treewide: alejandra -> nixfmt-rfc-style

This commit is contained in:
Guanran Wang 2024-08-25 23:02:35 +08:00
parent b36d666c02
commit 0b89e192b1
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
64 changed files with 541 additions and 377 deletions

View file

@ -201,11 +201,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722181846, "lastModified": 1724599287,
"narHash": "sha256-/yyqi39qr7Z+Bkv8gVVqB5q/gu1cLna3TtzbADLzEbc=", "narHash": "sha256-M4OllWFNDcvgY2rgx/9uWn9jpunSb2CzmqPDcuS27SQ=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "214725ef364950e5b086f0cd3f7978f38655a58b", "rev": "a2f4145923cbbabb63e7749a49c86052a17389f7",
"revCount": 70, "revCount": 72,
"type": "git", "type": "git",
"url": "https://git.ny4.dev/nyancat/nvim" "url": "https://git.ny4.dev/nyancat/nvim"
}, },

View file

@ -83,28 +83,33 @@
}; };
}; };
outputs = inputs: outputs =
inputs.flake-utils.lib.eachDefaultSystem (system: let inputs:
pkgs = inputs.nixpkgs.legacyPackages.${system}; inputs.flake-utils.lib.eachDefaultSystem (
treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix; system:
in { let
### nix fmt pkgs = inputs.nixpkgs.legacyPackages.${system};
formatter = treefmtEval.config.build.wrapper; treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
in
{
### nix fmt
formatter = treefmtEval.config.build.wrapper;
### nix flake check ### nix flake check
checks.formatting = treefmtEval.config.build.check inputs.self; checks.formatting = treefmtEval.config.build.check inputs.self;
### nix {run,shell,build} ### nix {run,shell,build}
legacyPackages = import ./pkgs pkgs; legacyPackages = import ./pkgs pkgs;
### nix develop ### nix develop
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
colmena colmena
sops sops
]; ];
}; };
}) }
)
// { // {
### imports = []; ### imports = [];
nixosModules.default = ./nixos/modules; nixosModules.default = ./nixos/modules;
@ -120,12 +125,16 @@
./nixos/profiles/core ./nixos/profiles/core
./hosts/dust ./hosts/dust
]; ];
specialArgs = {inherit inputs;}; specialArgs = {
inherit inputs;
};
}; };
colmena = { colmena = {
meta = { meta = {
specialArgs = {inherit inputs;}; specialArgs = {
inherit inputs;
};
nixpkgs = import inputs.nixpkgs { nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux"; # How does this work? system = "x86_64-linux"; # How does this work?
}; };
@ -137,12 +146,12 @@
]; ];
"tyo0" = { "tyo0" = {
imports = [./hosts/tyo0]; imports = [ ./hosts/tyo0 ];
deployment.targetHost = "tyo0.ny4.dev"; deployment.targetHost = "tyo0.ny4.dev";
}; };
"blacksteel" = { "blacksteel" = {
imports = [./hosts/blacksteel]; imports = [ ./hosts/blacksteel ];
deployment.targetHost = "blacksteel"; # thru tailscale deployment.targetHost = "blacksteel"; # thru tailscale
}; };
}; };

View file

@ -1,7 +1,7 @@
{ {
programs.atuin = { programs.atuin = {
enable = true; enable = true;
flags = ["--disable-up-arrow"]; flags = [ "--disable-up-arrow" ];
settings = { settings = {
style = "compact"; style = "compact";
show_help = false; show_help = false;
@ -9,9 +9,26 @@
stats = { stats = {
common_subcommands = common_subcommands =
["nix" "nom" "nh" "podman" "docker" "atuin" "hugo" "adb"] [
"nix"
"nom"
"nh"
"podman"
"docker"
"atuin"
"hugo"
"adb"
]
# default # default
++ ["cargo" "go" "git" "npm" "yarn" "pnpm" "kubectl"]; ++ [
"cargo"
"go"
"git"
"npm"
"yarn"
"pnpm"
"kubectl"
];
}; };
}; };
}; };

View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
programs.bash = { programs.bash = {
enable = true; enable = true;
historyFile = "${config.xdg.configHome}/bash/.bash_history"; historyFile = "${config.xdg.configHome}/bash/.bash_history";

View file

@ -2,7 +2,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
package = pkgs.qt6Packages.fcitx5-with-addons.override { package = pkgs.qt6Packages.fcitx5-with-addons.override {
addons = with pkgs; [ addons = with pkgs; [
qt6Packages.fcitx5-chinese-addons qt6Packages.fcitx5-chinese-addons
@ -11,16 +12,17 @@
fcitx5-pinyin-zhwiki fcitx5-pinyin-zhwiki
]; ];
}; };
in { in
{
home.packages = [ home.packages = [
package package
]; ];
systemd.user.services.fcitx5-daemon = { systemd.user.services.fcitx5-daemon = {
Unit.Description = "Fcitx5 input method editor"; Unit.Description = "Fcitx5 input method editor";
Unit.PartOf = ["graphical-session.target"]; Unit.PartOf = [ "graphical-session.target" ];
Service.ExecStart = lib.getExe' package "fcitx5"; Service.ExecStart = lib.getExe' package "fcitx5";
Install.WantedBy = ["graphical-session.target"]; Install.WantedBy = [ "graphical-session.target" ];
}; };
xdg.configFile."fcitx5/conf/classicui.conf".text = '' xdg.configFile."fcitx5/conf/classicui.conf".text = ''

View file

@ -1,16 +1,17 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox.override { package = pkgs.firefox.override {
extraPrefsFiles = [ extraPrefsFiles = [
"${pkgs.arkenfox-userjs}/user.cfg" "${pkgs.arkenfox-userjs}/user.cfg"
(pkgs.runCommandLocal "userjs" {} '' (pkgs.runCommandLocal "userjs" { } ''
install -Dm644 ${./user-overrides.js} $out install -Dm644 ${./user-overrides.js} $out
substituteInPlace $out \ substituteInPlace $out \
--replace-fail "user_pref" "defaultPref" --replace-fail "user_pref" "defaultPref"
'') '')
]; ];
}; };
profiles."default" = {}; profiles."default" = { };
}; };
} }

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.fish = { programs.fish = {
enable = true; enable = true;
interactiveShellInit = '' interactiveShellInit = ''

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.git = rec { programs.git = rec {
enable = true; enable = true;
package = pkgs.gitFull; # overriding takes forever to compile package = pkgs.gitFull; # overriding takes forever to compile

View file

@ -2,7 +2,8 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
programs.go.enable = true; programs.go.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [
gopls gopls

View file

@ -3,7 +3,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
programs.gpg = { programs.gpg = {
enable = true; enable = true;
homedir = "${config.xdg.dataHome}/gnupg"; homedir = "${config.xdg.dataHome}/gnupg";

View file

@ -4,10 +4,10 @@
bars.default = { bars.default = {
icons = "material-nf"; icons = "material-nf";
blocks = [ blocks = [
{block = "backlight";} { block = "backlight"; }
{block = "sound";} { block = "sound"; }
{block = "battery";} { block = "battery"; }
{block = "time";} { block = "time"; }
]; ];
}; };
}; };

View file

@ -2,7 +2,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
programs.mpv = { programs.mpv = {
enable = true; enable = true;
config = { config = {
@ -22,65 +23,72 @@
modernx-zydezu modernx-zydezu
thumbfast thumbfast
]) ])
++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (with pkgs.mpvScripts; [ ++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (
mpris with pkgs.mpvScripts;
]); [
mpris
]
);
bindings = let bindings =
inherit (pkgs) anime4k; let
setShader = message: files: ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"''; inherit (pkgs) anime4k;
in { setShader =
"CTRL+1" = setShader "Anime4K: Mode A (Fast)" [ message: files:
"${anime4k}/Anime4K_Clamp_Highlights.glsl" ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"'';
"${anime4k}/Anime4K_Restore_CNN_M.glsl" in
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" {
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" "CTRL+1" = setShader "Anime4K: Mode A (Fast)" [
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" "${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" "${anime4k}/Anime4K_Restore_CNN_M.glsl"
]; "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
"CTRL+2" = setShader "Anime4K: Mode B (Fast)" [ "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_Clamp_Highlights.glsl" "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" ];
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" "CTRL+2" = setShader "Anime4K: Mode B (Fast)" [
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" "${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
]; "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
"CTRL+3" = setShader "Anime4K: Mode C (Fast)" [ "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_Clamp_Highlights.glsl" "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" ];
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" "CTRL+3" = setShader "Anime4K: Mode C (Fast)" [
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" "${anime4k}/Anime4K_Clamp_Highlights.glsl"
]; "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
"CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [ "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_Clamp_Highlights.glsl" "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Restore_CNN_M.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" ];
"${anime4k}/Anime4K_Restore_CNN_S.glsl" "CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" "${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" "${anime4k}/Anime4K_Restore_CNN_M.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
]; "${anime4k}/Anime4K_Restore_CNN_S.glsl"
"CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [ "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_Clamp_Highlights.glsl" "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl" ];
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" "CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" "${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl" "${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
]; "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [ "${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Clamp_Highlights.glsl" "${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl"
"${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl" "${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl" ];
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl" "CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [
"${anime4k}/Anime4K_Restore_CNN_S.glsl" "${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl" "${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
]; "${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Restore_CNN_S.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"''; "CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"'';
}; };
}; };
} }

View file

@ -1,5 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
home.packages = [pkgs.nautilus]; {
home.packages = [ pkgs.nautilus ];
dconf.settings = { dconf.settings = {
"org/gnome/nautilus/list-view".default-zoom-level = "small"; "org/gnome/nautilus/list-view".default-zoom-level = "small";
"org/gnome/nautilus/preferences".default-folder-viewer = "list-view"; "org/gnome/nautilus/preferences".default-folder-viewer = "list-view";

View file

@ -2,7 +2,8 @@
pkgs, pkgs,
inputs, inputs,
... ...
}: { }:
{
home.packages = [ home.packages = [
(inputs.neovim.packages.${pkgs.stdenv.hostPlatform.system}.default.override { (inputs.neovim.packages.${pkgs.stdenv.hostPlatform.system}.default.override {
viAlias = true; viAlias = true;

View file

@ -1,6 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
{
home.packages = with pkgs; [ home.packages = with pkgs; [
alejandra
colmena colmena
deadnix deadnix
nh nh

View file

@ -1,11 +1,14 @@
{config, ...}: { { config, ... }:
{
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = let matchBlocks =
inherit (config.home) homeDirectory; let
in { inherit (config.home) homeDirectory;
"blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing"; in
"tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing"; {
}; "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
"tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
};
}; };
} }

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.starship = { programs.starship = {
enable = true; enable = true;
}; };

View file

@ -4,7 +4,8 @@
inputs, inputs,
pkgs, pkgs,
... ...
}: { }:
{
imports = [ imports = [
../i3status-rust ../i3status-rust
../kanshi ../kanshi
@ -67,9 +68,10 @@
### Keybinds ### Keybinds
modifier = "Mod4"; modifier = "Mod4";
keybindings = let keybindings =
inherit (config.wayland.windowManager.sway.config) modifier; let
in inherit (config.wayland.windowManager.sway.config) modifier;
in
{ {
### Sway itself ### Sway itself
# Window # Window
@ -116,17 +118,19 @@
"XF86AudioStop" = "exec ${lib.getExe pkgs.playerctl} stop"; "XF86AudioStop" = "exec ${lib.getExe pkgs.playerctl} stop";
} }
// //
# workspace binds # workspace binds
lib.listToAttrs (lib.concatMap (x: [ lib.listToAttrs (
{ lib.concatMap (x: [
name = "${modifier}+${x}"; {
value = "workspace ${x}"; name = "${modifier}+${x}";
} value = "workspace ${x}";
{ }
name = "${modifier}+Shift+${x}"; {
value = "move container to workspace ${x}"; name = "${modifier}+Shift+${x}";
} value = "move container to workspace ${x}";
]) (lib.genList (x: toString (x + 1)) 9)); }
]) (lib.genList (x: toString (x + 1)) 9)
);
}; };
}; };
} }

View file

@ -3,36 +3,39 @@
lib, lib,
config, config,
... ...
}: { }:
{
imports = [ imports = [
../swaylock ../swaylock
]; ];
services.swayidle = let services.swayidle =
lock = lib.getExe config.programs.swaylock.package; let
brightness = lib.getExe pkgs.brightnessctl; lock = lib.getExe config.programs.swaylock.package;
in { brightness = lib.getExe pkgs.brightnessctl;
enable = true; in
timeouts = [ {
{ enable = true;
timeout = 60 * 9; timeouts = [
command = "${brightness} -s set 20%"; {
resumeCommand = "${brightness} -r"; timeout = 60 * 9;
} command = "${brightness} -s set 20%";
{ resumeCommand = "${brightness} -r";
timeout = 60 * 10; }
command = "systemctl suspend"; {
} timeout = 60 * 10;
]; command = "systemctl suspend";
events = [ }
{ ];
event = "lock"; events = [
command = lock; {
} event = "lock";
{ command = lock;
event = "before-sleep"; }
command = lock; {
} event = "before-sleep";
]; command = lock;
}; }
];
};
} }

View file

@ -2,7 +2,8 @@
inputs, inputs,
pkgs, pkgs,
... ...
}: { }:
{
programs.swaylock = { programs.swaylock = {
enable = true; enable = true;
settings = { settings = {

View file

@ -1,14 +1,17 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.thunderbird = { programs.thunderbird = {
enable = true; enable = true;
package = pkgs.thunderbird-128; package = pkgs.thunderbird-128;
profiles.default = { profiles.default = {
isDefault = true; isDefault = true;
extraConfig = '' extraConfig = ''
${builtins.readFile (builtins.fetchurl { ${builtins.readFile (
url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/824edabe6303d6b85a32fcba96901706ed4c5922/user.js"; builtins.fetchurl {
sha256 = "0jg7i39yp21r66azlzk7978qj57rgb8c09d1hccpcw058isgymq6"; url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/824edabe6303d6b85a32fcba96901706ed4c5922/user.js";
})} sha256 = "0jg7i39yp21r66azlzk7978qj57rgb8c09d1hccpcw058isgymq6";
}
)}
${builtins.readFile ./user-overrides.js} ${builtins.readFile ./user-overrides.js}
''; '';
}; };

View file

@ -1,5 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
home.packages = [pkgs.tmux]; {
home.packages = [ pkgs.tmux ];
xdg.configFile."tmux/tmux.conf".text = '' xdg.configFile."tmux/tmux.conf".text = ''
run-shell ${pkgs.tmuxPlugins.sensible.rtp} run-shell ${pkgs.tmuxPlugins.sensible.rtp}

View file

@ -1,5 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
home.packages = [pkgs.ydict]; {
home.packages = [ pkgs.ydict ];
home.shellAliases = { home.shellAliases = {
"yd" = "ydict -c"; "yd" = "ydict -c";
}; };

View file

@ -2,7 +2,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
home = { home = {
username = "guanranwang"; username = "guanranwang";
homeDirectory = "/home/guanranwang"; homeDirectory = "/home/guanranwang";
@ -33,20 +34,22 @@
fd fd
]; ];
programs.fish.functions = let programs.fish.functions =
jq = lib.getExe pkgs.jq; let
nix = lib.getExe pkgs.nix; jq = lib.getExe pkgs.jq;
curl = lib.getExe pkgs.curl; nix = lib.getExe pkgs.nix;
in { curl = lib.getExe pkgs.curl;
"pb" = '' in
${jq} -Rns '{text: inputs}' | \ {
${curl} -s -H 'Content-Type: application/json' --data-binary @- https://pb.ny4.dev | \ "pb" = ''
${jq} -r '. | "https://pb.ny4.dev\(.path)"' ${jq} -Rns '{text: inputs}' | \
''; ${curl} -s -H 'Content-Type: application/json' --data-binary @- https://pb.ny4.dev | \
${jq} -r '. | "https://pb.ny4.dev\(.path)"'
'';
"getmnter" = '' "getmnter" = ''
${nix} eval nixpkgs#{$argv}.meta.maintainers --json | \ ${nix} eval nixpkgs#{$argv}.meta.maintainers --json | \
${jq} '.[].github | "@" + .' -r ${jq} '.[].github | "@" + .' -r
''; '';
}; };
} }

View file

@ -1,7 +1,9 @@
{lib, ...}: { { lib, ... }:
{
nixpkgs.config = { nixpkgs.config = {
allowNonSource = false; allowNonSource = false;
allowNonSourcePredicate = pkg: allowNonSourcePredicate =
pkg:
lib.elem (lib.getName pkg) [ lib.elem (lib.getName pkg) [
"adoptopenjdk-hotspot-bin" "adoptopenjdk-hotspot-bin"
"cargo-bootstrap" "cargo-bootstrap"
@ -13,7 +15,8 @@
]; ];
allowUnfree = false; allowUnfree = false;
allowUnfreePredicate = pkg: allowUnfreePredicate =
pkg:
lib.elem (lib.getName pkg) [ lib.elem (lib.getName pkg) [
"broadcom-sta" "broadcom-sta"
"minecraft-server" "minecraft-server"

View file

@ -3,7 +3,8 @@
config, config,
pkgs, pkgs,
... ...
}: { }:
{
imports = [ imports = [
# OS # OS
../../nixos/profiles/sing-box ../../nixos/profiles/sing-box
@ -27,24 +28,25 @@
system.stateVersion = "24.05"; system.stateVersion = "24.05";
######## Secrets ######## Secrets
sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
"synapse/secret" = { "synapse/secret" = {
restartUnits = ["matrix-synapse.service"]; restartUnits = [ "matrix-synapse.service" ];
owner = config.systemd.services.matrix-synapse.serviceConfig.User; owner = config.systemd.services.matrix-synapse.serviceConfig.User;
}; };
"synapse/oidc" = { "synapse/oidc" = {
restartUnits = ["matrix-synapse.service"]; restartUnits = [ "matrix-synapse.service" ];
owner = config.systemd.services.matrix-synapse.serviceConfig.User; owner = config.systemd.services.matrix-synapse.serviceConfig.User;
}; };
"syncv3/environment" = { "syncv3/environment" = {
restartUnits = ["matrix-sliding-sync.service"]; restartUnits = [ "matrix-sliding-sync.service" ];
}; };
"mastodon/environment" = { "mastodon/environment" = {
restartUnits = ["mastodon-web.service"]; restartUnits = [ "mastodon-web.service" ];
}; };
"cloudflared/secret" = { "cloudflared/secret" = {
restartUnits = ["cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service"]; restartUnits = [ "cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service" ];
owner = config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User; owner =
config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User;
}; };
}; };
@ -77,7 +79,10 @@
}; };
systemd.services.caddy.serviceConfig = { systemd.services.caddy.serviceConfig = {
SupplementaryGroups = ["mastodon" "matrix-synapse"]; SupplementaryGroups = [
"mastodon"
"matrix-synapse"
];
}; };
services.postgresql = { services.postgresql = {

View file

@ -2,7 +2,8 @@
inputs, inputs,
config, config,
... ...
}: { }:
{
imports = [ imports = [
inputs.nixpkgs.nixosModules.notDetected inputs.nixpkgs.nixosModules.notDetected
inputs.nixos-hardware.nixosModules.apple-macbook-pro inputs.nixos-hardware.nixosModules.apple-macbook-pro
@ -14,9 +15,18 @@
services.thermald.enable = true; services.thermald.enable = true;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.kernelModules = ["kvm-intel" "wl"]; "xhci_pci"
boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta]; "ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.kernelModules = [
"kvm-intel"
"wl"
];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
@ -26,7 +36,7 @@
"/" = { "/" = {
device = "/dev/disk/by-uuid/ab9b92a9-b67b-43b4-b0d9-9dd59ccd594b"; device = "/dev/disk/by-uuid/ab9b92a9-b67b-43b4-b0d9-9dd59ccd594b";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=@"]; options = [ "subvol=@" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/E5DE-9C92"; device = "/dev/disk/by-uuid/E5DE-9C92";
@ -34,6 +44,6 @@
}; };
}; };
swapDevices = [ swapDevices = [
{device = "/dev/disk/by-uuid/8a2e90a9-5cc2-40fc-82fe-69ef3cd88e29";} { device = "/dev/disk/by-uuid/8a2e90a9-5cc2-40fc-82fe-69ef3cd88e29"; }
]; ];
} }

View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
services.mastodon = { services.mastodon = {
enable = true; enable = true;
localDomain = "ny4.dev"; localDomain = "ny4.dev";
@ -30,7 +31,7 @@
systemd.services.mastodon-web = { systemd.services.mastodon-web = {
environment = config.networking.proxy.envVars; environment = config.networking.proxy.envVars;
serviceConfig.EnvironmentFile = [config.sops.secrets."mastodon/environment".path]; serviceConfig.EnvironmentFile = [ config.sops.secrets."mastodon/environment".path ];
}; };
systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars; systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars;

View file

@ -1,9 +1,10 @@
{config, ...}: { { config, ... }:
{
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
withJemalloc = true; withJemalloc = true;
enableRegistrationScript = false; enableRegistrationScript = false;
extraConfigFiles = [config.sops.secrets."synapse/secret".path]; extraConfigFiles = [ config.sops.secrets."synapse/secret".path ];
settings = { settings = {
server_name = "ny4.dev"; server_name = "ny4.dev";
public_baseurl = "https://matrix.ny4.dev"; public_baseurl = "https://matrix.ny4.dev";
@ -14,7 +15,10 @@
type = "http"; type = "http";
resources = [ resources = [
{ {
names = ["client" "federation"]; names = [
"client"
"federation"
];
compress = true; compress = true;
} }
]; ];
@ -29,7 +33,10 @@
issuer = "https://id.ny4.dev/realms/ny4"; issuer = "https://id.ny4.dev/realms/ny4";
client_id = "synapse"; client_id = "synapse";
client_secret_path = config.sops.secrets."synapse/oidc".path; client_secret_path = config.sops.secrets."synapse/oidc".path;
scopes = ["openid" "profile"]; scopes = [
"openid"
"profile"
];
user_mapping_provider.config = { user_mapping_provider.config = {
localpart_template = "{{ user.preferred_username }}"; localpart_template = "{{ user.preferred_username }}";
display_name_template = "{{ user.name }}"; display_name_template = "{{ user.name }}";
@ -43,7 +50,7 @@
systemd.services.matrix-synapse = { systemd.services.matrix-synapse = {
environment = config.networking.proxy.envVars; environment = config.networking.proxy.envVars;
serviceConfig.RuntimeDirectory = ["matrix-synapse"]; serviceConfig.RuntimeDirectory = [ "matrix-synapse" ];
}; };
services.matrix-sliding-sync = { services.matrix-sliding-sync = {
@ -56,7 +63,7 @@
}; };
systemd.services.matrix-sliding-sync.serviceConfig = { systemd.services.matrix-sliding-sync.serviceConfig = {
RuntimeDirectory = ["matrix-sliding-sync"]; RuntimeDirectory = [ "matrix-sliding-sync" ];
SupplementaryGroups = ["matrix-synapse"]; SupplementaryGroups = [ "matrix-synapse" ];
}; };
} }

View file

@ -2,7 +2,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
services.minecraft-server = { services.minecraft-server = {
enable = true; enable = true;
eula = true; eula = true;

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
# TODO: https://github.com/NixOS/nixpkgs/pull/287923 # TODO: https://github.com/NixOS/nixpkgs/pull/287923
# currently running qbittorrent-nox with tmux :c # currently running qbittorrent-nox with tmux :c
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View file

@ -1,9 +1,11 @@
{lib, ...}: { { lib, ... }:
{
nixpkgs.config = { nixpkgs.config = {
allowAliases = false; allowAliases = false;
allowNonSource = false; allowNonSource = false;
allowNonSourcePredicate = pkg: allowNonSourcePredicate =
pkg:
lib.elem (lib.getName pkg) [ lib.elem (lib.getName pkg) [
"cargo-bootstrap" "cargo-bootstrap"
"cef-binary" "cef-binary"
@ -15,7 +17,8 @@
]; ];
allowUnfree = false; allowUnfree = false;
allowUnfreePredicate = pkg: allowUnfreePredicate =
pkg:
lib.elem (lib.getName pkg) [ lib.elem (lib.getName pkg) [
"fcitx5-pinyin-minecraft" "fcitx5-pinyin-minecraft"
"fcitx5-pinyin-moegirl" "fcitx5-pinyin-moegirl"

View file

@ -2,7 +2,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
imports = [ imports = [
../../nixos/profiles/sing-box ../../nixos/profiles/sing-box
../../nixos/profiles/wireless ../../nixos/profiles/wireless
@ -31,8 +32,8 @@
yubikey-manager yubikey-manager
]; ];
networking.firewall.allowedTCPPorts = [53317]; networking.firewall.allowedTCPPorts = [ 53317 ];
networking.firewall.allowedUDPPorts = [53317]; networking.firewall.allowedUDPPorts = [ 53317 ];
programs.adb.enable = true; programs.adb.enable = true;
programs.localsend.enable = true; programs.localsend.enable = true;
@ -51,13 +52,13 @@
# yubikey # yubikey
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [pkgs.yubikey-personalization]; services.udev.packages = [ pkgs.yubikey-personalization ];
fonts = { fonts = {
enableDefaultPackages = false; enableDefaultPackages = false;
packages = with pkgs; [ packages = with pkgs; [
(nerdfonts.override { (nerdfonts.override {
fonts = ["NerdFontsSymbolsOnly"]; fonts = [ "NerdFontsSymbolsOnly" ];
}) })
(inter.overrideAttrs { (inter.overrideAttrs {
installPhase = '' installPhase = ''
@ -139,9 +140,9 @@
security.polkit.enable = true; security.polkit.enable = true;
systemd.user.services.polkit-gnome-authentication-agent-1 = { systemd.user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1"; description = "polkit-gnome-authentication-agent-1";
wantedBy = ["graphical-session.target"]; wantedBy = [ "graphical-session.target" ];
wants = ["graphical-session.target"]; wants = [ "graphical-session.target" ];
after = ["graphical-session.target"]; after = [ "graphical-session.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
@ -151,11 +152,11 @@
}; };
}; };
security.pam.services.swaylock = {}; security.pam.services.swaylock = { };
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk]; extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf # https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
config."sway" = { config."sway" = {
default = "gtk"; default = "gtk";

View file

@ -1,11 +1,15 @@
let let
# compress-force: https://t.me/archlinuxcn_group/3054167 # compress-force: https://t.me/archlinuxcn_group/3054167
mountOptions = ["compress-force=zstd" "noatime"]; mountOptions = [
"compress-force=zstd"
"noatime"
];
cryptSettings = { cryptSettings = {
allowDiscards = true; allowDiscards = true;
bypassWorkqueues = true; bypassWorkqueues = true;
}; };
in { in
{
disko.devices = { disko.devices = {
disk = { disk = {
"one" = { "one" = {
@ -22,7 +26,10 @@ in {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = ["defaults" "umask=007"]; mountOptions = [
"defaults"
"umask=007"
];
}; };
}; };
"cryptroot" = { "cryptroot" = {

View file

@ -1,4 +1,5 @@
{inputs, ...}: { { inputs, ... }:
{
imports = [ imports = [
inputs.nixpkgs.nixosModules.notDetected inputs.nixpkgs.nixosModules.notDetected
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
@ -21,12 +22,18 @@
boot.loader.timeout = 0; boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.kernelParams = ["ia32_emulation=0"]; boot.kernelParams = [ "ia32_emulation=0" ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-intel"]; "thunderbolt"
boot.extraModulePackages = []; "nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
} }

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
imports = imports =
[ [
./theme.nix ./theme.nix

View file

@ -3,7 +3,8 @@
config, config,
lib, lib,
... ...
}: { }:
{
home.pointerCursor = { home.pointerCursor = {
name = "Adwaita"; name = "Adwaita";
package = pkgs.adwaita-icon-theme; package = pkgs.adwaita-icon-theme;

View file

@ -1,10 +1,11 @@
{lib, ...}: { { lib, ... }:
{
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types # https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
xdg.mimeApps = { xdg.mimeApps = {
enable = true; enable = true;
defaultApplications = defaultApplications =
{ {
"inode/directory" = ["org.gnome.Nautilus.desktop"]; "inode/directory" = [ "org.gnome.Nautilus.desktop" ];
} }
### Browser ### Browser
// lib.genAttrs [ // lib.genAttrs [
@ -13,7 +14,7 @@
"x-scheme-handler/https" "x-scheme-handler/https"
"x-scheme-handler/about" "x-scheme-handler/about"
"x-scheme-handler/unknown" "x-scheme-handler/unknown"
] (_n: ["firefox.desktop"]) ] (_n: [ "firefox.desktop" ])
### Audio player ### Audio player
// lib.genAttrs [ // lib.genAttrs [
"audio/aac" "audio/aac"
@ -21,31 +22,31 @@
"audio/mpeg" "audio/mpeg"
"audio/ogg" "audio/ogg"
"audio/wav" "audio/wav"
] (_n: ["io.bassi.Amberol.desktop"]) ] (_n: [ "io.bassi.Amberol.desktop" ])
### Image viewer ### Image viewer
// lib.genAttrs [ // lib.genAttrs [
"image/gif" "image/gif"
"image/jpeg" "image/jpeg"
"image/png" "image/png"
"image/webp" "image/webp"
] (_n: ["org.gnome.Loupe.desktop"]) ] (_n: [ "org.gnome.Loupe.desktop" ])
### Video player ### Video player
// lib.genAttrs [ // lib.genAttrs [
"video/mp4" "video/mp4"
"video/mpeg" "video/mpeg"
"video/webm" "video/webm"
] (_n: ["mpv.desktop"]) ] (_n: [ "mpv.desktop" ])
### Code editor ### Code editor
// lib.genAttrs [ // lib.genAttrs [
"text/css" "text/css"
"text/html" "text/html"
"text/javascript" "text/javascript"
"text/plain" "text/plain"
] (_n: ["nvim.desktop"]) ] (_n: [ "nvim.desktop" ])
### Mail client ### Mail client
// lib.genAttrs [ // lib.genAttrs [
"x-scheme-handler/mailto" "x-scheme-handler/mailto"
"x-scheme-handler/mid" "x-scheme-handler/mid"
] (_n: ["thunderbird.desktop"]); ] (_n: [ "thunderbird.desktop" ]);
}; };
} }

View file

@ -1,5 +1,6 @@
{lib, ...}: { { lib, ... }:
sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"]; {
sops.age.sshKeyPaths = lib.mkForce [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;

View file

@ -1,5 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
environment.systemPackages = [pkgs.sbctl]; {
environment.systemPackages = [ pkgs.sbctl ];
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";

View file

@ -1,7 +1,9 @@
{lib, ...}: { { lib, ... }:
{
nixpkgs.config = { nixpkgs.config = {
allowNonSource = false; allowNonSource = false;
allowNonSourcePredicate = pkg: allowNonSourcePredicate =
pkg:
lib.elem (lib.getName pkg) [ lib.elem (lib.getName pkg) [
"adoptopenjdk-hotspot-bin" "adoptopenjdk-hotspot-bin"
"cargo-bootstrap" "cargo-bootstrap"
@ -12,9 +14,11 @@
]; ];
allowUnfree = false; allowUnfree = false;
allowUnfreePredicate = pkg: allowUnfreePredicate =
lib.elem (lib.getName pkg) [ pkg:
]; lib.elem (lib.getName pkg)
[
];
permittedInsecurePackages = [ permittedInsecurePackages = [
"cinny-4.1.0" "cinny-4.1.0"

View file

@ -3,7 +3,8 @@
modulesPath, modulesPath,
pkgs, pkgs,
... ...
}: { }:
{
imports = [ imports = [
"${modulesPath}/virtualisation/amazon-image.nix" "${modulesPath}/virtualisation/amazon-image.nix"
./anti-feature.nix ./anti-feature.nix
@ -33,27 +34,30 @@
systemd.services."print-host-key".enable = false; systemd.services."print-host-key".enable = false;
### Secrets ### Secrets
sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
"hysteria/auth" = { "hysteria/auth" = {
restartUnits = ["hysteria.service"]; restartUnits = [ "hysteria.service" ];
}; };
"pixivfe/environment" = { "pixivfe/environment" = {
restartUnits = ["pixivfe.service"]; restartUnits = [ "pixivfe.service" ];
}; };
"searx/environment" = { "searx/environment" = {
restartUnits = ["searx.service"]; restartUnits = [ "searx.service" ];
}; };
"miniflux/environment" = { "miniflux/environment" = {
restartUnits = ["miniflux.service"]; restartUnits = [ "miniflux.service" ];
}; };
"vaultwarden/environment" = { "vaultwarden/environment" = {
restartUnits = ["vaultwarden.service"]; restartUnits = [ "vaultwarden.service" ];
}; };
}; };
### Services ### Services
networking.firewall.allowedUDPPorts = [443]; # hysteria networking.firewall.allowedUDPPorts = [ 443 ]; # hysteria
networking.firewall.allowedTCPPorts = [80 443]; # caddy networking.firewall.allowedTCPPorts = [
80
443
]; # caddy
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-www" = { "10-www" = {
@ -76,7 +80,7 @@
"cinny" = pkgs.cinny.override { "cinny" = pkgs.cinny.override {
conf = { conf = {
defaultHomeserver = 0; defaultHomeserver = 0;
homeserverList = ["ny4.dev"]; homeserverList = [ "ny4.dev" ];
}; };
}; };
}; };
@ -122,7 +126,12 @@
services.vnstat.enable = true; services.vnstat.enable = true;
systemd.services."no-bankrupt" = { systemd.services."no-bankrupt" = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
path = with pkgs; [coreutils gawk vnstat systemd]; path = with pkgs; [
coreutils
gawk
vnstat
systemd
];
script = '' script = ''
TRAFF_TOTAL=1900 TRAFF_TOTAL=1900
TRAFF_USED=$(vnstat --oneline b | awk -F ';' '{print $11}') TRAFF_USED=$(vnstat --oneline b | awk -F ';' '{print $11}')

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
services.forgejo = { services.forgejo = {
enable = true; enable = true;
package = pkgs.forgejo; package = pkgs.forgejo;

View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
services.hysteria = { services.hysteria = {
enable = true; enable = true;
settings = { settings = {

View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
services.keycloak = { services.keycloak = {
enable = true; enable = true;
settings = { settings = {

View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
services.miniflux = { services.miniflux = {
enable = true; enable = true;
adminCredentialsFile = config.sops.secrets."miniflux/environment".path; adminCredentialsFile = config.sops.secrets."miniflux/environment".path;

View file

@ -10,5 +10,5 @@
}; };
}; };
systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = ["ntfy-sh"]; systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = [ "ntfy-sh" ];
} }

View file

@ -2,7 +2,8 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
services.pixivfe = { services.pixivfe = {
enable = true; enable = true;
EnvironmentFile = config.sops.secrets."pixivfe/environment".path; EnvironmentFile = config.sops.secrets."pixivfe/environment".path;
@ -13,7 +14,7 @@
}; };
systemd.services.pixivfe.serviceConfig = { systemd.services.pixivfe.serviceConfig = {
RuntimeDirectory = ["pixivfe"]; RuntimeDirectory = [ "pixivfe" ];
ExecStartPost = pkgs.writeShellScript "pixivfe-unixsocket" '' ExecStartPost = pkgs.writeShellScript "pixivfe-unixsocket" ''
${pkgs.coreutils}/bin/sleep 5 ${pkgs.coreutils}/bin/sleep 5
${pkgs.coreutils}/bin/chmod 777 /run/pixivfe/pixiv.sock ${pkgs.coreutils}/bin/chmod 777 /run/pixivfe/pixiv.sock

View file

@ -2,7 +2,8 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
services.searx = { services.searx = {
enable = true; enable = true;
package = pkgs.searxng; package = pkgs.searxng;

View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
environmentFile = config.sops.secrets."vaultwarden/environment".path; environmentFile = config.sops.secrets."vaultwarden/environment".path;

View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./services/hysteria.nix ./services/hysteria.nix
./services/pixivfe.nix ./services/pixivfe.nix

View file

@ -4,17 +4,22 @@
pkgs, pkgs,
utils, utils,
... ...
}: let }:
let
cfg = config.services.hysteria; cfg = config.services.hysteria;
settingsFormat = pkgs.formats.json {}; settingsFormat = pkgs.formats.json { };
in { in
{
options.services.hysteria = { options.services.hysteria = {
enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy"; enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy";
package = lib.mkPackageOption pkgs "hysteria" {}; package = lib.mkPackageOption pkgs "hysteria" { };
mode = lib.mkOption { mode = lib.mkOption {
type = lib.types.enum ["server" "client"]; type = lib.types.enum [
"server"
"client"
];
default = "server"; default = "server";
description = "Whether to use Hysteria as a client or a server."; description = "Whether to use Hysteria as a client or a server.";
}; };
@ -23,7 +28,7 @@ in {
type = lib.types.submodule { type = lib.types.submodule {
freeformType = settingsFormat.type; freeformType = settingsFormat.type;
}; };
default = {}; default = { };
description = '' description = ''
The Hysteria configuration, see https://hysteria.network/ for documentation. The Hysteria configuration, see https://hysteria.network/ for documentation.
@ -38,10 +43,10 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services."hysteria" = { systemd.services."hysteria" = {
description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy."; description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy.";
documentation = ["https://hysteria.network/"]; documentation = [ "https://hysteria.network/" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
wants = ["network-online.target"]; wants = [ "network-online.target" ];
preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/private/hysteria/config.json"; preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/private/hysteria/config.json";
serviceConfig = { serviceConfig = {
ExecStart = lib.concatStringsSep " " [ ExecStart = lib.concatStringsSep " " [
@ -54,8 +59,16 @@ in {
StateDirectory = "hysteria"; StateDirectory = "hysteria";
### Hardening ### Hardening
AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"]; AmbientCapabilities = [
CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"]; "CAP_NET_ADMIN"
"CAP_NET_BIND_SERVICE"
"CAP_NET_RAW"
];
CapabilityBoundingSet = [
"CAP_NET_ADMIN"
"CAP_NET_BIND_SERVICE"
"CAP_NET_RAW"
];
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateMounts = true; PrivateMounts = true;
PrivateTmp = true; PrivateTmp = true;

View file

@ -4,13 +4,17 @@
inputs, inputs,
pkgs, pkgs,
... ...
}: let }:
let
cfg = config.services.pixivfe; cfg = config.services.pixivfe;
in { in
{
options.services.pixivfe = { options.services.pixivfe = {
enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv"; enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv";
package = lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe" {}; package =
lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe"
{ };
openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function"; openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function";
@ -46,10 +50,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = assertion = if cfg.openFirewall then (cfg.settings ? PIXIVFE_PORT) else true;
if cfg.openFirewall
then (cfg.settings ? PIXIVFE_PORT)
else true;
message = '' message = ''
PIXIVFE_PORT must be specified for NixOS to open a port. PIXIVFE_PORT must be specified for NixOS to open a port.
@ -58,9 +59,10 @@ in {
} }
{ {
assertion = assertion =
if (cfg.EnvironmentFile == null) if (cfg.EnvironmentFile == null) then
then (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT) (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT)
else true; else
true;
message = '' message = ''
PIXIVFE_PORT or PIXIVFE_UNIXSOCKET must be set for PixivFE to run. PIXIVFE_PORT or PIXIVFE_UNIXSOCKET must be set for PixivFE to run.
@ -68,10 +70,7 @@ in {
''; '';
} }
{ {
assertion = assertion = if (cfg.EnvironmentFile == null) then cfg.settings ? PIXIVFE_TOKEN else true;
if (cfg.EnvironmentFile == null)
then cfg.settings ? PIXIVFE_TOKEN
else true;
message = '' message = ''
PIXIVFE_TOKEN must be set for PixivFE to run. PIXIVFE_TOKEN must be set for PixivFE to run.
@ -82,23 +81,21 @@ in {
systemd.services."pixivfe" = { systemd.services."pixivfe" = {
description = "PixivFE, a privacy respecting frontend for Pixiv."; description = "PixivFE, a privacy respecting frontend for Pixiv.";
documentation = ["https://pixivfe.pages.dev/"]; documentation = [ "https://pixivfe.pages.dev/" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
wants = ["network-online.target"]; wants = [ "network-online.target" ];
environment = lib.mkIf (cfg.settings != null) (lib.mapAttrs (_: v: environment = lib.mkIf (cfg.settings != null) (
if lib.isBool v lib.mapAttrs (_: v: if lib.isBool v then lib.boolToString v else toString v) cfg.settings
then lib.boolToString v );
else toString v)
cfg.settings);
serviceConfig = { serviceConfig = {
inherit (cfg) EnvironmentFile; inherit (cfg) EnvironmentFile;
ExecStart = lib.getExe cfg.package; ExecStart = lib.getExe cfg.package;
DynamicUser = true; DynamicUser = true;
### Hardening ### Hardening
AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; # For ports <= 1024 AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; # For ports <= 1024
CapabilityBoundingSet = ["CAP_NET_BIND_SERVICE"]; CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateMounts = true; PrivateMounts = true;
PrivateTmp = true; PrivateTmp = true;
@ -122,7 +119,7 @@ in {
}; };
networking.firewall = lib.mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.settings.PIXIVFE_PORT]; allowedTCPPorts = [ cfg.settings.PIXIVFE_PORT ];
}; };
}; };
} }

View file

@ -4,7 +4,8 @@
inputs, inputs,
pkgs, pkgs,
... ...
}: { }:
{
imports = imports =
[ [
./hardening.nix ./hardening.nix
@ -29,7 +30,9 @@
users.guanranwang = import ../../../home; users.guanranwang = import ../../../home;
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = {inherit inputs;}; extraSpecialArgs = {
inherit inputs;
};
}; };
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@ -80,13 +83,13 @@
# Avoid TOFU MITM with github by providing their public key here. # Avoid TOFU MITM with github by providing their public key here.
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
"github.com".hostNames = ["github.com"]; "github.com".hostNames = [ "github.com" ];
"github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"gitlab.com".hostNames = ["gitlab.com"]; "gitlab.com".hostNames = [ "gitlab.com" ];
"gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf"; "gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"git.sr.ht".hostNames = ["git.sr.ht"]; "git.sr.ht".hostNames = [ "git.sr.ht" ];
"git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; "git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
}; };
@ -120,8 +123,8 @@
### sops-nix ### sops-nix
sops = { sops = {
defaultSopsFile = ../../../secrets.yaml; defaultSopsFile = ../../../secrets.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = []; gnupg.sshKeyPaths = [ ];
secrets."hashed-passwd".neededForUsers = true; secrets."hashed-passwd".neededForUsers = true;
}; };
} }

View file

@ -2,7 +2,7 @@
services.resolved.enable = true; services.resolved.enable = true;
### https://wiki.archlinux.org/title/Sysctl#Improving_performance ### https://wiki.archlinux.org/title/Sysctl#Improving_performance
boot.kernelModules = ["tcp_bbr"]; boot.kernelModules = [ "tcp_bbr" ];
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";

View file

@ -3,7 +3,8 @@
config, config,
inputs, inputs,
... ...
}: { }:
{
nix.settings = { nix.settings = {
substituters = substituters =
(lib.optionals (config.time.timeZone == "Asia/Shanghai") [ (lib.optionals (config.time.timeZone == "Asia/Shanghai") [
@ -26,7 +27,7 @@
"no-url-literals" "no-url-literals"
]; ];
flake-registry = ""; flake-registry = "";
trusted-users = ["@wheel"]; trusted-users = [ "@wheel" ];
allow-import-from-derivation = false; allow-import-from-derivation = false;
auto-allocate-uids = true; auto-allocate-uids = true;
auto-optimise-store = true; auto-optimise-store = true;
@ -38,7 +39,7 @@
nix = { nix = {
# Add each flake input as a registry # Add each flake input as a registry
# To make nix3 commands consistent with the flake # To make nix3 commands consistent with the flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs; registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
# Disable nix-channel # Disable nix-channel
channel.enable = false; channel.enable = false;
@ -52,7 +53,7 @@
extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
}; };
users.groups."nix-access-tokens" = {}; users.groups."nix-access-tokens" = { };
sops.secrets."nix-access-tokens" = { sops.secrets."nix-access-tokens" = {
group = config.users.groups."nix-access-tokens".name; group = config.users.groups."nix-access-tokens".name;
mode = "0440"; mode = "0440";

View file

@ -1,4 +1,5 @@
{lib, ...}: { { lib, ... }:
{
services.zram-generator = { services.zram-generator = {
enable = true; enable = true;
settings.zram0 = { settings.zram0 = {

View file

@ -2,14 +2,16 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
foot.terminfo foot.terminfo
]; ];
# TODO: colmena # TODO: colmena
services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PermitRootLogin = "prohibit-password";
users.users."root".openssh.authorizedKeys.keys = config.users.users.guanranwang.openssh.authorizedKeys.keys; users.users."root".openssh.authorizedKeys.keys =
config.users.users.guanranwang.openssh.authorizedKeys.keys;
time.timeZone = "UTC"; time.timeZone = "UTC";
} }

View file

@ -2,7 +2,8 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
services.sing-box = { services.sing-box = {
enable = true; enable = true;
settings = { settings = {
@ -94,16 +95,18 @@
httpsProxy = "http://127.0.0.1:1080/"; httpsProxy = "http://127.0.0.1:1080/";
}; };
environment.shellAliases = let environment.shellAliases =
inherit (config.networking.proxy) httpProxy httpsProxy; let
in { inherit (config.networking.proxy) httpProxy httpsProxy;
"setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}"; in
"unsetproxy" = "set -e http_proxy https_proxy"; {
}; "setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}";
"unsetproxy" = "set -e http_proxy https_proxy";
};
### sops-nix ### sops-nix
sops.secrets."sing-box/tyo0" = { sops.secrets."sing-box/tyo0" = {
restartUnits = ["sing-box.service"]; restartUnits = [ "sing-box.service" ];
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
} }

View file

@ -1,5 +1,6 @@
{lib, ...}: { { lib, ... }:
sops.secrets = lib.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { {
sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
"wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk"; "wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk";
"wireless/ImmortalWrt".path = "/var/lib/iwd/ImmortalWrt.psk"; "wireless/ImmortalWrt".path = "/var/lib/iwd/ImmortalWrt.psk";
}; };

View file

@ -1,9 +1,11 @@
let let
addPatches = pkg: patches: addPatches =
pkg: patches:
pkg.overrideAttrs (old: { pkg.overrideAttrs (old: {
patches = (old.patches or []) ++ patches; patches = (old.patches or [ ]) ++ patches;
}); });
in { in
{
patches = _final: prev: { patches = _final: prev: {
# https://aur.archlinux.org/pkgbase/nautilus-typeahead # https://aur.archlinux.org/pkgbase/nautilus-typeahead
nautilus = prev.nautilus.overrideAttrs { nautilus = prev.nautilus.overrideAttrs {
@ -21,39 +23,42 @@ in {
''; '';
}; };
qt6Packages = prev.qt6Packages.overrideScope (_final': prev': { qt6Packages = prev.qt6Packages.overrideScope (
# HACK: no more qt5 _final': prev': {
fcitx5-with-addons = prev'.fcitx5-with-addons.override { # HACK: no more qt5
libsForQt5.fcitx5-qt = prev.emptyDirectory; fcitx5-with-addons = prev'.fcitx5-with-addons.override {
}; libsForQt5.fcitx5-qt = prev.emptyDirectory;
};
# HACK: no more qtwebengine, opencc # HACK: no more qtwebengine, opencc
fcitx5-chinese-addons = fcitx5-chinese-addons =
(prev'.fcitx5-chinese-addons.override { (prev'.fcitx5-chinese-addons.override {
curl = prev.emptyDirectory; curl = prev.emptyDirectory;
opencc = prev.emptyDirectory; opencc = prev.emptyDirectory;
qtwebengine = prev.emptyDirectory; qtwebengine = prev.emptyDirectory;
}) }).overrideAttrs
.overrideAttrs (oldAttrs: { (oldAttrs: {
buildInputs = oldAttrs.buildInputs ++ [prev.gettext prev'.qtbase]; buildInputs = oldAttrs.buildInputs ++ [
cmakeFlags = prev.gettext
oldAttrs.cmakeFlags prev'.qtbase
++ [ ];
(prev.lib.cmakeBool "ENABLE_BROWSER" false) cmakeFlags = oldAttrs.cmakeFlags ++ [
(prev.lib.cmakeBool "ENABLE_CLOUDPINYIN" false) (prev.lib.cmakeBool "ENABLE_BROWSER" false)
(prev.lib.cmakeBool "ENABLE_OPENCC" false) (prev.lib.cmakeBool "ENABLE_CLOUDPINYIN" false)
]; (prev.lib.cmakeBool "ENABLE_OPENCC" false)
}); ];
}); });
}
);
# HACK: no more gtk2 # HACK: no more gtk2
gnome-themes-extra = gnome-themes-extra =
(prev.gnome-themes-extra.override { (prev.gnome-themes-extra.override {
gtk2 = prev.emptyDirectory; gtk2 = prev.emptyDirectory;
}) }).overrideAttrs
.overrideAttrs { {
configureFlags = ["--disable-gtk2-engine"]; configureFlags = [ "--disable-gtk2-engine" ];
}; };
sway-unwrapped = addPatches prev.sway-unwrapped [ sway-unwrapped = addPatches prev.sway-unwrapped [
# text_input: Implement input-method popups # text_input: Implement input-method popups

View file

@ -1,10 +1,12 @@
# NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`, # NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`,
# only keeping some packages that only fits for personal use. # only keeping some packages that only fits for personal use.
pkgs: let pkgs:
let
inherit (pkgs) callPackage; inherit (pkgs) callPackage;
in { in
{
# https://github.com/NixOS/nixpkgs/pull/308720 # https://github.com/NixOS/nixpkgs/pull/308720
pixivfe = callPackage ./pixivfe.nix {}; pixivfe = callPackage ./pixivfe.nix { };
background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src; background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src;
} }

View file

@ -23,7 +23,7 @@ buildGoModule rec {
"-w" "-w"
]; ];
nativeBuildInputs = [makeBinaryWrapper]; nativeBuildInputs = [ makeBinaryWrapper ];
postInstall = '' postInstall = ''
mkdir -p $out/share/pixivfe mkdir -p $out/share/pixivfe
@ -37,7 +37,7 @@ buildGoModule rec {
homepage = "https://codeberg.org/VnPower/PixivFE"; homepage = "https://codeberg.org/VnPower/PixivFE";
license = lib.licenses.agpl3Only; license = lib.licenses.agpl3Only;
mainProgram = "pixivfe"; mainProgram = "pixivfe";
maintainers = with lib.maintainers; [Guanran928]; maintainers = with lib.maintainers; [ Guanran928 ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
}; };
} }

View file

@ -2,7 +2,7 @@
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
### nix ### nix
programs.alejandra.enable = true; programs.nixfmt.enable = true;
programs.deadnix.enable = true; programs.deadnix.enable = true;
programs.statix.enable = true; programs.statix.enable = true;