Compare commits
No commits in common. "master" and "packages-wezterm" have entirely different histories.
master
...
packages-w
@ -1,14 +1,9 @@
|
||||
{
|
||||
pkgs,
|
||||
drift,
|
||||
...
|
||||
}:
|
||||
{pkgs, ...}:
|
||||
pkgs.mkShellNoCC {
|
||||
packages = with pkgs; [
|
||||
sops
|
||||
mkpasswd
|
||||
jq
|
||||
cachix
|
||||
drift
|
||||
];
|
||||
}
|
||||
|
@ -18,8 +18,6 @@ in
|
||||
|
||||
crane = self.inputs.crane;
|
||||
crane-lib = self.inputs.crane.mkLib pkgs;
|
||||
|
||||
drift = self.inputs.drift.packages.${system}.drift;
|
||||
};
|
||||
in {
|
||||
default = import ./bonfire.nix environment;
|
||||
@ -32,6 +30,4 @@ in
|
||||
rust-x11 = import ./rust-x11.nix environment;
|
||||
|
||||
go = import ./go.nix environment;
|
||||
|
||||
python-uv = import ./python-uv.nix environment;
|
||||
})
|
||||
|
@ -1,8 +0,0 @@
|
||||
{pkgs, ...}:
|
||||
pkgs.mkShellNoCC {
|
||||
packages = with pkgs; [
|
||||
uv
|
||||
curl
|
||||
jq
|
||||
];
|
||||
}
|
508
flake.lock
generated
508
flake.lock
generated
@ -1,34 +1,18 @@
|
||||
{
|
||||
"nodes": {
|
||||
"advisory-db": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1732530460,
|
||||
"narHash": "sha256-1SceEHyFdHnoWE/AnoDZRu/9+Ift3Oc1+iQzmbP7OBU=",
|
||||
"owner": "rustsec",
|
||||
"repo": "advisory-db",
|
||||
"rev": "4676c5529dd5319b9962e42bf984797f0dd57f5b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rustsec",
|
||||
"repo": "advisory-db",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ags": {
|
||||
"inputs": {
|
||||
"astal": "astal",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732307740,
|
||||
"narHash": "sha256-ZDsYdZOtg5qkK/wfLLB83B3SI+fE32S+/6Ey0ggHODM=",
|
||||
"lastModified": 1725841979,
|
||||
"narHash": "sha256-SXYqzpHPuXFR6w/cUKo3VN8XRn6XA2mGbdRXs9oLk6k=",
|
||||
"owner": "Aylur",
|
||||
"repo": "ags",
|
||||
"rev": "81159966eb8b39b66c3efc133982fd76920c9605",
|
||||
"rev": "aaef50bb2c80ef4b4a359329d72669a95e7c4796",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -37,27 +21,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"astal": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"ags",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731952585,
|
||||
"narHash": "sha256-Sh1E7sJd8JJM3PCU1ZOei/QWz97OLCENIi2rTRoaniw=",
|
||||
"owner": "aylur",
|
||||
"repo": "astal",
|
||||
"rev": "664c7a4ddfcf48c6e8accd3c33bb94424b0e8609",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "aylur",
|
||||
"repo": "astal",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@ -76,11 +39,11 @@
|
||||
},
|
||||
"catppuccin": {
|
||||
"locked": {
|
||||
"lastModified": 1732703064,
|
||||
"narHash": "sha256-n8XOmn0WGtQhAMJKTnhL/3ttV2ZahPRf6gtlqZ6R4QE=",
|
||||
"lastModified": 1725509983,
|
||||
"narHash": "sha256-NHCgHVqumPraFJnLrkanoLDuhOoUHUvRhvp/RIHJR+A=",
|
||||
"owner": "catppuccin",
|
||||
"repo": "nix",
|
||||
"rev": "2e2bdecf0bae287d74947cd5cf967c5c499c23c1",
|
||||
"rev": "45745fe5960acaefef2b60f3455bcac6a0ca6bc9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -91,11 +54,11 @@
|
||||
},
|
||||
"crane": {
|
||||
"locked": {
|
||||
"lastModified": 1732407143,
|
||||
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
|
||||
"lastModified": 1725409566,
|
||||
"narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
|
||||
"rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -104,116 +67,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane_2": {
|
||||
"locked": {
|
||||
"lastModified": 1732407143,
|
||||
"narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "f2b4b472983817021d9ffb60838b2b36b9376b20",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"dream2nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"elnafo-radio",
|
||||
"nixpkgs"
|
||||
],
|
||||
"purescript-overlay": "purescript-overlay",
|
||||
"pyproject-nix": "pyproject-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732214960,
|
||||
"narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=",
|
||||
"owner": "nix-community",
|
||||
"repo": "dream2nix",
|
||||
"rev": "a8dac99db44307fdecead13a39c584b97812d0d4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "dream2nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"drift": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"snowfall-lib": "snowfall-lib",
|
||||
"unstable": "unstable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716675566,
|
||||
"narHash": "sha256-H1f5LI1pKogcv+S4pjHjGWwC4286wuQxfjp9Poc+sTg=",
|
||||
"owner": "snowfallorg",
|
||||
"repo": "drift",
|
||||
"rev": "b0c929d645040abb01d5faff63e07caade0ce8e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "snowfallorg",
|
||||
"repo": "drift",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"elnafo-radio": {
|
||||
"inputs": {
|
||||
"advisory-db": "advisory-db",
|
||||
"crane": "crane_2",
|
||||
"dream2nix": "dream2nix",
|
||||
"fenix": "fenix",
|
||||
"nix-std": "nix-std",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732734795,
|
||||
"narHash": "sha256-xDR8ZF9S/igtu51ZQ68w7WdKp0IGzmZSF7hLtezALPY=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "e3b05ea5e209b268bca1f9ebcb30096c5aebcf0a",
|
||||
"revCount": 14,
|
||||
"type": "git",
|
||||
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"
|
||||
}
|
||||
},
|
||||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"elnafo-radio",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-analyzer-src": [
|
||||
"elnafo-radio"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732689334,
|
||||
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fenix_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
@ -221,11 +75,11 @@
|
||||
"rust-analyzer-src": []
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732689334,
|
||||
"narHash": "sha256-yKI1KiZ0+bvDvfPTQ1ZT3oP/nIu3jPYm4dnbRd6hYg4=",
|
||||
"lastModified": 1726813972,
|
||||
"narHash": "sha256-t6turZgoSAVgj7hn5mxzNlLOeVeZvymFo8+ymB52q34=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "a8a983027ca02b363dfc82fbe3f7d9548a8d3dce",
|
||||
"rev": "251caeafc75b710282ee7e375800f75f4c8c5727",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -235,38 +89,6 @@
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
@ -290,11 +112,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730504689,
|
||||
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
|
||||
"lastModified": 1726153070,
|
||||
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
|
||||
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -305,14 +127,14 @@
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -321,53 +143,16 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils-plus": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715533576,
|
||||
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -417,11 +202,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732482255,
|
||||
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
|
||||
"lastModified": 1726825546,
|
||||
"narHash": "sha256-HiBzfzgqojA9OjPB+vdi2o+gy4Zw/MEipuGopgGsZEw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
|
||||
"rev": "0b052dd8119005c6ba819db48bcc657e48f401b7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -430,34 +215,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ixx": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"nixvim",
|
||||
"nuschtosSearch",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixvim",
|
||||
"nuschtosSearch",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729958008,
|
||||
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
||||
"owner": "NuschtOS",
|
||||
"repo": "ixx",
|
||||
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NuschtOS",
|
||||
"ref": "v0.0.6",
|
||||
"repo": "ixx",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"libpng": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@ -475,40 +232,10 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-std": {
|
||||
"locked": {
|
||||
"lastModified": 1710870712,
|
||||
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
|
||||
"owner": "chessai",
|
||||
"repo": "nix-std",
|
||||
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "chessai",
|
||||
"repo": "nix-std",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-std_2": {
|
||||
"locked": {
|
||||
"lastModified": 1710870712,
|
||||
"narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=",
|
||||
"owner": "chessai",
|
||||
"repo": "nix-std",
|
||||
"rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "chessai",
|
||||
"repo": "nix-std",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
@ -530,11 +257,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1732521221,
|
||||
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
|
||||
"lastModified": 1726755586,
|
||||
"narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
|
||||
"rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -559,6 +286,22 @@
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1725762081,
|
||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1719223410,
|
||||
@ -590,11 +333,11 @@
|
||||
"treefmt-nix": []
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732726573,
|
||||
"narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=",
|
||||
"lastModified": 1726846628,
|
||||
"narHash": "sha256-0CH44sEwiljiN2q7eIFCvabyUm1WeEiF8ofP/z5ca0Q=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "fc9178d124eba824f1862513314d351784e1a84c",
|
||||
"rev": "3211ce356be612ae89a38c60799992bde8a47127",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -605,19 +348,18 @@
|
||||
},
|
||||
"nuschtosSearch": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"ixx": "ixx",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixvim",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731936508,
|
||||
"narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=",
|
||||
"lastModified": 1726816132,
|
||||
"narHash": "sha256-AbB0lgc0IbzLIxj1O3cosiMNAVQak4KJtvq9q8MjHhs=",
|
||||
"owner": "NuschtOS",
|
||||
"repo": "search",
|
||||
"rev": "fe07070f811b717a4626d01fab714a87d422a9e1",
|
||||
"rev": "7733a39a1321057172d87e6251ded7cdeb67171e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -667,57 +409,13 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"purescript-overlay": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": [
|
||||
"elnafo-radio",
|
||||
"dream2nix",
|
||||
"nixpkgs"
|
||||
],
|
||||
"slimlock": "slimlock"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728546539,
|
||||
"narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=",
|
||||
"owner": "thomashoneyman",
|
||||
"repo": "purescript-overlay",
|
||||
"rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "thomashoneyman",
|
||||
"repo": "purescript-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pyproject-nix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1702448246,
|
||||
"narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=",
|
||||
"owner": "davhau",
|
||||
"repo": "pyproject.nix",
|
||||
"rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "davhau",
|
||||
"ref": "dream2nix",
|
||||
"repo": "pyproject.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"ags": "ags",
|
||||
"catppuccin": "catppuccin",
|
||||
"crane": "crane",
|
||||
"drift": "drift",
|
||||
"elnafo-radio": "elnafo-radio",
|
||||
"fenix": "fenix_2",
|
||||
"fenix": "fenix",
|
||||
"home-manager": "home-manager",
|
||||
"nix-std": "nix-std_2",
|
||||
"nixos-mailserver": "nixos-mailserver",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixvim": "nixvim",
|
||||
@ -735,11 +433,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729477859,
|
||||
"narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=",
|
||||
"lastModified": 1726280639,
|
||||
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1",
|
||||
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -748,65 +446,19 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"slimlock": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"elnafo-radio",
|
||||
"dream2nix",
|
||||
"purescript-overlay",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688756706,
|
||||
"narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=",
|
||||
"owner": "thomashoneyman",
|
||||
"repo": "slimlock",
|
||||
"rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "thomashoneyman",
|
||||
"repo": "slimlock",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"snowfall-lib": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils-plus": "flake-utils-plus",
|
||||
"nixpkgs": [
|
||||
"drift",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716675292,
|
||||
"narHash": "sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo=",
|
||||
"owner": "snowfallorg",
|
||||
"repo": "lib",
|
||||
"rev": "5d6e9f235735393c28e1145bec919610b172a20f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "snowfallorg",
|
||||
"ref": "v3.0.2",
|
||||
"repo": "lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732575825,
|
||||
"narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
|
||||
"lastModified": 1726524647,
|
||||
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
|
||||
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -817,16 +469,16 @@
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"lastModified": 1689347949,
|
||||
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"repo": "default-linux",
|
||||
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"repo": "default-linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
@ -860,25 +512,9 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1705856552,
|
||||
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"wezterm": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"freetype2": "freetype2",
|
||||
"harfbuzz": "harfbuzz",
|
||||
"libpng": "libpng",
|
||||
@ -890,11 +526,11 @@
|
||||
},
|
||||
"locked": {
|
||||
"dir": "nix",
|
||||
"lastModified": 1732036472,
|
||||
"narHash": "sha256-8lv1bc7Lw5S7UFOduShwSHfBzB4Vl0ex22Cb+q/qLi0=",
|
||||
"lastModified": 1726842683,
|
||||
"narHash": "sha256-n0k/znwnDGF3CNB2GhX9NfGg02mhxOzRTMmWr2EUxFs=",
|
||||
"owner": "wez",
|
||||
"repo": "wezterm",
|
||||
"rev": "4050072da21cc3106d0985281d75978c07e22abc",
|
||||
"rev": "abfc0b4c3aa2d6f99c76b20c4d7bdb6d0603ac80",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
14
flake.nix
14
flake.nix
@ -65,21 +65,12 @@
|
||||
url = "github:wez/wezterm?dir=nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
elnafo-radio = {
|
||||
url = "git+https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nix-std.url = "github:chessai/nix-std";
|
||||
drift = {
|
||||
url = "github:snowfallorg/drift";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = {self, ...} @ inputs: let
|
||||
lib = inputs.nixpkgs.lib;
|
||||
|
||||
bonLib = import ./lib {inherit lib inputs;};
|
||||
bonLib = import ./lib {inherit lib;};
|
||||
bonModules = self.nixosModules;
|
||||
# no bonPkgs, it must be defined by appropriate system + skip a possible infinite recursion
|
||||
in {
|
||||
@ -95,7 +86,8 @@
|
||||
nixosConfigurations = import ./nixosConfigurations {inherit lib inputs bonModules bonLib self;};
|
||||
|
||||
hydraJobs = {
|
||||
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value && !bonLib.isInsecure value && !bonLib.isUnfree value) self.packages;
|
||||
# filter broken packages ?
|
||||
packages = lib.filterAttrsRecursive (name: value: !bonLib.isBroken value) self.packages;
|
||||
};
|
||||
|
||||
templates = {
|
||||
|
@ -1,8 +1,4 @@
|
||||
{
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: rec {
|
||||
{lib, ...}: rec {
|
||||
maintainers = import ./maintainers.nix;
|
||||
|
||||
nameFromPath = path:
|
||||
@ -17,25 +13,9 @@
|
||||
[
|
||||
./preconfiguredModules/bonvim.nix
|
||||
./preconfiguredModules/homeManager
|
||||
./preconfiguredModules/nixos
|
||||
#(import ./preconfiguredModules/bonvim.nix)
|
||||
#(import ./preconfiguredModules/homeManager {inherit lib inputs;})
|
||||
]);
|
||||
|
||||
injectArgs = moduleArgs: ({
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
# extra arguments
|
||||
_module.args = moduleArgs;
|
||||
};
|
||||
});
|
||||
|
||||
isBroken = derivation: derivation ? meta && derivation.meta ? broken && derivation.meta.broken;
|
||||
isInsecure = derivation: derivation ? meta && derivation.meta ? insecure && derivation.meta.insecure;
|
||||
isUnfree = derivation: derivation ? meta && derivation.meta ? unfree && derivation.meta.unfree;
|
||||
|
||||
functionType = lib.types.mkOptionType {
|
||||
name = "function";
|
||||
@ -115,7 +95,4 @@
|
||||
packagesList;
|
||||
in
|
||||
lib.mapAttrs (name: value: lib.mergeAttrsList value) (lib.zipAttrs evaluatedPackages);
|
||||
|
||||
# external
|
||||
inherit (inputs.nix-std.lib.serde) toTOML;
|
||||
}
|
||||
|
@ -71,7 +71,7 @@
|
||||
settings.system_clipboard.sync_with_ring = true;
|
||||
};
|
||||
|
||||
plugins.web-devicons.enable = true;
|
||||
extraPlugins = with pkgs.vimPlugins; [nvim-web-devicons];
|
||||
|
||||
diagnostics = {
|
||||
underline = true;
|
||||
@ -152,7 +152,6 @@
|
||||
# UI
|
||||
plugins.noice = {
|
||||
enable = true;
|
||||
settings = {
|
||||
lsp.override = {
|
||||
"cmp.entry.get_documentation" = true;
|
||||
"vim.lsp.util.convert_input_to_markdown_lines" = true;
|
||||
@ -162,7 +161,6 @@
|
||||
long_message_to_split = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
plugins.dressing = {
|
||||
enable = true;
|
||||
@ -366,24 +364,22 @@
|
||||
];
|
||||
};
|
||||
cmake.enable = true;
|
||||
nil_ls.enable = true;
|
||||
pyright.enable = true;
|
||||
ruff.enable = true;
|
||||
nil-ls.enable = true;
|
||||
# pylyzer.enable = true; # not working with virtual environments currently :(
|
||||
#pylsp = {
|
||||
# enable = true; # https://github.com/nix-community/nixvim/pull/1893
|
||||
# settings.plugins = {
|
||||
# pyflakes.enabled = true;
|
||||
# black.enabled = true;
|
||||
# };
|
||||
#};
|
||||
rust_analyzer = {
|
||||
pylsp = {
|
||||
enable = true; # https://github.com/nix-community/nixvim/pull/1893
|
||||
settings.plugins = {
|
||||
pyflakes.enabled = true;
|
||||
black.enabled = true;
|
||||
};
|
||||
};
|
||||
rust-analyzer = {
|
||||
enable = true;
|
||||
package = rust-analyzer;
|
||||
cargoPackage = cargo;
|
||||
rustcPackage = rustc;
|
||||
installCargo = false;
|
||||
installRustc = false;
|
||||
installCargo = true;
|
||||
installRustc = true;
|
||||
settings = {
|
||||
checkOnSave = true;
|
||||
check.command = "clippy";
|
||||
|
@ -1,6 +1,3 @@
|
||||
{
|
||||
ags = import ./ags;
|
||||
hyprland = import ./hyprland.nix;
|
||||
hypridle = import ./hypridle.nix;
|
||||
hyprlock = import ./hyprlock.nix;
|
||||
}
|
||||
|
@ -1,24 +0,0 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
hmConfig,
|
||||
...
|
||||
}: {
|
||||
services.hypridle = {
|
||||
enable = true;
|
||||
settings = {
|
||||
general = {
|
||||
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
||||
ignore_dbus_inhibit = false;
|
||||
};
|
||||
listener = [
|
||||
{
|
||||
timeout = 300;
|
||||
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
|
||||
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,245 +0,0 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
hmConfig,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./ags
|
||||
./hypridle.nix
|
||||
./hyprlock.nix
|
||||
];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
networkmanagerapplet
|
||||
blueman
|
||||
wl-clipboard
|
||||
cliphist
|
||||
swww
|
||||
hyprshot
|
||||
wl-gammarelay-rs
|
||||
playerctl
|
||||
];
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
configPackages = with pkgs; [
|
||||
xdg-desktop-portal-hyprland
|
||||
];
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-gtk
|
||||
];
|
||||
};
|
||||
|
||||
wayland.windowManager.hyprland = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# Devices (use `hyprctl devices`)
|
||||
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
|
||||
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
|
||||
"$keyboard" = "keychron-keychron-k3-pro";
|
||||
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
|
||||
|
||||
# Main programs
|
||||
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
|
||||
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
|
||||
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
|
||||
|
||||
monitor = [
|
||||
"desc:$monitor2, 2560x1440@75, 0x0, auto"
|
||||
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
|
||||
"Unknown-1, disable"
|
||||
];
|
||||
|
||||
exec-once = [
|
||||
"ags &"
|
||||
"nm-applet --indicator &"
|
||||
"blueman-applet &"
|
||||
"wl-gammarelay-rs run &"
|
||||
"systemctl --user start hypridle"
|
||||
"wl-paste --type text --watch cliphist store" #Stores only text data
|
||||
"wl-paste --type image --watch cliphist store" #Stores only image data
|
||||
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
|
||||
];
|
||||
|
||||
env = [
|
||||
"XCURSOR_SIZE,14"
|
||||
"HYPRCURSOR_SIZE,14"
|
||||
"WLR_DRM_NO_ATOMIC,1"
|
||||
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
|
||||
];
|
||||
|
||||
general = {
|
||||
gaps_in = 2;
|
||||
gaps_out = 2;
|
||||
|
||||
border_size = 2;
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
|
||||
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
|
||||
"col.inactive_border" = "rgba(595959aa)";
|
||||
|
||||
# Set to true enable resizing windows by clicking and dragging on borders and gaps
|
||||
resize_on_border = true;
|
||||
|
||||
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
||||
allow_tearing = true;
|
||||
|
||||
layout = "dwindle";
|
||||
};
|
||||
decoration = {
|
||||
rounding = 5;
|
||||
|
||||
# Change transparency of focused and unfocused windows
|
||||
active_opacity = 1.0;
|
||||
inactive_opacity = 0.95;
|
||||
|
||||
drop_shadow = true;
|
||||
shadow_range = 4;
|
||||
shadow_render_power = 3;
|
||||
"col.shadow" = "rgba(1a1a1aee)";
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#blur
|
||||
blur = {
|
||||
enabled = true;
|
||||
size = 3;
|
||||
passes = 1;
|
||||
|
||||
vibrancy = 0.1696;
|
||||
};
|
||||
};
|
||||
animations = {
|
||||
enabled = true;
|
||||
|
||||
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
||||
|
||||
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
|
||||
|
||||
animation = [
|
||||
"windows, 1, 7, myBezier"
|
||||
"windowsOut, 1, 7, default, popin 80%"
|
||||
"border, 1, 10, default"
|
||||
"borderangle, 1, 8, default"
|
||||
"fade, 1, 7, default"
|
||||
"workspaces, 1, 6, default"
|
||||
];
|
||||
};
|
||||
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
||||
dwindle = {
|
||||
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
||||
preserve_split = true; # You probably want this
|
||||
};
|
||||
|
||||
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
||||
master = {
|
||||
new_status = "master";
|
||||
};
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#misc
|
||||
misc = {
|
||||
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
|
||||
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
|
||||
};
|
||||
input = {
|
||||
kb_layout = "us,ru";
|
||||
|
||||
follow_mouse = 1;
|
||||
|
||||
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
|
||||
|
||||
touchpad = {
|
||||
natural_scroll = false;
|
||||
};
|
||||
};
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#gestures
|
||||
gestures = {
|
||||
workspace_swipe = false;
|
||||
};
|
||||
|
||||
windowrulev2 = [
|
||||
"suppressevent maximize, class:.*" # You'll probably like this.
|
||||
"float, class:^(steam_app.*)$"
|
||||
"immediate, class:^(steam_app.*)$"
|
||||
"float, class:^(steam_proton.*)$"
|
||||
"float,class:^(org.wezfurlong.wezterm)$"
|
||||
"tile,class:^(org.wezfurlong.wezterm)$"
|
||||
];
|
||||
bind = [
|
||||
"SUPER, Q, exec, $terminal"
|
||||
"SUPER, N, exec, $fileManager"
|
||||
"SUPER, R, exec, $menu"
|
||||
"SUPER, X, exec, ags -t clock"
|
||||
"SUPER, X, exec, ags -t control"
|
||||
"SUPER, X, exec, ags -t systray"
|
||||
"SUPER, X, exec, ags -t workspaces"
|
||||
"SUPER, X, exec, ags -t window-title"
|
||||
|
||||
"SUPER, C, killactive,"
|
||||
"SUPER, M, exit,"
|
||||
"SUPER, V, togglefloating,"
|
||||
"SUPER, F, fullscreen,"
|
||||
"SUPER, J, togglesplit," # dwindle
|
||||
|
||||
# Move focus with mainMod + arrow keys
|
||||
"SUPER, left, movefocus, l"
|
||||
"SUPER, right, movefocus, r"
|
||||
"SUPER, up, movefocus, u"
|
||||
"SUPER, down, movefocus, d"
|
||||
|
||||
# Switch workspaces with mainMod + [0-9]
|
||||
"SUPER, 1, workspace, 1"
|
||||
"SUPER, 2, workspace, 2"
|
||||
"SUPER, 3, workspace, 3"
|
||||
"SUPER, 4, workspace, 4"
|
||||
"SUPER, 5, workspace, 5"
|
||||
"SUPER, 6, workspace, 6"
|
||||
"SUPER, 7, workspace, 7"
|
||||
"SUPER, 8, workspace, 8"
|
||||
"SUPER, 9, workspace, 9"
|
||||
"SUPER, 0, workspace, 10"
|
||||
|
||||
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
||||
"SUPER SHIFT, 1, movetoworkspace, 1"
|
||||
"SUPER SHIFT, 2, movetoworkspace, 2"
|
||||
"SUPER SHIFT, 3, movetoworkspace, 3"
|
||||
"SUPER SHIFT, 4, movetoworkspace, 4"
|
||||
"SUPER SHIFT, 5, movetoworkspace, 5"
|
||||
"SUPER SHIFT, 6, movetoworkspace, 6"
|
||||
"SUPER SHIFT, 7, movetoworkspace, 7"
|
||||
"SUPER SHIFT, 8, movetoworkspace, 8"
|
||||
"SUPER SHIFT, 9, movetoworkspace, 9"
|
||||
"SUPER SHIFT, 0, movetoworkspace, 10"
|
||||
|
||||
# special workspace (scratchpad)
|
||||
"SUPER, S, togglespecialworkspace, magic"
|
||||
"SUPER SHIFT, S, movetoworkspace, special:magic"
|
||||
|
||||
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
|
||||
", PRINT, exec, hyprshot --freeze --mode region"
|
||||
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
|
||||
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
|
||||
];
|
||||
# Move/resize windows with mainMod + LMB/RMB and dragging
|
||||
bindm = [
|
||||
"SUPER, mouse:272, movewindow"
|
||||
"SUPER, mouse:273, resizewindow"
|
||||
];
|
||||
|
||||
bindel = [
|
||||
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
|
||||
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
|
||||
];
|
||||
bindl = [
|
||||
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
|
||||
", XF86AudioPrev, exec, playerctl previous"
|
||||
", XF86AudioPlay, exec, playerctl play-pause"
|
||||
", XF86AudioNext, exec, playerctl next"
|
||||
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
|
||||
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
|
||||
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
|
||||
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,11 +0,0 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
hmConfig,
|
||||
...
|
||||
}: {
|
||||
programs.hyprlock = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
@ -1,237 +0,0 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Nix settings
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = ["nix-command" "flakes"];
|
||||
substituters = [
|
||||
"https://cache.elnafo.ru"
|
||||
"https://bonfire.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
|
||||
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
gc = {
|
||||
automatic = lib.mkDefault true;
|
||||
dates = lib.mkDefault "weekly";
|
||||
options = lib.mkDefault "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
|
||||
# Filesystem
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=root" "compress=zstd"];
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/boot";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=nix" "compress=zstd" "noatime"];
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=home" "compress=zstd"];
|
||||
};
|
||||
|
||||
"/swap" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=swap" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{device = "/swap/swapfile";}
|
||||
];
|
||||
|
||||
# Boot and kernel options
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.systemd-boot.configurationLimit = 5;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
tmp.useTmpfs = lib.mkDefault true;
|
||||
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
|
||||
|
||||
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
||||
initrd.kernelModules = [];
|
||||
kernelModules = ["tcp_bbr" "coretemp" "nct6775"];
|
||||
kernelParams = ["threadirqs"];
|
||||
|
||||
kernel.sysctl = {
|
||||
# The Magic SysRq key is a key combo that allows users connected to the
|
||||
# system console of a Linux kernel to perform some low-level commands.
|
||||
# Disable it, since we don't need it, and is a potential security concern.
|
||||
"kernel.sysrq" = 0;
|
||||
|
||||
## TCP hardening
|
||||
# Prevent bogus ICMP errors from filling up logs.
|
||||
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
||||
# Reverse path filtering causes the kernel to do source validation of
|
||||
# packets received from all interfaces. This can mitigate IP spoofing.
|
||||
"net.ipv4.conf.default.rp_filter" = 1;
|
||||
"net.ipv4.conf.all.rp_filter" = 1;
|
||||
# Do not accept IP source route packets
|
||||
"net.ipv4.conf.all.accept_source_route" = 1;
|
||||
"net.ipv4.conf.wlo1.accept_source_route" = 1;
|
||||
"net.ipv6.conf.all.accept_source_route" = 1;
|
||||
# Don't send ICMP redirects
|
||||
"net.ipv4.conf.all.send_redirects" = 0;
|
||||
"net.ipv4.conf.default.send_redirects" = 0;
|
||||
# Refuse ICMP redirects (MITM mitigations)
|
||||
"net.ipv4.conf.all.accept_redirects" = 0;
|
||||
"net.ipv4.conf.default.accept_redirects" = 0;
|
||||
"net.ipv4.conf.all.secure_redirects" = 0;
|
||||
"net.ipv4.conf.default.secure_redirects" = 0;
|
||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||
# Protects against SYN flood attacks
|
||||
"net.ipv4.tcp_syncookies" = 1;
|
||||
# Incomplete protection again TIME-WAIT assassination
|
||||
"net.ipv4.tcp_rfc1337" = 1;
|
||||
|
||||
## TCP optimization
|
||||
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
||||
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
||||
# both incoming and outgoing connections:
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
# Bufferbloat mitigations + slight improvement in throughput & latency
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.core.default_qdisc" = "cake";
|
||||
};
|
||||
};
|
||||
|
||||
# Security
|
||||
security = {
|
||||
protectKernelImage = true;
|
||||
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
|
||||
rtkit.enable = true;
|
||||
polkit.enable = true;
|
||||
pam.loginLimits = [
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = "unlimited";
|
||||
}
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "rtprio";
|
||||
type = "-";
|
||||
value = "99";
|
||||
}
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "nofile";
|
||||
type = "soft";
|
||||
value = "99999";
|
||||
}
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "nofile";
|
||||
type = "hard";
|
||||
value = "99999";
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "nofile";
|
||||
type = "-";
|
||||
value = "524288";
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = "524288";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# Hardware
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true;
|
||||
};
|
||||
|
||||
# Timezone and locale
|
||||
time.timeZone = "Asia/Yekaterinburg";
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
};
|
||||
};
|
||||
|
||||
# Base packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
|
||||
parted
|
||||
ntfs3g
|
||||
sshfs
|
||||
exfat
|
||||
btrfs-progs
|
||||
btrbk
|
||||
|
||||
lm_sensors
|
||||
btop
|
||||
|
||||
git
|
||||
git-lfs
|
||||
lazygit
|
||||
|
||||
nnn
|
||||
fzf
|
||||
ripgrep
|
||||
fd
|
||||
|
||||
unzip
|
||||
|
||||
fishPlugins.fzf-fish
|
||||
fishPlugins.tide
|
||||
fishPlugins.grc
|
||||
fishPlugins.hydro
|
||||
grc
|
||||
|
||||
gnupg
|
||||
pass
|
||||
|
||||
bat
|
||||
];
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,5 +0,0 @@
|
||||
{
|
||||
common = import ./common.nix;
|
||||
hyprland = import ./hyprland.nix;
|
||||
hyprland-greetd = import ./hyprland-greetd.nix;
|
||||
}
|
@ -1,33 +0,0 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
lib.mkIf config.programs.hyprland.enable {
|
||||
services.greetd = let
|
||||
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
|
||||
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
settings = {
|
||||
default_session = {
|
||||
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
|
||||
user = "greeter";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs.regreet = {
|
||||
enable = true;
|
||||
settings = {
|
||||
GTK = {
|
||||
application_prefer_dark_theme = true;
|
||||
};
|
||||
appearance = {
|
||||
greeting_msg = "Hey, you. You're finally awake.";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,6 +0,0 @@
|
||||
{...}: {
|
||||
programs.hyprland = {
|
||||
enable = true;
|
||||
xwayland.enable = true;
|
||||
};
|
||||
}
|
@ -1,20 +0,0 @@
|
||||
{
|
||||
inputs,
|
||||
hmConfig,
|
||||
username,
|
||||
bonLib,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
../nixos/hyprland.nix
|
||||
../nixos/hyprland-greetd.nix
|
||||
];
|
||||
|
||||
home-manager.users.${username} = {...}: {
|
||||
imports = [
|
||||
(bonLib.injectArgs {inherit hmConfig;})
|
||||
inputs.ags.homeManagerModules.default
|
||||
../homeManager/hyprland.nix
|
||||
];
|
||||
};
|
||||
}
|
@ -2,21 +2,35 @@
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
bonLib,
|
||||
...
|
||||
}: {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
imports = [
|
||||
bonLib.preconfiguredModules.nixos.common
|
||||
./hardware.nix
|
||||
./users.nix
|
||||
];
|
||||
imports = [./hardware.nix ./users.nix];
|
||||
|
||||
# Nix settings
|
||||
nix.settings = {
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = ["nix-command" "flakes" "repl-flake"];
|
||||
trusted-users = ["l-nafaryus"];
|
||||
allowed-users = ["l-nafaryus"];
|
||||
substituters = [
|
||||
"https://cache.elnafo.ru"
|
||||
"https://bonfire.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
|
||||
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
gc = {
|
||||
automatic = lib.mkDefault true;
|
||||
dates = lib.mkDefault "weekly";
|
||||
options = lib.mkDefault "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
|
||||
# Nix packages
|
||||
@ -43,20 +57,53 @@
|
||||
|
||||
videoDrivers = ["nvidia"];
|
||||
|
||||
#displayManager.gdm = {
|
||||
# enable = true;
|
||||
# autoSuspend = false;
|
||||
# wayland = true;
|
||||
#};
|
||||
#desktopManager.gnome.enable = true;
|
||||
#windowManager.awesome.enable = true;
|
||||
|
||||
wacom.enable = true;
|
||||
};
|
||||
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
services.displayManager.sddm = {
|
||||
services.greetd = let
|
||||
hyprConfig = pkgs.writeText "greetd-hyprland-config" ''
|
||||
exec-once = ${lib.getExe pkgs.greetd.regreet}; hyprctl dispatch exit
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
settings = {
|
||||
default_session = {
|
||||
command = "${lib.getExe config.programs.hyprland.package} --config ${hyprConfig}";
|
||||
user = "greeter";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.dbus = {
|
||||
programs.regreet = {
|
||||
enable = true;
|
||||
packages = with pkgs; [networkmanager];
|
||||
settings = {
|
||||
GTK = {
|
||||
application_prefer_dark_theme = true;
|
||||
# TODO: provide gtk themes
|
||||
# theme_name = "Catppuccin-Macchiato-Standard-Green-Dark";
|
||||
# icon_theme_name = "Catppuccin-Macchiato-Green-Cursors";
|
||||
# cursor_theme_name = "Papirus-Dark";
|
||||
# font_name = "";
|
||||
};
|
||||
appearance = {
|
||||
greeting_msg = "Hey, you. You're finally awake.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs.hyprland = {
|
||||
enable = true;
|
||||
xwayland.enable = true;
|
||||
};
|
||||
services.dbus.enable = true;
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
@ -85,15 +132,14 @@
|
||||
};
|
||||
|
||||
services.udev = {
|
||||
packages = with pkgs; [gnome.gnome-settings-daemon];
|
||||
extraRules = ''
|
||||
KERNEL=="rtc0", GROUP="audio"
|
||||
KERNEL=="hpet", GROUP="audio"
|
||||
'';
|
||||
};
|
||||
|
||||
services.cockpit.enable = true;
|
||||
|
||||
#services.blueman.enable = true;
|
||||
services.blueman.enable = true;
|
||||
|
||||
services.btrfs.autoScrub = {
|
||||
enable = true;
|
||||
@ -101,6 +147,49 @@
|
||||
fileSystems = ["/"];
|
||||
};
|
||||
|
||||
# Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
|
||||
parted
|
||||
ntfs3g
|
||||
sshfs
|
||||
exfat
|
||||
|
||||
lm_sensors
|
||||
|
||||
git
|
||||
git-lfs
|
||||
ripgrep
|
||||
fd
|
||||
lazygit
|
||||
unzip
|
||||
|
||||
gnumake
|
||||
|
||||
fishPlugins.fzf-fish
|
||||
fishPlugins.tide
|
||||
fishPlugins.grc
|
||||
fishPlugins.hydro
|
||||
|
||||
nnn
|
||||
fzf
|
||||
grc
|
||||
|
||||
gcc
|
||||
|
||||
cachix
|
||||
];
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
};
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host astora
|
||||
HostName 192.168.156.101
|
||||
@ -113,6 +202,13 @@
|
||||
User l-nafaryus
|
||||
'';
|
||||
|
||||
programs.direnv.enable = true;
|
||||
|
||||
fonts.packages = with pkgs; [nerdfonts];
|
||||
|
||||
programs.steam.enable = true;
|
||||
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
|
||||
|
||||
virtualisation = {
|
||||
containers.enable = true;
|
||||
podman = {
|
||||
@ -120,9 +216,6 @@
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
qemu.vhostUserPackages = with pkgs; [virtiofsd];
|
||||
};
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
}
|
||||
|
@ -1,19 +1,148 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Boot
|
||||
boot = {
|
||||
kernelModules = ["kvm-amd"];
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.systemd-boot.configurationLimit = 5;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
tmp.useTmpfs = lib.mkDefault true;
|
||||
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
|
||||
|
||||
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
||||
initrd.kernelModules = [];
|
||||
kernelModules = ["kvm-amd" "tcp_bbr" "coretemp" "nct6775"];
|
||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
||||
extraModprobeConfig = ''
|
||||
options v4l2loopback devices=1 video_nr=1 card_label="OBS Camera" exclusive_caps=1
|
||||
'';
|
||||
kernelParams = ["threadirqs"];
|
||||
|
||||
kernel.sysctl = {
|
||||
# The Magic SysRq key is a key combo that allows users connected to the
|
||||
# system console of a Linux kernel to perform some low-level commands.
|
||||
# Disable it, since we don't need it, and is a potential security concern.
|
||||
"kernel.sysrq" = 0;
|
||||
|
||||
## TCP hardening
|
||||
# Prevent bogus ICMP errors from filling up logs.
|
||||
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
||||
# Reverse path filtering causes the kernel to do source validation of
|
||||
# packets received from all interfaces. This can mitigate IP spoofing.
|
||||
"net.ipv4.conf.default.rp_filter" = 1;
|
||||
"net.ipv4.conf.all.rp_filter" = 1;
|
||||
# Do not accept IP source route packets
|
||||
"net.ipv4.conf.all.accept_source_route" = 0;
|
||||
"net.ipv6.conf.all.accept_source_route" = 0;
|
||||
# Don't send ICMP redirects
|
||||
"net.ipv4.conf.all.send_redirects" = 0;
|
||||
"net.ipv4.conf.default.send_redirects" = 0;
|
||||
# Refuse ICMP redirects (MITM mitigations)
|
||||
"net.ipv4.conf.all.accept_redirects" = 0;
|
||||
"net.ipv4.conf.default.accept_redirects" = 0;
|
||||
"net.ipv4.conf.all.secure_redirects" = 0;
|
||||
"net.ipv4.conf.default.secure_redirects" = 0;
|
||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||
# Protects against SYN flood attacks
|
||||
"net.ipv4.tcp_syncookies" = 1;
|
||||
# Incomplete protection again TIME-WAIT assassination
|
||||
"net.ipv4.tcp_rfc1337" = 1;
|
||||
|
||||
## TCP optimization
|
||||
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
||||
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
||||
# both incoming and outgoing connections:
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
# Bufferbloat mitigations + slight improvement in throughput & latency
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.core.default_qdisc" = "cake";
|
||||
};
|
||||
};
|
||||
|
||||
# Security
|
||||
security = {
|
||||
protectKernelImage = true;
|
||||
acme.acceptTerms = true;
|
||||
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
|
||||
rtkit.enable = true;
|
||||
pam.loginLimits = [
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = "unlimited";
|
||||
}
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "rtprio";
|
||||
type = "-";
|
||||
value = "99";
|
||||
}
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "nofile";
|
||||
type = "soft";
|
||||
value = "99999";
|
||||
}
|
||||
{
|
||||
domain = "@audio";
|
||||
item = "nofile";
|
||||
type = "hard";
|
||||
value = "99999";
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "nofile";
|
||||
type = "-";
|
||||
value = "524288";
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = "524288";
|
||||
}
|
||||
];
|
||||
polkit.enable = true;
|
||||
};
|
||||
|
||||
users.users.root.initialPassword = "nixos";
|
||||
|
||||
# Filesystem
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=root" "compress=zstd"];
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/boot";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=nix" "compress=zstd" "noatime"];
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=home" "compress=zstd"];
|
||||
};
|
||||
|
||||
"/swap" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=swap" "noatime"];
|
||||
};
|
||||
|
||||
"/media/steam-library" = {
|
||||
device = "/dev/disk/by-label/siegward";
|
||||
fsType = "btrfs";
|
||||
@ -27,10 +156,16 @@
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{device = "/swap/swapfile";}
|
||||
];
|
||||
|
||||
services.fstrim.enable = true;
|
||||
|
||||
# Hardware etc
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true;
|
||||
|
||||
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
nvidia.nvidiaSettings = true;
|
||||
@ -46,10 +181,56 @@
|
||||
};
|
||||
|
||||
networking = {
|
||||
networkmanager = {
|
||||
networkmanager.enable = true;
|
||||
networkmanager.unmanaged = ["interface-name:ve-*"];
|
||||
useDHCP = lib.mkDefault true;
|
||||
hostName = "astora";
|
||||
extraHosts = '''';
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
enableStrongSwan = true;
|
||||
plugins = with pkgs; [networkmanager-l2tp];
|
||||
allowedTCPPorts = [80 443];
|
||||
trustedInterfaces = ["ve-+"];
|
||||
extraCommands = ''
|
||||
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
|
||||
'';
|
||||
extraStopCommands = ''
|
||||
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "wlo1";
|
||||
internalInterfaces = ["ve-+"];
|
||||
};
|
||||
|
||||
interfaces.wlo1.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.156.101";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
|
||||
defaultGateway = "192.168.156.1";
|
||||
nameservers = ["192.168.156.1" "8.8.8.8"];
|
||||
};
|
||||
|
||||
# Common
|
||||
time.timeZone = "Asia/Yekaterinburg";
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -6,9 +6,7 @@
|
||||
bonLib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
user = "l-nafaryus";
|
||||
in {
|
||||
}: {
|
||||
# Users
|
||||
users.users.l-nafaryus = {
|
||||
isNormalUser = true;
|
||||
@ -18,32 +16,30 @@ in {
|
||||
uid = 1000;
|
||||
initialPassword = "nixos";
|
||||
shell = pkgs.fish;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1YGp8AI48hJUSQBZpuKLpbj2+3Q09vq64NxFr0N1MS"
|
||||
];
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.backupFileExtension = "hmbackup";
|
||||
|
||||
home-manager.users.${user} = {pkgs, ...}: let
|
||||
hmConfig = config.home-manager.users.${user};
|
||||
home-manager.users.l-nafaryus = {pkgs, ...}: let
|
||||
hmConfig = config.home-manager.users.l-nafaryus;
|
||||
in {
|
||||
home.stateVersion = "23.11";
|
||||
home.username = "l-nafaryus";
|
||||
home.homeDirectory = "/home/l-nafaryus";
|
||||
imports = [
|
||||
(bonLib.injectArgs {
|
||||
inherit hmConfig;
|
||||
})
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.ags.homeManagerModules.default
|
||||
#bonLib.preconfiguredModules.homeManager.hyprland
|
||||
bonLib.preconfiguredModules.homeManager.ags
|
||||
];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
#gnupg
|
||||
git
|
||||
#nnn
|
||||
pass
|
||||
taskwarrior3
|
||||
#tmux
|
||||
|
||||
gparted
|
||||
|
||||
@ -97,43 +93,46 @@ in {
|
||||
jdk
|
||||
bonPkgs.ultimmc
|
||||
|
||||
liberation_ttf
|
||||
|
||||
steamtinkerlaunch
|
||||
|
||||
#dunst
|
||||
#libnotify
|
||||
discord
|
||||
webcord
|
||||
vesktop
|
||||
|
||||
tor
|
||||
networkmanagerapplet
|
||||
#rofi-wayland
|
||||
kgx
|
||||
dunst
|
||||
libnotify
|
||||
playerctl
|
||||
wl-gammarelay-rs
|
||||
# btop
|
||||
lua
|
||||
# bat
|
||||
musikcube
|
||||
swww
|
||||
hyprshot
|
||||
mangohud
|
||||
gamescope
|
||||
libstrangle
|
||||
wl-clipboard
|
||||
cliphist
|
||||
tree
|
||||
bonPkgs.bonvim
|
||||
|
||||
freenect
|
||||
|
||||
mpc-cli
|
||||
|
||||
kdePackages.kmail
|
||||
kdePackages.kmail-account-wizard
|
||||
|
||||
flacon
|
||||
picard
|
||||
|
||||
docker-compose
|
||||
podman-compose
|
||||
dive
|
||||
lazydocker
|
||||
|
||||
ksshaskpass
|
||||
|
||||
# virtiofsd
|
||||
];
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
configPackages = with pkgs; [
|
||||
kdePackages.xdg-desktop-portal-kde
|
||||
#xdg-desktop-portal-wlr
|
||||
xdg-desktop-portal-hyprland
|
||||
];
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-gtk
|
||||
@ -148,6 +147,22 @@ in {
|
||||
accent = "green";
|
||||
};
|
||||
|
||||
gtk = {
|
||||
enable = true;
|
||||
# TODO: fix catppuccin deprecation. Provide Paper icons to gtk and gnomeShell manually. (+ regreet)
|
||||
catppuccin = {
|
||||
enable = true;
|
||||
accent = "green";
|
||||
flavor = "macchiato";
|
||||
gnomeShellTheme = true;
|
||||
icon = {
|
||||
enable = true;
|
||||
accent = "green";
|
||||
flavor = "macchiato";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
# General
|
||||
fish = {
|
||||
@ -229,9 +244,6 @@ in {
|
||||
homedir = "${hmConfig.xdg.configHome}/gnupg";
|
||||
mutableKeys = true;
|
||||
mutableTrust = true;
|
||||
settings = {
|
||||
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
|
||||
};
|
||||
# TODO: replace existing ssh key with gpg provided
|
||||
};
|
||||
|
||||
@ -257,9 +269,12 @@ in {
|
||||
ncmpcpp.enable = true;
|
||||
|
||||
# Graphical
|
||||
hyprlock = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
wezterm = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
package = inputs.wezterm.packages.x86_64-linux.default;
|
||||
extraConfig = ''
|
||||
return {
|
||||
@ -282,7 +297,7 @@ in {
|
||||
};
|
||||
|
||||
rofi = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
package = pkgs.rofi-wayland;
|
||||
terminal = "${lib.getExe hmConfig.programs.wezterm.package}";
|
||||
cycle = true;
|
||||
@ -327,7 +342,7 @@ in {
|
||||
defaultCacheTtl = 3600;
|
||||
defaultCacheTtlSsh = 3600;
|
||||
enableSshSupport = true;
|
||||
pinentryPackage = pkgs.pinentry-qt;
|
||||
pinentryPackage = pkgs.pinentry-gtk2;
|
||||
enableFishIntegration = true;
|
||||
enableBashIntegration = true;
|
||||
};
|
||||
@ -340,8 +355,237 @@ in {
|
||||
#mpdris2 = {
|
||||
# enable = true;
|
||||
#};
|
||||
};
|
||||
|
||||
# Graphical
|
||||
hypridle = {
|
||||
enable = true;
|
||||
settings = {
|
||||
general = {
|
||||
after_sleep_cmd = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
||||
ignore_dbus_inhibit = false;
|
||||
};
|
||||
listener = [
|
||||
{
|
||||
timeout = 300;
|
||||
on-timeout = "${pkgs.hyprland}/bin/hyprctl dispatch dpms off";
|
||||
on-resume = "${pkgs.hyprland}/bin/hyprctl dispatch dpms on";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
wayland.windowManager.hyprland = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# Devices (use `hyprctl devices`)
|
||||
"$monitor1" = "AOC Q27G2G3R3B 137P4HA000540";
|
||||
"$monitor2" = "AOC Q27B3MA 17ZPAHA006135";
|
||||
"$keyboard" = "keychron-keychron-k3-pro";
|
||||
"$mouse" = "logitech-g102-lightsync-gaming-mouse";
|
||||
|
||||
# Main programs
|
||||
"$terminal" = "${lib.getExe hmConfig.programs.wezterm.package}";
|
||||
"$menu" = "${lib.getExe hmConfig.programs.rofi.package} -show drun";
|
||||
"$fileManager" = "$terminal -e ${lib.getExe hmConfig.programs.nnn.package}";
|
||||
|
||||
monitor = [
|
||||
"desc:$monitor2, 2560x1440@75, 0x0, auto"
|
||||
"desc:$monitor1, 2560x1440@165, 2560x0, auto"
|
||||
"Unknown-1, disable"
|
||||
];
|
||||
|
||||
exec-once = [
|
||||
"ags &"
|
||||
"nm-applet --indicator &"
|
||||
"blueman-applet &"
|
||||
"wl-gammarelay-rs run &"
|
||||
"systemctl --user start hypridle"
|
||||
"wl-paste --type text --watch cliphist store" #Stores only text data
|
||||
"wl-paste --type image --watch cliphist store" #Stores only image data
|
||||
"swww-daemon & swww img ~/Pictures/wallpapers/current" # wallpaper symlinked
|
||||
];
|
||||
|
||||
env = [
|
||||
"XCURSOR_SIZE,16"
|
||||
"HYPRCURSOR_SIZE,16"
|
||||
"WLR_DRM_NO_ATOMIC,1"
|
||||
"HYPRSHOT_DIR,${hmConfig.xdg.userDirs.pictures}/screenshots"
|
||||
];
|
||||
|
||||
general = {
|
||||
gaps_in = 2;
|
||||
gaps_out = 2;
|
||||
|
||||
border_size = 2;
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
|
||||
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
|
||||
"col.inactive_border" = "rgba(595959aa)";
|
||||
|
||||
# Set to true enable resizing windows by clicking and dragging on borders and gaps
|
||||
resize_on_border = true;
|
||||
|
||||
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
||||
allow_tearing = true;
|
||||
|
||||
layout = "dwindle";
|
||||
};
|
||||
decoration = {
|
||||
rounding = 5;
|
||||
|
||||
# Change transparency of focused and unfocused windows
|
||||
active_opacity = 1.0;
|
||||
inactive_opacity = 0.95;
|
||||
|
||||
drop_shadow = true;
|
||||
shadow_range = 4;
|
||||
shadow_render_power = 3;
|
||||
"col.shadow" = "rgba(1a1a1aee)";
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#blur
|
||||
blur = {
|
||||
enabled = true;
|
||||
size = 3;
|
||||
passes = 1;
|
||||
|
||||
vibrancy = 0.1696;
|
||||
};
|
||||
};
|
||||
animations = {
|
||||
enabled = true;
|
||||
|
||||
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
||||
|
||||
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
|
||||
|
||||
animation = [
|
||||
"windows, 1, 7, myBezier"
|
||||
"windowsOut, 1, 7, default, popin 80%"
|
||||
"border, 1, 10, default"
|
||||
"borderangle, 1, 8, default"
|
||||
"fade, 1, 7, default"
|
||||
"workspaces, 1, 6, default"
|
||||
];
|
||||
};
|
||||
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
||||
dwindle = {
|
||||
pseudotile = true; # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
||||
preserve_split = true; # You probably want this
|
||||
};
|
||||
|
||||
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
||||
master = {
|
||||
new_status = "master";
|
||||
};
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#misc
|
||||
misc = {
|
||||
force_default_wallpaper = -1; # Set to 0 or 1 to disable the anime mascot wallpapers
|
||||
disable_hyprland_logo = false; # Enable the random hyprland logo / anime girl background. :)
|
||||
};
|
||||
input = {
|
||||
kb_layout = "us,ru";
|
||||
|
||||
follow_mouse = 1;
|
||||
|
||||
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
|
||||
|
||||
touchpad = {
|
||||
natural_scroll = false;
|
||||
};
|
||||
};
|
||||
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#gestures
|
||||
gestures = {
|
||||
workspace_swipe = false;
|
||||
};
|
||||
|
||||
windowrulev2 = [
|
||||
"suppressevent maximize, class:.*" # You'll probably like this.
|
||||
"float, class:^(steam_app.*)$"
|
||||
"immediate, class:^(steam_app.*)$"
|
||||
"float, class:^(steam_proton.*)$"
|
||||
"float,class:^(org.wezfurlong.wezterm)$"
|
||||
"tile,class:^(org.wezfurlong.wezterm)$"
|
||||
];
|
||||
bind = [
|
||||
"SUPER, Q, exec, $terminal"
|
||||
"SUPER, N, exec, $fileManager"
|
||||
"SUPER, R, exec, $menu"
|
||||
"SUPER, X, exec, ags -t clock"
|
||||
"SUPER, X, exec, ags -t control"
|
||||
"SUPER, X, exec, ags -t systray"
|
||||
"SUPER, X, exec, ags -t workspaces"
|
||||
"SUPER, X, exec, ags -t window-title"
|
||||
|
||||
"SUPER, C, killactive,"
|
||||
"SUPER, M, exit,"
|
||||
"SUPER, V, togglefloating,"
|
||||
"SUPER, F, fullscreen,"
|
||||
"SUPER, J, togglesplit," # dwindle
|
||||
|
||||
# Move focus with mainMod + arrow keys
|
||||
"SUPER, left, movefocus, l"
|
||||
"SUPER, right, movefocus, r"
|
||||
"SUPER, up, movefocus, u"
|
||||
"SUPER, down, movefocus, d"
|
||||
|
||||
# Switch workspaces with mainMod + [0-9]
|
||||
"SUPER, 1, workspace, 1"
|
||||
"SUPER, 2, workspace, 2"
|
||||
"SUPER, 3, workspace, 3"
|
||||
"SUPER, 4, workspace, 4"
|
||||
"SUPER, 5, workspace, 5"
|
||||
"SUPER, 6, workspace, 6"
|
||||
"SUPER, 7, workspace, 7"
|
||||
"SUPER, 8, workspace, 8"
|
||||
"SUPER, 9, workspace, 9"
|
||||
"SUPER, 0, workspace, 10"
|
||||
|
||||
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
||||
"SUPER SHIFT, 1, movetoworkspace, 1"
|
||||
"SUPER SHIFT, 2, movetoworkspace, 2"
|
||||
"SUPER SHIFT, 3, movetoworkspace, 3"
|
||||
"SUPER SHIFT, 4, movetoworkspace, 4"
|
||||
"SUPER SHIFT, 5, movetoworkspace, 5"
|
||||
"SUPER SHIFT, 6, movetoworkspace, 6"
|
||||
"SUPER SHIFT, 7, movetoworkspace, 7"
|
||||
"SUPER SHIFT, 8, movetoworkspace, 8"
|
||||
"SUPER SHIFT, 9, movetoworkspace, 9"
|
||||
"SUPER SHIFT, 0, movetoworkspace, 10"
|
||||
|
||||
# special workspace (scratchpad)
|
||||
"SUPER, S, togglespecialworkspace, magic"
|
||||
"SUPER SHIFT, S, movetoworkspace, special:magic"
|
||||
|
||||
"SUPER, SPACE, exec, hyprctl switchxkblayout keychron-keychron-k3-pro next"
|
||||
", PRINT, exec, hyprshot --freeze --mode region"
|
||||
"CTRL, PRINT, exec, hyprshot --freeze --mode output"
|
||||
"SUPER, H, exec, cliphist list | rofi -dmenu | cliphist decode | wl-copy"
|
||||
];
|
||||
# Move/resize windows with mainMod + LMB/RMB and dragging
|
||||
bindm = [
|
||||
"SUPER, mouse:272, movewindow"
|
||||
"SUPER, mouse:273, resizewindow"
|
||||
];
|
||||
|
||||
bindel = [
|
||||
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
|
||||
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
|
||||
];
|
||||
bindl = [
|
||||
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
|
||||
", XF86AudioPrev, exec, playerctl previous"
|
||||
", XF86AudioPlay, exec, playerctl play-pause"
|
||||
", XF86AudioNext, exec, playerctl next"
|
||||
", XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n -500"
|
||||
", XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay UpdateTemperature n +500"
|
||||
"SUPER, XF86MonBrightnessDown, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d -0.1"
|
||||
"SUPER, XF86MonBrightnessUp, exec, busctl --user -- call rs.wl-gammarelay / rs.wl.gammarelay Brightness d +0.1"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# XDG
|
||||
xdg = {
|
||||
@ -381,7 +625,6 @@ in {
|
||||
environment.sessionVariables = {
|
||||
# hint electron applications to use wayland
|
||||
NIXOS_OZONE_WL = "1";
|
||||
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
|
||||
};
|
||||
|
||||
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
|
||||
@ -394,28 +637,27 @@ in {
|
||||
};
|
||||
|
||||
# Services
|
||||
#services.spoofdpi.enable = true;
|
||||
services.spoofdpi.enable = true;
|
||||
|
||||
#services.zapret = {
|
||||
# enable = true;
|
||||
# mode = "nfqws";
|
||||
# firewallType = "iptables";
|
||||
# disableIpv6 = true;
|
||||
# settings = ''
|
||||
# MODE_HTTP=1
|
||||
# MODE_HTTP_KEEPALIVE=0
|
||||
# MODE_HTTPS=1
|
||||
# MODE_QUIC=1
|
||||
# MODE_FILTER=ipset
|
||||
# TPWS_OPT="--split-http-req=method --split-pos=1 --oob"
|
||||
# NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=5"
|
||||
# NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=5"
|
||||
# NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=fake --dpi-desync-ttl=5"
|
||||
# NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-ttl=5"
|
||||
# INIT_APPLY_FW=1
|
||||
# '';
|
||||
# filterAddressesSource = "https://antifilter.network/download/ipsmart.lst";
|
||||
#};
|
||||
services.zapret = {
|
||||
enable = true;
|
||||
mode = "tpws";
|
||||
firewallType = "iptables";
|
||||
disableIpv6 = true;
|
||||
settings = ''
|
||||
MODE_HTTP=1
|
||||
MODE_HTTP_KEEPALIVE=0
|
||||
MODE_HTTPS=1
|
||||
MODE_QUIC=0
|
||||
MODE_FILTER=ipset
|
||||
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
|
||||
INIT_APPLY_FW=1
|
||||
'';
|
||||
filterAddresses = lib.readFile (pkgs.fetchurl {
|
||||
url = "https://antifilter.network/download/ipsmart.lst";
|
||||
hash = "sha256-zLq3rgci/rye1oQp2zbJelPaoN9+jqPebIbxfJ44Qlg=";
|
||||
});
|
||||
};
|
||||
|
||||
# TODO: remember who use gvfs
|
||||
services.gvfs.enable = true;
|
||||
@ -439,23 +681,4 @@ in {
|
||||
# User-id must match above user. MPD will look inside this directory for the PipeWire socket.
|
||||
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.l-nafaryus.uid}";
|
||||
};
|
||||
|
||||
programs.kdeconnect = {
|
||||
enable = true;
|
||||
package = lib.mkForce pkgs.kdePackages.kdeconnect-kde;
|
||||
};
|
||||
|
||||
programs.direnv.enable = true;
|
||||
|
||||
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
|
||||
|
||||
programs.steam.enable = true;
|
||||
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
|
||||
|
||||
programs.ssh = {
|
||||
enableAskPassword = true;
|
||||
askPassword = "${lib.getExe' pkgs.ksshaskpass "ksshaskpass"}";
|
||||
hostKeyAlgorithms = ["ssh-ed25519" "ssh-rsa"];
|
||||
startAgent = true;
|
||||
};
|
||||
}
|
||||
|
@ -13,8 +13,6 @@
|
||||
# ./services/papermc.nix # disabled
|
||||
./services/gitea.nix
|
||||
./services/radio.nix
|
||||
./services/matrix.nix
|
||||
./services/metrics.nix
|
||||
];
|
||||
|
||||
# Nix settings
|
||||
@ -283,6 +281,8 @@
|
||||
fzf
|
||||
grc
|
||||
|
||||
gcc
|
||||
|
||||
cachix
|
||||
|
||||
gnupg
|
||||
|
@ -150,12 +150,6 @@
|
||||
|
||||
defaultGateway = "192.168.156.1";
|
||||
nameservers = ["192.168.156.1" "8.8.8.8"];
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "enp9s0";
|
||||
internalInterfaces = ["ve-+"];
|
||||
};
|
||||
};
|
||||
|
||||
services.logind.lidSwitchExternalPower = "ignore";
|
||||
|
@ -55,10 +55,6 @@
|
||||
indexer = {
|
||||
REPO_INDEXER_ENABLED = true;
|
||||
};
|
||||
|
||||
metrics = {
|
||||
ENABLED = true;
|
||||
};
|
||||
};
|
||||
|
||||
mailerPasswordFile = config.sops.secrets."gitea/mail".path;
|
||||
|
@ -1,101 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.conduit = {
|
||||
enable = true;
|
||||
settings.global = {
|
||||
allow_registration = true;
|
||||
server_name = "elnafo.ru";
|
||||
address = "127.0.0.1";
|
||||
database_backend = "sqlite";
|
||||
well_known.client = "https://matrix.elnafo.ru";
|
||||
well_known.server = "matrix.elnafo.ru:443";
|
||||
turn_uris = ["turn:elnafo.ru?transport=udp" "turn:elnafo.ru?transport=tcp"];
|
||||
};
|
||||
turn_secret_file = config.sops.secrets.turn-secret.path;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."matrix.elnafo.ru" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
useACMEHost = "elnafo.ru";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:6167";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.0;
|
||||
client_max_body_size 50M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
virtualHosts."element.elnafo.ru" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
useACMEHost = "elnafo.ru";
|
||||
root = pkgs.element-web.override {
|
||||
conf = {
|
||||
default_theme = "dark";
|
||||
default_server_name = "matrix.elnafo.ru";
|
||||
brand = "Elnafo Matrix";
|
||||
permalink_prefix = "https://element.elnafo.ru";
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."matrix-federation" = {
|
||||
serverName = "elnafo.ru";
|
||||
forceSSL = true;
|
||||
useACMEHost = "elnafo.ru";
|
||||
listen = [
|
||||
{
|
||||
port = 8448;
|
||||
addr = "0.0.0.0";
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
port = 443;
|
||||
addr = "0.0.0.0";
|
||||
ssl = true;
|
||||
}
|
||||
];
|
||||
locations."~ ^/(_matrix|.well_known)" = {
|
||||
proxyPass = "http://127.0.0.1:6167";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.0;
|
||||
client_max_body_size 50M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.coturn = rec {
|
||||
enable = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
min-port = 49000;
|
||||
max-port = 50000;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret-file = config.sops.secrets.coturn-secret.path;
|
||||
realm = "elnafo.ru";
|
||||
cert = "${config.security.acme.certs."elnafo.ru".directory}/full.pem";
|
||||
pkey = "${config.security.acme.certs."elnafo.ru".directory}/key.pem";
|
||||
extraConfig = ''
|
||||
# for debugging
|
||||
verbose
|
||||
# ban private IP ranges
|
||||
no-multicast-peers
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedUDPPortRanges = lib.singleton {
|
||||
from = config.services.coturn.min-port;
|
||||
to = config.services.coturn.max-port;
|
||||
};
|
||||
allowedUDPPorts = [3478 5349];
|
||||
allowedTCPPorts = [8448 3478 5349];
|
||||
};
|
||||
}
|
@ -1,123 +0,0 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
domain = "grafana.elnafo.ru";
|
||||
http_port = 2342;
|
||||
http_addr = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
port = 9090;
|
||||
globalConfig.scrape_interval = "10s"; # "1m"
|
||||
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = ["systemd"];
|
||||
port = 9092;
|
||||
};
|
||||
};
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "catarina";
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
auth_enabled = false;
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
};
|
||||
common = {
|
||||
ring = {
|
||||
instance_addr = "127.0.0.1";
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
};
|
||||
replication_factor = 1;
|
||||
path_prefix = "/tmp/loki";
|
||||
};
|
||||
schema_config = {
|
||||
configs = [
|
||||
{
|
||||
from = "2020-05-15";
|
||||
store = "tsdb";
|
||||
object_store = "filesystem";
|
||||
schema = "v13";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
storage_config = {
|
||||
filesystem = {
|
||||
directory = "/tmp/loki/chunks";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3101;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
clients = [
|
||||
{
|
||||
url = "http://127.0.0.1:3100/loki/api/v1/push";
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = "catarina";
|
||||
};
|
||||
};
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [
|
||||
"__journal__systemd_unit"
|
||||
];
|
||||
target_label = "unit";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."grafana.elnafo.ru" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "elnafo.ru";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,41 +1,19 @@
|
||||
{config, ...}: {
|
||||
containers = let
|
||||
bindMounts = {
|
||||
"/var/lib/music" = {
|
||||
hostPath = "/media/storage/audio/library";
|
||||
isReadOnly = true;
|
||||
};
|
||||
};
|
||||
in {
|
||||
radio-synthwave = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.231.136.1";
|
||||
localAddress = "10.231.136.2";
|
||||
|
||||
inherit bindMounts;
|
||||
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
musicDirectory = "/var/lib/music";
|
||||
musicDirectory = "/home/l-nafaryus/Music";
|
||||
network.listenAddress = "any";
|
||||
#network.startWhenNeeded = true;
|
||||
user = "mpd";
|
||||
network.port = 6600;
|
||||
network.startWhenNeeded = true;
|
||||
user = "l-nafaryus";
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "httpd"
|
||||
name "Radio"
|
||||
port "6660"
|
||||
port "6666"
|
||||
bind_to_address "127.0.0.1"
|
||||
encoder "lame"
|
||||
max_clients "0"
|
||||
website "https://radio.elnafo.ru/synthwave"
|
||||
website "https://radio.elnafo.ru"
|
||||
always_on "yes"
|
||||
tags "yes"
|
||||
bitrate "128"
|
||||
@ -44,157 +22,11 @@
|
||||
'';
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [6600 6660];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
radio-non-stop-pop = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.231.136.1";
|
||||
localAddress = "10.231.136.3";
|
||||
|
||||
inherit bindMounts;
|
||||
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
musicDirectory = "/var/lib/music";
|
||||
network.listenAddress = "any";
|
||||
#network.startWhenNeeded = true;
|
||||
user = "mpd";
|
||||
network.port = 6601;
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "httpd"
|
||||
name "Radio"
|
||||
port "6661"
|
||||
encoder "lame"
|
||||
max_clients "0"
|
||||
website "https://radio.elnafo.ru/non-stop-pop"
|
||||
always_on "yes"
|
||||
tags "yes"
|
||||
bitrate "128"
|
||||
format "44100:16:1"
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [6601 6661];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
radio-hell-gates = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.231.136.1";
|
||||
localAddress = "10.231.136.4";
|
||||
|
||||
inherit bindMounts;
|
||||
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
musicDirectory = "/var/lib/music";
|
||||
network.listenAddress = "any";
|
||||
#network.startWhenNeeded = true;
|
||||
user = "mpd";
|
||||
network.port = 6602;
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "httpd"
|
||||
name "Radio"
|
||||
port "6662"
|
||||
encoder "lame"
|
||||
max_clients "0"
|
||||
website "https://radio.elnafo.ru/hell-gates"
|
||||
always_on "yes"
|
||||
tags "yes"
|
||||
bitrate "128"
|
||||
format "44100:16:1"
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [6602 6662];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.elnafo-radio = {
|
||||
enable = true;
|
||||
base = {
|
||||
title = "// Elnafo Radio //";
|
||||
meta = [
|
||||
["author" "L-Nafaryus"]
|
||||
["discord" "https://discord.gg/ZWUChw5wzm"]
|
||||
["git" "https://vcs.elnafo.ru/L-Nafaryus/elnafo-radio"]
|
||||
["matrix" "https://matrix.to/#/#elnafo:elnafo.ru"]
|
||||
];
|
||||
};
|
||||
stations = [
|
||||
{
|
||||
id = "synthwave";
|
||||
name = "Synthwave";
|
||||
host = config.containers.radio-synthwave.localAddress;
|
||||
port = 6600;
|
||||
url = "https://radio.elnafo.ru/synthwave";
|
||||
status = "Receive";
|
||||
genre = "synthwave, dark synthwave";
|
||||
}
|
||||
{
|
||||
id = "non-stop-pop";
|
||||
name = "Non-Stop-Pop";
|
||||
host = config.containers.radio-non-stop-pop.localAddress;
|
||||
port = 6601;
|
||||
url = "https://radio.elnafo.ru/non-stop-pop";
|
||||
status = "Online";
|
||||
location = "Los Santos";
|
||||
genre = "pop, r&b, dance music";
|
||||
}
|
||||
{
|
||||
id = "hell-gates";
|
||||
name = "Hell Gates";
|
||||
host = config.containers.radio-hell-gates.localAddress;
|
||||
port = 6602;
|
||||
url = "https://radio.elnafo.ru/hell-gates";
|
||||
status = "Receive";
|
||||
genre = "melodic death metal, death metal, metalcore";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."radio.elnafo.ru" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "elnafo.ru";
|
||||
locations."/".proxyPass = "http://${config.services.elnafo-radio.server.address}:${toString config.services.elnafo-radio.server.port}";
|
||||
locations."/synthwave".proxyPass = "http://${config.containers.radio-synthwave.localAddress}:6660";
|
||||
locations."/non-stop-pop".proxyPass = "http://${config.containers.radio-non-stop-pop.localAddress}:6661";
|
||||
locations."/hell-gates".proxyPass = "http://${config.containers.radio-hell-gates.localAddress}:6662";
|
||||
locations."/synthwave".proxyPass = "http://127.0.0.1:6666";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [config.services.mpd.network.port];
|
||||
}
|
||||
|
@ -22,7 +22,6 @@
|
||||
catarina = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = with inputs; [
|
||||
elnafo-radio.nixosModules.elnafo-radio
|
||||
nixos-mailserver.nixosModules.mailserver
|
||||
sops-nix.nixosModules.sops
|
||||
oscuro.nixosModules.oscuro
|
||||
@ -31,18 +30,4 @@
|
||||
];
|
||||
specialArgs = {bonPkgs = self.packages.x86_64-linux;};
|
||||
};
|
||||
|
||||
vinheim = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = with inputs; [
|
||||
home-manager.nixosModules.home-manager
|
||||
./vinheim
|
||||
];
|
||||
specialArgs = {
|
||||
inherit inputs bonLib;
|
||||
bonPkgs = self.packages.x86_64-linux;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
@ -1,135 +0,0 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
bonLib,
|
||||
...
|
||||
}: {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
imports = [
|
||||
./hardware.nix
|
||||
./users.nix
|
||||
];
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = ["nix-command" "flakes"];
|
||||
substituters = [
|
||||
"https://cache.elnafo.ru"
|
||||
"https://bonfire.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.elnafo.ru:j3VD+Hn+is2Qk3lPXDSdPwHJQSatizk7V82iJ2RP1yo="
|
||||
"bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
auto-optimise-store = true;
|
||||
trusted-users = ["l-nafaryus"];
|
||||
allowed-users = ["l-nafaryus"];
|
||||
};
|
||||
gc = {
|
||||
automatic = lib.mkDefault true;
|
||||
dates = lib.mkDefault "weekly";
|
||||
options = lib.mkDefault "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
|
||||
# Nix packages
|
||||
nixpkgs = {
|
||||
hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
config.allowUnfree = true;
|
||||
config.cudaSupport = false;
|
||||
};
|
||||
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
services.displayManager.sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
};
|
||||
|
||||
services.dbus = {
|
||||
enable = true;
|
||||
packages = with pkgs; [networkmanager];
|
||||
};
|
||||
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
startWhenNeeded = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
};
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host catarina
|
||||
HostName 77.242.105.50
|
||||
Port 22
|
||||
User l-nafaryus
|
||||
'';
|
||||
|
||||
virtualisation = {
|
||||
containers.enable = true;
|
||||
podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
|
||||
# Base packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
|
||||
parted
|
||||
ntfs3g
|
||||
sshfs
|
||||
exfat
|
||||
btrfs-progs
|
||||
btrbk
|
||||
|
||||
lm_sensors
|
||||
btop
|
||||
|
||||
git
|
||||
git-lfs
|
||||
lazygit
|
||||
|
||||
nnn
|
||||
fzf
|
||||
ripgrep
|
||||
fd
|
||||
|
||||
unzip
|
||||
|
||||
fishPlugins.fzf-fish
|
||||
fishPlugins.tide
|
||||
fishPlugins.grc
|
||||
fishPlugins.hydro
|
||||
grc
|
||||
|
||||
gnupg
|
||||
pass
|
||||
|
||||
bat
|
||||
];
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,121 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Boot
|
||||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/nvme0n1";
|
||||
useOSProber = true;
|
||||
};
|
||||
initrd = {
|
||||
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
|
||||
kernelModules = [];
|
||||
};
|
||||
kernelModules = ["kvm-intel" "tcp_bbr" "coretemp" "nct6775"];
|
||||
kernelParams = ["threadirqs"];
|
||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
||||
|
||||
kernel.sysctl = {
|
||||
# The Magic SysRq key is a key combo that allows users connected to the
|
||||
# system console of a Linux kernel to perform some low-level commands.
|
||||
# Disable it, since we don't need it, and is a potential security concern.
|
||||
"kernel.sysrq" = 0;
|
||||
|
||||
## TCP hardening
|
||||
# Prevent bogus ICMP errors from filling up logs.
|
||||
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
||||
# Reverse path filtering causes the kernel to do source validation of
|
||||
# packets received from all interfaces. This can mitigate IP spoofing.
|
||||
"net.ipv4.conf.default.rp_filter" = 1;
|
||||
"net.ipv4.conf.all.rp_filter" = 1;
|
||||
# Do not accept IP source route packets
|
||||
"net.ipv4.conf.all.accept_source_route" = 1;
|
||||
"net.ipv4.conf.wlo1.accept_source_route" = 1;
|
||||
"net.ipv6.conf.all.accept_source_route" = 1;
|
||||
# Don't send ICMP redirects
|
||||
"net.ipv4.conf.all.send_redirects" = 0;
|
||||
"net.ipv4.conf.default.send_redirects" = 0;
|
||||
# Refuse ICMP redirects (MITM mitigations)
|
||||
"net.ipv4.conf.all.accept_redirects" = 0;
|
||||
"net.ipv4.conf.default.accept_redirects" = 0;
|
||||
"net.ipv4.conf.all.secure_redirects" = 0;
|
||||
"net.ipv4.conf.default.secure_redirects" = 0;
|
||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||
# Protects against SYN flood attacks
|
||||
"net.ipv4.tcp_syncookies" = 1;
|
||||
# Incomplete protection again TIME-WAIT assassination
|
||||
"net.ipv4.tcp_rfc1337" = 1;
|
||||
|
||||
## TCP optimization
|
||||
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
||||
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
||||
# both incoming and outgoing connections:
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
# Bufferbloat mitigations + slight improvement in throughput & latency
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.core.default_qdisc" = "cake";
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [];
|
||||
|
||||
services.fstrim.enable = true;
|
||||
|
||||
security = {
|
||||
protectKernelImage = true;
|
||||
sudo.extraConfig = ''Defaults timestamp_timeout=30'';
|
||||
rtkit.enable = true;
|
||||
polkit.enable = true;
|
||||
};
|
||||
|
||||
# Hardware etc
|
||||
hardware = {
|
||||
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
graphics.enable = true;
|
||||
graphics.enable32Bit = true;
|
||||
|
||||
bluetooth.enable = true;
|
||||
|
||||
pulseaudio.enable = false;
|
||||
};
|
||||
|
||||
networking = {
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
enableStrongSwan = true;
|
||||
packages = with pkgs; [
|
||||
networkmanager-l2tp
|
||||
];
|
||||
};
|
||||
hostName = "nixos";
|
||||
extraHosts = ''192.168.130.211 gitlab'';
|
||||
};
|
||||
|
||||
time.timeZone = "Asia/Yekaterinburg";
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
};
|
||||
};
|
||||
}
|
@ -1,270 +0,0 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
bonPkgs,
|
||||
bonLib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
user = "l-nafaryus";
|
||||
in {
|
||||
# Users
|
||||
users.users.l-nafaryus = {
|
||||
isNormalUser = true;
|
||||
description = "L-Nafaryus";
|
||||
extraGroups = ["networkmanager" "wheel" "audio" "libvirtd" "input" "video" "disk" "wireshark" "podman"];
|
||||
group = "users";
|
||||
uid = 1000;
|
||||
initialPassword = "nixos";
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.backupFileExtension = "hmbackup";
|
||||
|
||||
home-manager.users.${user} = {pkgs, ...}: let
|
||||
hmConfig = config.home-manager.users.${user};
|
||||
in {
|
||||
home.stateVersion = "23.11";
|
||||
home.username = "l-nafaryus";
|
||||
home.homeDirectory = "/home/l-nafaryus";
|
||||
imports = [
|
||||
(bonLib.injectArgs {
|
||||
inherit hmConfig;
|
||||
})
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.ags.homeManagerModules.default
|
||||
];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
taskwarrior3
|
||||
|
||||
gparted
|
||||
|
||||
firefox
|
||||
thunderbird
|
||||
|
||||
qpwgraph
|
||||
|
||||
lutris
|
||||
wine
|
||||
winetricks
|
||||
gamemode
|
||||
|
||||
inkscape
|
||||
imagemagick
|
||||
yt-dlp
|
||||
ffmpeg
|
||||
|
||||
qbittorrent
|
||||
telegram-desktop
|
||||
|
||||
onlyoffice-bin
|
||||
|
||||
# btop
|
||||
lua
|
||||
# bat
|
||||
tree
|
||||
bonPkgs.bonvim
|
||||
|
||||
kdePackages.kmail
|
||||
kdePackages.kmail-account-wizard
|
||||
|
||||
lazydocker
|
||||
docker-compose
|
||||
podman-compose
|
||||
dive
|
||||
|
||||
ksshaskpass
|
||||
];
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
configPackages = with pkgs; [
|
||||
kdePackages.xdg-desktop-portal-kde
|
||||
];
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-gtk
|
||||
];
|
||||
};
|
||||
|
||||
# Theme
|
||||
catppuccin = {
|
||||
# global, for all enabled programs
|
||||
enable = true;
|
||||
flavor = "macchiato";
|
||||
accent = "green";
|
||||
};
|
||||
|
||||
programs = {
|
||||
# General
|
||||
fish = {
|
||||
enable = true;
|
||||
interactiveShellInit = ''
|
||||
set fish_greeting
|
||||
'';
|
||||
plugins = with pkgs.fishPlugins;
|
||||
map (p: {
|
||||
name = p.pname;
|
||||
src = p.src;
|
||||
}) [
|
||||
fzf-fish
|
||||
tide
|
||||
grc
|
||||
hydro
|
||||
];
|
||||
functions = {
|
||||
fish-theme-configure = ''
|
||||
tide configure \
|
||||
--auto \
|
||||
--style=Lean \
|
||||
--prompt_colors='True color' \
|
||||
--show_time='12-hour format' \
|
||||
--lean_prompt_height='Two lines' \
|
||||
--prompt_connection=Disconnected \
|
||||
--prompt_spacing=Compact \
|
||||
--icons='Many icons' \
|
||||
--transient=No
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
userName = "L-Nafaryus";
|
||||
userEmail = "l.nafaryus@gmail.com";
|
||||
signing = {
|
||||
key = "86F1EA98B48FFB19";
|
||||
signByDefault = true;
|
||||
};
|
||||
extraConfig = {
|
||||
# ignore trends
|
||||
init.defaultBranch = "master";
|
||||
core = {
|
||||
quotePath = false;
|
||||
commitGraph = true;
|
||||
whitespace = "trailing-space";
|
||||
};
|
||||
receive.advertisePushOptions = true;
|
||||
gc.writeCommitGraph = true;
|
||||
diff.submodule = "log";
|
||||
};
|
||||
aliases = {
|
||||
plog = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
|
||||
};
|
||||
};
|
||||
|
||||
bat.enable = true;
|
||||
|
||||
btop = {
|
||||
enable = true;
|
||||
settings = {
|
||||
cpu_bottom = true;
|
||||
proc_tree = true;
|
||||
};
|
||||
};
|
||||
|
||||
fzf.enable = true;
|
||||
|
||||
lazygit.enable = true;
|
||||
|
||||
gpg = {
|
||||
enable = true;
|
||||
homedir = "${hmConfig.xdg.configHome}/gnupg";
|
||||
mutableKeys = true;
|
||||
mutableTrust = true;
|
||||
settings = {
|
||||
default-key = "B0B3 DFDB B842 BE9C 7468 B511 86F1 EA98 B48F FB19";
|
||||
};
|
||||
# TODO: replace existing ssh key with gpg provided
|
||||
};
|
||||
|
||||
nnn = {
|
||||
enable = true;
|
||||
package = pkgs.nnn.override {withNerdIcons = true;};
|
||||
bookmarks = {
|
||||
d = "~/Downloads";
|
||||
p = "~/projects";
|
||||
i = "~/Pictures";
|
||||
m = "~/Music";
|
||||
v = "~/Videos";
|
||||
};
|
||||
plugins = {
|
||||
src = "${hmConfig.programs.nnn.finalPackage}/share/plugins";
|
||||
mappings = {
|
||||
# TODO: add used programs for previews with FIFO support
|
||||
p = "preview-tui";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
ncmpcpp.enable = true;
|
||||
|
||||
# Graphical
|
||||
obs-studio = {
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [
|
||||
obs-vkcapture
|
||||
input-overlay
|
||||
obs-pipewire-audio-capture
|
||||
wlrobs
|
||||
inputs.obs-image-reaction.packages.${pkgs.system}.default
|
||||
];
|
||||
};
|
||||
|
||||
mpv = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
# General
|
||||
gpg-agent = {
|
||||
enable = true;
|
||||
defaultCacheTtl = 3600;
|
||||
defaultCacheTtlSsh = 3600;
|
||||
enableSshSupport = true;
|
||||
pinentryPackage = pkgs.pinentry-qt;
|
||||
enableFishIntegration = true;
|
||||
enableBashIntegration = true;
|
||||
};
|
||||
|
||||
ssh-agent.enable = true;
|
||||
};
|
||||
|
||||
# XDG
|
||||
xdg = {
|
||||
enable = true;
|
||||
mime.enable = true;
|
||||
userDirs.enable = true;
|
||||
};
|
||||
|
||||
# dconf
|
||||
dconf.settings = {
|
||||
"org/virt-manager/virt-manager/connections" = {
|
||||
autoconnect = ["qemu:///system"];
|
||||
uris = ["qemu:///system"];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
# hint electron applications to use wayland
|
||||
NIXOS_OZONE_WL = "1";
|
||||
DOCKER_HOST = "unix:///run/user/${toString config.users.users.l-nafaryus.uid}/podman/podman.sock";
|
||||
};
|
||||
|
||||
systemd.user.extraConfig = "DefaultLimitNOFILE=524288";
|
||||
|
||||
programs.virt-manager.enable = true;
|
||||
|
||||
programs.wireshark = {
|
||||
enable = true;
|
||||
package = pkgs.wireshark;
|
||||
};
|
||||
|
||||
fonts.packages = with pkgs; [nerdfonts liberation_ttf];
|
||||
}
|
@ -10,9 +10,7 @@
|
||||
./services/papermc.nix
|
||||
./services/qbittorrent-nox.nix
|
||||
./services/spoofdpi.nix
|
||||
# ISSUE: collision with nixos module zapret
|
||||
#./services/zapret.nix
|
||||
./services/conduit.nix
|
||||
./services/zapret.nix
|
||||
];
|
||||
|
||||
configModule = {
|
||||
@ -26,7 +24,6 @@
|
||||
# extra arguments
|
||||
_module.args = {
|
||||
bonPkgs = self.packages.${pkgs.system};
|
||||
bonLib = lib.mkDefault bonLib;
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -47,7 +44,7 @@
|
||||
...
|
||||
}: {
|
||||
# collect all modules
|
||||
imports = moduleList ++ [configModule];
|
||||
imports = importedModules;
|
||||
};
|
||||
in
|
||||
lib.listToAttrs (
|
||||
|
@ -1,24 +1,22 @@
|
||||
dns: ENC[AES256_GCM,data:x2oHP6nGHnPl5WblPHRcBDQCkhj8FZnr5r+cBdaHyrPKxI71ECYmno/ItV/0opj0eGYamQjrVJkuZBGcQlXMMn9Hp4ImjByaX/zqYrdIjSY2B24h8kvnblsXjF6SlA==,iv:QRbiqpCwQ41pfmn3wwNITWdoMI9FzxShsG+fR5lAbl4=,tag:Rknw+qwLZ8No806ek+2zmQ==,type:str]
|
||||
dns: ENC[AES256_GCM,data:KIcegw69ZEVY1VnSktZMMjaRhCJVCHn7BCAKvfR/iXs5AseDLVC025WRAy92UuuVYPwBvdHgRQUg8I6lrfr7RTHJooANHUK8D79c2+sAI/KsUw2ENh1tVgdW2A4enQ==,iv:12yEf+u0Ky0vktAfpAuG28mRSKDLyWlWHJ+9EPYqI4w=,tag:9MKTsAUfvzEyEzTd6ba/Jg==,type:str]
|
||||
users:
|
||||
root: ENC[AES256_GCM,data:NIWAU+rCD7ShRU+ZMWw7D1XlNdhL9iwu6MP53edBFeCdSaiA91uS/n4MDgoQkao3sIE6zl5k/jht8GigZLSbjlj9iGhe3sTngg==,iv:hjimz2SsXf0nNgGhkDx97sg8iWBrne75KSbJLtJUf3k=,tag:4wfCpXew/OtTDZLIQk3cFA==,type:str]
|
||||
l-nafaryus: ENC[AES256_GCM,data:xXRQH92Hi0qO31pxmlHNLG+fHJRsAFgEs1a1APwNsGRZEVV5UB+ijK1S8dThFN+gnlcLb/gLlypFiK8Vzd7/kCOMyaJYtXJChg==,iv:AgE2X3iUAA/U8YmPawcONvWcxgBDkRdVvye4dTSIBd4=,tag:kkwiaSymObztQTjcfno1DA==,type:str]
|
||||
root: ENC[AES256_GCM,data:nZpmZM0Ws9mVujJhqPKfSJwIqit23pc2TlF6k4iGEzQvf2iROyWN/+b212d/LiAWOoVl3tRkt7EcOiLsLu51DJnQtCGOWGcF5w==,iv:hbNMqy+OxbHsh77zT6a2Yb1lUXwVRvRF1PhSO/15keE=,tag:oe/Y2fWKHNiRamuhY+3xYQ==,type:str]
|
||||
l-nafaryus: ENC[AES256_GCM,data:RJXjIcSWrG00IqneQVBpvPayVZ/mFNZ16digWF/GaNNGYy+bDPYkglTiMdy5/xfah8BMrwmfID4PKyEBtMiIEx8VlV55N+hJyg==,iv:noFYBRrWMg7dxqAbVuT7uOCK4mQk4U29kiECJLb6QCQ=,tag:dZs6TC8kI9ioRYfhcceT+Q==,type:str]
|
||||
database:
|
||||
git: ENC[AES256_GCM,data:noMvwTPWZWb79JtoEh0FLuXotVAXTX51QLcRfmjwxVg=,iv:EMiKZvMNhxpe2gARJ7BUrJFVM3ap/gMhJaRnKEJ7lX8=,tag:y+TAUHijY0NCvlwdg1fS1w==,type:str]
|
||||
git: ENC[AES256_GCM,data:g5Fnb9R/LnKrB6rDQ0ss0wu9SZu7433xfUIzJQKG3SA=,iv:MHEclxa1ldE51hNe0zHsVv5BPdN5RELlkHgZGXxSdTo=,tag:zzKNB0/RehFPrhFQMi/g9w==,type:str]
|
||||
mail:
|
||||
l-nafaryus: ENC[AES256_GCM,data:0PKuC3fI8gGOg99DtyF84neRRnr1P7cqKti8XSjHUurb4CyLG01+aCzABBJzcAs05oQMjiLbAj0prj6Q,iv:m4PzJ5hJqyyLmNss8/CckrBhDe3HC3HVTCbCvhZf93Y=,tag:uKiZLlmQzuO7mcGhQb3/og==,type:str]
|
||||
git: ENC[AES256_GCM,data:YxU4Ws+yHgv5RsluX6BhpEnGBiDWZmIx+D8uD7oZr+v18tCSX27mI+T0t4IycPli4SLHUQR4PjGmnJao,iv:yHPkp1QmRWj4Nj4isIYtpe0ROSVLK9biBWJb81P5aew=,tag:+FJ6l4P7onUhKejYVq25Hg==,type:str]
|
||||
kirill: ENC[AES256_GCM,data:erI0exQOi8JccOQVkWIt8zwvrm45Yrt1MNccBYO2oE5eEuXmeDU7uL92U4h+rDH+NojYpVjl1IaRAyU5,iv:kRvqVs70OzXLOBpZ/bfN0TQMdhqV6RAzQiszPQ4ZIwM=,tag:1whNxpchBdzOiVxCwYAzFA==,type:str]
|
||||
l-nafaryus: ENC[AES256_GCM,data:8JGjpQxcytZhfYT2JFUspufCnwCISbzBbaY2gN8WpSrlSlhIxVBkcdFnuGl3EJ6kABFX3lEGZomVNtay,iv:9l/x5xiDvkJ8QeqK7LTtQ/nxTckMGTkgujSDLtfWMZM=,tag:6qVUxjgs6QB+MQwog1fksw==,type:str]
|
||||
git: ENC[AES256_GCM,data:w6odytyieDSJCRdf6og7rX1274Xtd3Mn+Eg5tPFjQv3pN/OVJ1fRk7nGFmHlKqR2VEtUVFHyZHKW4J7+,iv:Lo9yyCNvBxUOlxhLo4PFfT7eZrwZ3d6Yue2U8MBlTfM=,tag:T41aErdaYDI6ns20EBOwyw==,type:str]
|
||||
kirill: ENC[AES256_GCM,data:ZBFfZufBdRRaeXUWiISVPxGvou78kNn+U1nYSBJ7OR6IqyvZMec+/s3+dDiwySOJ58EYCCqUZ7pq05U0,iv:r+mHKvxfI32Y/AHVN0AQqj3OqkxECuU6LIFNzmGvZ5s=,tag:gJsG2pa2k4gBTD294DuNWg==,type:str]
|
||||
gitea:
|
||||
mail: ENC[AES256_GCM,data:RwQY3sOfcZMTWbvK5NWOprTSKTY5Fn/cECCh1MRC,iv:KjiYDiqmMO8u3m2VArdAva937cqfqNHKKMUkvnpDtkU=,tag:OpkSgrs8Rrz+XG5Q3tw+QQ==,type:str]
|
||||
mail: ENC[AES256_GCM,data:LFYWpjHPcu6CQgcUEVcFA0ewZRjzA36wsoATnVGj,iv:Jqn1+6xa+wdkmdG2z9b8jf4DzCqF0I0YSctbiMN2tKw=,tag:aQQJG9STQmnAu+Dp9lj6cg==,type:str]
|
||||
gitea-runner:
|
||||
master-token: ENC[AES256_GCM,data:VbOnxgDr8Ni0NTdJvnwnppY3Q+/bev7IoVhxTpjGAphxh0tieCPfbnBJweav+l8dtQ==,iv:FzB5h/O0GSeBv1ZzE/zojWR2C6RR90NsxYddreVSmU0=,tag:c1WDgG9BlzvXaf+afzZW5g==,type:str]
|
||||
master-token: ENC[AES256_GCM,data:hZc+sti6I1j3EQQc/wRb5exg0yO6+wq0NCdUJ6FN/wpwyhfWPdEJ5eWw+3bAsEpxdQ==,iv:uJXhf5DZtk1LROyfw8bn5ZjN329LbZyTlaSPMvzeNXs=,tag:IeGUODEvfELc2YS+TUP7/g==,type:str]
|
||||
papermc:
|
||||
rcon: ENC[AES256_GCM,data:h9DqMN3MAS2X,iv:M72Ku0n1BTaj9TuHmpj+xBcE/6nJvHWKB87HZ3pUKyE=,tag:QRN8e/SXKv0VGyOf9Fq49Q==,type:str]
|
||||
discordToken: ENC[AES256_GCM,data:dII/1MKdUt/gjl6j+0mIyy0e03BmRwFPBle4fCx5ZYFjQ6zy9ByjFwVYKS8LlXTaPZQGknTBg0QHypRjE3XFW5uzvfp0OfTYm0o=,iv:bSkp6dKYeOuei9OkshO89ihfGMpRXE+8vb0iXEEkv0I=,tag:ICCUF/l8vJfzb/hgF9AYsg==,type:str]
|
||||
rcon: ENC[AES256_GCM,data:t6EjQmR+7l9x,iv:Vg3Ht/FNDUSkpRcP4c3hR/GzXMFMH/uD1wkPGn/OyKQ=,tag:++OEAYFK2qE4gM/XMSGH+g==,type:str]
|
||||
discordToken: ENC[AES256_GCM,data:oRNbi3uDJClyRJgKycvJAt+2ZPT3hU9AVGmB1XMGqObz6O0DpdBlsmSCbwXwhvD2U0cMLUx7fdehdDUXTnk5qLR/eBSwD/k0+0U=,iv:WXRo7iSRn+/4oeHuuEhQsDNrxw1pWt21GDLeinVOmV0=,tag:IHWpKGlkmHwDI7j9MHTbtg==,type:str]
|
||||
nix-store:
|
||||
cache-key: ENC[AES256_GCM,data:wEp8XH18N5P+h8EMognt93/VwXVF5/sxvEOrGzba/iK1W4nVZM8pStGAP0wI593MEB7Vobw+slWj4I3wwRJjOpDsK4EsgROUBein84Gn9uqk/liCEqjSAqZkktv4yX5p3dETZw+Ojak=,iv:oVKBfzJP8il3N6lH4JmaPaHSaqkUfmsM6cr+xumjAdE=,tag:+Gj9CzpoQknT+i6xAPZ7dg==,type:str]
|
||||
matrix:
|
||||
coturn-secret: ENC[AES256_GCM,data:BWYo08cS4oAYk7aK5yKT7xWkcxhOhxi3mZzl//xB/IqJ70x4ggGoiVudTxE=,iv:4YYWyxnwR1KcpjTNwvzrGWWVobr3LM6H6l/1/fbBQE4=,tag:qmXc+tzYKJR6hErgurx97Q==,type:str]
|
||||
cache-key: ENC[AES256_GCM,data:SH0lBYa6ELoraxKmWo+hb3+rFRjFbVm1mj0YiVKUua5pVnC8Weihk4haTJZ1zShc3ADuinyHD/Ns+576bajWoE5jSGHXlgWQ8P+5fMZ0BkmZEuP5kooWRBk5t1aZilM3LJavwsYiE6E=,iv:KpwDXIXtaiNgVgcUQJJOnA+YLXVhJwILeq2dX1XkXgo=,tag:4kTemsodW0bhW9joQAPzhA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -28,23 +26,23 @@ sops:
|
||||
- recipient: age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVmZiM3RqVkphSm5aV0E5
|
||||
ZW56NjEvdEFyQmI1NlEwaHNYOWN4aEp0bDN3CmcyTDY3QzJLSk5MSXZ4T0xONG5D
|
||||
NXRQejQrSlRWSHBQbnhVVVY5SGdmQzAKLS0tIGJWRWlPbVVicWhXcm1wMnBjbGpB
|
||||
aXFvYzkvUDV6RTZTdzViZkVmeHY1MUkKoxyI003op6VxqTNFApFoAzIA1KwvKD51
|
||||
hjBPkP9e1B3fRWZXysva51G/Y2zc6ylv17qPE5TjaVw9OS2WqTQNWA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvajllWmw2U2U3eDFvY0Uw
|
||||
S09kTGV1RDZVTU42QmlOZXcwWFl2RWNQeldRCklsSERCUUJKS1BNbkt4MWtoWFl3
|
||||
ZG9BVUFoQ1h5ZGlFelNzMEtIQmliTjgKLS0tIHZCWFBHUEw2TE9Yc0tZemtkUkNN
|
||||
eXgrOTk1S0tDWWpHUkIveWZZdlYvMTQKyZMAYr6n5figUX2YUAAA37nxA5r1tyXh
|
||||
F7/l2T4R+cXq3Oywf5EtezOMdl9Xprk0ZoubzT55p0TPtYwCNk6Chg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wyz7cfldqe9hh8qyw2qm42hkq9s7qdwqnrnv0u3s6vstv9649v0sh0z4em
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eGVWZnVUMUdyNys4cUFv
|
||||
czl4THRPOFN6RXl1d3hoUlMzVittUmtjMGl3CnlCOElNVitLdXJQbmMxNTROdHRz
|
||||
MFl6NmxHWEY3anFsUkxpWGZHZ21iZ2sKLS0tIG1UT0VpaDBRNUpSY2lDcTRJMHpT
|
||||
ZnlzMlFUcEx5bHltdlg5ODVMVFNHNW8K7x38gdL5sbNLqTXdCxIHuX+yIy+XX8Vi
|
||||
x90Ltb5GOAMkd6qzgup3bWuQazpZ/Gj25f6ql7L2Oenlw8/8S9vbeQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSkt5NG4wdGVwMDlpMFhv
|
||||
Vm56L1owRXJ2RTBhUVZ2aXpVVUVrZDV6M0FNCmYxTlNrQko0SmorWUV3VnRkOENK
|
||||
RDJzQkk0dVA0UVdDWEtxRDJEZFpSWVUKLS0tIGc1NFUzb1dhWUZlQWdpNFA4ZC9J
|
||||
cFBmaUV4SWx3K21UUDA2YlBVY1NCazgK080jE+EELtQf8PmlaZs4RR+gjJEeEiTn
|
||||
wwZXV8ufOGtLLwFtYlm8pdMXDtVrBywcRdzSo6/e73Y+GFxulTIFCQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-09T07:20:47Z"
|
||||
mac: ENC[AES256_GCM,data:fJ86HMwKQmbSTsAWAKC1cGxDqwkddTGHfFjQMa74RVxNh+yFlD+gEHFV2GKTRVji8kEUlp4qXqwtKnJ9Fx5zw0P1LHuCE9Q4j1Cxgs/j7XFTNMTvpt/8sVR1YC77Qp9LDwDxdDQK0GV4Z3BzoqjM20BHRbTWtCSyoNRmBP6Wcg8=,iv:BptqL9qXcyc5SaGvPMfUWDd0b22Viy5LJElbNGhpDYQ=,tag:jHMETvWq9IOCk+z63Dntpg==,type:str]
|
||||
lastmodified: "2024-08-05T17:43:22Z"
|
||||
mac: ENC[AES256_GCM,data:OMwzBcK+KEaxZNTxCnlhDmm9efUkOtMk7vZUfxV9bCny80CdQhp9dD9a9bRPwn+lzgTj3CZLhLAubB3Eh01dqrbZ3DQt/p6xFQ54kCX0a18AHVSIrDcYQNez0MLcOI56RvJDofsO5Dh3i2sFXZ/gaxEjPBQPxlbH1KOrjCm480w=,iv:70i/TOlDF8Vru5FBu0fVb9IkG+Fg83zqcrcuyiHEHBc=,tag:A5qPz8KQl33Z5uHzMlTA0Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
@ -42,18 +42,6 @@
|
||||
group = "nix-serve";
|
||||
mode = "0600";
|
||||
};
|
||||
|
||||
coturn-secret = lib.mkIf config.services.coturn.enable {
|
||||
owner = "turnserver";
|
||||
group = "turnserver";
|
||||
key = "matrix/coturn-secret";
|
||||
};
|
||||
|
||||
turn-secret = lib.mkIf config.services.conduit.enable {
|
||||
owner = "conduit";
|
||||
group = "conduit";
|
||||
key = "matrix/coturn-secret";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1,223 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
bonLib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.services.conduit;
|
||||
format = pkgs.formats.toml {};
|
||||
configFile = pkgs.writeText "config.toml" ''
|
||||
${bonLib.toTOML {global = cfg.settings.global // lib.optionals (cfg.turn_secret_file != null) {turn_secret = "#turn_secret#";};}}
|
||||
'';
|
||||
in {
|
||||
options.services.conduit = {
|
||||
enable = mkEnableOption "conduit";
|
||||
|
||||
extraEnvironment = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
description = "Extra Environment variables to pass to the conduit server.";
|
||||
default = {};
|
||||
example = {RUST_BACKTRACE = "yes";};
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.matrix-conduit;
|
||||
defaultText = literalExpression "pkgs.matrix-conduit";
|
||||
description = "The package to use.";
|
||||
};
|
||||
|
||||
turn_secret_file = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = "The path to the file with TURN secret.";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = types.submodule {
|
||||
#freeformType = format.type;
|
||||
options = {
|
||||
global.server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "example.com";
|
||||
description = "The server_name is the name of this server. It is used as a suffix for user # and room ids.";
|
||||
};
|
||||
global.port = mkOption {
|
||||
type = types.port;
|
||||
default = 6167;
|
||||
description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port";
|
||||
};
|
||||
global.max_request_size = mkOption {
|
||||
type = types.ints.positive;
|
||||
default = 20000000;
|
||||
description = "Max request size in bytes. Don't forget to also change it in the proxy.";
|
||||
};
|
||||
global.allow_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether new users can register on this server.";
|
||||
};
|
||||
global.allow_encryption = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.";
|
||||
};
|
||||
global.allow_federation = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether this server federates with other servers.
|
||||
'';
|
||||
};
|
||||
global.trusted_servers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = ["matrix.org"];
|
||||
description = "Servers trusted with signing server keys.";
|
||||
};
|
||||
global.address = mkOption {
|
||||
type = types.str;
|
||||
default = "::1";
|
||||
description = "Address to listen on for connections by the reverse proxy/tls terminator.";
|
||||
};
|
||||
global.database_path = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/conduit/";
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Path to the conduit database, the directory where conduit will save its data.
|
||||
Note that due to using the DynamicUser feature of systemd, this value should not be changed
|
||||
and is set to be read only.
|
||||
'';
|
||||
};
|
||||
global.database_backend = mkOption {
|
||||
type = types.enum ["sqlite" "rocksdb"];
|
||||
default = "sqlite";
|
||||
example = "rocksdb";
|
||||
description = ''
|
||||
The database backend for the service. Switching it on an existing
|
||||
instance will require manual migration of data.
|
||||
'';
|
||||
};
|
||||
global.allow_check_for_updates = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to allow Conduit to automatically contact
|
||||
<https://conduit.rs> hourly to check for important Conduit news.
|
||||
|
||||
Disabled by default because nixpkgs handles updates.
|
||||
'';
|
||||
};
|
||||
global.well_known.client = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "The URL that clients should use to connect to Conduit.";
|
||||
};
|
||||
global.well_known.server = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "The hostname and port servers should use to connect to Conduit.";
|
||||
};
|
||||
global.turn_uris = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "The TURN URIs.";
|
||||
};
|
||||
global.turn_secret = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "The TURN secret.";
|
||||
};
|
||||
global.turn_ttl = mkOption {
|
||||
type = types.int;
|
||||
default = 86400;
|
||||
description = "The TURN TTL in seconds.";
|
||||
};
|
||||
};
|
||||
};
|
||||
default = {};
|
||||
description = ''
|
||||
Generates the conduit.toml configuration file. Refer to
|
||||
<https://docs.conduit.rs/configuration.html>
|
||||
for details on supported values.
|
||||
Note that database_path can not be edited because the service's reliance on systemd StateDir.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.settings.global.turn_secret != null -> cfg.turn_secret_file == null;
|
||||
message = "settings.global.turn_secret and turn_secret_file cannot be set at the same time";
|
||||
}
|
||||
];
|
||||
|
||||
users.users.conduit = {
|
||||
description = "Conduit service user.";
|
||||
isSystemUser = true;
|
||||
group = "conduit";
|
||||
};
|
||||
users.groups.conduit = {};
|
||||
|
||||
systemd.services.conduit = let
|
||||
runConfig = "/run/conduit/config.toml";
|
||||
in {
|
||||
description = "Conduit Matrix Server";
|
||||
documentation = ["https://gitlab.com/famedly/conduit/"];
|
||||
after = ["network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
environment = mkMerge [
|
||||
{CONDUIT_CONFIG = runConfig;}
|
||||
cfg.extraEnvironment
|
||||
];
|
||||
preStart = ''
|
||||
cat ${configFile} > ${runConfig}
|
||||
${lib.optionalString (cfg.turn_secret_file != null) ''
|
||||
${pkgs.replace-secret}/bin/replace-secret \
|
||||
"#turn_secret#" \
|
||||
${cfg.turn_secret_file} \
|
||||
${runConfig}
|
||||
''}
|
||||
chmod 640 ${runConfig}
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "conduit";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateUsers = true;
|
||||
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
];
|
||||
StateDirectory = "conduit";
|
||||
StateDirectoryMode = "0700";
|
||||
RuntimeDirectory = "conduit";
|
||||
ExecStart = "${cfg.package}/bin/conduit";
|
||||
Restart = "on-failure";
|
||||
RestartSec = 10;
|
||||
StartLimitBurst = 5;
|
||||
UMask = "077";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /run/conduit 0700 conduit conduit - -"
|
||||
];
|
||||
};
|
||||
}
|
@ -101,30 +101,14 @@ in {
|
||||
description = "List of addresses to ignore";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/zapret";
|
||||
description = ''
|
||||
Directory to store zapret files and antifilter lists.
|
||||
'';
|
||||
};
|
||||
|
||||
filterAddressesSource = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = ''https://antifilter.network/download/ipsmart.lst'';
|
||||
description = "Link to external list of addresses to download and use.";
|
||||
};
|
||||
|
||||
# TODO: ipset hashsize and maxelem
|
||||
# TODO: add filter and anti filter options with optional file paths
|
||||
# TODO ipset hashsize and maxelem
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.tpws = {
|
||||
isSystemUser = true;
|
||||
group = "tpws";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
users.groups.tpws = {};
|
||||
@ -142,8 +126,6 @@ in {
|
||||
)
|
||||
gawk
|
||||
ipset
|
||||
wget
|
||||
curl
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
@ -151,11 +133,10 @@ in {
|
||||
Restart = "no";
|
||||
TimeoutSec = "30sec";
|
||||
IgnoreSIGPIPE = "no";
|
||||
#KillMode = "none";
|
||||
KillMode = "none";
|
||||
GuessMainPID = "no";
|
||||
RemainAfterExit = "no";
|
||||
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStart = "${cfg.package}/bin/zapret start";
|
||||
ExecStop = let
|
||||
stop_script = pkgs.writeShellScriptBin "zapret-stop" ''
|
||||
@ -176,25 +157,37 @@ in {
|
||||
DISABLE_IPV6=${toString cfg.disableIPV6}
|
||||
''
|
||||
]);
|
||||
|
||||
# hardening
|
||||
DevicePolicy = "closed";
|
||||
KeyringMode = "private";
|
||||
PrivateTmp = true;
|
||||
PrivateMounts = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectProc = "invisible";
|
||||
RemoveIPC = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
|
||||
preStart = let
|
||||
zapretListFile = src: pkgs.writeText "zapretList" (createFilterList "zapret" src);
|
||||
nozapretListFile = src: pkgs.writeText "nozapretList" (createFilterList "nozapret" src);
|
||||
# zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" (lib.readFile cfg.package.passthru.antifilter.ipsmart));
|
||||
zapretListFile = pkgs.writeText "zapretList" (createFilterList "zapret" cfg.filterAddresses);
|
||||
nozapretListFile = pkgs.writeText "nozapretList" (createFilterList "nozapret" cfg.ignoreAddresses);
|
||||
in ''
|
||||
${lib.optionalString (cfg.filterAddressesSource != null) "curl -L '${cfg.filterAddressesSource}' -o ${cfg.dataDir}/zapretList && sed -i -e 's/^/add zapret /' '${cfg.dataDir}/zapretList'"}
|
||||
|
||||
ipset create zapret hash:net family inet hashsize 262144 maxelem 522288 -!
|
||||
ipset flush zapret
|
||||
ipset restore -! < ${
|
||||
if (cfg.filterAddressesSource != null)
|
||||
then "${cfg.dataDir}/zapretList"
|
||||
else (zapretListFile cfg.filterAddresses)
|
||||
}
|
||||
ipset restore -! < ${zapretListFile}
|
||||
|
||||
ipset create nozapret hash:net family inet hashsize 262144 maxelem 522288 -!
|
||||
ipset flush nozapret
|
||||
ipset restore -! < ${nozapretListFile cfg.ignoreAddresses}
|
||||
ipset restore -! < ${nozapretListFile}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
13
packages/blender/default.nix
Normal file
13
packages/blender/default.nix
Normal file
@ -0,0 +1,13 @@
|
||||
{
|
||||
bonLib,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
(pkgs.blender.override {cudaSupport = true;}).overrideAttrs (old: {
|
||||
meta =
|
||||
old.meta
|
||||
// {
|
||||
description = old.meta.description + " (CUDA enabled)";
|
||||
};
|
||||
})
|
@ -30,16 +30,6 @@
|
||||
zlib
|
||||
];
|
||||
|
||||
passthru = {
|
||||
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
|
||||
set -euo pipefail
|
||||
|
||||
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/shuttle-hq/shuttle/tags?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].name" | ${pkgs.gnused}/bin/sed 's/^v//')"
|
||||
|
||||
drift rewrite --auto-hash --new-version "$latest"
|
||||
'';
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "A cargo command for the shuttle platform";
|
||||
license = licenses.asl20;
|
||||
|
@ -83,12 +83,17 @@ in
|
||||
|
||||
# Pass for cache
|
||||
|
||||
# ISSUE: attribute 'targetPlatforms' missing
|
||||
#wezterm = {
|
||||
# source = ./wezterm;
|
||||
# platforms = ["x86_64-linux"];
|
||||
# builder = {...}: import;
|
||||
#};
|
||||
blender = {
|
||||
source = ./blender;
|
||||
platforms = ["x86_64-linux"];
|
||||
builder = {...}: import;
|
||||
};
|
||||
|
||||
wezterm = {
|
||||
source = ./wezterm;
|
||||
platforms = ["x86_64-linux"];
|
||||
builder = {...}: import;
|
||||
};
|
||||
|
||||
# Container images
|
||||
|
||||
|
@ -2,9 +2,8 @@
|
||||
bonLib,
|
||||
stdenv,
|
||||
pkgs,
|
||||
version ? "6.2.2405",
|
||||
version ? "6.2.2404",
|
||||
sha256 ? "sha256-SZPZT49BqUzssPcOo/5yAkjqAHDErC86xCUFL88Iew4=",
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
stdenv.mkDerivation {
|
||||
@ -62,26 +61,6 @@ stdenv.mkDerivation {
|
||||
export PYTHONPATH="${python3}/${python3.sitePackages}"
|
||||
export PYTHONPATH="$PYTHONPATH:${pkg}/${python3.sitePackages}"
|
||||
'';
|
||||
update = pkgs.writeShellScriptBin "update-spoofdpi" ''
|
||||
set -euo pipefail
|
||||
|
||||
new_version=$(${lib.getExe pkgs.curl} -s "https://api.github.com/repos/NGSolve/netgen/tags?per_page=1" | ${lib.getExe pkgs.jq} -r ".[0].name")
|
||||
new_hash=$(nix flake prefetch --json https://github.com/NGSolve/netgen/archive/refs/tags/$new_version.tar.gz | ${lib.getExe pkgs.jq} -r ".hash")
|
||||
|
||||
old_version=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.version")
|
||||
old_hash=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.outputHash")
|
||||
|
||||
nixpath=$(nix eval --impure --json --expr "(builtins.getFlake (toString ./.)).packages.${builtins.currentSystem}.netgen.src.meta.position")
|
||||
relpath=$(echo $nixpath | ${lib.getExe pkgs.ripgrep} "\/nix\/store\/[\w\d]{32}-[^\/]+/" -r "" | ${lib.getExe pkgs.ripgrep} "[:\d]" -r "")
|
||||
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_version/$new_version/g"
|
||||
#echo "./$relpath" | ${lib.getExe pkgs.gnused} -i "s/$old_hash/$new_hash/g"
|
||||
|
||||
content=$(${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
|
||||
content=$(echo $content | ${lib.getExe pkgs.ripgrep} $old_version --passthru -r $new_version $relpath)
|
||||
|
||||
echo $content > $relpath
|
||||
# TODO: убрать все кавычки
|
||||
'';
|
||||
};
|
||||
|
||||
meta = with pkgs.lib; {
|
||||
|
@ -4,6 +4,7 @@
|
||||
pkgs,
|
||||
version ? "v0.10.0",
|
||||
hash ? "sha256-e6TPklWp5rvNypnI0VHqOjzZhkYsZcp+jkXUlYxMBlU=",
|
||||
vendorHash ? "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=",
|
||||
...
|
||||
}:
|
||||
pkgs.buildGoModule {
|
||||
@ -17,20 +18,12 @@ pkgs.buildGoModule {
|
||||
hash = hash;
|
||||
};
|
||||
|
||||
vendorHash = "sha256-kmp+8MMV1AHaSvLnvYL17USuv7xa3NnsCyCbqq9TvYE=";
|
||||
inherit vendorHash;
|
||||
|
||||
doCheck = false;
|
||||
|
||||
ldflags = ["-s" "-w" "-X main.version=${version}" "-X main.builtBy=nixpkgs"];
|
||||
|
||||
passthru.update = pkgs.writeShellScriptBin "update-spoofdpi" ''
|
||||
set -euo pipefail
|
||||
|
||||
latest="$(${pkgs.curl}/bin/curl -s "https://api.github.com/repos/xvzc/SpoofDPI/releases?per_page=1" | ${pkgs.jq}/bin/jq -r ".[0].tag_name" | ${pkgs.gnused}/bin/sed 's/^v//')"
|
||||
|
||||
drift rewrite --auto-hash --new-version "$latest"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/xvzc/SpoofDPI";
|
||||
description = "A simple and fast anti-censorship tool written in Go";
|
||||
|
@ -1,16 +1,108 @@
|
||||
{
|
||||
bonLib,
|
||||
craneLib,
|
||||
lib,
|
||||
weztermPkgs,
|
||||
pkgs,
|
||||
version ? "2d0c5cddc91a9c59aef9a7667d90924e7cedd0ac",
|
||||
hash ? "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=",
|
||||
...
|
||||
}:
|
||||
weztermPkgs.default.overrideAttrs (old: {
|
||||
}: let
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "wez";
|
||||
repo = "wezterm";
|
||||
rev = version;
|
||||
hash = hash;
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
terminfo =
|
||||
pkgs.runCommand "wezterm-terminfo"
|
||||
{
|
||||
nativeBuildInputs = [pkgs.ncurses];
|
||||
} ''
|
||||
mkdir -p $out/share/terminfo $out/nix-support
|
||||
tic -x -o $out/share/terminfo ${src}/termwiz/data/wezterm.terminfo
|
||||
'';
|
||||
pkg = {
|
||||
pname = "wezterm";
|
||||
inherit version;
|
||||
|
||||
meta =
|
||||
old.meta
|
||||
// {
|
||||
inherit src;
|
||||
|
||||
strictDeps = true;
|
||||
doCheck = false;
|
||||
|
||||
nativeBuildInputs = with pkgs; [
|
||||
installShellFiles
|
||||
ncurses # tic for terminfo
|
||||
pkg-config
|
||||
python3
|
||||
];
|
||||
|
||||
buildInputs = with pkgs; [
|
||||
fontconfig
|
||||
pkgs.zlib
|
||||
libxkbcommon
|
||||
openssl
|
||||
wayland
|
||||
cairo
|
||||
|
||||
xorg.libX11
|
||||
xorg.libxcb
|
||||
xorg.xcbutil
|
||||
xorg.xcbutilimage
|
||||
xorg.xcbutilkeysyms
|
||||
xorg.xcbutilwm # contains xcb-ewmh among others
|
||||
];
|
||||
|
||||
libPath = lib.makeLibraryPath (with pkgs; [
|
||||
xorg.xcbutilimage
|
||||
libGL
|
||||
vulkan-loader
|
||||
]);
|
||||
|
||||
postPatch = ''
|
||||
echo ${version} > .tag
|
||||
|
||||
# tests are failing with: Unable to exchange encryption keys
|
||||
# rm -r wezterm-ssh/tests
|
||||
'';
|
||||
|
||||
preFixup = lib.optionalString pkgs.stdenv.isLinux ''
|
||||
patchelf \
|
||||
--add-needed "${pkgs.libGL}/lib/libEGL.so.1" \
|
||||
--add-needed "${pkgs.vulkan-loader}/lib/libvulkan.so.1" \
|
||||
$out/bin/wezterm-gui
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/nix-support
|
||||
echo "${terminfo}" >> $out/nix-support/propagated-user-env-packages
|
||||
|
||||
install -Dm644 assets/icon/terminal.png $out/share/icons/hicolor/128x128/apps/org.wezfurlong.wezterm.png
|
||||
install -Dm644 assets/wezterm.desktop $out/share/applications/org.wezfurlong.wezterm.desktop
|
||||
install -Dm644 assets/wezterm.appdata.xml $out/share/metainfo/org.wezfurlong.wezterm.appdata.xml
|
||||
|
||||
install -Dm644 assets/shell-integration/wezterm.sh -t $out/etc/profile.d
|
||||
installShellCompletion --cmd wezterm \
|
||||
--bash assets/shell-completion/bash \
|
||||
--fish assets/shell-completion/fish \
|
||||
--zsh assets/shell-completion/zsh
|
||||
|
||||
install -Dm644 assets/wezterm-nautilus.py -t $out/share/nautilus-python/extensions
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/wez/wezterm";
|
||||
description = "A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust";
|
||||
license = lib.licenses.mit;
|
||||
maintainers = with bonLib.maintainers; [L-Nafaryus];
|
||||
platforms = platforms.x86_64;
|
||||
mainProgram = "wezterm";
|
||||
};
|
||||
})
|
||||
};
|
||||
in let
|
||||
cargoArtifacts = craneLib.buildDepsOnly pkg;
|
||||
in
|
||||
craneLib.buildPackage (
|
||||
pkg // {inherit cargoArtifacts;}
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user