L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 2 Releases Wiki Activity

Compare commits

base: L-Nafaryus:catarina-radio-service
Branches Tags
L-Nafaryus:master
L-Nafaryus:packages-onetagger
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-wezterm
..
compare: L-Nafaryus:master
Branches Tags
L-Nafaryus:master
L-Nafaryus:packages-onetagger
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-wezterm

2 Commits
catarina-r ... master

Author SHA1 Message Date
L-Nafaryus
aa3f2c28e0
new: lib.preconfiguredModules: hyprland, hypridle, hyprlock
All checks were successful
nix / check (push) Successful in 3m38s
Details
2024-09-22 14:36:33 +05:00
L-Nafaryus
ec11cf6a7b
nixosModules.zapret: manage filter lists only in service runtime
Some checks failed
nix / check (push) Failing after 5m4s
Details
2024-09-21 18:30:43 +05:00
12 changed files with 401 additions and 439 deletions
Show Stats Expand all files Collapse all files

2
flake.nix
View File

@ -70,7 +70,7 @@
outputs = {self, ...} @ inputs: let
lib = inputs.nixpkgs.lib;
bonLib = import ./lib {inherit lib;};
bonLib = import ./lib {inherit lib inputs;};
bonModules = self.nixosModules;
# no bonPkgs, it must be defined by appropriate system + skip a possible infinite recursion
in {

19
lib/default.nix
View File

@ -1,4 +1,8 @@
{lib, ...}: rec {
{
lib,
inputs,
...
}: rec {
maintainers = import ./maintainers.nix;
nameFromPath = path:
@ -13,8 +17,21 @@
[
./preconfiguredModules/bonvim.nix
./preconfiguredModules/homeManager
#(import ./preconfiguredModules/bonvim.nix)
#(import ./preconfiguredModules/homeManager {inherit lib inputs;})
]);
injectArgs = moduleArgs: ({
config,
pkgs,
...
}: {
config = {
# extra arguments
_module.args = moduleArgs;
};
});
isBroken = derivation: derivation ? meta && derivation.meta ? broken && derivation.meta.broken;
functionType = lib.types.mkOptionType {

17
lib/preconfiguredModules/homeManager/default.nix
View File

@ -1,3 +1,20 @@
#{
# lib,
# inputs,
# ...
#}:
{
ags = import ./ags;
hyprland = import ./hyprland.nix;
hypridle = import ./hypridle.nix;
hyprlock = import ./hyprlock.nix;
#hyprland =
# (lib.evalModules {
# modules = [
# inputs.home-manager.nixosModules.home-manager
# ./hyprland
# ];
# })
# .config;
}

24
lib/preconfiguredModules/homeManager/hypridle.nix Normal file
View File

@ -0,0 +1,24 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
}

246
lib/preconfiguredModules/homeManager/hyprland.nix Normal file
View File

@ -0,0 +1,246 @@
{
pkgs,
lib,
hmConfig,
...
}: {
imports = [
./ags
./hypridle.nix
./hyprlock.nix
];
home.packages = with pkgs; [
networkmanagerapplet
blueman
wl-clipboard
cliphist
swww
hyprshot
wl-gammarelay-rs
playerctl
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
exec-once = [
"ags &"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
];
env = [
"XCURSOR_SIZE,14"
"HYPRCURSOR_SIZE,14"
"WLR_DRM_NO_ATOMIC,1"
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
"float,class:^(org.wezfurlong.wezterm)$"
"tile,class:^(org.wezfurlong.wezterm)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, X, exec, ags -t clock"
"SUPER, X, exec, ags -t control"
"SUPER, X, exec, ags -t systray"
"SUPER, X, exec, ags -t workspaces"
"SUPER, X, exec, ags -t window-title"
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot --freeze --mode region"
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
}

11
lib/preconfiguredModules/homeManager/hyprlock.nix Normal file
View File

@ -0,0 +1,11 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.hyprlock = {
enable = true;
};
}

282
nixosConfigurations/astora/users.nix
View File

@ -6,7 +6,9 @@
bonLib,
inputs,
...
}: {
}: let
user = "l-nafaryus";
in {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
@ -22,17 +24,21 @@
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
home-manager.users.${user} = {pkgs, ...}: let
hmConfig = config.home-manager.users.${user};
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
})
inputs.catppuccin.homeManagerModules.catppuccin
inputs.ags.homeManagerModules.default
bonLib.preconfiguredModules.homeManager.ags
bonLib.preconfiguredModules.homeManager.hyprland
];
home.packages = with pkgs; [
#gnupg
git
@ -99,27 +105,19 @@
discord
webcord
vesktop
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
mangohud
gamescope
libstrangle
wl-clipboard
cliphist
tree
bonPkgs.bonvim
@ -128,17 +126,6 @@
mpc-cli
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
# Theme
catppuccin = {
# global, for all enabled programs
@ -269,9 +256,6 @@
ncmpcpp.enable = true;
# Graphical
hyprlock = {
enable = true;
};
wezterm = {
enable = true;
@ -355,237 +339,8 @@
#mpdris2 = {
# enable = true;
#};
};
# Graphical
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
exec-once = [
"ags &"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
];
env = [
"XCURSOR_SIZE,16"
"HYPRCURSOR_SIZE,16"
"WLR_DRM_NO_ATOMIC,1"
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
"float,class:^(org.wezfurlong.wezterm)$"
"tile,class:^(org.wezfurlong.wezterm)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, X, exec, ags -t clock"
"SUPER, X, exec, ags -t control"
"SUPER, X, exec, ags -t systray"
"SUPER, X, exec, ags -t workspaces"
"SUPER, X, exec, ags -t window-title"
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot --freeze --mode region"
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
# XDG
xdg = {
@ -641,22 +396,23 @@
services.zapret = {
enable = true;
mode = "tpws";
mode = "nfqws";
firewallType = "iptables";
disableIpv6 = true;
settings = ''
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=0
MODE_QUIC=1
MODE_FILTER=ipset
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
TPWS_OPT="--split-http-req=method --split-pos=1 --oob"
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=7 --dpi-desync-fake-http=0x00000000"
NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake,split2 --dpi-desync-ttl=4"
NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=split2 --dpi-desync-split-pos=1"
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=split2 --dpi-desync-repeats=6"
INIT_APPLY_FW=1
'';
filterAddresses = lib.readFile (pkgs.fetchurl {
url = "https://antifilter.network/download/ipsmart.lst";
hash = "sha256-zLq3rgci/rye1oQp2zbJelPaoN9+jqPebIbxfJ44Qlg=";
});
filterAddressesSource = "https://antifilter.network/download/ipsmart.lst";
};
# TODO: remember who use gvfs

2
nixosConfigurations/catarina/default.nix
View File

@ -281,6 +281,8 @@
fzf
grc
gcc
cachix
gnupg

6
nixosConfigurations/catarina/hardware.nix
View File

@ -150,12 +150,6 @@
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
nat = {
enable = true;
externalInterface = "enp9s0";
internalInterfaces = ["ve-+"];
};
};
services.logind.lidSwitchExternalPower = "ignore";

30
nixosConfigurations/catarina/services/radio.nix
View File

@ -1,30 +1,19 @@
{config, ...}: {
containers.radio-synthwave = {
autoStart = true;
privateNetwork = true;
config = {
config,
pkgs,
lib,
...
}: {
services.mpd = {
enable = true;
musicDirectory = "/home/l-nafaryus/Music";
network.listenAddress = "any";
#network.startWhenNeeded = true;
network.startWhenNeeded = true;
user = "l-nafaryus";
network.port = 6600;
extraConfig = ''
audio_output {
type "httpd"
name "Radio"
port "6660"
port "6666"
bind_to_address "127.0.0.1"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/synthwave"
website "https://radio.elnafo.ru"
always_on "yes"
tags "yes"
bitrate "128"
@ -33,20 +22,11 @@
'';
};
system.stateVersion = "24.05";
networking.firewall = {
enable = true;
allowedTCPPorts = [6600 6660];
};
};
};
services.nginx.virtualHosts."radio.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/synthwave".proxyPass = "http://127.0.0.1:6660";
locations."/synthwave".proxyPass = "http://127.0.0.1:6666";
};
networking.firewall.allowedTCPPorts = [6600];
networking.firewall.allowedTCPPorts = [config.services.mpd.network.port];
}

57
nixosModules/services/zapret.nix
View File

@ -101,14 +101,30 @@ in {
description = "List of addresses to ignore";
};
# TODO: add filter and anti filter options with optional file paths
# TODO ipset hashsize and maxelem
dataDir = mkOption {
type = types.path;
default = "/var/lib/zapret";
description = ''
Directory to store zapret files and antifilter lists.
'';
};
filterAddressesSource = mkOption {
type = types.nullOr types.str;
default = null;
example = ''https://antifilter.network/download/ipsmart.lst'';
description = "Link to external list of addresses to download and use.";
};
# TODO: ipset hashsize and maxelem
};
config = mkIf cfg.enable {
users.users.tpws = {
isSystemUser = true;
group = "tpws";
home = cfg.dataDir;
createHome = true;
};
users.groups.tpws = {};
@ -126,6 +142,8 @@ in {
)
gawk
ipset
wget
curl
];
serviceConfig = {
@ -133,10 +151,11 @@ in {
Restart = "no";
TimeoutSec = "30sec";
IgnoreSIGPIPE = "no";
KillMode = "none";
#KillMode = "none";
GuessMainPID = "no";
RemainAfterExit = "no";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/zapret start";
ExecStop = let
stop_script = pkgs.writeShellScriptBin "zapret-stop" ''
@ -157,37 +176,25 @@ in {
DISABLE_IPV6=${toString cfg.disableIPV6}
''
]);
# hardening
DevicePolicy = "closed";
KeyringMode = "private";
PrivateTmp = true;
PrivateMounts = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ProtectProc = "invisible";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
preStart = let
# zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" (lib.readFile cfg.package.passthru.antifilter.ipsmart));
zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" cfg.filterAddresses);
nozapretListFile = pkgs.writeText "nozapretList" (createFilterList "nozapret" cfg.ignoreAddresses);
zapretListFile = src: pkgs.writeText "zapretList" (createFilterList "zapret" src);
nozapretListFile = src: pkgs.writeText "nozapretList" (createFilterList "nozapret" src);
in ''
${lib.optionalString (cfg.filterAddressesSource != null) "curl -L '${cfg.filterAddressesSource}' -o ${cfg.dataDir}/zapretList && sed -i -e 's/^/add zapret /' '${cfg.dataDir}/zapretList'"}
ipset create zapret hash:net family inet hashsize 262144 maxelem 522288 -!
ipset flush zapret
ipset restore -! < ${zapretListFile}
ipset restore -! < ${
if (cfg.filterAddressesSource != null)
then "${cfg.dataDir}/zapretList"
else (zapretListFile cfg.filterAddresses)
}
ipset create nozapret hash:net family inet hashsize 262144 maxelem 522288 -!
ipset flush nozapret
ipset restore -! < ${nozapretListFile}
ipset restore -! < ${nozapretListFile cfg.ignoreAddresses}
'';
};
};

106
packages/wezterm/default.nix
View File

@ -1,108 +1,16 @@
{
bonLib,
craneLib,
lib,
pkgs,
version ? "2d0c5cddc91a9c59aef9a7667d90924e7cedd0ac",
hash ? "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=",
weztermPkgs,
...
}: let
src = pkgs.fetchFromGitHub {
owner = "wez";
repo = "wezterm";
rev = version;
hash = hash;
fetchSubmodules = true;
};
terminfo =
pkgs.runCommand "wezterm-terminfo"
{
nativeBuildInputs = [pkgs.ncurses];
} ''
mkdir -p $out/share/terminfo $out/nix-support
tic -x -o $out/share/terminfo ${src}/termwiz/data/wezterm.terminfo
'';
pkg = {
}:
weztermPkgs.default.overrideAttrs (old: {
pname = "wezterm";
inherit version;
inherit src;
strictDeps = true;
doCheck = false;
nativeBuildInputs = with pkgs; [
installShellFiles
ncurses # tic for terminfo
pkg-config
python3
];
buildInputs = with pkgs; [
fontconfig
pkgs.zlib
libxkbcommon
openssl
wayland
cairo
xorg.libX11
xorg.libxcb
xorg.xcbutil
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilwm # contains xcb-ewmh among others
];
libPath = lib.makeLibraryPath (with pkgs; [
xorg.xcbutilimage
libGL
vulkan-loader
]);
postPatch = ''
echo ${version} > .tag
# tests are failing with: Unable to exchange encryption keys
# rm -r wezterm-ssh/tests
'';
preFixup = lib.optionalString pkgs.stdenv.isLinux ''
patchelf \
--add-needed "${pkgs.libGL}/lib/libEGL.so.1" \
--add-needed "${pkgs.vulkan-loader}/lib/libvulkan.so.1" \
$out/bin/wezterm-gui
'';
postInstall = ''
mkdir -p $out/nix-support
echo "${terminfo}" >> $out/nix-support/propagated-user-env-packages
install -Dm644 assets/icon/terminal.png $out/share/icons/hicolor/128x128/apps/org.wezfurlong.wezterm.png
install -Dm644 assets/wezterm.desktop $out/share/applications/org.wezfurlong.wezterm.desktop
install -Dm644 assets/wezterm.appdata.xml $out/share/metainfo/org.wezfurlong.wezterm.appdata.xml
install -Dm644 assets/shell-integration/wezterm.sh -t $out/etc/profile.d
installShellCompletion --cmd wezterm \
--bash assets/shell-completion/bash \
--fish assets/shell-completion/fish \
--zsh assets/shell-completion/zsh
install -Dm644 assets/wezterm-nautilus.py -t $out/share/nautilus-python/extensions
'';
meta = with lib; {
meta =
old.meta
// {
homepage = "https://github.com/wez/wezterm";
description = "A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust";
license = lib.licenses.mit;
maintainers = with bonLib.maintainers; [L-Nafaryus];
platforms = platforms.x86_64;
mainProgram = "wezterm";
};
};
in let
cargoArtifacts = craneLib.buildDepsOnly pkg;
in
craneLib.buildPackage (
pkg // {inherit cargoArtifacts;}
)
})