Compare commits

..

No commits in common. "master" and "packages-wezterm" have entirely different histories.

40 changed files with 901 additions and 2522 deletions

View File

@ -1,14 +1,9 @@
{
pkgs,
drift,
...
}:
{pkgs, ...}:
pkgs.mkShellNoCC {
packages = with pkgs; [
sops
mkpasswd
jq
cachix
drift
];
}

View File

@ -18,8 +18,6 @@ in
crane = self.inputs.crane;
crane-lib = self.inputs.crane.mkLib pkgs;
drift = self.inputs.drift.packages.${system}.drift;
};
in {
default = import ./bonfire.nix environment;
@ -32,6 +30,4 @@ in
rust-x11 = import ./rust-x11.nix environment;
go = import ./go.nix environment;
python-uv = import ./python-uv.nix environment;
})

View File

@ -1,8 +0,0 @@
{pkgs, ...}:
pkgs.mkShellNoCC {
packages = with pkgs; [
uv
curl
jq
];
}

508
flake.lock generated
View File

@ -1,34 +1,18 @@
{
"nodes": {
"advisory-db": {
"flake": false,
"locked": {
"lastModified": 1732530460,
"narHash": "sha256-1SceEHyFdHnoWE/AnoDZRu/9+Ift3Oc1+iQzmbP7OBU=",
"owner": "rustsec",
"repo": "advisory-db",
"rev": "4676c5529dd5319b9962e42bf984797f0dd57f5b",
"type": "github"
},
"original": {
"owner": "rustsec",
"repo": "advisory-db",
"type": "github"
}
},
"ags": {
"inputs": {
"astal": "astal",
"nixpkgs": [
"nixpkgs"
]
],
"systems": "systems"
},
"locked": {
"lastModified": 1732307740,
"narHash": "sha256-ZDsYdZOtg5qkK/wfLLB83B3SI+fE32S+/6Ey0ggHODM=",
"lastModified": 1725841979,
"narHash": "sha256-SXYqzpHPuXFR6w/cUKo3VN8XRn6XA2mGbdRXs9oLk6k=",
"owner": "Aylur",
"repo": "ags",
"rev": "81159966eb8b39b66c3efc133982fd76920c9605",
"rev": "aaef50bb2c80ef4b4a359329d72669a95e7c4796",
"type": "github"
},
"original": {
@ -37,27 +21,6 @@
"type": "github"
}
},
"astal": {
"inputs": {
"nixpkgs": [
"ags",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731952585,
"narHash": "sha256-Sh1E7sJd8JJM3PCU1ZOei/QWz97OLCENIi2rTRoaniw=",
"owner": "aylur",
"repo": "astal",
"rev": "664c7a4ddfcf48c6e8accd3c33bb94424b0e8609",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "astal",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -76,11 +39,11 @@
},
"catppuccin": {
"locked": {
"lastModified": 1732703064,
"narHash": "sha256-n8XOmn0WGtQhAMJKTnhL/3ttV2ZahPRf6gtlqZ6R4QE=",
"lastModified": 1725509983,
"narHash": "sha256-NHCgHVqumPraFJnLrkanoLDuhOoUHUvRhvp/RIHJR+A=",
"owner": "catppuccin",
"repo": "nix",
"rev": "2e2bdecf0bae287d74947cd5cf967c5c499c23c1",
"rev": "45745fe5960acaefef2b60f3455bcac6a0ca6bc9",
"type": "github"
},
"original": {
@ -91,11 +54,11 @@
},
"crane": {
"locked": {
"lastModified": 1732407143,
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
"lastModified": 1725409566,
"narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
"rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
"type": "github"
},
"original": {
@ -104,116 +67,7 @@
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1732407143,
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
"owner": "ipetkov",
"repo": "crane",
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"dream2nix": {
"inputs": {
"nixpkgs": [
"elnafo-radio",
"nixpkgs"
],
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
"locked": {
"lastModified": 1732214960,
"narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "a8dac99db44307fdecead13a39c584b97812d0d4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"drift": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"snowfall-lib": "snowfall-lib",
"unstable": "unstable"
},
"locked": {
"lastModified": 1716675566,
"narHash": "sha256-H1f5LI1pKogcv+S4pjHjGWwC4286wuQxfjp9Poc+sTg=",
"owner": "snowfallorg",
"repo": "drift",
"rev": "b0c929d645040abb01d5faff63e07caade0ce8e4",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "drift",
"type": "github"
}
},
"elnafo-radio": {
"inputs": {
"advisory-db": "advisory-db",
"crane": "crane_2",
"dream2nix": "dream2nix",
"fenix": "fenix",
"nix-std": "nix-std",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732734795,
"narHash": "sha256-xDR8ZF9S/igtu51ZQ68w7WdKp0IGzmZSF7hLtezALPY=",
"ref": "refs/heads/master",
"rev": "e3b05ea5e209b268bca1f9ebcb30096c5aebcf0a",
"revCount": 14,
"type": "git",
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
},
"original": {
"type": "git",
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"elnafo-radio",
"nixpkgs"
],
"rust-analyzer-src": [
"elnafo-radio"
]
},
"locked": {
"lastModified": 1732689334,
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
"owner": "nix-community",
"repo": "fenix",
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"fenix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -221,11 +75,11 @@
"rust-analyzer-src": []
},
"locked": {
"lastModified": 1732689334,
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
"lastModified": 1726813972,
"narHash": "sha256-t6turZgoSAVgj7hn5mxzNlLOeVeZvymFo8+ymB52q34=",
"owner": "nix-community",
"repo": "fenix",
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
"rev": "251caeafc75b710282ee7e375800f75f4c8c5727",
"type": "github"
},
"original": {
@ -235,38 +89,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -290,11 +112,11 @@
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
@ -305,14 +127,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -321,53 +143,16 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -417,11 +202,11 @@
]
},
"locked": {
"lastModified": 1732482255,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
"lastModified": 1726825546,
"narHash": "sha256-HiBzfzgqojA9OjPB+vdi2o+gy4Zw/MEipuGopgGsZEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
"rev": "0b052dd8119005c6ba819db48bcc657e48f401b7",
"type": "github"
},
"original": {
@ -430,34 +215,6 @@
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"repo": "ixx",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
@ -475,40 +232,10 @@
"type": "github"
}
},
"nix-std": {
"locked": {
"lastModified": 1710870712,
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
"owner": "chessai",
"repo": "nix-std",
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"type": "github"
}
},
"nix-std_2": {
"locked": {
"lastModified": 1710870712,
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
"owner": "chessai",
"repo": "nix-std",
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"type": "github"
}
},
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
@ -530,11 +257,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1732521221,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"lastModified": 1726755586,
"narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e",
"type": "github"
},
"original": {
@ -559,6 +286,22 @@
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1719223410,
@ -590,11 +333,11 @@
"treefmt-nix": []
},
"locked": {
"lastModified": 1732726573,
"narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
"lastModified": 1726846628,
"narHash": "sha256-0CH44sEwiljiN2q7eIFCvabyUm1WeEiF8ofP/z5ca0Q=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "fc9178d124eba824f1862513314d351784e1a84c",
"rev": "3211ce356be612ae89a38c60799992bde8a47127",
"type": "github"
},
"original": {
@ -605,19 +348,18 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731936508,
"narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
"lastModified": 1726816132,
"narHash": "sha256-AbB0lgc0IbzLIxj1O3cosiMNAVQak4KJtvq9q8MjHhs=",
"owner": "NuschtOS",
"repo": "search",
"rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
"rev": "7733a39a1321057172d87e6251ded7cdeb67171e",
"type": "github"
},
"original": {
@ -667,57 +409,13 @@
"type": "github"
}
},
"purescript-overlay": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"elnafo-radio",
"dream2nix",
"nixpkgs"
],
"slimlock": "slimlock"
},
"locked": {
"lastModified": 1728546539,
"narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=",
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"type": "github"
}
},
"pyproject-nix": {
"flake": false,
"locked": {
"lastModified": 1702448246,
"narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=",
"owner": "davhau",
"repo": "pyproject.nix",
"rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb",
"type": "github"
},
"original": {
"owner": "davhau",
"ref": "dream2nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"ags": "ags",
"catppuccin": "catppuccin",
"crane": "crane",
"drift": "drift",
"elnafo-radio": "elnafo-radio",
"fenix": "fenix_2",
"fenix": "fenix",
"home-manager": "home-manager",
"nix-std": "nix-std_2",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs",
"nixvim": "nixvim",
@ -735,11 +433,11 @@
]
},
"locked": {
"lastModified": 1729477859,
"narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=",
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github"
},
"original": {
@ -748,65 +446,19 @@
"type": "github"
}
},
"slimlock": {
"inputs": {
"nixpkgs": [
"elnafo-radio",
"dream2nix",
"purescript-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688756706,
"narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=",
"owner": "thomashoneyman",
"repo": "slimlock",
"rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "slimlock",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"drift",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716675292,
"narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "5d6e9f235735393c28e1145bec919610b172a20f",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"ref": "v3.0.2",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1732575825,
"narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
"lastModified": 1726524647,
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github"
},
"original": {
@ -817,16 +469,16 @@
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"repo": "default-linux",
"type": "github"
}
},
@ -860,25 +512,9 @@
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
@ -890,11 +526,11 @@
},
"locked": {
"dir": "nix",
"lastModified": 1732036472,
"narHash": "sha256-8lv1bc7Lw5S7UFOduShwSHfBzB4Vl0ex22Cb+q/qLi0=",
"lastModified": 1726842683,
"narHash": "sha256-n0k/znwnDGF3CNB2GhX9NfGg02mhxOzRTMmWr2EUxFs=",
"owner": "wez",
"repo": "wezterm",
"rev": "4050072da21cc3106d0985281d75978c07e22abc",
"rev": "abfc0b4c3aa2d6f99c76b20c4d7bdb6d0603ac80",
"type": "github"
},
"original": {

View File

@ -65,21 +65,12 @@
url = "github:wez/wezterm?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
elnafo-radio = {
url = "git+https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-std.url = "github:chessai/nix-std";
drift = {
url = "github:snowfallorg/drift";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {self, ...} @ inputs: let
lib = inputs.nixpkgs.lib;
bonLib = import ./lib {inherit lib inputs;};
bonLib = import ./lib {inherit lib;};
bonModules = self.nixosModules;
# no bonPkgs, it must be defined by appropriate system + skip a possible infinite recursion
in {
@ -95,7 +86,8 @@
nixosConfigurations = import ./nixosConfigurations {inherit lib inputs bonModules bonLib self;};
hydraJobs = {
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value && !bonLib.isInsecure value && !bonLib.isUnfree value) self.packages;
# filter broken packages ?
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value) self.packages;
};
templates = {

View File

@ -1,8 +1,4 @@
{
lib,
inputs,
...
}: rec {
{lib, ...}: rec {
maintainers = import ./maintainers.nix;
nameFromPath = path:
@ -17,25 +13,9 @@
[
./preconfiguredModules/bonvim.nix
./preconfiguredModules/homeManager
./preconfiguredModules/nixos
#(import ./preconfiguredModules/bonvim.nix)
#(import ./preconfiguredModules/homeManager {inherit lib inputs;})
]);
injectArgs = moduleArgs: ({
config,
pkgs,
...
}: {
config = {
# extra arguments
_module.args = moduleArgs;
};
});
isBroken = derivation: derivation ? meta && derivation.meta ? broken && derivation.meta.broken;
isInsecure = derivation: derivation ? meta && derivation.meta ? insecure && derivation.meta.insecure;
isUnfree = derivation: derivation ? meta && derivation.meta ? unfree && derivation.meta.unfree;
functionType = lib.types.mkOptionType {
name = "function";
@ -115,7 +95,4 @@
packagesList;
in
lib.mapAttrs (name: value: lib.mergeAttrsList value) (lib.zipAttrs evaluatedPackages);
# external
inherit (inputs.nix-std.lib.serde) toTOML;
}

View File

@ -71,7 +71,7 @@
settings.system_clipboard.sync_with_ring = true;
};
plugins.web-devicons.enable = true;
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
diagnostics = {
underline = true;
@ -152,7 +152,6 @@
# UI
plugins.noice = {
enable = true;
settings = {
lsp.override = {
"cmp.entry.get_documentation" = true;
"vim.lsp.util.convert_input_to_markdown_lines" = true;
@ -162,7 +161,6 @@
long_message_to_split = true;
};
};
};
plugins.dressing = {
enable = true;
@ -366,24 +364,22 @@
];
};
cmake.enable = true;
nil_ls.enable = true;
pyright.enable = true;
ruff.enable = true;
nil-ls.enable = true;
# pylyzer.enable = true; # not working with virtual environments currently :(
#pylsp = {
# enable = true; # https://github.com/nix-community/nixvim/pull/1893
# settings.plugins = {
# pyflakes.enabled = true;
# black.enabled = true;
# };
#};
rust_analyzer = {
pylsp = {
enable = true; # https://github.com/nix-community/nixvim/pull/1893
settings.plugins = {
pyflakes.enabled = true;
black.enabled = true;
};
};
rust-analyzer = {
enable = true;
package = rust-analyzer;
cargoPackage = cargo;
rustcPackage = rustc;
installCargo = false;
installRustc = false;
installCargo = true;
installRustc = true;
settings = {
checkOnSave = true;
check.command = "clippy";

View File

@ -1,6 +1,3 @@
{
ags = import ./ags;
hyprland = import ./hyprland.nix;
hypridle = import ./hypridle.nix;
hyprlock = import ./hyprlock.nix;
}

View File

@ -1,24 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
}

View File

@ -1,245 +0,0 @@
{
pkgs,
lib,
hmConfig,
...
}: {
imports = [
./ags
./hypridle.nix
./hyprlock.nix
];
home.packages = with pkgs; [
networkmanagerapplet
blueman
wl-clipboard
cliphist
swww
hyprshot
wl-gammarelay-rs
playerctl
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
exec-once = [
"ags &"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
];
env = [
"XCURSOR_SIZE,14"
"HYPRCURSOR_SIZE,14"
"WLR_DRM_NO_ATOMIC,1"
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
"float,class:^(org.wezfurlong.wezterm)$"
"tile,class:^(org.wezfurlong.wezterm)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, X, exec, ags -t clock"
"SUPER, X, exec, ags -t control"
"SUPER, X, exec, ags -t systray"
"SUPER, X, exec, ags -t workspaces"
"SUPER, X, exec, ags -t window-title"
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot --freeze --mode region"
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
}

View File

@ -1,11 +0,0 @@
{
pkgs,
lib,
config,
hmConfig,
...
}: {
programs.hyprlock = {
enable = true;
};
}

View File

@ -1,237 +0,0 @@
{
lib,
config,
pkgs,
...
}: {
# Nix settings
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
# Boot and kernel options
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["tcp_bbr" "coretemp" "nct6775"];
kernelParams = ["threadirqs"];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 1;
"net.ipv4.conf.wlo1.accept_source_route" = 1;
"net.ipv6.conf.all.accept_source_route" = 1;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
# Security
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
polkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
};
# Hardware
hardware = {
enableRedistributableFirmware = true;
};
# Timezone and locale
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
# Base packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
btop
git
git-lfs
lazygit
nnn
fzf
ripgrep
fd
unzip
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
grc
gnupg
pass
bat
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
}

View File

@ -1,5 +0,0 @@
{
common = import ./common.nix;
hyprland = import ./hyprland.nix;
hyprland-greetd = import ./hyprland-greetd.nix;
}

View File

@ -1,33 +0,0 @@
{
pkgs,
lib,
config,
...
}:
lib.mkIf config.programs.hyprland.enable {
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
programs.regreet = {
enable = true;
settings = {
GTK = {
application_prefer_dark_theme = true;
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
}

View File

@ -1,6 +0,0 @@
{...}: {
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
}

View File

@ -1,20 +0,0 @@
{
inputs,
hmConfig,
username,
bonLib,
...
}: {
imports = [
../nixos/hyprland.nix
../nixos/hyprland-greetd.nix
];
home-manager.users.${username} = {...}: {
imports = [
(bonLib.injectArgs {inherit hmConfig;})
inputs.ags.homeManagerModules.default
../homeManager/hyprland.nix
];
};
}

View File

@ -2,21 +2,35 @@
pkgs,
lib,
config,
bonLib,
...
}: {
system.stateVersion = "23.11";
imports = [
bonLib.preconfiguredModules.nixos.common
./hardware.nix
./users.nix
];
imports = [./hardware.nix ./users.nix];
# Nix settings
nix.settings = {
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake"];
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Nix packages
@ -43,20 +57,53 @@
videoDrivers = ["nvidia"];
#displayManager.gdm = {
# enable = true;
# autoSuspend = false;
# wayland = true;
#};
#desktopManager.gnome.enable = true;
#windowManager.awesome.enable = true;
wacom.enable = true;
};
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm = {
services.greetd = let
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
'';
in {
enable = true;
wayland.enable = true;
settings = {
default_session = {
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
user = "greeter";
};
};
};
services.dbus = {
programs.regreet = {
enable = true;
packages = with pkgs; [networkmanager];
settings = {
GTK = {
application_prefer_dark_theme = true;
# TODO: provide gtk themes
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
# cursor_theme_name = "Papirus-Dark";
# font_name = "";
};
appearance = {
greeting_msg = "Hey, you. You're finally awake.";
};
};
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.dbus.enable = true;
services.printing = {
enable = true;
@ -85,15 +132,14 @@
};
services.udev = {
packages = with pkgs; [gnome.gnome-settings-daemon];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
services.cockpit.enable = true;
#services.blueman.enable = true;
services.blueman.enable = true;
services.btrfs.autoScrub = {
enable = true;
@ -101,6 +147,49 @@
fileSystems = ["/"];
};
# Packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
lm_sensors
git
git-lfs
ripgrep
fd
lazygit
unzip
gnumake
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
nnn
fzf
grc
gcc
cachix
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
programs.ssh.extraConfig = ''
Host astora
HostName 192.168.156.101
@ -113,6 +202,13 @@
User l-nafaryus
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerdfonts];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
@ -120,9 +216,6 @@
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd = {
enable = true;
qemu.vhostUserPackages = with pkgs; [virtiofsd];
};
libvirtd.enable = true;
};
}

View File

@ -1,19 +1,148 @@
{
config,
lib,
pkgs,
...
}: {
# Boot
boot = {
kernelModules = ["kvm-amd"];
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 5;
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
'';
kernelParams = ["threadirqs"];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
# Security
security = {
protectKernelImage = true;
acme.acceptTerms = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
{
domain = "*";
item = "nofile";
type = "-";
value = "524288";
}
{
domain = "*";
item = "memlock";
type = "-";
value = "524288";
}
];
polkit.enable = true;
};
users.users.root.initialPassword = "nixos";
# Filesystem
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/home" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/swap" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
"/media/steam-library" = {
device = "/dev/disk/by-label/siegward";
fsType = "btrfs";
@ -27,10 +156,16 @@
};
};
swapDevices = [
{device = "/swap/swapfile";}
];
services.fstrim.enable = true;
# Hardware etc
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.nvidiaSettings = true;
@ -46,10 +181,56 @@
};
networking = {
networkmanager = {
networkmanager.enable = true;
networkmanager.unmanaged = ["interface-name:ve-*"];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
firewall = {
enable = true;
enableStrongSwan = true;
plugins = with pkgs; [networkmanager-l2tp];
allowedTCPPorts = [80 443];
trustedInterfaces = ["ve-+"];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = ["ve-+"];
};
interfaces.wlo1.ipv4.addresses = [
{
address = "192.168.156.101";
prefixLength = 24;
}
];
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
};
# Common
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

View File

@ -6,9 +6,7 @@
bonLib,
inputs,
...
}: let
user = "l-nafaryus";
in {
}: {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
@ -18,32 +16,30 @@ in {
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
];
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.${user} = {pkgs, ...}: let
hmConfig = config.home-manager.users.${user};
home-manager.users.l-nafaryus = {pkgs, ...}: let
hmConfig = config.home-manager.users.l-nafaryus;
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
})
inputs.catppuccin.homeManagerModules.catppuccin
inputs.ags.homeManagerModules.default
#bonLib.preconfiguredModules.homeManager.hyprland
bonLib.preconfiguredModules.homeManager.ags
];
home.packages = with pkgs; [
#gnupg
git
#nnn
pass
taskwarrior3
#tmux
gparted
@ -97,43 +93,46 @@ in {
jdk
bonPkgs.ultimmc
liberation_ttf
steamtinkerlaunch
#dunst
#libnotify
discord
webcord
vesktop
tor
networkmanagerapplet
#rofi-wayland
kgx
dunst
libnotify
playerctl
wl-gammarelay-rs
# btop
lua
# bat
musikcube
swww
hyprshot
mangohud
gamescope
libstrangle
wl-clipboard
cliphist
tree
bonPkgs.bonvim
freenect
mpc-cli
kdePackages.kmail
kdePackages.kmail-account-wizard
flacon
picard
docker-compose
podman-compose
dive
lazydocker
ksshaskpass
# virtiofsd
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
#xdg-desktop-portal-wlr
xdg-desktop-portal-hyprland
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
@ -148,6 +147,22 @@ in {
accent = "green";
};
gtk = {
enable = true;
# TODO: fix catppuccin deprecation. Provide Paper icons to gtk and gnomeShell manually. (+ regreet)
catppuccin = {
enable = true;
accent = "green";
flavor = "macchiato";
gnomeShellTheme = true;
icon = {
enable = true;
accent = "green";
flavor = "macchiato";
};
};
};
programs = {
# General
fish = {
@ -229,9 +244,6 @@ in {
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
settings = {
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
};
# TODO: replace existing ssh key with gpg provided
};
@ -257,9 +269,12 @@ in {
ncmpcpp.enable = true;
# Graphical
hyprlock = {
enable = true;
};
wezterm = {
enable = false;
enable = true;
package = inputs.wezterm.packages.x86_64-linux.default;
extraConfig = ''
return {
@ -282,7 +297,7 @@ in {
};
rofi = {
enable = false;
enable = true;
package = pkgs.rofi-wayland;
terminal = "${lib.getExe hmConfig.programs.wezterm.package}";
cycle = true;
@ -327,7 +342,7 @@ in {
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-qt;
pinentryPackage = pkgs.pinentry-gtk2;
enableFishIntegration = true;
enableBashIntegration = true;
};
@ -340,8 +355,237 @@ in {
#mpdris2 = {
# enable = true;
#};
};
# Graphical
hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
};
listener = [
{
timeout = 300;
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
}
];
};
};
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Devices (use `hyprctl devices`)
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
"$keyboard" = "keychron-keychron-k3-pro";
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
# Main programs
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
monitor = [
"desc:$monitor2, 2560x1440@75, 0x0, auto"
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
"Unknown-1, disable"
];
exec-once = [
"ags &"
"nm-applet --indicator &"
"blueman-applet &"
"wl-gammarelay-rs run &"
"systemctl --user start hypridle"
"wl-paste --type text --watch cliphist store" #Stores only text data
"wl-paste --type image --watch cliphist store" #Stores only image data
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
];
env = [
"XCURSOR_SIZE,16"
"HYPRCURSOR_SIZE,16"
"WLR_DRM_NO_ATOMIC,1"
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
];
general = {
gaps_in = 2;
gaps_out = 2;
border_size = 2;
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = true;
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = true;
layout = "dwindle";
};
decoration = {
rounding = 5;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 0.95;
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = true;
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle = {
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true; # You probably want this
};
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master = {
new_status = "master";
};
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc = {
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
};
input = {
kb_layout = "us,ru";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures = {
workspace_swipe = false;
};
windowrulev2 = [
"suppressevent maximize, class:.*" # You'll probably like this.
"float, class:^(steam_app.*)$"
"immediate, class:^(steam_app.*)$"
"float, class:^(steam_proton.*)$"
"float,class:^(org.wezfurlong.wezterm)$"
"tile,class:^(org.wezfurlong.wezterm)$"
];
bind = [
"SUPER, Q, exec, $terminal"
"SUPER, N, exec, $fileManager"
"SUPER, R, exec, $menu"
"SUPER, X, exec, ags -t clock"
"SUPER, X, exec, ags -t control"
"SUPER, X, exec, ags -t systray"
"SUPER, X, exec, ags -t workspaces"
"SUPER, X, exec, ags -t window-title"
"SUPER, C, killactive,"
"SUPER, M, exit,"
"SUPER, V, togglefloating,"
"SUPER, F, fullscreen,"
"SUPER, J, togglesplit," # dwindle
# Move focus with mainMod + arrow keys
"SUPER, left, movefocus, l"
"SUPER, right, movefocus, r"
"SUPER, up, movefocus, u"
"SUPER, down, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"SUPER, 1, workspace, 1"
"SUPER, 2, workspace, 2"
"SUPER, 3, workspace, 3"
"SUPER, 4, workspace, 4"
"SUPER, 5, workspace, 5"
"SUPER, 6, workspace, 6"
"SUPER, 7, workspace, 7"
"SUPER, 8, workspace, 8"
"SUPER, 9, workspace, 9"
"SUPER, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"SUPER SHIFT, 1, movetoworkspace, 1"
"SUPER SHIFT, 2, movetoworkspace, 2"
"SUPER SHIFT, 3, movetoworkspace, 3"
"SUPER SHIFT, 4, movetoworkspace, 4"
"SUPER SHIFT, 5, movetoworkspace, 5"
"SUPER SHIFT, 6, movetoworkspace, 6"
"SUPER SHIFT, 7, movetoworkspace, 7"
"SUPER SHIFT, 8, movetoworkspace, 8"
"SUPER SHIFT, 9, movetoworkspace, 9"
"SUPER SHIFT, 0, movetoworkspace, 10"
# special workspace (scratchpad)
"SUPER, S, togglespecialworkspace, magic"
"SUPER SHIFT, S, movetoworkspace, special:magic"
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
", PRINT, exec, hyprshot --freeze --mode region"
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
];
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = [
"SUPER, mouse:272, movewindow"
"SUPER, mouse:273, resizewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioNext, exec, playerctl next"
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
];
};
};
# XDG
xdg = {
@ -381,7 +625,6 @@ in {
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
@ -394,28 +637,27 @@ in {
};
# Services
#services.spoofdpi.enable = true;
services.spoofdpi.enable = true;
#services.zapret = {
# enable = true;
# mode = "nfqws";
# firewallType = "iptables";
# disableIpv6 = true;
# settings = ''
# MODE_HTTP=1
# MODE_HTTP_KEEPALIVE=0
# MODE_HTTPS=1
# MODE_QUIC=1
# MODE_FILTER=ipset
# TPWS_OPT="--split-http-req=method --split-pos=1 --oob"
# NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=5"
# NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=5"
# NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=fake --dpi-desync-ttl=5"
# NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-ttl=5"
# INIT_APPLY_FW=1
# '';
# filterAddressesSource = "https://antifilter.network/download/ipsmart.lst";
#};
services.zapret = {
enable = true;
mode = "tpws";
firewallType = "iptables";
disableIpv6 = true;
settings = ''
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=0
MODE_FILTER=ipset
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
INIT_APPLY_FW=1
'';
filterAddresses = lib.readFile (pkgs.fetchurl {
url = "https://antifilter.network/download/ipsmart.lst";
hash = "sha256-zLq3rgci/rye1oQp2zbJelPaoN9+jqPebIbxfJ44Qlg=";
});
};
# TODO: remember who use gvfs
services.gvfs.enable = true;
@ -439,23 +681,4 @@ in {
# User-id must match above user. MPD will look inside this directory for the PipeWire socket.
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.l-nafaryus.uid}";
};
programs.kdeconnect = {
enable = true;
package = lib.mkForce pkgs.kdePackages.kdeconnect-kde;
};
programs.direnv.enable = true;
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
programs.ssh = {
enableAskPassword = true;
askPassword = "${lib.getExe' pkgs.ksshaskpass "ksshaskpass"}";
hostKeyAlgorithms = ["ssh-ed25519" "ssh-rsa"];
startAgent = true;
};
}

View File

@ -13,8 +13,6 @@
# ./services/papermc.nix # disabled
./services/gitea.nix
./services/radio.nix
./services/matrix.nix
./services/metrics.nix
];
# Nix settings
@ -283,6 +281,8 @@
fzf
grc
gcc
cachix
gnupg

View File

@ -150,12 +150,6 @@
defaultGateway = "192.168.156.1";
nameservers = ["192.168.156.1" "8.8.8.8"];
nat = {
enable = true;
externalInterface = "enp9s0";
internalInterfaces = ["ve-+"];
};
};
services.logind.lidSwitchExternalPower = "ignore";

View File

@ -55,10 +55,6 @@
indexer = {
REPO_INDEXER_ENABLED = true;
};
metrics = {
ENABLED = true;
};
};
mailerPasswordFile = config.sops.secrets."gitea/mail".path;

View File

@ -1,101 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
services.conduit = {
enable = true;
settings.global = {
allow_registration = true;
server_name = "elnafo.ru";
address = "127.0.0.1";
database_backend = "sqlite";
well_known.client = "https://matrix.elnafo.ru";
well_known.server = "matrix.elnafo.ru:443";
turn_uris = ["turn:elnafo.ru?transport=udp" "turn:elnafo.ru?transport=tcp"];
};
turn_secret_file = config.sops.secrets.turn-secret.path;
};
services.nginx = {
virtualHosts."matrix.elnafo.ru" = {
forceSSL = true;
http2 = true;
useACMEHost = "elnafo.ru";
locations."/" = {
proxyPass = "http://127.0.0.1:6167";
extraConfig = ''
proxy_http_version 1.0;
client_max_body_size 50M;
'';
};
};
virtualHosts."element.elnafo.ru" = {
forceSSL = true;
http2 = true;
useACMEHost = "elnafo.ru";
root = pkgs.element-web.override {
conf = {
default_theme = "dark";
default_server_name = "matrix.elnafo.ru";
brand = "Elnafo Matrix";
permalink_prefix = "https://element.elnafo.ru";
};
};
};
virtualHosts."matrix-federation" = {
serverName = "elnafo.ru";
forceSSL = true;
useACMEHost = "elnafo.ru";
listen = [
{
port = 8448;
addr = "0.0.0.0";
ssl = true;
}
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
];
locations."~ ^/(_matrix|.well_known)" = {
proxyPass = "http://127.0.0.1:6167";
extraConfig = ''
proxy_http_version 1.0;
client_max_body_size 50M;
'';
};
};
};
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret-file = config.sops.secrets.coturn-secret.path;
realm = "elnafo.ru";
cert = "${config.security.acme.certs."elnafo.ru".directory}/full.pem";
pkey = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
no-multicast-peers
'';
};
networking.firewall = {
allowedUDPPortRanges = lib.singleton {
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
};
allowedUDPPorts = [3478 5349];
allowedTCPPorts = [8448 3478 5349];
};
}

View File

@ -1,123 +0,0 @@
{
config,
pkgs,
...
}: {
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.elnafo.ru";
http_port = 2342;
http_addr = "127.0.0.1";
};
};
services.prometheus = {
enable = true;
port = 9090;
globalConfig.scrape_interval = "10s"; # "1m"
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 9092;
};
};
scrapeConfigs = [
{
job_name = "catarina";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
}
];
}
];
};
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
};
common = {
ring = {
instance_addr = "127.0.0.1";
kvstore = {
store = "inmemory";
};
};
replication_factor = 1;
path_prefix = "/tmp/loki";
};
schema_config = {
configs = [
{
from = "2020-05-15";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
filesystem = {
directory = "/tmp/loki/chunks";
};
};
};
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3101;
grpc_listen_port = 0;
};
clients = [
{
url = "http://127.0.0.1:3100/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "catarina";
};
};
relabel_configs = [
{
source_labels = [
"__journal__systemd_unit"
];
target_label = "unit";
}
];
}
];
};
};
services.nginx = {
virtualHosts."grafana.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
};
};
};
}

View File

@ -1,41 +1,19 @@
{config, ...}: {
containers = let
bindMounts = {
"/var/lib/music" = {
hostPath = "/media/storage/audio/library";
isReadOnly = true;
};
};
in {
radio-synthwave = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
inherit bindMounts;
config = {
config,
pkgs,
lib,
...
}: {
services.mpd = {
enable = true;
musicDirectory = "/var/lib/music";
musicDirectory = "/home/l-nafaryus/Music";
network.listenAddress = "any";
#network.startWhenNeeded = true;
user = "mpd";
network.port = 6600;
network.startWhenNeeded = true;
user = "l-nafaryus";
extraConfig = ''
audio_output {
type "httpd"
name "Radio"
port "6660"
port "6666"
bind_to_address "127.0.0.1"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/synthwave"
website "https://radio.elnafo.ru"
always_on "yes"
tags "yes"
bitrate "128"
@ -44,157 +22,11 @@
'';
};
system.stateVersion = "24.05";
networking.firewall = {
enable = true;
allowedTCPPorts = [6600 6660];
};
};
};
radio-non-stop-pop = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.3";
inherit bindMounts;
config = {
config,
pkgs,
lib,
...
}: {
services.mpd = {
enable = true;
musicDirectory = "/var/lib/music";
network.listenAddress = "any";
#network.startWhenNeeded = true;
user = "mpd";
network.port = 6601;
extraConfig = ''
audio_output {
type "httpd"
name "Radio"
port "6661"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/non-stop-pop"
always_on "yes"
tags "yes"
bitrate "128"
format "44100:16:1"
}
'';
};
system.stateVersion = "24.05";
networking.firewall = {
enable = true;
allowedTCPPorts = [6601 6661];
};
};
};
radio-hell-gates = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.4";
inherit bindMounts;
config = {
config,
pkgs,
lib,
...
}: {
services.mpd = {
enable = true;
musicDirectory = "/var/lib/music";
network.listenAddress = "any";
#network.startWhenNeeded = true;
user = "mpd";
network.port = 6602;
extraConfig = ''
audio_output {
type "httpd"
name "Radio"
port "6662"
encoder "lame"
max_clients "0"
website "https://radio.elnafo.ru/hell-gates"
always_on "yes"
tags "yes"
bitrate "128"
format "44100:16:1"
}
'';
};
system.stateVersion = "24.05";
networking.firewall = {
enable = true;
allowedTCPPorts = [6602 6662];
};
};
};
};
services.elnafo-radio = {
enable = true;
base = {
title = "// Elnafo Radio //";
meta = [
["author" "L-Nafaryus"]
["discord" "https://discord.gg/ZWUChw5wzm"]
["git" "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"]
["matrix" "https://matrix.to/#/#elnafo:elnafo.ru"]
];
};
stations = [
{
id = "synthwave";
name = "Synthwave";
host = config.containers.radio-synthwave.localAddress;
port = 6600;
url = "https://radio.elnafo.ru/synthwave";
status = "Receive";
genre = "synthwave, dark synthwave";
}
{
id = "non-stop-pop";
name = "Non-Stop-Pop";
host = config.containers.radio-non-stop-pop.localAddress;
port = 6601;
url = "https://radio.elnafo.ru/non-stop-pop";
status = "Online";
location = "Los Santos";
genre = "pop, r&b, dance music";
}
{
id = "hell-gates";
name = "Hell Gates";
host = config.containers.radio-hell-gates.localAddress;
port = 6602;
url = "https://radio.elnafo.ru/hell-gates";
status = "Receive";
genre = "melodic death metal, death metal, metalcore";
}
];
};
services.nginx.virtualHosts."radio.elnafo.ru" = {
forceSSL = true;
useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://${config.services.elnafo-radio.server.address}:${toString config.services.elnafo-radio.server.port}";
locations."/synthwave".proxyPass = "http://${config.containers.radio-synthwave.localAddress}:6660";
locations."/non-stop-pop".proxyPass = "http://${config.containers.radio-non-stop-pop.localAddress}:6661";
locations."/hell-gates".proxyPass = "http://${config.containers.radio-hell-gates.localAddress}:6662";
locations."/synthwave".proxyPass = "http://127.0.0.1:6666";
};
networking.firewall.allowedTCPPorts = [config.services.mpd.network.port];
}

View File

@ -22,7 +22,6 @@
catarina = lib.nixosSystem {
system = "x86_64-linux";
modules = with inputs; [
elnafo-radio.nixosModules.elnafo-radio
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
@ -31,18 +30,4 @@
];
specialArgs = {bonPkgs = self.packages.x86_64-linux;};
};
vinheim = lib.nixosSystem {
system = "x86_64-linux";
modules = with inputs; [
home-manager.nixosModules.home-manager
./vinheim
];
specialArgs = {
inherit inputs bonLib;
bonPkgs = self.packages.x86_64-linux;
};
};
}

View File

@ -1,135 +0,0 @@
{
pkgs,
lib,
config,
bonLib,
...
}: {
system.stateVersion = "23.11";
imports = [
./hardware.nix
./users.nix
];
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.elnafo.ru"
"https://bonfire.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
auto-optimise-store = true;
trusted-users = ["l-nafaryus"];
allowed-users = ["l-nafaryus"];
};
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 7d";
};
};
# Nix packages
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
config.cudaSupport = false;
};
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.dbus = {
enable = true;
packages = with pkgs; [networkmanager];
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
services.openssh = {
enable = true;
startWhenNeeded = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.extraConfig = ''
Host catarina
HostName 77.242.105.50
Port 22
User l-nafaryus
'';
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
libvirtd.enable = true;
};
# Base packages
environment.systemPackages = with pkgs; [
wget
parted
ntfs3g
sshfs
exfat
btrfs-progs
btrbk
lm_sensors
btop
git
git-lfs
lazygit
nnn
fzf
ripgrep
fd
unzip
fishPlugins.fzf-fish
fishPlugins.tide
fishPlugins.grc
fishPlugins.hydro
grc
gnupg
pass
bat
];
programs = {
fish.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
};
}

View File

@ -1,121 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
# Boot
boot = {
loader.grub = {
enable = true;
device = "/dev/nvme0n1";
useOSProber = true;
};
initrd = {
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
kernelParams = ["threadirqs"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets
"net.ipv4.conf.all.accept_source_route" = 1;
"net.ipv4.conf.wlo1.accept_source_route" = 1;
"net.ipv6.conf.all.accept_source_route" = 1;
# Don't send ICMP redirects
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [];
services.fstrim.enable = true;
security = {
protectKernelImage = true;
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
rtkit.enable = true;
polkit.enable = true;
};
# Hardware etc
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics.enable = true;
graphics.enable32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;
};
networking = {
networkmanager = {
enable = true;
enableStrongSwan = true;
packages = with pkgs; [
networkmanager-l2tp
];
};
hostName = "nixos";
extraHosts = ''192.168.130.211 gitlab'';
};
time.timeZone = "Asia/Yekaterinburg";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

View File

@ -1,270 +0,0 @@
{
config,
pkgs,
lib,
bonPkgs,
bonLib,
inputs,
...
}: let
user = "l-nafaryus";
in {
# Users
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark" "podman"];
group = "users";
uid = 1000;
initialPassword = "nixos";
shell = pkgs.fish;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hmbackup";
home-manager.users.${user} = {pkgs, ...}: let
hmConfig = config.home-manager.users.${user};
in {
home.stateVersion = "23.11";
home.username = "l-nafaryus";
home.homeDirectory = "/home/l-nafaryus";
imports = [
(bonLib.injectArgs {
inherit hmConfig;
})
inputs.catppuccin.homeManagerModules.catppuccin
inputs.ags.homeManagerModules.default
];
home.packages = with pkgs; [
taskwarrior3
gparted
firefox
thunderbird
qpwgraph
lutris
wine
winetricks
gamemode
inkscape
imagemagick
yt-dlp
ffmpeg
qbittorrent
telegram-desktop
onlyoffice-bin
# btop
lua
# bat
tree
bonPkgs.bonvim
kdePackages.kmail
kdePackages.kmail-account-wizard
lazydocker
docker-compose
podman-compose
dive
ksshaskpass
];
xdg.portal = {
enable = true;
configPackages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
# Theme
catppuccin = {
# global, for all enabled programs
enable = true;
flavor = "macchiato";
accent = "green";
};
programs = {
# General
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
plugins = with pkgs.fishPlugins;
map (p: {
name = p.pname;
src = p.src;
}) [
fzf-fish
tide
grc
hydro
];
functions = {
fish-theme-configure = ''
tide configure \
--auto \
--style=Lean \
--prompt_colors='True color' \
--show_time='12-hour format' \
--lean_prompt_height='Two lines' \
--prompt_connection=Disconnected \
--prompt_spacing=Compact \
--icons='Many icons' \
--transient=No
'';
};
};
git = {
enable = true;
lfs.enable = true;
userName = "L-Nafaryus";
userEmail = "l.nafaryus@gmail.com";
signing = {
key = "86F1EA98B48FFB19";
signByDefault = true;
};
extraConfig = {
# ignore trends
init.defaultBranch = "master";
core = {
quotePath = false;
commitGraph = true;
whitespace = "trailing-space";
};
receive.advertisePushOptions = true;
gc.writeCommitGraph = true;
diff.submodule = "log";
};
aliases = {
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
};
};
bat.enable = true;
btop = {
enable = true;
settings = {
cpu_bottom = true;
proc_tree = true;
};
};
fzf.enable = true;
lazygit.enable = true;
gpg = {
enable = true;
homedir = "${hmConfig.xdg.configHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
settings = {
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
};
# TODO: replace existing ssh key with gpg provided
};
nnn = {
enable = true;
package = pkgs.nnn.override {withNerdIcons = true;};
bookmarks = {
d = "~/Downloads";
p = "~/projects";
i = "~/Pictures";
m = "~/Music";
v = "~/Videos";
};
plugins = {
src = "${hmConfig.programs.nnn.finalPackage}/share/plugins";
mappings = {
# TODO: add used programs for previews with FIFO support
p = "preview-tui";
};
};
};
ncmpcpp.enable = true;
# Graphical
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
input-overlay
obs-pipewire-audio-capture
wlrobs
inputs.obs-image-reaction.packages.${pkgs.system}.default
];
};
mpv = {
enable = true;
};
};
services = {
# General
gpg-agent = {
enable = true;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-qt;
enableFishIntegration = true;
enableBashIntegration = true;
};
ssh-agent.enable = true;
};
# XDG
xdg = {
enable = true;
mime.enable = true;
userDirs.enable = true;
};
# dconf
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
};
environment.sessionVariables = {
# hint electron applications to use wayland
NIXOS_OZONE_WL = "1";
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
programs.virt-manager.enable = true;
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
};
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
}

View File

@ -10,9 +10,7 @@
./services/papermc.nix
./services/qbittorrent-nox.nix
./services/spoofdpi.nix
# ISSUE: collision with nixos module zapret
#./services/zapret.nix
./services/conduit.nix
./services/zapret.nix
];
configModule = {
@ -26,7 +24,6 @@
# extra arguments
_module.args = {
bonPkgs = self.packages.${pkgs.system};
bonLib = lib.mkDefault bonLib;
};
};
};
@ -47,7 +44,7 @@
...
}: {
# collect all modules
imports = moduleList ++ [configModule];
imports = importedModules;
};
in
lib.listToAttrs (

View File

@ -1,24 +1,22 @@
dns: ENC[AES256_GCM,data:x2oHP6nGHnPl5WblPHRcBDQCkhj8FZnr5r+cBdaHyrPKxI71ECYmno/ItV/0opj0eGYamQjrVJkuZBGcQlXMMn9Hp4ImjByaX/zqYrdIjSY2B24h8kvnblsXjF6SlA==,iv:QRbiqpCwQ41pfmn3wwNITWdoMI9FzxShsG+fR5lAbl4=,tag:Rknw+qwLZ8No806ek+2zmQ==,type:str]
dns: ENC[AES256_GCM,data:KIcegw69ZEVY1VnSktZMMjaRhCJVCHn7BCAKvfR/iXs5AseDLVC025WRAy92UuuVYPwBvdHgRQUg8I6lrfr7RTHJooANHUK8D79c2+sAI/KsUw2ENh1tVgdW2A4enQ==,iv:12yEf+u0Ky0vktAfpAuG28mRSKDLyWlWHJ+9EPYqI4w=,tag:9MKTsAUfvzEyEzTd6ba/Jg==,type:str]
users:
root: ENC[AES256_GCM,data:NIWAU+rCD7ShRU+ZMWw7D1XlNdhL9iwu6MP53edBFeCdSaiA91uS/n4MDgoQkao3sIE6zl5k/jht8GigZLSbjlj9iGhe3sTngg==,iv:hjimz2SsXf0nNgGhkDx97sg8iWBrne75KSbJLtJUf3k=,tag:4wfCpXew/OtTDZLIQk3cFA==,type:str]
l-nafaryus: ENC[AES256_GCM,data:xXRQH92Hi0qO31pxmlHNLG+fHJRsAFgEs1a1APwNsGRZEVV5UB+ijK1S8dThFN+gnlcLb/gLlypFiK8Vzd7/kCOMyaJYtXJChg==,iv:AgE2X3iUAA/U8YmPawcONvWcxgBDkRdVvye4dTSIBd4=,tag:kkwiaSymObztQTjcfno1DA==,type:str]
root: ENC[AES256_GCM,data:nZpmZM0Ws9mVujJhqPKfSJwIqit23pc2TlF6k4iGEzQvf2iROyWN/+b212d/LiAWOoVl3tRkt7EcOiLsLu51DJnQtCGOWGcF5w==,iv:hbNMqy+OxbHsh77zT6a2Yb1lUXwVRvRF1PhSO/15keE=,tag:oe/Y2fWKHNiRamuhY+3xYQ==,type:str]
l-nafaryus: ENC[AES256_GCM,data:RJXjIcSWrG00IqneQVBpvPayVZ/mFNZ16digWF/GaNNGYy+bDPYkglTiMdy5/xfah8BMrwmfID4PKyEBtMiIEx8VlV55N+hJyg==,iv:noFYBRrWMg7dxqAbVuT7uOCK4mQk4U29kiECJLb6QCQ=,tag:dZs6TC8kI9ioRYfhcceT+Q==,type:str]
database:
git: ENC[AES256_GCM,data:noMvwTPWZWb79JtoEh0FLuXotVAXTX51QLcRfmjwxVg=,iv:EMiKZvMNhxpe2gARJ7BUrJFVM3ap/gMhJaRnKEJ7lX8=,tag:y+TAUHijY0NCvlwdg1fS1w==,type:str]
git: ENC[AES256_GCM,data:g5Fnb9R/LnKrB6rDQ0ss0wu9SZu7433xfUIzJQKG3SA=,iv:MHEclxa1ldE51hNe0zHsVv5BPdN5RELlkHgZGXxSdTo=,tag:zzKNB0/RehFPrhFQMi/g9w==,type:str]
mail:
l-nafaryus: ENC[AES256_GCM,data:0PKuC3fI8gGOg99DtyF84neRRnr1P7cqKti8XSjHUurb4CyLG01+aCzABBJzcAs05oQMjiLbAj0prj6Q,iv:m4PzJ5hJqyyLmNss8/CckrBhDe3HC3HVTCbCvhZf93Y=,tag:uKiZLlmQzuO7mcGhQb3/og==,type:str]
git: ENC[AES256_GCM,data:YxU4Ws+yHgv5RsluX6BhpEnGBiDWZmIx+D8uD7oZr+v18tCSX27mI+T0t4IycPli4SLHUQR4PjGmnJao,iv:yHPkp1QmRWj4Nj4isIYtpe0ROSVLK9biBWJb81P5aew=,tag:+FJ6l4P7onUhKejYVq25Hg==,type:str]
kirill: ENC[AES256_GCM,data:erI0exQOi8JccOQVkWIt8zwvrm45Yrt1MNccBYO2oE5eEuXmeDU7uL92U4h+rDH+NojYpVjl1IaRAyU5,iv:kRvqVs70OzXLOBpZ/bfN0TQMdhqV6RAzQiszPQ4ZIwM=,tag:1whNxpchBdzOiVxCwYAzFA==,type:str]
l-nafaryus: ENC[AES256_GCM,data:8JGjpQxcytZhfYT2JFUspufCnwCISbzBbaY2gN8WpSrlSlhIxVBkcdFnuGl3EJ6kABFX3lEGZomVNtay,iv:9l/x5xiDvkJ8QeqK7LTtQ/nxTckMGTkgujSDLtfWMZM=,tag:6qVUxjgs6QB+MQwog1fksw==,type:str]
git: ENC[AES256_GCM,data:w6odytyieDSJCRdf6og7rX1274Xtd3Mn+Eg5tPFjQv3pN/OVJ1fRk7nGFmHlKqR2VEtUVFHyZHKW4J7+,iv:Lo9yyCNvBxUOlxhLo4PFfT7eZrwZ3d6Yue2U8MBlTfM=,tag:T41aErdaYDI6ns20EBOwyw==,type:str]
kirill: ENC[AES256_GCM,data:ZBFfZufBdRRaeXUWiISVPxGvou78kNn+U1nYSBJ7OR6IqyvZMec+/s3+dDiwySOJ58EYCCqUZ7pq05U0,iv:r+mHKvxfI32Y/AHVN0AQqj3OqkxECuU6LIFNzmGvZ5s=,tag:gJsG2pa2k4gBTD294DuNWg==,type:str]
gitea:
mail: ENC[AES256_GCM,data:RwQY3sOfcZMTWbvK5NWOprTSKTY5Fn/cECCh1MRC,iv:KjiYDiqmMO8u3m2VArdAva937cqfqNHKKMUkvnpDtkU=,tag:OpkSgrs8Rrz+XG5Q3tw+QQ==,type:str]
mail: ENC[AES256_GCM,data:LFYWpjHPcu6CQgcUEVcFA0ewZRjzA36wsoATnVGj,iv:Jqn1+6xa+wdkmdG2z9b8jf4DzCqF0I0YSctbiMN2tKw=,tag:aQQJG9STQmnAu+Dp9lj6cg==,type:str]
gitea-runner:
master-token: ENC[AES256_GCM,data:VbOnxgDr8Ni0NTdJvnwnppY3Q+/bev7IoVhxTpjGAphxh0tieCPfbnBJweav+l8dtQ==,iv:FzB5h/O0GSeBv1ZzE/zojWR2C6RR90NsxYddreVSmU0=,tag:c1WDgG9BlzvXaf+afzZW5g==,type:str]
master-token: ENC[AES256_GCM,data:hZc+sti6I1j3EQQc/wRb5exg0yO6+wq0NCdUJ6FN/wpwyhfWPdEJ5eWw+3bAsEpxdQ==,iv:uJXhf5DZtk1LROyfw8bn5ZjN329LbZyTlaSPMvzeNXs=,tag:IeGUODEvfELc2YS+TUP7/g==,type:str]
papermc:
rcon: ENC[AES256_GCM,data:h9DqMN3MAS2X,iv:M72Ku0n1BTaj9TuHmpj+xBcE/6nJvHWKB87HZ3pUKyE=,tag:QRN8e/SXKv0VGyOf9Fq49Q==,type:str]
discordToken: ENC[AES256_GCM,data:dII/1MKdUt/gjl6j+0mIyy0e03BmRwFPBle4fCx5ZYFjQ6zy9ByjFwVYKS8LlXTaPZQGknTBg0QHypRjE3XFW5uzvfp0OfTYm0o=,iv:bSkp6dKYeOuei9OkshO89ihfGMpRXE+8vb0iXEEkv0I=,tag:ICCUF/l8vJfzb/hgF9AYsg==,type:str]
rcon: ENC[AES256_GCM,data:t6EjQmR+7l9x,iv:Vg3Ht/FNDUSkpRcP4c3hR/GzXMFMH/uD1wkPGn/OyKQ=,tag:++OEAYFK2qE4gM/XMSGH+g==,type:str]
discordToken: ENC[AES256_GCM,data:oRNbi3uDJClyRJgKycvJAt+2ZPT3hU9AVGmB1XMGqObz6O0DpdBlsmSCbwXwhvD2U0cMLUx7fdehdDUXTnk5qLR/eBSwD/k0+0U=,iv:WXRo7iSRn+/4oeHuuEhQsDNrxw1pWt21GDLeinVOmV0=,tag:IHWpKGlkmHwDI7j9MHTbtg==,type:str]
nix-store:
cache-key: ENC[AES256_GCM,data:wEp8XH18N5P+h8EMognt93/VwXVF5/sxvEOrGzba/iK1W4nVZM8pStGAP0wI593MEB7Vobw+slWj4I3wwRJjOpDsK4EsgROUBein84Gn9uqk/liCEqjSAqZkktv4yX5p3dETZw+Ojak=,iv:oVKBfzJP8il3N6lH4JmaPaHSaqkUfmsM6cr+xumjAdE=,tag:+Gj9CzpoQknT+i6xAPZ7dg==,type:str]
matrix:
coturn-secret: ENC[AES256_GCM,data:BWYo08cS4oAYk7aK5yKT7xWkcxhOhxi3mZzl//xB/IqJ70x4ggGoiVudTxE=,iv:4YYWyxnwR1KcpjTNwvzrGWWVobr3LM6H6l/1/fbBQE4=,tag:qmXc+tzYKJR6hErgurx97Q==,type:str]
cache-key: ENC[AES256_GCM,data:SH0lBYa6ELoraxKmWo+hb3+rFRjFbVm1mj0YiVKUua5pVnC8Weihk4haTJZ1zShc3ADuinyHD/Ns+576bajWoE5jSGHXlgWQ8P+5fMZ0BkmZEuP5kooWRBk5t1aZilM3LJavwsYiE6E=,iv:KpwDXIXtaiNgVgcUQJJOnA+YLXVhJwILeq2dX1XkXgo=,tag:4kTemsodW0bhW9joQAPzhA==,type:str]
sops:
kms: []
gcp_kms: []
@ -28,23 +26,23 @@ sops:
- recipient: age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVmZiM3RqVkphSm5aV0E5
ZW56NjEvdEFyQmI1NlEwaHNYOWN4aEp0bDN3CmcyTDY3QzJLSk5MSXZ4T0xONG5D
NXRQejQrSlRWSHBQbnhVVVY5SGdmQzAKLS0tIGJWRWlPbVVicWhXcm1wMnBjbGpB
aXFvYzkvUDV6RTZTdzViZkVmeHY1MUkKoxyI003op6VxqTNFApFoAzIA1KwvKD51
hjBPkP9e1B3fRWZXysva51G/Y2zc6ylv17qPE5TjaVw9OS2WqTQNWA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvajllWmw2U2U3eDFvY0Uw
S09kTGV1RDZVTU42QmlOZXcwWFl2RWNQeldRCklsSERCUUJKS1BNbkt4MWtoWFl3
ZG9BVUFoQ1h5ZGlFelNzMEtIQmliTjgKLS0tIHZCWFBHUEw2TE9Yc0tZemtkUkNN
eXgrOTk1S0tDWWpHUkIveWZZdlYvMTQKyZMAYr6n5figUX2YUAAA37nxA5r1tyXh
F7/l2T4R+cXq3Oywf5EtezOMdl9Xprk0ZoubzT55p0TPtYwCNk6Chg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wyz7cfldqe9hh8qyw2qm42hkq9s7qdwqnrnv0u3s6vstv9649v0sh0z4em
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eGVWZnVUMUdyNys4cUFv
czl4THRPOFN6RXl1d3hoUlMzVittUmtjMGl3CnlCOElNVitLdXJQbmMxNTROdHRz
MFl6NmxHWEY3anFsUkxpWGZHZ21iZ2sKLS0tIG1UT0VpaDBRNUpSY2lDcTRJMHpT
ZnlzMlFUcEx5bHltdlg5ODVMVFNHNW8K7x38gdL5sbNLqTXdCxIHuX+yIy+XX8Vi
x90Ltb5GOAMkd6qzgup3bWuQazpZ/Gj25f6ql7L2Oenlw8/8S9vbeQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSkt5NG4wdGVwMDlpMFhv
Vm56L1owRXJ2RTBhUVZ2aXpVVUVrZDV6M0FNCmYxTlNrQko0SmorWUV3VnRkOENK
RDJzQkk0dVA0UVdDWEtxRDJEZFpSWVUKLS0tIGc1NFUzb1dhWUZlQWdpNFA4ZC9J
cFBmaUV4SWx3K21UUDA2YlBVY1NCazgK080jE+EELtQf8PmlaZs4RR+gjJEeEiTn
wwZXV8ufOGtLLwFtYlm8pdMXDtVrBywcRdzSo6/e73Y+GFxulTIFCQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-09T07:20:47Z"
mac: ENC[AES256_GCM,data:fJ86HMwKQmbSTsAWAKC1cGxDqwkddTGHfFjQMa74RVxNh+yFlD+gEHFV2GKTRVji8kEUlp4qXqwtKnJ9Fx5zw0P1LHuCE9Q4j1Cxgs/j7XFTNMTvpt/8sVR1YC77Qp9LDwDxdDQK0GV4Z3BzoqjM20BHRbTWtCSyoNRmBP6Wcg8=,iv:BptqL9qXcyc5SaGvPMfUWDd0b22Viy5LJElbNGhpDYQ=,tag:jHMETvWq9IOCk+z63Dntpg==,type:str]
lastmodified: "2024-08-05T17:43:22Z"
mac: ENC[AES256_GCM,data:OMwzBcK+KEaxZNTxCnlhDmm9efUkOtMk7vZUfxV9bCny80CdQhp9dD9a9bRPwn+lzgTj3CZLhLAubB3Eh01dqrbZ3DQt/p6xFQ54kCX0a18AHVSIrDcYQNez0MLcOI56RvJDofsO5Dh3i2sFXZ/gaxEjPBQPxlbH1KOrjCm480w=,iv:70i/TOlDF8Vru5FBu0fVb9IkG+Fg83zqcrcuyiHEHBc=,tag:A5qPz8KQl33Z5uHzMlTA0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

View File

@ -42,18 +42,6 @@
group = "nix-serve";
mode = "0600";
};
coturn-secret = lib.mkIf config.services.coturn.enable {
owner = "turnserver";
group = "turnserver";
key = "matrix/coturn-secret";
};
turn-secret = lib.mkIf config.services.conduit.enable {
owner = "conduit";
group = "conduit";
key = "matrix/coturn-secret";
};
};
};

View File

@ -1,223 +0,0 @@
{
config,
lib,
pkgs,
bonLib,
...
}:
with lib; let
cfg = config.services.conduit;
format = pkgs.formats.toml {};
configFile = pkgs.writeText "config.toml" ''
${bonLib.toTOML {global = cfg.settings.global // lib.optionals (cfg.turn_secret_file != null) {turn_secret = "#turn_secret#";};}}
'';
in {
options.services.conduit = {
enable = mkEnableOption "conduit";
extraEnvironment = mkOption {
type = types.attrsOf types.str;
description = "Extra Environment variables to pass to the conduit server.";
default = {};
example = {RUST_BACKTRACE = "yes";};
};
package = mkOption {
type = types.package;
default = pkgs.matrix-conduit;
defaultText = literalExpression "pkgs.matrix-conduit";
description = "The package to use.";
};
turn_secret_file = mkOption {
type = types.nullOr types.path;
default = null;
description = "The path to the file with TURN secret.";
};
settings = mkOption {
type = types.submodule {
#freeformType = format.type;
options = {
global.server_name = mkOption {
type = types.str;
example = "example.com";
description = "The server_name is the name of this server. It is used as a suffix for user # and room ids.";
};
global.port = mkOption {
type = types.port;
default = 6167;
description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port";
};
global.max_request_size = mkOption {
type = types.ints.positive;
default = 20000000;
description = "Max request size in bytes. Don't forget to also change it in the proxy.";
};
global.allow_registration = mkOption {
type = types.bool;
default = false;
description = "Whether new users can register on this server.";
};
global.allow_encryption = mkOption {
type = types.bool;
default = true;
description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.";
};
global.allow_federation = mkOption {
type = types.bool;
default = true;
description = ''
Whether this server federates with other servers.
'';
};
global.trusted_servers = mkOption {
type = types.listOf types.str;
default = ["matrix.org"];
description = "Servers trusted with signing server keys.";
};
global.address = mkOption {
type = types.str;
default = "::1";
description = "Address to listen on for connections by the reverse proxy/tls terminator.";
};
global.database_path = mkOption {
type = types.str;
default = "/var/lib/conduit/";
readOnly = true;
description = ''
Path to the conduit database, the directory where conduit will save its data.
Note that due to using the DynamicUser feature of systemd, this value should not be changed
and is set to be read only.
'';
};
global.database_backend = mkOption {
type = types.enum ["sqlite" "rocksdb"];
default = "sqlite";
example = "rocksdb";
description = ''
The database backend for the service. Switching it on an existing
instance will require manual migration of data.
'';
};
global.allow_check_for_updates = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow Conduit to automatically contact
<https://conduit.rs> hourly to check for important Conduit news.
Disabled by default because nixpkgs handles updates.
'';
};
global.well_known.client = mkOption {
type = types.nullOr types.str;
default = null;
description = "The URL that clients should use to connect to Conduit.";
};
global.well_known.server = mkOption {
type = types.nullOr types.str;
default = null;
description = "The hostname and port servers should use to connect to Conduit.";
};
global.turn_uris = mkOption {
type = types.listOf types.str;
default = [];
description = "The TURN URIs.";
};
global.turn_secret = mkOption {
type = types.nullOr types.str;
default = null;
description = "The TURN secret.";
};
global.turn_ttl = mkOption {
type = types.int;
default = 86400;
description = "The TURN TTL in seconds.";
};
};
};
default = {};
description = ''
Generates the conduit.toml configuration file. Refer to
<https://docs.conduit.rs/configuration.html>
for details on supported values.
Note that database_path can not be edited because the service's reliance on systemd StateDir.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.settings.global.turn_secret != null -> cfg.turn_secret_file == null;
message = "settings.global.turn_secret and turn_secret_file cannot be set at the same time";
}
];
users.users.conduit = {
description = "Conduit service user.";
isSystemUser = true;
group = "conduit";
};
users.groups.conduit = {};
systemd.services.conduit = let
runConfig = "/run/conduit/config.toml";
in {
description = "Conduit Matrix Server";
documentation = ["https://gitlab.com/famedly/conduit/"];
after = ["network-online.target"];
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
environment = mkMerge [
{CONDUIT_CONFIG = runConfig;}
cfg.extraEnvironment
];
preStart = ''
cat ${configFile} > ${runConfig}
${lib.optionalString (cfg.turn_secret_file != null) ''
${pkgs.replace-secret}/bin/replace-secret \
"#turn_secret#" \
${cfg.turn_secret_file} \
${runConfig}
''}
chmod 640 ${runConfig}
'';
serviceConfig = {
User = "conduit";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
StateDirectory = "conduit";
StateDirectoryMode = "0700";
RuntimeDirectory = "conduit";
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
UMask = "077";
};
};
systemd.tmpfiles.rules = [
"d /run/conduit 0700 conduit conduit - -"
];
};
}

View File

@ -101,30 +101,14 @@ in {
description = "List of addresses to ignore";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/zapret";
description = ''
Directory to store zapret files and antifilter lists.
'';
};
filterAddressesSource = mkOption {
type = types.nullOr types.str;
default = null;
example = ''https://antifilter.network/download/ipsmart.lst'';
description = "Link to external list of addresses to download and use.";
};
# TODO: ipset hashsize and maxelem
# TODO: add filter and anti filter options with optional file paths
# TODO ipset hashsize and maxelem
};
config = mkIf cfg.enable {
users.users.tpws = {
isSystemUser = true;
group = "tpws";
home = cfg.dataDir;
createHome = true;
};
users.groups.tpws = {};
@ -142,8 +126,6 @@ in {
)
gawk
ipset
wget
curl
];
serviceConfig = {
@ -151,11 +133,10 @@ in {
Restart = "no";
TimeoutSec = "30sec";
IgnoreSIGPIPE = "no";
#KillMode = "none";
KillMode = "none";
GuessMainPID = "no";
RemainAfterExit = "no";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/zapret start";
ExecStop = let
stop_script = pkgs.writeShellScriptBin "zapret-stop" ''
@ -176,25 +157,37 @@ in {
DISABLE_IPV6=${toString cfg.disableIPV6}
''
]);
# hardening
DevicePolicy = "closed";
KeyringMode = "private";
PrivateTmp = true;
PrivateMounts = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ProtectProc = "invisible";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
preStart = let
zapretListFile = src: pkgs.writeText "zapretList" (createFilterList "zapret" src);
nozapretListFile = src: pkgs.writeText "nozapretList" (createFilterList "nozapret" src);
# zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" (lib.readFile cfg.package.passthru.antifilter.ipsmart));
zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" cfg.filterAddresses);
nozapretListFile = pkgs.writeText "nozapretList" (createFilterList "nozapret" cfg.ignoreAddresses);
in ''
${lib.optionalString (cfg.filterAddressesSource != null) "curl -L '${cfg.filterAddressesSource}' -o ${cfg.dataDir}/zapretList && sed -i -e 's/^/add zapret /' '${cfg.dataDir}/zapretList'"}
ipset create zapret hash:net family inet hashsize 262144 maxelem 522288 -!
ipset flush zapret
ipset restore -! < ${
if (cfg.filterAddressesSource != null)
then "${cfg.dataDir}/zapretList"
else (zapretListFile cfg.filterAddresses)
}
ipset restore -! < ${zapretListFile}
ipset create nozapret hash:net family inet hashsize 262144 maxelem 522288 -!
ipset flush nozapret
ipset restore -! < ${nozapretListFile cfg.ignoreAddresses}
ipset restore -! < ${nozapretListFile}
'';
};
};

View File

@ -0,0 +1,13 @@
{
bonLib,
lib,
pkgs,
...
}:
(pkgs.blender.override {cudaSupport = true;}).overrideAttrs (old: {
meta =
old.meta
// {
description = old.meta.description + " (CUDA enabled)";
};
})

View File

@ -30,16 +30,6 @@
zlib
];
passthru = {
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/shuttle-hq/shuttle/tags?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].name" | ${pkgs.gnused}/bin/sed 's/^v//')"
drift rewrite --auto-hash --new-version "$latest"
'';
};
meta = with lib; {
description = "A cargo command for the shuttle platform";
license = licenses.asl20;

View File

@ -83,12 +83,17 @@ in
# Pass for cache
# ISSUE: attribute 'targetPlatforms' missing
#wezterm = {
# source = ./wezterm;
# platforms = ["x86_64-linux"];
# builder = {...}: import;
#};
blender = {
source = ./blender;
platforms = ["x86_64-linux"];
builder = {...}: import;
};
wezterm = {
source = ./wezterm;
platforms = ["x86_64-linux"];
builder = {...}: import;
};
# Container images

View File

@ -2,9 +2,8 @@
bonLib,
stdenv,
pkgs,
version ? "6.2.2405",
version ? "6.2.2404",
sha256 ? "sha256-SZPZT49BqUzssPcOo/5yAkjqAHDErC86xCUFL88Iew4=",
lib,
...
}:
stdenv.mkDerivation {
@ -62,26 +61,6 @@ stdenv.mkDerivation {
export PYTHONPATH="${python3}/${python3.sitePackages}"
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
'';
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
new_version=$(${lib.getExe pkgs.curl} -s "https://api.github.com/repos/NGSolve/netgen/tags?per_page=1" | ${lib.getExe pkgs.jq} -r ".[0].name")
new_hash=$(nix flake prefetch --json https://github.com/NGSolve/netgen/archive/refs/tags/$new_version.tar.gz | ${lib.getExe pkgs.jq} -r ".hash")
old_version=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.version")
old_hash=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.outputHash")
nixpath=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.meta.position")
relpath=$(echo $nixpath | ${lib.getExe pkgs.ripgrep} "\/nix\/store\/[\w\d]{32}-[^\/]+/" -r "" | ${lib.getExe pkgs.ripgrep} "[:\d]" -r "")
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_version/$new_version/g"
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_hash/$new_hash/g"
content=$(${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
content=$(echo $content | ${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
echo $content > $relpath
# TODO: убрать все кавычки
'';
};
meta = with pkgs.lib; {

View File

@ -4,6 +4,7 @@
pkgs,
version ? "v0.10.0",
hash ? "sha256-e6TPklWp5rvNypnI0VHqOjzZhkYsZcp+jkXUlYxMBlU=",
vendorHash ? "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=",
...
}:
pkgs.buildGoModule {
@ -17,20 +18,12 @@ pkgs.buildGoModule {
hash = hash;
};
vendorHash = "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=";
inherit vendorHash;
doCheck = false;
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
passthru.update = pkgs.writeShellScriptBin "update-spoofdpi" ''
set -euo pipefail
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/xvzc/SpoofDPI/releases?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].tag_name" | ${pkgs.gnused}/bin/sed 's/^v//')"
drift rewrite --auto-hash --new-version "$latest"
'';
meta = with lib; {
homepage = "https://github.com/xvzc/SpoofDPI";
description = "A simple and fast anti-censorship tool written in Go";

View File

@ -1,16 +1,108 @@
{
bonLib,
craneLib,
lib,
weztermPkgs,
pkgs,
version ? "2d0c5cddc91a9c59aef9a7667d90924e7cedd0ac",
hash ? "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=",
...
}:
weztermPkgs.default.overrideAttrs (old: {
}: let
src = pkgs.fetchFromGitHub {
owner = "wez";
repo = "wezterm";
rev = version;
hash = hash;
fetchSubmodules = true;
};
terminfo =
pkgs.runCommand "wezterm-terminfo"
{
nativeBuildInputs = [pkgs.ncurses];
} ''
mkdir -p $out/share/terminfo $out/nix-support
tic -x -o $out/share/terminfo ${src}/termwiz/data/wezterm.terminfo
'';
pkg = {
pname = "wezterm";
inherit version;
meta =
old.meta
// {
inherit src;
strictDeps = true;
doCheck = false;
nativeBuildInputs = with pkgs; [
installShellFiles
ncurses # tic for terminfo
pkg-config
python3
];
buildInputs = with pkgs; [
fontconfig
pkgs.zlib
libxkbcommon
openssl
wayland
cairo
xorg.libX11
xorg.libxcb
xorg.xcbutil
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilwm # contains xcb-ewmh among others
];
libPath = lib.makeLibraryPath (with pkgs; [
xorg.xcbutilimage
libGL
vulkan-loader
]);
postPatch = ''
echo ${version} > .tag
# tests are failing with: Unable to exchange encryption keys
# rm -r wezterm-ssh/tests
'';
preFixup = lib.optionalString pkgs.stdenv.isLinux ''
patchelf \
--add-needed "${pkgs.libGL}/lib/libEGL.so.1" \
--add-needed "${pkgs.vulkan-loader}/lib/libvulkan.so.1" \
$out/bin/wezterm-gui
'';
postInstall = ''
mkdir -p $out/nix-support
echo "${terminfo}" >> $out/nix-support/propagated-user-env-packages
install -Dm644 assets/icon/terminal.png $out/share/icons/hicolor/128x128/apps/org.wezfurlong.wezterm.png
install -Dm644 assets/wezterm.desktop $out/share/applications/org.wezfurlong.wezterm.desktop
install -Dm644 assets/wezterm.appdata.xml $out/share/metainfo/org.wezfurlong.wezterm.appdata.xml
install -Dm644 assets/shell-integration/wezterm.sh -t $out/etc/profile.d
installShellCompletion --cmd wezterm \
--bash assets/shell-completion/bash \
--fish assets/shell-completion/fish \
--zsh assets/shell-completion/zsh
install -Dm644 assets/wezterm-nautilus.py -t $out/share/nautilus-python/extensions
'';
meta = with lib; {
homepage = "https://github.com/wez/wezterm";
description = "A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust";
license = lib.licenses.mit;
maintainers = with bonLib.maintainers; [L-Nafaryus];
platforms = platforms.x86_64;
mainProgram = "wezterm";
};
})
};
in let
cargoArtifacts = craneLib.buildDepsOnly pkg;
in
craneLib.buildPackage (
pkg // {inherit cargoArtifacts;}
)