L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 2 Releases Wiki Activity

flake: reformat all
Some checks failed
nix / check (push) Failing after 31s
Details

Browse Source 
new: packages: bonvim, nixvim configuration of neovim
remove: config: hyprland -> declarative
remove: config: nvim
nixosModules: structure with categories
new: configurations: concept of preconfigured modules
catarina: disable papermc server
catarina: hydra server
flake: hydraJobs outputs
This commit is contained in:
L-Nafaryus 2024-07-08 15:07:24 +05:00
parent 26088b3368
commit 008b4ad3a4
Signed by: L-Nafaryus
GPG Key ID: 553C97999B363D38
53 changed files with 4126 additions and 3205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.editorconfig Normal file
View File

@ -0,0 +1,4 @@
indent_style = "space"
indent_size = 4
end_of_line = "cr"
charset = "utf-8"

28
apps/default.nix
View File

@ -1,14 +1,16 @@
{ self, nixpkgs, ... }: {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; nixpkgs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); ...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in
forAllSystems (system: let
pkgs = nixpkgsFor.${system};
in forAllSystems(system: let bonfire = self;
pkgs = nixpkgsFor.${system}; bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
bonfire = self; in {
bonfire-lib = self.lib; })
bonfire-pkgs = self.packages.${system};
in {
})

31
config/git/config
View File

@ -1,31 +0,0 @@
[user]
name = L-Nafaryus
email = l.nafaryus@gmail.com
signingKey = 86F1EA98B48FFB19
[commit]
gpgsign = true
[tag]
gpgsign = true
[init]
defaultBranch = master
[diff]
submodule = log
[color]
diff = auto
status = auto
branch = auto
[core]
quotePath = false
commitGraph = true
whitespace = trailing-space
[receive]
advertisePushOptions = true
[gc]
writeCommitGraph = true
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
[filter "lfs"]
required = true
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process

281
config/hypr/hyprland.conf
View File

@ -1,281 +0,0 @@
# #######################################################################################
# AUTOGENERATED HYPR CONFIG.
# PLEASE USE THE CONFIG PROVIDED IN THE GIT REPO /examples/hypr.conf AND EDIT IT,
# OR EDIT THIS ONE ACCORDING TO THE WIKI INSTRUCTIONS.
# #######################################################################################
autogenerated = 0 # remove this line to remove the warning
# This is an example Hyprland config file.
# Refer to the wiki for more information.
# https://wiki.hyprland.org/Configuring/Configuring-Hyprland/
# Please note not all available settings / options are set here.
# For a full list, see the wiki
# You can split this configuration into multiple files
# Create your files separately and then link them to this file like this:
# source = ~/.config/hypr/myColors.conf
################
### MONITORS ###
################
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor = desc:AOC Q27B3MA 17ZPAHA006135, 2560x1440@75, 0x0, auto
monitor = desc:AOC Q27G2G3R3B 137P4HA000540, 2560x1440@165, 2560x0, auto
monitor = Unknown-1, disable
###################
### MY PROGRAMS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use
$terminal = alacritty
$fileManager = dolphin
$menu = rofi -show drun
#################
### AUTOSTART ###
#################
# Autostart necessary processes (like notifications daemons, status bars, etc.)
# Or execute your favorite apps at launch like this:
# exec-once = $terminal
# exec-once = nm-applet &
# exec-once = waybar & hyprpaper & firefox
exec-once = eww daemon
exec-once = eww open topbar
exec-once = nm-applet --indicator &
exec-once = blueman-applet &
exec-once = wl-gammarelay-rs run &
exec-once = systemctl --user start hypridle
exec-once = wl-paste --type text --watch cliphist store #Stores only text data
exec-once = wl-paste --type image --watch cliphist store #Stores only image data
exec-once = swww-daemon & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160.png & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160a.gif
#############################
### ENVIRONMENT VARIABLES ###
#############################
# See https://wiki.hyprland.org/Configuring/Environment-variables/
env = XCURSOR_SIZE,16
env = HYPRCURSOR_SIZE,16
env = WLR_DRM_NO_ATOMIC,1
#####################
### LOOK AND FEEL ###
#####################
# Refer to https://wiki.hyprland.org/Configuring/Variables/
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 5
gaps_out = 5
border_size = 2
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true
layout = dwindle
}
# https://wiki.hyprland.org/Configuring/Variables/#decoration
decoration {
rounding = 5
# Change transparency of focused and unfocused windows
active_opacity = 1.0
inactive_opacity = 0.95
drop_shadow = true
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur {
enabled = true
size = 3
passes = 1
vibrancy = 0.1696
}
}
# https://wiki.hyprland.org/Configuring/Variables/#animations
animations {
enabled = true
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle {
pseudotile = true # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true # You probably want this
}
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master {
new_is_master = true
}
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
force_default_wallpaper = -1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false # If true disables the random hyprland logo / anime girl background. :(
}
#############
### INPUT ###
#############
# https://wiki.hyprland.org/Configuring/Variables/#input
input {
kb_layout = us,ru
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = false
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
####################
### KEYBINDINGSS ###
####################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = SUPER, Q, exec, $terminal
bind = SUPER, C, killactive,
bind = SUPER, M, exit,
bind = SUPER, E, exec, $fileManager
bind = SUPER, V, togglefloating,
bind = SUPER, F, fullscreen,
bind = SUPER, R, exec, $menu
bind = SUPER, P, pseudo, # dwindle
bind = SUPER, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = SUPER, left, movefocus, l
bind = SUPER, right, movefocus, r
bind = SUPER, up, movefocus, u
bind = SUPER, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = SUPER, 1, workspace, 1
bind = SUPER, 2, workspace, 2
bind = SUPER, 3, workspace, 3
bind = SUPER, 4, workspace, 4
bind = SUPER, 5, workspace, 5
bind = SUPER, 6, workspace, 6
bind = SUPER, 7, workspace, 7
bind = SUPER, 8, workspace, 8
bind = SUPER, 9, workspace, 9
bind = SUPER, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = SUPER SHIFT, 1, movetoworkspace, 1
bind = SUPER SHIFT, 2, movetoworkspace, 2
bind = SUPER SHIFT, 3, movetoworkspace, 3
bind = SUPER SHIFT, 4, movetoworkspace, 4
bind = SUPER SHIFT, 5, movetoworkspace, 5
bind = SUPER SHIFT, 6, movetoworkspace, 6
bind = SUPER SHIFT, 7, movetoworkspace, 7
bind = SUPER SHIFT, 8, movetoworkspace, 8
bind = SUPER SHIFT, 9, movetoworkspace, 9
bind = SUPER SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = SUPER, S, togglespecialworkspace, magic
bind = SUPER SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = SUPER, mouse_down, workspace, e+1
bind = SUPER, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = SUPER, mouse:272, movewindow
bindm = SUPER, mouse:273, resizewindow
bindel = , XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+
bindel = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
bindl = , XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
bindl = , XF86AudioPrev, exec, playerctl previous
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioNext, exec, playerctl next
bindl = , XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500
bindl = , XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500
bindl = SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1
bindl = SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1
bind = SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next
bind = , PRINT, exec, hyprshot -m region
bind = SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy
#bind = CTRL, V, exec, wl-paste
##############################
### WINDOWS AND WORKSPACES ###
##############################
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# See https://wiki.hyprland.org/Configuring/Workspace-Rules/ for workspace rules
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
windowrulev2 = float, class:^(steam_app.*)$
windowrulev2 = immediate, class:^(steam_app.*)$
windowrulev2 = float, class:^(steam_proton.*)$

15
config/nvim/.neoconf.json
View File

@ -1,15 +0,0 @@
{
"neodev": {
"library": {
"enabled": true,
"plugins": true
}
},
"neoconf": {
"plugins": {
"lua_ls": {
"enabled": true
}
}
}
}

29
config/nvim/ginit.vim
View File

@ -1,29 +0,0 @@
" Enable Mouse
set mouse=a
" Set Editor Font
if exists(':GuiFont')
" Use GuiFont! to ignore font errors
GuiFont MesloLGS Nerd Font Mono:h10
endif
" Disable GUI Tabline
if exists(':GuiTabline')
GuiTabline 0
endif
" Disable GUI Popupmenu
if exists(':GuiPopupmenu')
GuiPopupmenu 0
endif
" Enable GUI ScrollBar
if exists(':GuiScrollBar')
GuiScrollBar 0
endif
" Right Click Context Menu (Copy-Cut-Paste)
nnoremap <silent><RightMouse> :call GuiShowContextMenu()<CR>
inoremap <silent><RightMouse> <Esc>:call GuiShowContextMenu()<CR>
xnoremap <silent><RightMouse> :call GuiShowContextMenu()<CR>gv
snoremap <silent><RightMouse> <C-G>:call GuiShowContextMenu()<CR>gv

7
config/nvim/init.lua
View File

@ -1,7 +0,0 @@
-- bootstrap lazy.nvim, LazyVim and your plugins
require("config.lazy")
vim.o.tabstop = 4 -- A TAB character looks like 4 spaces
vim.o.expandtab = true -- Pressing the TAB key will insert spaces instead of a TAB character
vim.o.softtabstop = 4 -- Number of spaces inserted instead of a TAB character
vim.o.shiftwidth = 4 -- Number of spaces inserted when indenting

3
config/nvim/lua/config/autocmds.lua
View File

@ -1,3 +0,0 @@
-- Autocmds are automatically loaded on the VeryLazy event
-- Default autocmds that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/autocmds.lua
-- Add any additional autocmds here

15
config/nvim/lua/config/keymaps.lua
View File

@ -1,15 +0,0 @@
-- Keymaps are automatically loaded on the VeryLazy event
-- Default keymaps that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/keymaps.lua
-- Add any additional keymaps here
-- Move to window
vim.keymap.set("n", "<C-Left>", "<C-w>h", { desc = "Go to left window", remap = true })
vim.keymap.set("n", "<C-Down>", "<C-w>j", { desc = "Go to lower window", remap = true })
vim.keymap.set("n", "<C-Up>", "<C-w>k", { desc = "Go to upper window", remap = true })
vim.keymap.set("n", "<C-Right>", "<C-w>l", { desc = "Go to right window", remap = true })
-- Resize window using <ctrl> arrow keys
vim.keymap.set("n", "<C-k>", "<cmd>resize +2<cr>", { desc = "Increase window height" })
vim.keymap.set("n", "<C-l>", "<cmd>resize -2<cr>", { desc = "Decrease window height" })
vim.keymap.set("n", "<C-h>", "<cmd>vertical resize -2<cr>", { desc = "Decrease window width" })
vim.keymap.set("n", "<C-j>", "<cmd>vertical resize +2<cr>", { desc = "Increase window width" })

46
config/nvim/lua/config/lazy.lua
View File

@ -1,46 +0,0 @@
local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim"
if not vim.loop.fs_stat(lazypath) then
-- bootstrap lazy.nvim
-- stylua: ignore
vim.fn.system({ "git", "clone", "--filter=blob:none", "https://github.com/folke/lazy.nvim.git", "--branch=stable", lazypath })
end
vim.opt.rtp:prepend(vim.env.LAZY or lazypath)
require("lazy").setup({
spec = {
-- add LazyVim and import its plugins
{ "LazyVim/LazyVim", import = "lazyvim.plugins" },
-- import any extras modules here
-- { import = "lazyvim.plugins.extras.lang.typescript" },
-- { import = "lazyvim.plugins.extras.lang.json" },
-- { import = "lazyvim.plugins.extras.ui.mini-animate" },
-- import/override with your plugins
{ import = "plugins" },
},
defaults = {
-- By default, only LazyVim plugins will be lazy-loaded. Your custom plugins will load during startup.
-- If you know what you're doing, you can set this to `true` to have all your custom plugins lazy-loaded by default.
lazy = false,
-- It's recommended to leave version=false for now, since a lot the plugin that support versioning,
-- have outdated releases, which may break your Neovim install.
version = false, -- always use the latest git commit
-- version = "*", -- try installing the latest stable version for plugins that support semver
},
install = { colorscheme = { "tokyonight", "habamax" } },
checker = { enabled = true }, -- automatically check for plugin updates
performance = {
rtp = {
-- disable some rtp plugins
disabled_plugins = {
"gzip",
-- "matchit",
-- "matchparen",
-- "netrwPlugin",
"tarPlugin",
"tohtml",
"tutor",
"zipPlugin",
},
},
},
})

3
config/nvim/lua/config/options.lua
View File

@ -1,3 +0,0 @@
-- Options are automatically loaded before lazy.nvim startup
-- Default options that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/options.lua
-- Add any additional options here

70
config/nvim/lua/plugins/user.lua
View File

@ -1,70 +0,0 @@
return {
{
"ellisonleao/gruvbox.nvim",
},
{
"folke/tokyonight.nvim",
style = "moon",
priority = 1000,
},
{ "skywind3000/asyncrun.vim" },
-- Configure LazyVim to load gruvbox
{
"LazyVim/LazyVim",
opts = {
colorscheme = "tokyonight",
},
},
{ "equalsraf/neovim-gui-shim" },
{
"nvim-neo-tree/neo-tree.nvim",
opts = {
filesystem = {
filtered_items = {
hide_dotfiles = false,
hide_gitignored = false,
},
use_libuv_file_watcher = true,
},
},
},
{
"folke/trouble.nvim",
dependencies = { "nvim-tree/nvim-web-devicons" },
},
{
"nvim-orgmode/orgmode",
dependencies = {
{ "nvim-treesitter/nvim-treesitter", lazy = true },
},
event = "VeryLazy",
config = function()
require("orgmode").setup_ts_grammar()
require("nvim-treesitter.configs").setup({
highlight = {
enable = true,
additional_vim_regex_highlighting = { "org" },
},
ensure_installed = { "org" },
})
require("orgmode").setup()
end,
},
{
"williamboman/mason.nvim",
config = function()
require("mason").setup({ PATH = "append" })
end
}
}

4
config/nvim/stylua.toml
View File

@ -1,4 +0,0 @@
indent_type = "Spaces"
indent_width = 4
column_width = 120

629
configurations/bonvim.nix Normal file
View File

@ -0,0 +1,629 @@
{
config,
lib,
pkgs,
rustc ? pkgs.rustc,
cargo ? pkgs.cargo,
rust-analyzer ? pkgs.rust-analyzer,
...
}: {
# General
globals.mapleader = " ";
opts = {
# Show line numbers
number = true;
relativenumber = true;
# Tab need 4 spaces please
expandtab = true;
tabstop = 4;
softtabstop = 4;
shiftwidth = 4;
showtabline = 4;
# Hide * markup
conceallevel = 2;
# Confirm on save
confirm = true;
cursorline = true;
# Invisible characters I see you
list = true;
ignorecase = true;
grepprg = "${lib.getExe pkgs.ripgrep} --vimgrep";
termguicolors = true;
# Splits
splitbelow = true;
splitright = true;
splitkeep = "screen";
# U, u, undo
undofile = true;
undolevels = 10000;
updatetime = 200;
# Command line completion mode
wildmode = "longest:full,full";
smoothscroll = true;
autowrite = true;
};
globals = {
bigfile_size = 1024 * 1024 * 1.5;
};
editorconfig.enable = true;
# Clipboard
clipboard = {
register = "unnamedplus";
providers.wl-copy.enable = true;
};
# Copy/paste
plugins.yanky = {
enable = true;
systemClipboard.syncWithRing = true;
};
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
# Theme
colorschemes.catppuccin = {
enable = true;
settings = {
flavour = "macchiato";
no_bold = false;
no_italic = false;
no_underline = false;
integrations = {
cmp = true;
notify = true;
gitsigns = true;
neotree = true;
which_key = true;
illuminate = {
enabled = true;
};
treesitter = true;
telescope.enabled = true;
indent_blankline.enabled = true;
mini.enabled = true;
native_lsp = {
enabled = true;
inlay_hints = {
background = true;
};
underlines = {
errors = ["underline"];
hints = ["underline"];
information = ["underline"];
warnings = ["underline"];
};
};
};
};
};
# File tree
plugins.neo-tree = {
enable = true;
filesystem = {
useLibuvFileWatcher = true;
filteredItems = {
hideDotfiles = false;
hideGitignored = false;
};
};
defaultComponentConfigs = {
indent = {
withExpanders = true;
expanderCollapsed = "";
expanderExpanded = "";
expanderHighlight = "NeoTreeExpander";
};
};
};
# UI
plugins.noice = {
enable = true;
lsp.override = {
"cmp.entry.get_documentation" = true;
"vim.lsp.util.convert_input_to_markdown_lines" = true;
"vim.lsp.util.stylize_markdown" = true;
};
presets = {
long_message_to_split = true;
};
};
plugins.dressing = {
enable = true;
};
# Status line
plugins.bufferline = {
enable = true;
diagnostics = "nvim_lsp";
mode = "buffers";
offsets = [
{
filetype = "neo-tree";
text = "Neo-tree";
highlight = "Directory";
text_align = "left";
}
];
};
plugins.lualine = {
enable = true;
globalstatus = true;
extensions = ["neo-tree"];
sections = {
lualine_a = [
{
name = "mode";
separator.right = "";
}
];
lualine_b = [
{
name = "branch";
icon = "";
separator.right = "";
}
];
lualine_c = [
{
name = "diagnostics";
separator.right = ">";
extraConfig = {
sources = ["nvim_lsp"];
symbols = {
error = " ";
warn = " ";
info = " ";
hint = "󰝶 ";
};
};
}
{
name = "filetype";
extraConfig = {
icon_only = true;
separator = "";
padding = {
left = 1;
right = 0;
};
};
}
{
name = "filename";
extraConfig = {
path = 1;
};
}
];
lualine_x = [
{
name = "diff";
extraConfig = {
symbols = {
added = " ";
modified = " ";
removed = " ";
};
source.__raw = ''
function()
local gitsings = vim.b.gitsigns_status_dict
if gitsigns then
return {
added = gitigns.added,
modified = gitigns.changed,
removed = gitigns.removed
}
end
end
'';
};
}
];
lualine_y = [
{
separator.left = "";
name = "progress";
padding = {
left = 1;
right = 0;
};
}
{
name = "location";
padding = {
left = 0;
right = 1;
};
}
];
lualine_z = [
{
separator.left = "";
fmt = ''
function(text)
return " " .. os.date("%R")
end
'';
}
];
};
};
plugins.notify.enable = true;
plugins.project-nvim = {
enable = true;
enableTelescope = true;
showHidden = true;
};
# Syntax highlight
plugins.treesitter = {
enable = true;
};
plugins.treesitter-textobjects.enable = true;
# Double trouble of your code
plugins.trouble = {
enable = true;
};
# Multifile search/replace
plugins.spectre = {
enable = true;
findPackage = pkgs.ripgrep;
replacePackage = pkgs.gnused;
};
plugins.which-key = {
enable = true;
icons.group = "+";
registrations = {
"<leader>g" = "+ Git";
"<leader>c" = "+ Code";
"<leader>s" = "+ Search";
"<leader>w" = "+ Window";
"<leader>q" = "+ Quit";
};
};
# LSP
plugins = {
lsp-lines.enable = true;
lsp-format.enable = true;
lsp = {
enable = true;
inlayHints = true;
keymaps = {
# vim.diagnostic.<action>
diagnostic = {
"<leader>cd" = {
action = "open_float";
desc = "Line diagnostics";
};
};
# vim.lsp.buf.<action>
lspBuf = {
"K" = "hover";
"gK" = "signature_help";
"gr" = "references";
"gd" = "definition";
"gi" = "implementation";
"gt" = "type_definition";
"cr" = "rename";
"cf" = "format";
};
extra = [
{
key = "<leader>cf";
action.__raw = "vim.lsp.buf.format";
options.desc = "Format";
}
];
};
servers = {
clangd = {
enable = true;
cmd = [
"${config.plugins.lsp.servers.clangd.package}/bin/clangd"
"--background-index"
"--clang-tidy"
"--header-insertion=iwyu"
"--completion-style=detailed"
"--function-arg-placeholders"
"--fallback-style=llvm"
];
};
cmake.enable = true;
nil-ls.enable = true;
# pylyzer.enable = true; # not working with virtual environments currently :(
pylsp = {
enable = true;
settings.plugins = {
pyflakes.enabled = true;
black.enabled = true;
};
};
rust-analyzer = {
enable = true;
package = rust-analyzer;
cargoPackage = cargo;
rustcPackage = rustc;
installCargo = true;
installRustc = true;
};
volar.enable = true;
tailwindcss.enable = true;
marksman.enable = true;
};
};
};
# VCS
plugins.gitsigns = {
enable = true;
settings = {
signs = {
add = {
text = "";
};
change = {
text = "";
};
delete = {
text = "";
};
untracked = {
text = "";
};
topdelete = {
text = "";
};
changedelete = {
text = "";
};
};
};
};
plugins.lazygit.enable = true;
# Formatting
plugins.none-ls = {
enable = true;
# nix
sources.formatting.alejandra.enable = true;
};
# Search, search, search
plugins.telescope = {
enable = true;
extensions.fzf-native.enable = true;
keymaps = {
"<leader>sgf" = {
action = "git_files";
options = {
desc = "Files";
};
};
"<leader>sgc" = {
action = "git_commits";
options = {
desc = "Commits";
};
};
"<leader>sgs" = {
action = "git_status";
options = {
desc = "Status";
};
};
"<leader>sk" = {
action = "keymaps";
options = {
desc = "Key Maps";
};
};
"<leader>sf" = {
action = "live_grep";
options = {
desc = "Grep Root Directory";
};
};
};
};
plugins.todo-comments.enable = true;
# Terminal
plugins.toggleterm = {
enable = true;
settings = {
direction = "float";
open_mapping = "[[<c-/>]]";
};
};
# Completion
plugins = {
cmp = {
enable = true;
settings = {
sources = [
{
name = "nvim_lsp";
}
{
name = "path";
}
{
name = "buffer";
}
];
experimental = {
ghost_text = {
hl_group = "CmpGhostText";
};
};
mapping = {
"<c-space>" = "cmp.mapping.complete()";
"<cr>" = "cmp.mapping.confirm({ select = true; })";
};
};
};
cmp-nvim-lsp.enable = true;
cmp-path.enable = true;
cmp-buffer.enable = true;
};
# Keymaps
keymaps = [
# General
{
mode = "n";
key = "<leader>qq";
action = "<cmd>qa<cr>";
options = {desc = "Quit All";};
}
{
mode = "n";
key = "<leader>ww";
action = "<C-W>p";
options = {desc = "Other Window";};
}
{
mode = "n";
key = "<leader>wd";
action = "<C-W>c";
options = {desc = "Delete Window";};
}
{
mode = "n";
key = "<leader>ws";
action = "<C-W>s";
options = {desc = "Split Below";};
}
{
mode = "n";
key = "<leader>wv";
action = "<C-W>v";
options = {desc = "Split Right";};
}
{
mode = "n";
key = "<C-Left>";
action = "<C-W>h";
options = {desc = "Go To Left Window";};
}
{
mode = "n";
key = "<C-Down>";
action = "<C-W>j";
options = {desc = "Go To Lower Window";};
}
{
mode = "n";
key = "<C-Up>";
action = "<C-W>k";
options = {desc = "Go To Upper Window";};
}
{
mode = "n";
key = "<C-Right>";
action = "<C-W>l";
options = {desc = "Go To Right Window";};
}
{
mode = "v";
key = ">";
action = ">gv";
options = {desc = "Indent right selected text";};
}
{
mode = "v";
key = "<";
action = "<gv";
options = {desc = "Indent left selected text";};
}
# Clipboard
{
mode = ["n" "x"];
key = "y";
action = "<Plug>(YankyYank)";
options = {desc = "Yank Text";};
}
{
mode = ["n" "x"];
key = "p";
action = "<Plug>(YankyPutAfter)";
options = {desc = "Put Yanked Text After Cursor";};
}
{
mode = ["n" "x"];
key = "P";
action = "<Plug>(YankyPutBefore)";
options = {desc = "Put Yanked Text Before Cursor";};
}
{
mode = ["n" "x"];
key = "gp";
action = "<Plug>(YankyGPutAfter)";
options = {desc = "Put Yanked Text After Selection";};
}
{
mode = ["n" "x"];
key = "gP";
action = "<Plug>(YankyGPutBefore)";
options = {desc = "Put Yanked Text Befor Selection";};
}
{
mode = "n";
key = "<leader>cl";
action.__raw = ''require("lsp_lines").toggle'';
options = {desc = "Toggle LSP lines";};
}
# Terminal
{
mode = "t";
key = "<esc><esc>";
action = "<c-\\><c-n>";
options = {desc = "Enter Normal Mode";};
}
# Etc
{
mode = "n";
key = "<leader>e";
action = "<cmd>Neotree toggle<cr>";
options = {desc = "Open/Close Neotree";};
}
{
mode = "n";
key = "<leader>gg";
action = "<cmd>LazyGit<cr>";
options = {
desc = "LazyGit (root dir)";
};
}
];
}

7
configurations/default.nix Normal file
View File

@ -0,0 +1,7 @@
{
self,
inputs,
...
}: {
bonvim = ./bonvim.nix;
}

20
devShells/bonfire.nix
View File

@ -1,13 +1,9 @@
{ crane-lib, pkgs, ... }: {pkgs, ...}:
crane-lib.devShell { pkgs.mkShellNoCC {
packages = with pkgs; [ packages = with pkgs; [
sops sops
mkpasswd mkpasswd
nil jq
jq cachix
cachix ];
nodejs
python3
marksman
];
} }

35
devShells/default.nix
View File

@ -1,22 +1,25 @@
# self.devShells.${system} # self.devShells.${system}
# #
{ self, nixpkgs, ... }: {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; nixpkgs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); ...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in
forAllSystems (system: let
environment = rec {
pkgs = nixpkgsFor.${system};
in forAllSystems(system: bonfire = self;
let environment = { bonfire-lib = self.lib;
pkgs = nixpkgsFor.${system}; bonfire-pkgs = self.packages.${system};
bonfire = self; crane = self.inputs.crane;
bonfire-lib = self.lib; crane-lib = self.inputs.crane.mkLib pkgs;
bonfire-pkgs = self.packages.${system}; };
in {
crane = self.inputs.crane;
crane-lib = self.inputs.crane.lib.${system};
}; in {
default = import ./bonfire.nix environment; default = import ./bonfire.nix environment;
netgen = import ./netgen.nix environment; netgen = import ./netgen.nix environment;
@ -27,4 +30,4 @@ in forAllSystems(system:
rust-x11 = import ./rust-x11.nix environment; rust-x11 = import ./rust-x11.nix environment;
go = import ./go.nix environment; go = import ./go.nix environment;
}) })

18
devShells/go.nix
View File

@ -1,11 +1,11 @@
{ pkgs, ... }: {pkgs, ...}:
pkgs.mkShellNoCC { pkgs.mkShellNoCC {
packages = with pkgs; [ packages = with pkgs; [
go go
gopls gopls
gotools gotools
go-tools go-tools
golangci-lint golangci-lint
gnumake gnumake
]; ];
} }

16
devShells/netgen.nix
View File

@ -1,9 +1,13 @@
{ pkgs, bonfire-pkgs, ... }: {
pkgs,
bonfire-pkgs,
...
}:
pkgs.mkShellNoCC { pkgs.mkShellNoCC {
packages = [ packages = [
bonfire-pkgs.netgen bonfire-pkgs.netgen
pkgs.python3 pkgs.python3
]; ];
shellHook = bonfire-pkgs.netgen.passthru.shellHook; shellHook = bonfire-pkgs.netgen.passthru.shellHook;
} }

16
devShells/openfoam.nix
View File

@ -1,9 +1,13 @@
{ pkgs, bonfire-pkgs, ... }: {
pkgs,
bonfire-pkgs,
...
}:
pkgs.mkShellNoCC { pkgs.mkShellNoCC {
packages = [ packages = [
bonfire-pkgs.openfoam bonfire-pkgs.openfoam
pkgs.mpi pkgs.mpi
]; ];
shellHook = bonfire-pkgs.openfoam.passthru.shellHook; shellHook = bonfire-pkgs.openfoam.passthru.shellHook;
} }

44
devShells/rust-x11.nix
View File

@ -1,23 +1,27 @@
{ pkgs, crane-lib, ... }: {
pkgs,
crane-lib,
...
}:
crane-lib.devShell rec { crane-lib.devShell rec {
packages = with pkgs; [ packages = with pkgs; [
lld lld
pkg-config pkg-config
libGL libGL
vulkan-loader vulkan-loader
vulkan-headers vulkan-headers
vulkan-tools vulkan-tools
vulkan-validation-layers vulkan-validation-layers
xorg.libXi xorg.libXi
xorg.libX11 xorg.libX11
xorg.libXcursor xorg.libXcursor
xorg.libXrandr xorg.libXrandr
libxkbcommon libxkbcommon
libudev-zero libudev-zero
alsa-lib alsa-lib
]; ];
shellHook = '' shellHook = ''
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.lib.makeLibraryPath packages}" export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.lib.makeLibraryPath packages}"
''; '';
} }

12
devShells/rust.nix
View File

@ -1,6 +1,10 @@
{ pkgs, crane-lib, ... }: {
pkgs,
crane-lib,
...
}:
crane-lib.devShell { crane-lib.devShell {
packages = [ packages = [
pkgs.cargo-watch pkgs.cargo-watch
]; ];
} }

364
flake.lock
View File

@ -52,7 +52,7 @@
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane_2",
"fenix": "fenix_2", "fenix": "fenix_2",
"home-manager": "home-manager_2", "home-manager": "home-manager_3",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixos-mailserver": "nixos-mailserver_2", "nixos-mailserver": "nixos-mailserver_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
@ -78,7 +78,7 @@
"crane": "crane_3", "crane": "crane_3",
"devenv": "devenv", "devenv": "devenv",
"fenix": "fenix_3", "fenix": "fenix_3",
"home-manager": "home-manager_3", "home-manager": "home-manager_4",
"nixgl": "nixgl_2", "nixgl": "nixgl_2",
"nixos-mailserver": "nixos-mailserver_3", "nixos-mailserver": "nixos-mailserver_3",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
@ -142,11 +142,11 @@
}, },
"catppuccin": { "catppuccin": {
"locked": { "locked": {
"lastModified": 1718339789, "lastModified": 1719758387,
"narHash": "sha256-Q3fgY7huFE+uaw7BNsAl1x+FvjDAi3EDWPnlALJt5pM=", "narHash": "sha256-bMaI1jJNzIZar4TP/hhoPQROqqcbD6zT6O+sqIJdp8c=",
"owner": "catppuccin", "owner": "catppuccin",
"repo": "nix", "repo": "nix",
"rev": "73e06d5bd7ed34bdd0168030893ef8364fdc1d4a", "rev": "9eb0610d48dd0e1fecf772bbdacf9050d7b82d7c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -162,11 +162,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718474113, "lastModified": 1719685792,
"narHash": "sha256-UKrfy/46YF2TRnxTtKCYzqf2f5ZPRRWwKCCJb7O5X8U=", "narHash": "sha256-WIoVERD4AN6CmfGSRPy3mfPx2dDbRHgzP2V8z6aNbaY=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "0095fd8ea00ae0a9e6014f39c375e40c2fbd3386", "rev": "aa5dcd0518a422dfd545d565f0d5a25971fea52a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -224,7 +224,7 @@
"devenv": { "devenv": {
"inputs": { "inputs": {
"cachix": "cachix", "cachix": "cachix",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_6",
"nix": "nix_2", "nix": "nix_2",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -288,6 +288,28 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -296,11 +318,11 @@
"rust-analyzer-src": [] "rust-analyzer-src": []
}, },
"locked": { "locked": {
"lastModified": 1717827974, "lastModified": 1719815435,
"narHash": "sha256-ixopuTeTouxqTxfMuzs6IaRttbT8JqRW5C9Q/57WxQw=", "narHash": "sha256-K2xFp142onP35jcx7li10xUxNVEVRWjAdY8DSuR7Naw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "ab655c627777ab5f9964652fe23bbb1dfbd687a8", "rev": "ebfe2c639111d7e82972a12711206afaeeda2450",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -382,6 +404,20 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -397,22 +433,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -430,6 +450,22 @@
} }
}, },
"flake-compat_5": { "flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -445,7 +481,62 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719745305,
"narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -460,9 +551,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1689068808, "lastModified": 1689068808,
@ -478,9 +569,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -496,7 +587,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flake-utils_5": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -511,7 +602,56 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719259945,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -544,11 +684,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718526747, "lastModified": 1719827439,
"narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -558,6 +698,27 @@
} }
}, },
"home-manager_2": { "home-manager_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719677234,
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -579,7 +740,7 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_3": { "home-manager_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -605,7 +766,7 @@
}, },
"nix": { "nix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_5",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -633,6 +794,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719128254,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -698,7 +880,7 @@
}, },
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -721,7 +903,7 @@
}, },
"nixgl_2": { "nixgl_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -754,11 +936,11 @@
"nixpkgs-24_05": "nixpkgs-24_05" "nixpkgs-24_05": "nixpkgs-24_05"
}, },
"locked": { "locked": {
"lastModified": 1718398369, "lastModified": 1718697807,
"narHash": "sha256-ccOHDuTaUhD1DW6DGNXoDJNOwYx55rVNKECyqRzKRtE=", "narHash": "sha256-Enla61WFisytTYbWygPynEbu8vozjeGc6Obkj2GRj7o=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "54cbacb6eb9938bf1eaab7a7840fb527050c2af1", "rev": "290a995de5c3d3f08468fa548f0d55ab2efc7b6b",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -770,7 +952,7 @@
"nixos-mailserver_2": { "nixos-mailserver_2": {
"inputs": { "inputs": {
"blobs": "blobs_2", "blobs": "blobs_2",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_4",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -795,7 +977,7 @@
"nixos-mailserver_3": { "nixos-mailserver_3": {
"inputs": { "inputs": {
"blobs": "blobs_3", "blobs": "blobs_3",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_7",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -821,11 +1003,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1718530797, "lastModified": 1719690277,
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=", "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9", "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -932,11 +1114,11 @@
}, },
"nixpkgs-stable_4": { "nixpkgs-stable_4": {
"locked": { "locked": {
"lastModified": 1718478900, "lastModified": 1719663039,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c884223af91820615a6146af1ae1fea25c107005", "rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1010,6 +1192,33 @@
"type": "github" "type": "github"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1719835160,
"narHash": "sha256-AyZJM2la6+CAdKKSC3y80sbneW8dH/2lb+OxKzi2cAw=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "7cc1685eafdcf04cf1058949647ea2c7560f2d65",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"obs-image-reaction": { "obs-image-reaction": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
@ -1071,7 +1280,7 @@
}, },
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -1108,8 +1317,8 @@
"devenv", "devenv",
"flake-compat" "flake-compat"
], ],
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -1142,6 +1351,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"obs-image-reaction": "obs-image-reaction", "obs-image-reaction": "obs-image-reaction",
"oscuro": "oscuro", "oscuro": "oscuro",
"sops-nix": "sops-nix_3" "sops-nix": "sops-nix_3"
@ -1203,11 +1413,11 @@
"nixpkgs-stable": "nixpkgs-stable_4" "nixpkgs-stable": "nixpkgs-stable_4"
}, },
"locked": { "locked": {
"lastModified": 1718506969, "lastModified": 1719716556,
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", "narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", "rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1276,9 +1486,45 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719749022,
"narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1709126324,
@ -1296,7 +1542,7 @@
}, },
"utils_2": { "utils_2": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1709126324,

198
flake.nix
View File

@ -1,94 +1,128 @@
{ {
description = "Derivation lit"; description = "Derivation lit";
nixConfig = { nixConfig = {
extra-substituters = [ "https://bonfire.cachix.org" ]; extra-substituters = ["https://bonfire.cachix.org"];
extra-trusted-public-keys = [ "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM=" ]; extra-trusted-public-keys = ["bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
catppuccin = {
url = "github:catppuccin/nix";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
};
obs-image-reaction = {
url = "github:L-Nafaryus/obs-image-reaction";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
home-manager,
nixos-mailserver,
sops-nix,
crane,
fenix,
catppuccin,
oscuro,
...
} @ inputs: let
lib = import ./lib {inherit (nixpkgs) lib;};
in {
inherit lib;
nixosConfigurations = {
astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
self.nixosModules.bonfire
self.nixosModules.spoofdpi
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.configModule
];
specialArgs = {inherit self inputs;};
};
catarina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.configModule
];
specialArgs = {inherit self;};
};
}; };
inputs = { nixosModules =
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; lib.importNamedModules
home-manager = { (import ./nixosModules {
url = "github:nix-community/home-manager"; lib = nixpkgs.lib;
inputs.nixpkgs.follows = "nixpkgs"; self = self;
}; })
nixos-mailserver = { .modules;
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs"; templates = {
}; rust = {
sops-nix = { path = ./templates/rust;
url = "github:Mic92/sops-nix"; description = "Basic Rust template";
inputs.nixpkgs.follows = "nixpkgs"; };
};
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
catppuccin = {
url = "github:catppuccin/nix";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
};
obs-image-reaction = {
url = "github:L-Nafaryus/obs-image-reaction";
};
}; };
outputs = { self, nixpkgs, home-manager, nixos-mailserver, sops-nix, crane, fenix, catppuccin, oscuro, ... } @ inputs: packages = import ./packages {inherit self inputs;};
let
lib = import ./lib { inherit (nixpkgs) lib; };
in {
inherit lib;
nixosConfigurations = {
astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
self.nixosModules.bonfire
self.nixosModules.spoofdpi
(import ./nixosModules { lib = nixpkgs.lib; self = self; }).configModule
];
specialArgs = { inherit self inputs; };
};
catarina = nixpkgs.lib.nixosSystem { apps = import ./apps {inherit self nixpkgs;};
system = "x86_64-linux";
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
(import ./nixosModules { lib = nixpkgs.lib; self = self; }).configModule
];
specialArgs = { inherit self; };
};
};
nixosModules = lib.importNamedModules (import ./nixosModules { lib = nixpkgs.lib; self = self; }).modules; devShells = import ./devShells {inherit self nixpkgs;};
templates = { configurations = import ./configurations {inherit self inputs;};
rust = {
path = ./templates/rust;
description = "Basic Rust template";
};
};
packages = import ./packages { inherit self nixpkgs; }; hydraJobs = {
inherit (self) packages;
apps = import ./apps { inherit self nixpkgs; };
devShells = import ./devShells { inherit self nixpkgs; };
}; };
};
} }

22
lib/default.nix
View File

@ -1,17 +1,17 @@
{ lib, ... }: {lib, ...}: rec {
rec { maintainers = import ./maintainers.nix;
maintainers = import ./maintainers.nix;
moduleName = path: if builtins.baseNameOf (toString path) == "default.nix" then moduleName = path:
builtins.baseNameOf (lib.removeSuffix "/default.nix" (toString path)) if builtins.baseNameOf (toString path) == "default.nix"
else then builtins.baseNameOf (lib.removeSuffix "/default.nix" (toString path))
builtins.baseNameOf (lib.removeSuffix ".nix" (toString path)); else builtins.baseNameOf (lib.removeSuffix ".nix" (toString path));
moduleNames = pathList: map (path: moduleName path) pathList; moduleNames = pathList: map (path: moduleName path) pathList;
importModules = pathList: map (path: import path) pathList; importModules = pathList: map (path: import path) pathList;
importNamedModules = pathList: lib.listToAttrs ( importNamedModules = pathList:
lib.zipListsWith (name: value: { inherit name value; }) (moduleNames pathList) (importModules pathList) lib.listToAttrs (
lib.zipListsWith (name: value: {inherit name value;}) (moduleNames pathList) (importModules pathList)
); );
} }

12
lib/maintainers.nix
View File

@ -1,8 +1,8 @@
{ {
L-Nafaryus = { L-Nafaryus = {
email = "l.nafaryus@elnafo.ru"; email = "l.nafaryus@elnafo.ru";
github = "L-Nafaryus"; github = "L-Nafaryus";
githubId = 37117584; githubId = 37117584;
name = "L-Nafaryus"; name = "L-Nafaryus";
}; };
} }

372
nixosConfigurations/astora/default.nix
View File

@ -1,200 +1,204 @@
{ pkgs, lib, config, ... }:
{ {
system.stateVersion = "23.11"; pkgs,
lib,
config,
...
}: {
system.stateVersion = "23.11";
imports = [ ./hardware.nix ./users.nix ]; imports = [./hardware.nix ./users.nix];
# Nix settings # Nix settings
nix = { nix = {
settings = { settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" ]; experimental-features = ["nix-command" "flakes" "repl-flake"];
trusted-users = [ "l-nafaryus" ]; trusted-users = ["l-nafaryus"];
allowed-users = [ "l-nafaryus" ]; allowed-users = ["l-nafaryus"];
substituters = [ "https://nix-community.cachix.org" ]; substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
auto-optimise-store = true; auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
}; };
gc = {
# Nix packages automatic = lib.mkDefault true;
nixpkgs = { dates = lib.mkDefault "weekly";
hostPlatform = lib.mkDefault "x86_64-linux"; options = lib.mkDefault "--delete-older-than 7d";
config.allowUnfree = true;
config.cudaSupport = false;
overlays = [
(final: prev: {
blender = prev.blender.override { cudaSupport = true; };
})
];
}; };
};
# Services # Nix packages
services.xserver = { nixpkgs = {
enable = true; hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
xkb = { config.cudaSupport = false;
layout = "us";
variant = "";
};
videoDrivers = [ "nvidia" ];
#displayManager.gdm = { overlays = [
# enable = true; (final: prev: {
# autoSuspend = false; blender = prev.blender.override {cudaSupport = true;};
# wayland = true; })
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.udev = {
packages = with pkgs; [ gnome.gnome-settings-daemon ];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [ "/" ];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
]; ];
};
programs = { # Services
fish.enable = true; services.xserver = {
enable = true;
neovim = { xkb = {
enable = true; layout = "us";
defaultEditor = true; variant = "";
};
}; };
programs.ssh.extraConfig = '' videoDrivers = ["nvidia"];
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina #displayManager.gdm = {
HostName 192.168.156.102 # enable = true;
Port 22 # autoSuspend = false;
User l-nafaryus # wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
''; '';
in {
programs.direnv.enable = true; enable = true;
settings = {
fonts.packages = with pkgs; [ nerdfonts ]; default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
programs.steam.enable = true; user = "greeter";
systemd.extraConfig = "DefaultLimitNOFILE=1048576"; };
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
}; };
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.udev = {
packages = with pkgs; [gnome.gnome-settings-daemon];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = ["/"];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerdfonts];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
};
} }

403
nixosConfigurations/astora/hardware.nix
View File

@ -1,202 +1,237 @@
{ config, lib, ... }:
{ {
# Boot config,
boot = { lib,
loader.systemd-boot.enable = true; ...
loader.systemd-boot.configurationLimit = 5; }: {
loader.efi.canTouchEfiVariables = true; # Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true; tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [ ]; initrd.kernelModules = [];
kernelModules = [ "kvm-amd" "tcp_bbr" "coretemp" "nct6775" ]; kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
extraModprobeConfig = '' extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1 options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
''; '';
kernelParams = [ "threadirqs" ]; kernelParams = ["threadirqs"];
kernel.sysctl = { kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the # The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands. # system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern. # Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0; "kernel.sysrq" = 0;
## TCP hardening ## TCP hardening
# Prevent bogus ICMP errors from filling up logs. # Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1; "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of # Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing. # packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1; "net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets # Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0; "net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects # Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations) # Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0; "net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0; "net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0; "net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0; "net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0; "net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0; "net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks # Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1; "net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination # Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1; "net.ipv4.tcp_rfc1337" = 1;
## TCP optimization ## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing # TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for # data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections: # both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3; "net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency # Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
}; };
};
# Security
security = {
protectKernelImage = true;
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
polkit.enable = true;
};
users.users.root.initialPassword = "nixos";
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
}; };
# Security "/boot" = {
security = { device = "/dev/disk/by-label/boot";
protectKernelImage = true; fsType = "vfat";
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; }
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; }
{ domain = "*"; item = "nofile"; type = "-"; value = "524288"; }
{ domain = "*"; item = "memlock"; type = "-"; value = "524288"; }
];
polkit.enable = true;
}; };
users.users.root.initialPassword = "nixos"; "/nix" = {
device = "/dev/disk/by-label/nixos";
# Filesystem fsType = "btrfs";
fileSystems = { options = ["subvol=nix" "compress=zstd" "noatime"];
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = [ "subvol=steam-library" "compress=zstd" ];
};
"/media/lutris" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = [ "subvol=lutris" "compress=zstd" ];
};
}; };
swapDevices = [ "/home" = {
{ device = "/swap/swapfile"; } device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = ["subvol=steam-library" "compress=zstd"];
};
"/media/lutris" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = ["subvol=lutris" "compress=zstd"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.nvidiaSettings = true;
nvidia.modesetting.enable = true;
graphics.enable = true;
graphics.enable32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = ["interface-name:ve-*"];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [80 443];
trustedInterfaces = ["ve-+"];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = ["ve-+"];
};
interfaces.wlo1.ipv4.addresses = [
{
address = "192.168.156.101";
prefixLength = 24;
}
]; ];
services.fstrim.enable = true; defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
# Hardware etc # Common
hardware = { time.timeZone = "Asia/Yekaterinburg";
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; i18n = {
defaultLocale = "en_US.UTF-8";
nvidia.nvidiaSettings = true; extraLocaleSettings = {
nvidia.modesetting.enable = true; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
opengl.enable = true; LC_MEASUREMENT = "en_US.UTF-8";
opengl.driSupport32Bit = true; LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
bluetooth.enable = true; LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
pulseaudio.enable = false; LC_TELEPHONE = "en_US.UTF-8";
}; LC_TIME = "en_US.UTF-8";
sound.enable = true;
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = [ "interface-name:ve-*" ];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "ve-+" ];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = [ "ve-+" ];
};
interfaces.wlo1.ipv4.addresses = [ {
address = "192.168.156.101";
prefixLength = 24;
} ];
defaultGateway = "192.168.156.1";
nameservers = [ "192.168.156.1" "8.8.8.8" ];
};
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}; };
};
} }

788
nixosConfigurations/astora/users.nix
View File

@ -1,311 +1,551 @@
{ config, pkgs, lib, self, inputs, ... }:
{ {
# Users config,
users.users.l-nafaryus = { pkgs,
isNormalUser = true; lib,
description = "L-Nafaryus"; self,
extraGroups = [ "networkmanager" "wheel" "audio" "libvirtd" "input" ]; inputs,
group = "users"; ...
uid = 1000; }: {
initialPassword = "nixos"; # Users
shell = pkgs.fish; users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
inputs.catppuccin.homeManagerModules.catppuccin
];
home.packages = with pkgs; [
#gnupg
git
nnn
pass
taskwarrior
#tmux
gparted
xclip
(firefox.override {nativeMessagingHosts = [passff-host];})
thunderbird
discord
pipewire.jack # pw-jack
carla
qpwgraph
wireplumber
yabridge
yabridgectl
lutris
wine
winetricks
gamemode
vlc
lollypop
gimp
inkscape
imagemagick
blender
ardour
olive-editor
openshot-qt
musescore
# soundux # unmaintained
losslesscut-bin
yt-dlp
ffmpeg
calf
zynaddsubfx
lsp-plugins
x42-plugins
cardinal
gxplugins-lv2
xtuner
aether-lv2
qbittorrent
transmission_3-qt
telegram-desktop
onlyoffice-bin
jdk
self.packages.${pkgs.system}.ultimmc
liberation_ttf
steamtinkerlaunch
eww
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
(python3.withPackages (p: [p.click]))
mangohud
gamescope
libstrangle
webcord
wl-clipboard
cliphist
tree
self.packages.${pkgs.system}.bonvim
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
}; };
home-manager.useGlobalPkgs = true; # Theme
home-manager.useUserPackages = true; catppuccin = {
home-manager.backupFileExtension = "hmbackup"; # global, for all enabled programs
enable = true;
flavor = "macchiato";
accent = "green";
};
home-manager.users.l-nafaryus = { pkgs, ... }: gtk = {
let enable = true;
hmConfig = config.home-manager.users.l-nafaryus; cursorTheme = {
in { name = "Papirus-Dark";
home.stateVersion = "23.11"; size = 16;
home.username = "l-nafaryus"; };
home.homeDirectory = "/home/l-nafaryus"; };
imports = [
inputs.catppuccin.homeManagerModules.catppuccin programs = {
# General
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins;
map (p: {
name = p.pname;
src = p.src;
}) [
fzf-fish
tide
grc
hydro
];
functions = {
fish-theme-configure = ''
tide configure \
--auto \
--style=Lean \
--prompt_colors='True color' \
--show_time='12-hour format' \
--lean_prompt_height='Two lines' \
--prompt_connection=Disconnected \
--prompt_spacing=Compact \
--icons='Many icons' \
--transient=No
'';
};
};
git = {
enable = true;
lfs.enable = true;
userName = "L-Nafaryus";
userEmail = "l.nafaryus@gmail.com";
signing = {
key = "86F1EA98B48FFB19";
signByDefault = true;
};
extraConfig = {
# ignore trends
init.defaultBranch = "master";
core = {
quotePath = false;
commitGraph = true;
whitespace = "trailing-space";
};
receive.advertisePushOptions = true;
gc.writeCommitGraph = true;
diff.submodule = "log";
};
aliases = {
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
tmux.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
};
# Graphical
alacritty = {
enable = true;
settings = {
font = {
size = 10;
};
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.alacritty.package}";
cycle = true;
extraConfig = {
show-icons = true;
disable-history = false;
};
theme = let
inherit (hmConfig.lib.formats.rasi) mkLiteral;
in {
"*" = {
border-col = mkLiteral "#a6da95";
};
window = {
border-radius = mkLiteral "5px";
};
};
};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
]; ];
home.packages = with pkgs; [ };
#gnupg };
git
nnn
pass
taskwarrior
#tmux
gparted services = {
# General
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
xclip # Graphical
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
(firefox.override { extraNativeMessagingHosts = [ passff-host ]; }) wayland.windowManager.hyprland = {
thunderbird enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
discord # Main programs
"$terminal" = "${lib.getExe hmConfig.programs.alacritty.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe pkgs.nnn}";
pipewire.jack # pw-jack monitor = [
carla "desc:$monitor2, 2560x1440@75, 0x0, auto"
qpwgraph "desc:$monitor1, 2560x1440@165, 2560x0, auto"
wireplumber "Unknown-1, disable"
yabridge
yabridgectl
lutris
wine
winetricks
gamemode
vlc
lollypop
gimp
inkscape
imagemagick
blender
ardour
olive-editor
openshot-qt
musescore
# soundux # unmaintained
losslesscut-bin
yt-dlp
ffmpeg
calf
zynaddsubfx
lsp-plugins
x42-plugins
cardinal
gxplugins-lv2
xtuner
aether-lv2
qbittorrent
transmission-qt
telegram-desktop
onlyoffice-bin
jdk
self.packages.${pkgs.system}.ultimmc
liberation_ttf
steamtinkerlaunch
eww
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
(python3.withPackages (p: [ p.click ]))
mangohud
gamescope
libstrangle
webcord
wl-clipboard
cliphist
tree
]; ];
xdg.portal = { exec-once = [
enable = true; "eww daemon"
configPackages = with pkgs; [ "nm-applet --indicator &"
#xdg-desktop-portal-wlr "blueman-applet &"
xdg-desktop-portal-hyprland "wl-gammarelay-rs run &"
]; "systemctl --user start hypridle"
extraPortals = with pkgs; [ "wl-paste --type text --watch cliphist store" #Stores only text data
xdg-desktop-portal-gtk "wl-paste --type image --watch cliphist store" #Stores only image data
]; "swww-daemon & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160.png & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160a.gif"
];
env = [
"XCURSOR_SIZE,16"
"HYPRCURSOR_SIZE,16"
"WLR_DRM_NO_ATOMIC,1"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
}; };
decoration = {
catppuccin = { rounding = 5;
# global, for all enabled programs
enable = true; # Change transparency of focused and unfocused windows
flavor = "macchiato"; active_opacity = 1.0;
accent = "green"; inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
}; };
gtk = { # See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
enable = true; master = {
cursorTheme = { new_status = "master";
name = "Papirus-Dark";
size = 16;
};
}; };
programs = { # https://wiki.hyprland.org/Configuring/Variables/#misc
fish = { misc = {
enable = true; force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
interactiveShellInit = '' disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
set fish_greeting };
''; input = {
plugins = with pkgs.fishPlugins; map (p: { name = p.pname; src = p.src; }) [ kb_layout = "us,ru";
fzf-fish
tide # tide configure --auto --style=Lean --prompt_colors='True color' --show_time='12-hour format' --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Many icons' --transient=No
grc
hydro
];
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
tmux.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
};
alacritty = { follow_mouse = 1;
enable = true;
settings = {
font = {
size = 10;
};
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.alacritty.package}";
cycle = true;
extraConfig = {
show-icons = true;
disable-history = false;
};
theme = let inherit (hmConfig.lib.formats.rasi) mkLiteral; in {
"*" = {
border-col = mkLiteral "#a6da95";
};
window = {
border-radius = mkLiteral "5px";
};
};
};
obs-studio = { sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
enable = true;
plugins = with pkgs.obs-studio-plugins; [ touchpad = {
obs-vkcapture natural_scroll = false;
input-overlay };
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
};
}; };
services = { # https://wiki.hyprland.org/Configuring/Variables/#gestures
gpg-agent = { gestures = {
enable = true; workspace_swipe = false;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
}; };
# --- windowrulev2 = [
xdg = { "suppressevent maximize, class:.*" # You'll probably like this.
enable = true; "float, class:^(steam_app.*)$"
mime.enable = true; "immediate, class:^(steam_app.*)$"
userDirs.enable = true; "float, class:^(steam_proton.*)$"
}; ];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, P, exec, eww open --toggle basemenu"
dconf.settings = { "SUPER, C, killactive,"
"org/virt-manager/virt-manager/connections" = { "SUPER, M, exit,"
autoconnect = [ "qemu:///system" ]; "SUPER, V, togglefloating,"
uris = [ "qemu:///system" ]; "SUPER, F, fullscreen,"
}; "SUPER, J, togglesplit," # dwindle
};
home.sessionVariables = { # Move focus with mainMod + arrow keys
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots"; "SUPER, left, movefocus, l"
}; "SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
home.file = { # Switch workspaces with mainMod + [0-9]
#"gnupg/gpg-agent.conf".text = '' "SUPER, 1, workspace, 1"
# default-cache-ttl 3600 "SUPER, 2, workspace, 2"
# pinentry-program ${pkgs.pinentry.gtk2}/bin/pinentry "SUPER, 3, workspace, 3"
#''; "SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
".config/git/config".source = "${config.bonfire.configDir}/git/config"; # Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
".config/nvim" = { "SUPER SHIFT, 2, movetoworkspace, 2"
source = "${config.bonfire.configDir}/nvim"; "SUPER SHIFT, 3, movetoworkspace, 3"
recursive = true; "SUPER SHIFT, 4, movetoworkspace, 4"
}; "SUPER SHIFT, 5, movetoworkspace, 5"
}; "SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot -m region"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
}; };
#programs.gnupg.agent = { # XDG
# enable = true; xdg = {
# enableSSHSupport = true; enable = true;
# pinentryPackage = pkgs.pinentry-gnome3; mime.enable = true;
#}; userDirs.enable = true;
environment.variables = let
makePluginPath = name: (lib.makeSearchPath name [
"/etc/profiles/per-user/$USER/lib"
"/run/current-system/sw/lib"
"$HOME/.nix-profile/lib"
]) + ":$HOME/.${name}";
in {
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
}; };
environment.sessionVariables = { # dconf
# hint electron applications to use wayland dconf.settings = {
NIXOS_OZONE_WL = "1"; "org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
}; };
systemd.user.extraConfig = "DefaultLimitNOFILE=524288"; home.sessionVariables = {
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots";
};
};
programs.virt-manager.enable = true; environment.variables = let
makePluginPath = name:
(lib.makeSearchPath name [
"/etc/profiles/per-user/$USER/lib"
"/run/current-system/sw/lib"
"$HOME/.nix-profile/lib"
])
+ ":$HOME/.${name}";
in {
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
# Services
services.spoofdpi.enable = true; programs.virt-manager.enable = true;
# Services
services.spoofdpi.enable = true;
} }

510
nixosConfigurations/catarina/default.nix
View File

@ -1,259 +1,285 @@
{ config, pkgs, lib, self, ... }: {
let bonfire-pkgs = self.packages.${pkgs.system}; config,
pkgs,
lib,
self,
...
}: let
bonfire-pkgs = self.packages.${pkgs.system};
in { in {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
imports = [ imports = [
./hardware.nix ./hardware.nix
./users.nix ./users.nix
./services/papermc.nix # ./services/papermc.nix # disabled
./services/gitea.nix ./services/gitea.nix
];
# Nix settings
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus" "hydra"];
substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
allowed-uris = [
"github:"
"git+https://github.com/"
"git+ssh://github.com/"
"git+https://vcs.elnafo.ru/"
"git+ssh://vcs.elnafo.ru/"
];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 14d";
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
};
# Services
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.blueman.enable = true;
services.fail2ban = {
enable = true;
maxretry = 12;
ignoreIP = [
"192.168.0.0/16"
]; ];
bantime = "3h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h";
overalljails = true;
};
};
# Nix settings bonfire.withSecrets = true;
nix = { sops = config.bonfire.secrets.catarina.sops;
settings = {
experimental-features = [ "nix-command" "flakes" ]; security.acme = {
trusted-users = [ "l-nafaryus" ]; acceptTerms = true;
allowed-users = [ "l-nafaryus" ]; defaults.email = "l.nafaryus@elnafo.ru";
substituters = [ "https://nix-community.cachix.org" ]; defaults.group = "nginx";
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" certs = {
]; "elnafo.ru" = {
auto-optimise-store = true; extraDomainNames = ["*.elnafo.ru"];
}; dnsProvider = "webnames";
gc = { credentialsFile = config.sops.secrets."dns".path;
automatic = lib.mkDefault true; webroot = null;
dates = lib.mkDefault "weekly"; };
options = lib.mkDefault "--delete-older-than 14d"; };
};
services.nginx = {
enable = true;
package = pkgs.nginx.override {withMail = true;};
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "5G";
virtualHosts = {
"elnafo.ru" = {
forceSSL = true;
enableACME = true;
root = "/var/www";
};
"www.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
globalRedirect = "elnafo.ru";
};
"bonfire.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "${bonfire-pkgs.bonfire-docs}";
};
"hydra.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
};
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = ["elnafo.ru"];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
localDnsResolver = true;
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.spoofdpi.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = ["/"];
};
services.btrbk = {
instances."catarina" = {
onCalendar = "daily";
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "14d";
snapshot_dir = "/media/btrbk-snapshots";
target_preserve_min = "no";
target_preserve = "14d 8w *m";
volume."/" = {
target = "/media/btrbk-backups";
subvolume = {
"var/lib/gitea" = {};
"var/lib/postgresql" = {};
"var/lib/postfix" = {};
"var/vmail" = {};
};
}; };
};
}; };
};
# Nix packages services.transmission = {
nixpkgs = { enable = true;
hostPlatform = lib.mkDefault "x86_64-linux"; openRPCPort = true;
config.allowUnfree = true; settings = {
config.cudaSupport = false; rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.156.101";
config.packageOverrides = super: { download-dir = "/media/storage/downloads";
lego = bonfire-pkgs.lego; incomplete-dir = "/media/storage/downloads/incomplete";
};
}; };
};
# Services services.oscuro = {
services.printing.enable = true; enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
services.pipewire = { virtualisation = {
enable = true; containers.enable = true;
alsa.enable = true;
alsa.support32Bit = true; podman = {
pulse.enable = true; enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
}; };
};
services.openssh = { services.hydra = {
enable = true; enable = true;
startWhenNeeded = true; listenHost = "127.0.0.1";
settings.PasswordAuthentication = false; port = 3000;
settings.KbdInteractiveAuthentication = false; hydraURL = "http://127.0.0.1:3000";
smtpHost = "elnafo.ru";
useSubstitutes = true;
notificationSender = "hydra@elnafo.ru";
buildMachinesFiles = [];
};
# Packages
environment.systemPackages = with pkgs; [
wget
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
git
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
gnupg
nnn
htop
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
}; };
};
services.blueman.enable = true; programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
services.fail2ban = { Host catarina
enable = true; HostName 192.168.156.102
maxretry = 12; Port 22
ignoreIP = [ User l-nafaryus
"192.168.0.0/16" '';
];
bantime = "3h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h";
overalljails = true;
};
};
bonfire.withSecrets = true; programs.direnv.enable = true;
sops = config.bonfire.secrets.catarina.sops;
security.acme = {
acceptTerms = true;
defaults.email = "l.nafaryus@elnafo.ru";
defaults.group = "nginx";
certs = {
"elnafo.ru" = {
extraDomainNames = [ "*.elnafo.ru" ];
dnsProvider = "webnames";
credentialsFile = config.sops.secrets."dns".path;
webroot = null;
};
};
};
services.nginx = {
enable = true;
package = pkgs.nginx.override { withMail = true; };
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "5G";
virtualHosts = {
"elnafo.ru" = {
forceSSL = true;
enableACME = true;
root = "/var/www";
};
"www.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
globalRedirect = "elnafo.ru";
};
"bonfire.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "${bonfire-pkgs.bonfire-docs}";
};
};
};
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = [ "elnafo.ru" ];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
localDnsResolver = true;
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.spoofdpi.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [ "/" ];
};
services.btrbk = {
instances."catarina" = {
onCalendar = "daily";
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "14d";
snapshot_dir = "/media/btrbk-snapshots";
target_preserve_min = "no";
target_preserve = "14d 8w *m";
volume."/" = {
target = "/media/btrbk-backups";
subvolume = {
"var/lib/gitea" = {};
"var/lib/postgresql" = {};
"var/lib/postfix" = {};
"var/vmail" = {};
};
};
};
};
};
services.transmission = {
enable = true;
openRPCPort = true;
settings = {
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.156.101";
download-dir = "/media/storage/downloads";
incomplete-dir = "/media/storage/downloads/incomplete";
};
};
services.oscuro = {
enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
# Packages
environment.systemPackages = with pkgs; [
wget
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
git
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
gnupg
nnn
htop
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
programs.direnv.enable = true;
} }

311
nixosConfigurations/catarina/hardware.nix
View File

@ -1,171 +1,176 @@
{ config, lib, ... }:
{ {
# Boot config,
boot = { lib,
loader.systemd-boot.enable = true; ...
loader.systemd-boot.configurationLimit = 5; }: {
loader.efi.canTouchEfiVariables = true; # Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true; tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; initrd.availableKernelModules = ["nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
initrd.kernelModules = [ ]; initrd.kernelModules = [];
kernelModules = [ "kvm-intel" "tcp_bbr" "coretemp" "nct6775" ]; kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
kernelParams = [ "threadirqs" ]; kernelParams = ["threadirqs"];
kernel.sysctl = { kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the # The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands. # system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern. # Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0; "kernel.sysrq" = 0;
## TCP hardening ## TCP hardening
# Prevent bogus ICMP errors from filling up logs. # Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1; "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of # Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing. # packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1; "net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets # Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0; "net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects # Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations) # Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0; "net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0; "net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0; "net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0; "net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0; "net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0; "net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks # Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1; "net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination # Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1; "net.ipv4.tcp_rfc1337" = 1;
## TCP optimization ## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing # TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for # data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections: # both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3; "net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency # Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
}; };
};
# Security
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
};
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
}; };
# Security "/nix" = {
security = { device = "/dev/disk/by-label/nixos";
protectKernelImage = true; fsType = "btrfs";
sudo.extraConfig = ''Defaults timestamp_timeout=30''; options = ["subvol=nix" "compress=zstd" "noatime"];
rtkit.enable = true;
}; };
# Filesystem "/home" = {
fileSystems = { device = "/dev/disk/by-label/nixos";
"/" = { fsType = "btrfs";
device = "/dev/disk/by-label/nixos"; options = ["subvol=home" "compress=zstd"];
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
"/media/storage" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=storage" "nofail" "compress=zstd" ];
};
"/media/btrbk-backups" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=btrbk-backups" "nofail" "compress=zstd" ];
};
}; };
swapDevices = [ "/boot" = {
{ device = "/swap/swapfile"; } device = "/dev/disk/by-label/boot";
]; fsType = "vfat";
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
pulseaudio.enable = false;
}; };
sound.enable = true; "/swap" = {
device = "/dev/disk/by-label/nixos";
networking = { fsType = "btrfs";
networkmanager.enable = true; options = ["subvol=swap" "noatime"];
useDHCP = false;
hostName = "catarina";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 3001 25600 8080 8085 ];
};
interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "192.168.156.102";
prefixLength = 24;
} ];
};
defaultGateway = "192.168.156.1";
nameservers = [ "192.168.156.1" "8.8.8.8" ];
}; };
services.logind.lidSwitchExternalPower = "ignore"; "/media/storage" = {
device = "/dev/disk/by-label/storage";
# Common fsType = "btrfs";
time.timeZone = "Asia/Yekaterinburg"; options = ["subvol=storage" "nofail" "compress=zstd"];
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
}; };
"/media/btrbk-backups" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = ["subvol=btrbk-backups" "nofail" "compress=zstd"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
useDHCP = false;
hostName = "catarina";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [80 443 3001 25600 8080 8085];
};
interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.156.102";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
services.logind.lidSwitchExternalPower = "ignore";
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
} }

206
nixosConfigurations/catarina/services/gitea.nix
View File

@ -1,107 +1,105 @@
{ config, ... }: {config, ...}: {
{ services.postgresql = {
services.postgresql = { enable = true;
authentication = ''
# Type Database DB-User Auth-Method Ident-Map(optional)
local git all ident map=gitea-users
'';
identMap = ''
# MapName System-User DB-User
gitea-users git git
'';
ensureDatabases = ["git"];
};
services.gitea = {
enable = true;
user = "git";
group = "gitea";
stateDir = "/var/lib/gitea";
settings = {
server = {
DOMAIN = "vcs.elnafo.ru";
ROOT_URL = "https://vcs.elnafo.ru/";
HTTP_ADDRESS = "127.0.0.1";
HTTP_PORT = 3001;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
FROM = "Elnafo VCS <git@elnafo.ru>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git@elnafo.ru";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = {
type = "postgres";
passwordFile = config.sops.secrets."database/git".path;
name = "git";
user = "git";
};
lfs.enable = true;
appName = "Elnafo VCS";
};
users.users.${config.services.gitea.user} = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
extraGroups = ["nginx"];
isSystemUser = true;
};
services.nginx.virtualHosts."vcs.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001";
};
services.gitea-actions-runner = {
instances = {
master = {
enable = true; enable = true;
authentication = '' name = "master";
# Type Database DB-User Auth-Method Ident-Map(optional) url = config.services.gitea.settings.server.ROOT_URL;
local git all ident map=gitea-users tokenFile = config.sops.secrets."gitea-runner/master-token".path;
''; labels = [
identMap = '' "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# MapName System-User DB-User "nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
gitea-users git git "nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
''; ];
ensureDatabases = [ "git" ]; settings.container.network = "host";
};
}; };
};
services.gitea = {
enable = true;
user = "git";
group = "gitea";
stateDir = "/var/lib/gitea";
settings = {
server = {
DOMAIN = "vcs.elnafo.ru";
ROOT_URL = "https://vcs.elnafo.ru/";
HTTP_ADDRESS = "127.0.0.1";
HTTP_PORT = 3001;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
FROM = "Elnafo VCS <git@elnafo.ru>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git@elnafo.ru";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = {
type = "postgres";
passwordFile = config.sops.secrets."database/git".path;
name = "git";
user = "git";
};
lfs.enable = true;
appName = "Elnafo VCS";
};
users.users.${config.services.gitea.user} = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
extraGroups = [ "nginx" ];
isSystemUser = true;
};
services.nginx.virtualHosts."vcs.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001";
};
services.gitea-actions-runner = {
instances = {
master = {
enable = true;
name = "master";
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."gitea-runner/master-token".path;
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
"nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
];
settings.container.network = "host";
};
};
};
} }

423
nixosConfigurations/catarina/services/papermc.nix
View File

@ -1,231 +1,246 @@
{ config, lib, pkgs, ... }: {
let config,
inherit (pkgs) stdenv fetchurl; lib,
pkgs,
...
}: let
inherit (pkgs) stdenv fetchurl;
playerlist = [ playerlist = [
{ {
name = "L_Nafaryus"; name = "L_Nafaryus";
uuid = "02c47438-79eb-3938-b5e0-d7c03cb5709f"; uuid = "02c47438-79eb-3938-b5e0-d7c03cb5709f";
level = 4; level = 4;
} }
{ {
name = "AfroPriest"; name = "AfroPriest";
uuid = "6fa9251d-11a5-33ad-ada3-312f0632eab1"; uuid = "6fa9251d-11a5-33ad-ada3-312f0632eab1";
level = 3; level = 3;
} }
{ {
name = "DiAlteri"; name = "DiAlteri";
uuid = "0a278f5c-7192-30c8-aa2f-af157c348009"; uuid = "0a278f5c-7192-30c8-aa2f-af157c348009";
level = 3; level = 3;
} }
]; ];
operators = lib.filter (player: player.level > 0) playerlist; operators = lib.filter (player: player.level > 0) playerlist;
whitelist = map (player: removeAttrs player [ "level" ]) playerlist; whitelist = map (player: removeAttrs player ["level"]) playerlist;
# Plugins # Plugins
passky = stdenv.mkDerivation rec { passky = stdenv.mkDerivation rec {
pname = "Passky"; pname = "Passky";
version = "2.1.1"; version = "2.1.1";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Black1_TV/Passky/versions/${version}/PAPER/Passky-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/Black1_TV/Passky/versions/${version}/PAPER/Passky-${version}.jar";
hash = "sha256-D5NpFrkGLgZNMS5WlMRM3Uv07hPsI9Hdsii2whTAZ2o="; hash = "sha256-D5NpFrkGLgZNMS5WlMRM3Uv07hPsI9Hdsii2whTAZ2o=";
};
meta.homepage = "https://hangar.papermc.io/Black1_TV/Passky";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/Black1_TV/Passky";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
grimAnticheat = stdenv.mkDerivation rec { grimAnticheat = stdenv.mkDerivation rec {
pname = "GrimAC"; pname = "GrimAC";
version = "2.3.46"; version = "2.3.46";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/GrimAnticheat/GrimAnticheat/versions/${version}/PAPER/grimac-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/GrimAnticheat/GrimAnticheat/versions/${version}/PAPER/grimac-${version}.jar";
hash = "sha256-tG8pBDMU4N/Ijn5RfdsQrtY4/gEhN1wEDCopqOSIqB4="; hash = "sha256-tG8pBDMU4N/Ijn5RfdsQrtY4/gEhN1wEDCopqOSIqB4=";
};
meta.homepage = "https://hangar.papermc.io/GrimAnticheat/GrimAnticheat";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/GrimAnticheat/GrimAnticheat";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
viaVersion = stdenv.mkDerivation rec { viaVersion = stdenv.mkDerivation rec {
pname = "ViaVersion"; pname = "ViaVersion";
version = "4.9.2"; version = "4.9.2";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/ViaVersion/ViaVersion/versions/${version}/PAPER/ViaVersion-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/ViaVersion/ViaVersion/versions/${version}/PAPER/ViaVersion-${version}.jar";
hash = "sha256-dvcyqCpIjArKCnUAD/L+lG/5gRQ9fLMKcl/+o8sLmYs="; hash = "sha256-dvcyqCpIjArKCnUAD/L+lG/5gRQ9fLMKcl/+o8sLmYs=";
};
meta.homepage = "https://hangar.papermc.io/ViaVersion/ViaVersion";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/ViaVersion/ViaVersion";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
directionHUD = stdenv.mkDerivation rec { directionHUD = stdenv.mkDerivation rec {
pname = "DirectionHUD"; pname = "DirectionHUD";
version = "1.2.2"; version = "1.2.2";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/other/DirectionHUD/versions/${version}%2B1.18-1.20.2/PAPER/directionhud-spigot-${version}%2B1.18-1.20.2.jar"; url = "https://hangarcdn.papermc.io/plugins/other/DirectionHUD/versions/${version}%2B1.18-1.20.2/PAPER/directionhud-spigot-${version}%2B1.18-1.20.2.jar";
hash = "sha256-F+86Q58+3VoqNoD8P38bu8u1Hx8Si0lxNXZnF/R4hAg="; hash = "sha256-F+86Q58+3VoqNoD8P38bu8u1Hx8Si0lxNXZnF/R4hAg=";
};
meta.homepage = "https://hangar.papermc.io/other/DirectionHUD";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/other/DirectionHUD";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
miniMOTD = stdenv.mkDerivation rec { miniMOTD = stdenv.mkDerivation rec {
pname = "MiniMOTD"; pname = "MiniMOTD";
version = "2.0.14"; version = "2.0.14";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/MiniMOTD/versions/${version}/PAPER/minimotd-bukkit-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/jmp/MiniMOTD/versions/${version}/PAPER/minimotd-bukkit-${version}.jar";
hash = "sha256-d7l/pZGxteS2A9c9PIZASDTACGev8HY5SHZRvcxBc5A="; hash = "sha256-d7l/pZGxteS2A9c9PIZASDTACGev8HY5SHZRvcxBc5A=";
};
meta.homepage = "https://hangar.papermc.io/jmp/MiniMOTD";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/jmp/MiniMOTD";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
skinsRestorer = stdenv.mkDerivation rec { skinsRestorer = stdenv.mkDerivation rec {
pname = "SkinsRestorer"; pname = "SkinsRestorer";
version = "15.0.2"; version = "15.0.2";
src = fetchurl { src = fetchurl {
url = "https://github.com/SkinsRestorer/SkinsRestorerX/releases/download/${version}/SkinsRestorer.jar"; url = "https://github.com/SkinsRestorer/SkinsRestorerX/releases/download/${version}/SkinsRestorer.jar";
hash = "sha256-fhAegFtl22xKXMi5MbsXCYOjbfqOlQTnILoEJxCDbkc="; hash = "sha256-fhAegFtl22xKXMi5MbsXCYOjbfqOlQTnILoEJxCDbkc=";
};
meta.homepage = "https://hangar.papermc.io/SRTeam/SkinsRestorer";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/SRTeam/SkinsRestorer";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
squaremap = stdenv.mkDerivation rec { squaremap = stdenv.mkDerivation rec {
pname = "squaremap"; pname = "squaremap";
version = "1.2.2"; version = "1.2.2";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/squaremap/versions/${version}/PAPER/squaremap-paper-mc1.20.2-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/jmp/squaremap/versions/${version}/PAPER/squaremap-paper-mc1.20.2-${version}.jar";
hash = "sha256-Z8AWzZLlZavF8YYs1kslhtCvzq5fZ7O97mTx3hCgj78="; hash = "sha256-Z8AWzZLlZavF8YYs1kslhtCvzq5fZ7O97mTx3hCgj78=";
};
meta.homepage = "https://hangar.papermc.io/jmp/squaremap";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/jmp/squaremap";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
stargate = stdenv.mkDerivation rec { stargate = stdenv.mkDerivation rec {
pname = "Stargate"; pname = "Stargate";
version = "0.11.5.6"; version = "0.11.5.6";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Stargate/Stargate/versions/${version}/PAPER/Stargate-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/Stargate/Stargate/versions/${version}/PAPER/Stargate-${version}.jar";
hash = "sha256-Ilz0z3juQ9c4/pUnHnvJO+PnJF1+vXBxW2pbERuEBo4="; hash = "sha256-Ilz0z3juQ9c4/pUnHnvJO+PnJF1+vXBxW2pbERuEBo4=";
};
meta.homepage = "https://hangar.papermc.io/Stargate/Stargate";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/Stargate/Stargate";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
chunky = stdenv.mkDerivation rec { chunky = stdenv.mkDerivation rec {
pname = "Chunky"; pname = "Chunky";
version = "1.3.92"; version = "1.3.92";
src = fetchurl { src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/pop4959/Chunky/versions/${version}/PAPER/Chunky-${version}.jar"; url = "https://hangarcdn.papermc.io/plugins/pop4959/Chunky/versions/${version}/PAPER/Chunky-${version}.jar";
hash = "sha256-ABHfKJK0LQI2ZLt1D83897RAnE9xWu6+34IOlwTh17w="; hash = "sha256-ABHfKJK0LQI2ZLt1D83897RAnE9xWu6+34IOlwTh17w=";
};
meta.homepage = "https://hangar.papermc.io/pop4959/Chunky";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/pop4959/Chunky";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
xclaim = stdenv.mkDerivation rec { xclaim = stdenv.mkDerivation rec {
pname = "XClaim"; pname = "XClaim";
version = "1.11.0"; version = "1.11.0";
src = fetchurl { src = fetchurl {
url = "https://github.com/WasabiThumb/xclaim/releases/download/${version}/xclaim-${version}.jar"; url = "https://github.com/WasabiThumb/xclaim/releases/download/${version}/xclaim-${version}.jar";
hash = "sha256-49R9cj1NnOx9n0yBtOj+m4V+56P4Ko/Co/LOgdhd2y4="; hash = "sha256-49R9cj1NnOx9n0yBtOj+m4V+56P4Ko/Co/LOgdhd2y4=";
};
meta.homepage = "https://hangar.papermc.io/WasabiThumbs/XClaim";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
}; };
meta.homepage = "https://hangar.papermc.io/WasabiThumbs/XClaim";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
plugins = [ plugins = [
passky grimAnticheat viaVersion directionHUD miniMOTD skinsRestorer squaremap stargate chunky xclaim passky
]; grimAnticheat
viaVersion
directionHUD
miniMOTD
skinsRestorer
squaremap
stargate
chunky
xclaim
];
in { in {
services.papermc = { services.papermc = {
enable = true; enable = true;
eula = true; eula = true;
openFirewall = true; openFirewall = true;
serverProperties = { serverProperties = {
server-port = 25565; server-port = 25565;
gamemode = "survival"; gamemode = "survival";
motd = "GoodOmens"; motd = "GoodOmens";
max-players = 10; max-players = 10;
level-seed = "66666666"; level-seed = "66666666";
enable-status = true; enable-status = true;
enforce-secure-profile = false; enforce-secure-profile = false;
difficulty = "normal"; difficulty = "normal";
online-mode = false; online-mode = false;
enable-rcon = true; enable-rcon = true;
"rcon.port" = 25600; "rcon.port" = 25600;
white-list = false; white-list = false;
};
jvmOpts = "-Xms512M -Xmx2048M";
rconPasswordFile = config.sops.secrets."papermc/rcon".path;
whitelist = whitelist;
ops = operators;
extraPreStart = ''
mkdir -p ${builtins.concatStringsSep " " (map (v: "plugins/${v.pname}") plugins)}
'' + builtins.concatStringsSep "\n" (map (v: "ln -sf ${v.outPath}/bin/${v.pname}.jar plugins/") plugins) + ''
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/main.conf plugins/MiniMOTD/
mkdir -p plugins/MiniMOTD/icons
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/icons/goodomens-logo.png plugins/MiniMOTD/icons/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/Tablist/config.yml plugins/Tablist/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/config.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/site/map/index.html plugins/squaremap/web/
'';
};
services.nginx.virtualHosts."mc.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "/var/www/goodomens";
locations."^~ /map/".proxyPass = "http://127.0.0.1:8088/";
locations."/gallery/".root = "/var/www/goodomens";
locations."/gallery/images/" = {
root = "/var/www/goodomens";
extraConfig = ''autoindex on;'';
};
}; };
jvmOpts = "-Xms512M -Xmx2048M";
rconPasswordFile = config.sops.secrets."papermc/rcon".path;
whitelist = whitelist;
ops = operators;
extraPreStart =
''
mkdir -p ${builtins.concatStringsSep " " (map (v: "plugins/${v.pname}") plugins)}
''
+ builtins.concatStringsSep "\n" (map (v: "ln -sf ${v.outPath}/bin/${v.pname}.jar plugins/") plugins)
+ ''
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/main.conf plugins/MiniMOTD/
mkdir -p plugins/MiniMOTD/icons
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/icons/goodomens-logo.png plugins/MiniMOTD/icons/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/Tablist/config.yml plugins/Tablist/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/config.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/site/map/index.html plugins/squaremap/web/
'';
};
services.nginx.virtualHosts."mc.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "/var/www/goodomens";
locations."^~ /map/".proxyPass = "http://127.0.0.1:8088/";
locations."/gallery/".root = "/var/www/goodomens";
locations."/gallery/images/" = {
root = "/var/www/goodomens";
extraConfig = ''autoindex on;'';
};
};
} }

30
nixosConfigurations/catarina/users.nix
View File

@ -1,17 +1,21 @@
{ config, pkgs, lib, ... }:
{ {
# Users config,
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path; pkgs,
lib,
...
}: {
# Users
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path;
users.users.l-nafaryus = { users.users.l-nafaryus = {
isNormalUser = true; isNormalUser = true;
description = "L-Nafaryus"; description = "L-Nafaryus";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = ["networkmanager" "wheel"];
group = "users"; group = "users";
uid = 1000; uid = 1000;
shell = pkgs.fish; shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path; hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path;
}; };
users.users.nginx.extraGroups = [ "acme" "papermc" ]; users.users.nginx.extraGroups = ["acme" "papermc"];
} }

41
nixosModules/default.nix
View File

@ -1,20 +1,27 @@
{ lib, check ? true, self, ... }: {
rec { lib,
modules = [ check ? true,
./misc/bonfire/default.nix self,
./services/papermc.nix ...
./services/qbittorrent-nox.nix }: rec {
./services/spoofdpi.nix modules = [
]; ./misc/bonfire/default.nix
./services/papermc.nix
./services/qbittorrent-nox.nix
./services/spoofdpi.nix
];
configModule = { config, pkgs, ... }: { configModule = {
config,
config = { pkgs,
# Module type checking ...
_module.check = check; }: {
#_module.args.baseModules = modules; config = {
#_module.args.pkgs = lib.mkDefault pkgs; # Module type checking
_module.args.bonpkgs = self.packages.${pkgs.system}; _module.check = check;
}; #_module.args.baseModules = modules;
#_module.args.pkgs = lib.mkDefault pkgs;
_module.args.bonpkgs = self.packages.${pkgs.system};
}; };
};
} }

84
nixosModules/misc/bonfire/default.nix
View File

@ -1,45 +1,51 @@
{ config, lib, ... }: {
with lib; config,
let cfg = config.bonfire; lib,
...
}:
with lib; let
cfg = config.bonfire;
in { in {
options = { options = {
bonfire = { bonfire = {
home = mkOption { home = mkOption {
type = types.path; type = types.path;
default = ../../../.; default = ../../../.;
description = "Bonfire root directory"; description = "Bonfire root directory";
}; };
configDir = mkOption {
type = types.path;
default = "${cfg.home}/config";
description = "Path to Bonfire static configuration files";
};
withSecrets = mkOption { configDir = mkOption {
type = types.bool; type = types.path;
default = false; default = "${cfg.home}/config";
description = "Enables the Bonfire secrets"; description = "Path to Bonfire static configuration files";
}; };
secrets = mkOption { withSecrets = mkOption {
type = types.attrs; type = types.bool;
description = "Secrets will be here after evaluation"; default = false;
default = {}; description = "Enables the Bonfire secrets";
}; };
};
secrets = mkOption {
type = types.attrs;
description = "Secrets will be here after evaluation";
default = {};
};
};
};
config = {
assertions = mkIf cfg.withSecrets [
{
assertion = builtins.pathExists ./secrets/default.nix;
message = "Missed git submodule 'bonfire-secrets'";
}
];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
}; };
config = { bonfire.secrets = mkIf cfg.withSecrets (import ./secrets {inherit config lib;});
assertions = mkIf cfg.withSecrets [{ };
assertion = (builtins.pathExists ./secrets/default.nix);
message = "Missed git submodule 'bonfire-secrets'";
}];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
};
bonfire.secrets = mkIf cfg.withSecrets (import ./secrets { inherit config; });
};
} }

80
nixosModules/misc/bonfire/secrets/default.nix
View File

@ -1,41 +1,55 @@
{ config }:
{ {
catarina = { config,
sops = { lib,
defaultSopsFile = ./catarina.yaml; }: {
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt"; catarina = {
secrets = { sops = {
"dns" = {}; defaultSopsFile = ./catarina.yaml;
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
"users/root" = { neededForUsers = true; }; secrets = {
"users/l-nafaryus" = { neededForUsers = true; }; "dns" = {};
"database/git" = { owner = "git"; group = "gitea"; }; "users/root" = {neededForUsers = true;};
"users/l-nafaryus" = {neededForUsers = true;};
"mail/l-nafaryus" = {}; "database/git" = {
"mail/git" = {}; owner = "git";
"mail/kirill" = {}; group = "gitea";
"gitea/mail" = { owner = "git"; group = "gitea"; };
"gitea-runner/master-token" = {};
"papermc/rcon" = { owner = "papermc"; group = "papermc"; };
discordToken = { owner = "oscuro"; group = "oscuro"; };
};
}; };
mailAccounts = { "mail/l-nafaryus" = {};
"l.nafaryus@elnafo.ru" = { "mail/git" = {};
hashedPasswordFile = config.sops.secrets."mail/l-nafaryus".path; "mail/kirill" = {};
aliases = [ "l-nafaryus@elnafo.ru" ];
}; "gitea/mail" = {
"kirill@elnafo.ru" = { owner = "git";
hashedPasswordFile = config.sops.secrets."mail/kirill".path; group = "gitea";
};
"git@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/git".path;
};
}; };
"gitea-runner/master-token" = {};
"papermc/rcon" = lib.mkIf config.services.papermc.enable {
owner = "papermc";
group = "papermc";
};
discordToken = {
owner = "oscuro";
group = "oscuro";
};
};
}; };
mailAccounts = {
"l.nafaryus@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/l-nafaryus".path;
aliases = ["l-nafaryus@elnafo.ru"];
};
"kirill@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/kirill".path;
};
"git@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/git".path;
};
};
};
} }

459
nixosModules/services/papermc.nix
View File

@ -1,237 +1,258 @@
{ config, lib, pkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.papermc; pkgs,
...
}:
with lib; let
cfg = config.services.papermc;
eulaFile = builtins.toFile "eula.txt" '' eulaFile = builtins.toFile "eula.txt" ''
# eula.txt managed by NixOS Configuration # eula.txt managed by NixOS Configuration
eula=true eula=true
''; '';
whitelistFile = pkgs.writeText "whitelist.json" whitelistFile =
(builtins.toJSON cfg.whitelist); pkgs.writeText "whitelist.json"
(builtins.toJSON cfg.whitelist);
opsFile = pkgs.writeText "ops.json" opsFile =
(builtins.toJSON cfg.ops); pkgs.writeText "ops.json"
(builtins.toJSON cfg.ops);
cfgToString = v: if builtins.isBool v then boolToString v else toString v; cfgToString = v:
if builtins.isBool v
then boolToString v
else toString v;
serverPropertiesFile = let serverPropertiesFile = let
serverProperties' = if (cfg.rconPasswordFile == null) then cfg.serverProperties else serverProperties' =
(removeAttrs cfg.serverProperties [ "rcon.password" ]); if (cfg.rconPasswordFile == null)
in pkgs.writeText "server.properties" ('' then cfg.serverProperties
else (removeAttrs cfg.serverProperties ["rcon.password"]);
in
pkgs.writeText "server.properties" (''
# server.properties managed by NixOS configuration # server.properties managed by NixOS configuration
'' + concatStringsSep "\n" (mapAttrsToList ''
(n: v: "${n}=${cfgToString v}") serverProperties') + + concatStringsSep "\n" (mapAttrsToList
lib.optionalString (cfg.rconPasswordFile != null) "\nrcon.password=#rconpass#"); (n: v: "${n}=${cfgToString v}")
serverProperties')
+ lib.optionalString (cfg.rconPasswordFile != null) "\nrcon.password=#rconpass#");
stopScript = pkgs.writeShellScript "minecraft-server-stop" '' stopScript = pkgs.writeShellScript "minecraft-server-stop" ''
echo stop > ${config.systemd.sockets.papermc.socketConfig.ListenFIFO} echo stop > ${config.systemd.sockets.papermc.socketConfig.ListenFIFO}
# Wait for the PID of the minecraft server to disappear before # Wait for the PID of the minecraft server to disappear before
# returning, so systemd doesn't attempt to SIGKILL it. # returning, so systemd doesn't attempt to SIGKILL it.
while kill -0 "$1" 2> /dev/null; do while kill -0 "$1" 2> /dev/null; do
sleep 1s sleep 1s
done done
''; '';
defaultServerPort = 25565; defaultServerPort = 25565;
serverPort = cfg.serverProperties.server-port or defaultServerPort; serverPort = cfg.serverProperties.server-port or defaultServerPort;
rconPort = if cfg.serverProperties.enable-rcon or false rconPort =
then cfg.serverProperties."rcon.port" or 25575 if cfg.serverProperties.enable-rcon or false
else null; then cfg.serverProperties."rcon.port" or 25575
else null;
queryPort = if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
queryPort =
if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
in { in {
options.services.papermc = { options.services.papermc = {
enable = mkEnableOption "PaperMC service"; enable = mkEnableOption "PaperMC service";
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
eula = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Whether you agree to [Mojangs EULA](https://account.mojang.com/documents/minecraft_eula). Whether to open ports in the firewall for the server.
This option must be set to `true` to run Minecraft server. '';
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/papermc";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = types.listOf types.attrs;
default = {};
description = ''
This is a mapping from Minecraft usernames to UUIDs.
'';
};
ops = mkOption {
type = types.listOf types.attrs;
description = "Whitelist with players / operators.";
default = [];
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [ bool int str ]);
default = {
"rcon.password" = mkIf (cfg.rconPasswordFile != null) "#rconpass#";
};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. See
<https://minecraft.gamepedia.com/Server.properties#Java_Edition_3>
for documentation on these values.
'';
};
rconPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to file with rcon password.";
example = "/var/lib/secrets/papermc/rconpw";
};
package = mkPackageOption pkgs "papermc" {};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
extraPreStart = mkOption {
type = types.lines;
description = "Extra shell commands for service pre-start hook.";
default = '''';
};
}; };
config = mkIf cfg.enable { eula = mkOption {
users.users.papermc = { type = types.bool;
description = "Minecraft server service user."; default = false;
home = cfg.dataDir; description = ''
createHome = true; Whether you agree to [Mojangs EULA](https://account.mojang.com/documents/minecraft_eula).
isSystemUser = true; This option must be set to `true` to run Minecraft server.
group = "papermc"; '';
};
users.groups.papermc = {};
systemd.sockets.papermc = {
bindsTo = [ "papermc.service" ];
socketConfig = {
ListenFIFO = "/run/papermc.stdin";
SocketMode = "0660";
SocketUser = "papermc";
SocketGroup = "papermc";
RemoveOnStop = true;
FlushPending = true;
};
};
systemd.services.papermc = {
description = "PaperMC Service";
wantedBy = [ "multi-user.target" ];
requires = [ "papermc.socket" ];
after = [ "network.target" "papermc.socket" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
ExecStop = "${stopScript} $MAINPID";
Restart = "always";
User = "papermc";
WorkingDirectory = cfg.dataDir;
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = let
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in ''
ln -sf ${eulaFile} eula.txt
cp -b --suffix=.stateful ${whitelistFile} whitelist.json
cp -b --suffix=.stateful ${opsFile} ops.json
cp -b --suffix=.stateful ${serverPropertiesFile} server.properties
chmod +w whitelist.json ops.json server.properties
${lib.optionalString (cfg.rconPasswordFile != null) ''
${replaceSecretBin} '#rconpass#' '${cfg.rconPasswordFile}' server.properties
''}
'' + cfg.extraPreStart;
};
networking.firewall = mkIf cfg.openFirewall ({
allowedUDPPorts = [ serverPort ];
allowedTCPPorts = [ serverPort ]
++ optional (queryPort != null) queryPort
++ optional (rconPort != null) rconPort;
});
assertions = [
{ assertion = cfg.eula;
message = "You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
}; };
dataDir = mkOption {
type = types.path;
default = "/var/lib/papermc";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = types.listOf types.attrs;
default = {};
description = ''
This is a mapping from Minecraft usernames to UUIDs.
'';
};
ops = mkOption {
type = types.listOf types.attrs;
description = "Whitelist with players / operators.";
default = [];
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [bool int str]);
default = {
"rcon.password" = mkIf (cfg.rconPasswordFile != null) "#rconpass#";
};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. See
<https://minecraft.gamepedia.com/Server.properties#Java_Edition_3>
for documentation on these values.
'';
};
rconPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to file with rcon password.";
example = "/var/lib/secrets/papermc/rconpw";
};
package = mkPackageOption pkgs "papermc" {};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example =
"-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
extraPreStart = mkOption {
type = types.lines;
description = "Extra shell commands for service pre-start hook.";
default = '''';
};
};
config = mkIf cfg.enable {
users.users.papermc = {
description = "Minecraft server service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "papermc";
};
users.groups.papermc = {};
systemd.sockets.papermc = {
bindsTo = ["papermc.service"];
socketConfig = {
ListenFIFO = "/run/papermc.stdin";
SocketMode = "0660";
SocketUser = "papermc";
SocketGroup = "papermc";
RemoveOnStop = true;
FlushPending = true;
};
};
systemd.services.papermc = {
description = "PaperMC Service";
wantedBy = ["multi-user.target"];
requires = ["papermc.socket"];
after = ["network.target" "papermc.socket"];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
ExecStop = "${stopScript} $MAINPID";
Restart = "always";
User = "papermc";
WorkingDirectory = cfg.dataDir;
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [""];
DeviceAllow = [""];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = let
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in
''
ln -sf ${eulaFile} eula.txt
cp -b --suffix=.stateful ${whitelistFile} whitelist.json
cp -b --suffix=.stateful ${opsFile} ops.json
cp -b --suffix=.stateful ${serverPropertiesFile} server.properties
chmod +w whitelist.json ops.json server.properties
${lib.optionalString (cfg.rconPasswordFile != null) ''
${replaceSecretBin} '#rconpass#' '${cfg.rconPasswordFile}' server.properties
''}
''
+ cfg.extraPreStart;
};
networking.firewall = mkIf cfg.openFirewall {
allowedUDPPorts = [serverPort];
allowedTCPPorts =
[serverPort]
++ optional (queryPort != null) queryPort
++ optional (rconPort != null) rconPort;
};
assertions = [
{
assertion = cfg.eula;
message =
"You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
};
} }

229
nixosModules/services/qbittorrent-nox.nix
View File

@ -1,119 +1,122 @@
{ config, lib, pkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.qbittorrent-nox; pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent-nox;
in { in {
options.services.qbittorrent-nox = { options.services.qbittorrent-nox = {
enable = mkEnableOption "Enables the qbittorrent-nox services."; enable = mkEnableOption "Enables the qbittorrent-nox services.";
port = mkOption rec { port = mkOption rec {
type = types.int; type = types.int;
default = 6969; default = 6969;
example = default; example = default;
description = "Torrenting port."; description = "Torrenting port.";
};
webuiPort = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "WebUI port.";
};
dataDir = mkOption rec {
type = types.path;
default = "/var/lib/qbittorrent-nox";
example = default;
description = "Directory to store qbittorrent-nox data files.";
};
user = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "User account under which qbittorrent-nox runs.";
};
group = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "Group under which qbittorrent-nox runs.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.qbittorrent-nox.port`.";
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = "The qbittorrent package to use.";
};
}; };
config = mkIf cfg.enable { webuiPort = mkOption rec {
users.users.qbittorrent-nox = { type = types.port;
description = "qbittorrent-nox service user."; default = 8080;
home = cfg.dataDir; example = default;
createHome = true; description = "WebUI port.";
isSystemUser = true;
group = "qbittorrent-nox";
};
users.groups.qbittorrent-nox = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
systemd.services.qbittorrent-nox = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/qbittorrent-nox --torrenting-port=${toString cfg.port} --webui-port=${toString cfg.webuiPort}";
Restart = "always";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
# Runtime directory and mode
RuntimeDirectory = "qbittorrent-nox";
RuntimeDirectoryMode = "0755";
# Proc filesystem
ProcSubset = "pid";
ProtectProc = "invisible";
# Access write directories
ReadWritePaths = [ cfg.dataDir ];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
}; };
dataDir = mkOption rec {
type = types.path;
default = "/var/lib/qbittorrent-nox";
example = default;
description = "Directory to store qbittorrent-nox data files.";
};
user = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "User account under which qbittorrent-nox runs.";
};
group = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "Group under which qbittorrent-nox runs.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.qbittorrent-nox.port`.";
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = "The qbittorrent package to use.";
};
};
config = mkIf cfg.enable {
users.users.qbittorrent-nox = {
description = "qbittorrent-nox service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "qbittorrent-nox";
};
users.groups.qbittorrent-nox = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent-nox = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/qbittorrent-nox --torrenting-port=${toString cfg.port} --webui-port=${toString cfg.webuiPort}";
Restart = "always";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
# Runtime directory and mode
RuntimeDirectory = "qbittorrent-nox";
RuntimeDirectoryMode = "0755";
# Proc filesystem
ProcSubset = "pid";
ProtectProc = "invisible";
# Access write directories
ReadWritePaths = [cfg.dataDir];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
};
} }

110
nixosModules/services/spoofdpi.nix
View File

@ -1,59 +1,63 @@
{ config, lib, bonpkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.spoofdpi; bonpkgs,
...
}:
with lib; let
cfg = config.services.spoofdpi;
in { in {
options.services.spoofdpi = { options.services.spoofdpi = {
enable = mkEnableOption "SpoofDPI service"; enable = mkEnableOption "SpoofDPI service";
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = bonpkgs.spoofdpi; default = bonpkgs.spoofdpi;
defaultText = literalExpression "bonpkgs.spoofdpi"; defaultText = literalExpression "bonpkgs.spoofdpi";
description = "The package to use."; description = "The package to use.";
};
address = mkOption rec {
type = types.str;
default = "127.0.0.1";
example = default;
description = "Listen address.";
};
port = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "Port.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.spoofdpi.port`.";
};
dns = mkOption rec {
type = types.str;
default = "8.8.8.8";
example = default;
description = "DNS server.";
};
}; };
config = mkIf cfg.enable { address = mkOption rec {
systemd.services.spoofdpi = { type = types.str;
wantedBy = [ "multi-user.target" ]; default = "127.0.0.1";
after = [ "network.target" ]; example = default;
serviceConfig = { description = "Listen address.";
Restart = "on-failure";
ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
DynamicUser = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
}; };
port = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "Port.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.spoofdpi.port`.";
};
dns = mkOption rec {
type = types.str;
default = "8.8.8.8";
example = default;
description = "DNS server.";
};
};
config = mkIf cfg.enable {
systemd.services.spoofdpi = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Restart = "on-failure";
ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
DynamicUser = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
};
} }

275
packages/bonfire-docs/default.nix
View File

@ -1,167 +1,196 @@
{ {
bonfire, bonfire,
lib, lib,
pkgs, pkgs,
... ...
}: }: let
let version = bonfire.shortRev or bonfire.dirtyShortRev or "unknown";
version = bonfire.shortRev or bonfire.dirtyShortRev or "unknown"; projectPath = ../../.;
projectPath = ../../.; modulesPath = ../../nixosModules;
modulesPath = ../../nixosModules;
links = [ links = [
{ {
hostname = "vcs-elnafo"; hostname = "vcs-elnafo";
url = "https://vcs.elnafo.ru/L-Nafaryus/bonfire/src/branch/master"; url = "https://vcs.elnafo.ru/L-Nafaryus/bonfire/src/branch/master";
} }
{ {
hostname = "github"; hostname = "github";
url = "https://github.com/L-Nafaryus/bonfire/blob/master"; url = "https://github.com/L-Nafaryus/bonfire/blob/master";
} }
];
formatDeclaration = declaration:
if lib.hasPrefix (toString modulesPath) (toString declaration)
then let
subpath = lib.removePrefix (toString projectPath + "/") (toString declaration);
in
map ({
hostname,
url,
}: {
url = "${url}/${subpath}";
name = "<${hostname}:bonfire/${subpath}>";
})
links
else
# skip external declarations
lib.singleton declaration;
nixosModules = import modulesPath {
inherit lib;
self = bonfire;
check = false;
};
evaluatedModules = lib.evalModules {
modules = nixosModules.modules ++ [nixosModules.configModule];
};
optionsDoc = pkgs.nixosOptionsDoc {
options = builtins.removeAttrs evaluatedModules.options [
"_module"
"system"
]; ];
formatDeclaration = declaration: transformOptions = option:
if lib.hasPrefix (toString modulesPath) (toString declaration) then option
let subpath = lib.removePrefix (toString projectPath + "/") (toString declaration); // {
in map ({ hostname, url }: { declarations = lib.unique (
url = "${url}/${subpath}"; lib.flatten (map (declaration: formatDeclaration declaration) option.declarations)
name = "<${hostname}:bonfire/${subpath}>"; ++ option.declarations
}) links );
else };
# skip external declarations documentType = "none";
lib.singleton declaration; revision = version;
};
nixosModules = (import modulesPath { inherit lib; self = bonfire; check = false; }); systems = builtins.attrNames bonfire.packages;
derivations = lib.flatten (
map (packages: (
map (name: packages.${name}) (builtins.attrNames packages)
)) (map (system: bonfire.packages.${system}) systems)
);
evaluatedModules = lib.evalModules { renderMaintainers = maintainers:
modules = nixosModules.modules ++ [ nixosModules.configModule ]; lib.concatStringsSep ", " (
}; let
maintainer = mt:
optionsDoc = pkgs.nixosOptionsDoc { if mt ? github
options = builtins.removeAttrs evaluatedModules.options [ then "[${mt.name}](https://github.com/${mt.github})"
"_module" else mt.name;
"system" email = mt:
]; if mt ? email
then "<[${mt.email}](mailto:${mt.email})>"
transformOptions = option: option // { else "";
declarations = lib.unique ( in
lib.flatten (map (declaration: formatDeclaration declaration) option.declarations) ++ map (mt: maintainer mt + email mt) maintainers
option.declarations
);
};
documentType = "none";
revision = version;
};
systems = builtins.attrNames bonfire.packages;
derivations = lib.flatten (
map (packages: (
map (name: packages.${name}) (builtins.attrNames packages)
)) (map (system: bonfire.packages.${system}) systems));
renderMaintainers = maintainers: lib.concatStringsSep ", " (
let
maintainer = mt: if mt?github then "[${mt.name}](https://github.com/${mt.github})" else mt.name;
email = mt: if mt?email then "<[${mt.email}](mailto:${mt.email})>" else "";
in map (mt: maintainer mt + email mt) maintainers
); );
renderPlatforms = platforms: if platforms != lib.platforms.none then renderPlatforms = platforms:
if platforms == lib.platforms.all then if platforms != lib.platforms.none
"all" then
else if platforms == lib.platforms.all
lib.concatStringsSep ", " (map (platform: "__${platform}__") platforms) then "all"
else lib.concatStringsSep ", " (map (platform: "__${platform}__") platforms)
else ""; else "";
renderPackage = drv: '' renderPackage = drv: ''
## ${drv.pname} ## ${drv.pname}
${lib.optionalString (drv.meta?description) drv.meta.description}
${lib.optionalString (drv.meta?homepage) "[Homepage](${drv.meta.homepage})"}
Version: __${drv.version}__ ${lib.optionalString (drv.meta ? description) drv.meta.description}
${lib.optionalString (drv.meta?license) "License: [${drv.meta.license.fullName}](${drv.meta.license.url})"} ${lib.optionalString (drv.meta ? homepage) "[Homepage](${drv.meta.homepage})"}
Outputs: ${lib.concatStringsSep ", " (map (o: "__${o}__") drv.outputs)} Version: __${drv.version}__
${lib.optionalString (drv.meta?mainProgram) "Provided programs: __${drv.meta.mainProgram}__"} ${lib.optionalString (drv.meta ? license) "License: [${drv.meta.license.fullName}](${drv.meta.license.url})"}
${lib.optionalString (drv.meta?maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"} Outputs: ${lib.concatStringsSep ", " (map (o: "__${o}__") drv.outputs)}
${lib.optionalString (drv.meta?platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"} ${lib.optionalString (drv.meta ? mainProgram) "Provided programs: __${drv.meta.mainProgram}__"}
'';
renderImage = drv: '' ${lib.optionalString (drv.meta ? maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
## ${drv.imageName}
${lib.optionalString (drv.meta?description) drv.meta.description} ${lib.optionalString (drv.meta ? platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
'';
${lib.optionalString (drv.meta?homepage) "[Homepage](${drv.meta.homepage})"}
Tag: __${drv.imageTag}__ renderImage = drv: ''
## ${drv.imageName}
${lib.optionalString (drv.fromImage != null) "From: __${drv.fromImage.imageName}__"} ${lib.optionalString (drv.meta ? description) drv.meta.description}
${lib.optionalString (drv.meta?license) "License: ${if lib.isList drv.meta.license then (map (license: "[${drv.meta.license.fullName}](${drv.meta.license.url})") drv.meta.license) else "[${drv.meta.license.fullName}](${drv.meta.license.url})"}"} ${lib.optionalString (drv.meta ? homepage) "[Homepage](${drv.meta.homepage})"}
${lib.optionalString (drv.meta?maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"} Tag: __${drv.imageTag}__
${lib.optionalString (drv.meta?platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"} ${lib.optionalString (drv.fromImage != null) "From: __${drv.fromImage.imageName}__"}
'';
packagesDoc = pkgs.writeText "packages.md" ${lib.optionalString (drv.meta ? license) "License: ${
(lib.concatStringsSep "\n" (map (drv: if lib.isList drv.meta.license
if drv?imageTag then renderImage drv else renderPackage drv) derivations)); then (map (license: "[${drv.meta.license.fullName}](${drv.meta.license.url})") drv.meta.license)
else "[${drv.meta.license.fullName}](${drv.meta.license.url})"
in }"}
pkgs.stdenvNoCC.mkDerivation {
${lib.optionalString (drv.meta ? maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta ? platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
'';
packagesDoc =
pkgs.writeText "packages.md"
(lib.concatStringsSep "\n" (map (drv:
if drv ? imageTag
then renderImage drv
else if drv ? pname
then renderPackage drv
else "")
derivations));
in
pkgs.stdenvNoCC.mkDerivation {
pname = "bonfire-docs"; pname = "bonfire-docs";
inherit version; inherit version;
src = lib.fileset.toSource { src = lib.fileset.toSource {
root = ./.; root = ./.;
fileset = lib.fileset.unions [ fileset = lib.fileset.unions [
./src ./src
./book.toml ./book.toml
./theme ./theme
]; ];
}; };
nativeBuildInputs = [ pkgs.mdbook ]; nativeBuildInputs = [pkgs.mdbook];
dontPatch = true; dontPatch = true;
dontConfigure = true; dontConfigure = true;
doCheck = false; doCheck = false;
buildPhase = '' buildPhase = ''
runHook preBuild runHook preBuild
ln -s ${../../README.md} src/README.md ln -s ${../../README.md} src/README.md
ln -s ${optionsDoc.optionsCommonMark} src/options/modules.md ln -s ${optionsDoc.optionsCommonMark} src/options/modules.md
ln -s ${packagesDoc} src/packages/packages.md ln -s ${packagesDoc} src/packages/packages.md
mdbook build mdbook build
runHook postBuild runHook postBuild
''; '';
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
mv book $out mv book $out
runHook postInstall runHook postInstall
''; '';
passthru = { passthru = {
serve = pkgs.writeShellApplication { serve = pkgs.writeShellApplication {
name = "server"; name = "server";
runtimeInputs = [ pkgs.python3 ]; runtimeInputs = [pkgs.python3];
text = "python -m http.server --bind 127.0.0.1"; text = "python -m http.server --bind 127.0.0.1";
}; };
}; };
meta = with lib; { meta = with lib; {
description = "Bonfire HTML documentation."; description = "Bonfire HTML documentation.";
license = licenses.mit; license = licenses.mit;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
platforms = lib.platforms.all; platforms = lib.platforms.all;
}; };
} }

16
packages/bonvim/default.nix Normal file
View File

@ -0,0 +1,16 @@
{
pkgs,
nixvim-pkgs,
bonconfigs,
fenix-pkgs,
...
}:
nixvim-pkgs.makeNixvimWithModule {
pkgs = pkgs;
module = import bonconfigs.bonvim;
extraSpecialArgs = {
rustc = fenix-pkgs.complete.rustc;
cargo = fenix-pkgs.complete.cargo;
rust-analyzer = fenix-pkgs.complete.rust-analyzer;
};
}

52
packages/cargo-shuttle/default.nix
View File

@ -1,43 +1,45 @@
{ {
bonfire, bonfire,
crane-lib, crane-lib,
lib, lib,
pkgs, pkgs,
version ? "v0.44.0", version ? "v0.44.0",
hash ? "sha256-3u2GWgDQpa4sU/66vS6S+JwCEL/fvy8MTsATRs7RGVs=", hash ? "sha256-3u2GWgDQpa4sU/66vS6S+JwCEL/fvy8MTsATRs7RGVs=",
... ...
}: }: let
let pkg = { pkg = {
pname = "cargo-shuttle"; pname = "cargo-shuttle";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "shuttle-hq"; owner = "shuttle-hq";
repo = "shuttle"; repo = "shuttle";
rev = version; rev = version;
hash = hash; hash = hash;
}; };
strictDeps = true; strictDeps = true;
doCheck = false; doCheck = false;
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
pkg-config pkg-config
]; ];
buildInputs = with pkgs; [ buildInputs = with pkgs; [
openssl openssl
zlib zlib
]; ];
meta = with lib; { meta = with lib; {
description = "A cargo command for the shuttle platform"; description = "A cargo command for the shuttle platform";
license = licenses.asl20; license = licenses.asl20;
homepage = "https://shuttle.rs/"; homepage = "https://shuttle.rs/";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
}; };
}; };
in let cargoArtifacts = crane-lib.buildDepsOnly pkg; in let
in crane-lib.buildPackage ( cargoArtifacts = crane-lib.buildDepsOnly pkg;
pkg // { inherit cargoArtifacts; } in
) crane-lib.buildPackage (
pkg // {inherit cargoArtifacts;}
)

101
packages/dearpygui/default.nix
View File

@ -1,61 +1,64 @@
{ {
bonfire, bonfire,
stdenv, lib, pkgs, stdenv,
version ? "1.10.0", lib,
sha256 ? "sha256-36GAGfvHZyNZe/Z7o3VrCCwApkZpJ+r2E8+1Hy32G5Q=", ... pkgs,
version ? "1.10.0",
sha256 ? "sha256-36GAGfvHZyNZe/Z7o3VrCCwApkZpJ+r2E8+1Hy32G5Q=",
...
}: }:
pkgs.python3.pkgs.buildPythonPackage { pkgs.python3.pkgs.buildPythonPackage {
pname = "dearpygui"; pname = "dearpygui";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "hoffstadt"; owner = "hoffstadt";
repo = "DearPyGui"; repo = "DearPyGui";
rev = "v${version}"; rev = "v${version}";
fetchSubmodules = true; fetchSubmodules = true;
sha256 = sha256; sha256 = sha256;
}; };
cmakeFlags = [ cmakeFlags = [
"-DMVDIST_ONLY=True" "-DMVDIST_ONLY=True"
]; ];
postConfigure = '' postConfigure = ''
cd $cmakeDir cd $cmakeDir
mv build cmake-build-local mv build cmake-build-local
''; '';
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
pkg-config pkg-config
cmake cmake
]; ];
buildInputs = with pkgs; [ buildInputs = with pkgs; [
xorg.libX11.dev xorg.libX11.dev
xorg.libXrandr.dev xorg.libXrandr.dev
xorg.libXinerama.dev xorg.libXinerama.dev
xorg.libXcursor.dev xorg.libXcursor.dev
xorg.xinput xorg.xinput
xorg.libXi.dev xorg.libXi.dev
xorg.libXext xorg.libXext
libxcrypt libxcrypt
glfw glfw
glew glew
]; ];
dontUseSetuptoolsCheck = true; dontUseSetuptoolsCheck = true;
pythonImportsCheck = [ pythonImportsCheck = [
"dearpygui" "dearpygui"
]; ];
meta = with pkgs.lib; { meta = with pkgs.lib; {
homepage = "https://dearpygui.readthedocs.io/en/"; homepage = "https://dearpygui.readthedocs.io/en/";
description = "Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies."; description = "Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies.";
license = licenses.mit; license = licenses.mit;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin; broken = pkgs.stdenv.isDarwin;
}; };
} }

62
packages/default.nix
View File

@ -1,42 +1,48 @@
# self.packages.${system} # self.packages.${system}
# #
{ self, nixpkgs, ... }: {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; inputs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); ...
}: let
forAllSystems = inputs.nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import inputs.nixpkgs {inherit system;});
in
forAllSystems (system: let
pkgs = nixpkgsFor.${system};
in forAllSystems(system: bonfire = self;
let bonlib = self.lib;
pkgs = nixpkgsFor.${system}; bonpkgs = self.packages.${system};
bonconfigs = self.configurations;
bonfire = self; crane = self.inputs.crane;
bonlib = self.lib; crane-lib = self.inputs.crane.mkLib pkgs;
bonpkgs = self.packages.${system};
crane = self.inputs.crane; fenix = self.inputs.fenix;
crane-lib = self.inputs.crane.mkLib pkgs; fenix-pkgs = self.inputs.fenix.packages.${system};
fenix = self.inputs.fenix; nixvim-pkgs = self.inputs.nixvim.legacyPackages.${system};
in { in {
bonfire-docs = pkgs.callPackage ./bonfire-docs {inherit bonfire;};
bonfire-docs = pkgs.callPackage ./bonfire-docs { inherit bonfire; };
netgen = pkgs.callPackage ./netgen { inherit bonfire; }; netgen = pkgs.callPackage ./netgen {inherit bonfire;};
dearpygui = pkgs.callPackage ./dearpygui { inherit bonfire; };
openfoam = pkgs.callPackage ./openfoam { inherit bonfire; }; dearpygui = pkgs.callPackage ./dearpygui {inherit bonfire;};
spoofdpi = pkgs.callPackage ./spoofdpi { inherit bonfire; }; openfoam = pkgs.callPackage ./openfoam {inherit bonfire;};
lego = pkgs.callPackage ./lego { inherit bonfire; }; spoofdpi = pkgs.callPackage ./spoofdpi {inherit bonfire;};
ultimmc = pkgs.libsForQt5.callPackage ./ultimmc { inherit bonfire; }; lego = pkgs.callPackage ./lego {inherit bonfire;};
cargo-shuttle = pkgs.callPackage ./cargo-shuttle { inherit bonfire crane-lib; }; ultimmc = pkgs.libsForQt5.callPackage ./ultimmc {inherit bonfire;};
nix-minimal = pkgs.callPackage ./nix-minimal { inherit bonpkgs bonlib; }; cargo-shuttle = pkgs.callPackage ./cargo-shuttle {inherit bonfire crane-lib;};
nix-runner = pkgs.callPackage ./nix-runner { inherit bonpkgs bonlib; }; nix-minimal = pkgs.callPackage ./nix-minimal {inherit bonpkgs bonlib;};
})
# map (ps: (map (p: { name = p; systems = [ ps.${p}.system ]; type = if ps.${p}?imageTag then "image" else "package"; }) (builtins.attrNames ps))) (map (s: bf.packages.${s}) (builtins.attrNames bf.packages)) nix-runner = pkgs.callPackage ./nix-runner {inherit bonpkgs bonlib;};
bonvim = import ./bonvim {inherit nixvim-pkgs pkgs bonconfigs fenix-pkgs;};
})

59
packages/lego/default.nix
View File

@ -1,38 +1,41 @@
{ {
bonfire, bonfire,
lib, lib,
fetchFromGitHub, buildGoModule, nixosTests, fetchFromGitHub,
version ? "c847ac4a4c55d6a5a457f6ef494cf45a47299e01", buildGoModule,
hash ? "sha256-g9OxhM+iNUrAZgM1we8qPsismPy5a0eN654tSYuM/No=", nixosTests,
vendorHash ? "sha256-wG0x86lptEY3x+7kVN7v1XZniliMOxaJ6Y95YS6ivJY=", ... version ? "c847ac4a4c55d6a5a457f6ef494cf45a47299e01",
hash ? "sha256-g9OxhM+iNUrAZgM1we8qPsismPy5a0eN654tSYuM/No=",
vendorHash ? "sha256-wG0x86lptEY3x+7kVN7v1XZniliMOxaJ6Y95YS6ivJY=",
...
}: }:
buildGoModule rec { buildGoModule rec {
pname = "lego"; pname = "lego";
inherit version; inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "go-acme"; owner = "go-acme";
repo = "lego"; repo = "lego";
rev = version; rev = version;
hash = hash; hash = hash;
}; };
inherit vendorHash; inherit vendorHash;
doCheck = false; doCheck = false;
subPackages = [ "cmd/lego" ]; subPackages = ["cmd/lego"];
ldflags = [ ldflags = [
"-X main.version=${version}" "-X main.version=${version}"
]; ];
meta = with lib; { meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go"; description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit; license = licenses.mit;
homepage = "https://go-acme.github.io/lego/"; homepage = "https://go-acme.github.io/lego/";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
}; };
passthru.tests.lego = nixosTests.acme; passthru.tests.lego = nixosTests.acme;
} }

101
packages/netgen/default.nix
View File

@ -1,72 +1,77 @@
{ {
bonfire, bonfire,
stdenv, lib, pkgs, stdenv,
version ? "6.2.2402", lib,
sha256 ? "sha256-o3cj5k2VtYiGcs9Z9FyfwtOpDlZZlcO3kRgBSer6KAw=", ... pkgs,
}: version ? "6.2.2402",
let pkg = stdenv.mkDerivation { sha256 ? "sha256-o3cj5k2VtYiGcs9Z9FyfwtOpDlZZlcO3kRgBSer6KAw=",
...
}: let
pkg = stdenv.mkDerivation {
pname = "netgen"; pname = "netgen";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "NGSolve"; owner = "NGSolve";
repo = "netgen"; repo = "netgen";
rev = "v${version}"; rev = "v${version}";
sha256 = sha256; sha256 = sha256;
}; };
patches = [ patches = [
./regex-version.patch ./regex-version.patch
]; ];
cmakeFlags = [ cmakeFlags = [
"-G Ninja" "-G Ninja"
"-D CMAKE_BUILD_TYPE=Release" "-D CMAKE_BUILD_TYPE=Release"
"-D USE_NATIVE_ARCH:BOOL=OFF" "-D USE_NATIVE_ARCH:BOOL=OFF"
"-D USE_OCC:BOOL=ON" "-D USE_OCC:BOOL=ON"
"-D USE_PYTHON:BOOL=ON" "-D USE_PYTHON:BOOL=ON"
"-D USE_GUI:BOOL=ON" "-D USE_GUI:BOOL=ON"
"-D USE_MPI:BOOL=ON" "-D USE_MPI:BOOL=ON"
"-D USE_SUPERBUILD:BOOL=OFF" "-D USE_SUPERBUILD:BOOL=OFF"
"-D PREFER_SYSTEM_PYBIND11:BOOL=ON" "-D PREFER_SYSTEM_PYBIND11:BOOL=ON"
]; ];
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
cmake cmake
ninja ninja
git git
(python3.withPackages (ps: with ps; [ (python3.withPackages (ps:
pybind11 with ps; [
mpi4py pybind11
mpi4py
])) ]))
]; ];
buildInputs = with pkgs; [ buildInputs = with pkgs; [
zlib zlib
tcl tcl
tk tk
mpi mpi
opencascade-occt opencascade-occt
libGL libGL
libGLU libGLU
xorg.libXmu xorg.libXmu
metis metis
]; ];
passthru = { passthru = {
shellHook = with pkgs; '' shellHook = with pkgs; ''
export PYTHONPATH="${python3}/${python3.sitePackages}" export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}" export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
''; '';
}; };
meta = with pkgs.lib; { meta = with pkgs.lib; {
homepage = "https://github.com/NGSolve/netgen"; homepage = "https://github.com/NGSolve/netgen";
description = "NETGEN is an automatic 3d tetrahedral mesh generator"; description = "NETGEN is an automatic 3d tetrahedral mesh generator";
license = licenses.lgpl21Only; license = licenses.lgpl21Only;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin; broken = pkgs.stdenv.isDarwin;
}; };
}; };
in pkg in
pkg

240
packages/nix-minimal/default.nix
View File

@ -1,136 +1,150 @@
{ {
pkgs, pkgs,
lib, lib,
bonlib, bonlib,
extraPaths ? [], extraPaths ? [],
... ...
}: }: let
let nixPath = pkgs.writeText "nixpkgsError" '' _: throw '''
nixPath = pkgs.writeText "nixpkgsError" ''_: throw ''' This container doesn't include nixpkgs.
This container doesn't include nixpkgs. Hint: override the NIX_PATH environment variable with eg:
Hint: override the NIX_PATH environment variable with eg: "NIX_PATH=nixpkgs=channel:nixos-unstable"
"NIX_PATH=nixpkgs=channel:nixos-unstable" ''' '';
''' '';
builderIds = let forEach = n: if n == 1 then [n] else [n] ++ forEach (n - 1); in forEach 32; builderIds = let
forEach = n:
if n == 1
then [n]
else [n] ++ forEach (n - 1);
in
forEach 32;
withFakeNss = with pkgs; [ withFakeNss = with pkgs; [
(writeTextDir "etc/passwd" ( (writeTextDir "etc/passwd" (
builtins.concatStringsSep "\n" ( builtins.concatStringsSep "\n" (
map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds) map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds
+ "\n" + '' )
root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash + "\n"
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin + ''
'')) root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin
''
))
(writeTextDir "etc/group" '' (writeTextDir "etc/group" ''
root:x:0: root:x:0:
wheel:x:1: wheel:x:1:
kmem:x:2: kmem:x:2:
tty:x:3: tty:x:3:
messagebus:x:4: messagebus:x:4:
disk:x:6: disk:x:6:
audio:x:17: audio:x:17:
floppy:x:18: floppy:x:18:
uucp:x:19: uucp:x:19:
lp:x:20: lp:x:20:
cdrom:x:24: cdrom:x:24:
tape:x:25: tape:x:25:
video:x:26: video:x:26:
dialout:x:27: dialout:x:27:
utmp:x:29: utmp:x:29:
adm:x:55: adm:x:55:
keys:x:96: keys:x:96:
users:x:100: users:x:100:
input:x:174: input:x:174:
nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)} nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)}
nogroup:x:65534: nogroup:x:65534:
'') '')
(writeTextDir "etc/nsswitch.conf" '' (writeTextDir "etc/nsswitch.conf" ''
passwd: files mymachines systemd passwd: files mymachines systemd
group: files mymachines systemd group: files mymachines systemd
shadow: files shadow: files
hosts: files mymachines dns myhostname hosts: files mymachines dns myhostname
networks: files networks: files
ethers: files ethers: files
services: files services: files
protocols: files protocols: files
rpc: files rpc: files
'') '')
]; ];
withNixConf = with pkgs; [ withNixConf = with pkgs; [
(writeTextDir "etc/nix/nix.conf" '' (writeTextDir "etc/nix/nix.conf" ''
accept-flake-config = true accept-flake-config = true
experimental-features = nix-command flakes experimental-features = nix-command flakes
show-trace = true show-trace = true
max-jobs = auto max-jobs = auto
trusted-users = root trusted-users = root
'') '')
]; ];
in
in pkgs.dockerTools.buildImageWithNixDb { pkgs.dockerTools.buildImageWithNixDb {
name = "nix-minimal"; name = "nix-minimal";
tag = "latest"; tag = "latest";
copyToRoot = pkgs.buildEnv { copyToRoot = pkgs.buildEnv {
name = "image-root"; name = "image-root";
pathsToLink = [ "/bin" "/etc" ]; pathsToLink = ["/bin" "/etc"];
paths = with pkgs; [ paths = with pkgs;
dockerTools.usrBinEnv [
dockerTools.usrBinEnv
coreutils coreutils
bashInteractive bashInteractive
nix nix
cacert cacert
gnutar gnutar
gzip gzip
xz xz
openssh openssh
((git.override { ((git.override {
perlSupport = false; perlSupport = false;
pythonSupport = false; pythonSupport = false;
withpcre2 = false; withpcre2 = false;
withManual = false; withManual = false;
}).overrideAttrs (_: { doInstallCheck = false; })) })
.overrideAttrs (_: {doInstallCheck = false;}))
iana-etc iana-etc
] ++ withFakeNss ++ withNixConf ++ extraPaths; ]
++ withFakeNss
++ withNixConf
++ extraPaths;
}; };
runAsRoot = with pkgs; '' runAsRoot = with pkgs; ''
#!${runtimeShell} #!${runtimeShell}
${dockerTools.shadowSetup} ${dockerTools.shadowSetup}
''; '';
config = { config = {
Cmd = [ "/bin/bash" ]; Cmd = ["/bin/bash"];
Env = [ Env = [
"USER=root" "USER=root"
"PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin" "PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin"
"PAGER=cat" "PAGER=cat"
"ENV=/etc/profile.d/nix.sh" "ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh" "BASH_ENV=/etc/profile.d/nix.sh"
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
"NIX_BUILD_SHELL=/bin/bash" "NIX_BUILD_SHELL=/bin/bash"
"NIX_PATH=nixpkgs=${nixPath}" "NIX_PATH=nixpkgs=${nixPath}"
]; ];
}; };
} // { }
// {
meta = with lib; { meta = with lib; {
homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire"; homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire";
description = "Minimal image with a Nix package manager"; description = "Minimal image with a Nix package manager";
longDescription = '' longDescription = ''
Minimal docker image with Nix package manager (https://nixos.org/). Minimal docker image with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes. Enabled features: nix-command, flakes.
Versions: latest Versions: latest
''; '';
platforms = platforms.linux; platforms = platforms.linux;
license = licenses.lgpl21Plus; license = licenses.lgpl21Plus;
maintainers = with bonlib.maintainers; [ L-Nafaryus ]; maintainers = with bonlib.maintainers; [L-Nafaryus];
}; };
} }

59
packages/nix-runner/default.nix
View File

@ -1,34 +1,39 @@
{ {
pkgs, pkgs,
lib, lib,
bonpkgs, bonpkgs,
bonlib, bonlib,
extraPaths ? [], extraPaths ? [],
... ...
}: }:
pkgs.dockerTools.buildImage { pkgs.dockerTools.buildImage {
name = "nix-runner"; name = "nix-runner";
tag = "latest"; tag = "latest";
fromImage = bonpkgs.nix-minimal; fromImage = bonpkgs.nix-minimal;
copyToRoot = pkgs.buildEnv { copyToRoot = pkgs.buildEnv {
name = "image-root"; name = "image-root";
pathsToLink = [ "/bin" ]; pathsToLink = ["/bin"];
paths = with pkgs; [ paths = with pkgs;
nodejs [
jq nodejs
cachix jq
] ++ extraPaths; cachix
}; ]
++ extraPaths;
};
config.Cmd = [ "/bin/bash" ]; config.Cmd = ["/bin/bash"];
} // { }
meta = bonpkgs.nix-minimal.meta // { // {
description = "Image for action runners with a Nix package manager"; meta =
longDescription = '' bonpkgs.nix-minimal.meta
Docker image for action runners with Nix package manager (https://nixos.org/). // {
Enabled features: nix-command, flakes. description = "Image for action runners with a Nix package manager";
Versions: latest longDescription = ''
''; Docker image for action runners with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
}; };
} }

111
packages/openfoam/default.nix
View File

@ -1,84 +1,87 @@
{ {
bonfire, bonfire,
stdenv, lib, pkgs, stdenv,
version ? "11.20240116", lib,
sha256 ? "sha256-bNWlza3cL/lUrwrVEmPECvKbFkwR2rTMaccsn8amGFQ=", ... pkgs,
}: version ? "11.20240116",
let sha256 ? "sha256-bNWlza3cL/lUrwrVEmPECvKbFkwR2rTMaccsn8amGFQ=",
version' = lib.strings.splitString "." version; ...
major = lib.elemAt version' 0; }: let
revision = lib.elemAt version' 1; version' = lib.strings.splitString "." version;
realname = "OpenFOAM"; major = lib.elemAt version' 0;
in revision = lib.elemAt version' 1;
let pkg = stdenv.mkDerivation { realname = "OpenFOAM";
in let
pkg = stdenv.mkDerivation {
pname = "openfoam"; pname = "openfoam";
inherit version major; inherit version major;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = realname; owner = realname;
repo = "${realname}-${major}"; repo = "${realname}-${major}";
rev = "${revision}"; rev = "${revision}";
sha256 = sha256; sha256 = sha256;
}; };
nativeBuildInputs = with pkgs; [ bash m4 flex bison ]; nativeBuildInputs = with pkgs; [bash m4 flex bison];
buildInputs = with pkgs; [ fftw mpi scotch boost cgal zlib ]; buildInputs = with pkgs; [fftw mpi scotch boost cgal zlib];
postPatch = '' postPatch = ''
substituteInPlace etc/bashrc \ substituteInPlace etc/bashrc \
--replace '[ "$BASH" -o "$ZSH_NAME" ] && \' '#' \ --replace '[ "$BASH" -o "$ZSH_NAME" ] && \' '#' \
--replace 'export FOAM_INST_DIR=$(cd $(dirname ${"$"}{BASH_SOURCE:-$0})/../.. && pwd -P) || \' '#' \ --replace 'export FOAM_INST_DIR=$(cd $(dirname ${"$"}{BASH_SOURCE:-$0})/../.. && pwd -P) || \' '#' \
--replace 'export FOAM_INST_DIR=$HOME/$WM_PROJECT' '# __inst_dir_placeholder__' --replace 'export FOAM_INST_DIR=$HOME/$WM_PROJECT' '# __inst_dir_placeholder__'
patchShebangs Allwmake patchShebangs Allwmake
patchShebangs etc patchShebangs etc
patchShebangs wmake patchShebangs wmake
patchShebangs applications patchShebangs applications
patchShebangs bin patchShebangs bin
''; '';
configurePhase = '' configurePhase = ''
export FOAM_INST_DIR=$NIX_BUILD_TOP/source export FOAM_INST_DIR=$NIX_BUILD_TOP/source
export WM_PROJECT_DIR=$FOAM_INST_DIR/${realname}-${major} export WM_PROJECT_DIR=$FOAM_INST_DIR/${realname}-${major}
mkdir $WM_PROJECT_DIR mkdir $WM_PROJECT_DIR
mv $(find $FOAM_INST_DIR/ -maxdepth 1 -not -path $WM_PROJECT_DIR -not -path $FOAM_INST_DIR/) \ mv $(find $FOAM_INST_DIR/ -maxdepth 1 -not -path $WM_PROJECT_DIR -not -path $FOAM_INST_DIR/) \
$WM_PROJECT_DIR/ $WM_PROJECT_DIR/
set +e set +e
. $WM_PROJECT_DIR/etc/bashrc . $WM_PROJECT_DIR/etc/bashrc
set -e set -e
''; '';
buildPhase = '' buildPhase = ''
sh $WM_PROJECT_DIR/Allwmake -j$CORES sh $WM_PROJECT_DIR/Allwmake -j$CORES
wclean all wclean all
wmakeLnIncludeAll wmakeLnIncludeAll
''; '';
installPhase = '' installPhase = ''
mkdir -p $out/${realname}-${major} mkdir -p $out/${realname}-${major}
substituteInPlace $WM_PROJECT_DIR/etc/bashrc \ substituteInPlace $WM_PROJECT_DIR/etc/bashrc \
--replace '# __inst_dir_placeholder__' "export FOAM_INST_DIR=$out" --replace '# __inst_dir_placeholder__' "export FOAM_INST_DIR=$out"
cp -Ra $WM_PROJECT_DIR/* $out/${realname}-${major} cp -Ra $WM_PROJECT_DIR/* $out/${realname}-${major}
''; '';
passthru = { passthru = {
shellHook = '' shellHook = ''
. ${pkg}/${realname}-${major}/etc/bashrc . ${pkg}/${realname}-${major}/etc/bashrc
''; '';
}; };
meta = with pkgs.lib; { meta = with pkgs.lib; {
homepage = "https://www.openfoam.org/"; homepage = "https://www.openfoam.org/";
description = "OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation"; description = "OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation";
license = licenses.gpl3; license = licenses.gpl3;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin; broken = pkgs.stdenv.isDarwin;
}; };
}; };
in pkg in
pkg

52
packages/spoofdpi/default.nix
View File

@ -1,33 +1,35 @@
{ {
bonfire, bonfire,
lib, pkgs, lib,
version ? "0.8", pkgs,
hash ? "sha256-kPCdOZl4m7KBb970TjJokXorKfnCvuV5Uq7lFQIh1z8=", version ? "0.8",
vendorHash ? "sha256-ib9xRklkLfrDCuLf7zDkJE8lJiNiUMPZ01MDxvqho6o=", ... hash ? "sha256-kPCdOZl4m7KBb970TjJokXorKfnCvuV5Uq7lFQIh1z8=",
vendorHash ? "sha256-ib9xRklkLfrDCuLf7zDkJE8lJiNiUMPZ01MDxvqho6o=",
...
}: }:
pkgs.buildGoModule { pkgs.buildGoModule {
pname = "spoofdpi"; pname = "spoofdpi";
inherit version; inherit version;
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "xvzc"; owner = "xvzc";
repo = "SpoofDPI"; repo = "SpoofDPI";
rev = version; rev = version;
hash = hash; hash = hash;
}; };
inherit vendorHash; inherit vendorHash;
doCheck = false; doCheck = false;
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"]; ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
meta = with lib; { meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI"; homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go"; description = "A simple and fast anti-censorship tool written in Go";
license = licenses.asl20; license = licenses.asl20;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = false; broken = false;
mainProgram = "spoof-dpi"; mainProgram = "spoof-dpi";
}; };
} }

138
packages/ultimmc/default.nix
View File

@ -1,75 +1,83 @@
{ {
bonfire, bonfire,
lib, stdenv, lib,
fetchFromGitHub, wrapQtAppsHook, stdenv,
extra-cmake-modules, cmake, fetchFromGitHub,
file, jdk17, wrapQtAppsHook,
copyDesktopItems, makeDesktopItem, extra-cmake-modules,
xorg, libpulseaudio, libGL cmake,
file,
jdk17,
copyDesktopItems,
makeDesktopItem,
xorg,
libpulseaudio,
libGL,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "faf3c966c43465d6f6c245ed78556222240398ee"; version = "faf3c966c43465d6f6c245ed78556222240398ee";
pname = "ultimmc"; pname = "ultimmc";
src = fetchFromGitHub { src = fetchFromGitHub {
fetchSubmodules = true; fetchSubmodules = true;
owner = "UltimMC"; owner = "UltimMC";
repo = "Launcher"; repo = "Launcher";
rev = "faf3c966c43465d6f6c245ed78556222240398ee"; rev = "faf3c966c43465d6f6c245ed78556222240398ee";
sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w="; sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
wrapQtAppsHook wrapQtAppsHook
extra-cmake-modules extra-cmake-modules
cmake cmake
file file
jdk17 jdk17
copyDesktopItems copyDesktopItems
]; ];
desktopItems = [ desktopItems = [
(makeDesktopItem { (makeDesktopItem {
name = "ultimmc"; name = "ultimmc";
desktopName = "UltimMC"; desktopName = "UltimMC";
icon = "ultimmc"; icon = "ultimmc";
comment = "Cracked Minecraft launcher"; comment = "Cracked Minecraft launcher";
exec = "UltimMC %u"; exec = "UltimMC %u";
categories = [ "Game" ]; categories = ["Game"];
}) })
]; ];
cmakeFlags = [ "-DLauncher_LAYOUT=lin-nodeps" ]; cmakeFlags = ["-DLauncher_LAYOUT=lin-nodeps"];
# TODO: fix broken data directory location
postInstall = let
libpath = with xorg; lib.makeLibraryPath [
libX11
libXext
libXcursor
libXrandr
libXxf86vm
libpulseaudio
libGL
];
in ''
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg
chmod -x $out/bin/*.so # TODO: fix broken data directory location
wrapProgram $out/bin/UltimMC \ postInstall = let
"''${qtWrapperArgs[@]}" \ libpath = with xorg;
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \ lib.makeLibraryPath [
--prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \ libX11
--add-flags '-d ~/.local/share/ultimmc' libXext
libXcursor
libXrandr
libXxf86vm
libpulseaudio
libGL
];
in ''
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg
rm $out/UltimMC chmod -x $out/bin/*.so
''; wrapProgram $out/bin/UltimMC \
"''${qtWrapperArgs[@]}" \
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \
--prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \
--add-flags '-d ~/.local/share/ultimmc'
meta = with lib; { rm $out/UltimMC
homepage = "https://github.com/UltimMC/Launcher"; '';
description = "Cracked Minecraft Launcher";
license = licenses.asl20; meta = with lib; {
platforms = platforms.linux; homepage = "https://github.com/UltimMC/Launcher";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ]; description = "Cracked Minecraft Launcher";
}; license = licenses.asl20;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
};
} }

90
templates/rust/flake.nix
View File

@ -1,52 +1,62 @@
{ {
description = "Basic rust template"; description = "Basic rust template";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; }; crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
}; };
};
outputs = inputs @ { self, nixpkgs, crane, ... }: outputs = inputs @ {
let self,
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; nixpkgs,
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); crane,
in { ...
packages = forAllSystems (system: { }: let
my-crate = let forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
pkgs = nixpkgsFor.${system}; nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
craneLib = crane.lib.${system}; in {
in craneLib.buildPackage { packages = forAllSystems (system: {
src = craneLib.cleanCargoSource (craneLib.path ./.); my-crate = let
strictDeps = true; pkgs = nixpkgsFor.${system};
craneLib = crane.lib.${system};
in
craneLib.buildPackage {
src = craneLib.cleanCargoSource (craneLib.path ./.);
strictDeps = true;
buildInputs = []; buildInputs = [];
}; };
default = self.packages.${system}.my-crate; default = self.packages.${system}.my-crate;
}); });
checks = forAllSystems (system: { checks = forAllSystems (system: {
inherit (self.packages.${system}.my-crate); inherit (self.packages.${system}.my-crate);
my-crate-fmt = let craneLib = crane.lib.${system}; in craneLib.cargoFmt { my-crate-fmt = let
src = craneLib.cleanCargoSource (craneLib.path ./.); craneLib = crane.lib.${system};
}; in
}); craneLib.cargoFmt {
src = craneLib.cleanCargoSource (craneLib.path ./.);
};
});
apps = forAllSystems (system: { apps = forAllSystems (system: {
default = { default = {
type = "app"; type = "app";
program = "${self.packages.${system}.my-crate}/bin/rust-example"; program = "${self.packages.${system}.my-crate}/bin/rust-example";
}; };
}); });
devShells = forAllSystems (system: { devShells = forAllSystems (system: {
default = crane.lib.${system}.devShell { default = crane.lib.${system}.devShell {
checks = self.checks.${system}; checks = self.checks.${system};
packages = [];
};
});
};
packages = [];
};
});
};
} }