" = {
       fsType = "9p";
       device = "host0";
       options = ["_netdev"];
     };
-    boot.kernelParams = [ "console=ttyS0" ];
+    boot = {
+      initrd = {
+        supportedFilesystems = ["btrfs"];
+      };
+      kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+      kernelParams = [
+        "console=ttyS0"
+        "init_on_free=1"
+        "page_poison=1"
+        "page_alloc.shuffle=1"
+        "slab_nomerge"
+        "vsyscall=none"
+      ];
+      cleanTmpDir = true;
+      loader = {
+        systemd-boot = {
+          enable = true;
+        };
+        efi = {
+          canTouchEfiVariables = true;
+          efiSysMountPoint = "/boot";
+        };
+      };
+    };
+
+    time.timeZone = lib.mkDefault "Israel";
+
+    fileSystems = {
+      "/" = {
+        device = "none";
+        fsType = "tmpfs";
+        options = ["noexec" "defaults" "size=2G" "mode=755"];
+      };
+      "/nix" = {
+        device = "/dev/disk/by-partlabel/nix";
+        options = ["noatime" "compress=zstd"];
+      };
+      "/boot" = {
+        device = "/dev/disk/by-partlabel/boot";
+      };
+    };
+
+    zramSwap = {
+      enable = true;
+      algorithm = "zstd";
+    };
   };
 }
\ No newline at end of file
diff --git a/mixins/cli.nix b/mixins/cli.nix
index c5ff7b9..ca6d55d 100644
--- a/mixins/cli.nix
+++ b/mixins/cli.nix
@@ -7,7 +7,6 @@
 }: {
   imports = [
     inputs.home-manager.nixosModules."home-manager"
-    inputs.agenix.nixosModules
   ];
   config = {
     home-manager.users.tzlil = {pkgs, ...}@hm: {
@@ -17,23 +16,23 @@
           curl
           ripgrep
         ];
-        programs = {
-          ssh.enable = true;
-          git = {
-            userName = "tzlil";
-            userEmail = "tzlils@protonmail.com";
-            enable = true;
+      };
+      programs = {
+        ssh.enable = true;
+        git = {
+          userName = "tzlil";
+          userEmail = "tzlils@protonmail.com";
+          enable = true;
+        };
+        fish = {
+          enable = true;
+          shellAliases = {
+            gc = "git clone";
+            l = "ls -alh";
           };
-          fish = {
-            enable = true;
-            shellAliases = {
-              gc = "git clone";
-              l = "ls -alh";
-            };
-            functions = {
-              sb.body = "sudo nixos-rebuild build --flake ~/sources/nixcfg#(hostname)";
-              sw.body = "sudo nixos-rebuild switch --flake ~/sources/nixcfg#(hostname)";
-            };
+          functions = {
+            sb.body = "sudo nixos-rebuild build --flake ~/sources/nixcfg#(hostname)";
+            sw.body = "sudo nixos-rebuild switch --flake ~/sources/nixcfg#(hostname)";
           };
         };
       };
diff --git a/mixins/greet.nix b/mixins/greet.nix
new file mode 100644
index 0000000..5c46792
--- /dev/null
+++ b/mixins/greet.nix
@@ -0,0 +1,34 @@
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  user = "tzlil";
+
+  users.users.greeter.packages = [pkgs.sway];
+  greetd = "${pkgs.greetd.greetd}/bin/greetd";
+  gtkgreet = "${pkgs.greetd.gtkgreet}/bin/gtkgreet";
+
+  sway-kiosk = command: "${pkgs.sway}/bin/sway --unsupported-gpu --config ${pkgs.writeText "kiosk.config" ''
+    output * bg #000000 solid_color
+    exec "${command}; ${pkgs.sway}/bin/swaymsg exit"
+  ''}";
+in {
+  environment.etc."greetd/environments".text =
+    "sway\n"
+    + "$SHELL -l\n";
+
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        inherit user;
+        command = sway-kiosk "${gtkgreet} -l &>/dev/null";
+      };
+      initial_session = {
+        inherit user;
+        command = "sh -c sway";
+      };
+    };
+  };
+}
\ No newline at end of file
diff --git a/mixins/pipewire.nix b/mixins/pipewire.nix
new file mode 100644
index 0000000..7f17aa1
--- /dev/null
+++ b/mixins/pipewire.nix
@@ -0,0 +1,15 @@
+{ pkgs, config, ... }:
+
+{
+  config = {
+    sound.enable = false;
+    security.rtkit.enable = true;
+    services.pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+    };
+  };
+}
\ No newline at end of file
diff --git a/mixins/sway.nix b/mixins/sway.nix
new file mode 100644
index 0000000..f1cf98d
--- /dev/null
+++ b/mixins/sway.nix
@@ -0,0 +1,258 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  menuscript =
+    pkgs.writeShellScript "menu"
+    ''
+      #!/bin/sh -eu
+
+      in_pipe="$XDG_RUNTIME_DIR/menu-in.$$.pipe"
+      out_pipe="$XDG_RUNTIME_DIR/menu-out.$$.pipe"
+
+      mkfifo "$in_pipe" "$out_pipe"
+      trap "rm -f $in_pipe $out_pipe" EXIT
+
+      app_id=menu
+      chooser="${pkgs.fzf}/bin/fzf <$in_pipe >$out_pipe"
+      foot -W40x40 --app-id "$app_id" -- sh -c "$chooser" &
+      cat >"$in_pipe"
+      cat <"$out_pipe"
+    '';
+  sel =
+    pkgs.writeShellScript "sel"
+    ''
+      #!/bin/sh
+      swaymsg -t get_tree | \
+      ${pkgs.jq}/bin/jq -r '.. | select(.pid? and .visible?) | .rect | "\(.x),\(.y) \(.width)x\(.height)"' | \
+      ${pkgs.slurp}/bin/slurp
+    '';
+in {
+  # config.home-manager.users.tzlil.xdg.configFile."i3status-rust/config.toml".source = ./i3status-rs.toml;
+  config.security.pam.services.swaylock = {};
+  config.home-manager.users.tzlil.programs.mako.enable = true;
+  config.home-manager.users.tzlil.home.packages = with pkgs; [
+    grim
+    slurp
+    wf-recorder
+    font-awesome_6
+  ];
+  config.home-manager.users.tzlil.services.swayidle = let
+    pgrep = "${pkgs.procps}/bin/pgrep";
+    dpms_check = s:
+      pkgs.writeShellScript "dpms_check_${s}" ''
+        set -x
+        if ${pgrep} swaylock; then ${pkgs.sway}/bin/swaymsg 'output * dpms ${s}'; fi
+      '';
+    dpms_set = s:
+      pkgs.writeShellScript "dpms_set_${s}" ''
+        set -x
+        "${pkgs.sway}/bin/swaymsg" 'output * dpms ${s}'
+      '';
+    fadelock = pkgs.writeShellScript "fadelock.sh" ''
+      set -x
+      exec "${pkgs.swaylock}/bin/swaylock"
+    '';
+  in {
+    enable = false;
+    systemdTarget = "graphical-session.target";
+    timeouts = [
+      # auto-lock after 30 seconds
+      {
+        timeout = 30;
+        command = fadelock.outPath;
+      }
+    ];
+    events = [
+      {
+        event = "before-sleep";
+        command = fadelock.outPath;
+      }
+    ];
+    extraArgs = [
+      "idlehint 30"
+    ];
+  };
+  config.home-manager.users.tzlil.wayland.windowManager.sway = rec {
+    enable = true;
+    wrapperFeatures.gtk = true;
+    config = rec {
+      fonts = {
+        names = ["Iosevka"];
+        style = "Regular";
+        size = 11.0;
+      };
+      output = {
+        "DP-1" = {
+          resolution = "1920x1080@166Hz";
+        };
+      };
+      bars = [
+        {
+          fonts = {
+            names = ["Iosevka" "FontAwesome"];
+            style = "Regular";
+            size = 11.0;
+          };
+          position = "top";
+          statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs";
+          colors = {
+            statusline = "#ffffff";
+            background = "#323232";
+            inactiveWorkspace = {
+              background = "#323232";
+              border = "#323232";
+              text = "#5c5c5c";
+            };
+          };
+        }
+      ];
+
+      modifier = "Mod4";
+      left = "h";
+      down = "n";
+      up = "e";
+      right = "i";
+      keybindings = {
+        "${modifier}+Return" = "exec $term";
+        "${modifier}+q" = "kill";
+        "${modifier}+space" = "exec ${pkgs.dmenu}/bin/dmenu_path | ${menuscript} | xargs swaymsg exec --";
+        "${modifier}+Shift+c" = "reload";
+        "${modifier}+Shift+q" = "exit";
+        "${modifier}+Shift+p" = "exec systemctl poweroff";
+        "${modifier}+Shift+s" = "exec systemctl suspend";
+        "${modifier}+${left}" = "focus left";
+        "${modifier}+${down}" = "focus down";
+        "${modifier}+${up}" = "focus up";
+        "${modifier}+${right}" = "focus right";
+        "${modifier}+Left" = "focus left";
+        "${modifier}+Down" = "focus down";
+        "${modifier}+Up" = "focus up";
+        "${modifier}+Right" = "focus right";
+        "${modifier}+Shift+${left}" = "move left";
+        "${modifier}+Shift+${down}" = "move down";
+        "${modifier}+Shift+${up}" = "move up";
+        "${modifier}+Shift+${right}" = "move right";
+        "${modifier}+Shift+Left" = "move left";
+        "${modifier}+Shift+Down" = "move down";
+        "${modifier}+Shift+Up" = "move up";
+        "${modifier}+Shift+Right" = "move right";
+        "${modifier}+1" = "workspace number 1";
+        "${modifier}+2" = "workspace number 2";
+        "${modifier}+3" = "workspace number 3";
+        "${modifier}+4" = "workspace number 4";
+        "${modifier}+5" = "workspace number 5";
+        "${modifier}+6" = "workspace number 6";
+        "${modifier}+7" = "workspace number 7";
+        "${modifier}+8" = "workspace number 8";
+        "${modifier}+9" = "workspace number 9";
+        "${modifier}+0" = "workspace number 10";
+        "${modifier}+Tab" = "workspace back_and_forth";
+        "${modifier}+Shift+1" = "move container to workspace number 1";
+        "${modifier}+Shift+2" = "move container to workspace number 2";
+        "${modifier}+Shift+3" = "move container to workspace number 3";
+        "${modifier}+Shift+4" = "move container to workspace number 4";
+        "${modifier}+Shift+5" = "move container to workspace number 5";
+        "${modifier}+Shift+6" = "move container to workspace number 6";
+        "${modifier}+Shift+7" = "move container to workspace number 7";
+        "${modifier}+Shift+8" = "move container to workspace number 8";
+        "${modifier}+Shift+9" = "move container to workspace number 9";
+        "${modifier}+Shift+0" = "move container to workspace number 10";
+        "${modifier}+b" = "splith";
+        "${modifier}+v" = "splitv";
+        "${modifier}+s" = "layout stacking";
+        "${modifier}+w" = "layout tabbed";
+        "${modifier}+k" = "layout toggle split";
+        "${modifier}+f" = "fullscreen";
+        "${modifier}+Shift+space" = "floating toggle";
+        "${modifier}+t" = "focus mode_toggle";
+        "${modifier}+a" = "focus parent";
+        "${modifier}+shift+a" = "focus child";
+        "${modifier}+Shift+minus" = "move scratchpad";
+        "${modifier}+minus" = "scratchpad show";
+        "${modifier}+m" = "mode notifications";
+      };
+      input = {
+        "type:keyboard" = {
+          xkb_layout = "us";
+          xkb_variant = "colemak_dh";
+          xkb_options = "altwin:swap_lalt_lwin,caps:backspace";
+        };
+        "type:touchpad" = {
+          tap = "enabled";
+        };
+      };
+    };
+    extraConfig = ''
+      exec dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
+      exec ${pkgs.swayidle}/bin/swayidle -w \
+      	timeout 300 '${pkgs.swaylock}/bin/swaylock -f -c 000000' \
+      	timeout 600 'swaymsg "output * dpms off"' \
+      	resume 'swaymsg "output * dpms on"' \
+      	before-sleep '${pkgs.swaylock}/bin/swaylock -f -c 000000'
+      exec ${pkgs.polkit_gnome}/polkit-gnome/polkit-gnome-authentication-agent-1
+
+      #set $mod Alt
+      set $mod Mod4
+      set $left h
+      set $down n
+      set $up e
+      set $right i
+      set $term ${pkgs.foot}/bin/foot
+
+      default_border pixel
+      hide_edge_borders smart
+      smart_borders on
+
+      output * bg ~/tmp/graveyard.png fill
+
+
+
+      floating_modifier $mod normal
+      mode notifications {
+      	bindsym Escape mode default
+      	bindsym Return exec ${pkgs.mako}/bin/makoctl invoke; exec ${pkgs.mako}/bin/makoctl dismiss; mode default
+      	bindsym d exec ${pkgs.mako}/bin/makoctl dismiss; mode default
+      	bindsym Shift+d exec ${pkgs.mako}/bin/makoctl dismiss -a; mode default
+      }
+
+
+      font Iosevka 10
+
+      bindsym $mod+p exec passmenu $menu_args
+      bindsym --locked XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle
+      bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%
+      bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%
+      bindsym --locked XF86AudioMicMute exec pactl set-source-mute @DEFAULT_SOURCE@ toggle
+
+      bindsym --locked XF86AudioNext exec playerctl next
+      bindsym --locked XF86AudioPlay exec playerctl play-pause
+      bindsym --locked XF86AudioPrev exec playerctl previous
+      bindsym --locked XF86AudioStop exec playerctl stop
+
+      for_window [app_id="^menu$"] floating enable, border none
+      for_window [app_id="mpv"] sticky enable
+      for_window [floating] border csd
+      for_window [app_id="firefox" title="Picture-in-Picture"] floating enable, sticky enable, border none
+      for_window [app_id="imv"] floating enable
+      for_window [app_id="imv"] floating enable
+      for_window [class="PacketTracer"] floating enable
+
+      bindsym XF86MonBrightnessUp exec light -A 5
+      bindsym XF86MonBrightnessDown exec light -U 5
+
+      bindsym Print exec ${pkgs.grim}/bin/grim - | tee $(xdg-user-dir PICTURES)/$(date +'%s_grim.png') | wl-copy
+      bindsym Shift+Print exec ${pkgs.grim}/bin/grim -g "$(${sel})" - | tee $(xdg-user-dir PICTURES)/$(date +'%s_grim.png') | wl-copy
+      bindsym Ctrl+Print exec ${pkgs.grim}/bin/grim -g "$(swaymsg -t get_tree | jq -j '.. | select(.type?) | select(.focused).rect | "\(.x),\(.y) \(.width)x\(.height)"')" - |tee $(xdg-user-dir PICTURES)/$(date +'%s_grim.png') | wl-copy
+
+      bindsym $mod+l exec ${pkgs.swaylock}/bin/swaylock -c 070D0D
+
+      exec ${pkgs.mako}/bin/mako >/tmp/mako.log 2>&1
+      exec_always kanshi >/tmp/kanshi.log 2>&1
+
+      include /etc/sway/config.d/*
+    '';
+  };
+}
\ No newline at end of file
diff --git a/mixins/tailscale.nix b/mixins/tailscale.nix
index 8be3147..ccefc48 100644
--- a/mixins/tailscale.nix
+++ b/mixins/tailscale.nix
@@ -7,5 +7,7 @@
       trustedInterfaces = [ "tailscale0" ];
       allowedUDPPorts = [41641];
     };
+
+    environment.persistence."/nix/persist".directories = [ "/var/lib/tailscale" ];
   };
 }
\ No newline at end of file
diff --git a/profiles/core.nix b/profiles/core.nix
index 01ec85a..f578621 100644
--- a/profiles/core.nix
+++ b/profiles/core.nix
@@ -22,5 +22,10 @@
     };
     users.mutableUsers = false;
     environment.defaultPackages = lib.mkForce [];
+
+    # dont do this
+    users.users.root.initialPassword = "hunter2";
+
+    age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
   };
 }
\ No newline at end of file
diff --git a/profiles/graphical.nix b/profiles/graphical.nix
new file mode 100644
index 0000000..f3bff3a
--- /dev/null
+++ b/profiles/graphical.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, inputs, ... }:
+
+{
+  config = {
+    home-manager.users.tzlil = {...}: {
+      fonts.fontconfig.enable = true;
+
+      home.packages = with pkgs; [
+        iosevka
+        gnome3.adwaita-icon-theme
+        noto-fonts
+        noto-fonts-emoji
+        noto-fonts-cjk
+      ];
+
+      # gtk = {
+      #   theme.package = pkgs.gnome.gnome-themes-extra;
+      #   theme.name = "Adwaita-dark";
+      #   enable = true;
+      #   gtk3.extraConfig = {
+      #     gtk-application-prefer-dark-theme = 1;
+      #     gtk-xft-hinting = 1;
+      #     gtk-xft-hintstyle = "slight";
+      #     gtk-xft-antialias = 1; # => font-antialiasing="grayscale"
+      #     gtk-xft-rgba = "rgb"; # => font-rgb-order="rgb"
+      #   };
+      #   font = {
+      #     package = pkgs.noto-fonts;
+      #     name = "Noto Sans 11";
+      #   };
+      # };
+    };
+  };
+}
\ No newline at end of file
diff --git a/profiles/network.nix b/profiles/network.nix
index 5aee7a1..8e6a83d 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -15,5 +15,29 @@
       nameservers = ["127.0.0.1" "::1"];
       networkmanager.dns = "none";
     };
+
+    services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+
+      # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
+      # server_names = [ ... ];
+    };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy";
+    };
   };
 }
\ No newline at end of file
diff --git a/profiles/ssh.nix b/profiles/ssh.nix
new file mode 100644
index 0000000..e0a623a
--- /dev/null
+++ b/profiles/ssh.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, inputs, ... }:
+
+{
+  config = {
+    services.openssh = {
+      enable = true;
+      openFirewall = false;
+      passwordAuthentication = false;
+      kbdInteractiveAuthentication = false;
+      allowSFTP = false;
+      permitRootLogin = "no";
+      startWhenNeeded = true;
+      extraConfig = ''
+        AllowTcpForwarding yes
+        X11Forwarding no
+        AllowAgentForwarding no
+        AllowStreamLocalForwarding no
+        AuthenticationMethods publickey
+        StreamLocalBindUnlink yes
+
+        AllowUsers tzlil
+      '';
+    };
+    environment.persistence."/nix/persist" = {
+      hideMounts = true;
+      files = [
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+      ];
+    };
+  };
+}
\ No newline at end of file
diff --git a/profiles/user.nix b/profiles/user.nix
index ee29bad..3df7c18 100644
--- a/profiles/user.nix
+++ b/profiles/user.nix
@@ -7,7 +7,6 @@
 }: {
   imports = [
     inputs.home-manager.nixosModules."home-manager"
-    inputs.agenix.nixosModules
   ];
   config = {
     users.users.tzlil = {
@@ -29,13 +28,13 @@
       file = ../secrets/id_ed25519.age;
       mode = "600";
       owner = "tzlil";
-      group = "tzlil";
+      group = "users";
     };
 
-    home-manager.nixosModules.home-manager = {
-      home-manager.useGlobalPkgs = true;
-      home-manager.useUserPackages = true;
-      home-manager.backupFileExtension = "backup";
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      backupFileExtension = "backup";
     };
 
     home-manager.users.tzlil = {pkgs, ...}@hm: {
@@ -44,7 +43,10 @@
         username = "tzlil";
         homeDirectory = "/home/tzlil";
       };
-      programs.ssh.matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path;
+      programs.ssh = {
+        enable = true;
+        matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path;
+      };
     };
   };
 }
\ No newline at end of file