init

modules/nixos/adb.nix

@@ -0,0 +1,5 @@
+{ username, ... }:
+{
+  programs.adb.enable = true;
+  users.users.${username}.extraGroups = [ "adbusers" ];
+}

modules/nixos/audio.nix

@@ -0,0 +1,26 @@
+{ pkgs, ... }: {
+  services = {
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      # If you want to use JACK applications, uncomment this
+      #jack.enable = true;
+
+      wireplumber.extraConfig.bluetoothEnhancements = {
+        "monitor.bluez.properties" = {
+          "bluez5.enable-sbc-xq" = true;
+          "bluez5.enable-msbc" = true;
+          "bluez5.enable-hw-volume" = true;
+          "bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ];
+        };
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs;[
+    # audio control software
+    pamixer
+  ];
+}

modules/nixos/core/boot.nix

@@ -0,0 +1,22 @@
+# 引导配置
+{ config, lib, pkgs, ... }:
+
+{
+  boot = {
+    loader = {
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+
+      grub = {
+        enable = true;
+        efiSupport = true;
+        device = "nodev";
+      };
+    };
+
+    # Allow to modify store. It's dangerous!!
+    readOnlyNixStore = lib.mkDefault true;
+  };
+}

modules/nixos/core/default.nix

@@ -0,0 +1,41 @@
+{ lib, ... }:
+{
+  imports = [
+    ./boot.nix
+    ./system.nix
+  ];
+
+  programs = {
+    git.enable = true;
+    dconf.enable = true;
+    nix-ld.enable = true;
+  };
+
+  # Configure firewall
+  networking.firewall = lib.mkDefault {
+    enable = true;
+    allowedTCPPorts = [ 22 80 443 ]; # 根据需要调整
+    allowedUDPPorts = [ 53 ]; # 根据需要调整
+    # 如果需要，可以添加特定服务的规则
+    allowedTCPPortRanges = [
+      { from = 1714; to = 1764; } # KDE Connect
+    ];
+  };
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+
+  time.timeZone = "Asia/Shanghai";
+}

modules/nixos/core/system.nix

@@ -0,0 +1,104 @@
+{ outputs, config, lib, ... }:
+
+{
+  security = {
+    sudo.enable = true;
+    polkit.enable = true;
+  };
+
+  services = {
+    printing.enable = true;
+    acpid.enable = true;
+    upower.enable = true;
+
+    openssh = {
+      enable = true;
+      # Forbid root login through SSH.
+      # Use keys only. Remove if you want to SSH using password (not recommended)
+      settings = {
+        # permitRootLogin = "no";
+        # passwordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        X11Forwarding = false;
+      };
+    };
+
+    avahi = {
+      enable = true;
+      nssmdns4 = true; # 非常重要，允许系统解析 .local 地址
+      openFirewall = true;
+    };
+
+    journald.extraConfig = ''
+      SystemMaxUse=500M
+      MaxFileSec=7day
+    '';
+  };
+
+  nix = {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      substituters = [
+        "https://mirrors.ustc.edu.cn/nix-channels/store"
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org/"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      trusted-users = [ "root" ];
+
+      # Enable local binary cache
+      keep-outputs = true;
+      keep-derivations = true;
+
+      max-jobs = "auto";
+      cores = 0; # Use all available cores
+
+      # Deduplicate and optimize nix store during build
+      # auto-optimise-store = true;
+    };
+
+    gc = {
+      automatic = true; # Enable automatic garbage collection
+      dates = "weekly"; # Execute garbage collection weekly
+      persistent = true; # Keep settings after reboot
+      randomizedDelaySec = "15min"; # Add up to 15 minutes of random delay
+      options = "--delete-older-than 30d"; # Delete files older than 30 days
+    };
+
+    # Automatically run garbage collection whenever there is not enough space left
+    # Free up to 5GiB whenever there is less than 1GiB left:
+    extraOptions = ''
+      min-free = ${toString (1 * 1024 * 1024 * 1024)}
+      max-free = ${toString (5 * 1024 * 1024 * 1024)}
+    '';
+  };
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+      # Add overlays your own flake exports (from overlays and pkgs dir):
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.unstable-packages
+
+      # You can also add overlays exported from other flakes:
+      # neovim-nightly-overlay.overlays.default
+
+      # Or define it inline, for example:
+      # (final: prev: {
+      #   hi = final.hello.overrideAttrs (oldAttrs: {
+      #     patches = [ ./change-hello-to-hi.patch ];
+      #   });
+      # })
+    ];
+    # Configure your nixpkgs instance
+    # 只有在没有使用外部创建的nixpkgs实例时才设置config
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+}

modules/nixos/fonts/default.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./fhs-fonts.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
+  fonts = {
+    # use fonts specified by user rather than default ones
+    enableDefaultPackages = false;
+    fontDir.enable = true;
+
+    packages = with pkgs; [
+      # Noto 系列字体是 Google 主导的，名字的含义是「没有豆腐」q（no tofu），因为缺字时显示的方框或者方框被叫作 tofu
+      # Noto 系列字族名只支持英文，命名规则是 Noto + Sans 或 Serif + 文字名称。
+      # 其中汉字部分叫 Noto Sans/Serif CJK SC/TC/HK/JP/KR，最后一个词是地区变种。
+      noto-fonts # 大部分文字的常见样式，不包含汉字
+      noto-fonts-cjk-sans # 汉字部分
+      noto-fonts-color-emoji # 彩色的表情符号字体
+
+      # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」，是由 Adobe + Google 共同开发的
+      source-sans # 无衬线字体，不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro，以及带字重的变体，加上 Source Sans 3 VF
+      source-serif # 衬线字体，不含汉字。字族名叫 Source Code Pro，以及带字重的变体
+      source-han-sans # 思源黑体
+      source-han-serif # 思源宋体
+
+      # nerdfonts
+      nerd-fonts.jetbrains-mono
+      # (nerdfonts.override {
+      #   fonts = [
+      #     # "FiraCode"
+      #     "JetBrainsMono"
+      #     # "Iosevka"
+      #   ];
+      # })
+
+    ];
+  };
+}

modules/nixos/fonts/fhs-fonts.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+{
+  system.fsPackages = [ pkgs.bindfs ];
+  fileSystems = let
+    mkRoSymBind = path: {
+      device = path;
+      fsType = "fuse.bindfs";
+      options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
+    };
+    aggregatedIcons = pkgs.buildEnv {
+      name = "system-icons";
+      paths = config.fonts.packages;
+      pathsToLink = [ "/share/icons" ];
+    };
+    aggregatedFonts = pkgs.buildEnv {
+      name = "system-fonts";
+      paths = config.fonts.packages;
+      pathsToLink = [ "/share/fonts" ];
+    };
+  in {
+    "/usr/share/icons" = mkRoSymBind "${aggregatedIcons}/share/icons";
+    "/usr/local/share/fonts" = mkRoSymBind "${aggregatedFonts}/share/fonts";
+  };
+}

modules/nixos/gnome.nix

@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+{
+  services.xserver = {
+    enable = true;
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+  };
+
+  environment = {
+    systemPackages = (with pkgs;[
+      gnome.gnome-tweaks
+    ]) ++ (with pkgs.gnomeExtensions;[
+      dash-to-dock
+      captivate # cap button indicator
+      appindicator # tray icon
+    ]);
+
+    gnome.excludePackages = (with pkgs; [
+      gnome-photos
+      gnome-tour
+      gnome-text-editor
+    ]) ++ (with pkgs.gnome; [
+      atomix # puzzle game
+      cheese # webcam tool
+      epiphany # web browser
+      # geary # email reader
+      evince # document viewer
+      gedit # text editor
+      gnome-contacts
+      gnome-maps
+      gnome-weather
+      gnome-music
+      gnome-characters
+      # gnome-terminal
+      hitori # sudoku game
+      iagno # go game
+      simple-scan
+      totem # video player
+      tali # poker game
+      yelp # help viewer
+    ]);
+  };
+}
+
+
+
+

modules/nixos/nvidia.nix

@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+  # Tell Xorg to use the nvidia driver (also valid for Wayland)
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  hardware = {
+  # Make sure opengl is enabled
+    graphics.enable = true;
+    nvidia = {
+
+      # Modesetting is needed for most Wayland compositors
+      modesetting.enable = true;
+
+      # Use the open source version of the kernel module
+      # Only available on driver 515.43.04+
+      open = false;
+
+      # Enable the nvidia settings menu
+      nvidiaSettings = true;
+
+      powerManagement.enable = true;
+
+      # Optionally, you may need to select the appropriate driver version for your specific GPU.
+      package = config.boot.kernelPackages.nvidiaPackages.stable;
+    };
+  };
+
+}

modules/nixos/samba.nix

@@ -0,0 +1,39 @@
+{ username, pkgs, ... }:
+{
+
+  services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
+  networking.firewall.allowedTCPPorts = [
+    5357 # wsdd
+  ];
+  networking.firewall.allowedUDPPorts = [
+    3702 # wsdd
+  ];
+  services.samba = {
+    enable = true;
+    settings = {
+      global = {
+        "workgroup" = "WORKGROUP";
+        "server string" = "smbnix";
+        "netbios name" = "smbnix";
+        "security" = "user";
+        #use sendfile = "yes"
+        #max protocol = "smb2"
+        # note: localhost is the ipv6 localhost ::1
+        "hosts allow" = "10.7.43. 127.0.0.1 localhost";
+        "hosts deny" = "0.0.0.0/0";
+        "guest account" = "nobody";
+        "map to guest" = "bad user";
+      };
+      tmp = {
+        path = "/home/${username}/tmp";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "${username}";
+        "force group" = "users";
+      };
+    };
+  };
+}

modules/nixos/sysatomic.nix

@@ -0,0 +1,61 @@
+# 配置原子系统, 使用 tmpfs 作为根文件系统, 并配置持久化存储
+{ inputs, config, pkgs, username, lib, ... }:
+{
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  # 启用 tmpfs 作为根文件系统
+  fileSystems."/" = lib.mkForce {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = [ "relatime" "mode=755" ];
+  };
+
+  # 将 /nix 目录绑定到持久化存储
+  fileSystems."/nix" = lib.mkForce {
+    device = "/dev/disk/by-label/nixos"; # 需要根据实际情况修改
+    fsType = "btrfs";
+    options = [ "compress-force=zstd" ];
+
+  };
+
+  # 配置持久化存储
+  environment.persistence."/nix/persistent" = {
+    hideMounts = true;
+    directories = [
+      "/etc/nixos"
+      "/etc/NetworkManager/system-connections"
+      "/var/log"
+      "/var/lib"
+      "/root"
+    ];
+
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+    ];
+
+    users.${username} = {
+      directories = [
+        ".config"
+        ".cache"
+        ".local"
+        ".ssh"
+        ".vscode"
+        ".npm"
+        ".nix"
+        "data"
+        "doc"
+      ];
+
+      files = [
+        ".zsh_history"
+        ".gitconfig"
+      ];
+    };
+  };
+}

modules/nixos/user.nix

@@ -0,0 +1,70 @@
+{ pkgs, username, ... }:
+
+let
+  binPath = "/run/current-system/sw/bin/";
+in
+{
+  nix.settings.trusted-users = [ username ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users = {
+    users."${username}" = {
+      # the hashed password with salt is generated by run `mkpasswd`.
+      hashedPassword = "$y$j9T$inkrp6FuM46uoPFVrOlbz1$igJed6pECf4AENVaLT4mk.Q4z02MmxjWnGo.OVvCyC.";
+      home = "/home/${username}";
+      isNormalUser = true;
+      description = username;
+      extraGroups = [
+        "users"
+        "wheel"
+        "networkmanager"
+        "audio"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCc62MxAVqX8LDFAiDiXlc8d3JU1S3xYVO8WpfgoVYPyrd2fkK2Dr1tSedJyGWc3ADOxzUbsTic8b1BOdmbx4ZPwI+a3nJrVVkmIRSAs5haEZqG8NXDv1kl4xL+J9tVA2jwScl6MRzqyVMgtIAvnsVW9+DrL2Y2b20NvuWz3XndZ8vEUFZLLCQJQRpGrY2ZnTvNXZo12GrD5daiMii52ZuhfNBx17oFnf70sj+phZbp5m2mKL9jfKaDSG+E7Pa/IbB/iivD/QSm0SueYXbsdtMBhtsxvH/i0pJogUlVpa42CRIDUVoHOvfk0Hk83xyIIl2b78xfGEyCQBBU6sSk726xXpqzfxJJ7FiYqhLMKKDFmD28EOs4BUveyZudWNcP0a1+uBBcrefNAwU6EOSg65BOxxvZFbNG1I7YDTiKvYFy965+WkN5QKbBVSy08ziS1MQt224ZooAdxCKESGRr9IqKvq9ONnb0MtmC4ht/n8U9VaeLVq3XDXZZHEUq0cw748k= alex@gaea"
+      ];
+    };
+  };
+
+  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
+  security.sudo = {
+    # wheelNeedsPassword = false;
+    extraRules = [
+      {
+        users = [ username ];
+        commands =
+          [
+            {
+              command = "${pkgs.systemd}/systemctl";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${binPath}/nix-store";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${binPath}/nixos-rebuild";
+              options = [ "NOPASSWD" "SETENV" ];
+            }
+            {
+              command = "${binPath}/reboot";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "${binPath}/poweroff";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "/run/wrappers/bin/mount";
+              options = [ "NOPASSWD" ];
+            }
+            {
+              command = "/run/wrappers/bin/umount";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+      }
+    ];
+  };
+}
+

modules/nixos/virtualize/android.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, lib, ... }:
+{
+  virtualisation.waydroid.enable = true; # need dns port
+  environment.systemPackages = [
+    pkgs.waydroid-script
+  ];
+}

modules/nixos/virtualize/appimage.nix

@@ -0,0 +1,9 @@
+{ config, pkgs, lib, ... }: 
+{
+  config = {
+    environment.systemPackages = with pkgs; [
+      appimage-run
+    ];
+
+  };
+}

modules/nixos/virtualize/docker.nix

@@ -0,0 +1,14 @@
+{ config, pkgs, lib, username, ... }:
+{
+  # Enable Docker
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "btrfs";
+  };
+
+  # Enable Podman
+  # virtualisation.podman.enable = true;
+  #virtualisation.podman.dockerCompat = true; # Create a `docker` alias for podman, to use it as a drop-in replacement
+
+  users.users.${username}.extraGroups = lib.mkIf config.virtualisation.docker.enable [ "docker" ];
+}

modules/nixos/virtualize/libvirtd/default.nix

@@ -0,0 +1,45 @@
+{ config, pkgs, lib, username, ... }:
+{
+
+  imports = [
+    ./hooks.nix
+  ];
+  
+  config = {
+
+    # Ref: https://nixos.wiki/wiki/NixOps/Virtualization
+
+    boot = {
+      kernelModules = [ "kvm-amd" "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
+      kernelParams = [ "amd_iommu=on" "intel_iommu=on" "iommu=pt" ];
+      # extraModprobeConfig = "options vfio-pci ids=8086:1901,10de:1b81,10de:10f0";
+    };
+    virtualisation.libvirtd = {
+      enable = true;
+      qemu = {
+        package = pkgs.qemu_kvm;
+        ovmf.enable = true;
+        ovmf.packages = [ pkgs.OVMFFull.fd ];
+        swtpm.enable = true;
+        runAsRoot = false;
+      };
+    };
+
+    # tpm
+    security.tpm2 = {
+      pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+      enable = true;
+      tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+    };
+
+    # Ref: https://nixos.wiki/wiki/Virt-manager
+
+    environment.systemPackages = with pkgs; [
+      virt-manager
+      virglrenderer
+      #virt-manager-qt
+    ];
+
+    users.users.${username}.extraGroups = lib.mkIf config.virtualisation.libvirtd.enable [ "libvirtd" "tss" ];
+  };
+}

modules/nixos/virtualize/libvirtd/hooks.nix

@@ -0,0 +1,37 @@
+{ pkgs, ... }:
+{
+  # Load Hooks for Libvirt
+  systemd.services.libvirtd.preStart = let
+    qemuHook = pkgs.writeScript "qemu-hook" ''
+      #!${pkgs.stdenv.shell}
+
+      GUEST_NAME="$1"
+      HOOK_NAME="$2"
+      STATE_NAME="$3"
+      MISC="$\{@:4}"
+
+      BASEDIR="$(dirname $0)"
+
+      HOOKPATH="$BASEDIR/qemu.d/$GUEST_NAME/$HOOK_NAME/$STATE_NAME"
+      set -e # If a script exits with an error, we should as well.
+
+      if [ -f "$HOOKPATH" ]; then
+      eval \""$HOOKPATH"\" "$@"
+      elif [ -d "$HOOKPATH" ]; then
+      while read file; do
+        eval \""$file"\" "$@"
+      done <<< "$(find -L "$HOOKPATH" -maxdepth 1 -type f -executable -print;)"
+      fi
+    '';
+  in ''
+    mkdir -p /var/lib/libvirt/hooks
+    chmod 755 /var/lib/libvirt/hooks
+
+    # Copy hook files
+    ln -sf ${qemuHook} /var/lib/libvirt/hooks/qemu
+    cp -rfT ${./qemu.d} /var/lib/libvirt/hooks/qemu.d
+
+    # Make executable
+    chmod -R +x /var/lib/libvirt/hooks/qemu.d/
+  '';
+}

modules/nixos/virtualize/libvirtd/qemu.d/win11/prepare/begin/start.sh

@@ -0,0 +1,44 @@
+#!/run/current-system/sw/bin/bash
+set -x
+
+# Xpad affects the work of the xbox controller and its wireless adapter
+# The xpad will shake hands with the handle/wireless adapter when it is plugged in. At this time, 
+# if you pass the usb device directly to the virtual machine, the xbox handle will not re-handshake with the root of windows,
+# which will eventually cause it to fail to work.
+# I can't find a way to make the usb device passthrough into the virtual machine from before/when it is plugged in,
+# so I suggest you disable this driver if you need to use the gamepad in virtual machine
+modprobe -r xpad
+
+# dGPU PCI slots
+pci_slot="01:00"
+
+# Determine whether the graphics card has been used by VFIO kernel modules
+if [ -z "$(lspci -k -s $pci_slot | grep vfio_pci)" ]; then
+    # Determine whether nvidia kernel modules has been loaded
+    lsmod_result=$(lsmod | grep nvidia)
+    if [ -n "$lsmod_result" ]; then
+        # Stop display manager
+        systemctl stop display-manager
+
+        sleep 2
+
+        # Unload NVIDIA kernel modules
+        modprobe -r nvidia_drm nvidia_modeset nvidia_uvm nvidia
+
+        # Unload AMD kernel module
+        # modprobe -r amdgpu
+    fi
+
+    # Detach GPU devices from host
+    # Use your GPU and HDMI Audio PCI host device
+    virsh nodedev-detach pci_0000_01_00_0
+    virsh nodedev-detach pci_0000_01_00_1
+
+    # Load vfio module
+    modprobe vfio_pci
+
+    if [ -n "$lsmod_result" ]; then
+        # Restart Display Manager
+        systemctl start display-manager
+    fi
+fi

modules/nixos/virtualize/libvirtd/qemu.d/win11/release/end/stop.sh

@@ -0,0 +1,13 @@
+#!/run/current-system/sw/bin/bash
+set -x
+
+# Load Xpad
+modprobe nvidia_drm nvidia_modeset nvidia_uvm nvidia xpad
+
+# Attach GPU devices to host
+# Use your GPU and HDMI Audio PCI host device
+virsh nodedev-reattach pci_0000_01_00_0
+virsh nodedev-reattach pci_0000_01_00_1
+
+# Unload vfio module
+modprobe -r vfio_pci

modules/nixos/virtualize/nixos-generators.nix

@@ -0,0 +1,6 @@
+{ config, pkgs, lib, ... }: 
+{
+  environment.systemPackages = with pkgs; [
+    nixos-generators
+  ];
+}

modules/nixos/virtualize/virtualbox.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, lib, ... }: 
+{
+  config = {
+    # Enable virtualbox
+    # Ref: https://nixos.wiki/wiki/Virtualbox
+    #virtualisation.virtualbox.host.enable = true;
+    #virtualisation.virtualbox.host.enableExtensionPack = true; //NOTE: this is unfree
+    #users.extraGroups.vboxusers.members = [ config.owner ];
+
+    environment.systemPackages = with pkgs; [
+      #linuxPackages_latest.virtualboxGuestAdditions
+    ];
+
+  };
+}

modules/nixos/virtualize/wine.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }: 
+{
+  config = {
+    environment.systemPackages = with pkgs; [
+      ## [wine] see: https://nixos.wiki/wiki/Wine
+      #wineWowPackages.staging
+      #wineWowPackages.fonts
+      #winetricks
+    ];
+
+  };
+}

modules/nixos/zfs.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+{
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  };
+}