L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 4 Releases Wiki Activity

Compare commits

base: L-Nafaryus:master
Branches Tags
L-Nafaryus:master
L-Nafaryus:devel
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-onetagger
L-Nafaryus:packages-wezterm
..
compare: L-Nafaryus:catarina-radio-service
Branches Tags
L-Nafaryus:devel
L-Nafaryus:master
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-onetagger
L-Nafaryus:packages-wezterm

No commits in common. "master" and "catarina-radio-service" have entirely different histories.
master ... catarina-r

48 changed files with 985 additions and 3048 deletions
Show Stats Expand all files Collapse all files

7
devShells/bonfire.nix
View File

@ -1,14 +1,9 @@
{
pkgs,
drift,
...
}:
{pkgs, ...}:
pkgs.mkShellNoCC {
packages = with pkgs; [
sops
mkpasswd
jq
cachix
drift
];
}

4
devShells/default.nix
View File

@ -18,8 +18,6 @@ in
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
drift = self.inputs.drift.packages.${system}.drift;
};
in {
default = import ./bonfire.nix environment;
@ -32,6 +30,4 @@ in
rust-x11 = import ./rust-x11.nix environment;
go = import ./go.nix environment;
python-uv = import ./python-uv.nix environment;
})

8
devShells/python-uv.nix
View File

@ -1,8 +0,0 @@
{pkgs, ...}:
pkgs.mkShellNoCC {
packages = with pkgs; [
uv
curl
jq
];
}

619
flake.lock generated
View File

@ -1,34 +1,18 @@
{
"nodes": {
"advisory-db": {
"flake": false,
"locked": {
"lastModified": 1732819720,
"narHash": "sha256-6H7mKBKw3VErpGcCGEamBYJsopvqqdFmJhl8slfCtOQ=",
"owner": "rustsec",
"repo": "advisory-db",
"rev": "9dc4a0bb102451e3c71e1b639068aec5a3e1f5f3",
"type": "github"
},
"original": {
"owner": "rustsec",
"repo": "advisory-db",
"type": "github"
}
},
"ags": {
"inputs": {
"astal": "astal",
"nixpkgs": [
"nixpkgs"
]
],
"systems": "systems"
},
"locked": {
"lastModified": 1738087375,
"narHash": "sha256-GLyNtU9A2VN22jNRHZ2OXuFfTJLh8uEVVt+ftsKUX0c=",
"lastModified": 1725841979,
"narHash": "sha256-SXYqzpHPuXFR6w/cUKo3VN8XRn6XA2mGbdRXs9oLk6k=",
"owner": "Aylur",
"repo": "ags",
"rev": "a6a7a0adb17740f4c34a59902701870d46fbb6a4",
"rev": "aaef50bb2c80ef4b4a359329d72669a95e7c4796",
"type": "github"
},
"original": {
@ -37,27 +21,6 @@
"type": "github"
}
},
"astal": {
"inputs": {
"nixpkgs": [
"ags",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737670815,
"narHash": "sha256-ZCxxshGN7XooabArcoGkYSNx5yVunqjKJi2aTv6cznI=",
"owner": "aylur",
"repo": "astal",
"rev": "127e9cdcbf173846a3c40ddc0abfbb038df48042",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "astal",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -75,15 +38,12 @@
}
},
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1739934729,
"narHash": "sha256-PcrLk10meIJICzUJqtCMOJxoITzbH52fZg2XAB7SSsM=",
"lastModified": 1725509983,
"narHash": "sha256-NHCgHVqumPraFJnLrkanoLDuhOoUHUvRhvp/RIHJR+A=",
"owner": "catppuccin",
"repo": "nix",
"rev": "b1ff2a638afa827f1473498190a2c1cae1cf41cf",
"rev": "45745fe5960acaefef2b60f3455bcac6a0ca6bc9",
"type": "github"
},
"original": {
@ -94,11 +54,11 @@
},
"crane": {
"locked": {
"lastModified": 1741148495,
"narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
"lastModified": 1725409566,
"narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
"rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
"type": "github"
},
"original": {
@ -107,114 +67,7 @@
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1733016477,
"narHash": "sha256-Hh0khbqBeCtiNS0SJgqdWrQDem9WlPEc2KF5pAY+st0=",
"owner": "ipetkov",
"repo": "crane",
"rev": "76d64e779e2fbaf172110038492343a8c4e29b55",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"dream2nix": {
"inputs": {
"nixpkgs": [
"elnafo-radio",
"nixpkgs"
],
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
"locked": {
"lastModified": 1732214960,
"narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "a8dac99db44307fdecead13a39c584b97812d0d4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"drift": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"snowfall-lib": "snowfall-lib",
"unstable": "unstable"
},
"locked": {
"lastModified": 1716675566,
"narHash": "sha256-H1f5LI1pKogcv+S4pjHjGWwC4286wuQxfjp9Poc+sTg=",
"owner": "snowfallorg",
"repo": "drift",
"rev": "b0c929d645040abb01d5faff63e07caade0ce8e4",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "drift",
"type": "github"
}
},
"elnafo-radio": {
"inputs": {
"advisory-db": "advisory-db",
"crane": "crane_2",
"dream2nix": "dream2nix",
"fenix": "fenix",
"nix-std": "nix-std",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1733067025,
"narHash": "sha256-1XfNB3aSfZnMv5waPdbu8tI7rici7m51UqS4mfK7ARc=",
"ref": "refs/heads/master",
"rev": "f6d50c99a7320dd695e7b4ada4b9b361c2e9407b",
"revCount": 15,
"type": "git",
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
},
"original": {
"type": "git",
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"elnafo-radio",
"nixpkgs"
],
"rust-analyzer-src": [
"elnafo-radio"
]
},
"locked": {
"lastModified": 1732689334,
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
"owner": "nix-community",
"repo": "fenix",
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"fenix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -222,11 +75,11 @@
"rust-analyzer-src": []
},
"locked": {
"lastModified": 1741243019,
"narHash": "sha256-lFSPV4W5/oqztMPLlabt3f4jQy12Kw/TSUbDQKY/+bw=",
"lastModified": 1726813972,
"narHash": "sha256-t6turZgoSAVgj7hn5mxzNlLOeVeZvymFo8+ymB52q34=",
"owner": "nix-community",
"repo": "fenix",
"rev": "576638b227e5f465993588309d5dce9f112a9c28",
"rev": "251caeafc75b710282ee7e375800f75f4c8c5727",
"type": "github"
},
"original": {
@ -236,38 +89,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -291,11 +112,11 @@
]
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
@ -306,14 +127,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -322,53 +143,16 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -380,33 +164,33 @@
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1723459814,
"narHash": "sha256-4l90lDtpgm5xlh2m7ifrqNy373DTRTULRkAzicrM93c=",
"owner": "freetype",
"repo": "freetype",
"rev": "42608f77f20749dd6ddc9e0536788eaad70ea4b5",
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "freetype",
"ref": "VER-2-13-3",
"repo": "freetype",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1719502711,
"narHash": "sha256-2ieCf3ftNk851FZBDPVl+7QHWBqD729KiUxUyxi26Yg=",
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "9c03576c49db6e7207d9bcdfe3abd170a809157f",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "9.0.0",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
@ -418,11 +202,11 @@
]
},
"locked": {
"lastModified": 1741217763,
"narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=",
"lastModified": 1726825546,
"narHash": "sha256-HiBzfzgqojA9OjPB+vdi2o+gy4Zw/MEipuGopgGsZEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da",
"rev": "0b052dd8119005c6ba819db48bcc657e48f401b7",
"type": "github"
},
"original": {
@ -431,96 +215,38 @@
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"repo": "ixx",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1726173884,
"narHash": "sha256-gBfHgGaqVYdmhWXoNKZzPyGzyw2rr3zp+DjWmfC41jk=",
"owner": "pnggroup",
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "f5e92d76973a7a53f517579bc95d61483bf108c0",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "pnggroup",
"ref": "v1.6.44",
"owner": "glennrp",
"repo": "libpng",
"type": "github"
}
},
"nix-std": {
"locked": {
"lastModified": 1710870712,
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
"owner": "chessai",
"repo": "nix-std",
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"type": "github"
}
},
"nix-std_2": {
"locked": {
"lastModified": 1710870712,
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
"owner": "chessai",
"repo": "nix-std",
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-24_11": "nixpkgs-24_11"
"nixpkgs-24_05": "nixpkgs-24_05"
},
"locked": {
"lastModified": 1740437053,
"narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
"lastModified": 1722877200,
"narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
"type": "gitlab"
},
"original": {
@ -531,68 +257,52 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"owner": "NixOS",
"lastModified": 1726755586,
"narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-24_11": {
"nixpkgs-24_05": {
"locked": {
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731604181,
"narHash": "sha256-uVtsFX1KpvDiDe1adeUkTK2YesWw1exgQ0nDMTfmJi0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c46290747b2aaf090f48a478270feb858837bf11",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c46290747b2aaf090f48a478270feb858837bf11",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1741173522,
"narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1719223410,
"narHash": "sha256-jtIo8xR0Zp4SalIwmD+OdCwHF4l7OU6PD63UUK4ckt4=",
@ -610,18 +320,24 @@
},
"nixvim": {
"inputs": {
"devshell": [],
"flake-compat": [],
"flake-parts": "flake-parts",
"git-hooks": [],
"home-manager": [],
"nix-darwin": [],
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch"
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": []
},
"locked": {
"lastModified": 1741098523,
"narHash": "sha256-gXDSXDr6tAb+JgxGMvcEjKC9YO8tVOd8hMMZHJLyQ6Q=",
"lastModified": 1726846628,
"narHash": "sha256-0CH44sEwiljiN2q7eIFCvabyUm1WeEiF8ofP/z5ca0Q=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "03065fd4708bfdf47dd541d655392a60daa25ded",
"rev": "3211ce356be612ae89a38c60799992bde8a47127",
"type": "github"
},
"original": {
@ -632,19 +348,18 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1738508923,
"narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=",
"lastModified": 1726816132,
"narHash": "sha256-AbB0lgc0IbzLIxj1O3cosiMNAVQak4KJtvq9q8MjHhs=",
"owner": "NuschtOS",
"repo": "search",
"rev": "86e2038290859006e05ca7201425ea5b5de4aecb",
"rev": "7733a39a1321057172d87e6251ded7cdeb67171e",
"type": "github"
},
"original": {
@ -655,7 +370,7 @@
},
"obs-image-reaction": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1719314544,
@ -694,59 +409,15 @@
"type": "github"
}
},
"purescript-overlay": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"elnafo-radio",
"dream2nix",
"nixpkgs"
],
"slimlock": "slimlock"
},
"locked": {
"lastModified": 1728546539,
"narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=",
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"type": "github"
}
},
"pyproject-nix": {
"flake": false,
"locked": {
"lastModified": 1702448246,
"narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=",
"owner": "davhau",
"repo": "pyproject.nix",
"rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb",
"type": "github"
},
"original": {
"owner": "davhau",
"ref": "dream2nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"ags": "ags",
"catppuccin": "catppuccin",
"crane": "crane",
"drift": "drift",
"elnafo-radio": "elnafo-radio",
"fenix": "fenix_2",
"fenix": "fenix",
"home-manager": "home-manager",
"nix-std": "nix-std_2",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"obs-image-reaction": "obs-image-reaction",
"oscuro": "oscuro",
@ -762,11 +433,11 @@
]
},
"locked": {
"lastModified": 1735871325,
"narHash": "sha256-6Ta5E4mhSfCP6LdkzkG2+BciLOCPeLKuYTJ6lOHW+mI=",
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a599f011db521766cbaf7c2f5874182485554f00",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github"
},
"original": {
@ -775,65 +446,19 @@
"type": "github"
}
},
"slimlock": {
"inputs": {
"nixpkgs": [
"elnafo-radio",
"dream2nix",
"purescript-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688756706,
"narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=",
"owner": "thomashoneyman",
"repo": "slimlock",
"rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "slimlock",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"drift",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716675292,
"narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "5d6e9f235735393c28e1145bec919610b172a20f",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"ref": "v3.0.2",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1741043164,
"narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
"lastModified": 1726524647,
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github"
},
"original": {
@ -844,16 +469,16 @@
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"repo": "default-linux",
"type": "github"
}
},
@ -887,25 +512,9 @@
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
@ -917,11 +526,11 @@
},
"locked": {
"dir": "nix",
"lastModified": 1740857660,
"narHash": "sha256-fm/EVyg2soItlrRHSLyYUilcT2kCWxuj8KP7pN6SGXA=",
"lastModified": 1726842683,
"narHash": "sha256-n0k/znwnDGF3CNB2GhX9NfGg02mhxOzRTMmWr2EUxFs=",
"owner": "wez",
"repo": "wezterm",
"rev": "7d0bff0698813c9feeba91a342cd6df94aa34630",
"rev": "abfc0b4c3aa2d6f99c76b20c4d7bdb6d0603ac80",
"type": "github"
},
"original": {
@ -934,16 +543,16 @@
"zlib": {
"flake": false,
"locked": {
"lastModified": 1705948357,
"narHash": "sha256-TkPLWSN5QcPlL9D0kc/yhH0/puE9bFND24aj5NVDKYs=",
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.3.1",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}

20
flake.nix
View File

@ -48,6 +48,13 @@
url = "github:nix-community/nixvim";
inputs = {
nixpkgs.follows = "nixpkgs";
devshell.follows = "";
flake-compat.follows = "";
git-hooks.follows = "";
home-manager.follows = "";
nix-darwin.follows = "";
treefmt-nix.follows = "";
};
};
ags = {
@ -58,20 +65,12 @@
url = "github:wez/wezterm?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
elnafo-radio = {
url = "git+https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio";
};
nix-std.url = "github:chessai/nix-std";
drift = {
url = "github:snowfallorg/drift";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {self, ...} @ inputs: let
lib = inputs.nixpkgs.lib;
bonLib = import ./lib {inherit lib inputs;};
bonLib = import ./lib {inherit lib;};
bonModules = self.nixosModules;
# no bonPkgs, it must be defined by appropriate system + skip a possible infinite recursion
in {
@ -87,7 +86,8 @@
nixosConfigurations = import ./nixosConfigurations {inherit lib inputs bonModules bonLib self;};
hydraJobs = {
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value && !bonLib.isInsecure value && !bonLib.isUnfree value) self.packages;
# filter broken packages ?
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value) self.packages;
};
templates = {

25
lib/default.nix
View File

@ -1,8 +1,4 @@
{
lib,
inputs,
...
}: rec {
{lib, ...}: rec {
maintainers = import ./maintainers.nix;
nameFromPath = path:
@ -17,25 +13,9 @@
[
./preconfiguredModules/bonvim.nix
./preconfiguredModules/homeManager
./preconfiguredModules/nixos
#(import ./preconfiguredModules/bonvim.nix)
#(import ./preconfiguredModules/homeManager {inherit lib inputs;})
]);
injectArgs = moduleArgs: ({
config,
pkgs,
...
}: {
config = {
# extra arguments
_module.args = moduleArgs;
};
});
isBroken = derivation: derivation ? meta && derivation.meta ? broken && derivation.meta.broken;
isInsecure = derivation: derivation ? meta && derivation.meta ? insecure && derivation.meta.insecure;
isUnfree = derivation: derivation ? meta && derivation.meta ? unfree && derivation.meta.unfree;
functionType = lib.types.mkOptionType {
name = "function";
@ -115,7 +95,4 @@
packagesList;
in
lib.mapAttrs (name: value: lib.mergeAttrsList value) (lib.zipAttrs evaluatedPackages);
# external
inherit (inputs.nix-std.lib.serde) toTOML;
}

122
lib/preconfiguredModules/bonvim.nix
View File

@ -51,8 +51,6 @@
pumblend = 10;
pumheight = 10;
autochdir = false;
};
globals = {
@ -73,7 +71,7 @@
settings.system_clipboard.sync_with_ring = true;
};
plugins.web-devicons.enable = true;
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
diagnostics = {
underline = true;
@ -95,39 +93,36 @@
};
# Theme
colorschemes = {
gruvbox.enable = true;
catppuccin = {
enable = false;
settings = {
flavour = "macchiato";
no_bold = false;
no_italic = false;
no_underline = false;
integrations = {
cmp = true;
notify = true;
gitsigns = true;
neotree = true;
which_key = true;
illuminate = {
enabled = true;
colorschemes.catppuccin = {
enable = true;
settings = {
flavour = "macchiato";
no_bold = false;
no_italic = false;
no_underline = false;
integrations = {
cmp = true;
notify = true;
gitsigns = true;
neotree = true;
which_key = true;
illuminate = {
enabled = true;
};
treesitter = true;
telescope.enabled = true;
indent_blankline.enabled = true;
mini.enabled = true;
native_lsp = {
enabled = true;
inlay_hints = {
background = true;
};
treesitter = true;
telescope.enabled = true;
indent_blankline.enabled = true;
mini.enabled = true;
native_lsp = {
enabled = true;
inlay_hints = {
background = true;
};
underlines = {
errors = ["undercurl"];
hints = ["undercurl"];
information = ["undercurl"];
warnings = ["undercurl"];
};
underlines = {
errors = ["undercurl"];
hints = ["undercurl"];
information = ["undercurl"];
warnings = ["undercurl"];
};
};
};
@ -137,16 +132,12 @@
# File tree
plugins.neo-tree = {
enable = true;
enableDiagnostics = true;
enableGitStatus = true;
filesystem = {
useLibuvFileWatcher = true;
filteredItems = {
hideDotfiles = false;
hideGitignored = false;
};
followCurrentFile.leaveDirsOpen = true;
cwdTarget.current = null;
};
defaultComponentConfigs = {
indent = {
@ -161,15 +152,13 @@
# UI
plugins.noice = {
enable = true;
settings = {
lsp.override = {
"cmp.entry.get_documentation" = true;
"vim.lsp.util.convert_input_to_markdown_lines" = true;
"vim.lsp.util.stylize_markdown" = true;
};
presets = {
long_message_to_split = true;
};
lsp.override = {
"cmp.entry.get_documentation" = true;
"vim.lsp.util.convert_input_to_markdown_lines" = true;
"vim.lsp.util.stylize_markdown" = true;
};
presets = {
long_message_to_split = true;
};
};
@ -375,24 +364,22 @@
];
};
cmake.enable = true;
nil_ls.enable = true;
pyright.enable = true;
ruff.enable = true;
nil-ls.enable = true;
# pylyzer.enable = true; # not working with virtual environments currently :(
#pylsp = {
# enable = true; # https://github.com/nix-community/nixvim/pull/1893
# settings.plugins = {
# pyflakes.enabled = true;
# black.enabled = true;
# };
#};
rust_analyzer = {
pylsp = {
enable = true; # https://github.com/nix-community/nixvim/pull/1893
settings.plugins = {
pyflakes.enabled = true;
black.enabled = true;
};
};
rust-analyzer = {
enable = true;
package = rust-analyzer;
cargoPackage = cargo;
rustcPackage = rustc;
installCargo = false;
installRustc = false;
installCargo = true;
installRustc = true;
settings = {
checkOnSave = true;
check.command = "clippy";
@ -406,7 +393,6 @@
volar.enable = true;
tailwindcss.enable = true;
marksman.enable = true;
nushell.enable = true;
};
};
};
@ -718,18 +704,6 @@
action = "<cmd>Neotree toggle<cr>";
options = {desc = "Open/Close Neotree";};
}
{
mode = "n";
key = "<leader>E";
action = "<cmd>Neotree reveal<cr>";
options = {desc = "Open/Close Neotree (cwd)";};
}
{
mode = "n";
key = "<leader>R";
action = "<cmd>Spectre<cr>";
options = {desc = "Replace Spectre";};
}
{
mode = "n";
key = "<leader>gg";

3
lib/preconfiguredModules/homeManager/default.nix
View File

@ -1,6 +1,3 @@
{
ags = import ./ags;
hyprland = import ./hyprland.nix;
hypridle = import ./hypridle.nix;
hyprlock = import ./hyprlock.nix;
}

24
lib/preconfiguredModules/homeManager/hypridle.nix
View File

@ -1,24 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
}

245
lib/preconfiguredModules/homeManager/hyprland.nix
View File

@ -1,245 +0,0 @@
{
pkgs,
lib,
hmConfig,
...
}: {
imports = [
./ags
./hypridle.nix
./hyprlock.nix
];
home.packages = with pkgs; [
networkmanagerapplet
blueman
wl-clipboard
cliphist
swww
hyprshot
wl-gammarelay-rs
playerctl
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
exec-once = [
"ags &"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
];
env = [
"XCURSOR_SIZE,14"
"HYPRCURSOR_SIZE,14"
"WLR_DRM_NO_ATOMIC,1"
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
"float,class:^(org.wezfurlong.wezterm)$"
"tile,class:^(org.wezfurlong.wezterm)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, X, exec, ags -t clock"
"SUPER, X, exec, ags -t control"
"SUPER, X, exec, ags -t systray"
"SUPER, X, exec, ags -t workspaces"
"SUPER, X, exec, ags -t window-title"
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot --freeze --mode region"
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
}

11
lib/preconfiguredModules/homeManager/hyprlock.nix
View File

@ -1,11 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.hyprlock = {
enable = true;
};
}

237
lib/preconfiguredModules/nixos/common.nix
View File

@ -1,237 +0,0 @@
{
lib,
config,
pkgs,
...
}: {
# Nix settings
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
# Boot and kernel options
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["tcp_bbr" "coretemp" "nct6775"];
kernelParams = ["threadirqs"];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 1;
"net.ipv4.conf.wlo1.accept_source_route" = 1;
"net.ipv6.conf.all.accept_source_route" = 1;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
# Security
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
polkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
};
# Hardware
hardware = {
enableRedistributableFirmware = true;
};
# Timezone and locale
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
# Base packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
btop
git
git-lfs
lazygit
nnn
fzf
ripgrep
fd
unzip
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
grc
gnupg
pass
bat
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
}

5
lib/preconfiguredModules/nixos/default.nix
View File

@ -1,5 +0,0 @@
{
common = import ./common.nix;
hyprland = import ./hyprland.nix;
hyprland-greetd = import ./hyprland-greetd.nix;
}

33
lib/preconfiguredModules/nixos/hyprland-greetd.nix
View File

@ -1,33 +0,0 @@
{
pkgs,
lib,
config,
...
}:
lib.mkIf config.programs.hyprland.enable {
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
}

6
lib/preconfiguredModules/nixos/hyprland.nix
View File

@ -1,6 +0,0 @@
{...}: {
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
}

20
lib/preconfiguredModules/pack/hyprland.nix
View File

@ -1,20 +0,0 @@
{
inputs,
hmConfig,
username,
bonLib,
...
}: {
imports = [
../nixos/hyprland.nix
../nixos/hyprland-greetd.nix
];
home-manager.users.${username} = {...}: {
imports = [
(bonLib.injectArgs {inherit hmConfig;})
inputs.ags.homeManagerModules.default
../homeManager/hyprland.nix
];
};
}

137
nixosConfigurations/astora/default.nix
View File

@ -2,21 +2,35 @@
pkgs,
lib,
config,
bonLib,
...
}: {
system.stateVersion = "23.11";
imports = [
bonLib.preconfiguredModules.nixos.common
./hardware.nix
./users.nix
];
imports = [./hardware.nix ./users.nix];
# Nix settings
nix.settings = {
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Nix packages
@ -43,21 +57,54 @@
videoDrivers = ["nvidia"];
#displayManager.gdm = {
# enable = true;
# autoSuspend = false;
# wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm = {
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
wayland.enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
services.dbus = {
programs.regreet = {
enable = true;
packages = with pkgs; [networkmanager];
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing = {
enable = true;
drivers = [pkgs.hplip];
@ -85,15 +132,14 @@
};
services.udev = {
packages = with pkgs; [gnome.gnome-settings-daemon];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.cockpit.enable = true;
#services.blueman.enable = true;
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
@ -101,6 +147,49 @@
fileSystems = ["/"];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
@ -113,6 +202,13 @@
User l-nafaryus
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerdfonts];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
@ -120,9 +216,6 @@
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd = {
enable = true;
qemu.vhostUserPackages = with pkgs; [virtiofsd];
};
libvirtd.enable = true;
};
}

195
nixosConfigurations/astora/hardware.nix
View File

@ -1,19 +1,148 @@
{
config,
lib,
pkgs,
...
}: {
# Boot
boot = {
kernelModules = ["kvm-amd"];
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
'';
kernelParams = ["threadirqs"];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
# Security
security = {
protectKernelImage = true;
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
polkit.enable = true;
};
users.users.root.initialPassword = "nixos";
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
@ -27,10 +156,16 @@
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.nvidiaSettings = true;
@ -41,15 +176,61 @@
graphics.enable32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
services.pulseaudio.enable = false;
networking = {
networkmanager = {
networkmanager.enable = true;
networkmanager.unmanaged = ["interface-name:ve-*"];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
enableStrongSwan = true;
plugins = with pkgs; [networkmanager-l2tp];
allowedTCPPorts = [80 443];
trustedInterfaces = ["ve-+"];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = ["ve-+"];
};
interfaces.wlo1.ipv4.addresses = [
{
address = "192.168.156.101";
prefixLength = 24;
}
];
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

403
nixosConfigurations/astora/users.nix
View File

@ -6,50 +6,40 @@
bonLib,
inputs,
...
}: let
user = "l-nafaryus";
in {
}: {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark" "adbusers"];
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.nushell;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
];
shell = pkgs.fish;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.${user} = {pkgs, ...}: let
hmConfig = config.home-manager.users.${user};
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
inherit inputs;
})
inputs.catppuccin.homeManagerModules.catppuccin
inputs.ags.homeManagerModules.default
#bonLib.preconfiguredModules.homeManager.hyprland
../common/hm/helix.nix
../common/hm/nushell.nix
../common/hm/zellij.nix
../common/hm/wezterm.nix
../common/hm/yazi.nix
bonLib.preconfiguredModules.homeManager.ags
];
home.packages = with pkgs; [
#gnupg
git
#nnn
pass
taskwarrior3
#tmux
gparted
@ -103,48 +93,46 @@ in {
jdk
bonPkgs.ultimmc
liberation_ttf
steamtinkerlaunch
#dunst
#libnotify
discord
webcord
vesktop
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
mangohud
gamescope
libstrangle
wl-clipboard
cliphist
tree
bonPkgs.bonvim
freenect
mpc-cli
kdePackages.kmail
kdePackages.kmail-account-wizard
kdePackages.krdc
kdePackages.ksshaskpass
flacon
picard
docker-compose
podman-compose
dive
lazydocker
# virtiofsd
wl-clipboard
ripgrep
repgrep
delta
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
@ -154,11 +142,27 @@ in {
# Theme
catppuccin = {
# global, for all enabled programs
enable = false;
enable = true;
flavor = "macchiato";
accent = "green";
};
gtk = {
enable = true;
# TODO: fix catppuccin deprecation. Provide Paper icons to gtk and gnomeShell manually. (+ regreet)
catppuccin = {
enable = true;
accent = "green";
flavor = "macchiato";
gnomeShellTheme = true;
icon = {
enable = true;
accent = "green";
flavor = "macchiato";
};
};
};
programs = {
# General
fish = {
@ -240,9 +244,6 @@ in {
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
settings = {
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
};
# TODO: replace existing ssh key with gpg provided
};
@ -268,9 +269,35 @@ in {
ncmpcpp.enable = true;
# Graphical
hyprlock = {
enable = true;
};
wezterm = {
enable = true;
package = inputs.wezterm.packages.x86_64-linux.default;
extraConfig = ''
return {
color_scheme = "Catppuccin Macchiato",
default_prog = { "fish" },
font_size = 10.0,
enable_tab_bar = true,
hide_tab_bar_if_only_one_tab = true,
term = "wezterm",
window_padding = {
left = 0,
right = 0,
top = 0,
bottom = 0
},
-- ISSUE: the terminal does not update after some time of use. It only updates with mouse movements. [Wayland, Hyprland]
enable_wayland = false
}
'';
};
rofi = {
enable = false;
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.wezterm.package}";
cycle = true;
@ -315,7 +342,7 @@ in {
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-qt;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
@ -328,8 +355,237 @@ in {
#mpdris2 = {
# enable = true;
#};
# Graphical
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
exec-once = [
"ags &"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
];
env = [
"XCURSOR_SIZE,16"
"HYPRCURSOR_SIZE,16"
"WLR_DRM_NO_ATOMIC,1"
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
"float,class:^(org.wezfurlong.wezterm)$"
"tile,class:^(org.wezfurlong.wezterm)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, X, exec, ags -t clock"
"SUPER, X, exec, ags -t control"
"SUPER, X, exec, ags -t systray"
"SUPER, X, exec, ags -t workspaces"
"SUPER, X, exec, ags -t window-title"
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot --freeze --mode region"
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
# Graphical
# XDG
xdg = {
@ -348,7 +604,6 @@ in {
home.sessionVariables = {
HYPRSHOT_DIR = "${hmConfig.xdg.userDirs.pictures}/screenshots";
GNUPGHOME = hmConfig.programs.gpg.homedir;
};
};
@ -370,7 +625,6 @@ in {
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
@ -387,23 +641,22 @@ in {
services.zapret = {
enable = true;
mode = "nfqws";
mode = "tpws";
firewallType = "iptables";
disableIpv6 = true;
settings = ''
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=1
MODE_QUIC=0
MODE_FILTER=ipset
TPWS_OPT="--split-http-req=method --split-pos=1 --oob"
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=3"
NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=3"
NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=fake --dpi-desync-ttl=3"
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-ttl=5"
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
INIT_APPLY_FW=1
'';
filterAddressesSource = "https://antifilter.network/download/ipsmart.lst";
filterAddresses = lib.readFile (pkgs.fetchurl {
url = "https://antifilter.network/download/ipsmart.lst";
hash = "sha256-zLq3rgci/rye1oQp2zbJelPaoN9+jqPebIbxfJ44Qlg=";
});
};
# TODO: remember who use gvfs
@ -428,32 +681,4 @@ in {
# User-id must match above user. MPD will look inside this directory for the PipeWire socket.
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.l-nafaryus.uid}";
};
programs.kdeconnect = {
enable = true;
package = lib.mkForce pkgs.kdePackages.kdeconnect-kde;
};
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerd-fonts.jetbrains-mono liberation_ttf];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
programs.ssh = {
enableAskPassword = true;
askPassword = "${lib.getExe' pkgs.kdePackages.ksshaskpass "ksshaskpass"}";
hostKeyAlgorithms = ["ssh-ed25519" "ssh-rsa"];
startAgent = true;
};
programs.adb.enable = true;
services.udev.packages = [pkgs.android-udev-rules];
services.ollama = {
enable = true;
acceleration = "cuda";
};
}

28
nixosConfigurations/catarina/default.nix
View File

@ -13,8 +13,6 @@
# ./services/papermc.nix # disabled
./services/gitea.nix
./services/radio.nix
./services/matrix.nix
./services/metrics.nix
];
# Nix settings
@ -54,10 +52,6 @@
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
overlays = [
(final: prev: {lego = bonPkgs.lego;})
];
};
# Services
@ -105,7 +99,7 @@
certs = {
"elnafo.ru" = {
extraDomainNames = ["*.elnafo.ru"];
dnsProvider = "timewebcloud";
dnsProvider = "webnames";
credentialsFile = config.sops.secrets."dns".path;
webroot = null;
};
@ -129,26 +123,6 @@
forceSSL = true;
enableACME = true;
root = "/var/www";
listen = [
{
port = 8448;
addr = "0.0.0.0";
ssl = true;
}
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
];
locations."~ ^/(_matrix|.well_known)" = {
proxyPass = "http://127.0.0.1:6167";
extraConfig = ''
proxy_http_version 1.0;
client_max_body_size 50M;
'';
};
};
"*.elnafo.ru" = {

4
nixosConfigurations/catarina/hardware.nix
View File

@ -123,9 +123,9 @@
cpu.intel.updateMicrocode = true;
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
pulseaudio.enable = false;
};
networking = {
networkmanager.enable = true;

4
nixosConfigurations/catarina/services/gitea.nix
View File

@ -55,10 +55,6 @@
indexer = {
REPO_INDEXER_ENABLED = true;
};
metrics = {
ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;

102
nixosConfigurations/catarina/services/matrix.nix
View File

@ -1,102 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
services.conduit = {
enable = true;
settings.global = {
allow_registration = true;
server_name = "elnafo.ru";
address = "127.0.0.1";
database_backend = "sqlite";
well_known.client = "https://matrix.elnafo.ru";
well_known.server = "matrix.elnafo.ru:443";
turn_uris = ["turn:elnafo.ru?transport=udp" "turn:elnafo.ru?transport=tcp"];
};
turn_secret_file = config.sops.secrets.turn-secret.path;
};
services.nginx = {
virtualHosts."matrix.elnafo.ru" = {
forceSSL = true;
http2 = true;
useACMEHost = "elnafo.ru";
locations."/" = {
proxyPass = "http://127.0.0.1:6167";
extraConfig = ''
proxy_http_version 1.0;
client_max_body_size 50M;
'';
};
};
virtualHosts."element.elnafo.ru" = {
forceSSL = true;
http2 = true;
useACMEHost = "elnafo.ru";
root = pkgs.element-web.override {
conf = {
default_theme = "dark";
default_server_name = "https://matrix.elnafo.ru";
brand = "Elnafo Matrix";
permalink_prefix = "https://element.elnafo.ru";
};
};
};
# Federation tester: https://federationtester.matrix.org/#elnafo.ru
virtualHosts."matrix-federation" = {
serverName = "elnafo.ru";
forceSSL = true;
useACMEHost = "elnafo.ru";
listen = [
{
port = 8448;
addr = "0.0.0.0";
ssl = true;
}
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
];
locations."~ ^/(_matrix|.well_known)" = {
proxyPass = "http://127.0.0.1:6167";
extraConfig = ''
proxy_http_version 1.0;
client_max_body_size 50M;
'';
};
};
};
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret-file = config.sops.secrets.coturn-secret.path;
realm = "elnafo.ru";
cert = "${config.security.acme.certs."elnafo.ru".directory}/full.pem";
pkey = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
no-multicast-peers
'';
};
networking.firewall = {
allowedUDPPortRanges = lib.singleton {
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
};
allowedUDPPorts = [3478 5349];
allowedTCPPorts = [8448 3478 5349];
};
}

123
nixosConfigurations/catarina/services/metrics.nix
View File

@ -1,123 +0,0 @@
{
config,
pkgs,
...
}: {
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.elnafo.ru";
http_port = 2342;
http_addr = "127.0.0.1";
};
};
services.prometheus = {
enable = true;
port = 9090;
globalConfig.scrape_interval = "10s"; # "1m"
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 9092;
};
};
scrapeConfigs = [
{
job_name = "catarina";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
}
];
}
];
};
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
};
common = {
ring = {
instance_addr = "127.0.0.1";
kvstore = {
store = "inmemory";
};
};
replication_factor = 1;
path_prefix = "/tmp/loki";
};
schema_config = {
configs = [
{
from = "2020-05-15";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
filesystem = {
directory = "/tmp/loki/chunks";
};
};
};
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3101;
grpc_listen_port = 0;
};
clients = [
{
url = "http://127.0.0.1:3100/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "catarina";
};
};
relabel_configs = [
{
source_labels = [
"__journal__systemd_unit"
];
target_label = "unit";
}
];
}
];
};
};
services.nginx = {
virtualHosts."grafana.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
};
}

122
nixosConfigurations/catarina/services/radio.nix
View File

@ -1,19 +1,17 @@
{config, ...}: {
containers = let
bindMounts = {
"/var/lib/music" = {
hostPath = "/media/storage/audio/library";
isReadOnly = true;
};
};
in {
containers = {
radio-synthwave = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
inherit bindMounts;
bindMounts = {
"/var/lib/music" = {
hostPath = "/home/l-nafaryus/Music";
isReadOnly = true;
};
};
config = {
config,
@ -53,13 +51,18 @@
};
};
radio-non-stop-pop = {
radio-non-stop = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.3";
inherit bindMounts;
bindMounts = {
"/var/lib/music" = {
hostPath = "/home/l-nafaryus/Music";
isReadOnly = true;
};
};
config = {
config,
@ -81,7 +84,7 @@
port "6661"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/non-stop-pop"
website "https://radio.elnafo.ru/non-stop"
always_on "yes"
tags "yes"
bitrate "128"
@ -98,103 +101,12 @@
};
};
};
radio-hell-gates = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.4";
inherit bindMounts;
config = {
config,
pkgs,
lib,
...
}: {
services.mpd = {
enable = true;
musicDirectory = "/var/lib/music";
network.listenAddress = "any";
#network.startWhenNeeded = true;
user = "mpd";
network.port = 6602;
extraConfig = ''
audio_output {
type "httpd"
name "Radio"
port "6662"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/hell-gates"
always_on "yes"
tags "yes"
bitrate "128"
format "44100:16:1"
}
'';
};
system.stateVersion = "24.05";
networking.firewall = {
enable = true;
allowedTCPPorts = [6602 6662];
};
};
};
};
services.elnafo-radio = {
enable = true;
base = {
title = "// Elnafo Radio //";
meta = [
["author" "L-Nafaryus"]
["discord" "https://discord.gg/ZWUChw5wzm"]
["git" "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"]
["matrix" "https://matrix.to/#/#elnafo:elnafo.ru"]
];
};
stations = [
{
id = "synthwave";
name = "Synthwave";
host = config.containers.radio-synthwave.localAddress;
port = 6600;
url = "https://radio.elnafo.ru/synthwave";
status = "Receive";
genre = "synthwave, dark synthwave";
}
{
id = "non-stop-pop";
name = "Non-Stop-Pop";
host = config.containers.radio-non-stop-pop.localAddress;
port = 6601;
url = "https://radio.elnafo.ru/non-stop-pop";
status = "Online";
location = "Los Santos";
genre = "pop, r&b, dance music";
}
{
id = "hell-gates";
name = "Hell Gates";
host = config.containers.radio-hell-gates.localAddress;
port = 6602;
url = "https://radio.elnafo.ru/hell-gates";
status = "Receive";
genre = "melodic death metal, death metal, metalcore";
}
];
};
services.nginx.virtualHosts."radio.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://${config.services.elnafo-radio.server.address}:${toString config.services.elnafo-radio.server.port}";
locations."/synthwave".proxyPass = "http://${config.containers.radio-synthwave.localAddress}:6660";
locations."/non-stop-pop".proxyPass = "http://${config.containers.radio-non-stop-pop.localAddress}:6661";
locations."/hell-gates".proxyPass = "http://${config.containers.radio-hell-gates.localAddress}:6662";
locations."/synthwave".proxyPass = "http://10.231.136.2:6660";
locations."/non-stop".proxyPass = "http://10.231.136.3:6661";
};
}

33
nixosConfigurations/catarina/users.nix
View File

@ -1,16 +1,8 @@
{
config,
pkgs,
lib,
bonPkgs,
bonLib,
inputs,
...
}: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
# Users
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path;
@ -20,36 +12,13 @@
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel"];
group = "users";
shell = pkgs.nushell;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS nafaryus"
];
};
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
inherit inputs;
})
../common/hm/helix.nix
../common/hm/nushell.nix
../common/hm/zellij.nix
../common/hm/yazi.nix
];
home.packages = with pkgs; [
ripgrep
repgrep
];
};
users.users.nginx.extraGroups = ["acme" "papermc"];
users.users.kirill = {

72
nixosConfigurations/common/hm/helix.nix
View File

@ -1,72 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.helix = {
enable = true;
extraPackages = with pkgs; [wl-clipboard pyright ruff alejandra];
settings = {
theme = "gruvbox";
editor.cursor-shape = {
normal = "block";
insert = "bar";
select = "underline";
};
};
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter.command = "alejandra";
}
{
name = "python";
language-id = "python";
roots = ["pyproject.toml" "setup.py" "poetry.lock" "uv.lock" "pdm.lock"];
language-servers = ["ruff" "pyright"];
auto-format = true;
formatter = {
command = "ruff";
args = ["format" "-"];
};
file-types = ["py"];
comment-token = "#";
shebangs = ["python"];
}
];
language-server = {
pyright = {
command = "pyright-langserver";
args = ["--stdio"];
config.python.analysis = {
venvPath = ".";
venv = ".venv";
lint = true;
inlayHint.enable = true;
autoSearchPaths = true;
diagnosticMode = "workspace";
useLibraryCodeForType = true;
logLevel = "Error";
typeCheckingMode = "off";
autoImoprtCompletion = true;
reportOptionalSubscript = false;
reportOptionalMemberAccess = false;
};
};
ruff = {
command = "ruff";
args = ["server"];
environment = {RUFF_TRACE = "messages";};
};
};
};
};
}

81
nixosConfigurations/common/hm/nushell.nix
View File

@ -1,81 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.nushell = {
enable = true;
# The config.nu can be anywhere you want if you like to edit your Nushell with Nu
#configFile.source = ./.../config.nu;
# for editing directly to config.nu
extraConfig = ''
let carapace_completer = {|spans|
carapace $spans.0 nushell ...$spans | from json
}
$env.config = {
show_banner: false,
completions: {
case_sensitive: false # case-sensitive completions
quick: true # set to false to prevent auto-selecting completions
partial: true # set to false to prevent partial filling of the prompt
algorithm: "fuzzy"
external: {
enable: true
max_results: 100
completer: $carapace_completer
}
}
}
'';
environmentVariables = {
GNUPGHOME = hmConfig.programs.gpg.homedir;
SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
EDITOR = "${lib.getExe' hmConfig.programs.helix.package "hx"}";
};
};
# completion
programs.carapace = {
enable = true;
enableNushellIntegration = true;
enableBashIntegration = true;
};
# prompt
programs.starship = {
enable = true;
enableNushellIntegration = true;
enableBashIntegration = true;
settings = {
add_newline = true;
format = ''
$all $fill $time
$character
'';
fill = {
symbol = " ";
};
line_break = {
disabled = true;
};
directory = {
truncate_to_repo = false;
};
time = {
disabled = false;
use_12hr = true;
};
character = {
success_symbol = "[](bold green)";
error_symbol = "[](bold red)";
};
nix_shell = {
symbol = " ";
heuristic = true;
};
};
};
}

47
nixosConfigurations/common/hm/wezterm.nix
View File

@ -1,47 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
inputs,
...
}: {
programs.wezterm = {
enable = true;
package = inputs.wezterm.packages.x86_64-linux.default;
extraConfig = ''
return {
default_prog = { "nu" },
font_size = 10.0,
enable_tab_bar = true,
hide_tab_bar_if_only_one_tab = true,
term = "wezterm",
window_padding = {
left = 0,
right = 0,
top = 0,
bottom = 0
},
enable_wayland = false,
color_scheme = "gruvbox-dark",
color_schemes = {
["gruvbox-dark"] = {
foreground = "#D4BE98",
background = "#282828",
cursor_bg = "#D4BE98",
cursor_border = "#D4BE98",
cursor_fg = "#282828",
selection_bg = "#D4BE98",
selection_fg = "#45403d",
ansi = { "#282828", "#ea6962", "#a9b665", "#d8a657", "#7daea3", "#d3869b", "#89b482", "#d4be98" },
brights = { "#eddeb5", "#ea6962", "#a9b665", "#d8a657", "#7daea3", "#d3869b", "#89b482", "#d4be98" }
}
},
keys = {
{ key = 'F11', action = wezterm.action.ToggleFullScreen }
}
}
'';
};
}

13
nixosConfigurations/common/hm/yazi.nix
View File

@ -1,13 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.yazi = {
enable = true;
enableNushellIntegration = true;
enableBashIntegration = true;
};
}

17
nixosConfigurations/common/hm/zellij.nix
View File

@ -1,17 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.zellij = {
enable = true;
settings = {
theme = "gruvbox-dark";
default_mode = "normal";
copy_command = "${lib.getExe' pkgs.wl-clipboard "wl-copy"}";
copy_clipboard = "primary";
};
};
}

21
nixosConfigurations/default.nix
View File

@ -22,8 +22,6 @@
catarina = lib.nixosSystem {
system = "x86_64-linux";
modules = with inputs; [
home-manager.nixosModules.home-manager
elnafo-radio.nixosModules.elnafo-radio
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
@ -32,23 +30,4 @@
];
specialArgs = {bonPkgs = self.packages.x86_64-linux;};
};
vinheim = lib.nixosSystem {
system = "x86_64-linux";
modules = with inputs; [
home-manager.nixosModules.home-manager
./vinheim
];
specialArgs = {
inherit inputs bonLib;
bonPkgs = self.packages.x86_64-linux;
};
};
priscilla = lib.nixosSystem {
system = "x86_64-linux";
modules = [
./priscilla
];
};
}

103
nixosConfigurations/priscilla/default.nix
View File

@ -1,103 +0,0 @@
{
modulesPath,
config,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
system.build.qcow2 = import "${modulesPath}/../lib/make-disk-image.nix" {
inherit lib config pkgs;
diskSize = 10240;
format = "qcow2";
partitionTableType = "hybrid";
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
boot = {
loader.grub.enable = lib.mkForce true;
loader.grub.device = lib.mkDefault "/dev/vda";
loader.timeout = lib.mkForce 0;
kernelParams = ["console=tty1" "console=ttyS0,115200"];
};
networking = {
useDHCP = true;
firewall.enable = true;
};
services = {
qemuGuest = {
enable = true;
};
openssh = {
enable = true;
openFirewall = true;
};
journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
resolved = {
enable = true;
dnssec = "false";
};
};
users.users.l-nafaryus = {
isNormalUser = true;
extraGroups = ["wheel"];
shell = pkgs.nushell;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
];
initialPassword = "nixos";
};
users.users.root.openssh.authorizedKeys.keys =
config.users.users.l-nafaryus.openssh.authorizedKeys.keys;
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
allowed-uris = [
"github:"
"git+https://github.com/"
"git+ssh://github.com/"
"git+https://vcs.elnafo.ru/"
"git+ssh://vcs.elnafo.ru/"
];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
}

140
nixosConfigurations/vinheim/default.nix
View File

@ -1,140 +0,0 @@
{
pkgs,
lib,
config,
bonLib,
...
}: {
system.stateVersion = "23.11";
imports = [
./hardware.nix
./users.nix
];
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
};
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.dbus = {
enable = true;
packages = with pkgs; [networkmanager];
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.printing = {
enable = true;
};
programs.ssh.extraConfig = ''
Host catarina
HostName 77.242.105.50
Port 22
User l-nafaryus
'';
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
};
# Base packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
btop
git
git-lfs
lazygit
nnn
fzf
ripgrep
fd
unzip
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
grc
gnupg
pass
bat
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = false;
};
};
}

123
nixosConfigurations/vinheim/hardware.nix
View File

@ -1,123 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
# Boot
boot = {
loader.grub = {
enable = true;
device = "/dev/nvme0n1";
useOSProber = true;
};
initrd = {
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
kernelParams = ["threadirqs"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 1;
"net.ipv4.conf.wlo1.accept_source_route" = 1;
"net.ipv6.conf.all.accept_source_route" = 1;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [];
services.fstrim.enable = true;
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
polkit.enable = true;
};
# Hardware etc
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics.enable = true;
graphics.enable32Bit = true;
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
services.pulseaudio.enable = false;
networking = {
networkmanager = {
enable = true;
enableStrongSwan = true;
plugins = with pkgs; [
networkmanager-l2tp
];
};
hostName = "nixos";
extraHosts = ''192.168.130.211 gitlab'';
};
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

306
nixosConfigurations/vinheim/users.nix
View File

@ -1,306 +0,0 @@
{
config,
pkgs,
lib,
bonPkgs,
bonLib,
inputs,
...
}: let
user = "l-nafaryus";
in {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark" "podman"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.nushell;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.${user} = {pkgs, ...}: let
hmConfig = config.home-manager.users.${user};
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
})
inputs.catppuccin.homeManagerModules.catppuccin
inputs.ags.homeManagerModules.default
../common/hm/helix.nix
../common/hm/nushell.nix
];
home.packages = with pkgs; [
taskwarrior3
gparted
firefox
thunderbird
qpwgraph
lutris
wine
winetricks
gamemode
inkscape
imagemagick
yt-dlp
ffmpeg
qbittorrent
telegram-desktop
onlyoffice-bin
# btop
lua
# bat
tree
bonPkgs.bonvim
kdePackages.kmail
kdePackages.kmail-account-wizard
kdePackages.krdc
lazydocker
docker-compose
podman-compose
dive
kdePackages.ksshaskpass
dbeaver-bin
bluez
wl-clipboard
cliphist
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
# Theme
catppuccin = {
# global, for all enabled programs
enable = false;
flavor = "macchiato";
accent = "green";
};
programs.yazi = {
enable = true;
enableNushellIntegration = true;
enableBashIntegration = true;
keymap = {
input.prepend_keymap = [
{
run = "close";
on = ["<Esc>"];
desc = "Cancel input";
}
{
run = ''shell "$SHELL" --block'';
on = "!";
desc = "Drop in shell";
}
];
};
};
programs = {
# General
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins;
map (p: {
name = p.pname;
src = p.src;
}) [
fzf-fish
tide
grc
hydro
];
functions = {
fish-theme-configure = ''
tide configure \
--auto \
--style=Lean \
--prompt_colors='True color' \
--show_time='12-hour format' \
--lean_prompt_height='Two lines' \
--prompt_connection=Disconnected \
--prompt_spacing=Compact \
--icons='Many icons' \
--transient=No
'';
};
};
git = {
enable = true;
lfs.enable = true;
userName = "L-Nafaryus";
userEmail = "l.nafaryus@gmail.com";
signing = {
key = "86F1EA98B48FFB19";
signByDefault = true;
};
extraConfig = {
# ignore trends
init.defaultBranch = "master";
core = {
quotePath = false;
commitGraph = true;
whitespace = "trailing-space";
};
receive.advertisePushOptions = true;
gc.writeCommitGraph = true;
diff.submodule = "log";
};
aliases = {
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
settings = {
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
};
# TODO: replace existing ssh key with gpg provided
};
nnn = {
enable = true;
package = pkgs.nnn.override {withNerdIcons = true;};
bookmarks = {
d = "~/Downloads";
p = "~/projects";
i = "~/Pictures";
m = "~/Music";
v = "~/Videos";
};
plugins = {
src = "${hmConfig.programs.nnn.finalPackage}/share/plugins";
mappings = {
# TODO: add used programs for previews with FIFO support
p = "preview-tui";
};
};
};
ncmpcpp.enable = true;
# Graphical
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
};
mpv = {
enable = true;
};
};
services = {
# General
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-qt;
enableFishIntegration = true;
enableBashIntegration = true;
};
ssh-agent.enable = true;
};
# XDG
xdg = {
enable = true;
mime.enable = true;
userDirs.enable = true;
};
# dconf
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
programs.virt-manager.enable = true;
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
};
fonts.packages = with pkgs; [nerd-fonts.jetbrains-mono liberation_ttf];
services.ollama = {
enable = true;
acceleration = false;
};
}

5
nixosModules/default.nix
View File

@ -10,9 +10,7 @@
./services/papermc.nix
./services/qbittorrent-nox.nix
./services/spoofdpi.nix
# ISSUE: collision with nixos module zapret
./services/zapret.nix
./services/conduit.nix
];
configModule = {
@ -26,7 +24,6 @@
# extra arguments
_module.args = {
bonPkgs = self.packages.${pkgs.system};
bonLib = lib.mkDefault bonLib;
};
};
};
@ -47,7 +44,7 @@
...
}: {
# collect all modules
imports = moduleList ++ [configModule];
imports = importedModules;
};
in
lib.listToAttrs (

52
nixosModules/misc/bonfire/secrets/catarina.yaml
View File

@ -1,24 +1,22 @@
dns: ENC[AES256_GCM,data:EVetcwmmWLyshjD42bavC0SZYY331vI23z907+joXCsxwA58qSX70Nh0HTsfHiErRCEuiEb4u+VrekpcRw112F4SVCdQsC3LeDWYtI20sNqseEmJMIo70o+tfVTR+HeVqu1cFnAnhBqB8BjJYqw3tngfM6uj0s8BeXDFkNw87fwxZ/mB9Mzkgc6roRA7MY5v45kJHPAcRtVG4kuTHAkIcMstEQkipmWvHrVmXMSVV8T/Kh4ghGseHwdYPplwJXFUBJIJSP+xJPFI3gBGAy3Rhql3ME5oDORKT5W2lXZSy6gFchhvjzazzEgEUwIrH11FogkE6lTjtj0waksFch2VE3k1yMDfMCZO/CPTnU4FGGGs20WMZgdDH8+P8+zCgqp4DInHwWBAzJVUw5WywdhFowZ8B7j0/j3CiXh1CJJHPbHGR4Y13Jz6fljmAj0B7H5MgfhcW4wngI8JcNkAnN1j7sDX7YiVCUiXgVeVKm4klqNjI5c9HKEXeiUa+rHwPSNKaEFrIPzZbgoKNxaErgtPN4wAuBWcpy3O+Bcd2zcc4+5Fw4hKpuu7SJTRmcabuL5TMcI/btet+QDXF5pyBQ3FMOPzbejoOZGbArbhci7ASSPhRowUViKWwdIo02kwB3lwY7wKuum0CUvVMdDBhoR7MNlc4zclaKt/LMAhugizu0jhbbbpEqp+J+g6XMoN5lZRlGd3EyGI52ji4rupwpVYqWI9vpc3E5VW7ao2D+YZgmGiNKUGh9eO626CxnpRqbtn+uw3SqkovELldFQQEY6xlt5yK2bdZ9gNZBH1dFuYKnxsfkKcDvQi9WNqJ5qvIw4Add4WMhTLGFWdKpUQFdxcGEbGZHqXRLKc4psUb+nQkQIsEs84tjFr2pScbafj1vvbDw6AfCpVrw28y4e6lpE+qDaehu6m5Jg7VtP7ZGfDNH0IDFueeRT5bg00lmucs3DKoK2Pp1Xu2YOV0N4bJ3o82f1kNaLO9tSGOMw9HOpHIK5t64NWSQ/3MVaiEqqE579y3sRp/a4ulcS1AwAiK5MErKbGpP/HJ5oy+7oU9E1gfkfs4vXdqQPsqDsqkPqiSKFPLacxX75oTcdq2foMnL2NlO4gT/UWfGjK4FceYFrSOk/XRRh6IoZlViWXHuWRGPcSdfEc3k67gwV5VhIWP0ZIK/vVdT7vCOUsJI0vRO7jgK0C0xLFz0oPJa5XzZGVJzzOM43IBW4p0jvzg1HmoZUZTGm/TqUrVkpEecCPkuEjbA6XD5EWqCJbxcj78VoUdqvc7CXKIPCp1orWN+Q2pUfmwe8dxle3EOui7eEhiUrS9w3OjBrbWc1xd9X3htJ+mjKQoC/e7L3t6aiVRBF1YsGYsHkRk/bFkxLOcaKm8u1iqPsu4JtxiQ==,iv:wyFBv+9aW7XB7B2cziNXymdu/njW6ALaQ/rSwtHRszw=,tag:xLm9P41eHZk/sEJt/Ov6Fw==,type:str]
dns: ENC[AES256_GCM,data:KIcegw69ZEVY1VnSktZMMjaRhCJVCHn7BCAKvfR/iXs5AseDLVC025WRAy92UuuVYPwBvdHgRQUg8I6lrfr7RTHJooANHUK8D79c2+sAI/KsUw2ENh1tVgdW2A4enQ==,iv:12yEf+u0Ky0vktAfpAuG28mRSKDLyWlWHJ+9EPYqI4w=,tag:9MKTsAUfvzEyEzTd6ba/Jg==,type:str]
users:
root: ENC[AES256_GCM,data:Yybgl858Dn+6ohhHFEKYm+6H7QNryXNtTd2V+qd1FucH/DdToApcCul1DuwOBwJcCk9TW7CXr09QMP27UEyDJvGb7SR/8VCE7g==,iv:IGVJcIH/9yoYtLx3lIOnioz2JS9M2N59wXrmyyEj5CQ=,tag:e/oigHds6bRHly2xNa22cA==,type:str]
l-nafaryus: ENC[AES256_GCM,data:d9z+Gqlq/eBOlbHQ65knWvYly8jmSJ4/C51xyGf9frEUUKdRyh15r3MIWpFQdeSQrVI536pV9Z4rkORY3r01nQXg3Cf2okTTvA==,iv:diGlOoy7LThYJKWJK+ITPkcqDui4MrnWod96d+5MBBs=,tag:4zgjtbvSNoYdFQTfPAv/Wg==,type:str]
root: ENC[AES256_GCM,data:nZpmZM0Ws9mVujJhqPKfSJwIqit23pc2TlF6k4iGEzQvf2iROyWN/+b212d/LiAWOoVl3tRkt7EcOiLsLu51DJnQtCGOWGcF5w==,iv:hbNMqy+OxbHsh77zT6a2Yb1lUXwVRvRF1PhSO/15keE=,tag:oe/Y2fWKHNiRamuhY+3xYQ==,type:str]
l-nafaryus: ENC[AES256_GCM,data:RJXjIcSWrG00IqneQVBpvPayVZ/mFNZ16digWF/GaNNGYy+bDPYkglTiMdy5/xfah8BMrwmfID4PKyEBtMiIEx8VlV55N+hJyg==,iv:noFYBRrWMg7dxqAbVuT7uOCK4mQk4U29kiECJLb6QCQ=,tag:dZs6TC8kI9ioRYfhcceT+Q==,type:str]
database:
git: ENC[AES256_GCM,data:0q7J5OcU/PXEm+hJtBYPLqn2okDvFuQY+htJgwCcEWs=,iv:vFhRD9Z41dxOoNcgb3koiRqfmUAgC6HtIKEOb7/I2Ms=,tag:ALSHZKH6uO5N4T7ZWWWThw==,type:str]
git: ENC[AES256_GCM,data:g5Fnb9R/LnKrB6rDQ0ss0wu9SZu7433xfUIzJQKG3SA=,iv:MHEclxa1ldE51hNe0zHsVv5BPdN5RELlkHgZGXxSdTo=,tag:zzKNB0/RehFPrhFQMi/g9w==,type:str]
mail:
l-nafaryus: ENC[AES256_GCM,data:tDZyma2K1zn6s3ulStxH544e9R9P5i8SPT3L2V6tPw3ayRX6n4002Km9D/3XOURi6aQq2RW7Hh/RChgQ,iv:i/B4V3epieE0aSI7BdmyyGbCJBxKw2AzuUXTbwzzm7Q=,tag:KiFw8FiiZegc/uaMPnZseA==,type:str]
git: ENC[AES256_GCM,data:7OoR1sWVvcHjzx53T7xT4PeyoEbDo2V2lSRVDyeCArR4Tz2QzPoN3ik/m33i8nZyGOLtKigA/xhK2rre,iv:qmmJch/97tBesNns799ZZcpCeQ0xauGlCdSjbipX/LQ=,tag:yHejsY3L6ZlO8XuLnSOCVw==,type:str]
kirill: ENC[AES256_GCM,data:b/P3yMOGbY3zK79a25DOJVBqEmTXagyCZZmK4xUDpSrf4/f7vkatFpTLQJgK8zxKUW71Vv5TV2AdS8+z,iv:zDa+q+01MDc9YpiU/WLIpC4sikOwYvJ6UcaJHNiYOy0=,tag:NEqX6mlaLVmB3gXkIIWqZQ==,type:str]
l-nafaryus: ENC[AES256_GCM,data:8JGjpQxcytZhfYT2JFUspufCnwCISbzBbaY2gN8WpSrlSlhIxVBkcdFnuGl3EJ6kABFX3lEGZomVNtay,iv:9l/x5xiDvkJ8QeqK7LTtQ/nxTckMGTkgujSDLtfWMZM=,tag:6qVUxjgs6QB+MQwog1fksw==,type:str]
git: ENC[AES256_GCM,data:w6odytyieDSJCRdf6og7rX1274Xtd3Mn+Eg5tPFjQv3pN/OVJ1fRk7nGFmHlKqR2VEtUVFHyZHKW4J7+,iv:Lo9yyCNvBxUOlxhLo4PFfT7eZrwZ3d6Yue2U8MBlTfM=,tag:T41aErdaYDI6ns20EBOwyw==,type:str]
kirill: ENC[AES256_GCM,data:ZBFfZufBdRRaeXUWiISVPxGvou78kNn+U1nYSBJ7OR6IqyvZMec+/s3+dDiwySOJ58EYCCqUZ7pq05U0,iv:r+mHKvxfI32Y/AHVN0AQqj3OqkxECuU6LIFNzmGvZ5s=,tag:gJsG2pa2k4gBTD294DuNWg==,type:str]
gitea:
mail: ENC[AES256_GCM,data:HdtKGkT3o/v2yM8+abDeXPGVuLT+Nzdf1/uH5nz3,iv:JXDq0a0Q2sC5h/bO66FF//+2LFjnZDXdGrLntMbjC/k=,tag:dkKOjYL8noXHuCg1OAW8lw==,type:str]
mail: ENC[AES256_GCM,data:LFYWpjHPcu6CQgcUEVcFA0ewZRjzA36wsoATnVGj,iv:Jqn1+6xa+wdkmdG2z9b8jf4DzCqF0I0YSctbiMN2tKw=,tag:aQQJG9STQmnAu+Dp9lj6cg==,type:str]
gitea-runner:
master-token: ENC[AES256_GCM,data:yqcADVwBkpZ6EHW1qEm9eaGtJTf/GfrXXMf0CJcaVewbNbm0/5CccxctUrGJN3Wxwg==,iv:+Mz+Cop/Md0/rEWyABs/Fk4JyWKM0OFfM4l1TQopt+Q=,tag:MnX+EzMuBBgOHFnCbjk0UQ==,type:str]
master-token: ENC[AES256_GCM,data:hZc+sti6I1j3EQQc/wRb5exg0yO6+wq0NCdUJ6FN/wpwyhfWPdEJ5eWw+3bAsEpxdQ==,iv:uJXhf5DZtk1LROyfw8bn5ZjN329LbZyTlaSPMvzeNXs=,tag:IeGUODEvfELc2YS+TUP7/g==,type:str]
papermc:
rcon: ENC[AES256_GCM,data:COm1KtjKTdmo,iv:9zqs2hH65lEx6UVvfi3pmglUILmUdRZJ6nVyG1uxPvM=,tag:ou2jyfmcaRbYUAKHJnRpOQ==,type:str]
discordToken: ENC[AES256_GCM,data:nFDd+6G5AhQ+mHNUeN2Hqc7kK4St8gXqzraFjgHW+1DD1Ee8siYHqMWml83EVg1Tc9yh5C2MIjZhv7daAX92VIOrnmENEH4BL/A=,iv:N/VlgxJ0WTgToEsWuUIFNmFk6qNlz3rJz16wU+NGlo8=,tag:Tg33mzF9emJ7ZlmBujTBMw==,type:str]
rcon: ENC[AES256_GCM,data:t6EjQmR+7l9x,iv:Vg3Ht/FNDUSkpRcP4c3hR/GzXMFMH/uD1wkPGn/OyKQ=,tag:++OEAYFK2qE4gM/XMSGH+g==,type:str]
discordToken: ENC[AES256_GCM,data:oRNbi3uDJClyRJgKycvJAt+2ZPT3hU9AVGmB1XMGqObz6O0DpdBlsmSCbwXwhvD2U0cMLUx7fdehdDUXTnk5qLR/eBSwD/k0+0U=,iv:WXRo7iSRn+/4oeHuuEhQsDNrxw1pWt21GDLeinVOmV0=,tag:IHWpKGlkmHwDI7j9MHTbtg==,type:str]
nix-store:
cache-key: ENC[AES256_GCM,data:+FpQ3Oxr2lSoXRNGSdMqwnUk88zXdL/s0uq6U3TirrcAormMIrnY7Uu8IYL+XL47yNdlxj54GrC/D/IehmwovrqIkfJnyqT76ZNPF7ELS84iKqBWd7IZu3/4s1sWAQvip4egBn+C8no=,iv:FhQyIir0L4NQ6w8IYKTgHebVNCtLPM6Ud35gTqCvlkc=,tag:bOdoiC0/lXfqP8C/jBFsLg==,type:str]
matrix:
coturn-secret: ENC[AES256_GCM,data:VItx+e4AllJTCHLWfpscHFZIJkACypKiGbygFtm8Vd98YWMqUURN9ifmwpY=,iv:SR7w7mQ3XJyO/7l106yFIcqIaW8sp4VZFpWG+oWY9UM=,tag:H7Y7LcmeYYjGF0XNy/T5fg==,type:str]
cache-key: ENC[AES256_GCM,data:SH0lBYa6ELoraxKmWo+hb3+rFRjFbVm1mj0YiVKUua5pVnC8Weihk4haTJZ1zShc3ADuinyHD/Ns+576bajWoE5jSGHXlgWQ8P+5fMZ0BkmZEuP5kooWRBk5t1aZilM3LJavwsYiE6E=,iv:KpwDXIXtaiNgVgcUQJJOnA+YLXVhJwILeq2dX1XkXgo=,tag:4kTemsodW0bhW9joQAPzhA==,type:str]
sops:
kms: []
gcp_kms: []
@ -28,23 +26,23 @@ sops:
- recipient: age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QkVJYzd1dnpsS3RBNHNu
cUpVd3VCeWtrV0crZ1llOHBiTCtZNlZxNEVFClNVT05mNGJvYjI1aE5sZStpQjZ2
V2dXYXRYRDEvUnZjU0p2K2VkN2UwMTAKLS0tIDhWRUxBUzlkbjRId2pwYlp6YVps
WHZtU2RaejBWRXJ5SGJ5bHJKVG5oSU0Koxdwdl1pnbBYJ74onPPHfmCZ4os+T5rx
zms4Bhsi5oIzcPSaDEcIQx5UMG1/NBXTEEPdSaRQfW31vL3Ja09C0A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvajllWmw2U2U3eDFvY0Uw
S09kTGV1RDZVTU42QmlOZXcwWFl2RWNQeldRCklsSERCUUJKS1BNbkt4MWtoWFl3
ZG9BVUFoQ1h5ZGlFelNzMEtIQmliTjgKLS0tIHZCWFBHUEw2TE9Yc0tZemtkUkNN
eXgrOTk1S0tDWWpHUkIveWZZdlYvMTQKyZMAYr6n5figUX2YUAAA37nxA5r1tyXh
F7/l2T4R+cXq3Oywf5EtezOMdl9Xprk0ZoubzT55p0TPtYwCNk6Chg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wyz7cfldqe9hh8qyw2qm42hkq9s7qdwqnrnv0u3s6vstv9649v0sh0z4em
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQmJtQlVEaU1UOHJFcjhQ
bVpOVFlPa0toeFg1WTJLYS9Ec0VzNzJ0elZBCk9NY3p3T0U3MVEzSTZMNVk1YkdF
cktuak5adG1zc2dHYkk3aHUrZ2Jodk0KLS0tIEliVzg0VXVmeUZJWU5nRWc1RWIv
dngzMTF6NG8rYk43KzlFQlY0aFZuaHcK10K+BkXbL0Q4RTw5Onigdcploni5iZ4p
Mvlu5Kl5N0aKJXv2iqHyoBDRByMxBwjpknZM8WAwS6ap/uE/P8TcEA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSkt5NG4wdGVwMDlpMFhv
Vm56L1owRXJ2RTBhUVZ2aXpVVUVrZDV6M0FNCmYxTlNrQko0SmorWUV3VnRkOENK
RDJzQkk0dVA0UVdDWEtxRDJEZFpSWVUKLS0tIGc1NFUzb1dhWUZlQWdpNFA4ZC9J
cFBmaUV4SWx3K21UUDA2YlBVY1NCazgK080jE+EELtQf8PmlaZs4RR+gjJEeEiTn
wwZXV8ufOGtLLwFtYlm8pdMXDtVrBywcRdzSo6/e73Y+GFxulTIFCQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-18T19:20:31Z"
mac: ENC[AES256_GCM,data:SLpOeCaid3J+vlNHBq15/9XRkNMK1vKV409xAJtua//solJ/68ibbutcVwGp/l+MWggTJ09wrd1wUGXxYqtfnrFENh7rG8IlX1rSpBWkOcNkxYiFvbm4AzFjv/kQa4l8KQ57a7AX4rKrr1Slt8anx6NXdoslKDU8Dp2oAxHbF/E=,iv:0UAIlvAQCzVga0Yjoq0JhD94Fx0J6k1vnpVt46z6b0U=,tag:Abz+YmMsGmrArco41m36Dw==,type:str]
lastmodified: "2024-08-05T17:43:22Z"
mac: ENC[AES256_GCM,data:OMwzBcK+KEaxZNTxCnlhDmm9efUkOtMk7vZUfxV9bCny80CdQhp9dD9a9bRPwn+lzgTj3CZLhLAubB3Eh01dqrbZ3DQt/p6xFQ54kCX0a18AHVSIrDcYQNez0MLcOI56RvJDofsO5Dh3i2sFXZ/gaxEjPBQPxlbH1KOrjCm480w=,iv:70i/TOlDF8Vru5FBu0fVb9IkG+Fg83zqcrcuyiHEHBc=,tag:A5qPz8KQl33Z5uHzMlTA0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.0

12
nixosModules/misc/bonfire/secrets/default.nix
View File

@ -42,18 +42,6 @@
group = "nix-serve";
mode = "0600";
};
coturn-secret = lib.mkIf config.services.coturn.enable {
owner = "turnserver";
group = "turnserver";
key = "matrix/coturn-secret";
};
turn-secret = lib.mkIf config.services.conduit.enable {
owner = "conduit";
group = "conduit";
key = "matrix/coturn-secret";
};
};
};

223
nixosModules/services/conduit.nix
View File

@ -1,223 +0,0 @@
{
config,
lib,
pkgs,
bonLib,
...
}:
with lib; let
cfg = config.services.conduit;
format = pkgs.formats.toml {};
configFile = pkgs.writeText "config.toml" ''
${bonLib.toTOML {global = cfg.settings.global // lib.optionals (cfg.turn_secret_file != null) {turn_secret = "#turn_secret#";};}}
'';
in {
options.services.conduit = {
enable = mkEnableOption "conduit";
extraEnvironment = mkOption {
type = types.attrsOf types.str;
description = "Extra Environment variables to pass to the conduit server.";
default = {};
example = {RUST_BACKTRACE = "yes";};
};
package = mkOption {
type = types.package;
default = pkgs.matrix-conduit;
defaultText = literalExpression "pkgs.matrix-conduit";
description = "The package to use.";
};
turn_secret_file = mkOption {
type = types.nullOr types.path;
default = null;
description = "The path to the file with TURN secret.";
};
settings = mkOption {
type = types.submodule {
#freeformType = format.type;
options = {
global.server_name = mkOption {
type = types.str;
example = "example.com";
description = "The server_name is the name of this server. It is used as a suffix for user # and room ids.";
};
global.port = mkOption {
type = types.port;
default = 6167;
description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port";
};
global.max_request_size = mkOption {
type = types.ints.positive;
default = 20000000;
description = "Max request size in bytes. Don't forget to also change it in the proxy.";
};
global.allow_registration = mkOption {
type = types.bool;
default = false;
description = "Whether new users can register on this server.";
};
global.allow_encryption = mkOption {
type = types.bool;
default = true;
description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.";
};
global.allow_federation = mkOption {
type = types.bool;
default = true;
description = ''
Whether this server federates with other servers.
'';
};
global.trusted_servers = mkOption {
type = types.listOf types.str;
default = ["matrix.org"];
description = "Servers trusted with signing server keys.";
};
global.address = mkOption {
type = types.str;
default = "::1";
description = "Address to listen on for connections by the reverse proxy/tls terminator.";
};
global.database_path = mkOption {
type = types.str;
default = "/var/lib/conduit/";
readOnly = true;
description = ''
Path to the conduit database, the directory where conduit will save its data.
Note that due to using the DynamicUser feature of systemd, this value should not be changed
and is set to be read only.
'';
};
global.database_backend = mkOption {
type = types.enum ["sqlite" "rocksdb"];
default = "sqlite";
example = "rocksdb";
description = ''
The database backend for the service. Switching it on an existing
instance will require manual migration of data.
'';
};
global.allow_check_for_updates = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow Conduit to automatically contact
<https://conduit.rs> hourly to check for important Conduit news.
Disabled by default because nixpkgs handles updates.
'';
};
global.well_known.client = mkOption {
type = types.nullOr types.str;
default = null;
description = "The URL that clients should use to connect to Conduit.";
};
global.well_known.server = mkOption {
type = types.nullOr types.str;
default = null;
description = "The hostname and port servers should use to connect to Conduit.";
};
global.turn_uris = mkOption {
type = types.listOf types.str;
default = [];
description = "The TURN URIs.";
};
global.turn_secret = mkOption {
type = types.nullOr types.str;
default = null;
description = "The TURN secret.";
};
global.turn_ttl = mkOption {
type = types.int;
default = 86400;
description = "The TURN TTL in seconds.";
};
};
};
default = {};
description = ''
Generates the conduit.toml configuration file. Refer to
<https://docs.conduit.rs/configuration.html>
for details on supported values.
Note that database_path can not be edited because the service's reliance on systemd StateDir.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.settings.global.turn_secret != null -> cfg.turn_secret_file == null;
message = "settings.global.turn_secret and turn_secret_file cannot be set at the same time";
}
];
users.users.conduit = {
description = "Conduit service user.";
isSystemUser = true;
group = "conduit";
};
users.groups.conduit = {};
systemd.services.conduit = let
runConfig = "/run/conduit/config.toml";
in {
description = "Conduit Matrix Server";
documentation = ["https://gitlab.com/famedly/conduit/"];
after = ["network-online.target"];
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
environment = mkMerge [
{CONDUIT_CONFIG = runConfig;}
cfg.extraEnvironment
];
preStart = ''
cat ${configFile} > ${runConfig}
${lib.optionalString (cfg.turn_secret_file != null) ''
${pkgs.replace-secret}/bin/replace-secret \
"#turn_secret#" \
${cfg.turn_secret_file} \
${runConfig}
''}
chmod 640 ${runConfig}
'';
serviceConfig = {
User = "conduit";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
StateDirectory = "conduit";
StateDirectoryMode = "0700";
RuntimeDirectory = "conduit";
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
UMask = "077";
};
};
systemd.tmpfiles.rules = [
"d /run/conduit 0700 conduit conduit - -"
];
};
}

59
nixosModules/services/zapret.nix
View File

@ -17,8 +17,6 @@ with lib; let
(lib.splitString "\n" (lib.removeSuffix "\n" str))))
);
in {
disabledModules = ["services/networking/zapret.nix"];
options.services.zapret = {
enable = mkEnableOption "DPI bypass multi platform service";
@ -103,30 +101,14 @@ in {
description = "List of addresses to ignore";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/zapret";
description = ''
Directory to store zapret files and antifilter lists.
'';
};
filterAddressesSource = mkOption {
type = types.nullOr types.str;
default = null;
example = ''https://antifilter.network/download/ipsmart.lst'';
description = "Link to external list of addresses to download and use.";
};
# TODO: ipset hashsize and maxelem
# TODO: add filter and anti filter options with optional file paths
# TODO ipset hashsize and maxelem
};
config = mkIf cfg.enable {
users.users.tpws = {
isSystemUser = true;
group = "tpws";
home = cfg.dataDir;
createHome = true;
};
users.groups.tpws = {};
@ -144,8 +126,6 @@ in {
)
gawk
ipset
wget
curl
];
serviceConfig = {
@ -153,11 +133,10 @@ in {
Restart = "no";
TimeoutSec = "30sec";
IgnoreSIGPIPE = "no";
#KillMode = "none";
KillMode = "none";
GuessMainPID = "no";
RemainAfterExit = "no";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/zapret start";
ExecStop = let
stop_script = pkgs.writeShellScriptBin "zapret-stop" ''
@ -178,25 +157,37 @@ in {
DISABLE_IPV6=${toString cfg.disableIPV6}
''
]);
# hardening
DevicePolicy = "closed";
KeyringMode = "private";
PrivateTmp = true;
PrivateMounts = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ProtectProc = "invisible";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
preStart = let
zapretListFile = src: pkgs.writeText "zapretList" (createFilterList "zapret" src);
nozapretListFile = src: pkgs.writeText "nozapretList" (createFilterList "nozapret" src);
# zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" (lib.readFile cfg.package.passthru.antifilter.ipsmart));
zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" cfg.filterAddresses);
nozapretListFile = pkgs.writeText "nozapretList" (createFilterList "nozapret" cfg.ignoreAddresses);
in ''
${lib.optionalString (cfg.filterAddressesSource != null) "curl -L '${cfg.filterAddressesSource}' -o ${cfg.dataDir}/zapretList && sed -i -e 's/^/add zapret /' '${cfg.dataDir}/zapretList'"}
ipset create zapret hash:net family inet hashsize 262144 maxelem 522288 -!
ipset flush zapret
ipset restore -! < ${
if (cfg.filterAddressesSource != null)
then "${cfg.dataDir}/zapretList"
else (zapretListFile cfg.filterAddresses)
}
ipset restore -! < ${zapretListFile}
ipset create nozapret hash:net family inet hashsize 262144 maxelem 522288 -!
ipset flush nozapret
ipset restore -! < ${nozapretListFile cfg.ignoreAddresses}
ipset restore -! < ${nozapretListFile}
'';
};
};

13
packages/blender/default.nix Normal file
View File

@ -0,0 +1,13 @@
{
bonLib,
lib,
pkgs,
...
}:
(pkgs.blender.override {cudaSupport = true;}).overrideAttrs (old: {
meta =
old.meta
// {
description = old.meta.description + " (CUDA enabled)";
};
})

10
packages/cargo-shuttle/default.nix
View File

@ -30,16 +30,6 @@
zlib
];
passthru = {
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/shuttle-hq/shuttle/tags?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].name" | ${pkgs.gnused}/bin/sed 's/^v//')"
drift rewrite --auto-hash --new-version "$latest"
'';
};
meta = with lib; {
description = "A cargo command for the shuttle platform";
license = licenses.asl20;

12
packages/default.nix
View File

@ -81,14 +81,14 @@ in
builder = {pkgs, ...}: pkgs.callPackage;
};
lego = {
source = ./lego;
platforms = ["x86_64-linux"];
builder = {pkgs, ...}: pkgs.callPackage;
};
# Pass for cache
blender = {
source = ./blender;
platforms = ["x86_64-linux"];
builder = {...}: import;
};
wezterm = {
source = ./wezterm;
platforms = ["x86_64-linux"];

42
packages/lego/default.nix
View File

@ -1,42 +0,0 @@
{
bonLib,
lib,
fetchFromGitHub,
buildGoModule,
nixosTests,
version ? "bfe36067932e4594d3baf01cb6545c43b8e1f79c",
hash ? "sha256-ye5O1HYjzpuF4k2G5KUKHNyi33fJV8K0uxyeIXieX9Q=",
vendorHash ? "sha256-aW5Olj9t19R6J9NvuXhSXvfxdpC1yDk5/cHxZMRVJpY=",
...
}:
buildGoModule rec {
pname = "lego";
inherit version;
src = fetchFromGitHub {
owner = "go-acme";
repo = "lego";
rev = version;
hash = hash;
};
inherit vendorHash;
doCheck = false;
subPackages = ["cmd/lego"];
ldflags = [
"-X main.version=${version}"
];
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = with bonLib.maintainers; [L-Nafaryus];
mainProgram = "lego";
};
passthru.tests.lego = nixosTests.acme;
}

23
packages/netgen/default.nix
View File

@ -2,9 +2,8 @@
bonLib,
stdenv,
pkgs,
version ? "6.2.2405",
version ? "6.2.2404",
sha256 ? "sha256-SZPZT49BqUzssPcOo/5yAkjqAHDErC86xCUFL88Iew4=",
lib,
...
}:
stdenv.mkDerivation {
@ -62,26 +61,6 @@ stdenv.mkDerivation {
export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
'';
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
new_version=$(${lib.getExe pkgs.curl} -s "https://api.github.com/repos/NGSolve/netgen/tags?per_page=1" | ${lib.getExe pkgs.jq} -r ".[0].name")
new_hash=$(nix flake prefetch --json https://github.com/NGSolve/netgen/archive/refs/tags/$new_version.tar.gz | ${lib.getExe pkgs.jq} -r ".hash")
old_version=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.version")
old_hash=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.outputHash")
nixpath=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.meta.position")
relpath=$(echo $nixpath | ${lib.getExe pkgs.ripgrep} "\/nix\/store\/[\w\d]{32}-[^\/]+/" -r "" | ${lib.getExe pkgs.ripgrep} "[:\d]" -r "")
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_version/$new_version/g"
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_hash/$new_hash/g"
content=$(${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
content=$(echo $content | ${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
echo $content > $relpath
# TODO: убрать все кавычки
'';
};
meta = with pkgs.lib; {

11
packages/spoofdpi/default.nix
View File

@ -4,6 +4,7 @@
pkgs,
version ? "v0.10.0",
hash ? "sha256-e6TPklWp5rvNypnI0VHqOjzZhkYsZcp+jkXUlYxMBlU=",
vendorHash ? "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=",
...
}:
pkgs.buildGoModule {
@ -17,20 +18,12 @@ pkgs.buildGoModule {
hash = hash;
};
vendorHash = "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=";
inherit vendorHash;
doCheck = false;
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
passthru.update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/xvzc/SpoofDPI/releases?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].tag_name" | ${pkgs.gnused}/bin/sed 's/^v//')"
drift rewrite --auto-hash --new-version "$latest"
'';
meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go";

108
packages/wezterm/default.nix
View File

@ -1,16 +1,108 @@
{
bonLib,
craneLib,
lib,
weztermPkgs,
pkgs,
version ? "2d0c5cddc91a9c59aef9a7667d90924e7cedd0ac",
hash ? "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=",
...
}:
weztermPkgs.default.overrideAttrs (old: {
pname = "wezterm";
}: let
src = pkgs.fetchFromGitHub {
owner = "wez";
repo = "wezterm";
rev = version;
hash = hash;
fetchSubmodules = true;
};
terminfo =
pkgs.runCommand "wezterm-terminfo"
{
nativeBuildInputs = [pkgs.ncurses];
} ''
mkdir -p $out/share/terminfo $out/nix-support
tic -x -o $out/share/terminfo ${src}/termwiz/data/wezterm.terminfo
'';
pkg = {
pname = "wezterm";
inherit version;
meta =
old.meta
// {
inherit src;
strictDeps = true;
doCheck = false;
nativeBuildInputs = with pkgs; [
installShellFiles
ncurses # tic for terminfo
pkg-config
python3
];
buildInputs = with pkgs; [
fontconfig
pkgs.zlib
libxkbcommon
openssl
wayland
cairo
xorg.libX11
xorg.libxcb
xorg.xcbutil
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilwm # contains xcb-ewmh among others
];
libPath = lib.makeLibraryPath (with pkgs; [
xorg.xcbutilimage
libGL
vulkan-loader
]);
postPatch = ''
echo ${version} > .tag
# tests are failing with: Unable to exchange encryption keys
# rm -r wezterm-ssh/tests
'';
preFixup = lib.optionalString pkgs.stdenv.isLinux ''
patchelf \
--add-needed "${pkgs.libGL}/lib/libEGL.so.1" \
--add-needed "${pkgs.vulkan-loader}/lib/libvulkan.so.1" \
$out/bin/wezterm-gui
'';
postInstall = ''
mkdir -p $out/nix-support
echo "${terminfo}" >> $out/nix-support/propagated-user-env-packages
install -Dm644 assets/icon/terminal.png $out/share/icons/hicolor/128x128/apps/org.wezfurlong.wezterm.png
install -Dm644 assets/wezterm.desktop $out/share/applications/org.wezfurlong.wezterm.desktop
install -Dm644 assets/wezterm.appdata.xml $out/share/metainfo/org.wezfurlong.wezterm.appdata.xml
install -Dm644 assets/shell-integration/wezterm.sh -t $out/etc/profile.d
installShellCompletion --cmd wezterm \
--bash assets/shell-completion/bash \
--fish assets/shell-completion/fish \
--zsh assets/shell-completion/zsh
install -Dm644 assets/wezterm-nautilus.py -t $out/share/nautilus-python/extensions
'';
meta = with lib; {
homepage = "https://github.com/wez/wezterm";
description = "A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust";
license = lib.licenses.mit;
maintainers = with bonLib.maintainers; [L-Nafaryus];
platforms = platforms.x86_64;
mainProgram = "wezterm";
};
})
};
in let
cargoArtifacts = craneLib.buildDepsOnly pkg;
in
craneLib.buildPackage (
pkg // {inherit cargoArtifacts;}
)