L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 2 Releases Wiki Activity

flake: reformat all
Some checks failed
nix / check (push) Failing after 31s
Details

Browse Source 
new: packages: bonvim, nixvim configuration of neovim
remove: config: hyprland -> declarative
remove: config: nvim
nixosModules: structure with categories
new: configurations: concept of preconfigured modules
catarina: disable papermc server
catarina: hydra server
flake: hydraJobs outputs
This commit is contained in:
L-Nafaryus 2024-07-08 15:07:24 +05:00
parent 26088b3368
commit 008b4ad3a4
Signed by: L-Nafaryus
GPG Key ID: 553C97999B363D38
53 changed files with 4126 additions and 3205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.editorconfig Normal file
View File

@ -0,0 +1,4 @@
indent_style = "space"
indent_size = 4
end_of_line = "cr"
charset = "utf-8"

28
apps/default.nix
View File

@ -1,14 +1,16 @@
{ self, nixpkgs, ... }: {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; nixpkgs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); ...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in
forAllSystems (system: let
pkgs = nixpkgsFor.${system};
in forAllSystems(system: let bonfire = self;
pkgs = nixpkgsFor.${system}; bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
bonfire = self; in {
bonfire-lib = self.lib; })
bonfire-pkgs = self.packages.${system};
in {
})

31
config/git/config
View File

@ -1,31 +0,0 @@
[user]
name = L-Nafaryus
email = l.nafaryus@gmail.com
signingKey = 86F1EA98B48FFB19
[commit]
gpgsign = true
[tag]
gpgsign = true
[init]
defaultBranch = master
[diff]
submodule = log
[color]
diff = auto
status = auto
branch = auto
[core]
quotePath = false
commitGraph = true
whitespace = trailing-space
[receive]
advertisePushOptions = true
[gc]
writeCommitGraph = true
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
[filter "lfs"]
required = true
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process

281
config/hypr/hyprland.conf
View File

@ -1,281 +0,0 @@
# #######################################################################################
# AUTOGENERATED HYPR CONFIG.
# PLEASE USE THE CONFIG PROVIDED IN THE GIT REPO /examples/hypr.conf AND EDIT IT,
# OR EDIT THIS ONE ACCORDING TO THE WIKI INSTRUCTIONS.
# #######################################################################################
autogenerated = 0 # remove this line to remove the warning
# This is an example Hyprland config file.
# Refer to the wiki for more information.
# https://wiki.hyprland.org/Configuring/Configuring-Hyprland/
# Please note not all available settings / options are set here.
# For a full list, see the wiki
# You can split this configuration into multiple files
# Create your files separately and then link them to this file like this:
# source = ~/.config/hypr/myColors.conf
################
### MONITORS ###
################
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor = desc:AOC Q27B3MA 17ZPAHA006135, 2560x1440@75, 0x0, auto
monitor = desc:AOC Q27G2G3R3B 137P4HA000540, 2560x1440@165, 2560x0, auto
monitor = Unknown-1, disable
###################
### MY PROGRAMS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use
$terminal = alacritty
$fileManager = dolphin
$menu = rofi -show drun
#################
### AUTOSTART ###
#################
# Autostart necessary processes (like notifications daemons, status bars, etc.)
# Or execute your favorite apps at launch like this:
# exec-once = $terminal
# exec-once = nm-applet &
# exec-once = waybar & hyprpaper & firefox
exec-once = eww daemon
exec-once = eww open topbar
exec-once = nm-applet --indicator &
exec-once = blueman-applet &
exec-once = wl-gammarelay-rs run &
exec-once = systemctl --user start hypridle
exec-once = wl-paste --type text --watch cliphist store #Stores only text data
exec-once = wl-paste --type image --watch cliphist store #Stores only image data
exec-once = swww-daemon & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160.png & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160a.gif
#############################
### ENVIRONMENT VARIABLES ###
#############################
# See https://wiki.hyprland.org/Configuring/Environment-variables/
env = XCURSOR_SIZE,16
env = HYPRCURSOR_SIZE,16
env = WLR_DRM_NO_ATOMIC,1
#####################
### LOOK AND FEEL ###
#####################
# Refer to https://wiki.hyprland.org/Configuring/Variables/
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 5
gaps_out = 5
border_size = 2
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true
layout = dwindle
}
# https://wiki.hyprland.org/Configuring/Variables/#decoration
decoration {
rounding = 5
# Change transparency of focused and unfocused windows
active_opacity = 1.0
inactive_opacity = 0.95
drop_shadow = true
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur {
enabled = true
size = 3
passes = 1
vibrancy = 0.1696
}
}
# https://wiki.hyprland.org/Configuring/Variables/#animations
animations {
enabled = true
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle {
pseudotile = true # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true # You probably want this
}
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master {
new_is_master = true
}
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
force_default_wallpaper = -1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false # If true disables the random hyprland logo / anime girl background. :(
}
#############
### INPUT ###
#############
# https://wiki.hyprland.org/Configuring/Variables/#input
input {
kb_layout = us,ru
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = false
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
####################
### KEYBINDINGSS ###
####################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = SUPER, Q, exec, $terminal
bind = SUPER, C, killactive,
bind = SUPER, M, exit,
bind = SUPER, E, exec, $fileManager
bind = SUPER, V, togglefloating,
bind = SUPER, F, fullscreen,
bind = SUPER, R, exec, $menu
bind = SUPER, P, pseudo, # dwindle
bind = SUPER, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = SUPER, left, movefocus, l
bind = SUPER, right, movefocus, r
bind = SUPER, up, movefocus, u
bind = SUPER, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = SUPER, 1, workspace, 1
bind = SUPER, 2, workspace, 2
bind = SUPER, 3, workspace, 3
bind = SUPER, 4, workspace, 4
bind = SUPER, 5, workspace, 5
bind = SUPER, 6, workspace, 6
bind = SUPER, 7, workspace, 7
bind = SUPER, 8, workspace, 8
bind = SUPER, 9, workspace, 9
bind = SUPER, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = SUPER SHIFT, 1, movetoworkspace, 1
bind = SUPER SHIFT, 2, movetoworkspace, 2
bind = SUPER SHIFT, 3, movetoworkspace, 3
bind = SUPER SHIFT, 4, movetoworkspace, 4
bind = SUPER SHIFT, 5, movetoworkspace, 5
bind = SUPER SHIFT, 6, movetoworkspace, 6
bind = SUPER SHIFT, 7, movetoworkspace, 7
bind = SUPER SHIFT, 8, movetoworkspace, 8
bind = SUPER SHIFT, 9, movetoworkspace, 9
bind = SUPER SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = SUPER, S, togglespecialworkspace, magic
bind = SUPER SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = SUPER, mouse_down, workspace, e+1
bind = SUPER, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = SUPER, mouse:272, movewindow
bindm = SUPER, mouse:273, resizewindow
bindel = , XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+
bindel = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
bindl = , XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
bindl = , XF86AudioPrev, exec, playerctl previous
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioNext, exec, playerctl next
bindl = , XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500
bindl = , XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500
bindl = SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1
bindl = SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1
bind = SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next
bind = , PRINT, exec, hyprshot -m region
bind = SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy
#bind = CTRL, V, exec, wl-paste
##############################
### WINDOWS AND WORKSPACES ###
##############################
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# See https://wiki.hyprland.org/Configuring/Workspace-Rules/ for workspace rules
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
windowrulev2 = float, class:^(steam_app.*)$
windowrulev2 = immediate, class:^(steam_app.*)$
windowrulev2 = float, class:^(steam_proton.*)$

15
config/nvim/.neoconf.json
View File

@ -1,15 +0,0 @@
{
"neodev": {
"library": {
"enabled": true,
"plugins": true
}
},
"neoconf": {
"plugins": {
"lua_ls": {
"enabled": true
}
}
}
}

29
config/nvim/ginit.vim
View File

@ -1,29 +0,0 @@
" Enable Mouse
set mouse=a
" Set Editor Font
if exists(':GuiFont')
" Use GuiFont! to ignore font errors
GuiFont MesloLGS Nerd Font Mono:h10
endif
" Disable GUI Tabline
if exists(':GuiTabline')
GuiTabline 0
endif
" Disable GUI Popupmenu
if exists(':GuiPopupmenu')
GuiPopupmenu 0
endif
" Enable GUI ScrollBar
if exists(':GuiScrollBar')
GuiScrollBar 0
endif
" Right Click Context Menu (Copy-Cut-Paste)
nnoremap <silent><RightMouse> :call GuiShowContextMenu()<CR>
inoremap <silent><RightMouse> <Esc>:call GuiShowContextMenu()<CR>
xnoremap <silent><RightMouse> :call GuiShowContextMenu()<CR>gv
snoremap <silent><RightMouse> <C-G>:call GuiShowContextMenu()<CR>gv

7
config/nvim/init.lua
View File

@ -1,7 +0,0 @@
-- bootstrap lazy.nvim, LazyVim and your plugins
require("config.lazy")
vim.o.tabstop = 4 -- A TAB character looks like 4 spaces
vim.o.expandtab = true -- Pressing the TAB key will insert spaces instead of a TAB character
vim.o.softtabstop = 4 -- Number of spaces inserted instead of a TAB character
vim.o.shiftwidth = 4 -- Number of spaces inserted when indenting

3
config/nvim/lua/config/autocmds.lua
View File

@ -1,3 +0,0 @@
-- Autocmds are automatically loaded on the VeryLazy event
-- Default autocmds that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/autocmds.lua
-- Add any additional autocmds here

15
config/nvim/lua/config/keymaps.lua
View File

@ -1,15 +0,0 @@
-- Keymaps are automatically loaded on the VeryLazy event
-- Default keymaps that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/keymaps.lua
-- Add any additional keymaps here
-- Move to window
vim.keymap.set("n", "<C-Left>", "<C-w>h", { desc = "Go to left window", remap = true })
vim.keymap.set("n", "<C-Down>", "<C-w>j", { desc = "Go to lower window", remap = true })
vim.keymap.set("n", "<C-Up>", "<C-w>k", { desc = "Go to upper window", remap = true })
vim.keymap.set("n", "<C-Right>", "<C-w>l", { desc = "Go to right window", remap = true })
-- Resize window using <ctrl> arrow keys
vim.keymap.set("n", "<C-k>", "<cmd>resize +2<cr>", { desc = "Increase window height" })
vim.keymap.set("n", "<C-l>", "<cmd>resize -2<cr>", { desc = "Decrease window height" })
vim.keymap.set("n", "<C-h>", "<cmd>vertical resize -2<cr>", { desc = "Decrease window width" })
vim.keymap.set("n", "<C-j>", "<cmd>vertical resize +2<cr>", { desc = "Increase window width" })

46
config/nvim/lua/config/lazy.lua
View File

@ -1,46 +0,0 @@
local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim"
if not vim.loop.fs_stat(lazypath) then
-- bootstrap lazy.nvim
-- stylua: ignore
vim.fn.system({ "git", "clone", "--filter=blob:none", "https://github.com/folke/lazy.nvim.git", "--branch=stable", lazypath })
end
vim.opt.rtp:prepend(vim.env.LAZY or lazypath)
require("lazy").setup({
spec = {
-- add LazyVim and import its plugins
{ "LazyVim/LazyVim", import = "lazyvim.plugins" },
-- import any extras modules here
-- { import = "lazyvim.plugins.extras.lang.typescript" },
-- { import = "lazyvim.plugins.extras.lang.json" },
-- { import = "lazyvim.plugins.extras.ui.mini-animate" },
-- import/override with your plugins
{ import = "plugins" },
},
defaults = {
-- By default, only LazyVim plugins will be lazy-loaded. Your custom plugins will load during startup.
-- If you know what you're doing, you can set this to `true` to have all your custom plugins lazy-loaded by default.
lazy = false,
-- It's recommended to leave version=false for now, since a lot the plugin that support versioning,
-- have outdated releases, which may break your Neovim install.
version = false, -- always use the latest git commit
-- version = "*", -- try installing the latest stable version for plugins that support semver
},
install = { colorscheme = { "tokyonight", "habamax" } },
checker = { enabled = true }, -- automatically check for plugin updates
performance = {
rtp = {
-- disable some rtp plugins
disabled_plugins = {
"gzip",
-- "matchit",
-- "matchparen",
-- "netrwPlugin",
"tarPlugin",
"tohtml",
"tutor",
"zipPlugin",
},
},
},
})

3
config/nvim/lua/config/options.lua
View File

@ -1,3 +0,0 @@
-- Options are automatically loaded before lazy.nvim startup
-- Default options that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/options.lua
-- Add any additional options here

70
config/nvim/lua/plugins/user.lua
View File

@ -1,70 +0,0 @@
return {
{
"ellisonleao/gruvbox.nvim",
},
{
"folke/tokyonight.nvim",
style = "moon",
priority = 1000,
},
{ "skywind3000/asyncrun.vim" },
-- Configure LazyVim to load gruvbox
{
"LazyVim/LazyVim",
opts = {
colorscheme = "tokyonight",
},
},
{ "equalsraf/neovim-gui-shim" },
{
"nvim-neo-tree/neo-tree.nvim",
opts = {
filesystem = {
filtered_items = {
hide_dotfiles = false,
hide_gitignored = false,
},
use_libuv_file_watcher = true,
},
},
},
{
"folke/trouble.nvim",
dependencies = { "nvim-tree/nvim-web-devicons" },
},
{
"nvim-orgmode/orgmode",
dependencies = {
{ "nvim-treesitter/nvim-treesitter", lazy = true },
},
event = "VeryLazy",
config = function()
require("orgmode").setup_ts_grammar()
require("nvim-treesitter.configs").setup({
highlight = {
enable = true,
additional_vim_regex_highlighting = { "org" },
},
ensure_installed = { "org" },
})
require("orgmode").setup()
end,
},
{
"williamboman/mason.nvim",
config = function()
require("mason").setup({ PATH = "append" })
end
}
}

4
config/nvim/stylua.toml
View File

@ -1,4 +0,0 @@
indent_type = "Spaces"
indent_width = 4
column_width = 120

629
configurations/bonvim.nix Normal file
View File

@ -0,0 +1,629 @@
{
config,
lib,
pkgs,
rustc ? pkgs.rustc,
cargo ? pkgs.cargo,
rust-analyzer ? pkgs.rust-analyzer,
...
}: {
# General
globals.mapleader = " ";
opts = {
# Show line numbers
number = true;
relativenumber = true;
# Tab need 4 spaces please
expandtab = true;
tabstop = 4;
softtabstop = 4;
shiftwidth = 4;
showtabline = 4;
# Hide * markup
conceallevel = 2;
# Confirm on save
confirm = true;
cursorline = true;
# Invisible characters I see you
list = true;
ignorecase = true;
grepprg = "${lib.getExe pkgs.ripgrep} --vimgrep";
termguicolors = true;
# Splits
splitbelow = true;
splitright = true;
splitkeep = "screen";
# U, u, undo
undofile = true;
undolevels = 10000;
updatetime = 200;
# Command line completion mode
wildmode = "longest:full,full";
smoothscroll = true;
autowrite = true;
};
globals = {
bigfile_size = 1024 * 1024 * 1.5;
};
editorconfig.enable = true;
# Clipboard
clipboard = {
register = "unnamedplus";
providers.wl-copy.enable = true;
};
# Copy/paste
plugins.yanky = {
enable = true;
systemClipboard.syncWithRing = true;
};
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
# Theme
colorschemes.catppuccin = {
enable = true;
settings = {
flavour = "macchiato";
no_bold = false;
no_italic = false;
no_underline = false;
integrations = {
cmp = true;
notify = true;
gitsigns = true;
neotree = true;
which_key = true;
illuminate = {
enabled = true;
};
treesitter = true;
telescope.enabled = true;
indent_blankline.enabled = true;
mini.enabled = true;
native_lsp = {
enabled = true;
inlay_hints = {
background = true;
};
underlines = {
errors = ["underline"];
hints = ["underline"];
information = ["underline"];
warnings = ["underline"];
};
};
};
};
};
# File tree
plugins.neo-tree = {
enable = true;
filesystem = {
useLibuvFileWatcher = true;
filteredItems = {
hideDotfiles = false;
hideGitignored = false;
};
};
defaultComponentConfigs = {
indent = {
withExpanders = true;
expanderCollapsed = "";
expanderExpanded = "";
expanderHighlight = "NeoTreeExpander";
};
};
};
# UI
plugins.noice = {
enable = true;
lsp.override = {
"cmp.entry.get_documentation" = true;
"vim.lsp.util.convert_input_to_markdown_lines" = true;
"vim.lsp.util.stylize_markdown" = true;
};
presets = {
long_message_to_split = true;
};
};
plugins.dressing = {
enable = true;
};
# Status line
plugins.bufferline = {
enable = true;
diagnostics = "nvim_lsp";
mode = "buffers";
offsets = [
{
filetype = "neo-tree";
text = "Neo-tree";
highlight = "Directory";
text_align = "left";
}
];
};
plugins.lualine = {
enable = true;
globalstatus = true;
extensions = ["neo-tree"];
sections = {
lualine_a = [
{
name = "mode";
separator.right = "";
}
];
lualine_b = [
{
name = "branch";
icon = "";
separator.right = "";
}
];
lualine_c = [
{
name = "diagnostics";
separator.right = ">";
extraConfig = {
sources = ["nvim_lsp"];
symbols = {
error = " ";
warn = " ";
info = " ";
hint = "󰝶 ";
};
};
}
{
name = "filetype";
extraConfig = {
icon_only = true;
separator = "";
padding = {
left = 1;
right = 0;
};
};
}
{
name = "filename";
extraConfig = {
path = 1;
};
}
];
lualine_x = [
{
name = "diff";
extraConfig = {
symbols = {
added = " ";
modified = " ";
removed = " ";
};
source.__raw = ''
function()
local gitsings = vim.b.gitsigns_status_dict
if gitsigns then
return {
added = gitigns.added,
modified = gitigns.changed,
removed = gitigns.removed
}
end
end
'';
};
}
];
lualine_y = [
{
separator.left = "";
name = "progress";
padding = {
left = 1;
right = 0;
};
}
{
name = "location";
padding = {
left = 0;
right = 1;
};
}
];
lualine_z = [
{
separator.left = "";
fmt = ''
function(text)
return " " .. os.date("%R")
end
'';
}
];
};
};
plugins.notify.enable = true;
plugins.project-nvim = {
enable = true;
enableTelescope = true;
showHidden = true;
};
# Syntax highlight
plugins.treesitter = {
enable = true;
};
plugins.treesitter-textobjects.enable = true;
# Double trouble of your code
plugins.trouble = {
enable = true;
};
# Multifile search/replace
plugins.spectre = {
enable = true;
findPackage = pkgs.ripgrep;
replacePackage = pkgs.gnused;
};
plugins.which-key = {
enable = true;
icons.group = "+";
registrations = {
"<leader>g" = "+ Git";
"<leader>c" = "+ Code";
"<leader>s" = "+ Search";
"<leader>w" = "+ Window";
"<leader>q" = "+ Quit";
};
};
# LSP
plugins = {
lsp-lines.enable = true;
lsp-format.enable = true;
lsp = {
enable = true;
inlayHints = true;
keymaps = {
# vim.diagnostic.<action>
diagnostic = {
"<leader>cd" = {
action = "open_float";
desc = "Line diagnostics";
};
};
# vim.lsp.buf.<action>
lspBuf = {
"K" = "hover";
"gK" = "signature_help";
"gr" = "references";
"gd" = "definition";
"gi" = "implementation";
"gt" = "type_definition";
"cr" = "rename";
"cf" = "format";
};
extra = [
{
key = "<leader>cf";
action.__raw = "vim.lsp.buf.format";
options.desc = "Format";
}
];
};
servers = {
clangd = {
enable = true;
cmd = [
"${config.plugins.lsp.servers.clangd.package}/bin/clangd"
"--background-index"
"--clang-tidy"
"--header-insertion=iwyu"
"--completion-style=detailed"
"--function-arg-placeholders"
"--fallback-style=llvm"
];
};
cmake.enable = true;
nil-ls.enable = true;
# pylyzer.enable = true; # not working with virtual environments currently :(
pylsp = {
enable = true;
settings.plugins = {
pyflakes.enabled = true;
black.enabled = true;
};
};
rust-analyzer = {
enable = true;
package = rust-analyzer;
cargoPackage = cargo;
rustcPackage = rustc;
installCargo = true;
installRustc = true;
};
volar.enable = true;
tailwindcss.enable = true;
marksman.enable = true;
};
};
};
# VCS
plugins.gitsigns = {
enable = true;
settings = {
signs = {
add = {
text = "";
};
change = {
text = "";
};
delete = {
text = "";
};
untracked = {
text = "";
};
topdelete = {
text = "";
};
changedelete = {
text = "";
};
};
};
};
plugins.lazygit.enable = true;
# Formatting
plugins.none-ls = {
enable = true;
# nix
sources.formatting.alejandra.enable = true;
};
# Search, search, search
plugins.telescope = {
enable = true;
extensions.fzf-native.enable = true;
keymaps = {
"<leader>sgf" = {
action = "git_files";
options = {
desc = "Files";
};
};
"<leader>sgc" = {
action = "git_commits";
options = {
desc = "Commits";
};
};
"<leader>sgs" = {
action = "git_status";
options = {
desc = "Status";
};
};
"<leader>sk" = {
action = "keymaps";
options = {
desc = "Key Maps";
};
};
"<leader>sf" = {
action = "live_grep";
options = {
desc = "Grep Root Directory";
};
};
};
};
plugins.todo-comments.enable = true;
# Terminal
plugins.toggleterm = {
enable = true;
settings = {
direction = "float";
open_mapping = "[[<c-/>]]";
};
};
# Completion
plugins = {
cmp = {
enable = true;
settings = {
sources = [
{
name = "nvim_lsp";
}
{
name = "path";
}
{
name = "buffer";
}
];
experimental = {
ghost_text = {
hl_group = "CmpGhostText";
};
};
mapping = {
"<c-space>" = "cmp.mapping.complete()";
"<cr>" = "cmp.mapping.confirm({ select = true; })";
};
};
};
cmp-nvim-lsp.enable = true;
cmp-path.enable = true;
cmp-buffer.enable = true;
};
# Keymaps
keymaps = [
# General
{
mode = "n";
key = "<leader>qq";
action = "<cmd>qa<cr>";
options = {desc = "Quit All";};
}
{
mode = "n";
key = "<leader>ww";
action = "<C-W>p";
options = {desc = "Other Window";};
}
{
mode = "n";
key = "<leader>wd";
action = "<C-W>c";
options = {desc = "Delete Window";};
}
{
mode = "n";
key = "<leader>ws";
action = "<C-W>s";
options = {desc = "Split Below";};
}
{
mode = "n";
key = "<leader>wv";
action = "<C-W>v";
options = {desc = "Split Right";};
}
{
mode = "n";
key = "<C-Left>";
action = "<C-W>h";
options = {desc = "Go To Left Window";};
}
{
mode = "n";
key = "<C-Down>";
action = "<C-W>j";
options = {desc = "Go To Lower Window";};
}
{
mode = "n";
key = "<C-Up>";
action = "<C-W>k";
options = {desc = "Go To Upper Window";};
}
{
mode = "n";
key = "<C-Right>";
action = "<C-W>l";
options = {desc = "Go To Right Window";};
}
{
mode = "v";
key = ">";
action = ">gv";
options = {desc = "Indent right selected text";};
}
{
mode = "v";
key = "<";
action = "<gv";
options = {desc = "Indent left selected text";};
}
# Clipboard
{
mode = ["n" "x"];
key = "y";
action = "<Plug>(YankyYank)";
options = {desc = "Yank Text";};
}
{
mode = ["n" "x"];
key = "p";
action = "<Plug>(YankyPutAfter)";
options = {desc = "Put Yanked Text After Cursor";};
}
{
mode = ["n" "x"];
key = "P";
action = "<Plug>(YankyPutBefore)";
options = {desc = "Put Yanked Text Before Cursor";};
}
{
mode = ["n" "x"];
key = "gp";
action = "<Plug>(YankyGPutAfter)";
options = {desc = "Put Yanked Text After Selection";};
}
{
mode = ["n" "x"];
key = "gP";
action = "<Plug>(YankyGPutBefore)";
options = {desc = "Put Yanked Text Befor Selection";};
}
{
mode = "n";
key = "<leader>cl";
action.__raw = ''require("lsp_lines").toggle'';
options = {desc = "Toggle LSP lines";};
}
# Terminal
{
mode = "t";
key = "<esc><esc>";
action = "<c-\\><c-n>";
options = {desc = "Enter Normal Mode";};
}
# Etc
{
mode = "n";
key = "<leader>e";
action = "<cmd>Neotree toggle<cr>";
options = {desc = "Open/Close Neotree";};
}
{
mode = "n";
key = "<leader>gg";
action = "<cmd>LazyGit<cr>";
options = {
desc = "LazyGit (root dir)";
};
}
];
}

7
configurations/default.nix Normal file
View File

@ -0,0 +1,7 @@
{
self,
inputs,
...
}: {
bonvim = ./bonvim.nix;
}

20
devShells/bonfire.nix
View File

@ -1,13 +1,9 @@
{ crane-lib, pkgs, ... }: {pkgs, ...}:
crane-lib.devShell { pkgs.mkShellNoCC {
packages = with pkgs; [ packages = with pkgs; [
sops sops
mkpasswd mkpasswd
nil jq
jq cachix
cachix ];
nodejs
python3
marksman
];
} }

35
devShells/default.nix
View File

@ -1,22 +1,25 @@
# self.devShells.${system} # self.devShells.${system}
# #
{ self, nixpkgs, ... }: {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; nixpkgs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); ...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in
forAllSystems (system: let
environment = rec {
pkgs = nixpkgsFor.${system};
in forAllSystems(system: bonfire = self;
let environment = { bonfire-lib = self.lib;
pkgs = nixpkgsFor.${system}; bonfire-pkgs = self.packages.${system};
bonfire = self;
bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
crane = self.inputs.crane;
crane-lib = self.inputs.crane.lib.${system};
}; in {
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
};
in {
default = import ./bonfire.nix environment; default = import ./bonfire.nix environment;
netgen = import ./netgen.nix environment; netgen = import ./netgen.nix environment;
@ -27,4 +30,4 @@ in forAllSystems(system:
rust-x11 = import ./rust-x11.nix environment; rust-x11 = import ./rust-x11.nix environment;
go = import ./go.nix environment; go = import ./go.nix environment;
}) })

18
devShells/go.nix
View File

@ -1,11 +1,11 @@
{ pkgs, ... }: {pkgs, ...}:
pkgs.mkShellNoCC { pkgs.mkShellNoCC {
packages = with pkgs; [ packages = with pkgs; [
go go
gopls gopls
gotools gotools
go-tools go-tools
golangci-lint golangci-lint
gnumake gnumake
]; ];
} }

16
devShells/netgen.nix
View File

@ -1,9 +1,13 @@
{ pkgs, bonfire-pkgs, ... }: {
pkgs,
bonfire-pkgs,
...
}:
pkgs.mkShellNoCC { pkgs.mkShellNoCC {
packages = [ packages = [
bonfire-pkgs.netgen bonfire-pkgs.netgen
pkgs.python3 pkgs.python3
]; ];
shellHook = bonfire-pkgs.netgen.passthru.shellHook; shellHook = bonfire-pkgs.netgen.passthru.shellHook;
} }

16
devShells/openfoam.nix
View File

@ -1,9 +1,13 @@
{ pkgs, bonfire-pkgs, ... }: {
pkgs,
bonfire-pkgs,
...
}:
pkgs.mkShellNoCC { pkgs.mkShellNoCC {
packages = [ packages = [
bonfire-pkgs.openfoam bonfire-pkgs.openfoam
pkgs.mpi pkgs.mpi
]; ];
shellHook = bonfire-pkgs.openfoam.passthru.shellHook; shellHook = bonfire-pkgs.openfoam.passthru.shellHook;
} }

44
devShells/rust-x11.nix
View File

@ -1,23 +1,27 @@
{ pkgs, crane-lib, ... }: {
pkgs,
crane-lib,
...
}:
crane-lib.devShell rec { crane-lib.devShell rec {
packages = with pkgs; [ packages = with pkgs; [
lld lld
pkg-config pkg-config
libGL libGL
vulkan-loader vulkan-loader
vulkan-headers vulkan-headers
vulkan-tools vulkan-tools
vulkan-validation-layers vulkan-validation-layers
xorg.libXi xorg.libXi
xorg.libX11 xorg.libX11
xorg.libXcursor xorg.libXcursor
xorg.libXrandr xorg.libXrandr
libxkbcommon libxkbcommon
libudev-zero libudev-zero
alsa-lib alsa-lib
]; ];
shellHook = '' shellHook = ''
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.lib.makeLibraryPath packages}" export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.lib.makeLibraryPath packages}"
''; '';
} }

12
devShells/rust.nix
View File

@ -1,6 +1,10 @@
{ pkgs, crane-lib, ... }: {
pkgs,
crane-lib,
...
}:
crane-lib.devShell { crane-lib.devShell {
packages = [ packages = [
pkgs.cargo-watch pkgs.cargo-watch
]; ];
} }

364
flake.lock
View File

@ -52,7 +52,7 @@
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane_2",
"fenix": "fenix_2", "fenix": "fenix_2",
"home-manager": "home-manager_2", "home-manager": "home-manager_3",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixos-mailserver": "nixos-mailserver_2", "nixos-mailserver": "nixos-mailserver_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
@ -78,7 +78,7 @@
"crane": "crane_3", "crane": "crane_3",
"devenv": "devenv", "devenv": "devenv",
"fenix": "fenix_3", "fenix": "fenix_3",
"home-manager": "home-manager_3", "home-manager": "home-manager_4",
"nixgl": "nixgl_2", "nixgl": "nixgl_2",
"nixos-mailserver": "nixos-mailserver_3", "nixos-mailserver": "nixos-mailserver_3",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
@ -142,11 +142,11 @@
}, },
"catppuccin": { "catppuccin": {
"locked": { "locked": {
"lastModified": 1718339789, "lastModified": 1719758387,
"narHash": "sha256-Q3fgY7huFE+uaw7BNsAl1x+FvjDAi3EDWPnlALJt5pM=", "narHash": "sha256-bMaI1jJNzIZar4TP/hhoPQROqqcbD6zT6O+sqIJdp8c=",
"owner": "catppuccin", "owner": "catppuccin",
"repo": "nix", "repo": "nix",
"rev": "73e06d5bd7ed34bdd0168030893ef8364fdc1d4a", "rev": "9eb0610d48dd0e1fecf772bbdacf9050d7b82d7c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -162,11 +162,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718474113, "lastModified": 1719685792,
"narHash": "sha256-UKrfy/46YF2TRnxTtKCYzqf2f5ZPRRWwKCCJb7O5X8U=", "narHash": "sha256-WIoVERD4AN6CmfGSRPy3mfPx2dDbRHgzP2V8z6aNbaY=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "0095fd8ea00ae0a9e6014f39c375e40c2fbd3386", "rev": "aa5dcd0518a422dfd545d565f0d5a25971fea52a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -224,7 +224,7 @@
"devenv": { "devenv": {
"inputs": { "inputs": {
"cachix": "cachix", "cachix": "cachix",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_6",
"nix": "nix_2", "nix": "nix_2",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -288,6 +288,28 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -296,11 +318,11 @@
"rust-analyzer-src": [] "rust-analyzer-src": []
}, },
"locked": { "locked": {
"lastModified": 1717827974, "lastModified": 1719815435,
"narHash": "sha256-ixopuTeTouxqTxfMuzs6IaRttbT8JqRW5C9Q/57WxQw=", "narHash": "sha256-K2xFp142onP35jcx7li10xUxNVEVRWjAdY8DSuR7Naw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "ab655c627777ab5f9964652fe23bbb1dfbd687a8", "rev": "ebfe2c639111d7e82972a12711206afaeeda2450",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -382,6 +404,20 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -397,22 +433,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -430,6 +450,22 @@
} }
}, },
"flake-compat_5": { "flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -445,7 +481,62 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719745305,
"narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -460,9 +551,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1689068808, "lastModified": 1689068808,
@ -478,9 +569,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -496,7 +587,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flake-utils_5": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -511,7 +602,56 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719259945,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -544,11 +684,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718526747, "lastModified": 1719827439,
"narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -558,6 +698,27 @@
} }
}, },
"home-manager_2": { "home-manager_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719677234,
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -579,7 +740,7 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_3": { "home-manager_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -605,7 +766,7 @@
}, },
"nix": { "nix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_5",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -633,6 +794,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719128254,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -698,7 +880,7 @@
}, },
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -721,7 +903,7 @@
}, },
"nixgl_2": { "nixgl_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -754,11 +936,11 @@
"nixpkgs-24_05": "nixpkgs-24_05" "nixpkgs-24_05": "nixpkgs-24_05"
}, },
"locked": { "locked": {
"lastModified": 1718398369, "lastModified": 1718697807,
"narHash": "sha256-ccOHDuTaUhD1DW6DGNXoDJNOwYx55rVNKECyqRzKRtE=", "narHash": "sha256-Enla61WFisytTYbWygPynEbu8vozjeGc6Obkj2GRj7o=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "54cbacb6eb9938bf1eaab7a7840fb527050c2af1", "rev": "290a995de5c3d3f08468fa548f0d55ab2efc7b6b",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -770,7 +952,7 @@
"nixos-mailserver_2": { "nixos-mailserver_2": {
"inputs": { "inputs": {
"blobs": "blobs_2", "blobs": "blobs_2",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_4",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -795,7 +977,7 @@
"nixos-mailserver_3": { "nixos-mailserver_3": {
"inputs": { "inputs": {
"blobs": "blobs_3", "blobs": "blobs_3",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_7",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -821,11 +1003,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1718530797, "lastModified": 1719690277,
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=", "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9", "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -932,11 +1114,11 @@
}, },
"nixpkgs-stable_4": { "nixpkgs-stable_4": {
"locked": { "locked": {
"lastModified": 1718478900, "lastModified": 1719663039,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c884223af91820615a6146af1ae1fea25c107005", "rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1010,6 +1192,33 @@
"type": "github" "type": "github"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1719835160,
"narHash": "sha256-AyZJM2la6+CAdKKSC3y80sbneW8dH/2lb+OxKzi2cAw=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "7cc1685eafdcf04cf1058949647ea2c7560f2d65",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"obs-image-reaction": { "obs-image-reaction": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
@ -1071,7 +1280,7 @@
}, },
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -1108,8 +1317,8 @@
"devenv", "devenv",
"flake-compat" "flake-compat"
], ],
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -1142,6 +1351,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"obs-image-reaction": "obs-image-reaction", "obs-image-reaction": "obs-image-reaction",
"oscuro": "oscuro", "oscuro": "oscuro",
"sops-nix": "sops-nix_3" "sops-nix": "sops-nix_3"
@ -1203,11 +1413,11 @@
"nixpkgs-stable": "nixpkgs-stable_4" "nixpkgs-stable": "nixpkgs-stable_4"
}, },
"locked": { "locked": {
"lastModified": 1718506969, "lastModified": 1719716556,
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", "narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", "rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1276,9 +1486,45 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719749022,
"narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1709126324,
@ -1296,7 +1542,7 @@
}, },
"utils_2": { "utils_2": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1709126324,

198
flake.nix
View File

@ -1,94 +1,128 @@
{ {
description = "Derivation lit"; description = "Derivation lit";
nixConfig = { nixConfig = {
extra-substituters = [ "https://bonfire.cachix.org" ]; extra-substituters = ["https://bonfire.cachix.org"];
extra-trusted-public-keys = [ "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM=" ]; extra-trusted-public-keys = ["bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
catppuccin = {
url = "github:catppuccin/nix";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
};
obs-image-reaction = {
url = "github:L-Nafaryus/obs-image-reaction";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
home-manager,
nixos-mailserver,
sops-nix,
crane,
fenix,
catppuccin,
oscuro,
...
} @ inputs: let
lib = import ./lib {inherit (nixpkgs) lib;};
in {
inherit lib;
nixosConfigurations = {
astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
self.nixosModules.bonfire
self.nixosModules.spoofdpi
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.configModule
];
specialArgs = {inherit self inputs;};
};
catarina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.configModule
];
specialArgs = {inherit self;};
};
}; };
inputs = { nixosModules =
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; lib.importNamedModules
home-manager = { (import ./nixosModules {
url = "github:nix-community/home-manager"; lib = nixpkgs.lib;
inputs.nixpkgs.follows = "nixpkgs"; self = self;
}; })
nixos-mailserver = { .modules;
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs"; templates = {
}; rust = {
sops-nix = { path = ./templates/rust;
url = "github:Mic92/sops-nix"; description = "Basic Rust template";
inputs.nixpkgs.follows = "nixpkgs"; };
};
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
catppuccin = {
url = "github:catppuccin/nix";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
};
obs-image-reaction = {
url = "github:L-Nafaryus/obs-image-reaction";
};
}; };
outputs = { self, nixpkgs, home-manager, nixos-mailserver, sops-nix, crane, fenix, catppuccin, oscuro, ... } @ inputs: packages = import ./packages {inherit self inputs;};
let
lib = import ./lib { inherit (nixpkgs) lib; };
in {
inherit lib;
nixosConfigurations = { apps = import ./apps {inherit self nixpkgs;};
astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
self.nixosModules.bonfire
self.nixosModules.spoofdpi
(import ./nixosModules { lib = nixpkgs.lib; self = self; }).configModule
];
specialArgs = { inherit self inputs; };
};
catarina = nixpkgs.lib.nixosSystem { devShells = import ./devShells {inherit self nixpkgs;};
system = "x86_64-linux";
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
(import ./nixosModules { lib = nixpkgs.lib; self = self; }).configModule
];
specialArgs = { inherit self; };
};
};
nixosModules = lib.importNamedModules (import ./nixosModules { lib = nixpkgs.lib; self = self; }).modules; configurations = import ./configurations {inherit self inputs;};
templates = { hydraJobs = {
rust = { inherit (self) packages;
path = ./templates/rust;
description = "Basic Rust template";
};
};
packages = import ./packages { inherit self nixpkgs; };
apps = import ./apps { inherit self nixpkgs; };
devShells = import ./devShells { inherit self nixpkgs; };
}; };
};
} }

22
lib/default.nix
View File

@ -1,17 +1,17 @@
{ lib, ... }: {lib, ...}: rec {
rec { maintainers = import ./maintainers.nix;
maintainers = import ./maintainers.nix;
moduleName = path: if builtins.baseNameOf (toString path) == "default.nix" then moduleName = path:
builtins.baseNameOf (lib.removeSuffix "/default.nix" (toString path)) if builtins.baseNameOf (toString path) == "default.nix"
else then builtins.baseNameOf (lib.removeSuffix "/default.nix" (toString path))
builtins.baseNameOf (lib.removeSuffix ".nix" (toString path)); else builtins.baseNameOf (lib.removeSuffix ".nix" (toString path));
moduleNames = pathList: map (path: moduleName path) pathList; moduleNames = pathList: map (path: moduleName path) pathList;
importModules = pathList: map (path: import path) pathList; importModules = pathList: map (path: import path) pathList;
importNamedModules = pathList: lib.listToAttrs ( importNamedModules = pathList:
lib.zipListsWith (name: value: { inherit name value; }) (moduleNames pathList) (importModules pathList) lib.listToAttrs (
lib.zipListsWith (name: value: {inherit name value;}) (moduleNames pathList) (importModules pathList)
); );
} }

12
lib/maintainers.nix
View File

@ -1,8 +1,8 @@
{ {
L-Nafaryus = { L-Nafaryus = {
email = "l.nafaryus@elnafo.ru"; email = "l.nafaryus@elnafo.ru";
github = "L-Nafaryus"; github = "L-Nafaryus";
githubId = 37117584; githubId = 37117584;
name = "L-Nafaryus"; name = "L-Nafaryus";
}; };
} }

372
nixosConfigurations/astora/default.nix
View File

@ -1,200 +1,204 @@
{ pkgs, lib, config, ... }:
{ {
system.stateVersion = "23.11"; pkgs,
lib,
config,
...
}: {
system.stateVersion = "23.11";
imports = [ ./hardware.nix ./users.nix ]; imports = [./hardware.nix ./users.nix];
# Nix settings # Nix settings
nix = { nix = {
settings = { settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" ]; experimental-features = ["nix-command" "flakes" "repl-flake"];
trusted-users = [ "l-nafaryus" ]; trusted-users = ["l-nafaryus"];
allowed-users = [ "l-nafaryus" ]; allowed-users = ["l-nafaryus"];
substituters = [ "https://nix-community.cachix.org" ]; substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
auto-optimise-store = true; auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
}; };
gc = {
# Nix packages automatic = lib.mkDefault true;
nixpkgs = { dates = lib.mkDefault "weekly";
hostPlatform = lib.mkDefault "x86_64-linux"; options = lib.mkDefault "--delete-older-than 7d";
config.allowUnfree = true;
config.cudaSupport = false;
overlays = [
(final: prev: {
blender = prev.blender.override { cudaSupport = true; };
})
];
}; };
};
# Services # Nix packages
services.xserver = { nixpkgs = {
enable = true; hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
xkb = { overlays = [
layout = "us"; (final: prev: {
variant = ""; blender = prev.blender.override {cudaSupport = true;};
}; })
videoDrivers = [ "nvidia" ];
#displayManager.gdm = {
# enable = true;
# autoSuspend = false;
# wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.udev = {
packages = with pkgs; [ gnome.gnome-settings-daemon ];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [ "/" ];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
]; ];
};
programs = { # Services
fish.enable = true; services.xserver = {
enable = true;
neovim = { xkb = {
enable = true; layout = "us";
defaultEditor = true; variant = "";
};
}; };
programs.ssh.extraConfig = '' videoDrivers = ["nvidia"];
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina #displayManager.gdm = {
HostName 192.168.156.102 # enable = true;
Port 22 # autoSuspend = false;
User l-nafaryus # wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
''; '';
in {
programs.direnv.enable = true; enable = true;
settings = {
fonts.packages = with pkgs; [ nerdfonts ]; default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
programs.steam.enable = true; user = "greeter";
systemd.extraConfig = "DefaultLimitNOFILE=1048576"; };
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
}; };
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.udev = {
packages = with pkgs; [gnome.gnome-settings-daemon];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = ["/"];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerdfonts];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
};
} }

403
nixosConfigurations/astora/hardware.nix
View File

@ -1,202 +1,237 @@
{ config, lib, ... }:
{ {
# Boot config,
boot = { lib,
loader.systemd-boot.enable = true; ...
loader.systemd-boot.configurationLimit = 5; }: {
loader.efi.canTouchEfiVariables = true; # Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true; tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [ ]; initrd.kernelModules = [];
kernelModules = [ "kvm-amd" "tcp_bbr" "coretemp" "nct6775" ]; kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
extraModprobeConfig = '' extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1 options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
''; '';
kernelParams = [ "threadirqs" ]; kernelParams = ["threadirqs"];
kernel.sysctl = { kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the # The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands. # system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern. # Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0; "kernel.sysrq" = 0;
## TCP hardening ## TCP hardening
# Prevent bogus ICMP errors from filling up logs. # Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1; "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of # Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing. # packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1; "net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets # Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0; "net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects # Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations) # Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0; "net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0; "net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0; "net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0; "net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0; "net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0; "net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks # Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1; "net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination # Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1; "net.ipv4.tcp_rfc1337" = 1;
## TCP optimization ## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing # TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for # data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections: # both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3; "net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency # Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
}; };
};
# Security
security = {
protectKernelImage = true;
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
polkit.enable = true;
};
users.users.root.initialPassword = "nixos";
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
}; };
# Security "/boot" = {
security = { device = "/dev/disk/by-label/boot";
protectKernelImage = true; fsType = "vfat";
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; }
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; }
{ domain = "*"; item = "nofile"; type = "-"; value = "524288"; }
{ domain = "*"; item = "memlock"; type = "-"; value = "524288"; }
];
polkit.enable = true;
}; };
users.users.root.initialPassword = "nixos"; "/nix" = {
device = "/dev/disk/by-label/nixos";
# Filesystem fsType = "btrfs";
fileSystems = { options = ["subvol=nix" "compress=zstd" "noatime"];
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = [ "subvol=steam-library" "compress=zstd" ];
};
"/media/lutris" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = [ "subvol=lutris" "compress=zstd" ];
};
}; };
swapDevices = [ "/home" = {
{ device = "/swap/swapfile"; } device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = ["subvol=steam-library" "compress=zstd"];
};
"/media/lutris" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = ["subvol=lutris" "compress=zstd"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.nvidiaSettings = true;
nvidia.modesetting.enable = true;
graphics.enable = true;
graphics.enable32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = ["interface-name:ve-*"];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [80 443];
trustedInterfaces = ["ve-+"];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = ["ve-+"];
};
interfaces.wlo1.ipv4.addresses = [
{
address = "192.168.156.101";
prefixLength = 24;
}
]; ];
services.fstrim.enable = true; defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
# Hardware etc # Common
hardware = { time.timeZone = "Asia/Yekaterinburg";
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; i18n = {
defaultLocale = "en_US.UTF-8";
nvidia.nvidiaSettings = true; extraLocaleSettings = {
nvidia.modesetting.enable = true; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
opengl.enable = true; LC_MEASUREMENT = "en_US.UTF-8";
opengl.driSupport32Bit = true; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
bluetooth.enable = true; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
pulseaudio.enable = false; LC_TELEPHONE = "en_US.UTF-8";
}; LC_TIME = "en_US.UTF-8";
sound.enable = true;
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = [ "interface-name:ve-*" ];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "ve-+" ];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = [ "ve-+" ];
};
interfaces.wlo1.ipv4.addresses = [ {
address = "192.168.156.101";
prefixLength = 24;
} ];
defaultGateway = "192.168.156.1";
nameservers = [ "192.168.156.1" "8.8.8.8" ];
};
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}; };
};
} }

786
nixosConfigurations/astora/users.nix
View File

@ -1,311 +1,551 @@
{ config, pkgs, lib, self, inputs, ... }:
{ {
# Users config,
users.users.l-nafaryus = { pkgs,
isNormalUser = true; lib,
description = "L-Nafaryus"; self,
extraGroups = [ "networkmanager" "wheel" "audio" "libvirtd" "input" ]; inputs,
group = "users"; ...
uid = 1000; }: {
initialPassword = "nixos"; # Users
shell = pkgs.fish; users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
inputs.catppuccin.homeManagerModules.catppuccin
];
home.packages = with pkgs; [
#gnupg
git
nnn
pass
taskwarrior
#tmux
gparted
xclip
(firefox.override {nativeMessagingHosts = [passff-host];})
thunderbird
discord
pipewire.jack # pw-jack
carla
qpwgraph
wireplumber
yabridge
yabridgectl
lutris
wine
winetricks
gamemode
vlc
lollypop
gimp
inkscape
imagemagick
blender
ardour
olive-editor
openshot-qt
musescore
# soundux # unmaintained
losslesscut-bin
yt-dlp
ffmpeg
calf
zynaddsubfx
lsp-plugins
x42-plugins
cardinal
gxplugins-lv2
xtuner
aether-lv2
qbittorrent
transmission_3-qt
telegram-desktop
onlyoffice-bin
jdk
self.packages.${pkgs.system}.ultimmc
liberation_ttf
steamtinkerlaunch
eww
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
(python3.withPackages (p: [p.click]))
mangohud
gamescope
libstrangle
webcord
wl-clipboard
cliphist
tree
self.packages.${pkgs.system}.bonvim
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
}; };
home-manager.useGlobalPkgs = true; # Theme
home-manager.useUserPackages = true; catppuccin = {
home-manager.backupFileExtension = "hmbackup"; # global, for all enabled programs
enable = true;
flavor = "macchiato";
accent = "green";
};
home-manager.users.l-nafaryus = { pkgs, ... }: gtk = {
let enable = true;
hmConfig = config.home-manager.users.l-nafaryus; cursorTheme = {
in { name = "Papirus-Dark";
home.stateVersion = "23.11"; size = 16;
home.username = "l-nafaryus"; };
home.homeDirectory = "/home/l-nafaryus"; };
imports = [
inputs.catppuccin.homeManagerModules.catppuccin programs = {
# General
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins;
map (p: {
name = p.pname;
src = p.src;
}) [
fzf-fish
tide
grc
hydro
];
functions = {
fish-theme-configure = ''
tide configure \
--auto \
--style=Lean \
--prompt_colors='True color' \
--show_time='12-hour format' \
--lean_prompt_height='Two lines' \
--prompt_connection=Disconnected \
--prompt_spacing=Compact \
--icons='Many icons' \
--transient=No
'';
};
};
git = {
enable = true;
lfs.enable = true;
userName = "L-Nafaryus";
userEmail = "l.nafaryus@gmail.com";
signing = {
key = "86F1EA98B48FFB19";
signByDefault = true;
};
extraConfig = {
# ignore trends
init.defaultBranch = "master";
core = {
quotePath = false;
commitGraph = true;
whitespace = "trailing-space";
};
receive.advertisePushOptions = true;
gc.writeCommitGraph = true;
diff.submodule = "log";
};
aliases = {
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
tmux.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
};
# Graphical
alacritty = {
enable = true;
settings = {
font = {
size = 10;
};
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.alacritty.package}";
cycle = true;
extraConfig = {
show-icons = true;
disable-history = false;
};
theme = let
inherit (hmConfig.lib.formats.rasi) mkLiteral;
in {
"*" = {
border-col = mkLiteral "#a6da95";
};
window = {
border-radius = mkLiteral "5px";
};
};
};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
]; ];
home.packages = with pkgs; [ };
#gnupg };
git
nnn
pass
taskwarrior
#tmux
gparted services = {
# General
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
xclip # Graphical
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
(firefox.override { extraNativeMessagingHosts = [ passff-host ]; }) wayland.windowManager.hyprland = {
thunderbird enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
discord # Main programs
"$terminal" = "${lib.getExe hmConfig.programs.alacritty.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe pkgs.nnn}";
pipewire.jack # pw-jack monitor = [
carla "desc:$monitor2, 2560x1440@75, 0x0, auto"
qpwgraph "desc:$monitor1, 2560x1440@165, 2560x0, auto"
wireplumber "Unknown-1, disable"
yabridge
yabridgectl
lutris
wine
winetricks
gamemode
vlc
lollypop
gimp
inkscape
imagemagick
blender
ardour
olive-editor
openshot-qt
musescore
# soundux # unmaintained
losslesscut-bin
yt-dlp
ffmpeg
calf
zynaddsubfx
lsp-plugins
x42-plugins
cardinal
gxplugins-lv2
xtuner
aether-lv2
qbittorrent
transmission-qt
telegram-desktop
onlyoffice-bin
jdk
self.packages.${pkgs.system}.ultimmc
liberation_ttf
steamtinkerlaunch
eww
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
(python3.withPackages (p: [ p.click ]))
mangohud
gamescope
libstrangle
webcord
wl-clipboard
cliphist
tree
]; ];
xdg.portal = { exec-once = [
enable = true; "eww daemon"
configPackages = with pkgs; [ "nm-applet --indicator &"
#xdg-desktop-portal-wlr "blueman-applet &"
xdg-desktop-portal-hyprland "wl-gammarelay-rs run &"
]; "systemctl --user start hypridle"
extraPortals = with pkgs; [ "wl-paste --type text --watch cliphist store" #Stores only text data
xdg-desktop-portal-gtk "wl-paste --type image --watch cliphist store" #Stores only image data
]; "swww-daemon & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160.png & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160a.gif"
];
env = [
"XCURSOR_SIZE,16"
"HYPRCURSOR_SIZE,16"
"WLR_DRM_NO_ATOMIC,1"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
}; };
catppuccin = { # See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# global, for all enabled programs master = {
enable = true; new_status = "master";
flavor = "macchiato";
accent = "green";
}; };
gtk = { # https://wiki.hyprland.org/Configuring/Variables/#misc
enable = true; misc = {
cursorTheme = { force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
name = "Papirus-Dark"; disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
size = 16; };
}; input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
}; };
programs = { # https://wiki.hyprland.org/Configuring/Variables/#gestures
fish = { gestures = {
enable = true; workspace_swipe = false;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins; map (p: { name = p.pname; src = p.src; }) [
fzf-fish
tide # tide configure --auto --style=Lean --prompt_colors='True color' --show_time='12-hour format' --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Many icons' --transient=No
grc
hydro
];
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
tmux.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
};
alacritty = {
enable = true;
settings = {
font = {
size = 10;
};
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.alacritty.package}";
cycle = true;
extraConfig = {
show-icons = true;
disable-history = false;
};
theme = let inherit (hmConfig.lib.formats.rasi) mkLiteral; in {
"*" = {
border-col = mkLiteral "#a6da95";
};
window = {
border-radius = mkLiteral "5px";
};
};
};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
};
}; };
services = { windowrulev2 = [
gpg-agent = { "suppressevent maximize, class:.*" # You'll probably like this.
enable = true; "float, class:^(steam_app.*)$"
defaultCacheTtl = 3600; "immediate, class:^(steam_app.*)$"
defaultCacheTtlSsh = 3600; "float, class:^(steam_proton.*)$"
enableSshSupport = true; ];
pinentryPackage = pkgs.pinentry-gtk2; bind = [
enableFishIntegration = true; "SUPER, Q, exec, $terminal"
enableBashIntegration = true; "SUPER, N, exec, $fileManager"
}; "SUPER, R, exec, $menu"
"SUPER, P, exec, eww open --toggle basemenu"
hypridle = { "SUPER, C, killactive,"
enable = true; "SUPER, M, exit,"
settings = { "SUPER, V, togglefloating,"
general = { "SUPER, F, fullscreen,"
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on"; "SUPER, J, togglesplit," # dwindle
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
# --- # Move focus with mainMod + arrow keys
xdg = { "SUPER, left, movefocus, l"
enable = true; "SUPER, right, movefocus, r"
mime.enable = true; "SUPER, up, movefocus, u"
userDirs.enable = true; "SUPER, down, movefocus, d"
};
dconf.settings = { # Switch workspaces with mainMod + [0-9]
"org/virt-manager/virt-manager/connections" = { "SUPER, 1, workspace, 1"
autoconnect = [ "qemu:///system" ]; "SUPER, 2, workspace, 2"
uris = [ "qemu:///system" ]; "SUPER, 3, workspace, 3"
}; "SUPER, 4, workspace, 4"
}; "SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
home.sessionVariables = { # Move active window to a workspace with mainMod + SHIFT + [0-9]
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots"; "SUPER SHIFT, 1, movetoworkspace, 1"
}; "SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
home.file = { # special workspace (scratchpad)
#"gnupg/gpg-agent.conf".text = '' "SUPER, S, togglespecialworkspace, magic"
# default-cache-ttl 3600 "SUPER SHIFT, S, movetoworkspace, special:magic"
# pinentry-program ${pkgs.pinentry.gtk2}/bin/pinentry
#'';
".config/git/config".source = "${config.bonfire.configDir}/git/config"; "SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot -m region"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
".config/nvim" = { bindel = [
source = "${config.bonfire.configDir}/nvim"; ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
recursive = true; ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
}; ];
}; bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
}; };
#programs.gnupg.agent = { # XDG
# enable = true; xdg = {
# enableSSHSupport = true; enable = true;
# pinentryPackage = pkgs.pinentry-gnome3; mime.enable = true;
#}; userDirs.enable = true;
environment.variables = let
makePluginPath = name: (lib.makeSearchPath name [
"/etc/profiles/per-user/$USER/lib"
"/run/current-system/sw/lib"
"$HOME/.nix-profile/lib"
]) + ":$HOME/.${name}";
in {
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
}; };
environment.sessionVariables = { # dconf
# hint electron applications to use wayland dconf.settings = {
NIXOS_OZONE_WL = "1"; "org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
}; };
systemd.user.extraConfig = "DefaultLimitNOFILE=524288"; home.sessionVariables = {
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots";
};
};
programs.virt-manager.enable = true; environment.variables = let
makePluginPath = name:
(lib.makeSearchPath name [
"/etc/profiles/per-user/$USER/lib"
"/run/current-system/sw/lib"
"$HOME/.nix-profile/lib"
])
+ ":$HOME/.${name}";
in {
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
# Services programs.virt-manager.enable = true;
services.spoofdpi.enable = true;
# Services
services.spoofdpi.enable = true;
} }

510
nixosConfigurations/catarina/default.nix
View File

@ -1,259 +1,285 @@
{ config, pkgs, lib, self, ... }: {
let bonfire-pkgs = self.packages.${pkgs.system}; config,
pkgs,
lib,
self,
...
}: let
bonfire-pkgs = self.packages.${pkgs.system};
in { in {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
imports = [ imports = [
./hardware.nix ./hardware.nix
./users.nix ./users.nix
./services/papermc.nix # ./services/papermc.nix # disabled
./services/gitea.nix ./services/gitea.nix
];
# Nix settings
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus" "hydra"];
substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
allowed-uris = [
"github:"
"git+https://github.com/"
"git+ssh://github.com/"
"git+https://vcs.elnafo.ru/"
"git+ssh://vcs.elnafo.ru/"
];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 14d";
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
};
# Services
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.blueman.enable = true;
services.fail2ban = {
enable = true;
maxretry = 12;
ignoreIP = [
"192.168.0.0/16"
]; ];
bantime = "3h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h";
overalljails = true;
};
};
# Nix settings bonfire.withSecrets = true;
nix = { sops = config.bonfire.secrets.catarina.sops;
settings = {
experimental-features = [ "nix-command" "flakes" ]; security.acme = {
trusted-users = [ "l-nafaryus" ]; acceptTerms = true;
allowed-users = [ "l-nafaryus" ]; defaults.email = "l.nafaryus@elnafo.ru";
substituters = [ "https://nix-community.cachix.org" ]; defaults.group = "nginx";
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" certs = {
]; "elnafo.ru" = {
auto-optimise-store = true; extraDomainNames = ["*.elnafo.ru"];
}; dnsProvider = "webnames";
gc = { credentialsFile = config.sops.secrets."dns".path;
automatic = lib.mkDefault true; webroot = null;
dates = lib.mkDefault "weekly"; };
options = lib.mkDefault "--delete-older-than 14d"; };
};
services.nginx = {
enable = true;
package = pkgs.nginx.override {withMail = true;};
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "5G";
virtualHosts = {
"elnafo.ru" = {
forceSSL = true;
enableACME = true;
root = "/var/www";
};
"www.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
globalRedirect = "elnafo.ru";
};
"bonfire.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "${bonfire-pkgs.bonfire-docs}";
};
"hydra.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
};
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = ["elnafo.ru"];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
localDnsResolver = true;
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.spoofdpi.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = ["/"];
};
services.btrbk = {
instances."catarina" = {
onCalendar = "daily";
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "14d";
snapshot_dir = "/media/btrbk-snapshots";
target_preserve_min = "no";
target_preserve = "14d 8w *m";
volume."/" = {
target = "/media/btrbk-backups";
subvolume = {
"var/lib/gitea" = {};
"var/lib/postgresql" = {};
"var/lib/postfix" = {};
"var/vmail" = {};
};
}; };
};
}; };
};
# Nix packages services.transmission = {
nixpkgs = { enable = true;
hostPlatform = lib.mkDefault "x86_64-linux"; openRPCPort = true;
config.allowUnfree = true; settings = {
config.cudaSupport = false; rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.156.101";
config.packageOverrides = super: { download-dir = "/media/storage/downloads";
lego = bonfire-pkgs.lego; incomplete-dir = "/media/storage/downloads/incomplete";
};
}; };
};
# Services services.oscuro = {
services.printing.enable = true; enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
services.pipewire = { virtualisation = {
enable = true; containers.enable = true;
alsa.enable = true;
alsa.support32Bit = true; podman = {
pulse.enable = true; enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
}; };
};
services.openssh = { services.hydra = {
enable = true; enable = true;
startWhenNeeded = true; listenHost = "127.0.0.1";
settings.PasswordAuthentication = false; port = 3000;
settings.KbdInteractiveAuthentication = false; hydraURL = "http://127.0.0.1:3000";
smtpHost = "elnafo.ru";
useSubstitutes = true;
notificationSender = "hydra@elnafo.ru";
buildMachinesFiles = [];
};
# Packages
environment.systemPackages = with pkgs; [
wget
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
git
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
gnupg
nnn
htop
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
}; };
};
services.blueman.enable = true; programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
services.fail2ban = { Host catarina
enable = true; HostName 192.168.156.102
maxretry = 12; Port 22
ignoreIP = [ User l-nafaryus
"192.168.0.0/16" '';
];
bantime = "3h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h";
overalljails = true;
};
};
bonfire.withSecrets = true; programs.direnv.enable = true;
sops = config.bonfire.secrets.catarina.sops;
security.acme = {
acceptTerms = true;
defaults.email = "l.nafaryus@elnafo.ru";
defaults.group = "nginx";
certs = {
"elnafo.ru" = {
extraDomainNames = [ "*.elnafo.ru" ];
dnsProvider = "webnames";
credentialsFile = config.sops.secrets."dns".path;
webroot = null;
};
};
};
services.nginx = {
enable = true;
package = pkgs.nginx.override { withMail = true; };
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "5G";
virtualHosts = {
"elnafo.ru" = {
forceSSL = true;
enableACME = true;
root = "/var/www";
};
"www.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
globalRedirect = "elnafo.ru";
};
"bonfire.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "${bonfire-pkgs.bonfire-docs}";
};
};
};
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = [ "elnafo.ru" ];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
localDnsResolver = true;
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.spoofdpi.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [ "/" ];
};
services.btrbk = {
instances."catarina" = {
onCalendar = "daily";
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "14d";
snapshot_dir = "/media/btrbk-snapshots";
target_preserve_min = "no";
target_preserve = "14d 8w *m";
volume."/" = {
target = "/media/btrbk-backups";
subvolume = {
"var/lib/gitea" = {};
"var/lib/postgresql" = {};
"var/lib/postfix" = {};
"var/vmail" = {};
};
};
};
};
};
services.transmission = {
enable = true;
openRPCPort = true;
settings = {
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.156.101";
download-dir = "/media/storage/downloads";
incomplete-dir = "/media/storage/downloads/incomplete";
};
};
services.oscuro = {
enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
# Packages
environment.systemPackages = with pkgs; [
wget
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
git
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
gnupg
nnn
htop
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
programs.direnv.enable = true;
} }

311
nixosConfigurations/catarina/hardware.nix
View File

@ -1,171 +1,176 @@
{ config, lib, ... }:
{ {
# Boot config,
boot = { lib,
loader.systemd-boot.enable = true; ...
loader.systemd-boot.configurationLimit = 5; }: {
loader.efi.canTouchEfiVariables = true; # Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true; tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; initrd.availableKernelModules = ["nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
initrd.kernelModules = [ ]; initrd.kernelModules = [];
kernelModules = [ "kvm-intel" "tcp_bbr" "coretemp" "nct6775" ]; kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
kernelParams = [ "threadirqs" ]; kernelParams = ["threadirqs"];
kernel.sysctl = { kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the # The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands. # system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern. # Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0; "kernel.sysrq" = 0;
## TCP hardening ## TCP hardening
# Prevent bogus ICMP errors from filling up logs. # Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1; "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of # Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing. # packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1; "net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets # Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0; "net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects # Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations) # Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0; "net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0; "net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0; "net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0; "net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0; "net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0; "net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks # Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1; "net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination # Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1; "net.ipv4.tcp_rfc1337" = 1;
## TCP optimization ## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing # TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for # data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections: # both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3; "net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency # Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
}; };
};
# Security
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
};
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
}; };
# Security "/nix" = {
security = { device = "/dev/disk/by-label/nixos";
protectKernelImage = true; fsType = "btrfs";
sudo.extraConfig = ''Defaults timestamp_timeout=30''; options = ["subvol=nix" "compress=zstd" "noatime"];
rtkit.enable = true;
}; };
# Filesystem "/home" = {
fileSystems = { device = "/dev/disk/by-label/nixos";
"/" = { fsType = "btrfs";
device = "/dev/disk/by-label/nixos"; options = ["subvol=home" "compress=zstd"];
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
"/media/storage" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=storage" "nofail" "compress=zstd" ];
};
"/media/btrbk-backups" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=btrbk-backups" "nofail" "compress=zstd" ];
};
}; };
swapDevices = [ "/boot" = {
{ device = "/swap/swapfile"; } device = "/dev/disk/by-label/boot";
]; fsType = "vfat";
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
pulseaudio.enable = false;
}; };
sound.enable = true; "/swap" = {
device = "/dev/disk/by-label/nixos";
networking = { fsType = "btrfs";
networkmanager.enable = true; options = ["subvol=swap" "noatime"];
useDHCP = false;
hostName = "catarina";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 3001 25600 8080 8085 ];
};
interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "192.168.156.102";
prefixLength = 24;
} ];
};
defaultGateway = "192.168.156.1";
nameservers = [ "192.168.156.1" "8.8.8.8" ];
}; };
services.logind.lidSwitchExternalPower = "ignore"; "/media/storage" = {
device = "/dev/disk/by-label/storage";
# Common fsType = "btrfs";
time.timeZone = "Asia/Yekaterinburg"; options = ["subvol=storage" "nofail" "compress=zstd"];
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}; };
"/media/btrbk-backups" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = ["subvol=btrbk-backups" "nofail" "compress=zstd"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
useDHCP = false;
hostName = "catarina";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [80 443 3001 25600 8080 8085];
};
interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.156.102";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
services.logind.lidSwitchExternalPower = "ignore";
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
} }

206
nixosConfigurations/catarina/services/gitea.nix
View File

@ -1,107 +1,105 @@
{ config, ... }: {config, ...}: {
{ services.postgresql = {
services.postgresql = { enable = true;
authentication = ''
# Type Database DB-User Auth-Method Ident-Map(optional)
local git all ident map=gitea-users
'';
identMap = ''
# MapName System-User DB-User
gitea-users git git
'';
ensureDatabases = ["git"];
};
services.gitea = {
enable = true;
user = "git";
group = "gitea";
stateDir = "/var/lib/gitea";
settings = {
server = {
DOMAIN = "vcs.elnafo.ru";
ROOT_URL = "https://vcs.elnafo.ru/";
HTTP_ADDRESS = "127.0.0.1";
HTTP_PORT = 3001;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
FROM = "Elnafo VCS <git@elnafo.ru>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git@elnafo.ru";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = {
type = "postgres";
passwordFile = config.sops.secrets."database/git".path;
name = "git";
user = "git";
};
lfs.enable = true;
appName = "Elnafo VCS";
};
users.users.${config.services.gitea.user} = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
extraGroups = ["nginx"];
isSystemUser = true;
};
services.nginx.virtualHosts."vcs.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001";
};
services.gitea-actions-runner = {
instances = {
master = {
enable = true; enable = true;
authentication = '' name = "master";
# Type Database DB-User Auth-Method Ident-Map(optional) url = config.services.gitea.settings.server.ROOT_URL;
local git all ident map=gitea-users tokenFile = config.sops.secrets."gitea-runner/master-token".path;
''; labels = [
identMap = '' "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# MapName System-User DB-User "nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
gitea-users git git "nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
''; ];
ensureDatabases = [ "git" ]; settings.container.network = "host";
};
}; };
};
services.gitea = {
enable = true;
user = "git";
group = "gitea";
stateDir = "/var/lib/gitea";
settings = {
server = {
DOMAIN = "vcs.elnafo.ru";
ROOT_URL = "https://vcs.elnafo.ru/";
HTTP_ADDRESS = "127.0.0.1";
HTTP_PORT = 3001;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
FROM = "Elnafo VCS <git@elnafo.ru>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git@elnafo.ru";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = {
type = "postgres";
passwordFile = config.sops.secrets."database/git".path;
name = "git";
user = "git";
};
lfs.enable = true;
appName = "Elnafo VCS";
};
users.users.${config.services.gitea.user} = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
extraGroups = [ "nginx" ];
isSystemUser = true;
};
services.nginx.virtualHosts."vcs.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001";
};
services.gitea-actions-runner = {
instances = {
master = {
enable = true;
name = "master";
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."gitea-runner/master-token".path;
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
"nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
];
settings.container.network = "host";
};
};
};
} }

419
nixosConfigurations/catarina/services/papermc.nix
View File

@ -1,231 +1,246 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (pkgs) stdenv fetchurl; lib,
pkgs,
...
}: let
inherit (pkgs) stdenv fetchurl;
playerlist = [ playerlist = [
{ {
name = "L_Nafaryus"; name = "L_Nafaryus";
uuid = "02c47438-79eb-3938-b5e0-d7c03cb5709f"; uuid = "02c47438-79eb-3938-b5e0-d7c03cb5709f";
level = 4; level = 4;
} }
{ {
name = "AfroPriest"; name = "AfroPriest";
uuid = "6fa9251d-11a5-33ad-ada3-312f0632eab1"; uuid = "6fa9251d-11a5-33ad-ada3-312f0632eab1";
level = 3; level = 3;
} }
{ {
name = "DiAlteri"; name = "DiAlteri";
uuid = "0a278f5c-7192-30c8-aa2f-af157c348009"; uuid = "0a278f5c-7192-30c8-aa2f-af157c348009";
level = 3; level = 3;
} }
]; ];
operators = lib.filter (player: player.level > 0) playerlist; operators = lib.filter (player: player.level > 0) playerlist;
whitelist = map (player: removeAttrs player [ "level" ]) playerlist; whitelist = map (player: removeAttrs player ["level"]) playerlist;
# Plugins # Plugins
passky = stdenv.mkDerivation rec { passky = stdenv.mkDerivation rec {
pname = "Passky"; pname = "Passky";
version = "2.1.1"; version = "2.1.1";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Black1_TV/Passky/versions/${version}/PAPER/Passky-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/Black1_TV/Passky/versions/${version}/PAPER/Passky-${version}.jar";
hash = "sha256-D5NpFrkGLgZNMS5WlMRM3Uv07hPsI9Hdsii2whTAZ2o="; hash = "sha256-D5NpFrkGLgZNMS5WlMRM3Uv07hPsI9Hdsii2whTAZ2o=";
};
meta.homepage = "https://hangar.papermc.io/Black1_TV/Passky";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/Black1_TV/Passky";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
grimAnticheat = stdenv.mkDerivation rec { grimAnticheat = stdenv.mkDerivation rec {
pname = "GrimAC"; pname = "GrimAC";
version = "2.3.46"; version = "2.3.46";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/GrimAnticheat/GrimAnticheat/versions/${version}/PAPER/grimac-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/GrimAnticheat/GrimAnticheat/versions/${version}/PAPER/grimac-${version}.jar";
hash = "sha256-tG8pBDMU4N/Ijn5RfdsQrtY4/gEhN1wEDCopqOSIqB4="; hash = "sha256-tG8pBDMU4N/Ijn5RfdsQrtY4/gEhN1wEDCopqOSIqB4=";
};
meta.homepage = "https://hangar.papermc.io/GrimAnticheat/GrimAnticheat";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/GrimAnticheat/GrimAnticheat";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
viaVersion = stdenv.mkDerivation rec { viaVersion = stdenv.mkDerivation rec {
pname = "ViaVersion"; pname = "ViaVersion";
version = "4.9.2"; version = "4.9.2";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/ViaVersion/ViaVersion/versions/${version}/PAPER/ViaVersion-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/ViaVersion/ViaVersion/versions/${version}/PAPER/ViaVersion-${version}.jar";
hash = "sha256-dvcyqCpIjArKCnUAD/L+lG/5gRQ9fLMKcl/+o8sLmYs="; hash = "sha256-dvcyqCpIjArKCnUAD/L+lG/5gRQ9fLMKcl/+o8sLmYs=";
};
meta.homepage = "https://hangar.papermc.io/ViaVersion/ViaVersion";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/ViaVersion/ViaVersion";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
directionHUD = stdenv.mkDerivation rec { directionHUD = stdenv.mkDerivation rec {
pname = "DirectionHUD"; pname = "DirectionHUD";
version = "1.2.2"; version = "1.2.2";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/other/DirectionHUD/versions/${version}%2B1.18-1.20.2/PAPER/directionhud-spigot-${version}%2B1.18-1.20.2.jar"; url = "https://hangarcdn.papermc.io/plugins/other/DirectionHUD/versions/${version}%2B1.18-1.20.2/PAPER/directionhud-spigot-${version}%2B1.18-1.20.2.jar";
hash = "sha256-F+86Q58+3VoqNoD8P38bu8u1Hx8Si0lxNXZnF/R4hAg="; hash = "sha256-F+86Q58+3VoqNoD8P38bu8u1Hx8Si0lxNXZnF/R4hAg=";
};
meta.homepage = "https://hangar.papermc.io/other/DirectionHUD";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/other/DirectionHUD";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
miniMOTD = stdenv.mkDerivation rec { miniMOTD = stdenv.mkDerivation rec {
pname = "MiniMOTD"; pname = "MiniMOTD";
version = "2.0.14"; version = "2.0.14";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/MiniMOTD/versions/${version}/PAPER/minimotd-bukkit-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/jmp/MiniMOTD/versions/${version}/PAPER/minimotd-bukkit-${version}.jar";
hash = "sha256-d7l/pZGxteS2A9c9PIZASDTACGev8HY5SHZRvcxBc5A="; hash = "sha256-d7l/pZGxteS2A9c9PIZASDTACGev8HY5SHZRvcxBc5A=";
};
meta.homepage = "https://hangar.papermc.io/jmp/MiniMOTD";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/jmp/MiniMOTD";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
skinsRestorer = stdenv.mkDerivation rec { skinsRestorer = stdenv.mkDerivation rec {
pname = "SkinsRestorer"; pname = "SkinsRestorer";
version = "15.0.2"; version = "15.0.2";
src = fetchurl { src = fetchurl {
url = "https://github.com/SkinsRestorer/SkinsRestorerX/releases/download/${version}/SkinsRestorer.jar"; url = "https://github.com/SkinsRestorer/SkinsRestorerX/releases/download/${version}/SkinsRestorer.jar";
hash = "sha256-fhAegFtl22xKXMi5MbsXCYOjbfqOlQTnILoEJxCDbkc="; hash = "sha256-fhAegFtl22xKXMi5MbsXCYOjbfqOlQTnILoEJxCDbkc=";
};
meta.homepage = "https://hangar.papermc.io/SRTeam/SkinsRestorer";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/SRTeam/SkinsRestorer";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
squaremap = stdenv.mkDerivation rec { squaremap = stdenv.mkDerivation rec {
pname = "squaremap"; pname = "squaremap";
version = "1.2.2"; version = "1.2.2";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/squaremap/versions/${version}/PAPER/squaremap-paper-mc1.20.2-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/jmp/squaremap/versions/${version}/PAPER/squaremap-paper-mc1.20.2-${version}.jar";
hash = "sha256-Z8AWzZLlZavF8YYs1kslhtCvzq5fZ7O97mTx3hCgj78="; hash = "sha256-Z8AWzZLlZavF8YYs1kslhtCvzq5fZ7O97mTx3hCgj78=";
};
meta.homepage = "https://hangar.papermc.io/jmp/squaremap";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/jmp/squaremap";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
stargate = stdenv.mkDerivation rec { stargate = stdenv.mkDerivation rec {
pname = "Stargate"; pname = "Stargate";
version = "0.11.5.6"; version = "0.11.5.6";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Stargate/Stargate/versions/${version}/PAPER/Stargate-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/Stargate/Stargate/versions/${version}/PAPER/Stargate-${version}.jar";
hash = "sha256-Ilz0z3juQ9c4/pUnHnvJO+PnJF1+vXBxW2pbERuEBo4="; hash = "sha256-Ilz0z3juQ9c4/pUnHnvJO+PnJF1+vXBxW2pbERuEBo4=";
};
meta.homepage = "https://hangar.papermc.io/Stargate/Stargate";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/Stargate/Stargate";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
chunky = stdenv.mkDerivation rec { chunky = stdenv.mkDerivation rec {
pname = "Chunky"; pname = "Chunky";
version = "1.3.92"; version = "1.3.92";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/pop4959/Chunky/versions/${version}/PAPER/Chunky-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/pop4959/Chunky/versions/${version}/PAPER/Chunky-${version}.jar";
hash = "sha256-ABHfKJK0LQI2ZLt1D83897RAnE9xWu6+34IOlwTh17w="; hash = "sha256-ABHfKJK0LQI2ZLt1D83897RAnE9xWu6+34IOlwTh17w=";
};
meta.homepage = "https://hangar.papermc.io/pop4959/Chunky";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/pop4959/Chunky";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
xclaim = stdenv.mkDerivation rec { xclaim = stdenv.mkDerivation rec {
pname = "XClaim"; pname = "XClaim";
version = "1.11.0"; version = "1.11.0";
src = fetchurl { src = fetchurl {
url = "https://github.com/WasabiThumb/xclaim/releases/download/${version}/xclaim-${version}.jar"; url = "https://github.com/WasabiThumb/xclaim/releases/download/${version}/xclaim-${version}.jar";
hash = "sha256-49R9cj1NnOx9n0yBtOj+m4V+56P4Ko/Co/LOgdhd2y4="; hash = "sha256-49R9cj1NnOx9n0yBtOj+m4V+56P4Ko/Co/LOgdhd2y4=";
};
meta.homepage = "https://hangar.papermc.io/WasabiThumbs/XClaim";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/WasabiThumbs/XClaim";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
plugins = [ plugins = [
passky grimAnticheat viaVersion directionHUD miniMOTD skinsRestorer squaremap stargate chunky xclaim passky
]; grimAnticheat
viaVersion
directionHUD
miniMOTD
skinsRestorer
squaremap
stargate
chunky
xclaim
];
in { in {
services.papermc = { services.papermc = {
enable = true; enable = true;
eula = true; eula = true;
openFirewall = true; openFirewall = true;
serverProperties = { serverProperties = {
server-port = 25565; server-port = 25565;
gamemode = "survival"; gamemode = "survival";
motd = "GoodOmens"; motd = "GoodOmens";
max-players = 10; max-players = 10;
level-seed = "66666666"; level-seed = "66666666";
enable-status = true; enable-status = true;
enforce-secure-profile = false; enforce-secure-profile = false;
difficulty = "normal"; difficulty = "normal";
online-mode = false; online-mode = false;
enable-rcon = true; enable-rcon = true;
"rcon.port" = 25600; "rcon.port" = 25600;
white-list = false; white-list = false;
};
jvmOpts = "-Xms512M -Xmx2048M";
rconPasswordFile = config.sops.secrets."papermc/rcon".path;
whitelist = whitelist;
ops = operators;
extraPreStart = ''
mkdir -p ${builtins.concatStringsSep " " (map (v: "plugins/${v.pname}") plugins)}
'' + builtins.concatStringsSep "\n" (map (v: "ln -sf ${v.outPath}/bin/${v.pname}.jar plugins/") plugins) + ''
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/main.conf plugins/MiniMOTD/
mkdir -p plugins/MiniMOTD/icons
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/icons/goodomens-logo.png plugins/MiniMOTD/icons/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/Tablist/config.yml plugins/Tablist/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/config.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/site/map/index.html plugins/squaremap/web/
'';
}; };
jvmOpts = "-Xms512M -Xmx2048M";
rconPasswordFile = config.sops.secrets."papermc/rcon".path;
whitelist = whitelist;
ops = operators;
extraPreStart =
''
mkdir -p ${builtins.concatStringsSep " " (map (v: "plugins/${v.pname}") plugins)}
''
+ builtins.concatStringsSep "\n" (map (v: "ln -sf ${v.outPath}/bin/${v.pname}.jar plugins/") plugins)
+ ''
services.nginx.virtualHosts."mc.elnafo.ru" = { ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/main.conf plugins/MiniMOTD/
forceSSL = true; mkdir -p plugins/MiniMOTD/icons
useACMEHost = "elnafo.ru"; ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/icons/goodomens-logo.png plugins/MiniMOTD/icons/
locations."/".root = "/var/www/goodomens"; ln -sf ${config.bonfire.configDir}/goodomens/plugins/Tablist/config.yml plugins/Tablist/
locations."^~ /map/".proxyPass = "http://127.0.0.1:8088/"; ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/config.yml plugins/squaremap/
locations."/gallery/".root = "/var/www/goodomens"; ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
locations."/gallery/images/" = { ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
root = "/var/www/goodomens"; ln -sf ${config.bonfire.configDir}/goodomens/site/map/index.html plugins/squaremap/web/
extraConfig = ''autoindex on;''; '';
}; };
services.nginx.virtualHosts."mc.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "/var/www/goodomens";
locations."^~ /map/".proxyPass = "http://127.0.0.1:8088/";
locations."/gallery/".root = "/var/www/goodomens";
locations."/gallery/images/" = {
root = "/var/www/goodomens";
extraConfig = ''autoindex on;'';
}; };
};
} }

30
nixosConfigurations/catarina/users.nix
View File

@ -1,17 +1,21 @@
{ config, pkgs, lib, ... }:
{ {
# Users config,
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path; pkgs,
lib,
...
}: {
# Users
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path;
users.users.l-nafaryus = { users.users.l-nafaryus = {
isNormalUser = true; isNormalUser = true;
description = "L-Nafaryus"; description = "L-Nafaryus";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = ["networkmanager" "wheel"];
group = "users"; group = "users";
uid = 1000; uid = 1000;
shell = pkgs.fish; shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path; hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path;
}; };
users.users.nginx.extraGroups = [ "acme" "papermc" ]; users.users.nginx.extraGroups = ["acme" "papermc"];
} }

41
nixosModules/default.nix
View File

@ -1,20 +1,27 @@
{ lib, check ? true, self, ... }: {
rec { lib,
modules = [ check ? true,
./misc/bonfire/default.nix self,
./services/papermc.nix ...
./services/qbittorrent-nox.nix }: rec {
./services/spoofdpi.nix modules = [
]; ./misc/bonfire/default.nix
./services/papermc.nix
./services/qbittorrent-nox.nix
./services/spoofdpi.nix
];
configModule = { config, pkgs, ... }: { configModule = {
config,
config = { pkgs,
# Module type checking ...
_module.check = check; }: {
#_module.args.baseModules = modules; config = {
#_module.args.pkgs = lib.mkDefault pkgs; # Module type checking
_module.args.bonpkgs = self.packages.${pkgs.system}; _module.check = check;
}; #_module.args.baseModules = modules;
#_module.args.pkgs = lib.mkDefault pkgs;
_module.args.bonpkgs = self.packages.${pkgs.system};
}; };
};
} }

82
nixosModules/misc/bonfire/default.nix
View File

@ -1,45 +1,51 @@
{ config, lib, ... }: {
with lib; config,
let cfg = config.bonfire; lib,
...
}:
with lib; let
cfg = config.bonfire;
in { in {
options = { options = {
bonfire = { bonfire = {
home = mkOption { home = mkOption {
type = types.path; type = types.path;
default = ../../../.; default = ../../../.;
description = "Bonfire root directory"; description = "Bonfire root directory";
}; };
configDir = mkOption { configDir = mkOption {
type = types.path; type = types.path;
default = "${cfg.home}/config"; default = "${cfg.home}/config";
description = "Path to Bonfire static configuration files"; description = "Path to Bonfire static configuration files";
}; };
withSecrets = mkOption { withSecrets = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Enables the Bonfire secrets"; description = "Enables the Bonfire secrets";
}; };
secrets = mkOption { secrets = mkOption {
type = types.attrs; type = types.attrs;
description = "Secrets will be here after evaluation"; description = "Secrets will be here after evaluation";
default = {}; default = {};
}; };
}; };
};
config = {
assertions = mkIf cfg.withSecrets [
{
assertion = builtins.pathExists ./secrets/default.nix;
message = "Missed git submodule 'bonfire-secrets'";
}
];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
}; };
config = { bonfire.secrets = mkIf cfg.withSecrets (import ./secrets {inherit config lib;});
assertions = mkIf cfg.withSecrets [{ };
assertion = (builtins.pathExists ./secrets/default.nix);
message = "Missed git submodule 'bonfire-secrets'";
}];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
};
bonfire.secrets = mkIf cfg.withSecrets (import ./secrets { inherit config; });
};
} }

80
nixosModules/misc/bonfire/secrets/default.nix
View File

@ -1,41 +1,55 @@
{ config }:
{ {
catarina = { config,
sops = { lib,
defaultSopsFile = ./catarina.yaml; }: {
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt"; catarina = {
secrets = { sops = {
"dns" = {}; defaultSopsFile = ./catarina.yaml;
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
secrets = {
"dns" = {};
"users/root" = { neededForUsers = true; }; "users/root" = {neededForUsers = true;};
"users/l-nafaryus" = { neededForUsers = true; }; "users/l-nafaryus" = {neededForUsers = true;};
"database/git" = { owner = "git"; group = "gitea"; }; "database/git" = {
owner = "git";
"mail/l-nafaryus" = {}; group = "gitea";
"mail/git" = {};
"mail/kirill" = {};
"gitea/mail" = { owner = "git"; group = "gitea"; };
"gitea-runner/master-token" = {};
"papermc/rcon" = { owner = "papermc"; group = "papermc"; };
discordToken = { owner = "oscuro"; group = "oscuro"; };
};
}; };
mailAccounts = { "mail/l-nafaryus" = {};
"l.nafaryus@elnafo.ru" = { "mail/git" = {};
hashedPasswordFile = config.sops.secrets."mail/l-nafaryus".path; "mail/kirill" = {};
aliases = [ "l-nafaryus@elnafo.ru" ];
}; "gitea/mail" = {
"kirill@elnafo.ru" = { owner = "git";
hashedPasswordFile = config.sops.secrets."mail/kirill".path; group = "gitea";
};
"git@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/git".path;
};
}; };
"gitea-runner/master-token" = {};
"papermc/rcon" = lib.mkIf config.services.papermc.enable {
owner = "papermc";
group = "papermc";
};
discordToken = {
owner = "oscuro";
group = "oscuro";
};
};
}; };
mailAccounts = {
"l.nafaryus@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/l-nafaryus".path;
aliases = ["l-nafaryus@elnafo.ru"];
};
"kirill@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/kirill".path;
};
"git@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/git".path;
};
};
};
} }

459
nixosModules/services/papermc.nix
View File

@ -1,237 +1,258 @@
{ config, lib, pkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.papermc; pkgs,
...
}:
with lib; let
cfg = config.services.papermc;
eulaFile = builtins.toFile "eula.txt" '' eulaFile = builtins.toFile "eula.txt" ''
# eula.txt managed by NixOS Configuration # eula.txt managed by NixOS Configuration
eula=true eula=true
''; '';
whitelistFile = pkgs.writeText "whitelist.json" whitelistFile =
(builtins.toJSON cfg.whitelist); pkgs.writeText "whitelist.json"
(builtins.toJSON cfg.whitelist);
opsFile = pkgs.writeText "ops.json" opsFile =
(builtins.toJSON cfg.ops); pkgs.writeText "ops.json"
(builtins.toJSON cfg.ops);
cfgToString = v: if builtins.isBool v then boolToString v else toString v; cfgToString = v:
if builtins.isBool v
then boolToString v
else toString v;
serverPropertiesFile = let serverPropertiesFile = let
serverProperties' = if (cfg.rconPasswordFile == null) then cfg.serverProperties else serverProperties' =
(removeAttrs cfg.serverProperties [ "rcon.password" ]); if (cfg.rconPasswordFile == null)
in pkgs.writeText "server.properties" ('' then cfg.serverProperties
else (removeAttrs cfg.serverProperties ["rcon.password"]);
in
pkgs.writeText "server.properties" (''
# server.properties managed by NixOS configuration # server.properties managed by NixOS configuration
'' + concatStringsSep "\n" (mapAttrsToList ''
(n: v: "${n}=${cfgToString v}") serverProperties') + + concatStringsSep "\n" (mapAttrsToList
lib.optionalString (cfg.rconPasswordFile != null) "\nrcon.password=#rconpass#"); (n: v: "${n}=${cfgToString v}")
serverProperties')
+ lib.optionalString (cfg.rconPasswordFile != null) "\nrcon.password=#rconpass#");
stopScript = pkgs.writeShellScript "minecraft-server-stop" '' stopScript = pkgs.writeShellScript "minecraft-server-stop" ''
echo stop > ${config.systemd.sockets.papermc.socketConfig.ListenFIFO} echo stop > ${config.systemd.sockets.papermc.socketConfig.ListenFIFO}
# Wait for the PID of the minecraft server to disappear before # Wait for the PID of the minecraft server to disappear before
# returning, so systemd doesn't attempt to SIGKILL it. # returning, so systemd doesn't attempt to SIGKILL it.
while kill -0 "$1" 2> /dev/null; do while kill -0 "$1" 2> /dev/null; do
sleep 1s sleep 1s
done done
''; '';
defaultServerPort = 25565; defaultServerPort = 25565;
serverPort = cfg.serverProperties.server-port or defaultServerPort; serverPort = cfg.serverProperties.server-port or defaultServerPort;
rconPort = if cfg.serverProperties.enable-rcon or false rconPort =
then cfg.serverProperties."rcon.port" or 25575 if cfg.serverProperties.enable-rcon or false
else null; then cfg.serverProperties."rcon.port" or 25575
else null;
queryPort = if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
queryPort =
if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
in { in {
options.services.papermc = { options.services.papermc = {
enable = mkEnableOption "PaperMC service"; enable = mkEnableOption "PaperMC service";
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to open ports in the firewall for the server. Whether to open ports in the firewall for the server.
''; '';
};
eula = mkOption {
type = types.bool;
default = false;
description = ''
Whether you agree to [Mojangs EULA](https://account.mojang.com/documents/minecraft_eula).
This option must be set to `true` to run Minecraft server.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/papermc";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = types.listOf types.attrs;
default = {};
description = ''
This is a mapping from Minecraft usernames to UUIDs.
'';
};
ops = mkOption {
type = types.listOf types.attrs;
description = "Whitelist with players / operators.";
default = [];
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [ bool int str ]);
default = {
"rcon.password" = mkIf (cfg.rconPasswordFile != null) "#rconpass#";
};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. See
<https://minecraft.gamepedia.com/Server.properties#Java_Edition_3>
for documentation on these values.
'';
};
rconPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to file with rcon password.";
example = "/var/lib/secrets/papermc/rconpw";
};
package = mkPackageOption pkgs "papermc" {};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
extraPreStart = mkOption {
type = types.lines;
description = "Extra shell commands for service pre-start hook.";
default = '''';
};
}; };
config = mkIf cfg.enable { eula = mkOption {
users.users.papermc = { type = types.bool;
description = "Minecraft server service user."; default = false;
home = cfg.dataDir; description = ''
createHome = true; Whether you agree to [Mojangs EULA](https://account.mojang.com/documents/minecraft_eula).
isSystemUser = true; This option must be set to `true` to run Minecraft server.
group = "papermc"; '';
};
users.groups.papermc = {};
systemd.sockets.papermc = {
bindsTo = [ "papermc.service" ];
socketConfig = {
ListenFIFO = "/run/papermc.stdin";
SocketMode = "0660";
SocketUser = "papermc";
SocketGroup = "papermc";
RemoveOnStop = true;
FlushPending = true;
};
};
systemd.services.papermc = {
description = "PaperMC Service";
wantedBy = [ "multi-user.target" ];
requires = [ "papermc.socket" ];
after = [ "network.target" "papermc.socket" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
ExecStop = "${stopScript} $MAINPID";
Restart = "always";
User = "papermc";
WorkingDirectory = cfg.dataDir;
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = let
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in ''
ln -sf ${eulaFile} eula.txt
cp -b --suffix=.stateful ${whitelistFile} whitelist.json
cp -b --suffix=.stateful ${opsFile} ops.json
cp -b --suffix=.stateful ${serverPropertiesFile} server.properties
chmod +w whitelist.json ops.json server.properties
${lib.optionalString (cfg.rconPasswordFile != null) ''
${replaceSecretBin} '#rconpass#' '${cfg.rconPasswordFile}' server.properties
''}
'' + cfg.extraPreStart;
};
networking.firewall = mkIf cfg.openFirewall ({
allowedUDPPorts = [ serverPort ];
allowedTCPPorts = [ serverPort ]
++ optional (queryPort != null) queryPort
++ optional (rconPort != null) rconPort;
});
assertions = [
{ assertion = cfg.eula;
message = "You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
}; };
dataDir = mkOption {
type = types.path;
default = "/var/lib/papermc";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = types.listOf types.attrs;
default = {};
description = ''
This is a mapping from Minecraft usernames to UUIDs.
'';
};
ops = mkOption {
type = types.listOf types.attrs;
description = "Whitelist with players / operators.";
default = [];
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [bool int str]);
default = {
"rcon.password" = mkIf (cfg.rconPasswordFile != null) "#rconpass#";
};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. See
<https://minecraft.gamepedia.com/Server.properties#Java_Edition_3>
for documentation on these values.
'';
};
rconPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to file with rcon password.";
example = "/var/lib/secrets/papermc/rconpw";
};
package = mkPackageOption pkgs "papermc" {};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example =
"-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
extraPreStart = mkOption {
type = types.lines;
description = "Extra shell commands for service pre-start hook.";
default = '''';
};
};
config = mkIf cfg.enable {
users.users.papermc = {
description = "Minecraft server service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "papermc";
};
users.groups.papermc = {};
systemd.sockets.papermc = {
bindsTo = ["papermc.service"];
socketConfig = {
ListenFIFO = "/run/papermc.stdin";
SocketMode = "0660";
SocketUser = "papermc";
SocketGroup = "papermc";
RemoveOnStop = true;
FlushPending = true;
};
};
systemd.services.papermc = {
description = "PaperMC Service";
wantedBy = ["multi-user.target"];
requires = ["papermc.socket"];
after = ["network.target" "papermc.socket"];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
ExecStop = "${stopScript} $MAINPID";
Restart = "always";
User = "papermc";
WorkingDirectory = cfg.dataDir;
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [""];
DeviceAllow = [""];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = let
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in
''
ln -sf ${eulaFile} eula.txt
cp -b --suffix=.stateful ${whitelistFile} whitelist.json
cp -b --suffix=.stateful ${opsFile} ops.json
cp -b --suffix=.stateful ${serverPropertiesFile} server.properties
chmod +w whitelist.json ops.json server.properties
${lib.optionalString (cfg.rconPasswordFile != null) ''
${replaceSecretBin} '#rconpass#' '${cfg.rconPasswordFile}' server.properties
''}
''
+ cfg.extraPreStart;
};
networking.firewall = mkIf cfg.openFirewall {
allowedUDPPorts = [serverPort];
allowedTCPPorts =
[serverPort]
++ optional (queryPort != null) queryPort
++ optional (rconPort != null) rconPort;
};
assertions = [
{
assertion = cfg.eula;
message =
"You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
};
} }

229
nixosModules/services/qbittorrent-nox.nix
View File

@ -1,119 +1,122 @@
{ config, lib, pkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.qbittorrent-nox; pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent-nox;
in { in {
options.services.qbittorrent-nox = { options.services.qbittorrent-nox = {
enable = mkEnableOption "Enables the qbittorrent-nox services."; enable = mkEnableOption "Enables the qbittorrent-nox services.";
port = mkOption rec { port = mkOption rec {
type = types.int; type = types.int;
default = 6969; default = 6969;
example = default; example = default;
description = "Torrenting port."; description = "Torrenting port.";
};
webuiPort = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "WebUI port.";
};
dataDir = mkOption rec {
type = types.path;
default = "/var/lib/qbittorrent-nox";
example = default;
description = "Directory to store qbittorrent-nox data files.";
};
user = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "User account under which qbittorrent-nox runs.";
};
group = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "Group under which qbittorrent-nox runs.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.qbittorrent-nox.port`.";
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = "The qbittorrent package to use.";
};
}; };
config = mkIf cfg.enable { webuiPort = mkOption rec {
users.users.qbittorrent-nox = { type = types.port;
description = "qbittorrent-nox service user."; default = 8080;
home = cfg.dataDir; example = default;
createHome = true; description = "WebUI port.";
isSystemUser = true;
group = "qbittorrent-nox";
};
users.groups.qbittorrent-nox = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
systemd.services.qbittorrent-nox = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/qbittorrent-nox --torrenting-port=${toString cfg.port} --webui-port=${toString cfg.webuiPort}";
Restart = "always";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
# Runtime directory and mode
RuntimeDirectory = "qbittorrent-nox";
RuntimeDirectoryMode = "0755";
# Proc filesystem
ProcSubset = "pid";
ProtectProc = "invisible";
# Access write directories
ReadWritePaths = [ cfg.dataDir ];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
}; };
dataDir = mkOption rec {
type = types.path;
default = "/var/lib/qbittorrent-nox";
example = default;
description = "Directory to store qbittorrent-nox data files.";
};
user = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "User account under which qbittorrent-nox runs.";
};
group = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "Group under which qbittorrent-nox runs.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.qbittorrent-nox.port`.";
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = "The qbittorrent package to use.";
};
};
config = mkIf cfg.enable {
users.users.qbittorrent-nox = {
description = "qbittorrent-nox service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "qbittorrent-nox";
};
users.groups.qbittorrent-nox = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent-nox = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/qbittorrent-nox --torrenting-port=${toString cfg.port} --webui-port=${toString cfg.webuiPort}";
Restart = "always";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
# Runtime directory and mode
RuntimeDirectory = "qbittorrent-nox";
RuntimeDirectoryMode = "0755";
# Proc filesystem
ProcSubset = "pid";
ProtectProc = "invisible";
# Access write directories
ReadWritePaths = [cfg.dataDir];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
};
} }

110
nixosModules/services/spoofdpi.nix
View File

@ -1,59 +1,63 @@
{ config, lib, bonpkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.spoofdpi; bonpkgs,
...
}:
with lib; let
cfg = config.services.spoofdpi;
in { in {
options.services.spoofdpi = { options.services.spoofdpi = {
enable = mkEnableOption "SpoofDPI service"; enable = mkEnableOption "SpoofDPI service";
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = bonpkgs.spoofdpi; default = bonpkgs.spoofdpi;
defaultText = literalExpression "bonpkgs.spoofdpi"; defaultText = literalExpression "bonpkgs.spoofdpi";
description = "The package to use."; description = "The package to use.";
};
address = mkOption rec {
type = types.str;
default = "127.0.0.1";
example = default;
description = "Listen address.";
};
port = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "Port.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.spoofdpi.port`.";
};
dns = mkOption rec {
type = types.str;
default = "8.8.8.8";
example = default;
description = "DNS server.";
};
}; };
config = mkIf cfg.enable { address = mkOption rec {
systemd.services.spoofdpi = { type = types.str;
wantedBy = [ "multi-user.target" ]; default = "127.0.0.1";
after = [ "network.target" ]; example = default;
serviceConfig = { description = "Listen address.";
Restart = "on-failure";
ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
DynamicUser = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
}; };
port = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "Port.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.spoofdpi.port`.";
};
dns = mkOption rec {
type = types.str;
default = "8.8.8.8";
example = default;
description = "DNS server.";
};
};
config = mkIf cfg.enable {
systemd.services.spoofdpi = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Restart = "on-failure";
ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
DynamicUser = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
};
} }

265
packages/bonfire-docs/default.nix
View File

@ -1,167 +1,196 @@
{ {
bonfire, bonfire,
lib, lib,
pkgs, pkgs,
... ...
}: }: let
let version = bonfire.shortRev or bonfire.dirtyShortRev or "unknown";
version = bonfire.shortRev or bonfire.dirtyShortRev or "unknown"; projectPath = ../../.;
projectPath = ../../.; modulesPath = ../../nixosModules;
modulesPath = ../../nixosModules;
links = [ links = [
{ {
hostname = "vcs-elnafo"; hostname = "vcs-elnafo";
url = "https://vcs.elnafo.ru/L-Nafaryus/bonfire/src/branch/master"; url = "https://vcs.elnafo.ru/L-Nafaryus/bonfire/src/branch/master";
} }
{ {
hostname = "github"; hostname = "github";
url = "https://github.com/L-Nafaryus/bonfire/blob/master"; url = "https://github.com/L-Nafaryus/bonfire/blob/master";
} }
];
formatDeclaration = declaration:
if lib.hasPrefix (toString modulesPath) (toString declaration)
then let
subpath = lib.removePrefix (toString projectPath + "/") (toString declaration);
in
map ({
hostname,
url,
}: {
url = "${url}/${subpath}";
name = "<${hostname}:bonfire/${subpath}>";
})
links
else
# skip external declarations
lib.singleton declaration;
nixosModules = import modulesPath {
inherit lib;
self = bonfire;
check = false;
};
evaluatedModules = lib.evalModules {
modules = nixosModules.modules ++ [nixosModules.configModule];
};
optionsDoc = pkgs.nixosOptionsDoc {
options = builtins.removeAttrs evaluatedModules.options [
"_module"
"system"
]; ];
formatDeclaration = declaration: transformOptions = option:
if lib.hasPrefix (toString modulesPath) (toString declaration) then option
let subpath = lib.removePrefix (toString projectPath + "/") (toString declaration); // {
in map ({ hostname, url }: { declarations = lib.unique (
url = "${url}/${subpath}"; lib.flatten (map (declaration: formatDeclaration declaration) option.declarations)
name = "<${hostname}:bonfire/${subpath}>"; ++ option.declarations
}) links );
else };
# skip external declarations documentType = "none";
lib.singleton declaration; revision = version;
};
nixosModules = (import modulesPath { inherit lib; self = bonfire; check = false; }); systems = builtins.attrNames bonfire.packages;
derivations = lib.flatten (
map (packages: (
map (name: packages.${name}) (builtins.attrNames packages)
)) (map (system: bonfire.packages.${system}) systems)
);
evaluatedModules = lib.evalModules { renderMaintainers = maintainers:
modules = nixosModules.modules ++ [ nixosModules.configModule ]; lib.concatStringsSep ", " (
}; let
maintainer = mt:
optionsDoc = pkgs.nixosOptionsDoc { if mt ? github
options = builtins.removeAttrs evaluatedModules.options [ then "[${mt.name}](https://github.com/${mt.github})"
"_module" else mt.name;
"system" email = mt:
]; if mt ? email
then "<[${mt.email}](mailto:${mt.email})>"
transformOptions = option: option // { else "";
declarations = lib.unique ( in
lib.flatten (map (declaration: formatDeclaration declaration) option.declarations) ++ map (mt: maintainer mt + email mt) maintainers
option.declarations
);
};
documentType = "none";
revision = version;
};
systems = builtins.attrNames bonfire.packages;
derivations = lib.flatten (
map (packages: (
map (name: packages.${name}) (builtins.attrNames packages)
)) (map (system: bonfire.packages.${system}) systems));
renderMaintainers = maintainers: lib.concatStringsSep ", " (
let
maintainer = mt: if mt?github then "[${mt.name}](https://github.com/${mt.github})" else mt.name;
email = mt: if mt?email then "<[${mt.email}](mailto:${mt.email})>" else "";
in map (mt: maintainer mt + email mt) maintainers
); );
renderPlatforms = platforms: if platforms != lib.platforms.none then renderPlatforms = platforms:
if platforms == lib.platforms.all then if platforms != lib.platforms.none
"all" then
else if platforms == lib.platforms.all
lib.concatStringsSep ", " (map (platform: "__${platform}__") platforms) then "all"
else lib.concatStringsSep ", " (map (platform: "__${platform}__") platforms)
else ""; else "";
renderPackage = drv: '' renderPackage = drv: ''
## ${drv.pname} ## ${drv.pname}
${lib.optionalString (drv.meta?description) drv.meta.description} ${lib.optionalString (drv.meta ? description) drv.meta.description}
${lib.optionalString (drv.meta?homepage) "[Homepage](${drv.meta.homepage})"} ${lib.optionalString (drv.meta ? homepage) "[Homepage](${drv.meta.homepage})"}
Version: __${drv.version}__ Version: __${drv.version}__
${lib.optionalString (drv.meta?license) "License: [${drv.meta.license.fullName}](${drv.meta.license.url})"} ${lib.optionalString (drv.meta ? license) "License: [${drv.meta.license.fullName}](${drv.meta.license.url})"}
Outputs: ${lib.concatStringsSep ", " (map (o: "__${o}__") drv.outputs)} Outputs: ${lib.concatStringsSep ", " (map (o: "__${o}__") drv.outputs)}
${lib.optionalString (drv.meta?mainProgram) "Provided programs: __${drv.meta.mainProgram}__"} ${lib.optionalString (drv.meta ? mainProgram) "Provided programs: __${drv.meta.mainProgram}__"}
${lib.optionalString (drv.meta?maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"} ${lib.optionalString (drv.meta ? maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta?platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"} ${lib.optionalString (drv.meta ? platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
''; '';
renderImage = drv: '' renderImage = drv: ''
## ${drv.imageName} ## ${drv.imageName}
${lib.optionalString (drv.meta?description) drv.meta.description} ${lib.optionalString (drv.meta ? description) drv.meta.description}
${lib.optionalString (drv.meta?homepage) "[Homepage](${drv.meta.homepage})"} ${lib.optionalString (drv.meta ? homepage) "[Homepage](${drv.meta.homepage})"}
Tag: __${drv.imageTag}__ Tag: __${drv.imageTag}__
${lib.optionalString (drv.fromImage != null) "From: __${drv.fromImage.imageName}__"} ${lib.optionalString (drv.fromImage != null) "From: __${drv.fromImage.imageName}__"}
${lib.optionalString (drv.meta?license) "License: ${if lib.isList drv.meta.license then (map (license: "[${drv.meta.license.fullName}](${drv.meta.license.url})") drv.meta.license) else "[${drv.meta.license.fullName}](${drv.meta.license.url})"}"} ${lib.optionalString (drv.meta ? license) "License: ${
if lib.isList drv.meta.license
then (map (license: "[${drv.meta.license.fullName}](${drv.meta.license.url})") drv.meta.license)
else "[${drv.meta.license.fullName}](${drv.meta.license.url})"
}"}
${lib.optionalString (drv.meta?maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"} ${lib.optionalString (drv.meta ? maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta?platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"} ${lib.optionalString (drv.meta ? platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
''; '';
packagesDoc = pkgs.writeText "packages.md"
(lib.concatStringsSep "\n" (map (drv:
if drv?imageTag then renderImage drv else renderPackage drv) derivations));
packagesDoc =
pkgs.writeText "packages.md"
(lib.concatStringsSep "\n" (map (drv:
if drv ? imageTag
then renderImage drv
else if drv ? pname
then renderPackage drv
else "")
derivations));
in in
pkgs.stdenvNoCC.mkDerivation { pkgs.stdenvNoCC.mkDerivation {
pname = "bonfire-docs"; pname = "bonfire-docs";
inherit version; inherit version;
src = lib.fileset.toSource { src = lib.fileset.toSource {
root = ./.; root = ./.;
fileset = lib.fileset.unions [ fileset = lib.fileset.unions [
./src ./src
./book.toml ./book.toml
./theme ./theme
]; ];
}; };
nativeBuildInputs = [ pkgs.mdbook ]; nativeBuildInputs = [pkgs.mdbook];
dontPatch = true; dontPatch = true;
dontConfigure = true; dontConfigure = true;
doCheck = false; doCheck = false;
buildPhase = '' buildPhase = ''
runHook preBuild runHook preBuild
ln -s ${../../README.md} src/README.md ln -s ${../../README.md} src/README.md
ln -s ${optionsDoc.optionsCommonMark} src/options/modules.md ln -s ${optionsDoc.optionsCommonMark} src/options/modules.md
ln -s ${packagesDoc} src/packages/packages.md ln -s ${packagesDoc} src/packages/packages.md
mdbook build mdbook build
runHook postBuild runHook postBuild
''; '';
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
mv book $out mv book $out
runHook postInstall runHook postInstall
''; '';
passthru = { passthru = {
serve = pkgs.writeShellApplication { serve = pkgs.writeShellApplication {
name = "server"; name = "server";
runtimeInputs = [ pkgs.python3 ]; runtimeInputs = [pkgs.python3];
text = "python -m http.server --bind 127.0.0.1"; text = "python -m http.server --bind 127.0.0.1";
}; };
}; };
meta = with lib; { meta = with lib; {
description = "Bonfire HTML documentation."; description = "Bonfire HTML documentation.";
license = licenses.mit; license = licenses.mit;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
platforms = lib.platforms.all; platforms = lib.platforms.all;
}; };
} }

16
packages/bonvim/default.nix Normal file
View File

@ -0,0 +1,16 @@
{
pkgs,
nixvim-pkgs,
bonconfigs,
fenix-pkgs,
...
}:
nixvim-pkgs.makeNixvimWithModule {
pkgs = pkgs;
module = import bonconfigs.bonvim;
extraSpecialArgs = {
rustc = fenix-pkgs.complete.rustc;
cargo = fenix-pkgs.complete.cargo;
rust-analyzer = fenix-pkgs.complete.rust-analyzer;
};
}

52
packages/cargo-shuttle/default.nix
View File

@ -1,43 +1,45 @@
{ {
bonfire, bonfire,
crane-lib, crane-lib,
lib, lib,
pkgs, pkgs,
version ? "v0.44.0", version ? "v0.44.0",
hash ? "sha256-3u2GWgDQpa4sU/66vS6S+JwCEL/fvy8MTsATRs7RGVs=", hash ? "sha256-3u2GWgDQpa4sU/66vS6S+JwCEL/fvy8MTsATRs7RGVs=",
... ...
}: }: let
let pkg = { pkg = {
pname = "cargo-shuttle"; pname = "cargo-shuttle";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "shuttle-hq"; owner = "shuttle-hq";
repo = "shuttle"; repo = "shuttle";
rev = version; rev = version;
hash = hash; hash = hash;
}; };
strictDeps = true; strictDeps = true;
doCheck = false; doCheck = false;
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
pkg-config pkg-config
]; ];
buildInputs = with pkgs; [ buildInputs = with pkgs; [
openssl openssl
zlib zlib
]; ];
meta = with lib; { meta = with lib; {
description = "A cargo command for the shuttle platform"; description = "A cargo command for the shuttle platform";
license = licenses.asl20; license = licenses.asl20;
homepage = "https://shuttle.rs/"; homepage = "https://shuttle.rs/";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
}; };
}; };
in let cargoArtifacts = crane-lib.buildDepsOnly pkg; in let
in crane-lib.buildPackage ( cargoArtifacts = crane-lib.buildDepsOnly pkg;
pkg // { inherit cargoArtifacts; } in
) crane-lib.buildPackage (
pkg // {inherit cargoArtifacts;}
)

99
packages/dearpygui/default.nix
View File

@ -1,61 +1,64 @@
{ {
bonfire, bonfire,
stdenv, lib, pkgs, stdenv,
version ? "1.10.0", lib,
sha256 ? "sha256-36GAGfvHZyNZe/Z7o3VrCCwApkZpJ+r2E8+1Hy32G5Q=", ... pkgs,
version ? "1.10.0",
sha256 ? "sha256-36GAGfvHZyNZe/Z7o3VrCCwApkZpJ+r2E8+1Hy32G5Q=",
...
}: }:
pkgs.python3.pkgs.buildPythonPackage { pkgs.python3.pkgs.buildPythonPackage {
pname = "dearpygui"; pname = "dearpygui";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "hoffstadt"; owner = "hoffstadt";
repo = "DearPyGui"; repo = "DearPyGui";
rev = "v${version}"; rev = "v${version}";
fetchSubmodules = true; fetchSubmodules = true;
sha256 = sha256; sha256 = sha256;
}; };
cmakeFlags = [ cmakeFlags = [
"-DMVDIST_ONLY=True" "-DMVDIST_ONLY=True"
]; ];
postConfigure = '' postConfigure = ''
cd $cmakeDir cd $cmakeDir
mv build cmake-build-local mv build cmake-build-local
''; '';
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
pkg-config pkg-config
cmake cmake
]; ];
buildInputs = with pkgs; [ buildInputs = with pkgs; [
xorg.libX11.dev xorg.libX11.dev
xorg.libXrandr.dev xorg.libXrandr.dev
xorg.libXinerama.dev xorg.libXinerama.dev
xorg.libXcursor.dev xorg.libXcursor.dev
xorg.xinput xorg.xinput
xorg.libXi.dev xorg.libXi.dev
xorg.libXext xorg.libXext
libxcrypt libxcrypt
glfw glfw
glew glew
]; ];
dontUseSetuptoolsCheck = true; dontUseSetuptoolsCheck = true;
pythonImportsCheck = [ pythonImportsCheck = [
"dearpygui" "dearpygui"
]; ];
meta = with pkgs.lib; { meta = with pkgs.lib; {
homepage = "https://dearpygui.readthedocs.io/en/"; homepage = "https://dearpygui.readthedocs.io/en/";
description = "Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies."; description = "Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies.";
license = licenses.mit; license = licenses.mit;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin; broken = pkgs.stdenv.isDarwin;
}; };
} }

58
packages/default.nix
View File

@ -1,42 +1,48 @@
# self.packages.${system} # self.packages.${system}
# #
{ self, nixpkgs, ... }: {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; inputs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); ...
}: let
forAllSystems = inputs.nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import inputs.nixpkgs {inherit system;});
in
forAllSystems (system: let
pkgs = nixpkgsFor.${system};
in forAllSystems(system: bonfire = self;
let bonlib = self.lib;
pkgs = nixpkgsFor.${system}; bonpkgs = self.packages.${system};
bonconfigs = self.configurations;
bonfire = self; crane = self.inputs.crane;
bonlib = self.lib; crane-lib = self.inputs.crane.mkLib pkgs;
bonpkgs = self.packages.${system};
crane = self.inputs.crane; fenix = self.inputs.fenix;
crane-lib = self.inputs.crane.mkLib pkgs; fenix-pkgs = self.inputs.fenix.packages.${system};
fenix = self.inputs.fenix; nixvim-pkgs = self.inputs.nixvim.legacyPackages.${system};
in { in {
bonfire-docs = pkgs.callPackage ./bonfire-docs {inherit bonfire;};
bonfire-docs = pkgs.callPackage ./bonfire-docs { inherit bonfire; }; netgen = pkgs.callPackage ./netgen {inherit bonfire;};
netgen = pkgs.callPackage ./netgen { inherit bonfire; }; dearpygui = pkgs.callPackage ./dearpygui {inherit bonfire;};
dearpygui = pkgs.callPackage ./dearpygui { inherit bonfire; }; openfoam = pkgs.callPackage ./openfoam {inherit bonfire;};
openfoam = pkgs.callPackage ./openfoam { inherit bonfire; }; spoofdpi = pkgs.callPackage ./spoofdpi {inherit bonfire;};
spoofdpi = pkgs.callPackage ./spoofdpi { inherit bonfire; }; lego = pkgs.callPackage ./lego {inherit bonfire;};
lego = pkgs.callPackage ./lego { inherit bonfire; }; ultimmc = pkgs.libsForQt5.callPackage ./ultimmc {inherit bonfire;};
ultimmc = pkgs.libsForQt5.callPackage ./ultimmc { inherit bonfire; }; cargo-shuttle = pkgs.callPackage ./cargo-shuttle {inherit bonfire crane-lib;};
cargo-shuttle = pkgs.callPackage ./cargo-shuttle { inherit bonfire crane-lib; }; nix-minimal = pkgs.callPackage ./nix-minimal {inherit bonpkgs bonlib;};
nix-minimal = pkgs.callPackage ./nix-minimal { inherit bonpkgs bonlib; }; nix-runner = pkgs.callPackage ./nix-runner {inherit bonpkgs bonlib;};
nix-runner = pkgs.callPackage ./nix-runner { inherit bonpkgs bonlib; }; bonvim = import ./bonvim {inherit nixvim-pkgs pkgs bonconfigs fenix-pkgs;};
}) })
# map (ps: (map (p: { name = p; systems = [ ps.${p}.system ]; type = if ps.${p}?imageTag then "image" else "package"; }) (builtins.attrNames ps))) (map (s: bf.packages.${s}) (builtins.attrNames bf.packages))

57
packages/lego/default.nix
View File

@ -1,38 +1,41 @@
{ {
bonfire, bonfire,
lib, lib,
fetchFromGitHub, buildGoModule, nixosTests, fetchFromGitHub,
version ? "c847ac4a4c55d6a5a457f6ef494cf45a47299e01", buildGoModule,
hash ? "sha256-g9OxhM+iNUrAZgM1we8qPsismPy5a0eN654tSYuM/No=", nixosTests,
vendorHash ? "sha256-wG0x86lptEY3x+7kVN7v1XZniliMOxaJ6Y95YS6ivJY=", ... version ? "c847ac4a4c55d6a5a457f6ef494cf45a47299e01",
hash ? "sha256-g9OxhM+iNUrAZgM1we8qPsismPy5a0eN654tSYuM/No=",
vendorHash ? "sha256-wG0x86lptEY3x+7kVN7v1XZniliMOxaJ6Y95YS6ivJY=",
...
}: }:
buildGoModule rec { buildGoModule rec {
pname = "lego"; pname = "lego";
inherit version; inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "go-acme"; owner = "go-acme";
repo = "lego"; repo = "lego";
rev = version; rev = version;
hash = hash; hash = hash;
}; };
inherit vendorHash; inherit vendorHash;
doCheck = false; doCheck = false;
subPackages = [ "cmd/lego" ]; subPackages = ["cmd/lego"];
ldflags = [ ldflags = [
"-X main.version=${version}" "-X main.version=${version}"
]; ];
meta = with lib; { meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go"; description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit; license = licenses.mit;
homepage = "https://go-acme.github.io/lego/"; homepage = "https://go-acme.github.io/lego/";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
}; };
passthru.tests.lego = nixosTests.acme; passthru.tests.lego = nixosTests.acme;
} }

99
packages/netgen/default.nix
View File

@ -1,72 +1,77 @@
{ {
bonfire, bonfire,
stdenv, lib, pkgs, stdenv,
version ? "6.2.2402", lib,
sha256 ? "sha256-o3cj5k2VtYiGcs9Z9FyfwtOpDlZZlcO3kRgBSer6KAw=", ... pkgs,
}: version ? "6.2.2402",
let pkg = stdenv.mkDerivation { sha256 ? "sha256-o3cj5k2VtYiGcs9Z9FyfwtOpDlZZlcO3kRgBSer6KAw=",
...
}: let
pkg = stdenv.mkDerivation {
pname = "netgen"; pname = "netgen";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "NGSolve"; owner = "NGSolve";
repo = "netgen"; repo = "netgen";
rev = "v${version}"; rev = "v${version}";
sha256 = sha256; sha256 = sha256;
}; };
patches = [ patches = [
./regex-version.patch ./regex-version.patch
]; ];
cmakeFlags = [ cmakeFlags = [
"-G Ninja" "-G Ninja"
"-D CMAKE_BUILD_TYPE=Release" "-D CMAKE_BUILD_TYPE=Release"
"-D USE_NATIVE_ARCH:BOOL=OFF" "-D USE_NATIVE_ARCH:BOOL=OFF"
"-D USE_OCC:BOOL=ON" "-D USE_OCC:BOOL=ON"
"-D USE_PYTHON:BOOL=ON" "-D USE_PYTHON:BOOL=ON"
"-D USE_GUI:BOOL=ON" "-D USE_GUI:BOOL=ON"
"-D USE_MPI:BOOL=ON" "-D USE_MPI:BOOL=ON"
"-D USE_SUPERBUILD:BOOL=OFF" "-D USE_SUPERBUILD:BOOL=OFF"
"-D PREFER_SYSTEM_PYBIND11:BOOL=ON" "-D PREFER_SYSTEM_PYBIND11:BOOL=ON"
]; ];
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
cmake cmake
ninja ninja
git git
(python3.withPackages (ps: with ps; [ (python3.withPackages (ps:
pybind11 with ps; [
mpi4py pybind11
mpi4py
])) ]))
]; ];
buildInputs = with pkgs; [ buildInputs = with pkgs; [
zlib zlib
tcl tcl
tk tk
mpi mpi
opencascade-occt opencascade-occt
libGL libGL
libGLU libGLU
xorg.libXmu xorg.libXmu
metis metis
]; ];
passthru = { passthru = {
shellHook = with pkgs; '' shellHook = with pkgs; ''
export PYTHONPATH="${python3}/${python3.sitePackages}" export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}" export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
''; '';
}; };
meta = with pkgs.lib; { meta = with pkgs.lib; {
homepage = "https://github.com/NGSolve/netgen"; homepage = "https://github.com/NGSolve/netgen";
description = "NETGEN is an automatic 3d tetrahedral mesh generator"; description = "NETGEN is an automatic 3d tetrahedral mesh generator";
license = licenses.lgpl21Only; license = licenses.lgpl21Only;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin; broken = pkgs.stdenv.isDarwin;
}; };
}; };
in pkg in
pkg

238
packages/nix-minimal/default.nix
View File

@ -1,136 +1,150 @@
{ {
pkgs, pkgs,
lib, lib,
bonlib, bonlib,
extraPaths ? [], extraPaths ? [],
... ...
}: }: let
let nixPath = pkgs.writeText "nixpkgsError" '' _: throw '''
nixPath = pkgs.writeText "nixpkgsError" ''_: throw ''' This container doesn't include nixpkgs.
This container doesn't include nixpkgs. Hint: override the NIX_PATH environment variable with eg:
Hint: override the NIX_PATH environment variable with eg: "NIX_PATH=nixpkgs=channel:nixos-unstable"
"NIX_PATH=nixpkgs=channel:nixos-unstable" ''' '';
''' '';
builderIds = let forEach = n: if n == 1 then [n] else [n] ++ forEach (n - 1); in forEach 32; builderIds = let
forEach = n:
if n == 1
then [n]
else [n] ++ forEach (n - 1);
in
forEach 32;
withFakeNss = with pkgs; [ withFakeNss = with pkgs; [
(writeTextDir "etc/passwd" ( (writeTextDir "etc/passwd" (
builtins.concatStringsSep "\n" ( builtins.concatStringsSep "\n" (
map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds) map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds
+ "\n" + '' )
root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash + "\n"
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin + ''
'')) root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin
''
))
(writeTextDir "etc/group" '' (writeTextDir "etc/group" ''
root:x:0: root:x:0:
wheel:x:1: wheel:x:1:
kmem:x:2: kmem:x:2:
tty:x:3: tty:x:3:
messagebus:x:4: messagebus:x:4:
disk:x:6: disk:x:6:
audio:x:17: audio:x:17:
floppy:x:18: floppy:x:18:
uucp:x:19: uucp:x:19:
lp:x:20: lp:x:20:
cdrom:x:24: cdrom:x:24:
tape:x:25: tape:x:25:
video:x:26: video:x:26:
dialout:x:27: dialout:x:27:
utmp:x:29: utmp:x:29:
adm:x:55: adm:x:55:
keys:x:96: keys:x:96:
users:x:100: users:x:100:
input:x:174: input:x:174:
nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)} nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)}
nogroup:x:65534: nogroup:x:65534:
'') '')
(writeTextDir "etc/nsswitch.conf" '' (writeTextDir "etc/nsswitch.conf" ''
passwd: files mymachines systemd passwd: files mymachines systemd
group: files mymachines systemd group: files mymachines systemd
shadow: files shadow: files
hosts: files mymachines dns myhostname hosts: files mymachines dns myhostname
networks: files networks: files
ethers: files ethers: files
services: files services: files
protocols: files protocols: files
rpc: files rpc: files
'') '')
]; ];
withNixConf = with pkgs; [ withNixConf = with pkgs; [
(writeTextDir "etc/nix/nix.conf" '' (writeTextDir "etc/nix/nix.conf" ''
accept-flake-config = true accept-flake-config = true
experimental-features = nix-command flakes experimental-features = nix-command flakes
show-trace = true show-trace = true
max-jobs = auto max-jobs = auto
trusted-users = root trusted-users = root
'') '')
]; ];
in
in pkgs.dockerTools.buildImageWithNixDb { pkgs.dockerTools.buildImageWithNixDb {
name = "nix-minimal"; name = "nix-minimal";
tag = "latest"; tag = "latest";
copyToRoot = pkgs.buildEnv { copyToRoot = pkgs.buildEnv {
name = "image-root"; name = "image-root";
pathsToLink = [ "/bin" "/etc" ]; pathsToLink = ["/bin" "/etc"];
paths = with pkgs; [ paths = with pkgs;
dockerTools.usrBinEnv [
dockerTools.usrBinEnv
coreutils coreutils
bashInteractive bashInteractive
nix nix
cacert cacert
gnutar gnutar
gzip gzip
xz xz
openssh openssh
((git.override { ((git.override {
perlSupport = false; perlSupport = false;
pythonSupport = false; pythonSupport = false;
withpcre2 = false; withpcre2 = false;
withManual = false; withManual = false;
}).overrideAttrs (_: { doInstallCheck = false; })) })
.overrideAttrs (_: {doInstallCheck = false;}))
iana-etc iana-etc
] ++ withFakeNss ++ withNixConf ++ extraPaths; ]
++ withFakeNss
++ withNixConf
++ extraPaths;
}; };
runAsRoot = with pkgs; '' runAsRoot = with pkgs; ''
#!${runtimeShell} #!${runtimeShell}
${dockerTools.shadowSetup} ${dockerTools.shadowSetup}
''; '';
config = { config = {
Cmd = [ "/bin/bash" ]; Cmd = ["/bin/bash"];
Env = [ Env = [
"USER=root" "USER=root"
"PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin" "PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin"
"PAGER=cat" "PAGER=cat"
"ENV=/etc/profile.d/nix.sh" "ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh" "BASH_ENV=/etc/profile.d/nix.sh"
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
"NIX_BUILD_SHELL=/bin/bash" "NIX_BUILD_SHELL=/bin/bash"
"NIX_PATH=nixpkgs=${nixPath}" "NIX_PATH=nixpkgs=${nixPath}"
]; ];
}; };
} // { }
// {
meta = with lib; { meta = with lib; {
homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire"; homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire";
description = "Minimal image with a Nix package manager"; description = "Minimal image with a Nix package manager";
longDescription = '' longDescription = ''
Minimal docker image with Nix package manager (https://nixos.org/). Minimal docker image with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes. Enabled features: nix-command, flakes.
Versions: latest Versions: latest
''; '';
platforms = platforms.linux; platforms = platforms.linux;
license = licenses.lgpl21Plus; license = licenses.lgpl21Plus;
maintainers = with bonlib.maintainers; [ L-Nafaryus ]; maintainers = with bonlib.maintainers; [L-Nafaryus];
}; };
} }

59
packages/nix-runner/default.nix
View File

@ -1,34 +1,39 @@
{ {
pkgs, pkgs,
lib, lib,
bonpkgs, bonpkgs,
bonlib, bonlib,
extraPaths ? [], extraPaths ? [],
... ...
}: }:
pkgs.dockerTools.buildImage { pkgs.dockerTools.buildImage {
name = "nix-runner"; name = "nix-runner";
tag = "latest"; tag = "latest";
fromImage = bonpkgs.nix-minimal; fromImage = bonpkgs.nix-minimal;
copyToRoot = pkgs.buildEnv { copyToRoot = pkgs.buildEnv {
name = "image-root"; name = "image-root";
pathsToLink = [ "/bin" ]; pathsToLink = ["/bin"];
paths = with pkgs; [ paths = with pkgs;
nodejs [
jq nodejs
cachix jq
] ++ extraPaths; cachix
}; ]
++ extraPaths;
};
config.Cmd = [ "/bin/bash" ]; config.Cmd = ["/bin/bash"];
} // { }
meta = bonpkgs.nix-minimal.meta // { // {
description = "Image for action runners with a Nix package manager"; meta =
longDescription = '' bonpkgs.nix-minimal.meta
Docker image for action runners with Nix package manager (https://nixos.org/). // {
Enabled features: nix-command, flakes. description = "Image for action runners with a Nix package manager";
Versions: latest longDescription = ''
''; Docker image for action runners with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
}; };
} }

109
packages/openfoam/default.nix
View File

@ -1,84 +1,87 @@
{ {
bonfire, bonfire,
stdenv, lib, pkgs, stdenv,
version ? "11.20240116", lib,
sha256 ? "sha256-bNWlza3cL/lUrwrVEmPECvKbFkwR2rTMaccsn8amGFQ=", ... pkgs,
}: version ? "11.20240116",
let sha256 ? "sha256-bNWlza3cL/lUrwrVEmPECvKbFkwR2rTMaccsn8amGFQ=",
version' = lib.strings.splitString "." version; ...
major = lib.elemAt version' 0; }: let
revision = lib.elemAt version' 1; version' = lib.strings.splitString "." version;
realname = "OpenFOAM"; major = lib.elemAt version' 0;
in revision = lib.elemAt version' 1;
let pkg = stdenv.mkDerivation { realname = "OpenFOAM";
in let
pkg = stdenv.mkDerivation {
pname = "openfoam"; pname = "openfoam";
inherit version major; inherit version major;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = realname; owner = realname;
repo = "${realname}-${major}"; repo = "${realname}-${major}";
rev = "${revision}"; rev = "${revision}";
sha256 = sha256; sha256 = sha256;
}; };
nativeBuildInputs = with pkgs; [ bash m4 flex bison ]; nativeBuildInputs = with pkgs; [bash m4 flex bison];
buildInputs = with pkgs; [ fftw mpi scotch boost cgal zlib ]; buildInputs = with pkgs; [fftw mpi scotch boost cgal zlib];
postPatch = '' postPatch = ''
substituteInPlace etc/bashrc \ substituteInPlace etc/bashrc \
--replace '[ "$BASH" -o "$ZSH_NAME" ] && \' '#' \ --replace '[ "$BASH" -o "$ZSH_NAME" ] && \' '#' \
--replace 'export FOAM_INST_DIR=$(cd $(dirname ${"$"}{BASH_SOURCE:-$0})/../.. && pwd -P) || \' '#' \ --replace 'export FOAM_INST_DIR=$(cd $(dirname ${"$"}{BASH_SOURCE:-$0})/../.. && pwd -P) || \' '#' \
--replace 'export FOAM_INST_DIR=$HOME/$WM_PROJECT' '# __inst_dir_placeholder__' --replace 'export FOAM_INST_DIR=$HOME/$WM_PROJECT' '# __inst_dir_placeholder__'
patchShebangs Allwmake patchShebangs Allwmake
patchShebangs etc patchShebangs etc
patchShebangs wmake patchShebangs wmake
patchShebangs applications patchShebangs applications
patchShebangs bin patchShebangs bin
''; '';
configurePhase = '' configurePhase = ''
export FOAM_INST_DIR=$NIX_BUILD_TOP/source export FOAM_INST_DIR=$NIX_BUILD_TOP/source
export WM_PROJECT_DIR=$FOAM_INST_DIR/${realname}-${major} export WM_PROJECT_DIR=$FOAM_INST_DIR/${realname}-${major}
mkdir $WM_PROJECT_DIR mkdir $WM_PROJECT_DIR
mv $(find $FOAM_INST_DIR/ -maxdepth 1 -not -path $WM_PROJECT_DIR -not -path $FOAM_INST_DIR/) \ mv $(find $FOAM_INST_DIR/ -maxdepth 1 -not -path $WM_PROJECT_DIR -not -path $FOAM_INST_DIR/) \
$WM_PROJECT_DIR/ $WM_PROJECT_DIR/
set +e set +e
. $WM_PROJECT_DIR/etc/bashrc . $WM_PROJECT_DIR/etc/bashrc
set -e set -e
''; '';
buildPhase = '' buildPhase = ''
sh $WM_PROJECT_DIR/Allwmake -j$CORES sh $WM_PROJECT_DIR/Allwmake -j$CORES
wclean all wclean all
wmakeLnIncludeAll wmakeLnIncludeAll
''; '';
installPhase = '' installPhase = ''
mkdir -p $out/${realname}-${major} mkdir -p $out/${realname}-${major}
substituteInPlace $WM_PROJECT_DIR/etc/bashrc \ substituteInPlace $WM_PROJECT_DIR/etc/bashrc \
--replace '# __inst_dir_placeholder__' "export FOAM_INST_DIR=$out" --replace '# __inst_dir_placeholder__' "export FOAM_INST_DIR=$out"
cp -Ra $WM_PROJECT_DIR/* $out/${realname}-${major} cp -Ra $WM_PROJECT_DIR/* $out/${realname}-${major}
''; '';
passthru = { passthru = {
shellHook = '' shellHook = ''
. ${pkg}/${realname}-${major}/etc/bashrc . ${pkg}/${realname}-${major}/etc/bashrc
''; '';
}; };
meta = with pkgs.lib; { meta = with pkgs.lib; {
homepage = "https://www.openfoam.org/"; homepage = "https://www.openfoam.org/";
description = "OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation"; description = "OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation";
license = licenses.gpl3; license = licenses.gpl3;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin; broken = pkgs.stdenv.isDarwin;
}; };
}; };
in pkg in
pkg

50
packages/spoofdpi/default.nix
View File

@ -1,33 +1,35 @@
{ {
bonfire, bonfire,
lib, pkgs, lib,
version ? "0.8", pkgs,
hash ? "sha256-kPCdOZl4m7KBb970TjJokXorKfnCvuV5Uq7lFQIh1z8=", version ? "0.8",
vendorHash ? "sha256-ib9xRklkLfrDCuLf7zDkJE8lJiNiUMPZ01MDxvqho6o=", ... hash ? "sha256-kPCdOZl4m7KBb970TjJokXorKfnCvuV5Uq7lFQIh1z8=",
vendorHash ? "sha256-ib9xRklkLfrDCuLf7zDkJE8lJiNiUMPZ01MDxvqho6o=",
...
}: }:
pkgs.buildGoModule { pkgs.buildGoModule {
pname = "spoofdpi"; pname = "spoofdpi";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "xvzc"; owner = "xvzc";
repo = "SpoofDPI"; repo = "SpoofDPI";
rev = version; rev = version;
hash = hash; hash = hash;
}; };
inherit vendorHash; inherit vendorHash;
doCheck = false; doCheck = false;
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"]; ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
meta = with lib; { meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI"; homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go"; description = "A simple and fast anti-censorship tool written in Go";
license = licenses.asl20; license = licenses.asl20;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = false; broken = false;
mainProgram = "spoof-dpi"; mainProgram = "spoof-dpi";
}; };
} }

134
packages/ultimmc/default.nix
View File

@ -1,75 +1,83 @@
{ {
bonfire, bonfire,
lib, stdenv, lib,
fetchFromGitHub, wrapQtAppsHook, stdenv,
extra-cmake-modules, cmake, fetchFromGitHub,
file, jdk17, wrapQtAppsHook,
copyDesktopItems, makeDesktopItem, extra-cmake-modules,
xorg, libpulseaudio, libGL cmake,
file,
jdk17,
copyDesktopItems,
makeDesktopItem,
xorg,
libpulseaudio,
libGL,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "faf3c966c43465d6f6c245ed78556222240398ee"; version = "faf3c966c43465d6f6c245ed78556222240398ee";
pname = "ultimmc"; pname = "ultimmc";
src = fetchFromGitHub { src = fetchFromGitHub {
fetchSubmodules = true; fetchSubmodules = true;
owner = "UltimMC"; owner = "UltimMC";
repo = "Launcher"; repo = "Launcher";
rev = "faf3c966c43465d6f6c245ed78556222240398ee"; rev = "faf3c966c43465d6f6c245ed78556222240398ee";
sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w="; sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
wrapQtAppsHook wrapQtAppsHook
extra-cmake-modules extra-cmake-modules
cmake cmake
file file
jdk17 jdk17
copyDesktopItems copyDesktopItems
]; ];
desktopItems = [ desktopItems = [
(makeDesktopItem { (makeDesktopItem {
name = "ultimmc"; name = "ultimmc";
desktopName = "UltimMC"; desktopName = "UltimMC";
icon = "ultimmc"; icon = "ultimmc";
comment = "Cracked Minecraft launcher"; comment = "Cracked Minecraft launcher";
exec = "UltimMC %u"; exec = "UltimMC %u";
categories = [ "Game" ]; categories = ["Game"];
}) })
]; ];
cmakeFlags = [ "-DLauncher_LAYOUT=lin-nodeps" ]; cmakeFlags = ["-DLauncher_LAYOUT=lin-nodeps"];
# TODO: fix broken data directory location # TODO: fix broken data directory location
postInstall = let postInstall = let
libpath = with xorg; lib.makeLibraryPath [ libpath = with xorg;
libX11 lib.makeLibraryPath [
libXext libX11
libXcursor libXext
libXrandr libXcursor
libXxf86vm libXrandr
libpulseaudio libXxf86vm
libGL libpulseaudio
]; libGL
in '' ];
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg in ''
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg
chmod -x $out/bin/*.so chmod -x $out/bin/*.so
wrapProgram $out/bin/UltimMC \ wrapProgram $out/bin/UltimMC \
"''${qtWrapperArgs[@]}" \ "''${qtWrapperArgs[@]}" \
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \ --set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \
--prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \ --prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \
--add-flags '-d ~/.local/share/ultimmc' --add-flags '-d ~/.local/share/ultimmc'
rm $out/UltimMC rm $out/UltimMC
''; '';
meta = with lib; { meta = with lib; {
homepage = "https://github.com/UltimMC/Launcher"; homepage = "https://github.com/UltimMC/Launcher";
description = "Cracked Minecraft Launcher"; description = "Cracked Minecraft Launcher";
license = licenses.asl20; license = licenses.asl20;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
}; };
} }

90
templates/rust/flake.nix
View File

@ -1,52 +1,62 @@
{ {
description = "Basic rust template"; description = "Basic rust template";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; }; crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
}; };
};
outputs = inputs @ { self, nixpkgs, crane, ... }: outputs = inputs @ {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; nixpkgs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); crane,
in { ...
packages = forAllSystems (system: { }: let
my-crate = let forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
pkgs = nixpkgsFor.${system}; nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
craneLib = crane.lib.${system}; in {
in craneLib.buildPackage { packages = forAllSystems (system: {
src = craneLib.cleanCargoSource (craneLib.path ./.); my-crate = let
strictDeps = true; pkgs = nixpkgsFor.${system};
craneLib = crane.lib.${system};
in
craneLib.buildPackage {
src = craneLib.cleanCargoSource (craneLib.path ./.);
strictDeps = true;
buildInputs = []; buildInputs = [];
}; };
default = self.packages.${system}.my-crate; default = self.packages.${system}.my-crate;
}); });
checks = forAllSystems (system: { checks = forAllSystems (system: {
inherit (self.packages.${system}.my-crate); inherit (self.packages.${system}.my-crate);
my-crate-fmt = let craneLib = crane.lib.${system}; in craneLib.cargoFmt { my-crate-fmt = let
src = craneLib.cleanCargoSource (craneLib.path ./.); craneLib = crane.lib.${system};
}; in
}); craneLib.cargoFmt {
src = craneLib.cleanCargoSource (craneLib.path ./.);
};
});
apps = forAllSystems (system: { apps = forAllSystems (system: {
default = { default = {
type = "app"; type = "app";
program = "${self.packages.${system}.my-crate}/bin/rust-example"; program = "${self.packages.${system}.my-crate}/bin/rust-example";
}; };
}); });
devShells = forAllSystems (system: { devShells = forAllSystems (system: {
default = crane.lib.${system}.devShell { default = crane.lib.${system}.devShell {
checks = self.checks.${system}; checks = self.checks.${system};
packages = [];
};
});
};
packages = [];
};
});
};
} }