L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 4 Releases Wiki Activity

flake: reformat all
Some checks failed
nix / check (push) Failing after 31s
Details

Browse Source 
new: packages: bonvim, nixvim configuration of neovim
remove: config: hyprland -> declarative
remove: config: nvim
nixosModules: structure with categories
new: configurations: concept of preconfigured modules
catarina: disable papermc server
catarina: hydra server
flake: hydraJobs outputs
This commit is contained in:
L-Nafaryus 2024-07-08 15:07:24 +05:00
parent 26088b3368
commit 008b4ad3a4
Signed by: L-Nafaryus
GPG Key ID: 553C97999B363D38
53 changed files with 4126 additions and 3205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.editorconfig Normal file
View File

@ -0,0 +1,4 @@
indent_style = "space"
indent_size = 4
end_of_line = "cr"
charset = "utf-8"

28
apps/default.nix
View File

@ -1,14 +1,16 @@
{ self, nixpkgs, ... }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ];
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
{
self,
nixpkgs,
...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in
forAllSystems (system: let
pkgs = nixpkgsFor.${system};
in forAllSystems(system: let
pkgs = nixpkgsFor.${system};
bonfire = self;
bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
in {
})
bonfire = self;
bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
in {
})

31
config/git/config
View File

@ -1,31 +0,0 @@
[user]
name = L-Nafaryus
email = l.nafaryus@gmail.com
signingKey = 86F1EA98B48FFB19
[commit]
gpgsign = true
[tag]
gpgsign = true
[init]
defaultBranch = master
[diff]
submodule = log
[color]
diff = auto
status = auto
branch = auto
[core]
quotePath = false
commitGraph = true
whitespace = trailing-space
[receive]
advertisePushOptions = true
[gc]
writeCommitGraph = true
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
[filter "lfs"]
required = true
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process

281
config/hypr/hyprland.conf
View File

@ -1,281 +0,0 @@
# #######################################################################################
# AUTOGENERATED HYPR CONFIG.
# PLEASE USE THE CONFIG PROVIDED IN THE GIT REPO /examples/hypr.conf AND EDIT IT,
# OR EDIT THIS ONE ACCORDING TO THE WIKI INSTRUCTIONS.
# #######################################################################################
autogenerated = 0 # remove this line to remove the warning
# This is an example Hyprland config file.
# Refer to the wiki for more information.
# https://wiki.hyprland.org/Configuring/Configuring-Hyprland/
# Please note not all available settings / options are set here.
# For a full list, see the wiki
# You can split this configuration into multiple files
# Create your files separately and then link them to this file like this:
# source = ~/.config/hypr/myColors.conf
################
### MONITORS ###
################
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor = desc:AOC Q27B3MA 17ZPAHA006135, 2560x1440@75, 0x0, auto
monitor = desc:AOC Q27G2G3R3B 137P4HA000540, 2560x1440@165, 2560x0, auto
monitor = Unknown-1, disable
###################
### MY PROGRAMS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use
$terminal = alacritty
$fileManager = dolphin
$menu = rofi -show drun
#################
### AUTOSTART ###
#################
# Autostart necessary processes (like notifications daemons, status bars, etc.)
# Or execute your favorite apps at launch like this:
# exec-once = $terminal
# exec-once = nm-applet &
# exec-once = waybar & hyprpaper & firefox
exec-once = eww daemon
exec-once = eww open topbar
exec-once = nm-applet --indicator &
exec-once = blueman-applet &
exec-once = wl-gammarelay-rs run &
exec-once = systemctl --user start hypridle
exec-once = wl-paste --type text --watch cliphist store #Stores only text data
exec-once = wl-paste --type image --watch cliphist store #Stores only image data
exec-once = swww-daemon & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160.png & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160a.gif
#############################
### ENVIRONMENT VARIABLES ###
#############################
# See https://wiki.hyprland.org/Configuring/Environment-variables/
env = XCURSOR_SIZE,16
env = HYPRCURSOR_SIZE,16
env = WLR_DRM_NO_ATOMIC,1
#####################
### LOOK AND FEEL ###
#####################
# Refer to https://wiki.hyprland.org/Configuring/Variables/
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 5
gaps_out = 5
border_size = 2
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true
layout = dwindle
}
# https://wiki.hyprland.org/Configuring/Variables/#decoration
decoration {
rounding = 5
# Change transparency of focused and unfocused windows
active_opacity = 1.0
inactive_opacity = 0.95
drop_shadow = true
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur {
enabled = true
size = 3
passes = 1
vibrancy = 0.1696
}
}
# https://wiki.hyprland.org/Configuring/Variables/#animations
animations {
enabled = true
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle {
pseudotile = true # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true # You probably want this
}
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master {
new_is_master = true
}
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
force_default_wallpaper = -1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false # If true disables the random hyprland logo / anime girl background. :(
}
#############
### INPUT ###
#############
# https://wiki.hyprland.org/Configuring/Variables/#input
input {
kb_layout = us,ru
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = false
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
####################
### KEYBINDINGSS ###
####################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = SUPER, Q, exec, $terminal
bind = SUPER, C, killactive,
bind = SUPER, M, exit,
bind = SUPER, E, exec, $fileManager
bind = SUPER, V, togglefloating,
bind = SUPER, F, fullscreen,
bind = SUPER, R, exec, $menu
bind = SUPER, P, pseudo, # dwindle
bind = SUPER, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = SUPER, left, movefocus, l
bind = SUPER, right, movefocus, r
bind = SUPER, up, movefocus, u
bind = SUPER, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = SUPER, 1, workspace, 1
bind = SUPER, 2, workspace, 2
bind = SUPER, 3, workspace, 3
bind = SUPER, 4, workspace, 4
bind = SUPER, 5, workspace, 5
bind = SUPER, 6, workspace, 6
bind = SUPER, 7, workspace, 7
bind = SUPER, 8, workspace, 8
bind = SUPER, 9, workspace, 9
bind = SUPER, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = SUPER SHIFT, 1, movetoworkspace, 1
bind = SUPER SHIFT, 2, movetoworkspace, 2
bind = SUPER SHIFT, 3, movetoworkspace, 3
bind = SUPER SHIFT, 4, movetoworkspace, 4
bind = SUPER SHIFT, 5, movetoworkspace, 5
bind = SUPER SHIFT, 6, movetoworkspace, 6
bind = SUPER SHIFT, 7, movetoworkspace, 7
bind = SUPER SHIFT, 8, movetoworkspace, 8
bind = SUPER SHIFT, 9, movetoworkspace, 9
bind = SUPER SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = SUPER, S, togglespecialworkspace, magic
bind = SUPER SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = SUPER, mouse_down, workspace, e+1
bind = SUPER, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = SUPER, mouse:272, movewindow
bindm = SUPER, mouse:273, resizewindow
bindel = , XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+
bindel = , XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
bindl = , XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
bindl = , XF86AudioPrev, exec, playerctl previous
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioNext, exec, playerctl next
bindl = , XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500
bindl = , XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500
bindl = SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1
bindl = SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1
bind = SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next
bind = , PRINT, exec, hyprshot -m region
bind = SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy
#bind = CTRL, V, exec, wl-paste
##############################
### WINDOWS AND WORKSPACES ###
##############################
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# See https://wiki.hyprland.org/Configuring/Workspace-Rules/ for workspace rules
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
windowrulev2 = float, class:^(steam_app.*)$
windowrulev2 = immediate, class:^(steam_app.*)$
windowrulev2 = float, class:^(steam_proton.*)$

15
config/nvim/.neoconf.json
View File

@ -1,15 +0,0 @@
{
"neodev": {
"library": {
"enabled": true,
"plugins": true
}
},
"neoconf": {
"plugins": {
"lua_ls": {
"enabled": true
}
}
}
}

29
config/nvim/ginit.vim
View File

@ -1,29 +0,0 @@
" Enable Mouse
set mouse=a
" Set Editor Font
if exists(':GuiFont')
" Use GuiFont! to ignore font errors
GuiFont MesloLGS Nerd Font Mono:h10
endif
" Disable GUI Tabline
if exists(':GuiTabline')
GuiTabline 0
endif
" Disable GUI Popupmenu
if exists(':GuiPopupmenu')
GuiPopupmenu 0
endif
" Enable GUI ScrollBar
if exists(':GuiScrollBar')
GuiScrollBar 0
endif
" Right Click Context Menu (Copy-Cut-Paste)
nnoremap <silent><RightMouse> :call GuiShowContextMenu()<CR>
inoremap <silent><RightMouse> <Esc>:call GuiShowContextMenu()<CR>
xnoremap <silent><RightMouse> :call GuiShowContextMenu()<CR>gv
snoremap <silent><RightMouse> <C-G>:call GuiShowContextMenu()<CR>gv

7
config/nvim/init.lua
View File

@ -1,7 +0,0 @@
-- bootstrap lazy.nvim, LazyVim and your plugins
require("config.lazy")
vim.o.tabstop = 4 -- A TAB character looks like 4 spaces
vim.o.expandtab = true -- Pressing the TAB key will insert spaces instead of a TAB character
vim.o.softtabstop = 4 -- Number of spaces inserted instead of a TAB character
vim.o.shiftwidth = 4 -- Number of spaces inserted when indenting

3
config/nvim/lua/config/autocmds.lua
View File

@ -1,3 +0,0 @@
-- Autocmds are automatically loaded on the VeryLazy event
-- Default autocmds that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/autocmds.lua
-- Add any additional autocmds here

15
config/nvim/lua/config/keymaps.lua
View File

@ -1,15 +0,0 @@
-- Keymaps are automatically loaded on the VeryLazy event
-- Default keymaps that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/keymaps.lua
-- Add any additional keymaps here
-- Move to window
vim.keymap.set("n", "<C-Left>", "<C-w>h", { desc = "Go to left window", remap = true })
vim.keymap.set("n", "<C-Down>", "<C-w>j", { desc = "Go to lower window", remap = true })
vim.keymap.set("n", "<C-Up>", "<C-w>k", { desc = "Go to upper window", remap = true })
vim.keymap.set("n", "<C-Right>", "<C-w>l", { desc = "Go to right window", remap = true })
-- Resize window using <ctrl> arrow keys
vim.keymap.set("n", "<C-k>", "<cmd>resize +2<cr>", { desc = "Increase window height" })
vim.keymap.set("n", "<C-l>", "<cmd>resize -2<cr>", { desc = "Decrease window height" })
vim.keymap.set("n", "<C-h>", "<cmd>vertical resize -2<cr>", { desc = "Decrease window width" })
vim.keymap.set("n", "<C-j>", "<cmd>vertical resize +2<cr>", { desc = "Increase window width" })

46
config/nvim/lua/config/lazy.lua
View File

@ -1,46 +0,0 @@
local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim"
if not vim.loop.fs_stat(lazypath) then
-- bootstrap lazy.nvim
-- stylua: ignore
vim.fn.system({ "git", "clone", "--filter=blob:none", "https://github.com/folke/lazy.nvim.git", "--branch=stable", lazypath })
end
vim.opt.rtp:prepend(vim.env.LAZY or lazypath)
require("lazy").setup({
spec = {
-- add LazyVim and import its plugins
{ "LazyVim/LazyVim", import = "lazyvim.plugins" },
-- import any extras modules here
-- { import = "lazyvim.plugins.extras.lang.typescript" },
-- { import = "lazyvim.plugins.extras.lang.json" },
-- { import = "lazyvim.plugins.extras.ui.mini-animate" },
-- import/override with your plugins
{ import = "plugins" },
},
defaults = {
-- By default, only LazyVim plugins will be lazy-loaded. Your custom plugins will load during startup.
-- If you know what you're doing, you can set this to `true` to have all your custom plugins lazy-loaded by default.
lazy = false,
-- It's recommended to leave version=false for now, since a lot the plugin that support versioning,
-- have outdated releases, which may break your Neovim install.
version = false, -- always use the latest git commit
-- version = "*", -- try installing the latest stable version for plugins that support semver
},
install = { colorscheme = { "tokyonight", "habamax" } },
checker = { enabled = true }, -- automatically check for plugin updates
performance = {
rtp = {
-- disable some rtp plugins
disabled_plugins = {
"gzip",
-- "matchit",
-- "matchparen",
-- "netrwPlugin",
"tarPlugin",
"tohtml",
"tutor",
"zipPlugin",
},
},
},
})

3
config/nvim/lua/config/options.lua
View File

@ -1,3 +0,0 @@
-- Options are automatically loaded before lazy.nvim startup
-- Default options that are always set: https://github.com/LazyVim/LazyVim/blob/main/lua/lazyvim/config/options.lua
-- Add any additional options here

70
config/nvim/lua/plugins/user.lua
View File

@ -1,70 +0,0 @@
return {
{
"ellisonleao/gruvbox.nvim",
},
{
"folke/tokyonight.nvim",
style = "moon",
priority = 1000,
},
{ "skywind3000/asyncrun.vim" },
-- Configure LazyVim to load gruvbox
{
"LazyVim/LazyVim",
opts = {
colorscheme = "tokyonight",
},
},
{ "equalsraf/neovim-gui-shim" },
{
"nvim-neo-tree/neo-tree.nvim",
opts = {
filesystem = {
filtered_items = {
hide_dotfiles = false,
hide_gitignored = false,
},
use_libuv_file_watcher = true,
},
},
},
{
"folke/trouble.nvim",
dependencies = { "nvim-tree/nvim-web-devicons" },
},
{
"nvim-orgmode/orgmode",
dependencies = {
{ "nvim-treesitter/nvim-treesitter", lazy = true },
},
event = "VeryLazy",
config = function()
require("orgmode").setup_ts_grammar()
require("nvim-treesitter.configs").setup({
highlight = {
enable = true,
additional_vim_regex_highlighting = { "org" },
},
ensure_installed = { "org" },
})
require("orgmode").setup()
end,
},
{
"williamboman/mason.nvim",
config = function()
require("mason").setup({ PATH = "append" })
end
}
}

4
config/nvim/stylua.toml
View File

@ -1,4 +0,0 @@
indent_type = "Spaces"
indent_width = 4
column_width = 120

629
configurations/bonvim.nix Normal file
View File

@ -0,0 +1,629 @@
{
config,
lib,
pkgs,
rustc ? pkgs.rustc,
cargo ? pkgs.cargo,
rust-analyzer ? pkgs.rust-analyzer,
...
}: {
# General
globals.mapleader = " ";
opts = {
# Show line numbers
number = true;
relativenumber = true;
# Tab need 4 spaces please
expandtab = true;
tabstop = 4;
softtabstop = 4;
shiftwidth = 4;
showtabline = 4;
# Hide * markup
conceallevel = 2;
# Confirm on save
confirm = true;
cursorline = true;
# Invisible characters I see you
list = true;
ignorecase = true;
grepprg = "${lib.getExe pkgs.ripgrep} --vimgrep";
termguicolors = true;
# Splits
splitbelow = true;
splitright = true;
splitkeep = "screen";
# U, u, undo
undofile = true;
undolevels = 10000;
updatetime = 200;
# Command line completion mode
wildmode = "longest:full,full";
smoothscroll = true;
autowrite = true;
};
globals = {
bigfile_size = 1024 * 1024 * 1.5;
};
editorconfig.enable = true;
# Clipboard
clipboard = {
register = "unnamedplus";
providers.wl-copy.enable = true;
};
# Copy/paste
plugins.yanky = {
enable = true;
systemClipboard.syncWithRing = true;
};
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
# Theme
colorschemes.catppuccin = {
enable = true;
settings = {
flavour = "macchiato";
no_bold = false;
no_italic = false;
no_underline = false;
integrations = {
cmp = true;
notify = true;
gitsigns = true;
neotree = true;
which_key = true;
illuminate = {
enabled = true;
};
treesitter = true;
telescope.enabled = true;
indent_blankline.enabled = true;
mini.enabled = true;
native_lsp = {
enabled = true;
inlay_hints = {
background = true;
};
underlines = {
errors = ["underline"];
hints = ["underline"];
information = ["underline"];
warnings = ["underline"];
};
};
};
};
};
# File tree
plugins.neo-tree = {
enable = true;
filesystem = {
useLibuvFileWatcher = true;
filteredItems = {
hideDotfiles = false;
hideGitignored = false;
};
};
defaultComponentConfigs = {
indent = {
withExpanders = true;
expanderCollapsed = "";
expanderExpanded = "";
expanderHighlight = "NeoTreeExpander";
};
};
};
# UI
plugins.noice = {
enable = true;
lsp.override = {
"cmp.entry.get_documentation" = true;
"vim.lsp.util.convert_input_to_markdown_lines" = true;
"vim.lsp.util.stylize_markdown" = true;
};
presets = {
long_message_to_split = true;
};
};
plugins.dressing = {
enable = true;
};
# Status line
plugins.bufferline = {
enable = true;
diagnostics = "nvim_lsp";
mode = "buffers";
offsets = [
{
filetype = "neo-tree";
text = "Neo-tree";
highlight = "Directory";
text_align = "left";
}
];
};
plugins.lualine = {
enable = true;
globalstatus = true;
extensions = ["neo-tree"];
sections = {
lualine_a = [
{
name = "mode";
separator.right = "";
}
];
lualine_b = [
{
name = "branch";
icon = "";
separator.right = "";
}
];
lualine_c = [
{
name = "diagnostics";
separator.right = ">";
extraConfig = {
sources = ["nvim_lsp"];
symbols = {
error = " ";
warn = " ";
info = " ";
hint = "󰝶 ";
};
};
}
{
name = "filetype";
extraConfig = {
icon_only = true;
separator = "";
padding = {
left = 1;
right = 0;
};
};
}
{
name = "filename";
extraConfig = {
path = 1;
};
}
];
lualine_x = [
{
name = "diff";
extraConfig = {
symbols = {
added = " ";
modified = " ";
removed = " ";
};
source.__raw = ''
function()
local gitsings = vim.b.gitsigns_status_dict
if gitsigns then
return {
added = gitigns.added,
modified = gitigns.changed,
removed = gitigns.removed
}
end
end
'';
};
}
];
lualine_y = [
{
separator.left = "";
name = "progress";
padding = {
left = 1;
right = 0;
};
}
{
name = "location";
padding = {
left = 0;
right = 1;
};
}
];
lualine_z = [
{
separator.left = "";
fmt = ''
function(text)
return " " .. os.date("%R")
end
'';
}
];
};
};
plugins.notify.enable = true;
plugins.project-nvim = {
enable = true;
enableTelescope = true;
showHidden = true;
};
# Syntax highlight
plugins.treesitter = {
enable = true;
};
plugins.treesitter-textobjects.enable = true;
# Double trouble of your code
plugins.trouble = {
enable = true;
};
# Multifile search/replace
plugins.spectre = {
enable = true;
findPackage = pkgs.ripgrep;
replacePackage = pkgs.gnused;
};
plugins.which-key = {
enable = true;
icons.group = "+";
registrations = {
"<leader>g" = "+ Git";
"<leader>c" = "+ Code";
"<leader>s" = "+ Search";
"<leader>w" = "+ Window";
"<leader>q" = "+ Quit";
};
};
# LSP
plugins = {
lsp-lines.enable = true;
lsp-format.enable = true;
lsp = {
enable = true;
inlayHints = true;
keymaps = {
# vim.diagnostic.<action>
diagnostic = {
"<leader>cd" = {
action = "open_float";
desc = "Line diagnostics";
};
};
# vim.lsp.buf.<action>
lspBuf = {
"K" = "hover";
"gK" = "signature_help";
"gr" = "references";
"gd" = "definition";
"gi" = "implementation";
"gt" = "type_definition";
"cr" = "rename";
"cf" = "format";
};
extra = [
{
key = "<leader>cf";
action.__raw = "vim.lsp.buf.format";
options.desc = "Format";
}
];
};
servers = {
clangd = {
enable = true;
cmd = [
"${config.plugins.lsp.servers.clangd.package}/bin/clangd"
"--background-index"
"--clang-tidy"
"--header-insertion=iwyu"
"--completion-style=detailed"
"--function-arg-placeholders"
"--fallback-style=llvm"
];
};
cmake.enable = true;
nil-ls.enable = true;
# pylyzer.enable = true; # not working with virtual environments currently :(
pylsp = {
enable = true;
settings.plugins = {
pyflakes.enabled = true;
black.enabled = true;
};
};
rust-analyzer = {
enable = true;
package = rust-analyzer;
cargoPackage = cargo;
rustcPackage = rustc;
installCargo = true;
installRustc = true;
};
volar.enable = true;
tailwindcss.enable = true;
marksman.enable = true;
};
};
};
# VCS
plugins.gitsigns = {
enable = true;
settings = {
signs = {
add = {
text = "";
};
change = {
text = "";
};
delete = {
text = "";
};
untracked = {
text = "";
};
topdelete = {
text = "";
};
changedelete = {
text = "";
};
};
};
};
plugins.lazygit.enable = true;
# Formatting
plugins.none-ls = {
enable = true;
# nix
sources.formatting.alejandra.enable = true;
};
# Search, search, search
plugins.telescope = {
enable = true;
extensions.fzf-native.enable = true;
keymaps = {
"<leader>sgf" = {
action = "git_files";
options = {
desc = "Files";
};
};
"<leader>sgc" = {
action = "git_commits";
options = {
desc = "Commits";
};
};
"<leader>sgs" = {
action = "git_status";
options = {
desc = "Status";
};
};
"<leader>sk" = {
action = "keymaps";
options = {
desc = "Key Maps";
};
};
"<leader>sf" = {
action = "live_grep";
options = {
desc = "Grep Root Directory";
};
};
};
};
plugins.todo-comments.enable = true;
# Terminal
plugins.toggleterm = {
enable = true;
settings = {
direction = "float";
open_mapping = "[[<c-/>]]";
};
};
# Completion
plugins = {
cmp = {
enable = true;
settings = {
sources = [
{
name = "nvim_lsp";
}
{
name = "path";
}
{
name = "buffer";
}
];
experimental = {
ghost_text = {
hl_group = "CmpGhostText";
};
};
mapping = {
"<c-space>" = "cmp.mapping.complete()";
"<cr>" = "cmp.mapping.confirm({ select = true; })";
};
};
};
cmp-nvim-lsp.enable = true;
cmp-path.enable = true;
cmp-buffer.enable = true;
};
# Keymaps
keymaps = [
# General
{
mode = "n";
key = "<leader>qq";
action = "<cmd>qa<cr>";
options = {desc = "Quit All";};
}
{
mode = "n";
key = "<leader>ww";
action = "<C-W>p";
options = {desc = "Other Window";};
}
{
mode = "n";
key = "<leader>wd";
action = "<C-W>c";
options = {desc = "Delete Window";};
}
{
mode = "n";
key = "<leader>ws";
action = "<C-W>s";
options = {desc = "Split Below";};
}
{
mode = "n";
key = "<leader>wv";
action = "<C-W>v";
options = {desc = "Split Right";};
}
{
mode = "n";
key = "<C-Left>";
action = "<C-W>h";
options = {desc = "Go To Left Window";};
}
{
mode = "n";
key = "<C-Down>";
action = "<C-W>j";
options = {desc = "Go To Lower Window";};
}
{
mode = "n";
key = "<C-Up>";
action = "<C-W>k";
options = {desc = "Go To Upper Window";};
}
{
mode = "n";
key = "<C-Right>";
action = "<C-W>l";
options = {desc = "Go To Right Window";};
}
{
mode = "v";
key = ">";
action = ">gv";
options = {desc = "Indent right selected text";};
}
{
mode = "v";
key = "<";
action = "<gv";
options = {desc = "Indent left selected text";};
}
# Clipboard
{
mode = ["n" "x"];
key = "y";
action = "<Plug>(YankyYank)";
options = {desc = "Yank Text";};
}
{
mode = ["n" "x"];
key = "p";
action = "<Plug>(YankyPutAfter)";
options = {desc = "Put Yanked Text After Cursor";};
}
{
mode = ["n" "x"];
key = "P";
action = "<Plug>(YankyPutBefore)";
options = {desc = "Put Yanked Text Before Cursor";};
}
{
mode = ["n" "x"];
key = "gp";
action = "<Plug>(YankyGPutAfter)";
options = {desc = "Put Yanked Text After Selection";};
}
{
mode = ["n" "x"];
key = "gP";
action = "<Plug>(YankyGPutBefore)";
options = {desc = "Put Yanked Text Befor Selection";};
}
{
mode = "n";
key = "<leader>cl";
action.__raw = ''require("lsp_lines").toggle'';
options = {desc = "Toggle LSP lines";};
}
# Terminal
{
mode = "t";
key = "<esc><esc>";
action = "<c-\\><c-n>";
options = {desc = "Enter Normal Mode";};
}
# Etc
{
mode = "n";
key = "<leader>e";
action = "<cmd>Neotree toggle<cr>";
options = {desc = "Open/Close Neotree";};
}
{
mode = "n";
key = "<leader>gg";
action = "<cmd>LazyGit<cr>";
options = {
desc = "LazyGit (root dir)";
};
}
];
}

7
configurations/default.nix Normal file
View File

@ -0,0 +1,7 @@
{
self,
inputs,
...
}: {
bonvim = ./bonvim.nix;
}

20
devShells/bonfire.nix
View File

@ -1,13 +1,9 @@
{ crane-lib, pkgs, ... }:
crane-lib.devShell {
packages = with pkgs; [
sops
mkpasswd
nil
jq
cachix
nodejs
python3
marksman
];
{pkgs, ...}:
pkgs.mkShellNoCC {
packages = with pkgs; [
sops
mkpasswd
jq
cachix
];
}

35
devShells/default.nix
View File

@ -1,22 +1,25 @@
# self.devShells.${system}
#
{ self, nixpkgs, ... }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ];
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
{
self,
nixpkgs,
...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in
forAllSystems (system: let
environment = rec {
pkgs = nixpkgsFor.${system};
in forAllSystems(system:
let environment = {
pkgs = nixpkgsFor.${system};
bonfire = self;
bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
crane = self.inputs.crane;
crane-lib = self.inputs.crane.lib.${system};
}; in {
bonfire = self;
bonfire-lib = self.lib;
bonfire-pkgs = self.packages.${system};
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
};
in {
default = import ./bonfire.nix environment;
netgen = import ./netgen.nix environment;
@ -27,4 +30,4 @@ in forAllSystems(system:
rust-x11 = import ./rust-x11.nix environment;
go = import ./go.nix environment;
})
})

18
devShells/go.nix
View File

@ -1,11 +1,11 @@
{ pkgs, ... }:
{pkgs, ...}:
pkgs.mkShellNoCC {
packages = with pkgs; [
go
gopls
gotools
go-tools
golangci-lint
gnumake
];
packages = with pkgs; [
go
gopls
gotools
go-tools
golangci-lint
gnumake
];
}

16
devShells/netgen.nix
View File

@ -1,9 +1,13 @@
{ pkgs, bonfire-pkgs, ... }:
{
pkgs,
bonfire-pkgs,
...
}:
pkgs.mkShellNoCC {
packages = [
bonfire-pkgs.netgen
pkgs.python3
];
packages = [
bonfire-pkgs.netgen
pkgs.python3
];
shellHook = bonfire-pkgs.netgen.passthru.shellHook;
shellHook = bonfire-pkgs.netgen.passthru.shellHook;
}

16
devShells/openfoam.nix
View File

@ -1,9 +1,13 @@
{ pkgs, bonfire-pkgs, ... }:
{
pkgs,
bonfire-pkgs,
...
}:
pkgs.mkShellNoCC {
packages = [
bonfire-pkgs.openfoam
pkgs.mpi
];
packages = [
bonfire-pkgs.openfoam
pkgs.mpi
];
shellHook = bonfire-pkgs.openfoam.passthru.shellHook;
shellHook = bonfire-pkgs.openfoam.passthru.shellHook;
}

44
devShells/rust-x11.nix
View File

@ -1,23 +1,27 @@
{ pkgs, crane-lib, ... }:
{
pkgs,
crane-lib,
...
}:
crane-lib.devShell rec {
packages = with pkgs; [
lld
pkg-config
libGL
vulkan-loader
vulkan-headers
vulkan-tools
vulkan-validation-layers
xorg.libXi
xorg.libX11
xorg.libXcursor
xorg.libXrandr
libxkbcommon
libudev-zero
alsa-lib
];
packages = with pkgs; [
lld
pkg-config
libGL
vulkan-loader
vulkan-headers
vulkan-tools
vulkan-validation-layers
xorg.libXi
xorg.libX11
xorg.libXcursor
xorg.libXrandr
libxkbcommon
libudev-zero
alsa-lib
];
shellHook = ''
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.lib.makeLibraryPath packages}"
'';
shellHook = ''
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.lib.makeLibraryPath packages}"
'';
}

12
devShells/rust.nix
View File

@ -1,6 +1,10 @@
{ pkgs, crane-lib, ... }:
{
pkgs,
crane-lib,
...
}:
crane-lib.devShell {
packages = [
pkgs.cargo-watch
];
packages = [
pkgs.cargo-watch
];
}

364
flake.lock generated
View File

@ -52,7 +52,7 @@
"inputs": {
"crane": "crane_2",
"fenix": "fenix_2",
"home-manager": "home-manager_2",
"home-manager": "home-manager_3",
"nixgl": "nixgl",
"nixos-mailserver": "nixos-mailserver_2",
"nixpkgs": "nixpkgs_3",
@ -78,7 +78,7 @@
"crane": "crane_3",
"devenv": "devenv",
"fenix": "fenix_3",
"home-manager": "home-manager_3",
"home-manager": "home-manager_4",
"nixgl": "nixgl_2",
"nixos-mailserver": "nixos-mailserver_3",
"nixpkgs": "nixpkgs_5",
@ -142,11 +142,11 @@
},
"catppuccin": {
"locked": {
"lastModified": 1718339789,
"narHash": "sha256-Q3fgY7huFE+uaw7BNsAl1x+FvjDAi3EDWPnlALJt5pM=",
"lastModified": 1719758387,
"narHash": "sha256-bMaI1jJNzIZar4TP/hhoPQROqqcbD6zT6O+sqIJdp8c=",
"owner": "catppuccin",
"repo": "nix",
"rev": "73e06d5bd7ed34bdd0168030893ef8364fdc1d4a",
"rev": "9eb0610d48dd0e1fecf772bbdacf9050d7b82d7c",
"type": "github"
},
"original": {
@ -162,11 +162,11 @@
]
},
"locked": {
"lastModified": 1718474113,
"narHash": "sha256-UKrfy/46YF2TRnxTtKCYzqf2f5ZPRRWwKCCJb7O5X8U=",
"lastModified": 1719685792,
"narHash": "sha256-WIoVERD4AN6CmfGSRPy3mfPx2dDbRHgzP2V8z6aNbaY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "0095fd8ea00ae0a9e6014f39c375e40c2fbd3386",
"rev": "aa5dcd0518a422dfd545d565f0d5a25971fea52a",
"type": "github"
},
"original": {
@ -224,7 +224,7 @@
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_6",
"nix": "nix_2",
"nixpkgs": [
"oscuro",
@ -288,6 +288,28 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
@ -296,11 +318,11 @@
"rust-analyzer-src": []
},
"locked": {
"lastModified": 1717827974,
"narHash": "sha256-ixopuTeTouxqTxfMuzs6IaRttbT8JqRW5C9Q/57WxQw=",
"lastModified": 1719815435,
"narHash": "sha256-K2xFp142onP35jcx7li10xUxNVEVRWjAdY8DSuR7Naw=",
"owner": "nix-community",
"repo": "fenix",
"rev": "ab655c627777ab5f9964652fe23bbb1dfbd687a8",
"rev": "ebfe2c639111d7e82972a12711206afaeeda2450",
"type": "github"
},
"original": {
@ -382,6 +404,20 @@
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -397,22 +433,6 @@
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
@ -430,6 +450,22 @@
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -445,7 +481,62 @@
"type": "github"
}
},
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719745305,
"narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -460,9 +551,9 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1689068808,
@ -478,9 +569,9 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
@ -496,7 +587,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -511,7 +602,56 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719259945,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"oscuro",
@ -544,11 +684,11 @@
]
},
"locked": {
"lastModified": 1718526747,
"narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
"lastModified": 1719827439,
"narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
"rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"type": "github"
},
"original": {
@ -558,6 +698,27 @@
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719677234,
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"oscuro",
@ -579,7 +740,7 @@
"type": "github"
}
},
"home-manager_3": {
"home-manager_4": {
"inputs": {
"nixpkgs": [
"oscuro",
@ -605,7 +766,7 @@
},
"nix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_5",
"nixpkgs": [
"oscuro",
"bonfire",
@ -633,6 +794,27 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719128254,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@ -698,7 +880,7 @@
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"oscuro",
"bonfire",
@ -721,7 +903,7 @@
},
"nixgl_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"oscuro",
"bonfire",
@ -754,11 +936,11 @@
"nixpkgs-24_05": "nixpkgs-24_05"
},
"locked": {
"lastModified": 1718398369,
"narHash": "sha256-ccOHDuTaUhD1DW6DGNXoDJNOwYx55rVNKECyqRzKRtE=",
"lastModified": 1718697807,
"narHash": "sha256-Enla61WFisytTYbWygPynEbu8vozjeGc6Obkj2GRj7o=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "54cbacb6eb9938bf1eaab7a7840fb527050c2af1",
"rev": "290a995de5c3d3f08468fa548f0d55ab2efc7b6b",
"type": "gitlab"
},
"original": {
@ -770,7 +952,7 @@
"nixos-mailserver_2": {
"inputs": {
"blobs": "blobs_2",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"oscuro",
"bonfire",
@ -795,7 +977,7 @@
"nixos-mailserver_3": {
"inputs": {
"blobs": "blobs_3",
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_7",
"nixpkgs": [
"oscuro",
"bonfire",
@ -821,11 +1003,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1718530797,
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
"lastModified": 1719690277,
"narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
"rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
"type": "github"
},
"original": {
@ -932,11 +1114,11 @@
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1718478900,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
"lastModified": 1719663039,
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c884223af91820615a6146af1ae1fea25c107005",
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
"type": "github"
},
"original": {
@ -1010,6 +1192,33 @@
"type": "github"
}
},
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1719835160,
"narHash": "sha256-AyZJM2la6+CAdKKSC3y80sbneW8dH/2lb+OxKzi2cAw=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "7cc1685eafdcf04cf1058949647ea2c7560f2d65",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"obs-image-reaction": {
"inputs": {
"nixpkgs": "nixpkgs_2"
@ -1071,7 +1280,7 @@
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"oscuro",
@ -1108,8 +1317,8 @@
"devenv",
"flake-compat"
],
"flake-utils": "flake-utils_3",
"gitignore": "gitignore",
"flake-utils": "flake-utils_4",
"gitignore": "gitignore_2",
"nixpkgs": [
"oscuro",
"bonfire",
@ -1142,6 +1351,7 @@
"home-manager": "home-manager",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"obs-image-reaction": "obs-image-reaction",
"oscuro": "oscuro",
"sops-nix": "sops-nix_3"
@ -1203,11 +1413,11 @@
"nixpkgs-stable": "nixpkgs-stable_4"
},
"locked": {
"lastModified": 1718506969,
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
"lastModified": 1719716556,
"narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
"rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6",
"type": "github"
},
"original": {
@ -1276,9 +1486,45 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719749022,
"narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1709126324,
@ -1296,7 +1542,7 @@
},
"utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1709126324,

198
flake.nix
View File

@ -1,94 +1,128 @@
{
description = "Derivation lit";
description = "Derivation lit";
nixConfig = {
extra-substituters = [ "https://bonfire.cachix.org" ];
extra-trusted-public-keys = [ "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM=" ];
nixConfig = {
extra-substituters = ["https://bonfire.cachix.org"];
extra-trusted-public-keys = ["bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
catppuccin = {
url = "github:catppuccin/nix";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
};
obs-image-reaction = {
url = "github:L-Nafaryus/obs-image-reaction";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
home-manager,
nixos-mailserver,
sops-nix,
crane,
fenix,
catppuccin,
oscuro,
...
} @ inputs: let
lib = import ./lib {inherit (nixpkgs) lib;};
in {
inherit lib;
nixosConfigurations = {
astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
self.nixosModules.bonfire
self.nixosModules.spoofdpi
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.configModule
];
specialArgs = {inherit self inputs;};
};
catarina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.configModule
];
specialArgs = {inherit self;};
};
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
catppuccin = {
url = "github:catppuccin/nix";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
};
obs-image-reaction = {
url = "github:L-Nafaryus/obs-image-reaction";
};
nixosModules =
lib.importNamedModules
(import ./nixosModules {
lib = nixpkgs.lib;
self = self;
})
.modules;
templates = {
rust = {
path = ./templates/rust;
description = "Basic Rust template";
};
};
outputs = { self, nixpkgs, home-manager, nixos-mailserver, sops-nix, crane, fenix, catppuccin, oscuro, ... } @ inputs:
let
lib = import ./lib { inherit (nixpkgs) lib; };
in {
inherit lib;
packages = import ./packages {inherit self inputs;};
nixosConfigurations = {
astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
self.nixosModules.bonfire
self.nixosModules.spoofdpi
(import ./nixosModules { lib = nixpkgs.lib; self = self; }).configModule
];
specialArgs = { inherit self inputs; };
};
apps = import ./apps {inherit self nixpkgs;};
catarina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
(import ./nixosModules { lib = nixpkgs.lib; self = self; }).configModule
];
specialArgs = { inherit self; };
};
};
devShells = import ./devShells {inherit self nixpkgs;};
nixosModules = lib.importNamedModules (import ./nixosModules { lib = nixpkgs.lib; self = self; }).modules;
configurations = import ./configurations {inherit self inputs;};
templates = {
rust = {
path = ./templates/rust;
description = "Basic Rust template";
};
};
packages = import ./packages { inherit self nixpkgs; };
apps = import ./apps { inherit self nixpkgs; };
devShells = import ./devShells { inherit self nixpkgs; };
hydraJobs = {
inherit (self) packages;
};
};
}

22
lib/default.nix
View File

@ -1,17 +1,17 @@
{ lib, ... }:
rec {
maintainers = import ./maintainers.nix;
{lib, ...}: rec {
maintainers = import ./maintainers.nix;
moduleName = path: if builtins.baseNameOf (toString path) == "default.nix" then
builtins.baseNameOf (lib.removeSuffix "/default.nix" (toString path))
else
builtins.baseNameOf (lib.removeSuffix ".nix" (toString path));
moduleName = path:
if builtins.baseNameOf (toString path) == "default.nix"
then builtins.baseNameOf (lib.removeSuffix "/default.nix" (toString path))
else builtins.baseNameOf (lib.removeSuffix ".nix" (toString path));
moduleNames = pathList: map (path: moduleName path) pathList;
moduleNames = pathList: map (path: moduleName path) pathList;
importModules = pathList: map (path: import path) pathList;
importModules = pathList: map (path: import path) pathList;
importNamedModules = pathList: lib.listToAttrs (
lib.zipListsWith (name: value: { inherit name value; }) (moduleNames pathList) (importModules pathList)
importNamedModules = pathList:
lib.listToAttrs (
lib.zipListsWith (name: value: {inherit name value;}) (moduleNames pathList) (importModules pathList)
);
}

12
lib/maintainers.nix
View File

@ -1,8 +1,8 @@
{
L-Nafaryus = {
email = "l.nafaryus@elnafo.ru";
github = "L-Nafaryus";
githubId = 37117584;
name = "L-Nafaryus";
};
L-Nafaryus = {
email = "l.nafaryus@elnafo.ru";
github = "L-Nafaryus";
githubId = 37117584;
name = "L-Nafaryus";
};
}

372
nixosConfigurations/astora/default.nix
View File

@ -1,200 +1,204 @@
{ pkgs, lib, config, ... }:
{
system.stateVersion = "23.11";
pkgs,
lib,
config,
...
}: {
system.stateVersion = "23.11";
imports = [ ./hardware.nix ./users.nix ];
imports = [./hardware.nix ./users.nix];
# Nix settings
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
trusted-users = [ "l-nafaryus" ];
allowed-users = [ "l-nafaryus" ];
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
# Nix settings
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
auto-optimise-store = true;
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
overlays = [
(final: prev: {
blender = prev.blender.override { cudaSupport = true; };
})
];
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Services
services.xserver = {
enable = true;
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
xkb = {
layout = "us";
variant = "";
};
videoDrivers = [ "nvidia" ];
#displayManager.gdm = {
# enable = true;
# autoSuspend = false;
# wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.udev = {
packages = with pkgs; [ gnome.gnome-settings-daemon ];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [ "/" ];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
overlays = [
(final: prev: {
blender = prev.blender.override {cudaSupport = true;};
})
];
};
programs = {
fish.enable = true;
# Services
services.xserver = {
enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
xkb = {
layout = "us";
variant = "";
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
videoDrivers = ["nvidia"];
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
#displayManager.gdm = {
# enable = true;
# autoSuspend = false;
# wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [ nerdfonts ];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
in {
enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.udev = {
packages = with pkgs; [gnome.gnome-settings-daemon];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = ["/"];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerdfonts];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
};
}

403
nixosConfigurations/astora/hardware.nix
View File

@ -1,202 +1,237 @@
{ config, lib, ... }:
{
# Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
config,
lib,
...
}: {
# Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" "tcp_bbr" "coretemp" "nct6775" ];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
'';
kernelParams = [ "threadirqs" ];
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
'';
kernelParams = ["threadirqs"];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
# Security
security = {
protectKernelImage = true;
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
polkit.enable = true;
};
users.users.root.initialPassword = "nixos";
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
# Security
security = {
protectKernelImage = true;
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; }
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; }
{ domain = "*"; item = "nofile"; type = "-"; value = "524288"; }
{ domain = "*"; item = "memlock"; type = "-"; value = "524288"; }
];
polkit.enable = true;
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
users.users.root.initialPassword = "nixos";
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = [ "subvol=steam-library" "compress=zstd" ];
};
"/media/lutris" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = [ "subvol=lutris" "compress=zstd" ];
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
swapDevices = [
{ device = "/swap/swapfile"; }
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = ["subvol=steam-library" "compress=zstd"];
};
"/media/lutris" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
options = ["subvol=lutris" "compress=zstd"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.nvidiaSettings = true;
nvidia.modesetting.enable = true;
graphics.enable = true;
graphics.enable32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = ["interface-name:ve-*"];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [80 443];
trustedInterfaces = ["ve-+"];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = ["ve-+"];
};
interfaces.wlo1.ipv4.addresses = [
{
address = "192.168.156.101";
prefixLength = 24;
}
];
services.fstrim.enable = true;
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
# Common
time.timeZone = "Asia/Yekaterinburg";
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.nvidiaSettings = true;
nvidia.modesetting.enable = true;
opengl.enable = true;
opengl.driSupport32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = [ "interface-name:ve-*" ];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "ve-+" ];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = [ "ve-+" ];
};
interfaces.wlo1.ipv4.addresses = [ {
address = "192.168.156.101";
prefixLength = 24;
} ];
defaultGateway = "192.168.156.1";
nameservers = [ "192.168.156.1" "8.8.8.8" ];
};
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

786
nixosConfigurations/astora/users.nix
View File

@ -1,311 +1,551 @@
{ config, pkgs, lib, self, inputs, ... }:
{
# Users
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = [ "networkmanager" "wheel" "audio" "libvirtd" "input" ];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
config,
pkgs,
lib,
self,
inputs,
...
}: {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
inputs.catppuccin.homeManagerModules.catppuccin
];
home.packages = with pkgs; [
#gnupg
git
nnn
pass
taskwarrior
#tmux
gparted
xclip
(firefox.override {nativeMessagingHosts = [passff-host];})
thunderbird
discord
pipewire.jack # pw-jack
carla
qpwgraph
wireplumber
yabridge
yabridgectl
lutris
wine
winetricks
gamemode
vlc
lollypop
gimp
inkscape
imagemagick
blender
ardour
olive-editor
openshot-qt
musescore
# soundux # unmaintained
losslesscut-bin
yt-dlp
ffmpeg
calf
zynaddsubfx
lsp-plugins
x42-plugins
cardinal
gxplugins-lv2
xtuner
aether-lv2
qbittorrent
transmission_3-qt
telegram-desktop
onlyoffice-bin
jdk
self.packages.${pkgs.system}.ultimmc
liberation_ttf
steamtinkerlaunch
eww
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
(python3.withPackages (p: [p.click]))
mangohud
gamescope
libstrangle
webcord
wl-clipboard
cliphist
tree
self.packages.${pkgs.system}.bonvim
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
# Theme
catppuccin = {
# global, for all enabled programs
enable = true;
flavor = "macchiato";
accent = "green";
};
home-manager.users.l-nafaryus = { pkgs, ... }:
let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
inputs.catppuccin.homeManagerModules.catppuccin
gtk = {
enable = true;
cursorTheme = {
name = "Papirus-Dark";
size = 16;
};
};
programs = {
# General
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins;
map (p: {
name = p.pname;
src = p.src;
}) [
fzf-fish
tide
grc
hydro
];
functions = {
fish-theme-configure = ''
tide configure \
--auto \
--style=Lean \
--prompt_colors='True color' \
--show_time='12-hour format' \
--lean_prompt_height='Two lines' \
--prompt_connection=Disconnected \
--prompt_spacing=Compact \
--icons='Many icons' \
--transient=No
'';
};
};
git = {
enable = true;
lfs.enable = true;
userName = "L-Nafaryus";
userEmail = "l.nafaryus@gmail.com";
signing = {
key = "86F1EA98B48FFB19";
signByDefault = true;
};
extraConfig = {
# ignore trends
init.defaultBranch = "master";
core = {
quotePath = false;
commitGraph = true;
whitespace = "trailing-space";
};
receive.advertisePushOptions = true;
gc.writeCommitGraph = true;
diff.submodule = "log";
};
aliases = {
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
tmux.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
};
# Graphical
alacritty = {
enable = true;
settings = {
font = {
size = 10;
};
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.alacritty.package}";
cycle = true;
extraConfig = {
show-icons = true;
disable-history = false;
};
theme = let
inherit (hmConfig.lib.formats.rasi) mkLiteral;
in {
"*" = {
border-col = mkLiteral "#a6da95";
};
window = {
border-radius = mkLiteral "5px";
};
};
};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
home.packages = with pkgs; [
#gnupg
git
nnn
pass
taskwarrior
#tmux
};
};
gparted
services = {
# General
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
xclip
# Graphical
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
(firefox.override { extraNativeMessagingHosts = [ passff-host ]; })
thunderbird
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
discord
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.alacritty.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe pkgs.nnn}";
pipewire.jack # pw-jack
carla
qpwgraph
wireplumber
yabridge
yabridgectl
lutris
wine
winetricks
gamemode
vlc
lollypop
gimp
inkscape
imagemagick
blender
ardour
olive-editor
openshot-qt
musescore
# soundux # unmaintained
losslesscut-bin
yt-dlp
ffmpeg
calf
zynaddsubfx
lsp-plugins
x42-plugins
cardinal
gxplugins-lv2
xtuner
aether-lv2
qbittorrent
transmission-qt
telegram-desktop
onlyoffice-bin
jdk
self.packages.${pkgs.system}.ultimmc
liberation_ttf
steamtinkerlaunch
eww
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
(python3.withPackages (p: [ p.click ]))
mangohud
gamescope
libstrangle
webcord
wl-clipboard
cliphist
tree
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
exec-once = [
"eww daemon"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160.png & swww img ~/Pictures/wallpapers/emily-in-the-cyberpunk-city.3840x2160a.gif"
];
env = [
"XCURSOR_SIZE,16"
"HYPRCURSOR_SIZE,16"
"WLR_DRM_NO_ATOMIC,1"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
catppuccin = {
# global, for all enabled programs
enable = true;
flavor = "macchiato";
accent = "green";
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
gtk = {
enable = true;
cursorTheme = {
name = "Papirus-Dark";
size = 16;
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
programs = {
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins; map (p: { name = p.pname; src = p.src; }) [
fzf-fish
tide # tide configure --auto --style=Lean --prompt_colors='True color' --show_time='12-hour format' --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Many icons' --transient=No
grc
hydro
];
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
tmux.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
};
alacritty = {
enable = true;
settings = {
font = {
size = 10;
};
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.alacritty.package}";
cycle = true;
extraConfig = {
show-icons = true;
disable-history = false;
};
theme = let inherit (hmConfig.lib.formats.rasi) mkLiteral; in {
"*" = {
border-col = mkLiteral "#a6da95";
};
window = {
border-radius = mkLiteral "5px";
};
};
};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
services = {
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, P, exec, eww open --toggle basemenu"
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# ---
xdg = {
enable = true;
mime.enable = true;
userDirs.enable = true;
};
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
};
};
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
home.sessionVariables = {
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots";
};
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
home.file = {
#"gnupg/gpg-agent.conf".text = ''
# default-cache-ttl 3600
# pinentry-program ${pkgs.pinentry.gtk2}/bin/pinentry
#'';
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
".config/git/config".source = "${config.bonfire.configDir}/git/config";
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot -m region"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
".config/nvim" = {
source = "${config.bonfire.configDir}/nvim";
recursive = true;
};
};
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
#programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# pinentryPackage = pkgs.pinentry-gnome3;
#};
environment.variables = let
makePluginPath = name: (lib.makeSearchPath name [
"/etc/profiles/per-user/$USER/lib"
"/run/current-system/sw/lib"
"$HOME/.nix-profile/lib"
]) + ":$HOME/.${name}";
in {
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
# XDG
xdg = {
enable = true;
mime.enable = true;
userDirs.enable = true;
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
# dconf
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
home.sessionVariables = {
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots";
};
};
programs.virt-manager.enable = true;
environment.variables = let
makePluginPath = name:
(lib.makeSearchPath name [
"/etc/profiles/per-user/$USER/lib"
"/run/current-system/sw/lib"
"$HOME/.nix-profile/lib"
])
+ ":$HOME/.${name}";
in {
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
# Services
services.spoofdpi.enable = true;
programs.virt-manager.enable = true;
# Services
services.spoofdpi.enable = true;
}

510
nixosConfigurations/catarina/default.nix
View File

@ -1,259 +1,285 @@
{ config, pkgs, lib, self, ... }:
let bonfire-pkgs = self.packages.${pkgs.system};
{
config,
pkgs,
lib,
self,
...
}: let
bonfire-pkgs = self.packages.${pkgs.system};
in {
system.stateVersion = "23.11";
system.stateVersion = "23.11";
imports = [
./hardware.nix
./users.nix
./services/papermc.nix
./services/gitea.nix
imports = [
./hardware.nix
./users.nix
# ./services/papermc.nix # disabled
./services/gitea.nix
];
# Nix settings
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus" "hydra"];
substituters = ["https://nix-community.cachix.org"];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
allowed-uris = [
"github:"
"git+https://github.com/"
"git+ssh://github.com/"
"git+https://vcs.elnafo.ru/"
"git+ssh://vcs.elnafo.ru/"
];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 14d";
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
};
# Services
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.blueman.enable = true;
services.fail2ban = {
enable = true;
maxretry = 12;
ignoreIP = [
"192.168.0.0/16"
];
bantime = "3h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h";
overalljails = true;
};
};
# Nix settings
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "l-nafaryus" ];
allowed-users = [ "l-nafaryus" ];
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 14d";
bonfire.withSecrets = true;
sops = config.bonfire.secrets.catarina.sops;
security.acme = {
acceptTerms = true;
defaults.email = "l.nafaryus@elnafo.ru";
defaults.group = "nginx";
certs = {
"elnafo.ru" = {
extraDomainNames = ["*.elnafo.ru"];
dnsProvider = "webnames";
credentialsFile = config.sops.secrets."dns".path;
webroot = null;
};
};
};
services.nginx = {
enable = true;
package = pkgs.nginx.override {withMail = true;};
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "5G";
virtualHosts = {
"elnafo.ru" = {
forceSSL = true;
enableACME = true;
root = "/var/www";
};
"www.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
globalRedirect = "elnafo.ru";
};
"bonfire.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "${bonfire-pkgs.bonfire-docs}";
};
"hydra.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
};
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = ["elnafo.ru"];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
localDnsResolver = true;
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.spoofdpi.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = ["/"];
};
services.btrbk = {
instances."catarina" = {
onCalendar = "daily";
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "14d";
snapshot_dir = "/media/btrbk-snapshots";
target_preserve_min = "no";
target_preserve = "14d 8w *m";
volume."/" = {
target = "/media/btrbk-backups";
subvolume = {
"var/lib/gitea" = {};
"var/lib/postgresql" = {};
"var/lib/postfix" = {};
"var/vmail" = {};
};
};
};
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
config.packageOverrides = super: {
lego = bonfire-pkgs.lego;
};
services.transmission = {
enable = true;
openRPCPort = true;
settings = {
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.156.101";
download-dir = "/media/storage/downloads";
incomplete-dir = "/media/storage/downloads/incomplete";
};
};
# Services
services.printing.enable = true;
services.oscuro = {
enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
services.hydra = {
enable = true;
listenHost = "127.0.0.1";
port = 3000;
hydraURL = "http://127.0.0.1:3000";
smtpHost = "elnafo.ru";
useSubstitutes = true;
notificationSender = "hydra@elnafo.ru";
buildMachinesFiles = [];
};
# Packages
environment.systemPackages = with pkgs; [
wget
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
git
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
gnupg
nnn
htop
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
services.blueman.enable = true;
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
services.fail2ban = {
enable = true;
maxretry = 12;
ignoreIP = [
"192.168.0.0/16"
];
bantime = "3h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h";
overalljails = true;
};
};
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
bonfire.withSecrets = true;
sops = config.bonfire.secrets.catarina.sops;
security.acme = {
acceptTerms = true;
defaults.email = "l.nafaryus@elnafo.ru";
defaults.group = "nginx";
certs = {
"elnafo.ru" = {
extraDomainNames = [ "*.elnafo.ru" ];
dnsProvider = "webnames";
credentialsFile = config.sops.secrets."dns".path;
webroot = null;
};
};
};
services.nginx = {
enable = true;
package = pkgs.nginx.override { withMail = true; };
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "5G";
virtualHosts = {
"elnafo.ru" = {
forceSSL = true;
enableACME = true;
root = "/var/www";
};
"www.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
globalRedirect = "elnafo.ru";
};
"bonfire.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "${bonfire-pkgs.bonfire-docs}";
};
};
};
mailserver = {
enable = true;
fqdn = "elnafo.ru";
domains = [ "elnafo.ru" ];
certificateScheme = "acme-nginx";
enableImapSsl = true;
openFirewall = true;
localDnsResolver = true;
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.spoofdpi.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [ "/" ];
};
services.btrbk = {
instances."catarina" = {
onCalendar = "daily";
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "14d";
snapshot_dir = "/media/btrbk-snapshots";
target_preserve_min = "no";
target_preserve = "14d 8w *m";
volume."/" = {
target = "/media/btrbk-backups";
subvolume = {
"var/lib/gitea" = {};
"var/lib/postgresql" = {};
"var/lib/postfix" = {};
"var/vmail" = {};
};
};
};
};
};
services.transmission = {
enable = true;
openRPCPort = true;
settings = {
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.156.101";
download-dir = "/media/storage/downloads";
incomplete-dir = "/media/storage/downloads/incomplete";
};
};
services.oscuro = {
enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
# Packages
environment.systemPackages = with pkgs; [
wget
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
git
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
gnupg
nnn
htop
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
Port 22
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l-nafaryus
'';
programs.direnv.enable = true;
programs.direnv.enable = true;
}

311
nixosConfigurations/catarina/hardware.nix
View File

@ -1,171 +1,176 @@
{ config, lib, ... }:
{
# Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
config,
lib,
...
}: {
# Boot
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" "tcp_bbr" "coretemp" "nct6775" ];
kernelParams = [ "threadirqs" ];
initrd.availableKernelModules = ["nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
kernelParams = ["threadirqs"];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
# Security
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
};
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
# Security
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
"/media/storage" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=storage" "nofail" "compress=zstd" ];
};
"/media/btrbk-backups" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=btrbk-backups" "nofail" "compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
swapDevices = [
{ device = "/swap/swapfile"; }
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
pulseaudio.enable = false;
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
sound.enable = true;
networking = {
networkmanager.enable = true;
useDHCP = false;
hostName = "catarina";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 3001 25600 8080 8085 ];
};
interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "192.168.156.102";
prefixLength = 24;
} ];
};
defaultGateway = "192.168.156.1";
nameservers = [ "192.168.156.1" "8.8.8.8" ];
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
services.logind.lidSwitchExternalPower = "ignore";
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
"/media/storage" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = ["subvol=storage" "nofail" "compress=zstd"];
};
"/media/btrbk-backups" = {
device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = ["subvol=btrbk-backups" "nofail" "compress=zstd"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
sound.enable = true;
networking = {
networkmanager.enable = true;
useDHCP = false;
hostName = "catarina";
extraHosts = '''';
firewall = {
enable = true;
allowedTCPPorts = [80 443 3001 25600 8080 8085];
};
interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.156.102";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
services.logind.lidSwitchExternalPower = "ignore";
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

206
nixosConfigurations/catarina/services/gitea.nix
View File

@ -1,107 +1,105 @@
{ config, ... }:
{
services.postgresql = {
{config, ...}: {
services.postgresql = {
enable = true;
authentication = ''
# Type Database DB-User Auth-Method Ident-Map(optional)
local git all ident map=gitea-users
'';
identMap = ''
# MapName System-User DB-User
gitea-users git git
'';
ensureDatabases = ["git"];
};
services.gitea = {
enable = true;
user = "git";
group = "gitea";
stateDir = "/var/lib/gitea";
settings = {
server = {
DOMAIN = "vcs.elnafo.ru";
ROOT_URL = "https://vcs.elnafo.ru/";
HTTP_ADDRESS = "127.0.0.1";
HTTP_PORT = 3001;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
FROM = "Elnafo VCS <git@elnafo.ru>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git@elnafo.ru";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = {
type = "postgres";
passwordFile = config.sops.secrets."database/git".path;
name = "git";
user = "git";
};
lfs.enable = true;
appName = "Elnafo VCS";
};
users.users.${config.services.gitea.user} = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
extraGroups = ["nginx"];
isSystemUser = true;
};
services.nginx.virtualHosts."vcs.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001";
};
services.gitea-actions-runner = {
instances = {
master = {
enable = true;
authentication = ''
# Type Database DB-User Auth-Method Ident-Map(optional)
local git all ident map=gitea-users
'';
identMap = ''
# MapName System-User DB-User
gitea-users git git
'';
ensureDatabases = [ "git" ];
name = "master";
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."gitea-runner/master-token".path;
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
"nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
];
settings.container.network = "host";
};
};
services.gitea = {
enable = true;
user = "git";
group = "gitea";
stateDir = "/var/lib/gitea";
settings = {
server = {
DOMAIN = "vcs.elnafo.ru";
ROOT_URL = "https://vcs.elnafo.ru/";
HTTP_ADDRESS = "127.0.0.1";
HTTP_PORT = 3001;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
FROM = "Elnafo VCS <git@elnafo.ru>";
PROTOCOL = "smtps";
SMTP_ADDR = "smtp.elnafo.ru";
SMTP_PORT = 465;
USER = "git@elnafo.ru";
USE_CLIENT_CERT = true;
CLIENT_CERT_FILE = "${config.security.acme.certs."elnafo.ru".directory}/cert.pem";
CLIENT_KEY_FILE = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
database = {
type = "postgres";
passwordFile = config.sops.secrets."database/git".path;
name = "git";
user = "git";
};
lfs.enable = true;
appName = "Elnafo VCS";
};
users.users.${config.services.gitea.user} = {
description = "Gitea Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = config.services.gitea.group;
extraGroups = [ "nginx" ];
isSystemUser = true;
};
services.nginx.virtualHosts."vcs.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001";
};
services.gitea-actions-runner = {
instances = {
master = {
enable = true;
name = "master";
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."gitea-runner/master-token".path;
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
"nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
];
settings.container.network = "host";
};
};
};
};
}

419
nixosConfigurations/catarina/services/papermc.nix
View File

@ -1,231 +1,246 @@
{ config, lib, pkgs, ... }:
let
inherit (pkgs) stdenv fetchurl;
{
config,
lib,
pkgs,
...
}: let
inherit (pkgs) stdenv fetchurl;
playerlist = [
{
name = "L_Nafaryus";
uuid = "02c47438-79eb-3938-b5e0-d7c03cb5709f";
level = 4;
}
{
name = "AfroPriest";
uuid = "6fa9251d-11a5-33ad-ada3-312f0632eab1";
level = 3;
}
{
name = "DiAlteri";
uuid = "0a278f5c-7192-30c8-aa2f-af157c348009";
level = 3;
}
];
playerlist = [
{
name = "L_Nafaryus";
uuid = "02c47438-79eb-3938-b5e0-d7c03cb5709f";
level = 4;
}
{
name = "AfroPriest";
uuid = "6fa9251d-11a5-33ad-ada3-312f0632eab1";
level = 3;
}
{
name = "DiAlteri";
uuid = "0a278f5c-7192-30c8-aa2f-af157c348009";
level = 3;
}
];
operators = lib.filter (player: player.level > 0) playerlist;
whitelist = map (player: removeAttrs player [ "level" ]) playerlist;
operators = lib.filter (player: player.level > 0) playerlist;
whitelist = map (player: removeAttrs player ["level"]) playerlist;
# Plugins
# Plugins
passky = stdenv.mkDerivation rec {
pname = "Passky";
version = "2.1.1";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Black1_TV/Passky/versions/${version}/PAPER/Passky-${version}.jar";
hash = "sha256-D5NpFrkGLgZNMS5WlMRM3Uv07hPsI9Hdsii2whTAZ2o=";
};
meta.homepage = "https://hangar.papermc.io/Black1_TV/Passky";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
passky = stdenv.mkDerivation rec {
pname = "Passky";
version = "2.1.1";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Black1_TV/Passky/versions/${version}/PAPER/Passky-${version}.jar";
hash = "sha256-D5NpFrkGLgZNMS5WlMRM3Uv07hPsI9Hdsii2whTAZ2o=";
};
meta.homepage = "https://hangar.papermc.io/Black1_TV/Passky";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
grimAnticheat = stdenv.mkDerivation rec {
pname = "GrimAC";
version = "2.3.46";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/GrimAnticheat/GrimAnticheat/versions/${version}/PAPER/grimac-${version}.jar";
hash = "sha256-tG8pBDMU4N/Ijn5RfdsQrtY4/gEhN1wEDCopqOSIqB4=";
};
meta.homepage = "https://hangar.papermc.io/GrimAnticheat/GrimAnticheat";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
grimAnticheat = stdenv.mkDerivation rec {
pname = "GrimAC";
version = "2.3.46";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/GrimAnticheat/GrimAnticheat/versions/${version}/PAPER/grimac-${version}.jar";
hash = "sha256-tG8pBDMU4N/Ijn5RfdsQrtY4/gEhN1wEDCopqOSIqB4=";
};
meta.homepage = "https://hangar.papermc.io/GrimAnticheat/GrimAnticheat";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
viaVersion = stdenv.mkDerivation rec {
pname = "ViaVersion";
version = "4.9.2";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/ViaVersion/ViaVersion/versions/${version}/PAPER/ViaVersion-${version}.jar";
hash = "sha256-dvcyqCpIjArKCnUAD/L+lG/5gRQ9fLMKcl/+o8sLmYs=";
};
meta.homepage = "https://hangar.papermc.io/ViaVersion/ViaVersion";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
viaVersion = stdenv.mkDerivation rec {
pname = "ViaVersion";
version = "4.9.2";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/ViaVersion/ViaVersion/versions/${version}/PAPER/ViaVersion-${version}.jar";
hash = "sha256-dvcyqCpIjArKCnUAD/L+lG/5gRQ9fLMKcl/+o8sLmYs=";
};
meta.homepage = "https://hangar.papermc.io/ViaVersion/ViaVersion";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
directionHUD = stdenv.mkDerivation rec {
pname = "DirectionHUD";
version = "1.2.2";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/other/DirectionHUD/versions/${version}%2B1.18-1.20.2/PAPER/directionhud-spigot-${version}%2B1.18-1.20.2.jar";
hash = "sha256-F+86Q58+3VoqNoD8P38bu8u1Hx8Si0lxNXZnF/R4hAg=";
};
meta.homepage = "https://hangar.papermc.io/other/DirectionHUD";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
directionHUD = stdenv.mkDerivation rec {
pname = "DirectionHUD";
version = "1.2.2";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/other/DirectionHUD/versions/${version}%2B1.18-1.20.2/PAPER/directionhud-spigot-${version}%2B1.18-1.20.2.jar";
hash = "sha256-F+86Q58+3VoqNoD8P38bu8u1Hx8Si0lxNXZnF/R4hAg=";
};
meta.homepage = "https://hangar.papermc.io/other/DirectionHUD";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
miniMOTD = stdenv.mkDerivation rec {
pname = "MiniMOTD";
version = "2.0.14";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/MiniMOTD/versions/${version}/PAPER/minimotd-bukkit-${version}.jar";
hash = "sha256-d7l/pZGxteS2A9c9PIZASDTACGev8HY5SHZRvcxBc5A=";
};
meta.homepage = "https://hangar.papermc.io/jmp/MiniMOTD";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
miniMOTD = stdenv.mkDerivation rec {
pname = "MiniMOTD";
version = "2.0.14";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/MiniMOTD/versions/${version}/PAPER/minimotd-bukkit-${version}.jar";
hash = "sha256-d7l/pZGxteS2A9c9PIZASDTACGev8HY5SHZRvcxBc5A=";
};
meta.homepage = "https://hangar.papermc.io/jmp/MiniMOTD";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
skinsRestorer = stdenv.mkDerivation rec {
pname = "SkinsRestorer";
version = "15.0.2";
src = fetchurl {
url = "https://github.com/SkinsRestorer/SkinsRestorerX/releases/download/${version}/SkinsRestorer.jar";
hash = "sha256-fhAegFtl22xKXMi5MbsXCYOjbfqOlQTnILoEJxCDbkc=";
};
meta.homepage = "https://hangar.papermc.io/SRTeam/SkinsRestorer";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
skinsRestorer = stdenv.mkDerivation rec {
pname = "SkinsRestorer";
version = "15.0.2";
src = fetchurl {
url = "https://github.com/SkinsRestorer/SkinsRestorerX/releases/download/${version}/SkinsRestorer.jar";
hash = "sha256-fhAegFtl22xKXMi5MbsXCYOjbfqOlQTnILoEJxCDbkc=";
};
meta.homepage = "https://hangar.papermc.io/SRTeam/SkinsRestorer";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
squaremap = stdenv.mkDerivation rec {
pname = "squaremap";
version = "1.2.2";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/squaremap/versions/${version}/PAPER/squaremap-paper-mc1.20.2-${version}.jar";
hash = "sha256-Z8AWzZLlZavF8YYs1kslhtCvzq5fZ7O97mTx3hCgj78=";
};
meta.homepage = "https://hangar.papermc.io/jmp/squaremap";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
squaremap = stdenv.mkDerivation rec {
pname = "squaremap";
version = "1.2.2";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/jmp/squaremap/versions/${version}/PAPER/squaremap-paper-mc1.20.2-${version}.jar";
hash = "sha256-Z8AWzZLlZavF8YYs1kslhtCvzq5fZ7O97mTx3hCgj78=";
};
meta.homepage = "https://hangar.papermc.io/jmp/squaremap";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
stargate = stdenv.mkDerivation rec {
pname = "Stargate";
version = "0.11.5.6";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Stargate/Stargate/versions/${version}/PAPER/Stargate-${version}.jar";
hash = "sha256-Ilz0z3juQ9c4/pUnHnvJO+PnJF1+vXBxW2pbERuEBo4=";
};
meta.homepage = "https://hangar.papermc.io/Stargate/Stargate";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
stargate = stdenv.mkDerivation rec {
pname = "Stargate";
version = "0.11.5.6";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/Stargate/Stargate/versions/${version}/PAPER/Stargate-${version}.jar";
hash = "sha256-Ilz0z3juQ9c4/pUnHnvJO+PnJF1+vXBxW2pbERuEBo4=";
};
meta.homepage = "https://hangar.papermc.io/Stargate/Stargate";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
chunky = stdenv.mkDerivation rec {
pname = "Chunky";
version = "1.3.92";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/pop4959/Chunky/versions/${version}/PAPER/Chunky-${version}.jar";
hash = "sha256-ABHfKJK0LQI2ZLt1D83897RAnE9xWu6+34IOlwTh17w=";
};
meta.homepage = "https://hangar.papermc.io/pop4959/Chunky";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
chunky = stdenv.mkDerivation rec {
pname = "Chunky";
version = "1.3.92";
src = fetchurl {
url = "https://hangarcdn.papermc.io/plugins/pop4959/Chunky/versions/${version}/PAPER/Chunky-${version}.jar";
hash = "sha256-ABHfKJK0LQI2ZLt1D83897RAnE9xWu6+34IOlwTh17w=";
};
meta.homepage = "https://hangar.papermc.io/pop4959/Chunky";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
xclaim = stdenv.mkDerivation rec {
pname = "XClaim";
version = "1.11.0";
src = fetchurl {
url = "https://github.com/WasabiThumb/xclaim/releases/download/${version}/xclaim-${version}.jar";
hash = "sha256-49R9cj1NnOx9n0yBtOj+m4V+56P4Ko/Co/LOgdhd2y4=";
};
meta.homepage = "https://hangar.papermc.io/WasabiThumbs/XClaim";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
xclaim = stdenv.mkDerivation rec {
pname = "XClaim";
version = "1.11.0";
src = fetchurl {
url = "https://github.com/WasabiThumb/xclaim/releases/download/${version}/xclaim-${version}.jar";
hash = "sha256-49R9cj1NnOx9n0yBtOj+m4V+56P4Ko/Co/LOgdhd2y4=";
};
meta.homepage = "https://hangar.papermc.io/WasabiThumbs/XClaim";
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/${pname}.jar
'';
};
plugins = [
passky grimAnticheat viaVersion directionHUD miniMOTD skinsRestorer squaremap stargate chunky xclaim
];
plugins = [
passky
grimAnticheat
viaVersion
directionHUD
miniMOTD
skinsRestorer
squaremap
stargate
chunky
xclaim
];
in {
services.papermc = {
enable = true;
eula = true;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = "survival";
motd = "GoodOmens";
max-players = 10;
level-seed = "66666666";
enable-status = true;
enforce-secure-profile = false;
difficulty = "normal";
online-mode = false;
enable-rcon = true;
"rcon.port" = 25600;
white-list = false;
};
jvmOpts = "-Xms512M -Xmx2048M";
rconPasswordFile = config.sops.secrets."papermc/rcon".path;
whitelist = whitelist;
ops = operators;
extraPreStart = ''
mkdir -p ${builtins.concatStringsSep " " (map (v: "plugins/${v.pname}") plugins)}
'' + builtins.concatStringsSep "\n" (map (v: "ln -sf ${v.outPath}/bin/${v.pname}.jar plugins/") plugins) + ''
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/main.conf plugins/MiniMOTD/
mkdir -p plugins/MiniMOTD/icons
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/icons/goodomens-logo.png plugins/MiniMOTD/icons/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/Tablist/config.yml plugins/Tablist/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/config.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/site/map/index.html plugins/squaremap/web/
'';
services.papermc = {
enable = true;
eula = true;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = "survival";
motd = "GoodOmens";
max-players = 10;
level-seed = "66666666";
enable-status = true;
enforce-secure-profile = false;
difficulty = "normal";
online-mode = false;
enable-rcon = true;
"rcon.port" = 25600;
white-list = false;
};
jvmOpts = "-Xms512M -Xmx2048M";
rconPasswordFile = config.sops.secrets."papermc/rcon".path;
whitelist = whitelist;
ops = operators;
extraPreStart =
''
mkdir -p ${builtins.concatStringsSep " " (map (v: "plugins/${v.pname}") plugins)}
''
+ builtins.concatStringsSep "\n" (map (v: "ln -sf ${v.outPath}/bin/${v.pname}.jar plugins/") plugins)
+ ''
services.nginx.virtualHosts."mc.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "/var/www/goodomens";
locations."^~ /map/".proxyPass = "http://127.0.0.1:8088/";
locations."/gallery/".root = "/var/www/goodomens";
locations."/gallery/images/" = {
root = "/var/www/goodomens";
extraConfig = ''autoindex on;'';
};
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/main.conf plugins/MiniMOTD/
mkdir -p plugins/MiniMOTD/icons
ln -sf ${config.bonfire.configDir}/goodomens/plugins/MiniMOTD/icons/goodomens-logo.png plugins/MiniMOTD/icons/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/Tablist/config.yml plugins/Tablist/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/config.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/plugins/squaremap/advanced.yml plugins/squaremap/
ln -sf ${config.bonfire.configDir}/goodomens/site/map/index.html plugins/squaremap/web/
'';
};
services.nginx.virtualHosts."mc.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".root = "/var/www/goodomens";
locations."^~ /map/".proxyPass = "http://127.0.0.1:8088/";
locations."/gallery/".root = "/var/www/goodomens";
locations."/gallery/images/" = {
root = "/var/www/goodomens";
extraConfig = ''autoindex on;'';
};
};
}

30
nixosConfigurations/catarina/users.nix
View File

@ -1,17 +1,21 @@
{ config, pkgs, lib, ... }:
{
# Users
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path;
config,
pkgs,
lib,
...
}: {
# Users
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path;
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = [ "networkmanager" "wheel" ];
group = "users";
uid = 1000;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path;
};
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel"];
group = "users";
uid = 1000;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path;
};
users.users.nginx.extraGroups = [ "acme" "papermc" ];
users.users.nginx.extraGroups = ["acme" "papermc"];
}

41
nixosModules/default.nix
View File

@ -1,20 +1,27 @@
{ lib, check ? true, self, ... }:
rec {
modules = [
./misc/bonfire/default.nix
./services/papermc.nix
./services/qbittorrent-nox.nix
./services/spoofdpi.nix
];
{
lib,
check ? true,
self,
...
}: rec {
modules = [
./misc/bonfire/default.nix
./services/papermc.nix
./services/qbittorrent-nox.nix
./services/spoofdpi.nix
];
configModule = { config, pkgs, ... }: {
config = {
# Module type checking
_module.check = check;
#_module.args.baseModules = modules;
#_module.args.pkgs = lib.mkDefault pkgs;
_module.args.bonpkgs = self.packages.${pkgs.system};
};
configModule = {
config,
pkgs,
...
}: {
config = {
# Module type checking
_module.check = check;
#_module.args.baseModules = modules;
#_module.args.pkgs = lib.mkDefault pkgs;
_module.args.bonpkgs = self.packages.${pkgs.system};
};
};
}

82
nixosModules/misc/bonfire/default.nix
View File

@ -1,45 +1,51 @@
{ config, lib, ... }:
with lib;
let cfg = config.bonfire;
{
config,
lib,
...
}:
with lib; let
cfg = config.bonfire;
in {
options = {
bonfire = {
home = mkOption {
type = types.path;
default = ../../../.;
description = "Bonfire root directory";
};
options = {
bonfire = {
home = mkOption {
type = types.path;
default = ../../../.;
description = "Bonfire root directory";
};
configDir = mkOption {
type = types.path;
default = "${cfg.home}/config";
description = "Path to Bonfire static configuration files";
};
configDir = mkOption {
type = types.path;
default = "${cfg.home}/config";
description = "Path to Bonfire static configuration files";
};
withSecrets = mkOption {
type = types.bool;
default = false;
description = "Enables the Bonfire secrets";
};
withSecrets = mkOption {
type = types.bool;
default = false;
description = "Enables the Bonfire secrets";
};
secrets = mkOption {
type = types.attrs;
description = "Secrets will be here after evaluation";
default = {};
};
};
secrets = mkOption {
type = types.attrs;
description = "Secrets will be here after evaluation";
default = {};
};
};
};
config = {
assertions = mkIf cfg.withSecrets [
{
assertion = builtins.pathExists ./secrets/default.nix;
message = "Missed git submodule 'bonfire-secrets'";
}
];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
};
config = {
assertions = mkIf cfg.withSecrets [{
assertion = (builtins.pathExists ./secrets/default.nix);
message = "Missed git submodule 'bonfire-secrets'";
}];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
};
bonfire.secrets = mkIf cfg.withSecrets (import ./secrets { inherit config; });
};
bonfire.secrets = mkIf cfg.withSecrets (import ./secrets {inherit config lib;});
};
}

80
nixosModules/misc/bonfire/secrets/default.nix
View File

@ -1,41 +1,55 @@
{ config }:
{
catarina = {
sops = {
defaultSopsFile = ./catarina.yaml;
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
secrets = {
"dns" = {};
config,
lib,
}: {
catarina = {
sops = {
defaultSopsFile = ./catarina.yaml;
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
secrets = {
"dns" = {};
"users/root" = { neededForUsers = true; };
"users/l-nafaryus" = { neededForUsers = true; };
"users/root" = {neededForUsers = true;};
"users/l-nafaryus" = {neededForUsers = true;};
"database/git" = { owner = "git"; group = "gitea"; };
"mail/l-nafaryus" = {};
"mail/git" = {};
"mail/kirill" = {};
"gitea/mail" = { owner = "git"; group = "gitea"; };
"gitea-runner/master-token" = {};
"papermc/rcon" = { owner = "papermc"; group = "papermc"; };
discordToken = { owner = "oscuro"; group = "oscuro"; };
};
"database/git" = {
owner = "git";
group = "gitea";
};
mailAccounts = {
"l.nafaryus@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/l-nafaryus".path;
aliases = [ "l-nafaryus@elnafo.ru" ];
};
"kirill@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/kirill".path;
};
"git@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/git".path;
};
"mail/l-nafaryus" = {};
"mail/git" = {};
"mail/kirill" = {};
"gitea/mail" = {
owner = "git";
group = "gitea";
};
"gitea-runner/master-token" = {};
"papermc/rcon" = lib.mkIf config.services.papermc.enable {
owner = "papermc";
group = "papermc";
};
discordToken = {
owner = "oscuro";
group = "oscuro";
};
};
};
mailAccounts = {
"l.nafaryus@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/l-nafaryus".path;
aliases = ["l-nafaryus@elnafo.ru"];
};
"kirill@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/kirill".path;
};
"git@elnafo.ru" = {
hashedPasswordFile = config.sops.secrets."mail/git".path;
};
};
};
}

459
nixosModules/services/papermc.nix
View File

@ -1,237 +1,258 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.papermc;
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.papermc;
eulaFile = builtins.toFile "eula.txt" ''
# eula.txt managed by NixOS Configuration
eula=true
'';
eulaFile = builtins.toFile "eula.txt" ''
# eula.txt managed by NixOS Configuration
eula=true
'';
whitelistFile = pkgs.writeText "whitelist.json"
(builtins.toJSON cfg.whitelist);
whitelistFile =
pkgs.writeText "whitelist.json"
(builtins.toJSON cfg.whitelist);
opsFile = pkgs.writeText "ops.json"
(builtins.toJSON cfg.ops);
opsFile =
pkgs.writeText "ops.json"
(builtins.toJSON cfg.ops);
cfgToString = v: if builtins.isBool v then boolToString v else toString v;
cfgToString = v:
if builtins.isBool v
then boolToString v
else toString v;
serverPropertiesFile = let
serverProperties' = if (cfg.rconPasswordFile == null) then cfg.serverProperties else
(removeAttrs cfg.serverProperties [ "rcon.password" ]);
in pkgs.writeText "server.properties" (''
serverPropertiesFile = let
serverProperties' =
if (cfg.rconPasswordFile == null)
then cfg.serverProperties
else (removeAttrs cfg.serverProperties ["rcon.password"]);
in
pkgs.writeText "server.properties" (''
# server.properties managed by NixOS configuration
'' + concatStringsSep "\n" (mapAttrsToList
(n: v: "${n}=${cfgToString v}") serverProperties') +
lib.optionalString (cfg.rconPasswordFile != null) "\nrcon.password=#rconpass#");
''
+ concatStringsSep "\n" (mapAttrsToList
(n: v: "${n}=${cfgToString v}")
serverProperties')
+ lib.optionalString (cfg.rconPasswordFile != null) "\nrcon.password=#rconpass#");
stopScript = pkgs.writeShellScript "minecraft-server-stop" ''
echo stop > ${config.systemd.sockets.papermc.socketConfig.ListenFIFO}
stopScript = pkgs.writeShellScript "minecraft-server-stop" ''
echo stop > ${config.systemd.sockets.papermc.socketConfig.ListenFIFO}
# Wait for the PID of the minecraft server to disappear before
# returning, so systemd doesn't attempt to SIGKILL it.
while kill -0 "$1" 2> /dev/null; do
sleep 1s
done
'';
# Wait for the PID of the minecraft server to disappear before
# returning, so systemd doesn't attempt to SIGKILL it.
while kill -0 "$1" 2> /dev/null; do
sleep 1s
done
'';
defaultServerPort = 25565;
defaultServerPort = 25565;
serverPort = cfg.serverProperties.server-port or defaultServerPort;
serverPort = cfg.serverProperties.server-port or defaultServerPort;
rconPort = if cfg.serverProperties.enable-rcon or false
then cfg.serverProperties."rcon.port" or 25575
else null;
queryPort = if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
rconPort =
if cfg.serverProperties.enable-rcon or false
then cfg.serverProperties."rcon.port" or 25575
else null;
queryPort =
if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
in {
options.services.papermc = {
enable = mkEnableOption "PaperMC service";
options.services.papermc = {
enable = mkEnableOption "PaperMC service";
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
eula = mkOption {
type = types.bool;
default = false;
description = ''
Whether you agree to [Mojangs EULA](https://account.mojang.com/documents/minecraft_eula).
This option must be set to `true` to run Minecraft server.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/papermc";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = types.listOf types.attrs;
default = {};
description = ''
This is a mapping from Minecraft usernames to UUIDs.
'';
};
ops = mkOption {
type = types.listOf types.attrs;
description = "Whitelist with players / operators.";
default = [];
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [ bool int str ]);
default = {
"rcon.password" = mkIf (cfg.rconPasswordFile != null) "#rconpass#";
};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. See
<https://minecraft.gamepedia.com/Server.properties#Java_Edition_3>
for documentation on these values.
'';
};
rconPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to file with rcon password.";
example = "/var/lib/secrets/papermc/rconpw";
};
package = mkPackageOption pkgs "papermc" {};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
extraPreStart = mkOption {
type = types.lines;
description = "Extra shell commands for service pre-start hook.";
default = '''';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
config = mkIf cfg.enable {
users.users.papermc = {
description = "Minecraft server service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "papermc";
};
users.groups.papermc = {};
systemd.sockets.papermc = {
bindsTo = [ "papermc.service" ];
socketConfig = {
ListenFIFO = "/run/papermc.stdin";
SocketMode = "0660";
SocketUser = "papermc";
SocketGroup = "papermc";
RemoveOnStop = true;
FlushPending = true;
};
};
systemd.services.papermc = {
description = "PaperMC Service";
wantedBy = [ "multi-user.target" ];
requires = [ "papermc.socket" ];
after = [ "network.target" "papermc.socket" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
ExecStop = "${stopScript} $MAINPID";
Restart = "always";
User = "papermc";
WorkingDirectory = cfg.dataDir;
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = let
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in ''
ln -sf ${eulaFile} eula.txt
cp -b --suffix=.stateful ${whitelistFile} whitelist.json
cp -b --suffix=.stateful ${opsFile} ops.json
cp -b --suffix=.stateful ${serverPropertiesFile} server.properties
chmod +w whitelist.json ops.json server.properties
${lib.optionalString (cfg.rconPasswordFile != null) ''
${replaceSecretBin} '#rconpass#' '${cfg.rconPasswordFile}' server.properties
''}
'' + cfg.extraPreStart;
};
networking.firewall = mkIf cfg.openFirewall ({
allowedUDPPorts = [ serverPort ];
allowedTCPPorts = [ serverPort ]
++ optional (queryPort != null) queryPort
++ optional (rconPort != null) rconPort;
});
assertions = [
{ assertion = cfg.eula;
message = "You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
eula = mkOption {
type = types.bool;
default = false;
description = ''
Whether you agree to [Mojangs EULA](https://account.mojang.com/documents/minecraft_eula).
This option must be set to `true` to run Minecraft server.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/papermc";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = types.listOf types.attrs;
default = {};
description = ''
This is a mapping from Minecraft usernames to UUIDs.
'';
};
ops = mkOption {
type = types.listOf types.attrs;
description = "Whitelist with players / operators.";
default = [];
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [bool int str]);
default = {
"rcon.password" = mkIf (cfg.rconPasswordFile != null) "#rconpass#";
};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. See
<https://minecraft.gamepedia.com/Server.properties#Java_Edition_3>
for documentation on these values.
'';
};
rconPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to file with rcon password.";
example = "/var/lib/secrets/papermc/rconpw";
};
package = mkPackageOption pkgs "papermc" {};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example =
"-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
extraPreStart = mkOption {
type = types.lines;
description = "Extra shell commands for service pre-start hook.";
default = '''';
};
};
config = mkIf cfg.enable {
users.users.papermc = {
description = "Minecraft server service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "papermc";
};
users.groups.papermc = {};
systemd.sockets.papermc = {
bindsTo = ["papermc.service"];
socketConfig = {
ListenFIFO = "/run/papermc.stdin";
SocketMode = "0660";
SocketUser = "papermc";
SocketGroup = "papermc";
RemoveOnStop = true;
FlushPending = true;
};
};
systemd.services.papermc = {
description = "PaperMC Service";
wantedBy = ["multi-user.target"];
requires = ["papermc.socket"];
after = ["network.target" "papermc.socket"];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
ExecStop = "${stopScript} $MAINPID";
Restart = "always";
User = "papermc";
WorkingDirectory = cfg.dataDir;
StandardInput = "socket";
StandardOutput = "journal";
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [""];
DeviceAllow = [""];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = let
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in
''
ln -sf ${eulaFile} eula.txt
cp -b --suffix=.stateful ${whitelistFile} whitelist.json
cp -b --suffix=.stateful ${opsFile} ops.json
cp -b --suffix=.stateful ${serverPropertiesFile} server.properties
chmod +w whitelist.json ops.json server.properties
${lib.optionalString (cfg.rconPasswordFile != null) ''
${replaceSecretBin} '#rconpass#' '${cfg.rconPasswordFile}' server.properties
''}
''
+ cfg.extraPreStart;
};
networking.firewall = mkIf cfg.openFirewall {
allowedUDPPorts = [serverPort];
allowedTCPPorts =
[serverPort]
++ optional (queryPort != null) queryPort
++ optional (rconPort != null) rconPort;
};
assertions = [
{
assertion = cfg.eula;
message =
"You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
};
}

229
nixosModules/services/qbittorrent-nox.nix
View File

@ -1,119 +1,122 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.qbittorrent-nox;
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent-nox;
in {
options.services.qbittorrent-nox = {
enable = mkEnableOption "Enables the qbittorrent-nox services.";
options.services.qbittorrent-nox = {
enable = mkEnableOption "Enables the qbittorrent-nox services.";
port = mkOption rec {
type = types.int;
default = 6969;
example = default;
description = "Torrenting port.";
};
webuiPort = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "WebUI port.";
};
dataDir = mkOption rec {
type = types.path;
default = "/var/lib/qbittorrent-nox";
example = default;
description = "Directory to store qbittorrent-nox data files.";
};
user = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "User account under which qbittorrent-nox runs.";
};
group = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "Group under which qbittorrent-nox runs.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.qbittorrent-nox.port`.";
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = "The qbittorrent package to use.";
};
port = mkOption rec {
type = types.int;
default = 6969;
example = default;
description = "Torrenting port.";
};
config = mkIf cfg.enable {
users.users.qbittorrent-nox = {
description = "qbittorrent-nox service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "qbittorrent-nox";
};
users.groups.qbittorrent-nox = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
systemd.services.qbittorrent-nox = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/qbittorrent-nox --torrenting-port=${toString cfg.port} --webui-port=${toString cfg.webuiPort}";
Restart = "always";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
# Runtime directory and mode
RuntimeDirectory = "qbittorrent-nox";
RuntimeDirectoryMode = "0755";
# Proc filesystem
ProcSubset = "pid";
ProtectProc = "invisible";
# Access write directories
ReadWritePaths = [ cfg.dataDir ];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
webuiPort = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "WebUI port.";
};
dataDir = mkOption rec {
type = types.path;
default = "/var/lib/qbittorrent-nox";
example = default;
description = "Directory to store qbittorrent-nox data files.";
};
user = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "User account under which qbittorrent-nox runs.";
};
group = mkOption {
type = types.str;
default = "qbittorrent-nox";
description = "Group under which qbittorrent-nox runs.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.qbittorrent-nox.port`.";
};
package = mkOption {
type = types.package;
default = pkgs.qbittorrent-nox;
defaultText = literalExpression "pkgs.qbittorrent-nox";
description = "The qbittorrent package to use.";
};
};
config = mkIf cfg.enable {
users.users.qbittorrent-nox = {
description = "qbittorrent-nox service user.";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "qbittorrent-nox";
};
users.groups.qbittorrent-nox = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent-nox = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${cfg.package}/bin/qbittorrent-nox --torrenting-port=${toString cfg.port} --webui-port=${toString cfg.webuiPort}";
Restart = "always";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
# Runtime directory and mode
RuntimeDirectory = "qbittorrent-nox";
RuntimeDirectoryMode = "0755";
# Proc filesystem
ProcSubset = "pid";
ProtectProc = "invisible";
# Access write directories
ReadWritePaths = [cfg.dataDir];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
};
}

110
nixosModules/services/spoofdpi.nix
View File

@ -1,59 +1,63 @@
{ config, lib, bonpkgs, ... }:
with lib;
let
cfg = config.services.spoofdpi;
{
config,
lib,
bonpkgs,
...
}:
with lib; let
cfg = config.services.spoofdpi;
in {
options.services.spoofdpi = {
enable = mkEnableOption "SpoofDPI service";
options.services.spoofdpi = {
enable = mkEnableOption "SpoofDPI service";
package = mkOption {
type = types.package;
default = bonpkgs.spoofdpi;
defaultText = literalExpression "bonpkgs.spoofdpi";
description = "The package to use.";
};
address = mkOption rec {
type = types.str;
default = "127.0.0.1";
example = default;
description = "Listen address.";
};
port = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "Port.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.spoofdpi.port`.";
};
dns = mkOption rec {
type = types.str;
default = "8.8.8.8";
example = default;
description = "DNS server.";
};
package = mkOption {
type = types.package;
default = bonpkgs.spoofdpi;
defaultText = literalExpression "bonpkgs.spoofdpi";
description = "The package to use.";
};
config = mkIf cfg.enable {
systemd.services.spoofdpi = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = "on-failure";
ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
DynamicUser = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
address = mkOption rec {
type = types.str;
default = "127.0.0.1";
example = default;
description = "Listen address.";
};
port = mkOption rec {
type = types.port;
default = 8080;
example = default;
description = "Port.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open `services.spoofdpi.port`.";
};
dns = mkOption rec {
type = types.str;
default = "8.8.8.8";
example = default;
description = "DNS server.";
};
};
config = mkIf cfg.enable {
systemd.services.spoofdpi = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Restart = "on-failure";
ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
DynamicUser = "yes";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
};
}

265
packages/bonfire-docs/default.nix
View File

@ -1,167 +1,196 @@
{
bonfire,
lib,
pkgs,
...
}:
let
version = bonfire.shortRev or bonfire.dirtyShortRev or "unknown";
projectPath = ../../.;
modulesPath = ../../nixosModules;
bonfire,
lib,
pkgs,
...
}: let
version = bonfire.shortRev or bonfire.dirtyShortRev or "unknown";
projectPath = ../../.;
modulesPath = ../../nixosModules;
links = [
{
hostname = "vcs-elnafo";
url = "https://vcs.elnafo.ru/L-Nafaryus/bonfire/src/branch/master";
}
{
hostname = "github";
url = "https://github.com/L-Nafaryus/bonfire/blob/master";
}
links = [
{
hostname = "vcs-elnafo";
url = "https://vcs.elnafo.ru/L-Nafaryus/bonfire/src/branch/master";
}
{
hostname = "github";
url = "https://github.com/L-Nafaryus/bonfire/blob/master";
}
];
formatDeclaration = declaration:
if lib.hasPrefix (toString modulesPath) (toString declaration)
then let
subpath = lib.removePrefix (toString projectPath + "/") (toString declaration);
in
map ({
hostname,
url,
}: {
url = "${url}/${subpath}";
name = "<${hostname}:bonfire/${subpath}>";
})
links
else
# skip external declarations
lib.singleton declaration;
nixosModules = import modulesPath {
inherit lib;
self = bonfire;
check = false;
};
evaluatedModules = lib.evalModules {
modules = nixosModules.modules ++ [nixosModules.configModule];
};
optionsDoc = pkgs.nixosOptionsDoc {
options = builtins.removeAttrs evaluatedModules.options [
"_module"
"system"
];
formatDeclaration = declaration:
if lib.hasPrefix (toString modulesPath) (toString declaration) then
let subpath = lib.removePrefix (toString projectPath + "/") (toString declaration);
in map ({ hostname, url }: {
url = "${url}/${subpath}";
name = "<${hostname}:bonfire/${subpath}>";
}) links
else
# skip external declarations
lib.singleton declaration;
transformOptions = option:
option
// {
declarations = lib.unique (
lib.flatten (map (declaration: formatDeclaration declaration) option.declarations)
++ option.declarations
);
};
documentType = "none";
revision = version;
};
nixosModules = (import modulesPath { inherit lib; self = bonfire; check = false; });
systems = builtins.attrNames bonfire.packages;
derivations = lib.flatten (
map (packages: (
map (name: packages.${name}) (builtins.attrNames packages)
)) (map (system: bonfire.packages.${system}) systems)
);
evaluatedModules = lib.evalModules {
modules = nixosModules.modules ++ [ nixosModules.configModule ];
};
optionsDoc = pkgs.nixosOptionsDoc {
options = builtins.removeAttrs evaluatedModules.options [
"_module"
"system"
];
transformOptions = option: option // {
declarations = lib.unique (
lib.flatten (map (declaration: formatDeclaration declaration) option.declarations) ++
option.declarations
);
};
documentType = "none";
revision = version;
};
systems = builtins.attrNames bonfire.packages;
derivations = lib.flatten (
map (packages: (
map (name: packages.${name}) (builtins.attrNames packages)
)) (map (system: bonfire.packages.${system}) systems));
renderMaintainers = maintainers: lib.concatStringsSep ", " (
let
maintainer = mt: if mt?github then "[${mt.name}](https://github.com/${mt.github})" else mt.name;
email = mt: if mt?email then "<[${mt.email}](mailto:${mt.email})>" else "";
in map (mt: maintainer mt + email mt) maintainers
renderMaintainers = maintainers:
lib.concatStringsSep ", " (
let
maintainer = mt:
if mt ? github
then "[${mt.name}](https://github.com/${mt.github})"
else mt.name;
email = mt:
if mt ? email
then "<[${mt.email}](mailto:${mt.email})>"
else "";
in
map (mt: maintainer mt + email mt) maintainers
);
renderPlatforms = platforms: if platforms != lib.platforms.none then
if platforms == lib.platforms.all then
"all"
else
lib.concatStringsSep ", " (map (platform: "__${platform}__") platforms)
renderPlatforms = platforms:
if platforms != lib.platforms.none
then
if platforms == lib.platforms.all
then "all"
else lib.concatStringsSep ", " (map (platform: "__${platform}__") platforms)
else "";
renderPackage = drv: ''
## ${drv.pname}
renderPackage = drv: ''
## ${drv.pname}
${lib.optionalString (drv.meta?description) drv.meta.description}
${lib.optionalString (drv.meta ? description) drv.meta.description}
${lib.optionalString (drv.meta?homepage) "[Homepage](${drv.meta.homepage})"}
${lib.optionalString (drv.meta ? homepage) "[Homepage](${drv.meta.homepage})"}
Version: __${drv.version}__
Version: __${drv.version}__
${lib.optionalString (drv.meta?license) "License: [${drv.meta.license.fullName}](${drv.meta.license.url})"}
${lib.optionalString (drv.meta ? license) "License: [${drv.meta.license.fullName}](${drv.meta.license.url})"}
Outputs: ${lib.concatStringsSep ", " (map (o: "__${o}__") drv.outputs)}
Outputs: ${lib.concatStringsSep ", " (map (o: "__${o}__") drv.outputs)}
${lib.optionalString (drv.meta?mainProgram) "Provided programs: __${drv.meta.mainProgram}__"}
${lib.optionalString (drv.meta ? mainProgram) "Provided programs: __${drv.meta.mainProgram}__"}
${lib.optionalString (drv.meta?maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta ? maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta?platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
'';
${lib.optionalString (drv.meta ? platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
'';
renderImage = drv: ''
## ${drv.imageName}
renderImage = drv: ''
## ${drv.imageName}
${lib.optionalString (drv.meta?description) drv.meta.description}
${lib.optionalString (drv.meta ? description) drv.meta.description}
${lib.optionalString (drv.meta?homepage) "[Homepage](${drv.meta.homepage})"}
${lib.optionalString (drv.meta ? homepage) "[Homepage](${drv.meta.homepage})"}
Tag: __${drv.imageTag}__
Tag: __${drv.imageTag}__
${lib.optionalString (drv.fromImage != null) "From: __${drv.fromImage.imageName}__"}
${lib.optionalString (drv.fromImage != null) "From: __${drv.fromImage.imageName}__"}
${lib.optionalString (drv.meta?license) "License: ${if lib.isList drv.meta.license then (map (license: "[${drv.meta.license.fullName}](${drv.meta.license.url})") drv.meta.license) else "[${drv.meta.license.fullName}](${drv.meta.license.url})"}"}
${lib.optionalString (drv.meta ? license) "License: ${
if lib.isList drv.meta.license
then (map (license: "[${drv.meta.license.fullName}](${drv.meta.license.url})") drv.meta.license)
else "[${drv.meta.license.fullName}](${drv.meta.license.url})"
}"}
${lib.optionalString (drv.meta?maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta ? maintainers) "Maintainers: ${renderMaintainers drv.meta.maintainers}"}
${lib.optionalString (drv.meta?platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
'';
packagesDoc = pkgs.writeText "packages.md"
(lib.concatStringsSep "\n" (map (drv:
if drv?imageTag then renderImage drv else renderPackage drv) derivations));
${lib.optionalString (drv.meta ? platforms) "Platforms: ${renderPlatforms drv.meta.platforms}"}
'';
packagesDoc =
pkgs.writeText "packages.md"
(lib.concatStringsSep "\n" (map (drv:
if drv ? imageTag
then renderImage drv
else if drv ? pname
then renderPackage drv
else "")
derivations));
in
pkgs.stdenvNoCC.mkDerivation {
pkgs.stdenvNoCC.mkDerivation {
pname = "bonfire-docs";
inherit version;
src = lib.fileset.toSource {
root = ./.;
fileset = lib.fileset.unions [
./src
./book.toml
./theme
];
root = ./.;
fileset = lib.fileset.unions [
./src
./book.toml
./theme
];
};
nativeBuildInputs = [ pkgs.mdbook ];
nativeBuildInputs = [pkgs.mdbook];
dontPatch = true;
dontConfigure = true;
doCheck = false;
buildPhase = ''
runHook preBuild
ln -s ${../../README.md} src/README.md
ln -s ${optionsDoc.optionsCommonMark} src/options/modules.md
ln -s ${packagesDoc} src/packages/packages.md
mdbook build
runHook postBuild
runHook preBuild
ln -s ${../../README.md} src/README.md
ln -s ${optionsDoc.optionsCommonMark} src/options/modules.md
ln -s ${packagesDoc} src/packages/packages.md
mdbook build
runHook postBuild
'';
installPhase = ''
runHook preInstall
mv book $out
runHook postInstall
runHook preInstall
mv book $out
runHook postInstall
'';
passthru = {
serve = pkgs.writeShellApplication {
name = "server";
runtimeInputs = [ pkgs.python3 ];
text = "python -m http.server --bind 127.0.0.1";
};
serve = pkgs.writeShellApplication {
name = "server";
runtimeInputs = [pkgs.python3];
text = "python -m http.server --bind 127.0.0.1";
};
};
meta = with lib; {
description = "Bonfire HTML documentation.";
license = licenses.mit;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
platforms = lib.platforms.all;
description = "Bonfire HTML documentation.";
license = licenses.mit;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
platforms = lib.platforms.all;
};
}
}

16
packages/bonvim/default.nix Normal file
View File

@ -0,0 +1,16 @@
{
pkgs,
nixvim-pkgs,
bonconfigs,
fenix-pkgs,
...
}:
nixvim-pkgs.makeNixvimWithModule {
pkgs = pkgs;
module = import bonconfigs.bonvim;
extraSpecialArgs = {
rustc = fenix-pkgs.complete.rustc;
cargo = fenix-pkgs.complete.cargo;
rust-analyzer = fenix-pkgs.complete.rust-analyzer;
};
}

52
packages/cargo-shuttle/default.nix
View File

@ -1,43 +1,45 @@
{
bonfire,
crane-lib,
lib,
pkgs,
version ? "v0.44.0",
hash ? "sha256-3u2GWgDQpa4sU/66vS6S+JwCEL/fvy8MTsATRs7RGVs=",
...
}:
let pkg = {
bonfire,
crane-lib,
lib,
pkgs,
version ? "v0.44.0",
hash ? "sha256-3u2GWgDQpa4sU/66vS6S+JwCEL/fvy8MTsATRs7RGVs=",
...
}: let
pkg = {
pname = "cargo-shuttle";
inherit version;
src = pkgs.fetchFromGitHub {
owner = "shuttle-hq";
repo = "shuttle";
rev = version;
hash = hash;
owner = "shuttle-hq";
repo = "shuttle";
rev = version;
hash = hash;
};
strictDeps = true;
doCheck = false;
nativeBuildInputs = with pkgs; [
pkg-config
pkg-config
];
buildInputs = with pkgs; [
openssl
zlib
openssl
zlib
];
meta = with lib; {
description = "A cargo command for the shuttle platform";
license = licenses.asl20;
homepage = "https://shuttle.rs/";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
description = "A cargo command for the shuttle platform";
license = licenses.asl20;
homepage = "https://shuttle.rs/";
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
};
};
in let cargoArtifacts = crane-lib.buildDepsOnly pkg;
in crane-lib.buildPackage (
pkg // { inherit cargoArtifacts; }
)
};
in let
cargoArtifacts = crane-lib.buildDepsOnly pkg;
in
crane-lib.buildPackage (
pkg // {inherit cargoArtifacts;}
)

99
packages/dearpygui/default.nix
View File

@ -1,61 +1,64 @@
{
bonfire,
stdenv, lib, pkgs,
version ? "1.10.0",
sha256 ? "sha256-36GAGfvHZyNZe/Z7o3VrCCwApkZpJ+r2E8+1Hy32G5Q=", ...
bonfire,
stdenv,
lib,
pkgs,
version ? "1.10.0",
sha256 ? "sha256-36GAGfvHZyNZe/Z7o3VrCCwApkZpJ+r2E8+1Hy32G5Q=",
...
}:
pkgs.python3.pkgs.buildPythonPackage {
pname = "dearpygui";
inherit version;
pname = "dearpygui";
inherit version;
src = pkgs.fetchFromGitHub {
owner = "hoffstadt";
repo = "DearPyGui";
rev = "v${version}";
fetchSubmodules = true;
sha256 = sha256;
};
src = pkgs.fetchFromGitHub {
owner = "hoffstadt";
repo = "DearPyGui";
rev = "v${version}";
fetchSubmodules = true;
sha256 = sha256;
};
cmakeFlags = [
"-DMVDIST_ONLY=True"
];
cmakeFlags = [
"-DMVDIST_ONLY=True"
];
postConfigure = ''
cd $cmakeDir
mv build cmake-build-local
'';
postConfigure = ''
cd $cmakeDir
mv build cmake-build-local
'';
nativeBuildInputs = with pkgs; [
pkg-config
cmake
];
nativeBuildInputs = with pkgs; [
pkg-config
cmake
];
buildInputs = with pkgs; [
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXinerama.dev
xorg.libXcursor.dev
xorg.xinput
xorg.libXi.dev
xorg.libXext
libxcrypt
buildInputs = with pkgs; [
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXinerama.dev
xorg.libXcursor.dev
xorg.xinput
xorg.libXi.dev
xorg.libXext
libxcrypt
glfw
glew
];
glfw
glew
];
dontUseSetuptoolsCheck = true;
dontUseSetuptoolsCheck = true;
pythonImportsCheck = [
"dearpygui"
];
pythonImportsCheck = [
"dearpygui"
];
meta = with pkgs.lib; {
homepage = "https://dearpygui.readthedocs.io/en/";
description = "Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies.";
license = licenses.mit;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
broken = pkgs.stdenv.isDarwin;
};
meta = with pkgs.lib; {
homepage = "https://dearpygui.readthedocs.io/en/";
description = "Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies.";
license = licenses.mit;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin;
};
}

58
packages/default.nix
View File

@ -1,42 +1,48 @@
# self.packages.${system}
#
{ self, nixpkgs, ... }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ];
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
{
self,
inputs,
...
}: let
forAllSystems = inputs.nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import inputs.nixpkgs {inherit system;});
in
forAllSystems (system: let
pkgs = nixpkgsFor.${system};
in forAllSystems(system:
let
pkgs = nixpkgsFor.${system};
bonfire = self;
bonlib = self.lib;
bonpkgs = self.packages.${system};
bonconfigs = self.configurations;
bonfire = self;
bonlib = self.lib;
bonpkgs = self.packages.${system};
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
fenix = self.inputs.fenix;
fenix-pkgs = self.inputs.fenix.packages.${system};
fenix = self.inputs.fenix;
in {
nixvim-pkgs = self.inputs.nixvim.legacyPackages.${system};
in {
bonfire-docs = pkgs.callPackage ./bonfire-docs {inherit bonfire;};
bonfire-docs = pkgs.callPackage ./bonfire-docs { inherit bonfire; };
netgen = pkgs.callPackage ./netgen {inherit bonfire;};
netgen = pkgs.callPackage ./netgen { inherit bonfire; };
dearpygui = pkgs.callPackage ./dearpygui {inherit bonfire;};
dearpygui = pkgs.callPackage ./dearpygui { inherit bonfire; };
openfoam = pkgs.callPackage ./openfoam {inherit bonfire;};
openfoam = pkgs.callPackage ./openfoam { inherit bonfire; };
spoofdpi = pkgs.callPackage ./spoofdpi {inherit bonfire;};
spoofdpi = pkgs.callPackage ./spoofdpi { inherit bonfire; };
lego = pkgs.callPackage ./lego {inherit bonfire;};
lego = pkgs.callPackage ./lego { inherit bonfire; };
ultimmc = pkgs.libsForQt5.callPackage ./ultimmc {inherit bonfire;};
ultimmc = pkgs.libsForQt5.callPackage ./ultimmc { inherit bonfire; };
cargo-shuttle = pkgs.callPackage ./cargo-shuttle {inherit bonfire crane-lib;};
cargo-shuttle = pkgs.callPackage ./cargo-shuttle { inherit bonfire crane-lib; };
nix-minimal = pkgs.callPackage ./nix-minimal {inherit bonpkgs bonlib;};
nix-minimal = pkgs.callPackage ./nix-minimal { inherit bonpkgs bonlib; };
nix-runner = pkgs.callPackage ./nix-runner {inherit bonpkgs bonlib;};
nix-runner = pkgs.callPackage ./nix-runner { inherit bonpkgs bonlib; };
})
# map (ps: (map (p: { name = p; systems = [ ps.${p}.system ]; type = if ps.${p}?imageTag then "image" else "package"; }) (builtins.attrNames ps))) (map (s: bf.packages.${s}) (builtins.attrNames bf.packages))
bonvim = import ./bonvim {inherit nixvim-pkgs pkgs bonconfigs fenix-pkgs;};
})

57
packages/lego/default.nix
View File

@ -1,38 +1,41 @@
{
bonfire,
lib,
fetchFromGitHub, buildGoModule, nixosTests,
version ? "c847ac4a4c55d6a5a457f6ef494cf45a47299e01",
hash ? "sha256-g9OxhM+iNUrAZgM1we8qPsismPy5a0eN654tSYuM/No=",
vendorHash ? "sha256-wG0x86lptEY3x+7kVN7v1XZniliMOxaJ6Y95YS6ivJY=", ...
bonfire,
lib,
fetchFromGitHub,
buildGoModule,
nixosTests,
version ? "c847ac4a4c55d6a5a457f6ef494cf45a47299e01",
hash ? "sha256-g9OxhM+iNUrAZgM1we8qPsismPy5a0eN654tSYuM/No=",
vendorHash ? "sha256-wG0x86lptEY3x+7kVN7v1XZniliMOxaJ6Y95YS6ivJY=",
...
}:
buildGoModule rec {
pname = "lego";
inherit version;
pname = "lego";
inherit version;
src = fetchFromGitHub {
owner = "go-acme";
repo = "lego";
rev = version;
hash = hash;
};
src = fetchFromGitHub {
owner = "go-acme";
repo = "lego";
rev = version;
hash = hash;
};
inherit vendorHash;
inherit vendorHash;
doCheck = false;
doCheck = false;
subPackages = [ "cmd/lego" ];
subPackages = ["cmd/lego"];
ldflags = [
"-X main.version=${version}"
];
ldflags = [
"-X main.version=${version}"
];
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
};
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
};
passthru.tests.lego = nixosTests.acme;
passthru.tests.lego = nixosTests.acme;
}

99
packages/netgen/default.nix
View File

@ -1,72 +1,77 @@
{
bonfire,
stdenv, lib, pkgs,
version ? "6.2.2402",
sha256 ? "sha256-o3cj5k2VtYiGcs9Z9FyfwtOpDlZZlcO3kRgBSer6KAw=", ...
}:
let pkg = stdenv.mkDerivation {
bonfire,
stdenv,
lib,
pkgs,
version ? "6.2.2402",
sha256 ? "sha256-o3cj5k2VtYiGcs9Z9FyfwtOpDlZZlcO3kRgBSer6KAw=",
...
}: let
pkg = stdenv.mkDerivation {
pname = "netgen";
inherit version;
src = pkgs.fetchFromGitHub {
owner = "NGSolve";
repo = "netgen";
rev = "v${version}";
sha256 = sha256;
owner = "NGSolve";
repo = "netgen";
rev = "v${version}";
sha256 = sha256;
};
patches = [
./regex-version.patch
./regex-version.patch
];
cmakeFlags = [
"-G Ninja"
"-D CMAKE_BUILD_TYPE=Release"
"-D USE_NATIVE_ARCH:BOOL=OFF"
"-D USE_OCC:BOOL=ON"
"-D USE_PYTHON:BOOL=ON"
"-D USE_GUI:BOOL=ON"
"-D USE_MPI:BOOL=ON"
"-D USE_SUPERBUILD:BOOL=OFF"
"-D PREFER_SYSTEM_PYBIND11:BOOL=ON"
"-G Ninja"
"-D CMAKE_BUILD_TYPE=Release"
"-D USE_NATIVE_ARCH:BOOL=OFF"
"-D USE_OCC:BOOL=ON"
"-D USE_PYTHON:BOOL=ON"
"-D USE_GUI:BOOL=ON"
"-D USE_MPI:BOOL=ON"
"-D USE_SUPERBUILD:BOOL=OFF"
"-D PREFER_SYSTEM_PYBIND11:BOOL=ON"
];
nativeBuildInputs = with pkgs; [
cmake
ninja
git
(python3.withPackages (ps: with ps; [
pybind11
mpi4py
cmake
ninja
git
(python3.withPackages (ps:
with ps; [
pybind11
mpi4py
]))
];
buildInputs = with pkgs; [
zlib
tcl
tk
mpi
opencascade-occt
libGL
libGLU
xorg.libXmu
metis
zlib
tcl
tk
mpi
opencascade-occt
libGL
libGLU
xorg.libXmu
metis
];
passthru = {
shellHook = with pkgs; ''
export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
'';
shellHook = with pkgs; ''
export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
'';
};
meta = with pkgs.lib; {
homepage = "https://github.com/NGSolve/netgen";
description = "NETGEN is an automatic 3d tetrahedral mesh generator";
license = licenses.lgpl21Only;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
broken = pkgs.stdenv.isDarwin;
homepage = "https://github.com/NGSolve/netgen";
description = "NETGEN is an automatic 3d tetrahedral mesh generator";
license = licenses.lgpl21Only;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin;
};
};
in pkg
};
in
pkg

238
packages/nix-minimal/default.nix
View File

@ -1,136 +1,150 @@
{
pkgs,
lib,
bonlib,
extraPaths ? [],
...
}:
let
nixPath = pkgs.writeText "nixpkgsError" ''_: throw '''
This container doesn't include nixpkgs.
Hint: override the NIX_PATH environment variable with eg:
"NIX_PATH=nixpkgs=channel:nixos-unstable"
''' '';
pkgs,
lib,
bonlib,
extraPaths ? [],
...
}: let
nixPath = pkgs.writeText "nixpkgsError" '' _: throw '''
This container doesn't include nixpkgs.
Hint: override the NIX_PATH environment variable with eg:
"NIX_PATH=nixpkgs=channel:nixos-unstable"
''' '';
builderIds = let forEach = n: if n == 1 then [n] else [n] ++ forEach (n - 1); in forEach 32;
builderIds = let
forEach = n:
if n == 1
then [n]
else [n] ++ forEach (n - 1);
in
forEach 32;
withFakeNss = with pkgs; [
(writeTextDir "etc/passwd" (
builtins.concatStringsSep "\n" (
map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds)
+ "\n" + ''
root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin
''))
withFakeNss = with pkgs; [
(writeTextDir "etc/passwd" (
builtins.concatStringsSep "\n" (
map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds
)
+ "\n"
+ ''
root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin
''
))
(writeTextDir "etc/group" ''
root:x:0:
wheel:x:1:
kmem:x:2:
tty:x:3:
messagebus:x:4:
disk:x:6:
audio:x:17:
floppy:x:18:
uucp:x:19:
lp:x:20:
cdrom:x:24:
tape:x:25:
video:x:26:
dialout:x:27:
utmp:x:29:
adm:x:55:
keys:x:96:
users:x:100:
input:x:174:
nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)}
nogroup:x:65534:
'')
(writeTextDir "etc/group" ''
root:x:0:
wheel:x:1:
kmem:x:2:
tty:x:3:
messagebus:x:4:
disk:x:6:
audio:x:17:
floppy:x:18:
uucp:x:19:
lp:x:20:
cdrom:x:24:
tape:x:25:
video:x:26:
dialout:x:27:
utmp:x:29:
adm:x:55:
keys:x:96:
users:x:100:
input:x:174:
nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)}
nogroup:x:65534:
'')
(writeTextDir "etc/nsswitch.conf" ''
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
(writeTextDir "etc/nsswitch.conf" ''
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
'')
];
ethers: files
services: files
protocols: files
rpc: files
'')
];
withNixConf = with pkgs; [
(writeTextDir "etc/nix/nix.conf" ''
accept-flake-config = true
experimental-features = nix-command flakes
show-trace = true
max-jobs = auto
trusted-users = root
'')
];
in pkgs.dockerTools.buildImageWithNixDb {
withNixConf = with pkgs; [
(writeTextDir "etc/nix/nix.conf" ''
accept-flake-config = true
experimental-features = nix-command flakes
show-trace = true
max-jobs = auto
trusted-users = root
'')
];
in
pkgs.dockerTools.buildImageWithNixDb {
name = "nix-minimal";
tag = "latest";
copyToRoot = pkgs.buildEnv {
name = "image-root";
pathsToLink = [ "/bin" "/etc" ];
paths = with pkgs; [
dockerTools.usrBinEnv
name = "image-root";
pathsToLink = ["/bin" "/etc"];
paths = with pkgs;
[
dockerTools.usrBinEnv
coreutils
bashInteractive
nix
coreutils
bashInteractive
nix
cacert
gnutar
gzip
xz
openssh
((git.override {
perlSupport = false;
pythonSupport = false;
withpcre2 = false;
withManual = false;
}).overrideAttrs (_: { doInstallCheck = false; }))
cacert
gnutar
gzip
xz
openssh
((git.override {
perlSupport = false;
pythonSupport = false;
withpcre2 = false;
withManual = false;
})
.overrideAttrs (_: {doInstallCheck = false;}))
iana-etc
] ++ withFakeNss ++ withNixConf ++ extraPaths;
iana-etc
]
++ withFakeNss
++ withNixConf
++ extraPaths;
};
runAsRoot = with pkgs; ''
#!${runtimeShell}
${dockerTools.shadowSetup}
#!${runtimeShell}
${dockerTools.shadowSetup}
'';
config = {
Cmd = [ "/bin/bash" ];
Env = [
"USER=root"
"PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin"
"PAGER=cat"
"ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh"
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
"NIX_BUILD_SHELL=/bin/bash"
"NIX_PATH=nixpkgs=${nixPath}"
];
Cmd = ["/bin/bash"];
Env = [
"USER=root"
"PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin"
"PAGER=cat"
"ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh"
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
"NIX_BUILD_SHELL=/bin/bash"
"NIX_PATH=nixpkgs=${nixPath}"
];
};
} // {
}
// {
meta = with lib; {
homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire";
description = "Minimal image with a Nix package manager";
longDescription = ''
Minimal docker image with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
platforms = platforms.linux;
license = licenses.lgpl21Plus;
maintainers = with bonlib.maintainers; [ L-Nafaryus ];
homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire";
description = "Minimal image with a Nix package manager";
longDescription = ''
Minimal docker image with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
platforms = platforms.linux;
license = licenses.lgpl21Plus;
maintainers = with bonlib.maintainers; [L-Nafaryus];
};
}
}

59
packages/nix-runner/default.nix
View File

@ -1,34 +1,39 @@
{
pkgs,
lib,
bonpkgs,
bonlib,
extraPaths ? [],
...
pkgs,
lib,
bonpkgs,
bonlib,
extraPaths ? [],
...
}:
pkgs.dockerTools.buildImage {
name = "nix-runner";
tag = "latest";
fromImage = bonpkgs.nix-minimal;
name = "nix-runner";
tag = "latest";
fromImage = bonpkgs.nix-minimal;
copyToRoot = pkgs.buildEnv {
name = "image-root";
pathsToLink = [ "/bin" ];
paths = with pkgs; [
nodejs
jq
cachix
] ++ extraPaths;
};
copyToRoot = pkgs.buildEnv {
name = "image-root";
pathsToLink = ["/bin"];
paths = with pkgs;
[
nodejs
jq
cachix
]
++ extraPaths;
};
config.Cmd = [ "/bin/bash" ];
} // {
meta = bonpkgs.nix-minimal.meta // {
description = "Image for action runners with a Nix package manager";
longDescription = ''
Docker image for action runners with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
config.Cmd = ["/bin/bash"];
}
// {
meta =
bonpkgs.nix-minimal.meta
// {
description = "Image for action runners with a Nix package manager";
longDescription = ''
Docker image for action runners with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
};
}

109
packages/openfoam/default.nix
View File

@ -1,84 +1,87 @@
{
bonfire,
stdenv, lib, pkgs,
version ? "11.20240116",
sha256 ? "sha256-bNWlza3cL/lUrwrVEmPECvKbFkwR2rTMaccsn8amGFQ=", ...
}:
let
version' = lib.strings.splitString "." version;
major = lib.elemAt version' 0;
revision = lib.elemAt version' 1;
realname = "OpenFOAM";
in
let pkg = stdenv.mkDerivation {
bonfire,
stdenv,
lib,
pkgs,
version ? "11.20240116",
sha256 ? "sha256-bNWlza3cL/lUrwrVEmPECvKbFkwR2rTMaccsn8amGFQ=",
...
}: let
version' = lib.strings.splitString "." version;
major = lib.elemAt version' 0;
revision = lib.elemAt version' 1;
realname = "OpenFOAM";
in let
pkg = stdenv.mkDerivation {
pname = "openfoam";
inherit version major;
src = pkgs.fetchFromGitHub {
owner = realname;
repo = "${realname}-${major}";
rev = "${revision}";
sha256 = sha256;
owner = realname;
repo = "${realname}-${major}";
rev = "${revision}";
sha256 = sha256;
};
nativeBuildInputs = with pkgs; [ bash m4 flex bison ];
nativeBuildInputs = with pkgs; [bash m4 flex bison];
buildInputs = with pkgs; [ fftw mpi scotch boost cgal zlib ];
buildInputs = with pkgs; [fftw mpi scotch boost cgal zlib];
postPatch = ''
substituteInPlace etc/bashrc \
--replace '[ "$BASH" -o "$ZSH_NAME" ] && \' '#' \
--replace 'export FOAM_INST_DIR=$(cd $(dirname ${"$"}{BASH_SOURCE:-$0})/../.. && pwd -P) || \' '#' \
--replace 'export FOAM_INST_DIR=$HOME/$WM_PROJECT' '# __inst_dir_placeholder__'
substituteInPlace etc/bashrc \
--replace '[ "$BASH" -o "$ZSH_NAME" ] && \' '#' \
--replace 'export FOAM_INST_DIR=$(cd $(dirname ${"$"}{BASH_SOURCE:-$0})/../.. && pwd -P) || \' '#' \
--replace 'export FOAM_INST_DIR=$HOME/$WM_PROJECT' '# __inst_dir_placeholder__'
patchShebangs Allwmake
patchShebangs etc
patchShebangs wmake
patchShebangs applications
patchShebangs bin
patchShebangs Allwmake
patchShebangs etc
patchShebangs wmake
patchShebangs applications
patchShebangs bin
'';
configurePhase = ''
export FOAM_INST_DIR=$NIX_BUILD_TOP/source
export WM_PROJECT_DIR=$FOAM_INST_DIR/${realname}-${major}
mkdir $WM_PROJECT_DIR
export FOAM_INST_DIR=$NIX_BUILD_TOP/source
export WM_PROJECT_DIR=$FOAM_INST_DIR/${realname}-${major}
mkdir $WM_PROJECT_DIR
mv $(find $FOAM_INST_DIR/ -maxdepth 1 -not -path $WM_PROJECT_DIR -not -path $FOAM_INST_DIR/) \
$WM_PROJECT_DIR/
mv $(find $FOAM_INST_DIR/ -maxdepth 1 -not -path $WM_PROJECT_DIR -not -path $FOAM_INST_DIR/) \
$WM_PROJECT_DIR/
set +e
. $WM_PROJECT_DIR/etc/bashrc
set -e
set +e
. $WM_PROJECT_DIR/etc/bashrc
set -e
'';
buildPhase = ''
sh $WM_PROJECT_DIR/Allwmake -j$CORES
wclean all
wmakeLnIncludeAll
sh $WM_PROJECT_DIR/Allwmake -j$CORES
wclean all
wmakeLnIncludeAll
'';
installPhase = ''
mkdir -p $out/${realname}-${major}
mkdir -p $out/${realname}-${major}
substituteInPlace $WM_PROJECT_DIR/etc/bashrc \
--replace '# __inst_dir_placeholder__' "export FOAM_INST_DIR=$out"
substituteInPlace $WM_PROJECT_DIR/etc/bashrc \
--replace '# __inst_dir_placeholder__' "export FOAM_INST_DIR=$out"
cp -Ra $WM_PROJECT_DIR/* $out/${realname}-${major}
cp -Ra $WM_PROJECT_DIR/* $out/${realname}-${major}
'';
passthru = {
shellHook = ''
. ${pkg}/${realname}-${major}/etc/bashrc
'';
shellHook = ''
. ${pkg}/${realname}-${major}/etc/bashrc
'';
};
meta = with pkgs.lib; {
homepage = "https://www.openfoam.org/";
description = "OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
broken = pkgs.stdenv.isDarwin;
homepage = "https://www.openfoam.org/";
description = "OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = pkgs.stdenv.isDarwin;
};
};
in pkg
};
in
pkg

50
packages/spoofdpi/default.nix
View File

@ -1,33 +1,35 @@
{
bonfire,
lib, pkgs,
version ? "0.8",
hash ? "sha256-kPCdOZl4m7KBb970TjJokXorKfnCvuV5Uq7lFQIh1z8=",
vendorHash ? "sha256-ib9xRklkLfrDCuLf7zDkJE8lJiNiUMPZ01MDxvqho6o=", ...
bonfire,
lib,
pkgs,
version ? "0.8",
hash ? "sha256-kPCdOZl4m7KBb970TjJokXorKfnCvuV5Uq7lFQIh1z8=",
vendorHash ? "sha256-ib9xRklkLfrDCuLf7zDkJE8lJiNiUMPZ01MDxvqho6o=",
...
}:
pkgs.buildGoModule {
pname = "spoofdpi";
inherit version;
pname = "spoofdpi";
inherit version;
src = pkgs.fetchFromGitHub {
owner = "xvzc";
repo = "SpoofDPI";
rev = version;
hash = hash;
};
src = pkgs.fetchFromGitHub {
owner = "xvzc";
repo = "SpoofDPI";
rev = version;
hash = hash;
};
inherit vendorHash;
inherit vendorHash;
doCheck = false;
doCheck = false;
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go";
license = licenses.asl20;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
broken = false;
mainProgram = "spoof-dpi";
};
meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go";
license = licenses.asl20;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
broken = false;
mainProgram = "spoof-dpi";
};
}

134
packages/ultimmc/default.nix
View File

@ -1,75 +1,83 @@
{
bonfire,
lib, stdenv,
fetchFromGitHub, wrapQtAppsHook,
extra-cmake-modules, cmake,
file, jdk17,
copyDesktopItems, makeDesktopItem,
xorg, libpulseaudio, libGL
bonfire,
lib,
stdenv,
fetchFromGitHub,
wrapQtAppsHook,
extra-cmake-modules,
cmake,
file,
jdk17,
copyDesktopItems,
makeDesktopItem,
xorg,
libpulseaudio,
libGL,
}:
stdenv.mkDerivation rec {
version = "faf3c966c43465d6f6c245ed78556222240398ee";
pname = "ultimmc";
version = "faf3c966c43465d6f6c245ed78556222240398ee";
pname = "ultimmc";
src = fetchFromGitHub {
fetchSubmodules = true;
owner = "UltimMC";
repo = "Launcher";
rev = "faf3c966c43465d6f6c245ed78556222240398ee";
sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w=";
};
src = fetchFromGitHub {
fetchSubmodules = true;
owner = "UltimMC";
repo = "Launcher";
rev = "faf3c966c43465d6f6c245ed78556222240398ee";
sha256 = "sha256-/+cYbAzf84PrgzJHUsc3tVU9E+mDMtx5eGEJK9ZBM2w=";
};
nativeBuildInputs = [
wrapQtAppsHook
extra-cmake-modules
cmake
file
jdk17
copyDesktopItems
];
nativeBuildInputs = [
wrapQtAppsHook
extra-cmake-modules
cmake
file
jdk17
copyDesktopItems
];
desktopItems = [
(makeDesktopItem {
name = "ultimmc";
desktopName = "UltimMC";
icon = "ultimmc";
comment = "Cracked Minecraft launcher";
exec = "UltimMC %u";
categories = [ "Game" ];
})
];
desktopItems = [
(makeDesktopItem {
name = "ultimmc";
desktopName = "UltimMC";
icon = "ultimmc";
comment = "Cracked Minecraft launcher";
exec = "UltimMC %u";
categories = ["Game"];
})
];
cmakeFlags = [ "-DLauncher_LAYOUT=lin-nodeps" ];
cmakeFlags = ["-DLauncher_LAYOUT=lin-nodeps"];
# TODO: fix broken data directory location
postInstall = let
libpath = with xorg; lib.makeLibraryPath [
libX11
libXext
libXcursor
libXrandr
libXxf86vm
libpulseaudio
libGL
];
in ''
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg
# TODO: fix broken data directory location
postInstall = let
libpath = with xorg;
lib.makeLibraryPath [
libX11
libXext
libXcursor
libXrandr
libXxf86vm
libpulseaudio
libGL
];
in ''
install -Dm0644 ${src}/notsecrets/logo.svg $out/share/icons/hicolor/scalable/apps/ultimmc.svg
chmod -x $out/bin/*.so
wrapProgram $out/bin/UltimMC \
"''${qtWrapperArgs[@]}" \
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \
--prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \
--add-flags '-d ~/.local/share/ultimmc'
chmod -x $out/bin/*.so
wrapProgram $out/bin/UltimMC \
"''${qtWrapperArgs[@]}" \
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \
--prefix PATH : ${lib.makeBinPath [xorg.xrandr]} \
--add-flags '-d ~/.local/share/ultimmc'
rm $out/UltimMC
'';
rm $out/UltimMC
'';
meta = with lib; {
homepage = "https://github.com/UltimMC/Launcher";
description = "Cracked Minecraft Launcher";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [ L-Nafaryus ];
};
meta = with lib; {
homepage = "https://github.com/UltimMC/Launcher";
description = "Cracked Minecraft Launcher";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with bonfire.lib.maintainers; [L-Nafaryus];
};
}

90
templates/rust/flake.nix
View File

@ -1,52 +1,62 @@
{
description = "Basic rust template";
description = "Basic rust template";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; };
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ { self, nixpkgs, crane, ... }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ];
nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
in {
packages = forAllSystems (system: {
my-crate = let
pkgs = nixpkgsFor.${system};
craneLib = crane.lib.${system};
in craneLib.buildPackage {
src = craneLib.cleanCargoSource (craneLib.path ./.);
strictDeps = true;
outputs = inputs @ {
self,
nixpkgs,
crane,
...
}: let
forAllSystems = nixpkgs.lib.genAttrs ["x86_64-linux"];
nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
in {
packages = forAllSystems (system: {
my-crate = let
pkgs = nixpkgsFor.${system};
craneLib = crane.lib.${system};
in
craneLib.buildPackage {
src = craneLib.cleanCargoSource (craneLib.path ./.);
strictDeps = true;
buildInputs = [];
};
buildInputs = [];
};
default = self.packages.${system}.my-crate;
});
default = self.packages.${system}.my-crate;
});
checks = forAllSystems (system: {
inherit (self.packages.${system}.my-crate);
checks = forAllSystems (system: {
inherit (self.packages.${system}.my-crate);
my-crate-fmt = let craneLib = crane.lib.${system}; in craneLib.cargoFmt {
src = craneLib.cleanCargoSource (craneLib.path ./.);
};
});
my-crate-fmt = let
craneLib = crane.lib.${system};
in
craneLib.cargoFmt {
src = craneLib.cleanCargoSource (craneLib.path ./.);
};
});
apps = forAllSystems (system: {
default = {
type = "app";
program = "${self.packages.${system}.my-crate}/bin/rust-example";
};
});
apps = forAllSystems (system: {
default = {
type = "app";
program = "${self.packages.${system}.my-crate}/bin/rust-example";
};
});
devShells = forAllSystems (system: {
default = crane.lib.${system}.devShell {
checks = self.checks.${system};
packages = [];
};
});
};
devShells = forAllSystems (system: {
default = crane.lib.${system}.devShell {
checks = self.checks.${system};
packages = [];
};
});
};
}