L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 4 Releases Wiki Activity

Compare commits

base: L-Nafaryus:25a4c9af9c47a563aef24fbe4acd98b1a2273a2c
Branches Tags
L-Nafaryus:master
L-Nafaryus:devel
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-onetagger
L-Nafaryus:packages-wezterm
..
compare: L-Nafaryus:aa5ac516dda4a614258411404c74081b42c5a9e3
Branches Tags
L-Nafaryus:devel
L-Nafaryus:master
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-onetagger
L-Nafaryus:packages-wezterm

6 Commits
25a4c9af9c ... aa5ac516dd

Author SHA1 Message Date
L-Nafaryus
aa5ac516dd
new: nixosConfigurations.vinheim
All checks were successful
nix / check (push) Successful in 3m5s
Details
2024-11-28 09:50:53 +05:00
L-Nafaryus
2096fd85e8
flake: update lock 
astora: meet ssh with kde
astora: setup container tools for rootless podman
 2024-11-28 00:18:18 +05:00
L-Nafaryus
4e6b146e9a
astora: virtiofs 2024-11-24 23:08:58 +05:00
L-Nafaryus
3e7c3c7764 fix: catarina: radio 2024-11-07 18:54:15 +05:00
L-Nafaryus
607f815480
fix: catarina: missed nginx entry 2024-11-05 17:19:07 +05:00
L-Nafaryus
cc884b94c4
catarina: new radio station 2024-11-05 17:19:07 +05:00
15 changed files with 908 additions and 126 deletions
Show Stats Expand all files Collapse all files

7
devShells/bonfire.nix
View File

@ -1,9 +1,14 @@
{pkgs, ...}:
{
pkgs,
drift,
...
}:
pkgs.mkShellNoCC {
packages = with pkgs; [
sops
mkpasswd
jq
cachix
drift
];
}

2
devShells/default.nix
View File

@ -18,6 +18,8 @@ in
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
drift = self.inputs.drift.packages.${system}.drift;
};
in {
default = import ./bonfire.nix environment;

316
flake.lock generated
View File

@ -3,11 +3,11 @@
"advisory-db": {
"flake": false,
"locked": {
"lastModified": 1728429239,
"narHash": "sha256-k1KRRgmfKNhO9eU55FMkkzkneqAlwz5oLC5NSiEfGxs=",
"lastModified": 1732530460,
"narHash": "sha256-1SceEHyFdHnoWE/AnoDZRu/9+Ift3Oc1+iQzmbP7OBU=",
"owner": "rustsec",
"repo": "advisory-db",
"rev": "acb7ce45817b13dd34cb32540ff18be4e1f3ba09",
"rev": "4676c5529dd5319b9962e42bf984797f0dd57f5b",
"type": "github"
},
"original": {
@ -18,17 +18,17 @@
},
"ags": {
"inputs": {
"astal": "astal",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
]
},
"locked": {
"lastModified": 1728326430,
"narHash": "sha256-tV1ABHuA1HItMdCTuNdA8fMB+qw7LpjvI945VwMSABI=",
"lastModified": 1732307740,
"narHash": "sha256-ZDsYdZOtg5qkK/wfLLB83B3SI+fE32S+/6Ey0ggHODM=",
"owner": "Aylur",
"repo": "ags",
"rev": "60180a184cfb32b61a1d871c058b31a3b9b0743d",
"rev": "81159966eb8b39b66c3efc133982fd76920c9605",
"type": "github"
},
"original": {
@ -37,6 +37,27 @@
"type": "github"
}
},
"astal": {
"inputs": {
"nixpkgs": [
"ags",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731952585,
"narHash": "sha256-Sh1E7sJd8JJM3PCU1ZOei/QWz97OLCENIi2rTRoaniw=",
"owner": "aylur",
"repo": "astal",
"rev": "664c7a4ddfcf48c6e8accd3c33bb94424b0e8609",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "astal",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -55,11 +76,11 @@
},
"catppuccin": {
"locked": {
"lastModified": 1730458408,
"narHash": "sha256-JQ+SphQn13bdibKUrBBBznYehXX4xJrxD1ifBp6vSWw=",
"lastModified": 1732703064,
"narHash": "sha256-n8XOmn0WGtQhAMJKTnhL/3ttV2ZahPRf6gtlqZ6R4QE=",
"owner": "catppuccin",
"repo": "nix",
"rev": "191fbf2d81a63fad8f62f1233c0051f09b75d0ad",
"rev": "2e2bdecf0bae287d74947cd5cf967c5c499c23c1",
"type": "github"
},
"original": {
@ -70,11 +91,11 @@
},
"crane": {
"locked": {
"lastModified": 1730504891,
"narHash": "sha256-Fvieht4pai+Wey7terllZAKOj0YsaDP0e88NYs3K/Lo=",
"lastModified": 1732407143,
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
"owner": "ipetkov",
"repo": "crane",
"rev": "8658adcdad49b8f2c6cbf0cc3cb4b4db988f7638",
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
"type": "github"
},
"original": {
@ -85,11 +106,11 @@
},
"crane_2": {
"locked": {
"lastModified": 1728344376,
"narHash": "sha256-lxTce2XE6mfJH8Zk6yBbqsbu9/jpwdymbSH5cCbiVOA=",
"lastModified": 1732407143,
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
"owner": "ipetkov",
"repo": "crane",
"rev": "fd86b78f5f35f712c72147427b1eb81a9bd55d0b",
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
"type": "github"
},
"original": {
@ -108,11 +129,11 @@
"pyproject-nix": "pyproject-nix"
},
"locked": {
"lastModified": 1728499310,
"narHash": "sha256-6qa+IU6PaQa/swQ9wRn4J1pFprundzruJiV0aTDou/Q=",
"lastModified": 1732214960,
"narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "586ff3bb752711bbf6d54475295f0da98ead5ee4",
"rev": "a8dac99db44307fdecead13a39c584b97812d0d4",
"type": "github"
},
"original": {
@ -121,6 +142,28 @@
"type": "github"
}
},
"drift": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"snowfall-lib": "snowfall-lib",
"unstable": "unstable"
},
"locked": {
"lastModified": 1716675566,
"narHash": "sha256-H1f5LI1pKogcv+S4pjHjGWwC4286wuQxfjp9Poc+sTg=",
"owner": "snowfallorg",
"repo": "drift",
"rev": "b0c929d645040abb01d5faff63e07caade0ce8e4",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "drift",
"type": "github"
}
},
"elnafo-radio": {
"inputs": {
"advisory-db": "advisory-db",
@ -133,11 +176,11 @@
]
},
"locked": {
"lastModified": 1728643944,
"narHash": "sha256-LRlsDN/0aqEDlM0cHM5mW1FVBepvTBEsWPYijOqpTWM=",
"lastModified": 1732734795,
"narHash": "sha256-xDR8ZF9S/igtu51ZQ68w7WdKp0IGzmZSF7hLtezALPY=",
"ref": "refs/heads/master",
"rev": "c707ca5a360242bf0ae27dd14f8c58b8624a00e5",
"revCount": 13,
"rev": "e3b05ea5e209b268bca1f9ebcb30096c5aebcf0a",
"revCount": 14,
"type": "git",
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
},
@ -157,11 +200,11 @@
]
},
"locked": {
"lastModified": 1728542061,
"narHash": "sha256-2YAnVU67qimQGO71rCBWcv7RrRK5gYgysXe3NVomuwQ=",
"lastModified": 1732689334,
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
"owner": "nix-community",
"repo": "fenix",
"rev": "b135535125e24270dddddc8cfab455533492e4ad",
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
"type": "github"
},
"original": {
@ -178,11 +221,11 @@
"rust-analyzer-src": []
},
"locked": {
"lastModified": 1730529264,
"narHash": "sha256-5gC0y6cKXKQvumK4jOhKyjVsYqQ7EOcWKNtKB8UiP74=",
"lastModified": 1732689334,
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
"owner": "nix-community",
"repo": "fenix",
"rev": "fff718e230e40b8202d7be6223c13492bb0010a8",
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
"type": "github"
},
"original": {
@ -194,11 +237,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
@ -223,6 +266,22 @@
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -231,11 +290,11 @@
]
},
"locked": {
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
@ -246,14 +305,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -262,16 +321,53 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@ -321,11 +417,11 @@
]
},
"locked": {
"lastModified": 1730490306,
"narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
"lastModified": 1732482255,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1743615b61c7285976f85b303a36cdf88a556503",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
"type": "github"
},
"original": {
@ -348,16 +444,16 @@
]
},
"locked": {
"lastModified": 1729544999,
"narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=",
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "65c207c92befec93e22086da9456d3906a4e999c",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.5",
"ref": "v0.0.6",
"repo": "ixx",
"type": "github"
}
@ -412,7 +508,7 @@
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
@ -434,11 +530,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"lastModified": 1732521221,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github"
},
"original": {
@ -463,22 +559,6 @@
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1729973466,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1719223410,
@ -510,11 +590,11 @@
"treefmt-nix": []
},
"locked": {
"lastModified": 1730499477,
"narHash": "sha256-olt0Sx4alDxv3ko9BgbV3SsE2KQ/Tf0/Az1Fr9s2Y6U=",
"lastModified": 1732726573,
"narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "356896f58dde22ee16481b7c954e340dceec340d",
"rev": "fc9178d124eba824f1862513314d351784e1a84c",
"type": "github"
},
"original": {
@ -525,7 +605,7 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
@ -533,11 +613,11 @@
]
},
"locked": {
"lastModified": 1730337772,
"narHash": "sha256-uTxvqDohfG85+zldO5Tf1B+fuAF8ZhMouNwG5S6OAnA=",
"lastModified": 1731936508,
"narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
"owner": "NuschtOS",
"repo": "search",
"rev": "4e0a7a95a3df3333771abc4df6a656e7baf67106",
"rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
"type": "github"
},
"original": {
@ -589,7 +669,7 @@
},
"purescript-overlay": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"elnafo-radio",
"dream2nix",
@ -598,11 +678,11 @@
"slimlock": "slimlock"
},
"locked": {
"lastModified": 1724504251,
"narHash": "sha256-TIw+sac0NX0FeAneud+sQZT+ql1G/WEb7/Vb436rUXM=",
"lastModified": 1728546539,
"narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=",
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"rev": "988b09676c2a0e6a46dfa3589aa6763c90476b8a",
"rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4",
"type": "github"
},
"original": {
@ -633,6 +713,7 @@
"ags": "ags",
"catppuccin": "catppuccin",
"crane": "crane",
"drift": "drift",
"elnafo-radio": "elnafo-radio",
"fenix": "fenix_2",
"home-manager": "home-manager",
@ -654,11 +735,11 @@
]
},
"locked": {
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"lastModified": 1729477859,
"narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1",
"type": "github"
},
"original": {
@ -690,19 +771,42 @@
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"drift",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716675292,
"narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "5d6e9f235735393c28e1145bec919610b172a20f",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"ref": "v3.0.2",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
]
},
"locked": {
"lastModified": 1729999681,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"lastModified": 1732575825,
"narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
"type": "github"
},
"original": {
@ -713,16 +817,16 @@
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
@ -756,9 +860,25 @@
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
@ -770,11 +890,11 @@
},
"locked": {
"dir": "nix",
"lastModified": 1730443872,
"narHash": "sha256-dQG+9b/EUn+UWDjDSsje19hn3DxiDOzSGmIwsSGdqDA=",
"lastModified": 1732036472,
"narHash": "sha256-8lv1bc7Lw5S7UFOduShwSHfBzB4Vl0ex22Cb+q/qLi0=",
"owner": "wez",
"repo": "wezterm",
"rev": "0983ae90d6dfb45c5f99058e97de73a70ca9dd36",
"rev": "4050072da21cc3106d0985281d75978c07e22abc",
"type": "github"
},
"original": {

4
flake.nix
View File

@ -70,6 +70,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nix-std.url = "github:chessai/nix-std";
drift = {
url = "github:snowfallorg/drift";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {self, ...} @ inputs: let

9
nixosConfigurations/astora/default.nix
View File

@ -91,6 +91,8 @@
'';
};
services.cockpit.enable = true;
#services.blueman.enable = true;
services.btrfs.autoScrub = {
@ -118,10 +120,9 @@
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
test-share = {
source = "/home/l-nafaryus/vms/shared";
target = "/mnt/shared";
libvirtd = {
enable = true;
qemu.vhostUserPackages = with pkgs; [virtiofsd];
};
};
}

2
nixosConfigurations/astora/hardware.nix
View File

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}: {
# Boot
@ -48,6 +49,7 @@
networkmanager = {
enable = true;
enableStrongSwan = true;
plugins = with pkgs; [networkmanager-l2tp];
};
};
}

21
nixosConfigurations/astora/users.nix
View File

@ -18,6 +18,9 @@ in {
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
];
};
home-manager.useGlobalPkgs = true;
@ -117,8 +120,14 @@ in {
flacon
picard
podman-desktop
virtiofsd
docker-compose
podman-compose
dive
lazydocker
ksshaskpass
# virtiofsd
];
xdg.portal = {
@ -372,6 +381,7 @@ in {
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
@ -441,4 +451,11 @@ in {
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
programs.ssh = {
enableAskPassword = true;
askPassword = "${lib.getExe' pkgs.ksshaskpass "ksshaskpass"}";
hostKeyAlgorithms = ["ssh-ed25519" "ssh-rsa"];
startAgent = true;
};
}

89
nixosConfigurations/catarina/services/radio.nix
View File

@ -1,17 +1,19 @@
{config, ...}: {
containers = {
containers = let
bindMounts = {
"/var/lib/music" = {
hostPath = "/media/storage/audio/library";
isReadOnly = true;
};
};
in {
radio-synthwave = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
bindMounts = {
"/var/lib/music" = {
hostPath = "/home/l-nafaryus/Music";
isReadOnly = true;
};
};
inherit bindMounts;
config = {
config,
@ -57,12 +59,7 @@
hostAddress = "10.231.136.1";
localAddress = "10.231.136.3";
bindMounts = {
"/var/lib/music" = {
hostPath = "/home/l-nafaryus/Music";
isReadOnly = true;
};
};
inherit bindMounts;
config = {
config,
@ -101,6 +98,52 @@
};
};
};
radio-hell-gates = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.4";
inherit bindMounts;
config = {
config,
pkgs,
lib,
...
}: {
services.mpd = {
enable = true;
musicDirectory = "/var/lib/music";
network.listenAddress = "any";
#network.startWhenNeeded = true;
user = "mpd";
network.port = 6602;
extraConfig = ''
audio_output {
type "httpd"
name "Radio"
port "6662"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/hell-gates"
always_on "yes"
tags "yes"
bitrate "128"
format "44100:16:1"
}
'';
};
system.stateVersion = "24.05";
networking.firewall = {
enable = true;
allowedTCPPorts = [6602 6662];
};
};
};
};
services.elnafo-radio = {
@ -118,7 +161,7 @@
{
id = "synthwave";
name = "Synthwave";
host = "10.231.136.2";
host = config.containers.radio-synthwave.localAddress;
port = 6600;
url = "https://radio.elnafo.ru/synthwave";
status = "Receive";
@ -127,21 +170,31 @@
{
id = "non-stop-pop";
name = "Non-Stop-Pop";
host = "10.231.136.3";
host = config.containers.radio-non-stop-pop.localAddress;
port = 6601;
url = "https://radio.elnafo.ru/non-stop-pop";
status = "Online";
location = "Los Santos";
genre = "pop, r&b, dance music";
}
{
id = "hell-gates";
name = "Hell Gates";
host = config.containers.radio-hell-gates.localAddress;
port = 6602;
url = "https://radio.elnafo.ru/hell-gates";
status = "Receive";
genre = "melodic death metal, death metal, metalcore";
}
];
};
services.nginx.virtualHosts."radio.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:54605";
locations."/synthwave".proxyPass = "http://10.231.136.2:6660";
locations."/non-stop-pop".proxyPass = "http://10.231.136.3:6661";
locations."/".proxyPass = "http://${config.services.elnafo-radio.server.address}:${toString config.services.elnafo-radio.server.port}";
locations."/synthwave".proxyPass = "http://${config.containers.radio-synthwave.localAddress}:6660";
locations."/non-stop-pop".proxyPass = "http://${config.containers.radio-non-stop-pop.localAddress}:6661";
locations."/hell-gates".proxyPass = "http://${config.containers.radio-hell-gates.localAddress}:6662";
};
}

14
nixosConfigurations/default.nix
View File

@ -31,4 +31,18 @@
];
specialArgs = {bonPkgs = self.packages.x86_64-linux;};
};
vinheim = lib.nixosSystem {
system = "x86_64-linux";
modules = with inputs; [
home-manager.nixosModules.home-manager
./vinheim
];
specialArgs = {
inherit inputs bonLib;
bonPkgs = self.packages.x86_64-linux;
};
};
}

135
nixosConfigurations/vinheim/default.nix Normal file
View File

@ -0,0 +1,135 @@
{
pkgs,
lib,
config,
bonLib,
...
}: {
system.stateVersion = "23.11";
imports = [
./hardware.nix
./users.nix
];
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
};
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.dbus = {
enable = true;
packages = with pkgs; [networkmanager];
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.extraConfig = ''
Host catarina
HostName 77.242.105.50
Port 22
User l-nafaryus
'';
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
};
# Base packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
btop
git
git-lfs
lazygit
nnn
fzf
ripgrep
fd
unzip
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
grc
gnupg
pass
bat
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
}

121
nixosConfigurations/vinheim/hardware.nix Normal file
View File

@ -0,0 +1,121 @@
{
config,
lib,
pkgs,
...
}: {
# Boot
boot = {
loader.grub = {
enable = true;
device = "/dev/nvme0n1";
useOSProber = true;
};
initrd = {
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
kernelParams = ["threadirqs"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 1;
"net.ipv4.conf.wlo1.accept_source_route" = 1;
"net.ipv6.conf.all.accept_source_route" = 1;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [];
services.fstrim.enable = true;
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
polkit.enable = true;
};
# Hardware etc
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics.enable = true;
graphics.enable32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
networking = {
networkmanager = {
enable = true;
enableStrongSwan = true;
packages = with pkgs; [
networkmanager-l2tp
];
};
hostName = "nixos";
extraHosts = ''192.168.130.211 gitlab'';
};
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

270
nixosConfigurations/vinheim/users.nix Normal file
View File

@ -0,0 +1,270 @@
{
config,
pkgs,
lib,
bonPkgs,
bonLib,
inputs,
...
}: let
user = "l-nafaryus";
in {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark" "podman"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.${user} = {pkgs, ...}: let
hmConfig = config.home-manager.users.${user};
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
})
inputs.catppuccin.homeManagerModules.catppuccin
inputs.ags.homeManagerModules.default
];
home.packages = with pkgs; [
taskwarrior3
gparted
firefox
thunderbird
qpwgraph
lutris
wine
winetricks
gamemode
inkscape
imagemagick
yt-dlp
ffmpeg
qbittorrent
telegram-desktop
onlyoffice-bin
# btop
lua
# bat
tree
bonPkgs.bonvim
kdePackages.kmail
kdePackages.kmail-account-wizard
lazydocker
docker-compose
podman-compose
dive
ksshaskpass
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
# Theme
catppuccin = {
# global, for all enabled programs
enable = true;
flavor = "macchiato";
accent = "green";
};
programs = {
# General
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins;
map (p: {
name = p.pname;
src = p.src;
}) [
fzf-fish
tide
grc
hydro
];
functions = {
fish-theme-configure = ''
tide configure \
--auto \
--style=Lean \
--prompt_colors='True color' \
--show_time='12-hour format' \
--lean_prompt_height='Two lines' \
--prompt_connection=Disconnected \
--prompt_spacing=Compact \
--icons='Many icons' \
--transient=No
'';
};
};
git = {
enable = true;
lfs.enable = true;
userName = "L-Nafaryus";
userEmail = "l.nafaryus@gmail.com";
signing = {
key = "86F1EA98B48FFB19";
signByDefault = true;
};
extraConfig = {
# ignore trends
init.defaultBranch = "master";
core = {
quotePath = false;
commitGraph = true;
whitespace = "trailing-space";
};
receive.advertisePushOptions = true;
gc.writeCommitGraph = true;
diff.submodule = "log";
};
aliases = {
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
settings = {
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
};
# TODO: replace existing ssh key with gpg provided
};
nnn = {
enable = true;
package = pkgs.nnn.override {withNerdIcons = true;};
bookmarks = {
d = "~/Downloads";
p = "~/projects";
i = "~/Pictures";
m = "~/Music";
v = "~/Videos";
};
plugins = {
src = "${hmConfig.programs.nnn.finalPackage}/share/plugins";
mappings = {
# TODO: add used programs for previews with FIFO support
p = "preview-tui";
};
};
};
ncmpcpp.enable = true;
# Graphical
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
};
mpv = {
enable = true;
};
};
services = {
# General
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-qt;
enableFishIntegration = true;
enableBashIntegration = true;
};
ssh-agent.enable = true;
};
# XDG
xdg = {
enable = true;
mime.enable = true;
userDirs.enable = true;
};
# dconf
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
programs.virt-manager.enable = true;
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
};
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
}

10
packages/cargo-shuttle/default.nix
View File

@ -30,6 +30,16 @@
zlib
];
passthru = {
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/shuttle-hq/shuttle/tags?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].name" | ${pkgs.gnused}/bin/sed 's/^v//')"
drift rewrite --auto-hash --new-version "$latest"
'';
};
meta = with lib; {
description = "A cargo command for the shuttle platform";
license = licenses.asl20;

23
packages/netgen/default.nix
View File

@ -2,8 +2,9 @@
bonLib,
stdenv,
pkgs,
version ? "6.2.2404",
version ? "6.2.2405",
sha256 ? "sha256-SZPZT49BqUzssPcOo/5yAkjqAHDErC86xCUFL88Iew4=",
lib,
...
}:
stdenv.mkDerivation {
@ -61,6 +62,26 @@ stdenv.mkDerivation {
export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
'';
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
new_version=$(${lib.getExe pkgs.curl} -s "https://api.github.com/repos/NGSolve/netgen/tags?per_page=1" | ${lib.getExe pkgs.jq} -r ".[0].name")
new_hash=$(nix flake prefetch --json https://github.com/NGSolve/netgen/archive/refs/tags/$new_version.tar.gz | ${lib.getExe pkgs.jq} -r ".hash")
old_version=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.version")
old_hash=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.outputHash")
nixpath=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.meta.position")
relpath=$(echo $nixpath | ${lib.getExe pkgs.ripgrep} "\/nix\/store\/[\w\d]{32}-[^\/]+/" -r "" | ${lib.getExe pkgs.ripgrep} "[:\d]" -r "")
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_version/$new_version/g"
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_hash/$new_hash/g"
content=$(${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
content=$(echo $content | ${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
echo $content > $relpath
# TODO: убрать все кавычки
'';
};
meta = with pkgs.lib; {

11
packages/spoofdpi/default.nix
View File

@ -4,7 +4,6 @@
pkgs,
version ? "v0.10.0",
hash ? "sha256-e6TPklWp5rvNypnI0VHqOjzZhkYsZcp+jkXUlYxMBlU=",
vendorHash ? "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=",
...
}:
pkgs.buildGoModule {
@ -18,12 +17,20 @@ pkgs.buildGoModule {
hash = hash;
};
inherit vendorHash;
vendorHash = "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=";
doCheck = false;
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
passthru.update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/xvzc/SpoofDPI/releases?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].tag_name" | ${pkgs.gnused}/bin/sed 's/^v//')"
drift rewrite --auto-hash --new-version "$latest"
'';
meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go";