Arcanyx-org
diff --git a/‎flake.lock‎
Lines changed: 119 additions & 145 deletions b/‎flake.lock‎
Lines changed: 119 additions & 145 deletions
diff --git a/‎src/nixos/machines/flexy/config/security.nix‎
Lines changed: 0 additions & 44 deletions b/‎src/nixos/machines/flexy/config/security.nix‎
Lines changed: 0 additions & 44 deletions
diff --git a/‎src/nixos/machines/ignucius/config/setup.nix‎
Lines changed: 5 additions & 0 deletions b/‎src/nixos/machines/ignucius/config/setup.nix‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/nixos/machines/morph/config/bootloader.nix‎
Lines changed: 2 additions & 2 deletions b/‎src/nixos/machines/morph/config/bootloader.nix‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/nixos/machines/morph/config/kernel.nix‎
Lines changed: 0 additions & 4 deletions b/‎src/nixos/machines/morph/config/kernel.nix‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎src/nixos/machines/morph/config/security.nix‎
Lines changed: 3 additions & 3 deletions b/‎src/nixos/machines/morph/config/security.nix‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/nixos/machines/morph/config/setup.nix‎
Lines changed: 1 addition & 1 deletion b/‎src/nixos/machines/morph/config/setup.nix‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/nixos/machines/morph/default.nix‎
Lines changed: 1 addition & 8 deletions b/‎src/nixos/machines/morph/default.nix‎
Lines changed: 1 addition & 8 deletions
diff --git a/‎src/nixos/machines/mracek/default.nix‎
Lines changed: 0 additions & 6 deletions b/‎src/nixos/machines/mracek/default.nix‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎src/nixos/machines/mracek/secrets/mracek-builder-ssh-ed25519-private.age‎
Lines changed: 19 additions & 18 deletions b/‎src/nixos/machines/mracek/secrets/mracek-builder-ssh-ed25519-private.age‎
Lines changed: 19 additions & 18 deletions
@@ -53,6 +53,11 @@ in {
 	services.xserver.desktopManager.gnome.enable = true;
 		programs.dconf.enable = true; # Needed for home-manager to not fail deployment (https://github.com/nix-community/home-manager/issues/3113)
 		services.xserver.displayManager.gdm.autoSuspend = false;
+	environment.variables = {
+		# Required by moonlight for XWayland check bypass
+		QT_QPA_PLATFORM = "wayland";
+	};
+
 
 	# Fingerprint
 	services.fprintd.enable = true;
 
@@ -3,8 +3,8 @@
 # Bootloader management of MORPH
 
 {
-	boot.lanzaboote.enable = false; # Whether to use NixOS's implementation of secure-boot
-	boot.loader.systemd-boot.enable = true;
+	boot.lanzaboote.enable = true; # Whether to use NixOS's implementation of secure-boot
+	boot.loader.systemd-boot.enable = false;
 
 	boot.loader.efi.canTouchEfiVariables = true;
 }
@@ -9,10 +9,6 @@ in {
 	# FIXME-SECURITY(Krey): Hardened kernel causes lot of issues, pending custom kernel
 	boot.kernelPackages = mkForce pkgs.linuxPackages;
 
-	# SECURITY(Krey): Blocked by applications
-	# * anime-game-launcher
-	security.unprivilegedUsernsClone = true;
-
 	# Kernel Modules
 	boot.kernelModules = [
 		"kvm-intel" # Use KVM
 
@@ -21,10 +21,10 @@ in {
 				];
 
 			# SECURITY(Krey): Currently a necessary malware to keep the CPU functional.. Such is the curse of i686/amd64 systems
-			hardware.cpu.amd.updateMicrocode = mkForce true;
+			hardware.cpu.intel.updateMicrocode = mkForce true;
 
-			# NOTE(Krey): System designed to not need this, but it's required for the RX 570 to initialize for some fucking reason
-			hardware.enableRedistributableFirmware = mkForce true;
+			# NOTE(Krey): System designed to not need this
+			hardware.enableRedistributableFirmware = mkForce false;
 		}
 	];
 }
@@ -14,7 +14,6 @@ in {
 	nix.distributedBuilds = true; # Perform distributed builds if requested
 
 	services.openssh.enable = true;
-	services.sunshine.enable = true;
 	services.tor.enable = true;
 	# FIXME(Krey): Kernel Panic on wake-up
 	services.autosuspend.enable = false;
@@ -23,6 +22,7 @@ in {
 			idle_time = 120; # How long would it take to suspend if all wakeups are inactive
 		};
 		services.autosuspend.checks.ActiveConnection.ports = builtins.concatStringsSep "," [ "22" ]; # Do Not Suspend On Active SSH Connection
+	services.sunshine.enable = true;
 
 	users.users.root.openssh.authorizedKeys.keys = mkIf config.services.openssh.enable [
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzh6FRxWUemwVeIDsr681fgJ2Q2qCnwJbvFe4xD15ve [email protected]" # Allow root access for the Super Administrator (KREYREN)
 
@@ -7,15 +7,8 @@
 		imports = [
 			self.nixosModules.default # Load NiXium's Global configuration
 
-			# Machines
-			self.nixosModules.machine-morph
-			# self.nixosModules.machine-mracek
-			# self.nixosModules.machine-sinnenfreude
-			# self.nixosModules.machine-tupac
-
 			# Users
 			self.nixosModules.users-kreyren
-			self.homeManagerModules."kreyren@morph"
 
 			# Files
 			./config/bootloader.nix
@@ -34,8 +27,8 @@
 			./services/binfmt.nix
 			./services/distributedBuilds.nix
 			./services/openssh.nix
-			./services/sunshine
 			./services/tor.nix
+			./services/sunshine
 		];
 	};
 
 
@@ -7,12 +7,6 @@
 		imports = [
 			self.nixosModules.default # Load NiXium's Global configuration
 
-			# Machines
-			self.nixosModules.machine-morph
-			self.nixosModules.machine-mracek
-			self.nixosModules.machine-sinnenfreude
-			self.nixosModules.machine-tupac
-
 			# Files
 			./services/binfmt.nix
 			./services/distributedBuilds.nix
 
@@ -1,20 +1,21 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBuemh1
-TmdYaEZGKytZdW1YZVdmcmVoeHFZc0c2Q2MyZml3RVVsSmg2RjFNCnVqTVRXSCt0
-dGtIUWFJNEo4eVA3c1ZmcVBTZmxBQmVLbGhRVFZsdXhrY2sKLT4gc3NoLWVkMjU1
-MTkgU0t3L3p3IFFrSjhtZlJ0WVZYRWpjZUF2YnRCQjVLZ01DTXFIUm4wWVVCblgr
-SDNaRVkKRDgrYmptdnQ2WmluZ2RXRVVraXYwN2grTEc4aUQwZTg1cXNzTWljVG5o
-MAotPiBnJSRdZS1ncmVhc2UKeWNDQ2NZSkQ0b1BFZ243R3E3YW13cXl2NUVndVha
-Rm5kaGI3ZE9SVUR3SmdCTlVGdVhGb0hOb29LVU9hdEZldgoyelpxUXNuS3RuQzc3
-aWVTNS8rQXcwM3IKLS0tIFpVVmUwZU9FT29KMlp0cEwzNGlucmZJNWJaNC9xZjhF
-U1k3NlRmMjhvNlkKIbFPmweTyrWtVQd8NjTK6tLCMQN8VHWyIauQq8tcKfpZeTvR
-P1F0aSAm3US6xpOoZ+/26rQvjygS9Yp8f+QpsWMgWNr27HUFfQmMTr8wdGwnX+QZ
-RJPOaB8E7OON/IquyY4cr8c+8zN7Uy6uvePae5sy/4HaAZp4o7fePg4wfOesEV/9
-pGVFhah4nZulZgMY0UM43eIbPM4+66HxTUuZG6euxLt/yAT07m8W+fhiNfNZGMLy
-YQFRMig5qlvkJklJZja9uJXDcHPRONl/AgKmCe3/mlN5D5e+7Z00bwpLsp0yi0ea
-xNP7H/62w1NpNgmN2LotiKEXfhE+5HiX3+jRKp/UMH8D4DTyBrDo6ntPx3volPAD
-U2PYggHrF8gG9rfLYj3g6PC7RJbM5jH8ig9UoBciXCBF4MtRozaVwxey/0sMadoU
-TLkRvGNb01TJ3kQ1eDHy+1ZBmopECidA/ixVZvB4rWf8bC2BzyF4XWlDLcb8+hxR
-QdvQeEYBKE09bbYrP3ucVfBICasl9Me9CCnoeGTtLTna2QsSq+7BwUpH3/9DUozq
-/ICBfBmOQiKqYiU/RbqVPAm5LRXMPF4=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBFV0lP
+Tlo0M0dkcExHemxDbHYyZ3ZxczhndEx1L0VUWVlwbFdpQ2RwQmprCkR6K0tjSjY1
+R1owdVNPZGhCVHJ5bC96bVNVY1g0b1pqb2xOblhnaUJnSW8KLT4gc3NoLWVkMjU1
+MTkgU0t3L3p3IGJheTN2SXcybUgzZzRtWndXcWJOTjc5ck5KWGdCcThPYnFPMXVu
+a280QlUKSHozZjFvTk5IV2NnaDJ3cUh3QkpnK2tmMzhWWHl1SEpEckdmYjQxZzZN
+WQotPiBYIzMiLWdyZWFzZSBdIC41eCsmXkooCkhYdDhIRlpqZnZjb0FZai9HWEJN
+aDZpeUcxUjZ1WEJxZENqWjdmb1N6S3Z6ZHU3SnlybzczcWxIMnU5RlFrZ2MKNzFp
+MkpyblhqUFhCcExMbDhKUjBxdjBwRHp5dXlTNUo1dWJ2QmFjSlgwODlCRUVERHI3
+amcyeVBOL2J5VHcKLS0tIHgvMDJhSE9iYmxyMDF3RmVQVWNuYWQwNGYvTzlkK1JT
+cGxqdVpUTnFyQW8KiTEWBP9QE6aD0tSNdfXyvmkKk08w7JgGZOt5re11AExJa3zd
+b7HaaQe7I5zPCw94Es5IZMTYzVibQmRmwItxULEaS0rKDJrD/Ujwv0omg+XV3Ngg
+ppXKLHWCK1Tqw0xpVZ0yOZCH/jU62mGLQHjFJzFlxhsZPGtHJxgJqc+QCgr1zDDK
+BySk53T63VoI746yi3luVHTI0lSIxgjCq+6Ed5n7i4jeaMH575WSrnMmxJu+0qN3
+e+2gNk1N/crCwsqyWjRgycdrDujr2SW4mar+N7dcKflYUMe5vQM64ZMVP/rnn3yt
+up/+qX3IDsL+54Hc10p7y4jJgWo8n45lijzOtgLvD/r0mSWRoHVh2vPublr6ebnI
+9CVBkYIcfti5bz4MbDbG6ErX7E0mrBldYyR726mQRqtaJJaIaAGbZ8Wv3mbDb1dr
+w6pV6MSj6KKaoEBz6bK/Pr/zvF5Q/K3LvW3m+eegIbsI2f/6QILmONVBmbtsTNZe
+BYk+m0HJoqm+OPJTyXTgzoW1U9jLAMh+ZPhrhpBQ86HbNgAVH5v/72hSSmi1gpBi
+pm9b0t9B8u2xNYaLnfwPmfYpqgNP7BE=
 -----END AGE ENCRYPTED FILE-----
Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,8 @@`
`3`	`3`	`# Bootloader management of MORPH`
`4`	`4`
`5`	`5`	`{`
`6`		`- boot.lanzaboote.enable = false; # Whether to use NixOS's implementation of secure-boot`
`7`		`- boot.loader.systemd-boot.enable = true;`
	`6`	`+ boot.lanzaboote.enable = true; # Whether to use NixOS's implementation of secure-boot`
	`7`	`+ boot.loader.systemd-boot.enable = false;`
`8`	`8`
`9`	`9`	`boot.loader.efi.canTouchEfiVariables = true;`
`10`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,10 +21,10 @@ in {`
`21`	`21`	`];`
`22`	`22`
`23`	`23`	`# SECURITY(Krey): Currently a necessary malware to keep the CPU functional.. Such is the curse of i686/amd64 systems`
`24`		`- hardware.cpu.amd.updateMicrocode = mkForce true;`
	`24`	`+ hardware.cpu.intel.updateMicrocode = mkForce true;`
`25`	`25`
`26`		`- # NOTE(Krey): System designed to not need this, but it's required for the RX 570 to initialize for some fucking reason`
`27`		`- hardware.enableRedistributableFirmware = mkForce true;`
	`26`	`+ # NOTE(Krey): System designed to not need this`
	`27`	`+ hardware.enableRedistributableFirmware = mkForce false;`
`28`	`28`	`}`
`29`	`29`	`];`
`30`	`30`	`}`