Compare commits
No commits in common. "master" and "packages-wezterm" have entirely different histories.
master
...
packages-w
@ -1,14 +1,9 @@
|
|||||||
{
|
{pkgs, ...}:
|
||||||
pkgs,
|
|
||||||
drift,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
pkgs.mkShellNoCC {
|
pkgs.mkShellNoCC {
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
sops
|
sops
|
||||||
mkpasswd
|
mkpasswd
|
||||||
jq
|
jq
|
||||||
cachix
|
cachix
|
||||||
drift
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -18,8 +18,6 @@ in
|
|||||||
|
|
||||||
crane = self.inputs.crane;
|
crane = self.inputs.crane;
|
||||||
crane-lib = self.inputs.crane.mkLib pkgs;
|
crane-lib = self.inputs.crane.mkLib pkgs;
|
||||||
|
|
||||||
drift = self.inputs.drift.packages.${system}.drift;
|
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
default = import ./bonfire.nix environment;
|
default = import ./bonfire.nix environment;
|
||||||
@ -32,6 +30,4 @@ in
|
|||||||
rust-x11 = import ./rust-x11.nix environment;
|
rust-x11 = import ./rust-x11.nix environment;
|
||||||
|
|
||||||
go = import ./go.nix environment;
|
go = import ./go.nix environment;
|
||||||
|
|
||||||
python-uv = import ./python-uv.nix environment;
|
|
||||||
})
|
})
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
{pkgs, ...}:
|
|
||||||
pkgs.mkShellNoCC {
|
|
||||||
packages = with pkgs; [
|
|
||||||
uv
|
|
||||||
curl
|
|
||||||
jq
|
|
||||||
];
|
|
||||||
}
|
|
508
flake.lock
generated
508
flake.lock
generated
@ -1,34 +1,18 @@
|
|||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"advisory-db": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1732530460,
|
|
||||||
"narHash": "sha256-1SceEHyFdHnoWE/AnoDZRu/9+Ift3Oc1+iQzmbP7OBU=",
|
|
||||||
"owner": "rustsec",
|
|
||||||
"repo": "advisory-db",
|
|
||||||
"rev": "4676c5529dd5319b9962e42bf984797f0dd57f5b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "rustsec",
|
|
||||||
"repo": "advisory-db",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"ags": {
|
"ags": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"astal": "astal",
|
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732307740,
|
"lastModified": 1725841979,
|
||||||
"narHash": "sha256-ZDsYdZOtg5qkK/wfLLB83B3SI+fE32S+/6Ey0ggHODM=",
|
"narHash": "sha256-SXYqzpHPuXFR6w/cUKo3VN8XRn6XA2mGbdRXs9oLk6k=",
|
||||||
"owner": "Aylur",
|
"owner": "Aylur",
|
||||||
"repo": "ags",
|
"repo": "ags",
|
||||||
"rev": "81159966eb8b39b66c3efc133982fd76920c9605",
|
"rev": "aaef50bb2c80ef4b4a359329d72669a95e7c4796",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -37,27 +21,6 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"astal": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"ags",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731952585,
|
|
||||||
"narHash": "sha256-Sh1E7sJd8JJM3PCU1ZOei/QWz97OLCENIi2rTRoaniw=",
|
|
||||||
"owner": "aylur",
|
|
||||||
"repo": "astal",
|
|
||||||
"rev": "664c7a4ddfcf48c6e8accd3c33bb94424b0e8609",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "aylur",
|
|
||||||
"repo": "astal",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"blobs": {
|
"blobs": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
@ -76,11 +39,11 @@
|
|||||||
},
|
},
|
||||||
"catppuccin": {
|
"catppuccin": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732703064,
|
"lastModified": 1725509983,
|
||||||
"narHash": "sha256-n8XOmn0WGtQhAMJKTnhL/3ttV2ZahPRf6gtlqZ6R4QE=",
|
"narHash": "sha256-NHCgHVqumPraFJnLrkanoLDuhOoUHUvRhvp/RIHJR+A=",
|
||||||
"owner": "catppuccin",
|
"owner": "catppuccin",
|
||||||
"repo": "nix",
|
"repo": "nix",
|
||||||
"rev": "2e2bdecf0bae287d74947cd5cf967c5c499c23c1",
|
"rev": "45745fe5960acaefef2b60f3455bcac6a0ca6bc9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -91,11 +54,11 @@
|
|||||||
},
|
},
|
||||||
"crane": {
|
"crane": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732407143,
|
"lastModified": 1725409566,
|
||||||
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
|
"narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
|
"rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -104,116 +67,7 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"crane_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1732407143,
|
|
||||||
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
|
|
||||||
"owner": "ipetkov",
|
|
||||||
"repo": "crane",
|
|
||||||
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "ipetkov",
|
|
||||||
"repo": "crane",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"dream2nix": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"elnafo-radio",
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"purescript-overlay": "purescript-overlay",
|
|
||||||
"pyproject-nix": "pyproject-nix"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1732214960,
|
|
||||||
"narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "dream2nix",
|
|
||||||
"rev": "a8dac99db44307fdecead13a39c584b97812d0d4",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "dream2nix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"drift": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"snowfall-lib": "snowfall-lib",
|
|
||||||
"unstable": "unstable"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1716675566,
|
|
||||||
"narHash": "sha256-H1f5LI1pKogcv+S4pjHjGWwC4286wuQxfjp9Poc+sTg=",
|
|
||||||
"owner": "snowfallorg",
|
|
||||||
"repo": "drift",
|
|
||||||
"rev": "b0c929d645040abb01d5faff63e07caade0ce8e4",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "snowfallorg",
|
|
||||||
"repo": "drift",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"elnafo-radio": {
|
|
||||||
"inputs": {
|
|
||||||
"advisory-db": "advisory-db",
|
|
||||||
"crane": "crane_2",
|
|
||||||
"dream2nix": "dream2nix",
|
|
||||||
"fenix": "fenix",
|
|
||||||
"nix-std": "nix-std",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1732734795,
|
|
||||||
"narHash": "sha256-xDR8ZF9S/igtu51ZQ68w7WdKp0IGzmZSF7hLtezALPY=",
|
|
||||||
"ref": "refs/heads/master",
|
|
||||||
"rev": "e3b05ea5e209b268bca1f9ebcb30096c5aebcf0a",
|
|
||||||
"revCount": 14,
|
|
||||||
"type": "git",
|
|
||||||
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"type": "git",
|
|
||||||
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"fenix": {
|
"fenix": {
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"elnafo-radio",
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"rust-analyzer-src": [
|
|
||||||
"elnafo-radio"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1732689334,
|
|
||||||
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "fenix",
|
|
||||||
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "fenix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"fenix_2": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
@ -221,11 +75,11 @@
|
|||||||
"rust-analyzer-src": []
|
"rust-analyzer-src": []
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732689334,
|
"lastModified": 1726813972,
|
||||||
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
|
"narHash": "sha256-t6turZgoSAVgj7hn5mxzNlLOeVeZvymFo8+ymB52q34=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "fenix",
|
"repo": "fenix",
|
||||||
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
|
"rev": "251caeafc75b710282ee7e375800f75f4c8c5727",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -235,38 +89,6 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1650374568,
|
|
||||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_2": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1696426674,
|
|
||||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_3": {
|
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696426674,
|
"lastModified": 1696426674,
|
||||||
@ -290,11 +112,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730504689,
|
"lastModified": 1726153070,
|
||||||
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
|
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
|
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -305,14 +127,14 @@
|
|||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694529238,
|
"lastModified": 1710146030,
|
||||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -321,53 +143,16 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils-plus": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1715533576,
|
|
||||||
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
|
|
||||||
"owner": "gytis-ivaskevicius",
|
|
||||||
"repo": "flake-utils-plus",
|
|
||||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "gytis-ivaskevicius",
|
|
||||||
"repo": "flake-utils-plus",
|
|
||||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731533236,
|
|
||||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_3": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_3"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726560853,
|
"lastModified": 1710146030,
|
||||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -417,11 +202,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732482255,
|
"lastModified": 1726825546,
|
||||||
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
|
"narHash": "sha256-HiBzfzgqojA9OjPB+vdi2o+gy4Zw/MEipuGopgGsZEw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
|
"rev": "0b052dd8119005c6ba819db48bcc657e48f401b7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -430,34 +215,6 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ixx": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": [
|
|
||||||
"nixvim",
|
|
||||||
"nuschtosSearch",
|
|
||||||
"flake-utils"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixvim",
|
|
||||||
"nuschtosSearch",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1729958008,
|
|
||||||
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
|
||||||
"owner": "NuschtOS",
|
|
||||||
"repo": "ixx",
|
|
||||||
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NuschtOS",
|
|
||||||
"ref": "v0.0.6",
|
|
||||||
"repo": "ixx",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"libpng": {
|
"libpng": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
@ -475,40 +232,10 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nix-std": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1710870712,
|
|
||||||
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
|
|
||||||
"owner": "chessai",
|
|
||||||
"repo": "nix-std",
|
|
||||||
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "chessai",
|
|
||||||
"repo": "nix-std",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-std_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1710870712,
|
|
||||||
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
|
|
||||||
"owner": "chessai",
|
|
||||||
"repo": "nix-std",
|
|
||||||
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "chessai",
|
|
||||||
"repo": "nix-std",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixos-mailserver": {
|
"nixos-mailserver": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
"flake-compat": "flake-compat_3",
|
"flake-compat": "flake-compat",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
@ -530,11 +257,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732521221,
|
"lastModified": 1726755586,
|
||||||
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
|
"narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
|
"rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -559,6 +286,22 @@
|
|||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1725762081,
|
||||||
|
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-24.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719223410,
|
"lastModified": 1719223410,
|
||||||
@ -590,11 +333,11 @@
|
|||||||
"treefmt-nix": []
|
"treefmt-nix": []
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732726573,
|
"lastModified": 1726846628,
|
||||||
"narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
|
"narHash": "sha256-0CH44sEwiljiN2q7eIFCvabyUm1WeEiF8ofP/z5ca0Q=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "fc9178d124eba824f1862513314d351784e1a84c",
|
"rev": "3211ce356be612ae89a38c60799992bde8a47127",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -605,19 +348,18 @@
|
|||||||
},
|
},
|
||||||
"nuschtosSearch": {
|
"nuschtosSearch": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_2",
|
"flake-utils": "flake-utils",
|
||||||
"ixx": "ixx",
|
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixvim",
|
"nixvim",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731936508,
|
"lastModified": 1726816132,
|
||||||
"narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
|
"narHash": "sha256-AbB0lgc0IbzLIxj1O3cosiMNAVQak4KJtvq9q8MjHhs=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "search",
|
"repo": "search",
|
||||||
"rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
|
"rev": "7733a39a1321057172d87e6251ded7cdeb67171e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -667,57 +409,13 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"purescript-overlay": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat_2",
|
|
||||||
"nixpkgs": [
|
|
||||||
"elnafo-radio",
|
|
||||||
"dream2nix",
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"slimlock": "slimlock"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1728546539,
|
|
||||||
"narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=",
|
|
||||||
"owner": "thomashoneyman",
|
|
||||||
"repo": "purescript-overlay",
|
|
||||||
"rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "thomashoneyman",
|
|
||||||
"repo": "purescript-overlay",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"pyproject-nix": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1702448246,
|
|
||||||
"narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=",
|
|
||||||
"owner": "davhau",
|
|
||||||
"repo": "pyproject.nix",
|
|
||||||
"rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "davhau",
|
|
||||||
"ref": "dream2nix",
|
|
||||||
"repo": "pyproject.nix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"ags": "ags",
|
"ags": "ags",
|
||||||
"catppuccin": "catppuccin",
|
"catppuccin": "catppuccin",
|
||||||
"crane": "crane",
|
"crane": "crane",
|
||||||
"drift": "drift",
|
"fenix": "fenix",
|
||||||
"elnafo-radio": "elnafo-radio",
|
|
||||||
"fenix": "fenix_2",
|
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nix-std": "nix-std_2",
|
|
||||||
"nixos-mailserver": "nixos-mailserver",
|
"nixos-mailserver": "nixos-mailserver",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixvim": "nixvim",
|
"nixvim": "nixvim",
|
||||||
@ -735,11 +433,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729477859,
|
"lastModified": 1726280639,
|
||||||
"narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=",
|
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1",
|
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -748,65 +446,19 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"slimlock": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"elnafo-radio",
|
|
||||||
"dream2nix",
|
|
||||||
"purescript-overlay",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1688756706,
|
|
||||||
"narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=",
|
|
||||||
"owner": "thomashoneyman",
|
|
||||||
"repo": "slimlock",
|
|
||||||
"rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "thomashoneyman",
|
|
||||||
"repo": "slimlock",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"snowfall-lib": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"flake-utils-plus": "flake-utils-plus",
|
|
||||||
"nixpkgs": [
|
|
||||||
"drift",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1716675292,
|
|
||||||
"narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
|
|
||||||
"owner": "snowfallorg",
|
|
||||||
"repo": "lib",
|
|
||||||
"rev": "5d6e9f235735393c28e1145bec919610b172a20f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "snowfallorg",
|
|
||||||
"ref": "v3.0.2",
|
|
||||||
"repo": "lib",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732575825,
|
"lastModified": 1726524647,
|
||||||
"narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
|
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
|
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -817,16 +469,16 @@
|
|||||||
},
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1689347949,
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
||||||
"owner": "nix-systems",
|
"owner": "nix-systems",
|
||||||
"repo": "default",
|
"repo": "default-linux",
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-systems",
|
"owner": "nix-systems",
|
||||||
"repo": "default",
|
"repo": "default-linux",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@ -860,25 +512,9 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"unstable": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1705856552,
|
|
||||||
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"wezterm": {
|
"wezterm": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_2",
|
||||||
"freetype2": "freetype2",
|
"freetype2": "freetype2",
|
||||||
"harfbuzz": "harfbuzz",
|
"harfbuzz": "harfbuzz",
|
||||||
"libpng": "libpng",
|
"libpng": "libpng",
|
||||||
@ -890,11 +526,11 @@
|
|||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "nix",
|
"dir": "nix",
|
||||||
"lastModified": 1732036472,
|
"lastModified": 1726842683,
|
||||||
"narHash": "sha256-8lv1bc7Lw5S7UFOduShwSHfBzB4Vl0ex22Cb+q/qLi0=",
|
"narHash": "sha256-n0k/znwnDGF3CNB2GhX9NfGg02mhxOzRTMmWr2EUxFs=",
|
||||||
"owner": "wez",
|
"owner": "wez",
|
||||||
"repo": "wezterm",
|
"repo": "wezterm",
|
||||||
"rev": "4050072da21cc3106d0985281d75978c07e22abc",
|
"rev": "abfc0b4c3aa2d6f99c76b20c4d7bdb6d0603ac80",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
14
flake.nix
14
flake.nix
@ -65,21 +65,12 @@
|
|||||||
url = "github:wez/wezterm?dir=nix";
|
url = "github:wez/wezterm?dir=nix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
elnafo-radio = {
|
|
||||||
url = "git+https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
nix-std.url = "github:chessai/nix-std";
|
|
||||||
drift = {
|
|
||||||
url = "github:snowfallorg/drift";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {self, ...} @ inputs: let
|
outputs = {self, ...} @ inputs: let
|
||||||
lib = inputs.nixpkgs.lib;
|
lib = inputs.nixpkgs.lib;
|
||||||
|
|
||||||
bonLib = import ./lib {inherit lib inputs;};
|
bonLib = import ./lib {inherit lib;};
|
||||||
bonModules = self.nixosModules;
|
bonModules = self.nixosModules;
|
||||||
# no bonPkgs, it must be defined by appropriate system + skip a possible infinite recursion
|
# no bonPkgs, it must be defined by appropriate system + skip a possible infinite recursion
|
||||||
in {
|
in {
|
||||||
@ -95,7 +86,8 @@
|
|||||||
nixosConfigurations = import ./nixosConfigurations {inherit lib inputs bonModules bonLib self;};
|
nixosConfigurations = import ./nixosConfigurations {inherit lib inputs bonModules bonLib self;};
|
||||||
|
|
||||||
hydraJobs = {
|
hydraJobs = {
|
||||||
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value && !bonLib.isInsecure value && !bonLib.isUnfree value) self.packages;
|
# filter broken packages ?
|
||||||
|
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value) self.packages;
|
||||||
};
|
};
|
||||||
|
|
||||||
templates = {
|
templates = {
|
||||||
|
@ -1,8 +1,4 @@
|
|||||||
{
|
{lib, ...}: rec {
|
||||||
lib,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}: rec {
|
|
||||||
maintainers = import ./maintainers.nix;
|
maintainers = import ./maintainers.nix;
|
||||||
|
|
||||||
nameFromPath = path:
|
nameFromPath = path:
|
||||||
@ -17,25 +13,9 @@
|
|||||||
[
|
[
|
||||||
./preconfiguredModules/bonvim.nix
|
./preconfiguredModules/bonvim.nix
|
||||||
./preconfiguredModules/homeManager
|
./preconfiguredModules/homeManager
|
||||||
./preconfiguredModules/nixos
|
|
||||||
#(import ./preconfiguredModules/bonvim.nix)
|
|
||||||
#(import ./preconfiguredModules/homeManager {inherit lib inputs;})
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
injectArgs = moduleArgs: ({
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
config = {
|
|
||||||
# extra arguments
|
|
||||||
_module.args = moduleArgs;
|
|
||||||
};
|
|
||||||
});
|
|
||||||
|
|
||||||
isBroken = derivation: derivation ? meta && derivation.meta ? broken && derivation.meta.broken;
|
isBroken = derivation: derivation ? meta && derivation.meta ? broken && derivation.meta.broken;
|
||||||
isInsecure = derivation: derivation ? meta && derivation.meta ? insecure && derivation.meta.insecure;
|
|
||||||
isUnfree = derivation: derivation ? meta && derivation.meta ? unfree && derivation.meta.unfree;
|
|
||||||
|
|
||||||
functionType = lib.types.mkOptionType {
|
functionType = lib.types.mkOptionType {
|
||||||
name = "function";
|
name = "function";
|
||||||
@ -115,7 +95,4 @@
|
|||||||
packagesList;
|
packagesList;
|
||||||
in
|
in
|
||||||
lib.mapAttrs (name: value: lib.mergeAttrsList value) (lib.zipAttrs evaluatedPackages);
|
lib.mapAttrs (name: value: lib.mergeAttrsList value) (lib.zipAttrs evaluatedPackages);
|
||||||
|
|
||||||
# external
|
|
||||||
inherit (inputs.nix-std.lib.serde) toTOML;
|
|
||||||
}
|
}
|
||||||
|
@ -71,7 +71,7 @@
|
|||||||
settings.system_clipboard.sync_with_ring = true;
|
settings.system_clipboard.sync_with_ring = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
plugins.web-devicons.enable = true;
|
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
|
||||||
|
|
||||||
diagnostics = {
|
diagnostics = {
|
||||||
underline = true;
|
underline = true;
|
||||||
@ -152,15 +152,13 @@
|
|||||||
# UI
|
# UI
|
||||||
plugins.noice = {
|
plugins.noice = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
lsp.override = {
|
||||||
lsp.override = {
|
"cmp.entry.get_documentation" = true;
|
||||||
"cmp.entry.get_documentation" = true;
|
"vim.lsp.util.convert_input_to_markdown_lines" = true;
|
||||||
"vim.lsp.util.convert_input_to_markdown_lines" = true;
|
"vim.lsp.util.stylize_markdown" = true;
|
||||||
"vim.lsp.util.stylize_markdown" = true;
|
};
|
||||||
};
|
presets = {
|
||||||
presets = {
|
long_message_to_split = true;
|
||||||
long_message_to_split = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -366,24 +364,22 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
cmake.enable = true;
|
cmake.enable = true;
|
||||||
nil_ls.enable = true;
|
nil-ls.enable = true;
|
||||||
pyright.enable = true;
|
|
||||||
ruff.enable = true;
|
|
||||||
# pylyzer.enable = true; # not working with virtual environments currently :(
|
# pylyzer.enable = true; # not working with virtual environments currently :(
|
||||||
#pylsp = {
|
pylsp = {
|
||||||
# enable = true; # https://github.com/nix-community/nixvim/pull/1893
|
enable = true; # https://github.com/nix-community/nixvim/pull/1893
|
||||||
# settings.plugins = {
|
settings.plugins = {
|
||||||
# pyflakes.enabled = true;
|
pyflakes.enabled = true;
|
||||||
# black.enabled = true;
|
black.enabled = true;
|
||||||
# };
|
};
|
||||||
#};
|
};
|
||||||
rust_analyzer = {
|
rust-analyzer = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = rust-analyzer;
|
package = rust-analyzer;
|
||||||
cargoPackage = cargo;
|
cargoPackage = cargo;
|
||||||
rustcPackage = rustc;
|
rustcPackage = rustc;
|
||||||
installCargo = false;
|
installCargo = true;
|
||||||
installRustc = false;
|
installRustc = true;
|
||||||
settings = {
|
settings = {
|
||||||
checkOnSave = true;
|
checkOnSave = true;
|
||||||
check.command = "clippy";
|
check.command = "clippy";
|
||||||
|
@ -1,6 +1,3 @@
|
|||||||
{
|
{
|
||||||
ags = import ./ags;
|
ags = import ./ags;
|
||||||
hyprland = import ./hyprland.nix;
|
|
||||||
hypridle = import ./hypridle.nix;
|
|
||||||
hyprlock = import ./hyprlock.nix;
|
|
||||||
}
|
}
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
hmConfig,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.hypridle = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
general = {
|
|
||||||
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
|
||||||
ignore_dbus_inhibit = false;
|
|
||||||
};
|
|
||||||
listener = [
|
|
||||||
{
|
|
||||||
timeout = 300;
|
|
||||||
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
|
|
||||||
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,245 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
hmConfig,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
./ags
|
|
||||||
./hypridle.nix
|
|
||||||
./hyprlock.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
networkmanagerapplet
|
|
||||||
blueman
|
|
||||||
wl-clipboard
|
|
||||||
cliphist
|
|
||||||
swww
|
|
||||||
hyprshot
|
|
||||||
wl-gammarelay-rs
|
|
||||||
playerctl
|
|
||||||
];
|
|
||||||
|
|
||||||
xdg.portal = {
|
|
||||||
enable = true;
|
|
||||||
configPackages = with pkgs; [
|
|
||||||
xdg-desktop-portal-hyprland
|
|
||||||
];
|
|
||||||
extraPortals = with pkgs; [
|
|
||||||
xdg-desktop-portal-gtk
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
wayland.windowManager.hyprland = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
# Devices (use `hyprctl devices`)
|
|
||||||
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
|
|
||||||
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
|
|
||||||
"$keyboard" = "keychron-keychron-k3-pro";
|
|
||||||
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
|
|
||||||
|
|
||||||
# Main programs
|
|
||||||
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
|
|
||||||
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
|
|
||||||
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
|
|
||||||
|
|
||||||
monitor = [
|
|
||||||
"desc:$monitor2, 2560x1440@75, 0x0, auto"
|
|
||||||
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
|
|
||||||
"Unknown-1, disable"
|
|
||||||
];
|
|
||||||
|
|
||||||
exec-once = [
|
|
||||||
"ags &"
|
|
||||||
"nm-applet --indicator &"
|
|
||||||
"blueman-applet &"
|
|
||||||
"wl-gammarelay-rs run &"
|
|
||||||
"systemctl --user start hypridle"
|
|
||||||
"wl-paste --type text --watch cliphist store" #Stores only text data
|
|
||||||
"wl-paste --type image --watch cliphist store" #Stores only image data
|
|
||||||
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
|
|
||||||
];
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"XCURSOR_SIZE,14"
|
|
||||||
"HYPRCURSOR_SIZE,14"
|
|
||||||
"WLR_DRM_NO_ATOMIC,1"
|
|
||||||
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
|
|
||||||
];
|
|
||||||
|
|
||||||
general = {
|
|
||||||
gaps_in = 2;
|
|
||||||
gaps_out = 2;
|
|
||||||
|
|
||||||
border_size = 2;
|
|
||||||
|
|
||||||
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
|
|
||||||
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
|
|
||||||
"col.inactive_border" = "rgba(595959aa)";
|
|
||||||
|
|
||||||
# Set to true enable resizing windows by clicking and dragging on borders and gaps
|
|
||||||
resize_on_border = true;
|
|
||||||
|
|
||||||
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
|
||||||
allow_tearing = true;
|
|
||||||
|
|
||||||
layout = "dwindle";
|
|
||||||
};
|
|
||||||
decoration = {
|
|
||||||
rounding = 5;
|
|
||||||
|
|
||||||
# Change transparency of focused and unfocused windows
|
|
||||||
active_opacity = 1.0;
|
|
||||||
inactive_opacity = 0.95;
|
|
||||||
|
|
||||||
drop_shadow = true;
|
|
||||||
shadow_range = 4;
|
|
||||||
shadow_render_power = 3;
|
|
||||||
"col.shadow" = "rgba(1a1a1aee)";
|
|
||||||
|
|
||||||
# https://wiki.hyprland.org/Configuring/Variables/#blur
|
|
||||||
blur = {
|
|
||||||
enabled = true;
|
|
||||||
size = 3;
|
|
||||||
passes = 1;
|
|
||||||
|
|
||||||
vibrancy = 0.1696;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
animations = {
|
|
||||||
enabled = true;
|
|
||||||
|
|
||||||
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
|
||||||
|
|
||||||
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
|
|
||||||
|
|
||||||
animation = [
|
|
||||||
"windows, 1, 7, myBezier"
|
|
||||||
"windowsOut, 1, 7, default, popin 80%"
|
|
||||||
"border, 1, 10, default"
|
|
||||||
"borderangle, 1, 8, default"
|
|
||||||
"fade, 1, 7, default"
|
|
||||||
"workspaces, 1, 6, default"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
|
||||||
dwindle = {
|
|
||||||
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
|
||||||
preserve_split = true; # You probably want this
|
|
||||||
};
|
|
||||||
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
|
||||||
master = {
|
|
||||||
new_status = "master";
|
|
||||||
};
|
|
||||||
|
|
||||||
# https://wiki.hyprland.org/Configuring/Variables/#misc
|
|
||||||
misc = {
|
|
||||||
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
|
|
||||||
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
|
|
||||||
};
|
|
||||||
input = {
|
|
||||||
kb_layout = "us,ru";
|
|
||||||
|
|
||||||
follow_mouse = 1;
|
|
||||||
|
|
||||||
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
|
|
||||||
|
|
||||||
touchpad = {
|
|
||||||
natural_scroll = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# https://wiki.hyprland.org/Configuring/Variables/#gestures
|
|
||||||
gestures = {
|
|
||||||
workspace_swipe = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
windowrulev2 = [
|
|
||||||
"suppressevent maximize, class:.*" # You'll probably like this.
|
|
||||||
"float, class:^(steam_app.*)$"
|
|
||||||
"immediate, class:^(steam_app.*)$"
|
|
||||||
"float, class:^(steam_proton.*)$"
|
|
||||||
"float,class:^(org.wezfurlong.wezterm)$"
|
|
||||||
"tile,class:^(org.wezfurlong.wezterm)$"
|
|
||||||
];
|
|
||||||
bind = [
|
|
||||||
"SUPER, Q, exec, $terminal"
|
|
||||||
"SUPER, N, exec, $fileManager"
|
|
||||||
"SUPER, R, exec, $menu"
|
|
||||||
"SUPER, X, exec, ags -t clock"
|
|
||||||
"SUPER, X, exec, ags -t control"
|
|
||||||
"SUPER, X, exec, ags -t systray"
|
|
||||||
"SUPER, X, exec, ags -t workspaces"
|
|
||||||
"SUPER, X, exec, ags -t window-title"
|
|
||||||
|
|
||||||
"SUPER, C, killactive,"
|
|
||||||
"SUPER, M, exit,"
|
|
||||||
"SUPER, V, togglefloating,"
|
|
||||||
"SUPER, F, fullscreen,"
|
|
||||||
"SUPER, J, togglesplit," # dwindle
|
|
||||||
|
|
||||||
# Move focus with mainMod + arrow keys
|
|
||||||
"SUPER, left, movefocus, l"
|
|
||||||
"SUPER, right, movefocus, r"
|
|
||||||
"SUPER, up, movefocus, u"
|
|
||||||
"SUPER, down, movefocus, d"
|
|
||||||
|
|
||||||
# Switch workspaces with mainMod + [0-9]
|
|
||||||
"SUPER, 1, workspace, 1"
|
|
||||||
"SUPER, 2, workspace, 2"
|
|
||||||
"SUPER, 3, workspace, 3"
|
|
||||||
"SUPER, 4, workspace, 4"
|
|
||||||
"SUPER, 5, workspace, 5"
|
|
||||||
"SUPER, 6, workspace, 6"
|
|
||||||
"SUPER, 7, workspace, 7"
|
|
||||||
"SUPER, 8, workspace, 8"
|
|
||||||
"SUPER, 9, workspace, 9"
|
|
||||||
"SUPER, 0, workspace, 10"
|
|
||||||
|
|
||||||
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
|
||||||
"SUPER SHIFT, 1, movetoworkspace, 1"
|
|
||||||
"SUPER SHIFT, 2, movetoworkspace, 2"
|
|
||||||
"SUPER SHIFT, 3, movetoworkspace, 3"
|
|
||||||
"SUPER SHIFT, 4, movetoworkspace, 4"
|
|
||||||
"SUPER SHIFT, 5, movetoworkspace, 5"
|
|
||||||
"SUPER SHIFT, 6, movetoworkspace, 6"
|
|
||||||
"SUPER SHIFT, 7, movetoworkspace, 7"
|
|
||||||
"SUPER SHIFT, 8, movetoworkspace, 8"
|
|
||||||
"SUPER SHIFT, 9, movetoworkspace, 9"
|
|
||||||
"SUPER SHIFT, 0, movetoworkspace, 10"
|
|
||||||
|
|
||||||
# special workspace (scratchpad)
|
|
||||||
"SUPER, S, togglespecialworkspace, magic"
|
|
||||||
"SUPER SHIFT, S, movetoworkspace, special:magic"
|
|
||||||
|
|
||||||
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
|
|
||||||
", PRINT, exec, hyprshot --freeze --mode region"
|
|
||||||
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
|
|
||||||
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
|
|
||||||
];
|
|
||||||
# Move/resize windows with mainMod + LMB/RMB and dragging
|
|
||||||
bindm = [
|
|
||||||
"SUPER, mouse:272, movewindow"
|
|
||||||
"SUPER, mouse:273, resizewindow"
|
|
||||||
];
|
|
||||||
|
|
||||||
bindel = [
|
|
||||||
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
|
|
||||||
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
|
|
||||||
];
|
|
||||||
bindl = [
|
|
||||||
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
|
|
||||||
", XF86AudioPrev, exec, playerctl previous"
|
|
||||||
", XF86AudioPlay, exec, playerctl play-pause"
|
|
||||||
", XF86AudioNext, exec, playerctl next"
|
|
||||||
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
|
|
||||||
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
|
|
||||||
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
|
|
||||||
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
hmConfig,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
programs.hyprlock = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,237 +0,0 @@
|
|||||||
{
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
# Nix settings
|
|
||||||
nix = {
|
|
||||||
settings = {
|
|
||||||
experimental-features = ["nix-command" "flakes"];
|
|
||||||
substituters = [
|
|
||||||
"https://cache.elnafo.ru"
|
|
||||||
"https://bonfire.cachix.org"
|
|
||||||
"https://nix-community.cachix.org"
|
|
||||||
];
|
|
||||||
trusted-public-keys = [
|
|
||||||
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
|
|
||||||
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
|
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
||||||
];
|
|
||||||
auto-optimise-store = true;
|
|
||||||
};
|
|
||||||
gc = {
|
|
||||||
automatic = lib.mkDefault true;
|
|
||||||
dates = lib.mkDefault "weekly";
|
|
||||||
options = lib.mkDefault "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Filesystem
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["subvol=root" "compress=zstd"];
|
|
||||||
};
|
|
||||||
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-label/boot";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/nix" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["subvol=nix" "compress=zstd" "noatime"];
|
|
||||||
};
|
|
||||||
|
|
||||||
"/home" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["subvol=home" "compress=zstd"];
|
|
||||||
};
|
|
||||||
|
|
||||||
"/swap" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["subvol=swap" "noatime"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [
|
|
||||||
{device = "/swap/swapfile";}
|
|
||||||
];
|
|
||||||
|
|
||||||
# Boot and kernel options
|
|
||||||
boot = {
|
|
||||||
loader.systemd-boot.enable = true;
|
|
||||||
loader.systemd-boot.configurationLimit = 5;
|
|
||||||
loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
tmp.useTmpfs = lib.mkDefault true;
|
|
||||||
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
|
|
||||||
|
|
||||||
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
|
||||||
initrd.kernelModules = [];
|
|
||||||
kernelModules = ["tcp_bbr" "coretemp" "nct6775"];
|
|
||||||
kernelParams = ["threadirqs"];
|
|
||||||
|
|
||||||
kernel.sysctl = {
|
|
||||||
# The Magic SysRq key is a key combo that allows users connected to the
|
|
||||||
# system console of a Linux kernel to perform some low-level commands.
|
|
||||||
# Disable it, since we don't need it, and is a potential security concern.
|
|
||||||
"kernel.sysrq" = 0;
|
|
||||||
|
|
||||||
## TCP hardening
|
|
||||||
# Prevent bogus ICMP errors from filling up logs.
|
|
||||||
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
|
||||||
# Reverse path filtering causes the kernel to do source validation of
|
|
||||||
# packets received from all interfaces. This can mitigate IP spoofing.
|
|
||||||
"net.ipv4.conf.default.rp_filter" = 1;
|
|
||||||
"net.ipv4.conf.all.rp_filter" = 1;
|
|
||||||
# Do not accept IP source route packets
|
|
||||||
"net.ipv4.conf.all.accept_source_route" = 1;
|
|
||||||
"net.ipv4.conf.wlo1.accept_source_route" = 1;
|
|
||||||
"net.ipv6.conf.all.accept_source_route" = 1;
|
|
||||||
# Don't send ICMP redirects
|
|
||||||
"net.ipv4.conf.all.send_redirects" = 0;
|
|
||||||
"net.ipv4.conf.default.send_redirects" = 0;
|
|
||||||
# Refuse ICMP redirects (MITM mitigations)
|
|
||||||
"net.ipv4.conf.all.accept_redirects" = 0;
|
|
||||||
"net.ipv4.conf.default.accept_redirects" = 0;
|
|
||||||
"net.ipv4.conf.all.secure_redirects" = 0;
|
|
||||||
"net.ipv4.conf.default.secure_redirects" = 0;
|
|
||||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
|
||||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
|
||||||
# Protects against SYN flood attacks
|
|
||||||
"net.ipv4.tcp_syncookies" = 1;
|
|
||||||
# Incomplete protection again TIME-WAIT assassination
|
|
||||||
"net.ipv4.tcp_rfc1337" = 1;
|
|
||||||
|
|
||||||
## TCP optimization
|
|
||||||
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
|
||||||
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
|
||||||
# both incoming and outgoing connections:
|
|
||||||
"net.ipv4.tcp_fastopen" = 3;
|
|
||||||
# Bufferbloat mitigations + slight improvement in throughput & latency
|
|
||||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
|
||||||
"net.core.default_qdisc" = "cake";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Security
|
|
||||||
security = {
|
|
||||||
protectKernelImage = true;
|
|
||||||
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
|
|
||||||
rtkit.enable = true;
|
|
||||||
polkit.enable = true;
|
|
||||||
pam.loginLimits = [
|
|
||||||
{
|
|
||||||
domain = "@audio";
|
|
||||||
item = "memlock";
|
|
||||||
type = "-";
|
|
||||||
value = "unlimited";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
domain = "@audio";
|
|
||||||
item = "rtprio";
|
|
||||||
type = "-";
|
|
||||||
value = "99";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
domain = "@audio";
|
|
||||||
item = "nofile";
|
|
||||||
type = "soft";
|
|
||||||
value = "99999";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
domain = "@audio";
|
|
||||||
item = "nofile";
|
|
||||||
type = "hard";
|
|
||||||
value = "99999";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
domain = "*";
|
|
||||||
item = "nofile";
|
|
||||||
type = "-";
|
|
||||||
value = "524288";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
domain = "*";
|
|
||||||
item = "memlock";
|
|
||||||
type = "-";
|
|
||||||
value = "524288";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Hardware
|
|
||||||
hardware = {
|
|
||||||
enableRedistributableFirmware = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Timezone and locale
|
|
||||||
time.timeZone = "Asia/Yekaterinburg";
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
extraLocaleSettings = {
|
|
||||||
LC_ADDRESS = "en_US.UTF-8";
|
|
||||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
||||||
LC_MEASUREMENT = "en_US.UTF-8";
|
|
||||||
LC_MONETARY = "en_US.UTF-8";
|
|
||||||
LC_NAME = "en_US.UTF-8";
|
|
||||||
LC_NUMERIC = "en_US.UTF-8";
|
|
||||||
LC_PAPER = "en_US.UTF-8";
|
|
||||||
LC_TELEPHONE = "en_US.UTF-8";
|
|
||||||
LC_TIME = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Base packages
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
wget
|
|
||||||
|
|
||||||
parted
|
|
||||||
ntfs3g
|
|
||||||
sshfs
|
|
||||||
exfat
|
|
||||||
btrfs-progs
|
|
||||||
btrbk
|
|
||||||
|
|
||||||
lm_sensors
|
|
||||||
btop
|
|
||||||
|
|
||||||
git
|
|
||||||
git-lfs
|
|
||||||
lazygit
|
|
||||||
|
|
||||||
nnn
|
|
||||||
fzf
|
|
||||||
ripgrep
|
|
||||||
fd
|
|
||||||
|
|
||||||
unzip
|
|
||||||
|
|
||||||
fishPlugins.fzf-fish
|
|
||||||
fishPlugins.tide
|
|
||||||
fishPlugins.grc
|
|
||||||
fishPlugins.hydro
|
|
||||||
grc
|
|
||||||
|
|
||||||
gnupg
|
|
||||||
pass
|
|
||||||
|
|
||||||
bat
|
|
||||||
];
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
fish.enable = true;
|
|
||||||
|
|
||||||
neovim = {
|
|
||||||
enable = true;
|
|
||||||
defaultEditor = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,5 +0,0 @@
|
|||||||
{
|
|
||||||
common = import ./common.nix;
|
|
||||||
hyprland = import ./hyprland.nix;
|
|
||||||
hyprland-greetd = import ./hyprland-greetd.nix;
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
lib.mkIf config.programs.hyprland.enable {
|
|
||||||
services.greetd = let
|
|
||||||
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
|
|
||||||
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
default_session = {
|
|
||||||
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
|
|
||||||
user = "greeter";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.regreet = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
GTK = {
|
|
||||||
application_prefer_dark_theme = true;
|
|
||||||
};
|
|
||||||
appearance = {
|
|
||||||
greeting_msg = "Hey, you. You're finally awake.";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,6 +0,0 @@
|
|||||||
{...}: {
|
|
||||||
programs.hyprland = {
|
|
||||||
enable = true;
|
|
||||||
xwayland.enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
{
|
|
||||||
inputs,
|
|
||||||
hmConfig,
|
|
||||||
username,
|
|
||||||
bonLib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
../nixos/hyprland.nix
|
|
||||||
../nixos/hyprland-greetd.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
home-manager.users.${username} = {...}: {
|
|
||||||
imports = [
|
|
||||||
(bonLib.injectArgs {inherit hmConfig;})
|
|
||||||
inputs.ags.homeManagerModules.default
|
|
||||||
../homeManager/hyprland.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
@ -2,21 +2,35 @@
|
|||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
bonLib,
|
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
imports = [
|
imports = [./hardware.nix ./users.nix];
|
||||||
bonLib.preconfiguredModules.nixos.common
|
|
||||||
./hardware.nix
|
|
||||||
./users.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Nix settings
|
# Nix settings
|
||||||
nix.settings = {
|
nix = {
|
||||||
trusted-users = ["l-nafaryus"];
|
settings = {
|
||||||
allowed-users = ["l-nafaryus"];
|
experimental-features = ["nix-command" "flakes" "repl-flake"];
|
||||||
|
trusted-users = ["l-nafaryus"];
|
||||||
|
allowed-users = ["l-nafaryus"];
|
||||||
|
substituters = [
|
||||||
|
"https://cache.elnafo.ru"
|
||||||
|
"https://bonfire.cachix.org"
|
||||||
|
"https://nix-community.cachix.org"
|
||||||
|
];
|
||||||
|
trusted-public-keys = [
|
||||||
|
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
|
||||||
|
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
|
||||||
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
|
];
|
||||||
|
auto-optimise-store = true;
|
||||||
|
};
|
||||||
|
gc = {
|
||||||
|
automatic = lib.mkDefault true;
|
||||||
|
dates = lib.mkDefault "weekly";
|
||||||
|
options = lib.mkDefault "--delete-older-than 7d";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Nix packages
|
# Nix packages
|
||||||
@ -43,21 +57,54 @@
|
|||||||
|
|
||||||
videoDrivers = ["nvidia"];
|
videoDrivers = ["nvidia"];
|
||||||
|
|
||||||
|
#displayManager.gdm = {
|
||||||
|
# enable = true;
|
||||||
|
# autoSuspend = false;
|
||||||
|
# wayland = true;
|
||||||
|
#};
|
||||||
|
#desktopManager.gnome.enable = true;
|
||||||
|
#windowManager.awesome.enable = true;
|
||||||
|
|
||||||
wacom.enable = true;
|
wacom.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.desktopManager.plasma6.enable = true;
|
services.greetd = let
|
||||||
|
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
|
||||||
services.displayManager.sddm = {
|
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
|
||||||
|
'';
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
wayland.enable = true;
|
settings = {
|
||||||
|
default_session = {
|
||||||
|
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
|
||||||
|
user = "greeter";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.dbus = {
|
programs.regreet = {
|
||||||
enable = true;
|
enable = true;
|
||||||
packages = with pkgs; [networkmanager];
|
settings = {
|
||||||
|
GTK = {
|
||||||
|
application_prefer_dark_theme = true;
|
||||||
|
# TODO: provide gtk themes
|
||||||
|
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
|
||||||
|
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
|
||||||
|
# cursor_theme_name = "Papirus-Dark";
|
||||||
|
# font_name = "";
|
||||||
|
};
|
||||||
|
appearance = {
|
||||||
|
greeting_msg = "Hey, you. You're finally awake.";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.hyprland = {
|
||||||
|
enable = true;
|
||||||
|
xwayland.enable = true;
|
||||||
|
};
|
||||||
|
services.dbus.enable = true;
|
||||||
|
|
||||||
services.printing = {
|
services.printing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
drivers = [pkgs.hplip];
|
drivers = [pkgs.hplip];
|
||||||
@ -85,15 +132,14 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
services.udev = {
|
services.udev = {
|
||||||
|
packages = with pkgs; [gnome.gnome-settings-daemon];
|
||||||
extraRules = ''
|
extraRules = ''
|
||||||
KERNEL=="rtc0", GROUP="audio"
|
KERNEL=="rtc0", GROUP="audio"
|
||||||
KERNEL=="hpet", GROUP="audio"
|
KERNEL=="hpet", GROUP="audio"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.cockpit.enable = true;
|
services.blueman.enable = true;
|
||||||
|
|
||||||
#services.blueman.enable = true;
|
|
||||||
|
|
||||||
services.btrfs.autoScrub = {
|
services.btrfs.autoScrub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -101,6 +147,49 @@
|
|||||||
fileSystems = ["/"];
|
fileSystems = ["/"];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Packages
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget
|
||||||
|
|
||||||
|
parted
|
||||||
|
ntfs3g
|
||||||
|
sshfs
|
||||||
|
exfat
|
||||||
|
|
||||||
|
lm_sensors
|
||||||
|
|
||||||
|
git
|
||||||
|
git-lfs
|
||||||
|
ripgrep
|
||||||
|
fd
|
||||||
|
lazygit
|
||||||
|
unzip
|
||||||
|
|
||||||
|
gnumake
|
||||||
|
|
||||||
|
fishPlugins.fzf-fish
|
||||||
|
fishPlugins.tide
|
||||||
|
fishPlugins.grc
|
||||||
|
fishPlugins.hydro
|
||||||
|
|
||||||
|
nnn
|
||||||
|
fzf
|
||||||
|
grc
|
||||||
|
|
||||||
|
gcc
|
||||||
|
|
||||||
|
cachix
|
||||||
|
];
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
fish.enable = true;
|
||||||
|
|
||||||
|
neovim = {
|
||||||
|
enable = true;
|
||||||
|
defaultEditor = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
programs.ssh.extraConfig = ''
|
programs.ssh.extraConfig = ''
|
||||||
Host astora
|
Host astora
|
||||||
HostName 192.168.156.101
|
HostName 192.168.156.101
|
||||||
@ -113,6 +202,13 @@
|
|||||||
User l-nafaryus
|
User l-nafaryus
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
programs.direnv.enable = true;
|
||||||
|
|
||||||
|
fonts.packages = with pkgs; [nerdfonts];
|
||||||
|
|
||||||
|
programs.steam.enable = true;
|
||||||
|
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
containers.enable = true;
|
containers.enable = true;
|
||||||
podman = {
|
podman = {
|
||||||
@ -120,9 +216,6 @@
|
|||||||
dockerCompat = true;
|
dockerCompat = true;
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
};
|
};
|
||||||
libvirtd = {
|
libvirtd.enable = true;
|
||||||
enable = true;
|
|
||||||
qemu.vhostUserPackages = with pkgs; [virtiofsd];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,19 +1,148 @@
|
|||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# Boot
|
# Boot
|
||||||
boot = {
|
boot = {
|
||||||
kernelModules = ["kvm-amd"];
|
loader.systemd-boot.enable = true;
|
||||||
|
loader.systemd-boot.configurationLimit = 5;
|
||||||
|
loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
tmp.useTmpfs = lib.mkDefault true;
|
||||||
|
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
|
||||||
|
|
||||||
|
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
||||||
|
initrd.kernelModules = [];
|
||||||
|
kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
|
||||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
||||||
|
extraModprobeConfig = ''
|
||||||
|
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
|
||||||
|
'';
|
||||||
|
kernelParams = ["threadirqs"];
|
||||||
|
|
||||||
|
kernel.sysctl = {
|
||||||
|
# The Magic SysRq key is a key combo that allows users connected to the
|
||||||
|
# system console of a Linux kernel to perform some low-level commands.
|
||||||
|
# Disable it, since we don't need it, and is a potential security concern.
|
||||||
|
"kernel.sysrq" = 0;
|
||||||
|
|
||||||
|
## TCP hardening
|
||||||
|
# Prevent bogus ICMP errors from filling up logs.
|
||||||
|
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
||||||
|
# Reverse path filtering causes the kernel to do source validation of
|
||||||
|
# packets received from all interfaces. This can mitigate IP spoofing.
|
||||||
|
"net.ipv4.conf.default.rp_filter" = 1;
|
||||||
|
"net.ipv4.conf.all.rp_filter" = 1;
|
||||||
|
# Do not accept IP source route packets
|
||||||
|
"net.ipv4.conf.all.accept_source_route" = 0;
|
||||||
|
"net.ipv6.conf.all.accept_source_route" = 0;
|
||||||
|
# Don't send ICMP redirects
|
||||||
|
"net.ipv4.conf.all.send_redirects" = 0;
|
||||||
|
"net.ipv4.conf.default.send_redirects" = 0;
|
||||||
|
# Refuse ICMP redirects (MITM mitigations)
|
||||||
|
"net.ipv4.conf.all.accept_redirects" = 0;
|
||||||
|
"net.ipv4.conf.default.accept_redirects" = 0;
|
||||||
|
"net.ipv4.conf.all.secure_redirects" = 0;
|
||||||
|
"net.ipv4.conf.default.secure_redirects" = 0;
|
||||||
|
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||||
|
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||||
|
# Protects against SYN flood attacks
|
||||||
|
"net.ipv4.tcp_syncookies" = 1;
|
||||||
|
# Incomplete protection again TIME-WAIT assassination
|
||||||
|
"net.ipv4.tcp_rfc1337" = 1;
|
||||||
|
|
||||||
|
## TCP optimization
|
||||||
|
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
||||||
|
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
||||||
|
# both incoming and outgoing connections:
|
||||||
|
"net.ipv4.tcp_fastopen" = 3;
|
||||||
|
# Bufferbloat mitigations + slight improvement in throughput & latency
|
||||||
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
|
"net.core.default_qdisc" = "cake";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Security
|
||||||
|
security = {
|
||||||
|
protectKernelImage = true;
|
||||||
|
acme.acceptTerms = true;
|
||||||
|
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
|
||||||
|
rtkit.enable = true;
|
||||||
|
pam.loginLimits = [
|
||||||
|
{
|
||||||
|
domain = "@audio";
|
||||||
|
item = "memlock";
|
||||||
|
type = "-";
|
||||||
|
value = "unlimited";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = "@audio";
|
||||||
|
item = "rtprio";
|
||||||
|
type = "-";
|
||||||
|
value = "99";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = "@audio";
|
||||||
|
item = "nofile";
|
||||||
|
type = "soft";
|
||||||
|
value = "99999";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = "@audio";
|
||||||
|
item = "nofile";
|
||||||
|
type = "hard";
|
||||||
|
value = "99999";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = "*";
|
||||||
|
item = "nofile";
|
||||||
|
type = "-";
|
||||||
|
value = "524288";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = "*";
|
||||||
|
item = "memlock";
|
||||||
|
type = "-";
|
||||||
|
value = "524288";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
polkit.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.root.initialPassword = "nixos";
|
users.users.root.initialPassword = "nixos";
|
||||||
|
|
||||||
# Filesystem
|
# Filesystem
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=root" "compress=zstd"];
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-label/boot";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/nix" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=nix" "compress=zstd" "noatime"];
|
||||||
|
};
|
||||||
|
|
||||||
|
"/home" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=home" "compress=zstd"];
|
||||||
|
};
|
||||||
|
|
||||||
|
"/swap" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=swap" "noatime"];
|
||||||
|
};
|
||||||
|
|
||||||
"/media/steam-library" = {
|
"/media/steam-library" = {
|
||||||
device = "/dev/disk/by-label/siegward";
|
device = "/dev/disk/by-label/siegward";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
@ -27,10 +156,16 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{device = "/swap/swapfile";}
|
||||||
|
];
|
||||||
|
|
||||||
services.fstrim.enable = true;
|
services.fstrim.enable = true;
|
||||||
|
|
||||||
# Hardware etc
|
# Hardware etc
|
||||||
hardware = {
|
hardware = {
|
||||||
|
enableRedistributableFirmware = true;
|
||||||
|
|
||||||
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
nvidia.nvidiaSettings = true;
|
nvidia.nvidiaSettings = true;
|
||||||
@ -46,10 +181,56 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
networkmanager = {
|
networkmanager.enable = true;
|
||||||
|
networkmanager.unmanaged = ["interface-name:ve-*"];
|
||||||
|
useDHCP = lib.mkDefault true;
|
||||||
|
hostName = "astora";
|
||||||
|
extraHosts = '''';
|
||||||
|
|
||||||
|
firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableStrongSwan = true;
|
allowedTCPPorts = [80 443];
|
||||||
plugins = with pkgs; [networkmanager-l2tp];
|
trustedInterfaces = ["ve-+"];
|
||||||
|
extraCommands = ''
|
||||||
|
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
|
||||||
|
'';
|
||||||
|
extraStopCommands = ''
|
||||||
|
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
nat = {
|
||||||
|
enable = true;
|
||||||
|
externalInterface = "wlo1";
|
||||||
|
internalInterfaces = ["ve-+"];
|
||||||
|
};
|
||||||
|
|
||||||
|
interfaces.wlo1.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.156.101";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
defaultGateway = "192.168.156.1";
|
||||||
|
nameservers = ["192.168.156.1" "8.8.8.8"];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Common
|
||||||
|
time.timeZone = "Asia/Yekaterinburg";
|
||||||
|
|
||||||
|
i18n = {
|
||||||
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
extraLocaleSettings = {
|
||||||
|
LC_ADDRESS = "en_US.UTF-8";
|
||||||
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||||
|
LC_MEASUREMENT = "en_US.UTF-8";
|
||||||
|
LC_MONETARY = "en_US.UTF-8";
|
||||||
|
LC_NAME = "en_US.UTF-8";
|
||||||
|
LC_NUMERIC = "en_US.UTF-8";
|
||||||
|
LC_PAPER = "en_US.UTF-8";
|
||||||
|
LC_TELEPHONE = "en_US.UTF-8";
|
||||||
|
LC_TIME = "en_US.UTF-8";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -6,9 +6,7 @@
|
|||||||
bonLib,
|
bonLib,
|
||||||
inputs,
|
inputs,
|
||||||
...
|
...
|
||||||
}: let
|
}: {
|
||||||
user = "l-nafaryus";
|
|
||||||
in {
|
|
||||||
# Users
|
# Users
|
||||||
users.users.l-nafaryus = {
|
users.users.l-nafaryus = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
@ -18,32 +16,30 @@ in {
|
|||||||
uid = 1000;
|
uid = 1000;
|
||||||
initialPassword = "nixos";
|
initialPassword = "nixos";
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
home-manager.useUserPackages = true;
|
home-manager.useUserPackages = true;
|
||||||
home-manager.backupFileExtension = "hmbackup";
|
home-manager.backupFileExtension = "hmbackup";
|
||||||
|
|
||||||
home-manager.users.${user} = {pkgs, ...}: let
|
home-manager.users.l-nafaryus = {pkgs, ...}: let
|
||||||
hmConfig = config.home-manager.users.${user};
|
hmConfig = config.home-manager.users.l-nafaryus;
|
||||||
in {
|
in {
|
||||||
home.stateVersion = "23.11";
|
home.stateVersion = "23.11";
|
||||||
home.username = "l-nafaryus";
|
home.username = "l-nafaryus";
|
||||||
home.homeDirectory = "/home/l-nafaryus";
|
home.homeDirectory = "/home/l-nafaryus";
|
||||||
imports = [
|
imports = [
|
||||||
(bonLib.injectArgs {
|
|
||||||
inherit hmConfig;
|
|
||||||
})
|
|
||||||
inputs.catppuccin.homeManagerModules.catppuccin
|
inputs.catppuccin.homeManagerModules.catppuccin
|
||||||
inputs.ags.homeManagerModules.default
|
inputs.ags.homeManagerModules.default
|
||||||
#bonLib.preconfiguredModules.homeManager.hyprland
|
bonLib.preconfiguredModules.homeManager.ags
|
||||||
];
|
];
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
|
#gnupg
|
||||||
|
git
|
||||||
|
#nnn
|
||||||
|
pass
|
||||||
taskwarrior3
|
taskwarrior3
|
||||||
|
#tmux
|
||||||
|
|
||||||
gparted
|
gparted
|
||||||
|
|
||||||
@ -97,43 +93,46 @@ in {
|
|||||||
jdk
|
jdk
|
||||||
bonPkgs.ultimmc
|
bonPkgs.ultimmc
|
||||||
|
|
||||||
|
liberation_ttf
|
||||||
|
|
||||||
steamtinkerlaunch
|
steamtinkerlaunch
|
||||||
|
|
||||||
#dunst
|
discord
|
||||||
#libnotify
|
webcord
|
||||||
|
vesktop
|
||||||
|
|
||||||
|
tor
|
||||||
|
networkmanagerapplet
|
||||||
|
#rofi-wayland
|
||||||
|
kgx
|
||||||
|
dunst
|
||||||
|
libnotify
|
||||||
|
playerctl
|
||||||
|
wl-gammarelay-rs
|
||||||
# btop
|
# btop
|
||||||
lua
|
lua
|
||||||
# bat
|
# bat
|
||||||
|
musikcube
|
||||||
|
swww
|
||||||
|
hyprshot
|
||||||
mangohud
|
mangohud
|
||||||
gamescope
|
gamescope
|
||||||
libstrangle
|
libstrangle
|
||||||
|
wl-clipboard
|
||||||
|
cliphist
|
||||||
tree
|
tree
|
||||||
bonPkgs.bonvim
|
bonPkgs.bonvim
|
||||||
|
|
||||||
freenect
|
freenect
|
||||||
|
|
||||||
mpc-cli
|
mpc-cli
|
||||||
|
|
||||||
kdePackages.kmail
|
|
||||||
kdePackages.kmail-account-wizard
|
|
||||||
|
|
||||||
flacon
|
|
||||||
picard
|
|
||||||
|
|
||||||
docker-compose
|
|
||||||
podman-compose
|
|
||||||
dive
|
|
||||||
lazydocker
|
|
||||||
|
|
||||||
ksshaskpass
|
|
||||||
|
|
||||||
# virtiofsd
|
|
||||||
];
|
];
|
||||||
|
|
||||||
xdg.portal = {
|
xdg.portal = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configPackages = with pkgs; [
|
configPackages = with pkgs; [
|
||||||
kdePackages.xdg-desktop-portal-kde
|
#xdg-desktop-portal-wlr
|
||||||
|
xdg-desktop-portal-hyprland
|
||||||
];
|
];
|
||||||
extraPortals = with pkgs; [
|
extraPortals = with pkgs; [
|
||||||
xdg-desktop-portal-gtk
|
xdg-desktop-portal-gtk
|
||||||
@ -148,6 +147,22 @@ in {
|
|||||||
accent = "green";
|
accent = "green";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gtk = {
|
||||||
|
enable = true;
|
||||||
|
# TODO: fix catppuccin deprecation. Provide Paper icons to gtk and gnomeShell manually. (+ regreet)
|
||||||
|
catppuccin = {
|
||||||
|
enable = true;
|
||||||
|
accent = "green";
|
||||||
|
flavor = "macchiato";
|
||||||
|
gnomeShellTheme = true;
|
||||||
|
icon = {
|
||||||
|
enable = true;
|
||||||
|
accent = "green";
|
||||||
|
flavor = "macchiato";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
# General
|
# General
|
||||||
fish = {
|
fish = {
|
||||||
@ -229,9 +244,6 @@ in {
|
|||||||
homedir = "${hmConfig.xdg.configHome}/gnupg";
|
homedir = "${hmConfig.xdg.configHome}/gnupg";
|
||||||
mutableKeys = true;
|
mutableKeys = true;
|
||||||
mutableTrust = true;
|
mutableTrust = true;
|
||||||
settings = {
|
|
||||||
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
|
|
||||||
};
|
|
||||||
# TODO: replace existing ssh key with gpg provided
|
# TODO: replace existing ssh key with gpg provided
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -257,9 +269,12 @@ in {
|
|||||||
ncmpcpp.enable = true;
|
ncmpcpp.enable = true;
|
||||||
|
|
||||||
# Graphical
|
# Graphical
|
||||||
|
hyprlock = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
wezterm = {
|
wezterm = {
|
||||||
enable = false;
|
enable = true;
|
||||||
package = inputs.wezterm.packages.x86_64-linux.default;
|
package = inputs.wezterm.packages.x86_64-linux.default;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
return {
|
return {
|
||||||
@ -282,7 +297,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
rofi = {
|
rofi = {
|
||||||
enable = false;
|
enable = true;
|
||||||
package = pkgs.rofi-wayland;
|
package = pkgs.rofi-wayland;
|
||||||
terminal = "${lib.getExe hmConfig.programs.wezterm.package}";
|
terminal = "${lib.getExe hmConfig.programs.wezterm.package}";
|
||||||
cycle = true;
|
cycle = true;
|
||||||
@ -327,7 +342,7 @@ in {
|
|||||||
defaultCacheTtl = 3600;
|
defaultCacheTtl = 3600;
|
||||||
defaultCacheTtlSsh = 3600;
|
defaultCacheTtlSsh = 3600;
|
||||||
enableSshSupport = true;
|
enableSshSupport = true;
|
||||||
pinentryPackage = pkgs.pinentry-qt;
|
pinentryPackage = pkgs.pinentry-gtk2;
|
||||||
enableFishIntegration = true;
|
enableFishIntegration = true;
|
||||||
enableBashIntegration = true;
|
enableBashIntegration = true;
|
||||||
};
|
};
|
||||||
@ -340,8 +355,237 @@ in {
|
|||||||
#mpdris2 = {
|
#mpdris2 = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
#};
|
#};
|
||||||
|
|
||||||
|
# Graphical
|
||||||
|
hypridle = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
general = {
|
||||||
|
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
||||||
|
ignore_dbus_inhibit = false;
|
||||||
|
};
|
||||||
|
listener = [
|
||||||
|
{
|
||||||
|
timeout = 300;
|
||||||
|
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
|
||||||
|
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
wayland.windowManager.hyprland = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
# Devices (use `hyprctl devices`)
|
||||||
|
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
|
||||||
|
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
|
||||||
|
"$keyboard" = "keychron-keychron-k3-pro";
|
||||||
|
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
|
||||||
|
|
||||||
|
# Main programs
|
||||||
|
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
|
||||||
|
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
|
||||||
|
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
|
||||||
|
|
||||||
|
monitor = [
|
||||||
|
"desc:$monitor2, 2560x1440@75, 0x0, auto"
|
||||||
|
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
|
||||||
|
"Unknown-1, disable"
|
||||||
|
];
|
||||||
|
|
||||||
|
exec-once = [
|
||||||
|
"ags &"
|
||||||
|
"nm-applet --indicator &"
|
||||||
|
"blueman-applet &"
|
||||||
|
"wl-gammarelay-rs run &"
|
||||||
|
"systemctl --user start hypridle"
|
||||||
|
"wl-paste --type text --watch cliphist store" #Stores only text data
|
||||||
|
"wl-paste --type image --watch cliphist store" #Stores only image data
|
||||||
|
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
|
||||||
|
];
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"XCURSOR_SIZE,16"
|
||||||
|
"HYPRCURSOR_SIZE,16"
|
||||||
|
"WLR_DRM_NO_ATOMIC,1"
|
||||||
|
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
|
||||||
|
];
|
||||||
|
|
||||||
|
general = {
|
||||||
|
gaps_in = 2;
|
||||||
|
gaps_out = 2;
|
||||||
|
|
||||||
|
border_size = 2;
|
||||||
|
|
||||||
|
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
|
||||||
|
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
|
||||||
|
"col.inactive_border" = "rgba(595959aa)";
|
||||||
|
|
||||||
|
# Set to true enable resizing windows by clicking and dragging on borders and gaps
|
||||||
|
resize_on_border = true;
|
||||||
|
|
||||||
|
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
||||||
|
allow_tearing = true;
|
||||||
|
|
||||||
|
layout = "dwindle";
|
||||||
|
};
|
||||||
|
decoration = {
|
||||||
|
rounding = 5;
|
||||||
|
|
||||||
|
# Change transparency of focused and unfocused windows
|
||||||
|
active_opacity = 1.0;
|
||||||
|
inactive_opacity = 0.95;
|
||||||
|
|
||||||
|
drop_shadow = true;
|
||||||
|
shadow_range = 4;
|
||||||
|
shadow_render_power = 3;
|
||||||
|
"col.shadow" = "rgba(1a1a1aee)";
|
||||||
|
|
||||||
|
# https://wiki.hyprland.org/Configuring/Variables/#blur
|
||||||
|
blur = {
|
||||||
|
enabled = true;
|
||||||
|
size = 3;
|
||||||
|
passes = 1;
|
||||||
|
|
||||||
|
vibrancy = 0.1696;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
animations = {
|
||||||
|
enabled = true;
|
||||||
|
|
||||||
|
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
||||||
|
|
||||||
|
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
|
||||||
|
|
||||||
|
animation = [
|
||||||
|
"windows, 1, 7, myBezier"
|
||||||
|
"windowsOut, 1, 7, default, popin 80%"
|
||||||
|
"border, 1, 10, default"
|
||||||
|
"borderangle, 1, 8, default"
|
||||||
|
"fade, 1, 7, default"
|
||||||
|
"workspaces, 1, 6, default"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
||||||
|
dwindle = {
|
||||||
|
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
||||||
|
preserve_split = true; # You probably want this
|
||||||
|
};
|
||||||
|
|
||||||
|
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
||||||
|
master = {
|
||||||
|
new_status = "master";
|
||||||
|
};
|
||||||
|
|
||||||
|
# https://wiki.hyprland.org/Configuring/Variables/#misc
|
||||||
|
misc = {
|
||||||
|
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
|
||||||
|
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
|
||||||
|
};
|
||||||
|
input = {
|
||||||
|
kb_layout = "us,ru";
|
||||||
|
|
||||||
|
follow_mouse = 1;
|
||||||
|
|
||||||
|
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
|
||||||
|
|
||||||
|
touchpad = {
|
||||||
|
natural_scroll = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# https://wiki.hyprland.org/Configuring/Variables/#gestures
|
||||||
|
gestures = {
|
||||||
|
workspace_swipe = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
windowrulev2 = [
|
||||||
|
"suppressevent maximize, class:.*" # You'll probably like this.
|
||||||
|
"float, class:^(steam_app.*)$"
|
||||||
|
"immediate, class:^(steam_app.*)$"
|
||||||
|
"float, class:^(steam_proton.*)$"
|
||||||
|
"float,class:^(org.wezfurlong.wezterm)$"
|
||||||
|
"tile,class:^(org.wezfurlong.wezterm)$"
|
||||||
|
];
|
||||||
|
bind = [
|
||||||
|
"SUPER, Q, exec, $terminal"
|
||||||
|
"SUPER, N, exec, $fileManager"
|
||||||
|
"SUPER, R, exec, $menu"
|
||||||
|
"SUPER, X, exec, ags -t clock"
|
||||||
|
"SUPER, X, exec, ags -t control"
|
||||||
|
"SUPER, X, exec, ags -t systray"
|
||||||
|
"SUPER, X, exec, ags -t workspaces"
|
||||||
|
"SUPER, X, exec, ags -t window-title"
|
||||||
|
|
||||||
|
"SUPER, C, killactive,"
|
||||||
|
"SUPER, M, exit,"
|
||||||
|
"SUPER, V, togglefloating,"
|
||||||
|
"SUPER, F, fullscreen,"
|
||||||
|
"SUPER, J, togglesplit," # dwindle
|
||||||
|
|
||||||
|
# Move focus with mainMod + arrow keys
|
||||||
|
"SUPER, left, movefocus, l"
|
||||||
|
"SUPER, right, movefocus, r"
|
||||||
|
"SUPER, up, movefocus, u"
|
||||||
|
"SUPER, down, movefocus, d"
|
||||||
|
|
||||||
|
# Switch workspaces with mainMod + [0-9]
|
||||||
|
"SUPER, 1, workspace, 1"
|
||||||
|
"SUPER, 2, workspace, 2"
|
||||||
|
"SUPER, 3, workspace, 3"
|
||||||
|
"SUPER, 4, workspace, 4"
|
||||||
|
"SUPER, 5, workspace, 5"
|
||||||
|
"SUPER, 6, workspace, 6"
|
||||||
|
"SUPER, 7, workspace, 7"
|
||||||
|
"SUPER, 8, workspace, 8"
|
||||||
|
"SUPER, 9, workspace, 9"
|
||||||
|
"SUPER, 0, workspace, 10"
|
||||||
|
|
||||||
|
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
||||||
|
"SUPER SHIFT, 1, movetoworkspace, 1"
|
||||||
|
"SUPER SHIFT, 2, movetoworkspace, 2"
|
||||||
|
"SUPER SHIFT, 3, movetoworkspace, 3"
|
||||||
|
"SUPER SHIFT, 4, movetoworkspace, 4"
|
||||||
|
"SUPER SHIFT, 5, movetoworkspace, 5"
|
||||||
|
"SUPER SHIFT, 6, movetoworkspace, 6"
|
||||||
|
"SUPER SHIFT, 7, movetoworkspace, 7"
|
||||||
|
"SUPER SHIFT, 8, movetoworkspace, 8"
|
||||||
|
"SUPER SHIFT, 9, movetoworkspace, 9"
|
||||||
|
"SUPER SHIFT, 0, movetoworkspace, 10"
|
||||||
|
|
||||||
|
# special workspace (scratchpad)
|
||||||
|
"SUPER, S, togglespecialworkspace, magic"
|
||||||
|
"SUPER SHIFT, S, movetoworkspace, special:magic"
|
||||||
|
|
||||||
|
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
|
||||||
|
", PRINT, exec, hyprshot --freeze --mode region"
|
||||||
|
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
|
||||||
|
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
|
||||||
|
];
|
||||||
|
# Move/resize windows with mainMod + LMB/RMB and dragging
|
||||||
|
bindm = [
|
||||||
|
"SUPER, mouse:272, movewindow"
|
||||||
|
"SUPER, mouse:273, resizewindow"
|
||||||
|
];
|
||||||
|
|
||||||
|
bindel = [
|
||||||
|
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
|
||||||
|
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
|
||||||
|
];
|
||||||
|
bindl = [
|
||||||
|
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
|
||||||
|
", XF86AudioPrev, exec, playerctl previous"
|
||||||
|
", XF86AudioPlay, exec, playerctl play-pause"
|
||||||
|
", XF86AudioNext, exec, playerctl next"
|
||||||
|
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
|
||||||
|
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
|
||||||
|
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
|
||||||
|
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# Graphical
|
|
||||||
|
|
||||||
# XDG
|
# XDG
|
||||||
xdg = {
|
xdg = {
|
||||||
@ -381,7 +625,6 @@ in {
|
|||||||
environment.sessionVariables = {
|
environment.sessionVariables = {
|
||||||
# hint electron applications to use wayland
|
# hint electron applications to use wayland
|
||||||
NIXOS_OZONE_WL = "1";
|
NIXOS_OZONE_WL = "1";
|
||||||
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
|
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
|
||||||
@ -394,28 +637,27 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
#services.spoofdpi.enable = true;
|
services.spoofdpi.enable = true;
|
||||||
|
|
||||||
#services.zapret = {
|
services.zapret = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# mode = "nfqws";
|
mode = "tpws";
|
||||||
# firewallType = "iptables";
|
firewallType = "iptables";
|
||||||
# disableIpv6 = true;
|
disableIpv6 = true;
|
||||||
# settings = ''
|
settings = ''
|
||||||
# MODE_HTTP=1
|
MODE_HTTP=1
|
||||||
# MODE_HTTP_KEEPALIVE=0
|
MODE_HTTP_KEEPALIVE=0
|
||||||
# MODE_HTTPS=1
|
MODE_HTTPS=1
|
||||||
# MODE_QUIC=1
|
MODE_QUIC=0
|
||||||
# MODE_FILTER=ipset
|
MODE_FILTER=ipset
|
||||||
# TPWS_OPT="--split-http-req=method --split-pos=1 --oob"
|
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
|
||||||
# NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=5"
|
INIT_APPLY_FW=1
|
||||||
# NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=5"
|
'';
|
||||||
# NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=fake --dpi-desync-ttl=5"
|
filterAddresses = lib.readFile (pkgs.fetchurl {
|
||||||
# NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-ttl=5"
|
url = "https://antifilter.network/download/ipsmart.lst";
|
||||||
# INIT_APPLY_FW=1
|
hash = "sha256-zLq3rgci/rye1oQp2zbJelPaoN9+jqPebIbxfJ44Qlg=";
|
||||||
# '';
|
});
|
||||||
# filterAddressesSource = "https://antifilter.network/download/ipsmart.lst";
|
};
|
||||||
#};
|
|
||||||
|
|
||||||
# TODO: remember who use gvfs
|
# TODO: remember who use gvfs
|
||||||
services.gvfs.enable = true;
|
services.gvfs.enable = true;
|
||||||
@ -439,23 +681,4 @@ in {
|
|||||||
# User-id must match above user. MPD will look inside this directory for the PipeWire socket.
|
# User-id must match above user. MPD will look inside this directory for the PipeWire socket.
|
||||||
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.l-nafaryus.uid}";
|
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.l-nafaryus.uid}";
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.kdeconnect = {
|
|
||||||
enable = true;
|
|
||||||
package = lib.mkForce pkgs.kdePackages.kdeconnect-kde;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.direnv.enable = true;
|
|
||||||
|
|
||||||
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
|
|
||||||
|
|
||||||
programs.steam.enable = true;
|
|
||||||
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
|
|
||||||
|
|
||||||
programs.ssh = {
|
|
||||||
enableAskPassword = true;
|
|
||||||
askPassword = "${lib.getExe' pkgs.ksshaskpass "ksshaskpass"}";
|
|
||||||
hostKeyAlgorithms = ["ssh-ed25519" "ssh-rsa"];
|
|
||||||
startAgent = true;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -13,8 +13,6 @@
|
|||||||
# ./services/papermc.nix # disabled
|
# ./services/papermc.nix # disabled
|
||||||
./services/gitea.nix
|
./services/gitea.nix
|
||||||
./services/radio.nix
|
./services/radio.nix
|
||||||
./services/matrix.nix
|
|
||||||
./services/metrics.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Nix settings
|
# Nix settings
|
||||||
@ -283,6 +281,8 @@
|
|||||||
fzf
|
fzf
|
||||||
grc
|
grc
|
||||||
|
|
||||||
|
gcc
|
||||||
|
|
||||||
cachix
|
cachix
|
||||||
|
|
||||||
gnupg
|
gnupg
|
||||||
|
@ -150,12 +150,6 @@
|
|||||||
|
|
||||||
defaultGateway = "192.168.156.1";
|
defaultGateway = "192.168.156.1";
|
||||||
nameservers = ["192.168.156.1" "8.8.8.8"];
|
nameservers = ["192.168.156.1" "8.8.8.8"];
|
||||||
|
|
||||||
nat = {
|
|
||||||
enable = true;
|
|
||||||
externalInterface = "enp9s0";
|
|
||||||
internalInterfaces = ["ve-+"];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logind.lidSwitchExternalPower = "ignore";
|
services.logind.lidSwitchExternalPower = "ignore";
|
||||||
|
@ -55,10 +55,6 @@
|
|||||||
indexer = {
|
indexer = {
|
||||||
REPO_INDEXER_ENABLED = true;
|
REPO_INDEXER_ENABLED = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
metrics = {
|
|
||||||
ENABLED = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
|
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
|
||||||
|
@ -1,101 +0,0 @@
|
|||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.conduit = {
|
|
||||||
enable = true;
|
|
||||||
settings.global = {
|
|
||||||
allow_registration = true;
|
|
||||||
server_name = "elnafo.ru";
|
|
||||||
address = "127.0.0.1";
|
|
||||||
database_backend = "sqlite";
|
|
||||||
well_known.client = "https://matrix.elnafo.ru";
|
|
||||||
well_known.server = "matrix.elnafo.ru:443";
|
|
||||||
turn_uris = ["turn:elnafo.ru?transport=udp" "turn:elnafo.ru?transport=tcp"];
|
|
||||||
};
|
|
||||||
turn_secret_file = config.sops.secrets.turn-secret.path;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts."matrix.elnafo.ru" = {
|
|
||||||
forceSSL = true;
|
|
||||||
http2 = true;
|
|
||||||
useACMEHost = "elnafo.ru";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:6167";
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_http_version 1.0;
|
|
||||||
client_max_body_size 50M;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
virtualHosts."element.elnafo.ru" = {
|
|
||||||
forceSSL = true;
|
|
||||||
http2 = true;
|
|
||||||
useACMEHost = "elnafo.ru";
|
|
||||||
root = pkgs.element-web.override {
|
|
||||||
conf = {
|
|
||||||
default_theme = "dark";
|
|
||||||
default_server_name = "matrix.elnafo.ru";
|
|
||||||
brand = "Elnafo Matrix";
|
|
||||||
permalink_prefix = "https://element.elnafo.ru";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
virtualHosts."matrix-federation" = {
|
|
||||||
serverName = "elnafo.ru";
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "elnafo.ru";
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
port = 8448;
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
ssl = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
port = 443;
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
ssl = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
locations."~ ^/(_matrix|.well_known)" = {
|
|
||||||
proxyPass = "http://127.0.0.1:6167";
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_http_version 1.0;
|
|
||||||
client_max_body_size 50M;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.coturn = rec {
|
|
||||||
enable = true;
|
|
||||||
no-cli = true;
|
|
||||||
no-tcp-relay = true;
|
|
||||||
min-port = 49000;
|
|
||||||
max-port = 50000;
|
|
||||||
use-auth-secret = true;
|
|
||||||
static-auth-secret-file = config.sops.secrets.coturn-secret.path;
|
|
||||||
realm = "elnafo.ru";
|
|
||||||
cert = "${config.security.acme.certs."elnafo.ru".directory}/full.pem";
|
|
||||||
pkey = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
|
|
||||||
extraConfig = ''
|
|
||||||
# for debugging
|
|
||||||
verbose
|
|
||||||
# ban private IP ranges
|
|
||||||
no-multicast-peers
|
|
||||||
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPortRanges = lib.singleton {
|
|
||||||
from = config.services.coturn.min-port;
|
|
||||||
to = config.services.coturn.max-port;
|
|
||||||
};
|
|
||||||
allowedUDPPorts = [3478 5349];
|
|
||||||
allowedTCPPorts = [8448 3478 5349];
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,123 +0,0 @@
|
|||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.grafana = {
|
|
||||||
enable = true;
|
|
||||||
settings.server = {
|
|
||||||
domain = "grafana.elnafo.ru";
|
|
||||||
http_port = 2342;
|
|
||||||
http_addr = "127.0.0.1";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.prometheus = {
|
|
||||||
enable = true;
|
|
||||||
port = 9090;
|
|
||||||
globalConfig.scrape_interval = "10s"; # "1m"
|
|
||||||
|
|
||||||
exporters = {
|
|
||||||
node = {
|
|
||||||
enable = true;
|
|
||||||
enabledCollectors = ["systemd"];
|
|
||||||
port = 9092;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
scrapeConfigs = [
|
|
||||||
{
|
|
||||||
job_name = "catarina";
|
|
||||||
static_configs = [
|
|
||||||
{
|
|
||||||
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.loki = {
|
|
||||||
enable = true;
|
|
||||||
configuration = {
|
|
||||||
auth_enabled = false;
|
|
||||||
server = {
|
|
||||||
http_listen_port = 3100;
|
|
||||||
};
|
|
||||||
common = {
|
|
||||||
ring = {
|
|
||||||
instance_addr = "127.0.0.1";
|
|
||||||
kvstore = {
|
|
||||||
store = "inmemory";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
replication_factor = 1;
|
|
||||||
path_prefix = "/tmp/loki";
|
|
||||||
};
|
|
||||||
schema_config = {
|
|
||||||
configs = [
|
|
||||||
{
|
|
||||||
from = "2020-05-15";
|
|
||||||
store = "tsdb";
|
|
||||||
object_store = "filesystem";
|
|
||||||
schema = "v13";
|
|
||||||
index = {
|
|
||||||
prefix = "index_";
|
|
||||||
period = "24h";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
storage_config = {
|
|
||||||
filesystem = {
|
|
||||||
directory = "/tmp/loki/chunks";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.promtail = {
|
|
||||||
enable = true;
|
|
||||||
configuration = {
|
|
||||||
server = {
|
|
||||||
http_listen_port = 3101;
|
|
||||||
grpc_listen_port = 0;
|
|
||||||
};
|
|
||||||
clients = [
|
|
||||||
{
|
|
||||||
url = "http://127.0.0.1:3100/loki/api/v1/push";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
scrape_configs = [
|
|
||||||
{
|
|
||||||
job_name = "journal";
|
|
||||||
journal = {
|
|
||||||
max_age = "12h";
|
|
||||||
labels = {
|
|
||||||
job = "systemd-journal";
|
|
||||||
host = "catarina";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
relabel_configs = [
|
|
||||||
{
|
|
||||||
source_labels = [
|
|
||||||
"__journal__systemd_unit"
|
|
||||||
];
|
|
||||||
target_label = "unit";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts."grafana.elnafo.ru" = {
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "elnafo.ru";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,200 +1,32 @@
|
|||||||
{config, ...}: {
|
{config, ...}: {
|
||||||
containers = let
|
services.mpd = {
|
||||||
bindMounts = {
|
|
||||||
"/var/lib/music" = {
|
|
||||||
hostPath = "/media/storage/audio/library";
|
|
||||||
isReadOnly = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
radio-synthwave = {
|
|
||||||
autoStart = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "10.231.136.1";
|
|
||||||
localAddress = "10.231.136.2";
|
|
||||||
|
|
||||||
inherit bindMounts;
|
|
||||||
|
|
||||||
config = {
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.mpd = {
|
|
||||||
enable = true;
|
|
||||||
musicDirectory = "/var/lib/music";
|
|
||||||
network.listenAddress = "any";
|
|
||||||
#network.startWhenNeeded = true;
|
|
||||||
user = "mpd";
|
|
||||||
network.port = 6600;
|
|
||||||
extraConfig = ''
|
|
||||||
audio_output {
|
|
||||||
type "httpd"
|
|
||||||
name "Radio"
|
|
||||||
port "6660"
|
|
||||||
encoder "lame"
|
|
||||||
max_clients "0"
|
|
||||||
website "https://radio.elnafo.ru/synthwave"
|
|
||||||
always_on "yes"
|
|
||||||
tags "yes"
|
|
||||||
bitrate "128"
|
|
||||||
format "44100:16:1"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [6600 6660];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
radio-non-stop-pop = {
|
|
||||||
autoStart = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "10.231.136.1";
|
|
||||||
localAddress = "10.231.136.3";
|
|
||||||
|
|
||||||
inherit bindMounts;
|
|
||||||
|
|
||||||
config = {
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.mpd = {
|
|
||||||
enable = true;
|
|
||||||
musicDirectory = "/var/lib/music";
|
|
||||||
network.listenAddress = "any";
|
|
||||||
#network.startWhenNeeded = true;
|
|
||||||
user = "mpd";
|
|
||||||
network.port = 6601;
|
|
||||||
extraConfig = ''
|
|
||||||
audio_output {
|
|
||||||
type "httpd"
|
|
||||||
name "Radio"
|
|
||||||
port "6661"
|
|
||||||
encoder "lame"
|
|
||||||
max_clients "0"
|
|
||||||
website "https://radio.elnafo.ru/non-stop-pop"
|
|
||||||
always_on "yes"
|
|
||||||
tags "yes"
|
|
||||||
bitrate "128"
|
|
||||||
format "44100:16:1"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [6601 6661];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
radio-hell-gates = {
|
|
||||||
autoStart = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "10.231.136.1";
|
|
||||||
localAddress = "10.231.136.4";
|
|
||||||
|
|
||||||
inherit bindMounts;
|
|
||||||
|
|
||||||
config = {
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
services.mpd = {
|
|
||||||
enable = true;
|
|
||||||
musicDirectory = "/var/lib/music";
|
|
||||||
network.listenAddress = "any";
|
|
||||||
#network.startWhenNeeded = true;
|
|
||||||
user = "mpd";
|
|
||||||
network.port = 6602;
|
|
||||||
extraConfig = ''
|
|
||||||
audio_output {
|
|
||||||
type "httpd"
|
|
||||||
name "Radio"
|
|
||||||
port "6662"
|
|
||||||
encoder "lame"
|
|
||||||
max_clients "0"
|
|
||||||
website "https://radio.elnafo.ru/hell-gates"
|
|
||||||
always_on "yes"
|
|
||||||
tags "yes"
|
|
||||||
bitrate "128"
|
|
||||||
format "44100:16:1"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [6602 6662];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.elnafo-radio = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
base = {
|
musicDirectory = "/home/l-nafaryus/Music";
|
||||||
title = "// Elnafo Radio //";
|
network.listenAddress = "any";
|
||||||
meta = [
|
network.startWhenNeeded = true;
|
||||||
["author" "L-Nafaryus"]
|
user = "l-nafaryus";
|
||||||
["discord" "https://discord.gg/ZWUChw5wzm"]
|
extraConfig = ''
|
||||||
["git" "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"]
|
audio_output {
|
||||||
["matrix" "https://matrix.to/#/#elnafo:elnafo.ru"]
|
type "httpd"
|
||||||
];
|
name "Radio"
|
||||||
};
|
port "6666"
|
||||||
stations = [
|
bind_to_address "127.0.0.1"
|
||||||
{
|
encoder "lame"
|
||||||
id = "synthwave";
|
max_clients "0"
|
||||||
name = "Synthwave";
|
website "https://radio.elnafo.ru"
|
||||||
host = config.containers.radio-synthwave.localAddress;
|
always_on "yes"
|
||||||
port = 6600;
|
tags "yes"
|
||||||
url = "https://radio.elnafo.ru/synthwave";
|
bitrate "128"
|
||||||
status = "Receive";
|
format "44100:16:1"
|
||||||
genre = "synthwave, dark synthwave";
|
|
||||||
}
|
}
|
||||||
{
|
'';
|
||||||
id = "non-stop-pop";
|
|
||||||
name = "Non-Stop-Pop";
|
|
||||||
host = config.containers.radio-non-stop-pop.localAddress;
|
|
||||||
port = 6601;
|
|
||||||
url = "https://radio.elnafo.ru/non-stop-pop";
|
|
||||||
status = "Online";
|
|
||||||
location = "Los Santos";
|
|
||||||
genre = "pop, r&b, dance music";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
id = "hell-gates";
|
|
||||||
name = "Hell Gates";
|
|
||||||
host = config.containers.radio-hell-gates.localAddress;
|
|
||||||
port = 6602;
|
|
||||||
url = "https://radio.elnafo.ru/hell-gates";
|
|
||||||
status = "Receive";
|
|
||||||
genre = "melodic death metal, death metal, metalcore";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."radio.elnafo.ru" = {
|
services.nginx.virtualHosts."radio.elnafo.ru" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "elnafo.ru";
|
useACMEHost = "elnafo.ru";
|
||||||
locations."/".proxyPass = "http://${config.services.elnafo-radio.server.address}:${toString config.services.elnafo-radio.server.port}";
|
locations."/synthwave".proxyPass = "http://127.0.0.1:6666";
|
||||||
locations."/synthwave".proxyPass = "http://${config.containers.radio-synthwave.localAddress}:6660";
|
|
||||||
locations."/non-stop-pop".proxyPass = "http://${config.containers.radio-non-stop-pop.localAddress}:6661";
|
|
||||||
locations."/hell-gates".proxyPass = "http://${config.containers.radio-hell-gates.localAddress}:6662";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [config.services.mpd.network.port];
|
||||||
}
|
}
|
||||||
|
@ -22,7 +22,6 @@
|
|||||||
catarina = lib.nixosSystem {
|
catarina = lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = with inputs; [
|
modules = with inputs; [
|
||||||
elnafo-radio.nixosModules.elnafo-radio
|
|
||||||
nixos-mailserver.nixosModules.mailserver
|
nixos-mailserver.nixosModules.mailserver
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
oscuro.nixosModules.oscuro
|
oscuro.nixosModules.oscuro
|
||||||
@ -31,18 +30,4 @@
|
|||||||
];
|
];
|
||||||
specialArgs = {bonPkgs = self.packages.x86_64-linux;};
|
specialArgs = {bonPkgs = self.packages.x86_64-linux;};
|
||||||
};
|
};
|
||||||
|
|
||||||
vinheim = lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = with inputs; [
|
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
./vinheim
|
|
||||||
];
|
|
||||||
specialArgs = {
|
|
||||||
inherit inputs bonLib;
|
|
||||||
bonPkgs = self.packages.x86_64-linux;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,135 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
bonLib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./hardware.nix
|
|
||||||
./users.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
settings = {
|
|
||||||
experimental-features = ["nix-command" "flakes"];
|
|
||||||
substituters = [
|
|
||||||
"https://cache.elnafo.ru"
|
|
||||||
"https://bonfire.cachix.org"
|
|
||||||
"https://nix-community.cachix.org"
|
|
||||||
];
|
|
||||||
trusted-public-keys = [
|
|
||||||
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
|
|
||||||
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
|
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
||||||
];
|
|
||||||
auto-optimise-store = true;
|
|
||||||
trusted-users = ["l-nafaryus"];
|
|
||||||
allowed-users = ["l-nafaryus"];
|
|
||||||
};
|
|
||||||
gc = {
|
|
||||||
automatic = lib.mkDefault true;
|
|
||||||
dates = lib.mkDefault "weekly";
|
|
||||||
options = lib.mkDefault "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Nix packages
|
|
||||||
nixpkgs = {
|
|
||||||
hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
config.allowUnfree = true;
|
|
||||||
config.cudaSupport = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.desktopManager.plasma6.enable = true;
|
|
||||||
|
|
||||||
services.displayManager.sddm = {
|
|
||||||
enable = true;
|
|
||||||
wayland.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.dbus = {
|
|
||||||
enable = true;
|
|
||||||
packages = with pkgs; [networkmanager];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
jack.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
startWhenNeeded = true;
|
|
||||||
settings.PasswordAuthentication = false;
|
|
||||||
settings.KbdInteractiveAuthentication = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.ssh.extraConfig = ''
|
|
||||||
Host catarina
|
|
||||||
HostName 77.242.105.50
|
|
||||||
Port 22
|
|
||||||
User l-nafaryus
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation = {
|
|
||||||
containers.enable = true;
|
|
||||||
podman = {
|
|
||||||
enable = true;
|
|
||||||
dockerCompat = true;
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
};
|
|
||||||
libvirtd.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Base packages
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
wget
|
|
||||||
|
|
||||||
parted
|
|
||||||
ntfs3g
|
|
||||||
sshfs
|
|
||||||
exfat
|
|
||||||
btrfs-progs
|
|
||||||
btrbk
|
|
||||||
|
|
||||||
lm_sensors
|
|
||||||
btop
|
|
||||||
|
|
||||||
git
|
|
||||||
git-lfs
|
|
||||||
lazygit
|
|
||||||
|
|
||||||
nnn
|
|
||||||
fzf
|
|
||||||
ripgrep
|
|
||||||
fd
|
|
||||||
|
|
||||||
unzip
|
|
||||||
|
|
||||||
fishPlugins.fzf-fish
|
|
||||||
fishPlugins.tide
|
|
||||||
fishPlugins.grc
|
|
||||||
fishPlugins.hydro
|
|
||||||
grc
|
|
||||||
|
|
||||||
gnupg
|
|
||||||
pass
|
|
||||||
|
|
||||||
bat
|
|
||||||
];
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
fish.enable = true;
|
|
||||||
|
|
||||||
neovim = {
|
|
||||||
enable = true;
|
|
||||||
defaultEditor = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,121 +0,0 @@
|
|||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
# Boot
|
|
||||||
boot = {
|
|
||||||
loader.grub = {
|
|
||||||
enable = true;
|
|
||||||
device = "/dev/nvme0n1";
|
|
||||||
useOSProber = true;
|
|
||||||
};
|
|
||||||
initrd = {
|
|
||||||
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
|
|
||||||
kernelModules = [];
|
|
||||||
};
|
|
||||||
kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
|
|
||||||
kernelParams = ["threadirqs"];
|
|
||||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
|
||||||
|
|
||||||
kernel.sysctl = {
|
|
||||||
# The Magic SysRq key is a key combo that allows users connected to the
|
|
||||||
# system console of a Linux kernel to perform some low-level commands.
|
|
||||||
# Disable it, since we don't need it, and is a potential security concern.
|
|
||||||
"kernel.sysrq" = 0;
|
|
||||||
|
|
||||||
## TCP hardening
|
|
||||||
# Prevent bogus ICMP errors from filling up logs.
|
|
||||||
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
|
||||||
# Reverse path filtering causes the kernel to do source validation of
|
|
||||||
# packets received from all interfaces. This can mitigate IP spoofing.
|
|
||||||
"net.ipv4.conf.default.rp_filter" = 1;
|
|
||||||
"net.ipv4.conf.all.rp_filter" = 1;
|
|
||||||
# Do not accept IP source route packets
|
|
||||||
"net.ipv4.conf.all.accept_source_route" = 1;
|
|
||||||
"net.ipv4.conf.wlo1.accept_source_route" = 1;
|
|
||||||
"net.ipv6.conf.all.accept_source_route" = 1;
|
|
||||||
# Don't send ICMP redirects
|
|
||||||
"net.ipv4.conf.all.send_redirects" = 0;
|
|
||||||
"net.ipv4.conf.default.send_redirects" = 0;
|
|
||||||
# Refuse ICMP redirects (MITM mitigations)
|
|
||||||
"net.ipv4.conf.all.accept_redirects" = 0;
|
|
||||||
"net.ipv4.conf.default.accept_redirects" = 0;
|
|
||||||
"net.ipv4.conf.all.secure_redirects" = 0;
|
|
||||||
"net.ipv4.conf.default.secure_redirects" = 0;
|
|
||||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
|
||||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
|
||||||
# Protects against SYN flood attacks
|
|
||||||
"net.ipv4.tcp_syncookies" = 1;
|
|
||||||
# Incomplete protection again TIME-WAIT assassination
|
|
||||||
"net.ipv4.tcp_rfc1337" = 1;
|
|
||||||
|
|
||||||
## TCP optimization
|
|
||||||
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
|
||||||
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
|
||||||
# both incoming and outgoing connections:
|
|
||||||
"net.ipv4.tcp_fastopen" = 3;
|
|
||||||
# Bufferbloat mitigations + slight improvement in throughput & latency
|
|
||||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
|
||||||
"net.core.default_qdisc" = "cake";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [];
|
|
||||||
|
|
||||||
services.fstrim.enable = true;
|
|
||||||
|
|
||||||
security = {
|
|
||||||
protectKernelImage = true;
|
|
||||||
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
|
|
||||||
rtkit.enable = true;
|
|
||||||
polkit.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Hardware etc
|
|
||||||
hardware = {
|
|
||||||
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
|
|
||||||
graphics.enable = true;
|
|
||||||
graphics.enable32Bit = true;
|
|
||||||
|
|
||||||
bluetooth.enable = true;
|
|
||||||
|
|
||||||
pulseaudio.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
networkmanager = {
|
|
||||||
enable = true;
|
|
||||||
enableStrongSwan = true;
|
|
||||||
packages = with pkgs; [
|
|
||||||
networkmanager-l2tp
|
|
||||||
];
|
|
||||||
};
|
|
||||||
hostName = "nixos";
|
|
||||||
extraHosts = ''192.168.130.211 gitlab'';
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Asia/Yekaterinburg";
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
extraLocaleSettings = {
|
|
||||||
LC_ADDRESS = "en_US.UTF-8";
|
|
||||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
||||||
LC_MEASUREMENT = "en_US.UTF-8";
|
|
||||||
LC_MONETARY = "en_US.UTF-8";
|
|
||||||
LC_NAME = "en_US.UTF-8";
|
|
||||||
LC_NUMERIC = "en_US.UTF-8";
|
|
||||||
LC_PAPER = "en_US.UTF-8";
|
|
||||||
LC_TELEPHONE = "en_US.UTF-8";
|
|
||||||
LC_TIME = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,270 +0,0 @@
|
|||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
bonPkgs,
|
|
||||||
bonLib,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
user = "l-nafaryus";
|
|
||||||
in {
|
|
||||||
# Users
|
|
||||||
users.users.l-nafaryus = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = "L-Nafaryus";
|
|
||||||
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark" "podman"];
|
|
||||||
group = "users";
|
|
||||||
uid = 1000;
|
|
||||||
initialPassword = "nixos";
|
|
||||||
shell = pkgs.fish;
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager.useGlobalPkgs = true;
|
|
||||||
home-manager.useUserPackages = true;
|
|
||||||
home-manager.backupFileExtension = "hmbackup";
|
|
||||||
|
|
||||||
home-manager.users.${user} = {pkgs, ...}: let
|
|
||||||
hmConfig = config.home-manager.users.${user};
|
|
||||||
in {
|
|
||||||
home.stateVersion = "23.11";
|
|
||||||
home.username = "l-nafaryus";
|
|
||||||
home.homeDirectory = "/home/l-nafaryus";
|
|
||||||
imports = [
|
|
||||||
(bonLib.injectArgs {
|
|
||||||
inherit hmConfig;
|
|
||||||
})
|
|
||||||
inputs.catppuccin.homeManagerModules.catppuccin
|
|
||||||
inputs.ags.homeManagerModules.default
|
|
||||||
];
|
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
taskwarrior3
|
|
||||||
|
|
||||||
gparted
|
|
||||||
|
|
||||||
firefox
|
|
||||||
thunderbird
|
|
||||||
|
|
||||||
qpwgraph
|
|
||||||
|
|
||||||
lutris
|
|
||||||
wine
|
|
||||||
winetricks
|
|
||||||
gamemode
|
|
||||||
|
|
||||||
inkscape
|
|
||||||
imagemagick
|
|
||||||
yt-dlp
|
|
||||||
ffmpeg
|
|
||||||
|
|
||||||
qbittorrent
|
|
||||||
telegram-desktop
|
|
||||||
|
|
||||||
onlyoffice-bin
|
|
||||||
|
|
||||||
# btop
|
|
||||||
lua
|
|
||||||
# bat
|
|
||||||
tree
|
|
||||||
bonPkgs.bonvim
|
|
||||||
|
|
||||||
kdePackages.kmail
|
|
||||||
kdePackages.kmail-account-wizard
|
|
||||||
|
|
||||||
lazydocker
|
|
||||||
docker-compose
|
|
||||||
podman-compose
|
|
||||||
dive
|
|
||||||
|
|
||||||
ksshaskpass
|
|
||||||
];
|
|
||||||
|
|
||||||
xdg.portal = {
|
|
||||||
enable = true;
|
|
||||||
configPackages = with pkgs; [
|
|
||||||
kdePackages.xdg-desktop-portal-kde
|
|
||||||
];
|
|
||||||
extraPortals = with pkgs; [
|
|
||||||
xdg-desktop-portal-gtk
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Theme
|
|
||||||
catppuccin = {
|
|
||||||
# global, for all enabled programs
|
|
||||||
enable = true;
|
|
||||||
flavor = "macchiato";
|
|
||||||
accent = "green";
|
|
||||||
};
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
# General
|
|
||||||
fish = {
|
|
||||||
enable = true;
|
|
||||||
interactiveShellInit = ''
|
|
||||||
set fish_greeting
|
|
||||||
'';
|
|
||||||
plugins = with pkgs.fishPlugins;
|
|
||||||
map (p: {
|
|
||||||
name = p.pname;
|
|
||||||
src = p.src;
|
|
||||||
}) [
|
|
||||||
fzf-fish
|
|
||||||
tide
|
|
||||||
grc
|
|
||||||
hydro
|
|
||||||
];
|
|
||||||
functions = {
|
|
||||||
fish-theme-configure = ''
|
|
||||||
tide configure \
|
|
||||||
--auto \
|
|
||||||
--style=Lean \
|
|
||||||
--prompt_colors='True color' \
|
|
||||||
--show_time='12-hour format' \
|
|
||||||
--lean_prompt_height='Two lines' \
|
|
||||||
--prompt_connection=Disconnected \
|
|
||||||
--prompt_spacing=Compact \
|
|
||||||
--icons='Many icons' \
|
|
||||||
--transient=No
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
git = {
|
|
||||||
enable = true;
|
|
||||||
lfs.enable = true;
|
|
||||||
userName = "L-Nafaryus";
|
|
||||||
userEmail = "l.nafaryus@gmail.com";
|
|
||||||
signing = {
|
|
||||||
key = "86F1EA98B48FFB19";
|
|
||||||
signByDefault = true;
|
|
||||||
};
|
|
||||||
extraConfig = {
|
|
||||||
# ignore trends
|
|
||||||
init.defaultBranch = "master";
|
|
||||||
core = {
|
|
||||||
quotePath = false;
|
|
||||||
commitGraph = true;
|
|
||||||
whitespace = "trailing-space";
|
|
||||||
};
|
|
||||||
receive.advertisePushOptions = true;
|
|
||||||
gc.writeCommitGraph = true;
|
|
||||||
diff.submodule = "log";
|
|
||||||
};
|
|
||||||
aliases = {
|
|
||||||
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
bat.enable = true;
|
|
||||||
|
|
||||||
btop = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
cpu_bottom = true;
|
|
||||||
proc_tree = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fzf.enable = true;
|
|
||||||
|
|
||||||
lazygit.enable = true;
|
|
||||||
|
|
||||||
gpg = {
|
|
||||||
enable = true;
|
|
||||||
homedir = "${hmConfig.xdg.configHome}/gnupg";
|
|
||||||
mutableKeys = true;
|
|
||||||
mutableTrust = true;
|
|
||||||
settings = {
|
|
||||||
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
|
|
||||||
};
|
|
||||||
# TODO: replace existing ssh key with gpg provided
|
|
||||||
};
|
|
||||||
|
|
||||||
nnn = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.nnn.override {withNerdIcons = true;};
|
|
||||||
bookmarks = {
|
|
||||||
d = "~/Downloads";
|
|
||||||
p = "~/projects";
|
|
||||||
i = "~/Pictures";
|
|
||||||
m = "~/Music";
|
|
||||||
v = "~/Videos";
|
|
||||||
};
|
|
||||||
plugins = {
|
|
||||||
src = "${hmConfig.programs.nnn.finalPackage}/share/plugins";
|
|
||||||
mappings = {
|
|
||||||
# TODO: add used programs for previews with FIFO support
|
|
||||||
p = "preview-tui";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
ncmpcpp.enable = true;
|
|
||||||
|
|
||||||
# Graphical
|
|
||||||
obs-studio = {
|
|
||||||
enable = true;
|
|
||||||
plugins = with pkgs.obs-studio-plugins; [
|
|
||||||
obs-vkcapture
|
|
||||||
input-overlay
|
|
||||||
obs-pipewire-audio-capture
|
|
||||||
wlrobs
|
|
||||||
inputs.obs-image-reaction.packages.${pkgs.system}.default
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
mpv = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
# General
|
|
||||||
gpg-agent = {
|
|
||||||
enable = true;
|
|
||||||
defaultCacheTtl = 3600;
|
|
||||||
defaultCacheTtlSsh = 3600;
|
|
||||||
enableSshSupport = true;
|
|
||||||
pinentryPackage = pkgs.pinentry-qt;
|
|
||||||
enableFishIntegration = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
ssh-agent.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# XDG
|
|
||||||
xdg = {
|
|
||||||
enable = true;
|
|
||||||
mime.enable = true;
|
|
||||||
userDirs.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# dconf
|
|
||||||
dconf.settings = {
|
|
||||||
"org/virt-manager/virt-manager/connections" = {
|
|
||||||
autoconnect = ["qemu:///system"];
|
|
||||||
uris = ["qemu:///system"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.sessionVariables = {
|
|
||||||
# hint electron applications to use wayland
|
|
||||||
NIXOS_OZONE_WL = "1";
|
|
||||||
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
|
|
||||||
|
|
||||||
programs.virt-manager.enable = true;
|
|
||||||
|
|
||||||
programs.wireshark = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.wireshark;
|
|
||||||
};
|
|
||||||
|
|
||||||
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
|
|
||||||
}
|
|
@ -10,9 +10,7 @@
|
|||||||
./services/papermc.nix
|
./services/papermc.nix
|
||||||
./services/qbittorrent-nox.nix
|
./services/qbittorrent-nox.nix
|
||||||
./services/spoofdpi.nix
|
./services/spoofdpi.nix
|
||||||
# ISSUE: collision with nixos module zapret
|
./services/zapret.nix
|
||||||
#./services/zapret.nix
|
|
||||||
./services/conduit.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
configModule = {
|
configModule = {
|
||||||
@ -26,7 +24,6 @@
|
|||||||
# extra arguments
|
# extra arguments
|
||||||
_module.args = {
|
_module.args = {
|
||||||
bonPkgs = self.packages.${pkgs.system};
|
bonPkgs = self.packages.${pkgs.system};
|
||||||
bonLib = lib.mkDefault bonLib;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -47,7 +44,7 @@
|
|||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# collect all modules
|
# collect all modules
|
||||||
imports = moduleList ++ [configModule];
|
imports = importedModules;
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
lib.listToAttrs (
|
lib.listToAttrs (
|
||||||
|
@ -1,24 +1,22 @@
|
|||||||
dns: ENC[AES256_GCM,data:x2oHP6nGHnPl5WblPHRcBDQCkhj8FZnr5r+cBdaHyrPKxI71ECYmno/ItV/0opj0eGYamQjrVJkuZBGcQlXMMn9Hp4ImjByaX/zqYrdIjSY2B24h8kvnblsXjF6SlA==,iv:QRbiqpCwQ41pfmn3wwNITWdoMI9FzxShsG+fR5lAbl4=,tag:Rknw+qwLZ8No806ek+2zmQ==,type:str]
|
dns: ENC[AES256_GCM,data:KIcegw69ZEVY1VnSktZMMjaRhCJVCHn7BCAKvfR/iXs5AseDLVC025WRAy92UuuVYPwBvdHgRQUg8I6lrfr7RTHJooANHUK8D79c2+sAI/KsUw2ENh1tVgdW2A4enQ==,iv:12yEf+u0Ky0vktAfpAuG28mRSKDLyWlWHJ+9EPYqI4w=,tag:9MKTsAUfvzEyEzTd6ba/Jg==,type:str]
|
||||||
users:
|
users:
|
||||||
root: ENC[AES256_GCM,data:NIWAU+rCD7ShRU+ZMWw7D1XlNdhL9iwu6MP53edBFeCdSaiA91uS/n4MDgoQkao3sIE6zl5k/jht8GigZLSbjlj9iGhe3sTngg==,iv:hjimz2SsXf0nNgGhkDx97sg8iWBrne75KSbJLtJUf3k=,tag:4wfCpXew/OtTDZLIQk3cFA==,type:str]
|
root: ENC[AES256_GCM,data:nZpmZM0Ws9mVujJhqPKfSJwIqit23pc2TlF6k4iGEzQvf2iROyWN/+b212d/LiAWOoVl3tRkt7EcOiLsLu51DJnQtCGOWGcF5w==,iv:hbNMqy+OxbHsh77zT6a2Yb1lUXwVRvRF1PhSO/15keE=,tag:oe/Y2fWKHNiRamuhY+3xYQ==,type:str]
|
||||||
l-nafaryus: ENC[AES256_GCM,data:xXRQH92Hi0qO31pxmlHNLG+fHJRsAFgEs1a1APwNsGRZEVV5UB+ijK1S8dThFN+gnlcLb/gLlypFiK8Vzd7/kCOMyaJYtXJChg==,iv:AgE2X3iUAA/U8YmPawcONvWcxgBDkRdVvye4dTSIBd4=,tag:kkwiaSymObztQTjcfno1DA==,type:str]
|
l-nafaryus: ENC[AES256_GCM,data:RJXjIcSWrG00IqneQVBpvPayVZ/mFNZ16digWF/GaNNGYy+bDPYkglTiMdy5/xfah8BMrwmfID4PKyEBtMiIEx8VlV55N+hJyg==,iv:noFYBRrWMg7dxqAbVuT7uOCK4mQk4U29kiECJLb6QCQ=,tag:dZs6TC8kI9ioRYfhcceT+Q==,type:str]
|
||||||
database:
|
database:
|
||||||
git: ENC[AES256_GCM,data:noMvwTPWZWb79JtoEh0FLuXotVAXTX51QLcRfmjwxVg=,iv:EMiKZvMNhxpe2gARJ7BUrJFVM3ap/gMhJaRnKEJ7lX8=,tag:y+TAUHijY0NCvlwdg1fS1w==,type:str]
|
git: ENC[AES256_GCM,data:g5Fnb9R/LnKrB6rDQ0ss0wu9SZu7433xfUIzJQKG3SA=,iv:MHEclxa1ldE51hNe0zHsVv5BPdN5RELlkHgZGXxSdTo=,tag:zzKNB0/RehFPrhFQMi/g9w==,type:str]
|
||||||
mail:
|
mail:
|
||||||
l-nafaryus: ENC[AES256_GCM,data:0PKuC3fI8gGOg99DtyF84neRRnr1P7cqKti8XSjHUurb4CyLG01+aCzABBJzcAs05oQMjiLbAj0prj6Q,iv:m4PzJ5hJqyyLmNss8/CckrBhDe3HC3HVTCbCvhZf93Y=,tag:uKiZLlmQzuO7mcGhQb3/og==,type:str]
|
l-nafaryus: ENC[AES256_GCM,data:8JGjpQxcytZhfYT2JFUspufCnwCISbzBbaY2gN8WpSrlSlhIxVBkcdFnuGl3EJ6kABFX3lEGZomVNtay,iv:9l/x5xiDvkJ8QeqK7LTtQ/nxTckMGTkgujSDLtfWMZM=,tag:6qVUxjgs6QB+MQwog1fksw==,type:str]
|
||||||
git: ENC[AES256_GCM,data:YxU4Ws+yHgv5RsluX6BhpEnGBiDWZmIx+D8uD7oZr+v18tCSX27mI+T0t4IycPli4SLHUQR4PjGmnJao,iv:yHPkp1QmRWj4Nj4isIYtpe0ROSVLK9biBWJb81P5aew=,tag:+FJ6l4P7onUhKejYVq25Hg==,type:str]
|
git: ENC[AES256_GCM,data:w6odytyieDSJCRdf6og7rX1274Xtd3Mn+Eg5tPFjQv3pN/OVJ1fRk7nGFmHlKqR2VEtUVFHyZHKW4J7+,iv:Lo9yyCNvBxUOlxhLo4PFfT7eZrwZ3d6Yue2U8MBlTfM=,tag:T41aErdaYDI6ns20EBOwyw==,type:str]
|
||||||
kirill: ENC[AES256_GCM,data:erI0exQOi8JccOQVkWIt8zwvrm45Yrt1MNccBYO2oE5eEuXmeDU7uL92U4h+rDH+NojYpVjl1IaRAyU5,iv:kRvqVs70OzXLOBpZ/bfN0TQMdhqV6RAzQiszPQ4ZIwM=,tag:1whNxpchBdzOiVxCwYAzFA==,type:str]
|
kirill: ENC[AES256_GCM,data:ZBFfZufBdRRaeXUWiISVPxGvou78kNn+U1nYSBJ7OR6IqyvZMec+/s3+dDiwySOJ58EYCCqUZ7pq05U0,iv:r+mHKvxfI32Y/AHVN0AQqj3OqkxECuU6LIFNzmGvZ5s=,tag:gJsG2pa2k4gBTD294DuNWg==,type:str]
|
||||||
gitea:
|
gitea:
|
||||||
mail: ENC[AES256_GCM,data:RwQY3sOfcZMTWbvK5NWOprTSKTY5Fn/cECCh1MRC,iv:KjiYDiqmMO8u3m2VArdAva937cqfqNHKKMUkvnpDtkU=,tag:OpkSgrs8Rrz+XG5Q3tw+QQ==,type:str]
|
mail: ENC[AES256_GCM,data:LFYWpjHPcu6CQgcUEVcFA0ewZRjzA36wsoATnVGj,iv:Jqn1+6xa+wdkmdG2z9b8jf4DzCqF0I0YSctbiMN2tKw=,tag:aQQJG9STQmnAu+Dp9lj6cg==,type:str]
|
||||||
gitea-runner:
|
gitea-runner:
|
||||||
master-token: ENC[AES256_GCM,data:VbOnxgDr8Ni0NTdJvnwnppY3Q+/bev7IoVhxTpjGAphxh0tieCPfbnBJweav+l8dtQ==,iv:FzB5h/O0GSeBv1ZzE/zojWR2C6RR90NsxYddreVSmU0=,tag:c1WDgG9BlzvXaf+afzZW5g==,type:str]
|
master-token: ENC[AES256_GCM,data:hZc+sti6I1j3EQQc/wRb5exg0yO6+wq0NCdUJ6FN/wpwyhfWPdEJ5eWw+3bAsEpxdQ==,iv:uJXhf5DZtk1LROyfw8bn5ZjN329LbZyTlaSPMvzeNXs=,tag:IeGUODEvfELc2YS+TUP7/g==,type:str]
|
||||||
papermc:
|
papermc:
|
||||||
rcon: ENC[AES256_GCM,data:h9DqMN3MAS2X,iv:M72Ku0n1BTaj9TuHmpj+xBcE/6nJvHWKB87HZ3pUKyE=,tag:QRN8e/SXKv0VGyOf9Fq49Q==,type:str]
|
rcon: ENC[AES256_GCM,data:t6EjQmR+7l9x,iv:Vg3Ht/FNDUSkpRcP4c3hR/GzXMFMH/uD1wkPGn/OyKQ=,tag:++OEAYFK2qE4gM/XMSGH+g==,type:str]
|
||||||
discordToken: ENC[AES256_GCM,data:dII/1MKdUt/gjl6j+0mIyy0e03BmRwFPBle4fCx5ZYFjQ6zy9ByjFwVYKS8LlXTaPZQGknTBg0QHypRjE3XFW5uzvfp0OfTYm0o=,iv:bSkp6dKYeOuei9OkshO89ihfGMpRXE+8vb0iXEEkv0I=,tag:ICCUF/l8vJfzb/hgF9AYsg==,type:str]
|
discordToken: ENC[AES256_GCM,data:oRNbi3uDJClyRJgKycvJAt+2ZPT3hU9AVGmB1XMGqObz6O0DpdBlsmSCbwXwhvD2U0cMLUx7fdehdDUXTnk5qLR/eBSwD/k0+0U=,iv:WXRo7iSRn+/4oeHuuEhQsDNrxw1pWt21GDLeinVOmV0=,tag:IHWpKGlkmHwDI7j9MHTbtg==,type:str]
|
||||||
nix-store:
|
nix-store:
|
||||||
cache-key: ENC[AES256_GCM,data:wEp8XH18N5P+h8EMognt93/VwXVF5/sxvEOrGzba/iK1W4nVZM8pStGAP0wI593MEB7Vobw+slWj4I3wwRJjOpDsK4EsgROUBein84Gn9uqk/liCEqjSAqZkktv4yX5p3dETZw+Ojak=,iv:oVKBfzJP8il3N6lH4JmaPaHSaqkUfmsM6cr+xumjAdE=,tag:+Gj9CzpoQknT+i6xAPZ7dg==,type:str]
|
cache-key: ENC[AES256_GCM,data:SH0lBYa6ELoraxKmWo+hb3+rFRjFbVm1mj0YiVKUua5pVnC8Weihk4haTJZ1zShc3ADuinyHD/Ns+576bajWoE5jSGHXlgWQ8P+5fMZ0BkmZEuP5kooWRBk5t1aZilM3LJavwsYiE6E=,iv:KpwDXIXtaiNgVgcUQJJOnA+YLXVhJwILeq2dX1XkXgo=,tag:4kTemsodW0bhW9joQAPzhA==,type:str]
|
||||||
matrix:
|
|
||||||
coturn-secret: ENC[AES256_GCM,data:BWYo08cS4oAYk7aK5yKT7xWkcxhOhxi3mZzl//xB/IqJ70x4ggGoiVudTxE=,iv:4YYWyxnwR1KcpjTNwvzrGWWVobr3LM6H6l/1/fbBQE4=,tag:qmXc+tzYKJR6hErgurx97Q==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -28,23 +26,23 @@ sops:
|
|||||||
- recipient: age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
|
- recipient: age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVmZiM3RqVkphSm5aV0E5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvajllWmw2U2U3eDFvY0Uw
|
||||||
ZW56NjEvdEFyQmI1NlEwaHNYOWN4aEp0bDN3CmcyTDY3QzJLSk5MSXZ4T0xONG5D
|
S09kTGV1RDZVTU42QmlOZXcwWFl2RWNQeldRCklsSERCUUJKS1BNbkt4MWtoWFl3
|
||||||
NXRQejQrSlRWSHBQbnhVVVY5SGdmQzAKLS0tIGJWRWlPbVVicWhXcm1wMnBjbGpB
|
ZG9BVUFoQ1h5ZGlFelNzMEtIQmliTjgKLS0tIHZCWFBHUEw2TE9Yc0tZemtkUkNN
|
||||||
aXFvYzkvUDV6RTZTdzViZkVmeHY1MUkKoxyI003op6VxqTNFApFoAzIA1KwvKD51
|
eXgrOTk1S0tDWWpHUkIveWZZdlYvMTQKyZMAYr6n5figUX2YUAAA37nxA5r1tyXh
|
||||||
hjBPkP9e1B3fRWZXysva51G/Y2zc6ylv17qPE5TjaVw9OS2WqTQNWA==
|
F7/l2T4R+cXq3Oywf5EtezOMdl9Xprk0ZoubzT55p0TPtYwCNk6Chg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1wyz7cfldqe9hh8qyw2qm42hkq9s7qdwqnrnv0u3s6vstv9649v0sh0z4em
|
- recipient: age1wyz7cfldqe9hh8qyw2qm42hkq9s7qdwqnrnv0u3s6vstv9649v0sh0z4em
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eGVWZnVUMUdyNys4cUFv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSkt5NG4wdGVwMDlpMFhv
|
||||||
czl4THRPOFN6RXl1d3hoUlMzVittUmtjMGl3CnlCOElNVitLdXJQbmMxNTROdHRz
|
Vm56L1owRXJ2RTBhUVZ2aXpVVUVrZDV6M0FNCmYxTlNrQko0SmorWUV3VnRkOENK
|
||||||
MFl6NmxHWEY3anFsUkxpWGZHZ21iZ2sKLS0tIG1UT0VpaDBRNUpSY2lDcTRJMHpT
|
RDJzQkk0dVA0UVdDWEtxRDJEZFpSWVUKLS0tIGc1NFUzb1dhWUZlQWdpNFA4ZC9J
|
||||||
ZnlzMlFUcEx5bHltdlg5ODVMVFNHNW8K7x38gdL5sbNLqTXdCxIHuX+yIy+XX8Vi
|
cFBmaUV4SWx3K21UUDA2YlBVY1NCazgK080jE+EELtQf8PmlaZs4RR+gjJEeEiTn
|
||||||
x90Ltb5GOAMkd6qzgup3bWuQazpZ/Gj25f6ql7L2Oenlw8/8S9vbeQ==
|
wwZXV8ufOGtLLwFtYlm8pdMXDtVrBywcRdzSo6/e73Y+GFxulTIFCQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-09T07:20:47Z"
|
lastmodified: "2024-08-05T17:43:22Z"
|
||||||
mac: ENC[AES256_GCM,data:fJ86HMwKQmbSTsAWAKC1cGxDqwkddTGHfFjQMa74RVxNh+yFlD+gEHFV2GKTRVji8kEUlp4qXqwtKnJ9Fx5zw0P1LHuCE9Q4j1Cxgs/j7XFTNMTvpt/8sVR1YC77Qp9LDwDxdDQK0GV4Z3BzoqjM20BHRbTWtCSyoNRmBP6Wcg8=,iv:BptqL9qXcyc5SaGvPMfUWDd0b22Viy5LJElbNGhpDYQ=,tag:jHMETvWq9IOCk+z63Dntpg==,type:str]
|
mac: ENC[AES256_GCM,data:OMwzBcK+KEaxZNTxCnlhDmm9efUkOtMk7vZUfxV9bCny80CdQhp9dD9a9bRPwn+lzgTj3CZLhLAubB3Eh01dqrbZ3DQt/p6xFQ54kCX0a18AHVSIrDcYQNez0MLcOI56RvJDofsO5Dh3i2sFXZ/gaxEjPBQPxlbH1KOrjCm480w=,iv:70i/TOlDF8Vru5FBu0fVb9IkG+Fg83zqcrcuyiHEHBc=,tag:A5qPz8KQl33Z5uHzMlTA0Q==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
@ -42,18 +42,6 @@
|
|||||||
group = "nix-serve";
|
group = "nix-serve";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
|
|
||||||
coturn-secret = lib.mkIf config.services.coturn.enable {
|
|
||||||
owner = "turnserver";
|
|
||||||
group = "turnserver";
|
|
||||||
key = "matrix/coturn-secret";
|
|
||||||
};
|
|
||||||
|
|
||||||
turn-secret = lib.mkIf config.services.conduit.enable {
|
|
||||||
owner = "conduit";
|
|
||||||
group = "conduit";
|
|
||||||
key = "matrix/coturn-secret";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,223 +0,0 @@
|
|||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
bonLib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
cfg = config.services.conduit;
|
|
||||||
format = pkgs.formats.toml {};
|
|
||||||
configFile = pkgs.writeText "config.toml" ''
|
|
||||||
${bonLib.toTOML {global = cfg.settings.global // lib.optionals (cfg.turn_secret_file != null) {turn_secret = "#turn_secret#";};}}
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
options.services.conduit = {
|
|
||||||
enable = mkEnableOption "conduit";
|
|
||||||
|
|
||||||
extraEnvironment = mkOption {
|
|
||||||
type = types.attrsOf types.str;
|
|
||||||
description = "Extra Environment variables to pass to the conduit server.";
|
|
||||||
default = {};
|
|
||||||
example = {RUST_BACKTRACE = "yes";};
|
|
||||||
};
|
|
||||||
|
|
||||||
package = mkOption {
|
|
||||||
type = types.package;
|
|
||||||
default = pkgs.matrix-conduit;
|
|
||||||
defaultText = literalExpression "pkgs.matrix-conduit";
|
|
||||||
description = "The package to use.";
|
|
||||||
};
|
|
||||||
|
|
||||||
turn_secret_file = mkOption {
|
|
||||||
type = types.nullOr types.path;
|
|
||||||
default = null;
|
|
||||||
description = "The path to the file with TURN secret.";
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = mkOption {
|
|
||||||
type = types.submodule {
|
|
||||||
#freeformType = format.type;
|
|
||||||
options = {
|
|
||||||
global.server_name = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
example = "example.com";
|
|
||||||
description = "The server_name is the name of this server. It is used as a suffix for user # and room ids.";
|
|
||||||
};
|
|
||||||
global.port = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 6167;
|
|
||||||
description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port";
|
|
||||||
};
|
|
||||||
global.max_request_size = mkOption {
|
|
||||||
type = types.ints.positive;
|
|
||||||
default = 20000000;
|
|
||||||
description = "Max request size in bytes. Don't forget to also change it in the proxy.";
|
|
||||||
};
|
|
||||||
global.allow_registration = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "Whether new users can register on this server.";
|
|
||||||
};
|
|
||||||
global.allow_encryption = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.";
|
|
||||||
};
|
|
||||||
global.allow_federation = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
description = ''
|
|
||||||
Whether this server federates with other servers.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
global.trusted_servers = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = ["matrix.org"];
|
|
||||||
description = "Servers trusted with signing server keys.";
|
|
||||||
};
|
|
||||||
global.address = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "::1";
|
|
||||||
description = "Address to listen on for connections by the reverse proxy/tls terminator.";
|
|
||||||
};
|
|
||||||
global.database_path = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "/var/lib/conduit/";
|
|
||||||
readOnly = true;
|
|
||||||
description = ''
|
|
||||||
Path to the conduit database, the directory where conduit will save its data.
|
|
||||||
Note that due to using the DynamicUser feature of systemd, this value should not be changed
|
|
||||||
and is set to be read only.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
global.database_backend = mkOption {
|
|
||||||
type = types.enum ["sqlite" "rocksdb"];
|
|
||||||
default = "sqlite";
|
|
||||||
example = "rocksdb";
|
|
||||||
description = ''
|
|
||||||
The database backend for the service. Switching it on an existing
|
|
||||||
instance will require manual migration of data.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
global.allow_check_for_updates = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Whether to allow Conduit to automatically contact
|
|
||||||
<https://conduit.rs> hourly to check for important Conduit news.
|
|
||||||
|
|
||||||
Disabled by default because nixpkgs handles updates.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
global.well_known.client = mkOption {
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
default = null;
|
|
||||||
description = "The URL that clients should use to connect to Conduit.";
|
|
||||||
};
|
|
||||||
global.well_known.server = mkOption {
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
default = null;
|
|
||||||
description = "The hostname and port servers should use to connect to Conduit.";
|
|
||||||
};
|
|
||||||
global.turn_uris = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = "The TURN URIs.";
|
|
||||||
};
|
|
||||||
global.turn_secret = mkOption {
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
default = null;
|
|
||||||
description = "The TURN secret.";
|
|
||||||
};
|
|
||||||
global.turn_ttl = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 86400;
|
|
||||||
description = "The TURN TTL in seconds.";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
default = {};
|
|
||||||
description = ''
|
|
||||||
Generates the conduit.toml configuration file. Refer to
|
|
||||||
<https://docs.conduit.rs/configuration.html>
|
|
||||||
for details on supported values.
|
|
||||||
Note that database_path can not be edited because the service's reliance on systemd StateDir.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
assertions = [
|
|
||||||
{
|
|
||||||
assertion = cfg.settings.global.turn_secret != null -> cfg.turn_secret_file == null;
|
|
||||||
message = "settings.global.turn_secret and turn_secret_file cannot be set at the same time";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
users.users.conduit = {
|
|
||||||
description = "Conduit service user.";
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "conduit";
|
|
||||||
};
|
|
||||||
users.groups.conduit = {};
|
|
||||||
|
|
||||||
systemd.services.conduit = let
|
|
||||||
runConfig = "/run/conduit/config.toml";
|
|
||||||
in {
|
|
||||||
description = "Conduit Matrix Server";
|
|
||||||
documentation = ["https://gitlab.com/famedly/conduit/"];
|
|
||||||
after = ["network-online.target"];
|
|
||||||
wants = ["network-online.target"];
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
environment = mkMerge [
|
|
||||||
{CONDUIT_CONFIG = runConfig;}
|
|
||||||
cfg.extraEnvironment
|
|
||||||
];
|
|
||||||
preStart = ''
|
|
||||||
cat ${configFile} > ${runConfig}
|
|
||||||
${lib.optionalString (cfg.turn_secret_file != null) ''
|
|
||||||
${pkgs.replace-secret}/bin/replace-secret \
|
|
||||||
"#turn_secret#" \
|
|
||||||
${cfg.turn_secret_file} \
|
|
||||||
${runConfig}
|
|
||||||
''}
|
|
||||||
chmod 640 ${runConfig}
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
|
||||||
User = "conduit";
|
|
||||||
LockPersonality = true;
|
|
||||||
MemoryDenyWriteExecute = true;
|
|
||||||
ProtectClock = true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
PrivateDevices = true;
|
|
||||||
PrivateMounts = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
|
|
||||||
RestrictNamespaces = true;
|
|
||||||
RestrictRealtime = true;
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
SystemCallFilter = [
|
|
||||||
"@system-service"
|
|
||||||
"~@privileged"
|
|
||||||
];
|
|
||||||
StateDirectory = "conduit";
|
|
||||||
StateDirectoryMode = "0700";
|
|
||||||
RuntimeDirectory = "conduit";
|
|
||||||
ExecStart = "${cfg.package}/bin/conduit";
|
|
||||||
Restart = "on-failure";
|
|
||||||
RestartSec = 10;
|
|
||||||
StartLimitBurst = 5;
|
|
||||||
UMask = "077";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /run/conduit 0700 conduit conduit - -"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
@ -101,30 +101,14 @@ in {
|
|||||||
description = "List of addresses to ignore";
|
description = "List of addresses to ignore";
|
||||||
};
|
};
|
||||||
|
|
||||||
dataDir = mkOption {
|
# TODO: add filter and anti filter options with optional file paths
|
||||||
type = types.path;
|
# TODO ipset hashsize and maxelem
|
||||||
default = "/var/lib/zapret";
|
|
||||||
description = ''
|
|
||||||
Directory to store zapret files and antifilter lists.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
filterAddressesSource = mkOption {
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
default = null;
|
|
||||||
example = ''https://antifilter.network/download/ipsmart.lst'';
|
|
||||||
description = "Link to external list of addresses to download and use.";
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO: ipset hashsize and maxelem
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
users.users.tpws = {
|
users.users.tpws = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "tpws";
|
group = "tpws";
|
||||||
home = cfg.dataDir;
|
|
||||||
createHome = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.tpws = {};
|
users.groups.tpws = {};
|
||||||
@ -142,8 +126,6 @@ in {
|
|||||||
)
|
)
|
||||||
gawk
|
gawk
|
||||||
ipset
|
ipset
|
||||||
wget
|
|
||||||
curl
|
|
||||||
];
|
];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
@ -151,11 +133,10 @@ in {
|
|||||||
Restart = "no";
|
Restart = "no";
|
||||||
TimeoutSec = "30sec";
|
TimeoutSec = "30sec";
|
||||||
IgnoreSIGPIPE = "no";
|
IgnoreSIGPIPE = "no";
|
||||||
#KillMode = "none";
|
KillMode = "none";
|
||||||
GuessMainPID = "no";
|
GuessMainPID = "no";
|
||||||
RemainAfterExit = "no";
|
RemainAfterExit = "no";
|
||||||
|
|
||||||
WorkingDirectory = cfg.dataDir;
|
|
||||||
ExecStart = "${cfg.package}/bin/zapret start";
|
ExecStart = "${cfg.package}/bin/zapret start";
|
||||||
ExecStop = let
|
ExecStop = let
|
||||||
stop_script = pkgs.writeShellScriptBin "zapret-stop" ''
|
stop_script = pkgs.writeShellScriptBin "zapret-stop" ''
|
||||||
@ -176,25 +157,37 @@ in {
|
|||||||
DISABLE_IPV6=${toString cfg.disableIPV6}
|
DISABLE_IPV6=${toString cfg.disableIPV6}
|
||||||
''
|
''
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
# hardening
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
KeyringMode = "private";
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
RemoveIPC = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
};
|
};
|
||||||
|
|
||||||
preStart = let
|
preStart = let
|
||||||
zapretListFile = src: pkgs.writeText "zapretList" (createFilterList "zapret" src);
|
# zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" (lib.readFile cfg.package.passthru.antifilter.ipsmart));
|
||||||
nozapretListFile = src: pkgs.writeText "nozapretList" (createFilterList "nozapret" src);
|
zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" cfg.filterAddresses);
|
||||||
|
nozapretListFile = pkgs.writeText "nozapretList" (createFilterList "nozapret" cfg.ignoreAddresses);
|
||||||
in ''
|
in ''
|
||||||
${lib.optionalString (cfg.filterAddressesSource != null) "curl -L '${cfg.filterAddressesSource}' -o ${cfg.dataDir}/zapretList && sed -i -e 's/^/add zapret /' '${cfg.dataDir}/zapretList'"}
|
|
||||||
|
|
||||||
ipset create zapret hash:net family inet hashsize 262144 maxelem 522288 -!
|
ipset create zapret hash:net family inet hashsize 262144 maxelem 522288 -!
|
||||||
ipset flush zapret
|
ipset flush zapret
|
||||||
ipset restore -! < ${
|
ipset restore -! < ${zapretListFile}
|
||||||
if (cfg.filterAddressesSource != null)
|
|
||||||
then "${cfg.dataDir}/zapretList"
|
|
||||||
else (zapretListFile cfg.filterAddresses)
|
|
||||||
}
|
|
||||||
|
|
||||||
ipset create nozapret hash:net family inet hashsize 262144 maxelem 522288 -!
|
ipset create nozapret hash:net family inet hashsize 262144 maxelem 522288 -!
|
||||||
ipset flush nozapret
|
ipset flush nozapret
|
||||||
ipset restore -! < ${nozapretListFile cfg.ignoreAddresses}
|
ipset restore -! < ${nozapretListFile}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
13
packages/blender/default.nix
Normal file
13
packages/blender/default.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{
|
||||||
|
bonLib,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
(pkgs.blender.override {cudaSupport = true;}).overrideAttrs (old: {
|
||||||
|
meta =
|
||||||
|
old.meta
|
||||||
|
// {
|
||||||
|
description = old.meta.description + " (CUDA enabled)";
|
||||||
|
};
|
||||||
|
})
|
@ -30,16 +30,6 @@
|
|||||||
zlib
|
zlib
|
||||||
];
|
];
|
||||||
|
|
||||||
passthru = {
|
|
||||||
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/shuttle-hq/shuttle/tags?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].name" | ${pkgs.gnused}/bin/sed 's/^v//')"
|
|
||||||
|
|
||||||
drift rewrite --auto-hash --new-version "$latest"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "A cargo command for the shuttle platform";
|
description = "A cargo command for the shuttle platform";
|
||||||
license = licenses.asl20;
|
license = licenses.asl20;
|
||||||
|
@ -83,12 +83,17 @@ in
|
|||||||
|
|
||||||
# Pass for cache
|
# Pass for cache
|
||||||
|
|
||||||
# ISSUE: attribute 'targetPlatforms' missing
|
blender = {
|
||||||
#wezterm = {
|
source = ./blender;
|
||||||
# source = ./wezterm;
|
platforms = ["x86_64-linux"];
|
||||||
# platforms = ["x86_64-linux"];
|
builder = {...}: import;
|
||||||
# builder = {...}: import;
|
};
|
||||||
#};
|
|
||||||
|
wezterm = {
|
||||||
|
source = ./wezterm;
|
||||||
|
platforms = ["x86_64-linux"];
|
||||||
|
builder = {...}: import;
|
||||||
|
};
|
||||||
|
|
||||||
# Container images
|
# Container images
|
||||||
|
|
||||||
|
@ -2,9 +2,8 @@
|
|||||||
bonLib,
|
bonLib,
|
||||||
stdenv,
|
stdenv,
|
||||||
pkgs,
|
pkgs,
|
||||||
version ? "6.2.2405",
|
version ? "6.2.2404",
|
||||||
sha256 ? "sha256-SZPZT49BqUzssPcOo/5yAkjqAHDErC86xCUFL88Iew4=",
|
sha256 ? "sha256-SZPZT49BqUzssPcOo/5yAkjqAHDErC86xCUFL88Iew4=",
|
||||||
lib,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
@ -62,26 +61,6 @@ stdenv.mkDerivation {
|
|||||||
export PYTHONPATH="${python3}/${python3.sitePackages}"
|
export PYTHONPATH="${python3}/${python3.sitePackages}"
|
||||||
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
|
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
|
||||||
'';
|
'';
|
||||||
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
new_version=$(${lib.getExe pkgs.curl} -s "https://api.github.com/repos/NGSolve/netgen/tags?per_page=1" | ${lib.getExe pkgs.jq} -r ".[0].name")
|
|
||||||
new_hash=$(nix flake prefetch --json https://github.com/NGSolve/netgen/archive/refs/tags/$new_version.tar.gz | ${lib.getExe pkgs.jq} -r ".hash")
|
|
||||||
|
|
||||||
old_version=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.version")
|
|
||||||
old_hash=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.outputHash")
|
|
||||||
|
|
||||||
nixpath=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.meta.position")
|
|
||||||
relpath=$(echo $nixpath | ${lib.getExe pkgs.ripgrep} "\/nix\/store\/[\w\d]{32}-[^\/]+/" -r "" | ${lib.getExe pkgs.ripgrep} "[:\d]" -r "")
|
|
||||||
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_version/$new_version/g"
|
|
||||||
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_hash/$new_hash/g"
|
|
||||||
|
|
||||||
content=$(${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
|
|
||||||
content=$(echo $content | ${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
|
|
||||||
|
|
||||||
echo $content > $relpath
|
|
||||||
# TODO: убрать все кавычки
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = with pkgs.lib; {
|
meta = with pkgs.lib; {
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
pkgs,
|
pkgs,
|
||||||
version ? "v0.10.0",
|
version ? "v0.10.0",
|
||||||
hash ? "sha256-e6TPklWp5rvNypnI0VHqOjzZhkYsZcp+jkXUlYxMBlU=",
|
hash ? "sha256-e6TPklWp5rvNypnI0VHqOjzZhkYsZcp+jkXUlYxMBlU=",
|
||||||
|
vendorHash ? "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=",
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
pkgs.buildGoModule {
|
pkgs.buildGoModule {
|
||||||
@ -17,20 +18,12 @@ pkgs.buildGoModule {
|
|||||||
hash = hash;
|
hash = hash;
|
||||||
};
|
};
|
||||||
|
|
||||||
vendorHash = "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=";
|
inherit vendorHash;
|
||||||
|
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
|
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
|
||||||
|
|
||||||
passthru.update = pkgs.writeShellScriptBin "update-spoofdpi" ''
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/xvzc/SpoofDPI/releases?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].tag_name" | ${pkgs.gnused}/bin/sed 's/^v//')"
|
|
||||||
|
|
||||||
drift rewrite --auto-hash --new-version "$latest"
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
homepage = "https://github.com/xvzc/SpoofDPI";
|
homepage = "https://github.com/xvzc/SpoofDPI";
|
||||||
description = "A simple and fast anti-censorship tool written in Go";
|
description = "A simple and fast anti-censorship tool written in Go";
|
||||||
|
@ -1,16 +1,108 @@
|
|||||||
{
|
{
|
||||||
|
bonLib,
|
||||||
|
craneLib,
|
||||||
lib,
|
lib,
|
||||||
weztermPkgs,
|
pkgs,
|
||||||
|
version ? "2d0c5cddc91a9c59aef9a7667d90924e7cedd0ac",
|
||||||
|
hash ? "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=",
|
||||||
...
|
...
|
||||||
}:
|
}: let
|
||||||
weztermPkgs.default.overrideAttrs (old: {
|
src = pkgs.fetchFromGitHub {
|
||||||
pname = "wezterm";
|
owner = "wez";
|
||||||
|
repo = "wezterm";
|
||||||
|
rev = version;
|
||||||
|
hash = hash;
|
||||||
|
fetchSubmodules = true;
|
||||||
|
};
|
||||||
|
terminfo =
|
||||||
|
pkgs.runCommand "wezterm-terminfo"
|
||||||
|
{
|
||||||
|
nativeBuildInputs = [pkgs.ncurses];
|
||||||
|
} ''
|
||||||
|
mkdir -p $out/share/terminfo $out/nix-support
|
||||||
|
tic -x -o $out/share/terminfo ${src}/termwiz/data/wezterm.terminfo
|
||||||
|
'';
|
||||||
|
pkg = {
|
||||||
|
pname = "wezterm";
|
||||||
|
inherit version;
|
||||||
|
|
||||||
meta =
|
inherit src;
|
||||||
old.meta
|
|
||||||
// {
|
strictDeps = true;
|
||||||
|
doCheck = false;
|
||||||
|
|
||||||
|
nativeBuildInputs = with pkgs; [
|
||||||
|
installShellFiles
|
||||||
|
ncurses # tic for terminfo
|
||||||
|
pkg-config
|
||||||
|
python3
|
||||||
|
];
|
||||||
|
|
||||||
|
buildInputs = with pkgs; [
|
||||||
|
fontconfig
|
||||||
|
pkgs.zlib
|
||||||
|
libxkbcommon
|
||||||
|
openssl
|
||||||
|
wayland
|
||||||
|
cairo
|
||||||
|
|
||||||
|
xorg.libX11
|
||||||
|
xorg.libxcb
|
||||||
|
xorg.xcbutil
|
||||||
|
xorg.xcbutilimage
|
||||||
|
xorg.xcbutilkeysyms
|
||||||
|
xorg.xcbutilwm # contains xcb-ewmh among others
|
||||||
|
];
|
||||||
|
|
||||||
|
libPath = lib.makeLibraryPath (with pkgs; [
|
||||||
|
xorg.xcbutilimage
|
||||||
|
libGL
|
||||||
|
vulkan-loader
|
||||||
|
]);
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
echo ${version} > .tag
|
||||||
|
|
||||||
|
# tests are failing with: Unable to exchange encryption keys
|
||||||
|
# rm -r wezterm-ssh/tests
|
||||||
|
'';
|
||||||
|
|
||||||
|
preFixup = lib.optionalString pkgs.stdenv.isLinux ''
|
||||||
|
patchelf \
|
||||||
|
--add-needed "${pkgs.libGL}/lib/libEGL.so.1" \
|
||||||
|
--add-needed "${pkgs.vulkan-loader}/lib/libvulkan.so.1" \
|
||||||
|
$out/bin/wezterm-gui
|
||||||
|
'';
|
||||||
|
|
||||||
|
postInstall = ''
|
||||||
|
mkdir -p $out/nix-support
|
||||||
|
echo "${terminfo}" >> $out/nix-support/propagated-user-env-packages
|
||||||
|
|
||||||
|
install -Dm644 assets/icon/terminal.png $out/share/icons/hicolor/128x128/apps/org.wezfurlong.wezterm.png
|
||||||
|
install -Dm644 assets/wezterm.desktop $out/share/applications/org.wezfurlong.wezterm.desktop
|
||||||
|
install -Dm644 assets/wezterm.appdata.xml $out/share/metainfo/org.wezfurlong.wezterm.appdata.xml
|
||||||
|
|
||||||
|
install -Dm644 assets/shell-integration/wezterm.sh -t $out/etc/profile.d
|
||||||
|
installShellCompletion --cmd wezterm \
|
||||||
|
--bash assets/shell-completion/bash \
|
||||||
|
--fish assets/shell-completion/fish \
|
||||||
|
--zsh assets/shell-completion/zsh
|
||||||
|
|
||||||
|
install -Dm644 assets/wezterm-nautilus.py -t $out/share/nautilus-python/extensions
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
homepage = "https://github.com/wez/wezterm";
|
homepage = "https://github.com/wez/wezterm";
|
||||||
description = "A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust";
|
description = "A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust";
|
||||||
license = lib.licenses.mit;
|
license = lib.licenses.mit;
|
||||||
|
maintainers = with bonLib.maintainers; [L-Nafaryus];
|
||||||
|
platforms = platforms.x86_64;
|
||||||
|
mainProgram = "wezterm";
|
||||||
};
|
};
|
||||||
})
|
};
|
||||||
|
in let
|
||||||
|
cargoArtifacts = craneLib.buildDepsOnly pkg;
|
||||||
|
in
|
||||||
|
craneLib.buildPackage (
|
||||||
|
pkg // {inherit cargoArtifacts;}
|
||||||
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user