nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: nyancat:7be816cc69866197ad78a5fed12bafb195d4b093
Branches Tags
nyancat:master
..
compare: nyancat:7967a123864b5cf6095e19913a5b2208ff7cb235
Branches Tags
nyancat:master

No commits in common. "7be816cc69866197ad78a5fed12bafb195d4b093" and "7967a123864b5cf6095e19913a5b2208ff7cb235" have entirely different histories.
7be816cc69 ... 7967a12386

111 changed files with 2179 additions and 1130 deletions
Show stats Expand all files Collapse all files

12
.sops.yaml
View file

@ -18,18 +18,6 @@ creation_rules:
- age: - age:
- *guanranwang - *guanranwang
- *lightsail-tokyo - *lightsail-tokyo
- path_regex: nixos/profiles/opt-in/mihomo/secrets.yaml$
key_groups:
- age:
- *guanranwang
- *aristotle
- *blacksteel
- path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$
key_groups:
- age:
- *guanranwang
- *aristotle
- *blacksteel
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:

56
README.md
View file

@ -4,6 +4,9 @@ It just works™
## Structure ## Structure
Any directory or file that is prefixed with an `_` (underscore) means that the
whole directory/file is unused in this repository.
``` ```
 .  .
│ # Darwin configuration is not actively maintained and sometimes it might │ # Darwin configuration is not actively maintained and sometimes it might
@ -14,7 +17,7 @@ It just works™
│ ├──  modules │ ├──  modules
│ └──  profiles │ └──  profiles
│ # Internal packages, please see github:Guanran928/nur-packages instead │ # Personal packages, please see github:Guanran928/nur-packages instead
├──  pkgs ├──  pkgs
├──  hosts ├──  hosts
├──  overlays ├──  overlays
@ -24,3 +27,54 @@ It just works™
└──  README.md └──  README.md
``` ```
## Installation:
Please don't.
### NixOS:
1. Clone this repository
`$ git clone https://github.com/Guanran928/flake.git`
2. Add your device's hardware configuration in `./flake.nix` and
`./hosts/<hostname>`
3. Install NixOS
`$ nixos-install --flake <this flake's directory>#<hostname>`
### macOS:
1. Install Nix using [`Determinate Nix Installer`](https://github.com/DeterminateSystems/nix-installer)
`$ curl --proto '=https' --tlsv1.2 -fsSL https://install.determinate.systems/nix | sh -s -- install`
2. Clone this repository
`$ git clone https://github.com/Guanran928/flake.git`
3. Add your device's hardware configuration in `./flake.nix` and
`./hosts/<hostname>`
4. Install [`nix-darwin`](https://github.com/LnL7/nix-darwin?tab=readme-ov-file#flakes)
`$ nix run nix-darwin -- --flake <this flake's directory>#<hostname> switch`
### Nix-On-Droid:
1. Install [`nix-on-droid`](https://github.com/nix-community/nix-on-droid) and bootstrap with Flakes
F-Droid: https://f-droid.org/packages/com.termux.nix
2. Clone this repository
`$ nix shell nixpkgs#git`
`$ git clone https://github.com/Guanran928/flake.git`
3. Add your device's configuration in `./flake.nix` and `./hosts/<hostname>`
4. Setup Nix-On-Droid
`$ nix-on-droid --flake <this flake's directory>#<hostname>switch`

2
darwin/modules/default.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./networking/proxy.nix ./networking/proxy.nix
./services/mihomo.nix ./services/clash.nix
]; ];
} }

21
darwin/modules/services/mihomo.nix → darwin/modules/services/clash.nix
View file

@ -4,24 +4,30 @@
pkgs, pkgs,
... ...
}: let }: let
cfg = config.services.mihomo; cfg = config.services.clash;
in { in {
options.services.mihomo = { options.services.clash = {
enable = lib.mkEnableOption "Whether to enable Mihomo, A rule-based proxy in Go."; enable = lib.mkEnableOption "Whether to enable Clash, A rule-based proxy in Go.";
package = lib.mkPackageOption pkgs "mihomo" {}; package = lib.mkPackageOption pkgs "clash" {};
configFile = lib.mkOption {
default = null;
type = lib.types.nullOr lib.types.path;
description = "Configuration file to use.";
};
webui = lib.mkOption { webui = lib.mkOption {
default = null; default = null;
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
description = '' description = ''
Local web interface to use. Local web interface to use.
You can also use the following website, just in case:
- metacubexd: - metacubexd:
- http://d.metacubex.one - http://d.metacubex.one
- https://metacubex.github.io/metacubexd - https://metacubex.github.io/metacubexd
- https://metacubexd.pages.dev - https://metacubexd.pages.dev
- yacd: - yacd:
- https://yacd.haishan.me - https://yacd.haishan.me
- clash-dashboard: - clash-dashboard (buggy):
- https://clash.razord.top - https://clash.razord.top
''; '';
}; };
@ -35,10 +41,11 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
### launchd service ### launchd service
# TODO: not run as root user # TODO: not run as root user
launchd.daemons."mihomo" = { launchd.daemons."clash" = {
command = builtins.concatStringsSep " " [ command = builtins.concatStringsSep " " [
(lib.getExe cfg.package) (lib.getExe cfg.package)
"-d /etc/mihomo" "-d /etc/clash"
(lib.optionalString (cfg.configFile != null) "-f ${cfg.configFile}")
(lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}") (lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}")
(lib.optionalString (cfg.extraOpts != null) cfg.extraOpts) (lib.optionalString (cfg.extraOpts != null) cfg.extraOpts)
]; ];

15
darwin/profiles/common/core/nix/nix.nix
View file

@ -1,5 +1,4 @@
{ {
lib,
pkgs, pkgs,
config, config,
... ...
@ -7,15 +6,23 @@
nix.settings = { nix.settings = {
trusted-users = ["@admin"]; trusted-users = ["@admin"];
substituters = substituters =
(lib.optionals (config.time.timeZone == "Asia/Shanghai") [ {
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" # TUNA - 清华大学 Mirror "Asia/Shanghai" = [
]) "https://mirror.sjtu.edu.cn/nix-channels/store" # SJTU - 上海交通大学 Mirror
"https://mirrors.ustc.edu.cn/nix-channels/store" # USTC - 中国科学技术大学 Mirror
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" # TUNA - 清华大学 Mirror
];
}
.${config.time.timeZone}
or []
++ [ ++ [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.garnix.io"
"https://guanran928.cachix.org" "https://guanran928.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c=" "guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c="
]; ];
use-xdg-base-directories = true; use-xdg-base-directories = true;

8
darwin/profiles/common/opt-in/gaming/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
### home-manager
home-manager.users.guanranwang = import ./home;
homebrew.casks = [
"steam"
];
}

5
darwin/profiles/common/opt-in/gaming/home/default.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
imports = [
../../../../../home/applications/prismlauncher
];
}

11
darwin/profiles/common/opt-in/mihomo.nix
View file

@ -1,7 +1,12 @@
{pkgs, ...}: { {
services.mihomo = { pkgs,
config,
...
}: {
services.clash = {
enable = true; enable = true;
webui = pkgs.metacubexd; package = pkgs.clash-meta;
webui = config.nur.repos.guanran928.metacubexd;
}; };
### System proxy settings ### System proxy settings

10
darwin/profiles/desktop/home/default.nix
View file

@ -5,8 +5,9 @@
... ...
}: { }: {
imports = map (n: ../../../../home/applications/${n}) [ imports = map (n: ../../../../home/applications/${n}) [
"alacritty"
"go" "go"
# "mpv" "mpv"
"nix" "nix"
]; ];
@ -31,4 +32,11 @@
dockutil dockutil
gawk gawk
]; ];
# macOS don't have fontconfig
programs = let
monospace = "JetBrainsMono Nerd Font";
in {
alacritty.settings.font.normal.family = monospace;
};
} }

11
darwin/profiles/desktop/packages/_homebrew.nix Normal file
View file

@ -0,0 +1,11 @@
{
homebrew = {
enable = true;
casks = [
"altserver"
"squirrel"
"librewolf"
"google-chrome"
];
};
}

1
darwin/profiles/desktop/packages/default.nix
View file

@ -1,6 +1,7 @@
{...}: { {...}: {
imports = [ imports = [
./fonts.nix ./fonts.nix
# ./homebrew.nix
./window-manager.nix ./window-manager.nix
]; ];
} }

3
darwin/profiles/desktop/packages/fonts.nix
View file

@ -1,5 +1,6 @@
{pkgs, ...}: { {pkgs, ...}: {
fonts.packages = with pkgs; [ fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
(nerdfonts.override {fonts = ["JetBrainsMono"];}) (nerdfonts.override {fonts = ["JetBrainsMono"];})
]; ];
} }

1
darwin/profiles/desktop/packages/window-manager.nix
View file

@ -21,7 +21,6 @@
skhd = { skhd = {
enable = true; enable = true;
skhdConfig = '' skhdConfig = ''
# FIXME
cmd - return : open -n ${pkgs.alacritty}/Applications/Alacritty.app cmd - return : open -n ${pkgs.alacritty}/Applications/Alacritty.app
cmd - 1 : yabai -m space --focus 1 # Focus space cmd - 1 : yabai -m space --focus 1 # Focus space

195
flake.lock
View file

@ -10,11 +10,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720211568, "lastModified": 1717970544,
"narHash": "sha256-Uph6rcbiuOD6bGEySonDFozdO+mznTug08x27WG4BIg=", "narHash": "sha256-YX43aaegfqjXaZ3S+z0JI7SKOEE1Afqm/I9FBIezJ7A=",
"owner": "ezKEa", "owner": "ezKEa",
"repo": "aagl-gtk-on-nix", "repo": "aagl-gtk-on-nix",
"rev": "ce7e02b20fe45425bbdbebc6fe0fdcc018c9efc6", "rev": "85c380e4e80fbc21d25165626ad2897cbb11af4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,6 +23,29 @@
"type": "github" "type": "github"
} }
}, },
"berberman": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nvfetcher": [
"nvfetcher"
]
},
"locked": {
"lastModified": 1718252558,
"narHash": "sha256-Yph5ocpdI3a1Ib+V9BQ4/0YyO4UVn8J0WeAvOLYGaGk=",
"owner": "berberman",
"repo": "flakes",
"rev": "73949fb5964f243ff9c28887bfc99c2fe12407c3",
"type": "github"
},
"original": {
"owner": "berberman",
"repo": "flakes",
"type": "github"
}
},
"crane": { "crane": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -30,11 +53,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721058578, "lastModified": 1718078026,
"narHash": "sha256-fs/PVa3H5dS1//4BjecWi3nitXm5fRObx0JxXIAo+JA=", "narHash": "sha256-LbQabH6h86ZzTvDnaZHmMwedRZNB2jYtUQzmoqWQoJ8=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "17e5109bb1d9fb393d70fba80988f7d70d1ded1a", "rev": "a3f0c63eed74a516298932b9b1627dd80b9c3892",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -50,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721266288, "lastModified": 1718242063,
"narHash": "sha256-MsyTzXu9CJVcBr44ct8ILKF/Ro7VlF+tVZTylzAoXSs=", "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "e8e8d9a3a9c1d0e654ccda7834bf0288a9d15c47", "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,11 +108,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719994518, "lastModified": 1717285511,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -145,11 +168,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721135958, "lastModified": 1718243258,
"narHash": "sha256-H548rpPMsn25LDKn1PCFmPxmWlClJJGnvdzImHkqjuY=", "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "afd2021bedff2de92dfce0e257a3d03ae65c603d", "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -160,11 +183,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1719091691, "lastModified": 1717932370,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", "narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", "rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -198,11 +221,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719818887, "lastModified": 1718218065,
"narHash": "sha256-Bogl1pJlgby7OpR16jp8zwOWV7FHRxCsnNxHcisyIq0=", "narHash": "sha256-fKC7Ryg3AYykDrS2ilS1VqA8/9B2m3yFZcshK+7tIEc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "0e6457c98547ec8866714d4222545e7e8c1ae429", "rev": "7cb05fab896bd542c0ca4260d74d9d664cd7b56e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -227,17 +250,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720421091, "lastModified": 1712745718,
"narHash": "sha256-BWvb+z+5LgfjIUIDrNr1Yv5R6ouDLKduZUoJKIQ83as=", "narHash": "sha256-pAPGjjPEC5Y3DeuqSlDgFRPAZStA1doWowOvmPY7jvk=",
"ref": "refs/heads/master", "owner": "Guanran928",
"rev": "012748be4f7011416261ec2d60adde19bf17d010", "repo": "nvim",
"revCount": 67, "rev": "3fbc02368d9d554ac2918e48112fbc25957fb03a",
"type": "git", "type": "github"
"url": "https://git.ny4.dev/nyancat/nvim"
}, },
"original": { "original": {
"type": "git", "owner": "Guanran928",
"url": "https://git.ny4.dev/nyancat/nvim" "repo": "nvim",
"type": "github"
} }
}, },
"nix-darwin": { "nix-darwin": {
@ -247,11 +270,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721270582, "lastModified": 1718345812,
"narHash": "sha256-MdZmYPPExntE5rJu88IhJSy8Um4UyZCTXhOwvzbjDVI=", "narHash": "sha256-FJhA+YFsOFrAYe6EaiTEfomNf7jeURaPiG5/+a3DRSc=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "a3e4a7b8ffc08c7dc1973822a77ad432e1ec3dec", "rev": "ff988d78f2f55641efacdf9a585d2937f7e32a9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -322,13 +345,33 @@
"type": "github" "type": "github"
} }
}, },
"nixcasks": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1718401149,
"narHash": "sha256-THXbbmhDZjEnc+372GYl3JpXKkkuo7nhShv66Reklsk=",
"owner": "jacekszymanski",
"repo": "nixcasks",
"rev": "d35924a6bd7c8a34f31e885754a5564ea06ab833",
"type": "github"
},
"original": {
"owner": "jacekszymanski",
"repo": "nixcasks",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1720737798, "lastModified": 1718349360,
"narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", "narHash": "sha256-SuPne4BMqh9/IkKIAG47Cu5qfmntAaqlHdX1yuFoDO0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", "rev": "ae5c8dcc4d0182d07d75df2dc97112de822cb9d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -354,11 +397,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1721116560, "lastModified": 1718276985,
"narHash": "sha256-++TYlGMAJM1Q+0nMVaWBSEvEUjRs7ZGiNQOpqbQApCU=", "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9355fa86e6f27422963132c2c9aeedb0fb963d93", "rev": "3f84a279f1a6290ce154c5531378acc827836fbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -370,11 +413,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1720535198, "lastModified": 1718229064,
"narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "narHash": "sha256-ZFav8A9zPNfjZg/wrxh1uZeMJHELRfRgFP+meq01XYk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "rev": "5c2ec3a5c2ee9909904f860dadc19bc12cd9cc44",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -425,11 +468,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1721267475, "lastModified": 1718400242,
"narHash": "sha256-NlMApJs43ao6XhzG27HTkz8xK/UeeyfosVy7EswgzRg=", "narHash": "sha256-gLX2eyWb8lVxwI5Uv0F5WKb+YwvlDYnI+sSQB2xMqhw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "2ed5571f569d46f5b450dee4d4a1de6cb20ded55", "rev": "d50ea2706590f0edce9f49d8990dbcf82cdb66ec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -438,6 +481,32 @@
"type": "github" "type": "github"
} }
}, },
"nvfetcher": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718252448,
"narHash": "sha256-xZZBdKqe1ByITzvx65pVgGQ5jeb73MybjgrcfI84lEo=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "fa7609950023462c6f91c425de7610c0bb6b86ba",
"type": "github"
},
"original": {
"owner": "berberman",
"repo": "nvfetcher",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -454,11 +523,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721042469, "lastModified": 1717664902,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -470,6 +539,7 @@
"root": { "root": {
"inputs": { "inputs": {
"aagl": "aagl", "aagl": "aagl",
"berberman": "berberman",
"crane": "crane", "crane": "crane",
"disko": "disko", "disko": "disko",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -483,6 +553,7 @@
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-formatter-pack": "nix-formatter-pack", "nix-formatter-pack": "nix-formatter-pack",
"nix-on-droid": "nix-on-droid", "nix-on-droid": "nix-on-droid",
"nixcasks": "nixcasks",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-sensible": "nixos-sensible", "nixos-sensible": "nixos-sensible",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
@ -490,6 +561,7 @@
"nmd": "nmd", "nmd": "nmd",
"nmt": "nmt", "nmt": "nmt",
"nur": "nur", "nur": "nur",
"nvfetcher": "nvfetcher",
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"scss-reset": "scss-reset", "scss-reset": "scss-reset",
@ -501,16 +573,19 @@
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1721269159, "lastModified": 1718331519,
"narHash": "sha256-eHrGuKZKQb762qdCkrfoyyxXLKumYhiXJca1ig0RftE=", "narHash": "sha256-6Ru37wS8uec626nHVIh6hSpCYB7eNc3RPFa2U//bhw4=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "c3e217122ac55680606d69bc693bdf262f14f602", "rev": "419e7fae2731f41dd9b3e34dfe8802be68558b92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -545,11 +620,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720926522, "lastModified": 1718137936,
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=", "narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617", "rev": "c279dec105dd53df13a5e57525da97905cc0f0d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -565,11 +640,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721263500, "lastModified": 1718239576,
"narHash": "sha256-6l0+MciXkktANuZ+Rwc6BZJxtMi7jHZRiSnzG+xpwyk=", "narHash": "sha256-Afdz9oCQf8VCGXUhI8KxdJg9gc+fepZK//mYsijfhFw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "srvos", "repo": "srvos",
"rev": "ef4f2248e1bbd84a0dd269ab31b9927d9c0bf2e6", "rev": "d6280e5c12c4ddb26f0807387777786c66e4c552",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -600,11 +675,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721059077, "lastModified": 1718271476,
"narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=", "narHash": "sha256-35hUMmFesmchb+u7heKHLG5B6c8fBOcSYo0jj0CHLes=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "0fb28f237f83295b4dd05e342f333b447c097398", "rev": "e75ba0a6bb562d2ce275db28f6a36a2e4fd81391",
"type": "github" "type": "github"
}, },
"original": { "original": {

40
flake.nix
View file

@ -15,6 +15,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-compat.follows = "flake-compat"; inputs.flake-compat.follows = "flake-compat";
}; };
berberman = {
url = "github:berberman/flakes";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nvfetcher.follows = "nvfetcher";
};
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -41,7 +46,7 @@
inputs.rust-overlay.follows = "rust-overlay"; inputs.rust-overlay.follows = "rust-overlay";
}; };
neovim = { neovim = {
url = "git+https://git.ny4.dev/nyancat/nvim"; url = "github:Guanran928/nvim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
inputs.treefmt-nix.follows = "treefmt-nix"; inputs.treefmt-nix.follows = "treefmt-nix";
@ -66,6 +71,11 @@
inputs.nix-formatter-pack.follows = "nix-formatter-pack"; inputs.nix-formatter-pack.follows = "nix-formatter-pack";
inputs.nmd.follows = "nmd"; inputs.nmd.follows = "nmd";
}; };
nixcasks = {
# contains unfree
url = "github:jacekszymanski/nixcasks";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
}; };
@ -115,6 +125,12 @@
url = "sourcehut:~rycee/nmt"; url = "sourcehut:~rycee/nmt";
flake = false; flake = false;
}; };
nvfetcher = {
url = "github:berberman/nvfetcher";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-compat.follows = "flake-compat";
inputs.flake-utils.follows = "flake-utils";
};
pre-commit-hooks-nix = { pre-commit-hooks-nix = {
url = "github:cachix/pre-commit-hooks.nix"; url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -125,6 +141,7 @@
rust-overlay = { rust-overlay = {
url = "github:oxalica/rust-overlay"; url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
}; };
scss-reset = { scss-reset = {
url = "github:andreymatin/scss-reset"; url = "github:andreymatin/scss-reset";
@ -144,23 +161,12 @@
checks = {formatting = treefmtEval.config.build.check inputs.self;}; checks = {formatting = treefmtEval.config.build.check inputs.self;};
### nix {run,shell,build} ### nix {run,shell,build}
legacyPackages = import ./pkgs pkgs; packages = import ./pkgs pkgs;
### nix develop
devShells.default = pkgs.mkShell {
packages = with pkgs; [
alejandra
colmena
git
sops
];
};
}) })
// (let // (let
mkNixOS = system: modules: mkNixOS = system: modules:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
inherit system; inherit system modules;
modules = [./nixos/profiles/core] ++ modules;
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
}; };
@ -197,7 +203,7 @@
}; };
nixOnDroidConfigurations = { nixOnDroidConfigurations = {
"enchilada" = mkDroid [./hosts/enchilada]; "socrates" = mkDroid [./hosts/socrates];
}; };
colmena = { colmena = {
@ -208,10 +214,6 @@
}; };
}; };
defaults.imports = [
./nixos/profiles/core
];
"lightsail-tokyo" = { "lightsail-tokyo" = {
imports = [./hosts/lightsail-tokyo]; imports = [./hosts/lightsail-tokyo];
deployment.targetHost = "tyo0.ny4.dev"; deployment.targetHost = "tyo0.ny4.dev";

23
home/applications/alacritty/default.nix Normal file
View file

@ -0,0 +1,23 @@
{
lib,
pkgs,
...
}: {
programs.alacritty = {
enable = true;
settings = {
import = [
"${pkgs.vimPlugins.tokyonight-nvim}/extras/alacritty/tokyonight_night.toml"
];
cursor.style = "beam";
font.size = 10;
# workaround for scaling in X11
env.WINIT_X11_SCALE_FACTOR = "1";
# for zellij on macOS
window.option_as_alt = lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "Both";
};
};
}

1
home/applications/bat/default.nix
View file

@ -1,6 +1,7 @@
{ {
programs.bat.enable = true; programs.bat.enable = true;
home.sessionVariables = { home.sessionVariables = {
"PAGER" = "bat";
"MANPAGER" = "sh -c 'col -bx | bat -l man -p'"; "MANPAGER" = "sh -c 'col -bx | bat -l man -p'";
"MANROFFOPT" = "-c"; "MANROFFOPT" = "-c";
}; };

9
home/applications/common/wayland.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
home.sessionVariables = {
NIXOS_OZONE_WL = "1"; # let electron applications use wayland
};
home.packages = with pkgs; [
wl-clipboard
];
}

8
home/applications/common/wm.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs, ...}: {
home.packages = with pkgs; [pwvucontrol];
# remove csd window buttons
# https://github.com/localsend/localsend/blob/2457acd8a7412723b174672d174e4853dccd7d99/app/linux/my_application.cc#L45
home.sessionVariables.GTK_CSD = 0;
dconf.settings."org/gnome/desktop/wm/preferences"."button-layout" = "icon,appmenu:";
}

22
home/applications/fcitx5/default.nix
View file

@ -1,15 +1,23 @@
{pkgs, ...}: { {
pkgs,
inputs,
...
}: {
i18n.inputMethod = { i18n.inputMethod = {
enabled = "fcitx5"; enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5.addons =
qt6Packages.fcitx5-chinese-addons (with pkgs; [
fcitx5-pinyin-minecraft libsForQt5.fcitx5-chinese-addons
fcitx5-pinyin-moegirl fcitx5-tokyonight
fcitx5-pinyin-zhwiki ])
]; ++ (with inputs.berberman.packages.${pkgs.stdenv.hostPlatform.system}; [
fcitx5-pinyin-moegirl
fcitx5-pinyin-zhwiki
]);
}; };
xdg.configFile."fcitx5/conf/classicui.conf".text = '' xdg.configFile."fcitx5/conf/classicui.conf".text = ''
Theme=Tokyonight-Storm
Vertical Candidate List=True Vertical Candidate List=True
PreferTextIcon=True PreferTextIcon=True
''; '';

23
home/applications/firefox/default.nix
View file

@ -1,16 +1,19 @@
{pkgs, ...}: { {pkgs, ...}: {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox.override { profiles."default" = {
extraPrefsFiles = [ extraConfig = ''
"${pkgs.arkenfox-userjs}/user.cfg" ${builtins.readFile (pkgs.fetchurl {
(pkgs.runCommandLocal "userjs" {} '' # FIXME: IFD
install -Dm644 ${./user-overrides.js} $out url = "https://raw.githubusercontent.com/arkenfox/user.js/126.1/user.js";
substituteInPlace $out \ hash = "sha256-XRtG0iLKh8uqbeX7Rc2H6VJwZYJoNZPBlAfZEfrSCP4=";
--replace-fail "user_pref" "defaultPref" })}
'') ${builtins.readFile ./user-overrides.js}
]; '';
}; };
profiles."default" = {}; };
home.sessionVariables = {
MOZ_USE_XINPUT2 = "1";
}; };
} }

27
home/applications/fish/default.nix
View file

@ -3,6 +3,7 @@
enable = true; enable = true;
interactiveShellInit = '' interactiveShellInit = ''
set fish_greeting set fish_greeting
source ${pkgs.vimPlugins.tokyonight-nvim}/extras/fish/tokyonight_night.fish
''; '';
plugins = [ plugins = [
{ {
@ -13,10 +14,36 @@
name = "done"; name = "done";
inherit (pkgs.fishPlugins.done) src; inherit (pkgs.fishPlugins.done) src;
} }
#{
# name = "tide";
# src = pkgs.fishPlugins.tide.src;
#}
{
name = "sponge";
inherit (pkgs.fishPlugins.sponge) src;
}
{ {
name = "puffer"; name = "puffer";
inherit (pkgs.fishPlugins.puffer) src; inherit (pkgs.fishPlugins.puffer) src;
} }
{
name = "sudope";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-sudope";
rev = "83919a692bc1194aa322f3627c859fecace5f496";
hash = "sha256-pD4rNuqg6TG22L9m8425CO2iqcYm8JaAEXIVa0H/v/U=";
};
}
{
name = "fish-abbreviation-tips";
src = pkgs.fetchFromGitHub {
owner = "gazorby";
repo = "fish-abbreviation-tips";
rev = "8ed76a62bb044ba4ad8e3e6832640178880df485";
hash = "sha256-F1t81VliD+v6WEWqj1c1ehFBXzqLyumx5vV46s/FZRU=";
};
}
]; ];
}; };
} }

10
home/applications/foot/default.nix
View file

@ -1,10 +0,0 @@
{
programs.foot = {
enable = true;
settings = {
main.font = "monospace:size=10";
main.resize-by-cells = false;
cursor.style = "beam";
};
};
}

5
home/applications/git/default.nix
View file

@ -8,10 +8,7 @@
signing.signByDefault = true; signing.signByDefault = true;
signing.key = "91F97D9ED12639CF"; signing.key = "91F97D9ED12639CF";
extraConfig = { extraConfig.pull.rebase = true;
pull.rebase = true;
push.autoSetupRemote = true;
};
}; };
programs.gh.enable = true; programs.gh.enable = true;

30
home/applications/kanshi/default.nix
View file

@ -1,30 +0,0 @@
{
services.kanshi = {
enable = true;
settings = [
{
profile.name = "internal";
profile.outputs = [
{
criteria = "eDP-1";
status = "enable";
}
];
}
{
profile.name = "external";
profile.outputs = [
{
criteria = "eDP-1";
status = "disable";
}
{
criteria = "ASUSTek COMPUTER INC VG27AQML1A S5LMQS059959";
mode = "2560x1440@240.001007";
status = "enable";
}
];
}
];
};
}

74
home/applications/mpv/default.nix
View file

@ -17,68 +17,18 @@
slang = "eng,en"; slang = "eng,en";
}; };
scripts = # FIXME: https://github.com/nix-community/home-manager/pull/5524
(with pkgs.mpvScripts; [ package = pkgs.mpv-unwrapped.wrapper {
modernx-zydezu mpv = pkgs.mpv-unwrapped;
thumbfast scripts =
]) (with pkgs.mpvScripts; [
++ lib.optional pkgs.stdenv.hostPlatform.isLinux pkgs.mpvScripts.mpris; thumbfast
sponsorblock
bindings = let modernx-zydezu
inherit (pkgs) anime4k; ])
setShader = message: files: ''no-osd change-list glsl-shaders set "${lib.concatStringsSep ":" files}"; show-text "${message}"''; ++ lib.optionals pkgs.stdenv.hostPlatform.isLinux (with pkgs.mpvScripts; [
in { mpris
"CTRL+1" = setShader "Anime4K: Mode A (Fast)" [ ]);
"${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Restore_CNN_M.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+2" = setShader "Anime4K: Mode B (Fast)" [
"${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+3" = setShader "Anime4K: Mode C (Fast)" [
"${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+4" = setShader "Anime4K: Mode A+A (Fast)" [
"${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Restore_CNN_M.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
"${anime4k}/Anime4K_Restore_CNN_S.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+5" = setShader "Anime4K: Mode B+B (Fast)" [
"${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Restore_CNN_Soft_M.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_M.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Restore_CNN_Soft_S.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+6" = setShader "Anime4K: Mode C+A (Fast)" [
"${anime4k}/Anime4K_Clamp_Highlights.glsl"
"${anime4k}/Anime4K_Upscale_Denoise_CNN_x2_M.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x2.glsl"
"${anime4k}/Anime4K_AutoDownscalePre_x4.glsl"
"${anime4k}/Anime4K_Restore_CNN_S.glsl"
"${anime4k}/Anime4K_Upscale_CNN_x2_S.glsl"
];
"CTRL+0" = ''no-osd change-list glsl-shaders clr ""; show-text "GLSL shaders cleared"'';
}; };
}; };
} }

2
home/applications/nautilus/default.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = [pkgs.nautilus]; home.packages = [pkgs.gnome.nautilus];
dconf.settings = { dconf.settings = {
"org/gnome/nautilus/list-view".default-zoom-level = "small"; "org/gnome/nautilus/list-view".default-zoom-level = "small";
"org/gnome/nautilus/preferences".default-folder-viewer = "list-view"; "org/gnome/nautilus/preferences".default-folder-viewer = "list-view";

10
home/applications/neovim/default.nix
View file

@ -8,7 +8,17 @@
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
}) })
#pkgs.lunarvim
]; ];
home.sessionVariables."EDITOR" = "nvim"; home.sessionVariables."EDITOR" = "nvim";
# TODO: still couldn't make it work
#programs.neovim = {
# enable = true;
# viAlias = true;
# vimAlias = true;
#
# package = inputs.neovim.packages.${pkgs.stdenv.hostPlatform.system}.default;
#};
} }

21
home/applications/nix/default.nix
View file

@ -1,27 +1,26 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
# lsp # lsp
alejandra
deadnix
nil nil
alejandra
statix statix
deadnix
# nixpkgs PRs # nixpkgs PRs
nix-init
nix-update
nixfmt-rfc-style nixfmt-rfc-style
nixpkgs-review nix-update
nix-init
# misc # misc
colmena
comma
nh nh
nix-index
nix-output-monitor nix-output-monitor
nix-tree nix-index
comma
sops sops
colmena
]; ];
# nh # for `nh`
home.sessionVariables.FLAKE = "/home/guanranwang/Documents/Projects/flake"; # yes, i know, weird and long path
home.sessionVariables.FLAKE = "/home/guanranwang/Documents/Projects/git-repos/github.com/Guanran928/flake";
} }

20
home/applications/rofi/default.nix Normal file
View file

@ -0,0 +1,20 @@
{
pkgs,
lib,
...
}: {
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
font = "monospace";
terminal = lib.getExe pkgs.alacritty;
};
home.packages = with pkgs; [rofi-power-menu];
# Yes, because I have no idea how to use programs.rofi.theme
xdg.configFile."rofi" = {
source = ./rofi;
recursive = true;
};
}

4
home/applications/rofi/rofi/colors.rasi Normal file
View file

@ -0,0 +1,4 @@
* {
bg: #16161e;
fg: #6a6f87;
}

130
home/applications/rofi/rofi/config.rasi Normal file
View file

@ -0,0 +1,130 @@
/*
* Rofi config file
* ~/.config/rofi/config.rasi
*
* Modified from https://github.com/Sinomor/dots/tree/main/.config/bspwm/rofi
* Really clean and cozy dotfiles btw, liked it :D
*/
configuration {
display-drun: ">";
display-clipboard: ">";
drun-display-format: "{name}";
modi: "drun";
}
@import "~/.config/rofi/colors.rasi"
* {
font: "JetBrains Mono SemiBold 14";
separatorcolor: transparent;
border: 0;
margin: 0;
padding: 0;
spacing: 0;
}
window {
width: 420px;
border-radius: 0;
border: 0;
padding: 0;
background-color: @bg;
}
mainbox {
background-color: transparent;
children: [inputbar,listview];
padding: 10;
}
listview {
scrollbar: false;
padding: 2 0;
background-color: transparent;
columns: 1;
lines: 6;
margin: 8 0 0 0;
}
inputbar {
children: [prompt, entry];
background-color: transparent;
border-radius: 0;
}
prompt {
background-color: transparent;
text-color: @fg;
enabled: true;
border-radius: 0;
padding: 4 10 0 10;
}
entry {
background-color: transparent;
text-color: @fg;
placeholder-color: @fg;
border-radius: 0;
placeholder: "Search...";
blink: false;
padding: 4;
}
element {
background-color: transparent;
padding: 10;
border-radius: 0;
}
element-text {
background-color: inherit;
text-color: inherit;
expand: true;
horizontal-align: 0;
vertical-align: 0.5;
}
element-icon {
background-color: inherit;
text-color: inherit;
padding: 0 10 0 0;
}
element.normal.normal {
background-color: transparent;
text-color: @fg;
}
element.normal.urgent {
background-color: transparent;
text-color: @fg;
}
element.normal.active {
background-color: transparent;
text-color: @bg;
}
element.selected.normal {
background-color: @fg;
text-color: @bg;
}
element.selected.urgent {
background-color: @fg;
text-color: @bg;
}
element.selected.active {
background-color: @fg;
text-color: @bg;
}
element.alternate.normal {
background-color: transparent;
text-color: @fg;
}
element.alternate.urgent {
background-color: transparent;
text-color: @fg;
}
element.alternate.active {
background-color: transparent;
text-color: @fg;
}

9
home/applications/skim/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
programs.skim = {
enable = true;
# SPEED: fd > rg > find
# STARTUP TIME: find > rg > fd
defaultCommand = "fd --color never || rg --files --color never || find";
};
}

12
home/applications/starship/default.nix
View file

@ -1,9 +1,11 @@
{pkgs, ...}: { {
pkgs,
lib,
...
}: {
programs.starship = { programs.starship = {
enable = true; enable = true;
}; # FIXME: IFD
settings = lib.importTOML "${pkgs.starship}/share/starship/presets/nerd-font-symbols.toml";
home.sessionVariables = {
"STARSHIP_CONFIG" = "${pkgs.starship}/share/starship/presets/nerd-font-symbols.toml";
}; };
} }

BIN
home/applications/sway/background.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.1 MiB

45
home/applications/sway/default.nix
View file

@ -2,28 +2,15 @@
config, config,
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: {
# https://www.pixiv.net/en/artworks/49983419
image = pkgs.fetchurl {
url = "https://i.pximg.net/img-original/img/2015/04/23/12/43/35/49983419_p0.jpg";
hash = "sha256-JZ5VmsjVjZfHXpx3JxzAyYzZppZmgH38AiAA+B0TDiw=";
curlOptsList = ["-e" "https://www.pixiv.net/"];
};
# Crop 100px on top and bottom
background = pkgs.runCommandLocal "49983419_p0.jpg" {} ''
${lib.getExe pkgs.imagemagick} convert ${image} -crop 3500x1600+0+100 $out
'';
in {
imports = [ imports = [
../i3status-rust ../i3status-rust
../kanshi
../mako ../mako
../rofi
../swayidle ../swayidle
../swaylock ../swaylock
# FIXME: hack
./unset-im-module.nix
]; ];
home.sessionVariables = { home.sessionVariables = {
@ -38,11 +25,17 @@ in {
# remove csd window buttons # remove csd window buttons
# https://github.com/localsend/localsend/blob/2457acd8a7412723b174672d174e4853dccd7d99/app/linux/my_application.cc#L45 # https://github.com/localsend/localsend/blob/2457acd8a7412723b174672d174e4853dccd7d99/app/linux/my_application.cc#L45
home.sessionVariables.GTK_CSD = 0; home.sessionVariables.GTK_CSD = 0;
dconf.settings."org/gnome/desktop/wm/preferences"."button-layout" = "appmenu:"; dconf.settings."org/gnome/desktop/wm/preferences"."button-layout" = "icon,appmenu:";
services.cliphist.enable = true; services.cliphist.enable = true;
services.udiskie.enable = true; services.udiskie.enable = true;
home.sessionVariables = {
# NOTE: don't use "wayland" in GTK_IM_MODULE! it will crash X11 electron apps
GTK_IM_MODULE = lib.mkForce ""; # use text-input-v3
QT_IM_MODULE = lib.mkForce ""; # use text-input-v3
};
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false; # wtf? checkConfig = false; # wtf?
@ -56,7 +49,8 @@ in {
]; ];
### Visuals ### Visuals
output."*".bg = "${background} fill"; # https://danbooru.donmai.us/posts/6018861
output."*".bg = "${./background.png} fill";
bars = [ bars = [
{ {
statusCommand = "${lib.getExe pkgs.i3status-rust} $HOME/.config/i3status-rust/config-default.toml"; statusCommand = "${lib.getExe pkgs.i3status-rust} $HOME/.config/i3status-rust/config-default.toml";
@ -91,6 +85,7 @@ in {
modifier = "Mod4"; modifier = "Mod4";
keybindings = let keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier; inherit (config.wayland.windowManager.sway.config) modifier;
screenshot = lib.getExe inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.scripts.screenshot;
in in
{ {
### Sway itself ### Sway itself
@ -114,17 +109,19 @@ in {
### Execute other stuff ### Execute other stuff
# Launch applications # Launch applications
"${modifier}+Return" = "exec ${lib.getExe pkgs.foot}"; "${modifier}+Return" = "exec alacritty";
"${modifier}+w" = "exec ${pkgs.xdg-utils}/bin/xdg-open http:"; "${modifier}+w" = "exec ${pkgs.xdg-utils}/bin/xdg-open http:";
"${modifier}+e" = "exec ${pkgs.xdg-utils}/bin/xdg-open ~"; "${modifier}+e" = "exec ${pkgs.xdg-utils}/bin/xdg-open ~";
# Launcher # Rofi
"${modifier}+d" = "exec ${lib.getExe' pkgs.wmenu "wmenu-run"}"; "${modifier}+d" = "exec rofi -show drun -show-icons -icon-theme ${config.gtk.iconTheme.name}";
"${modifier}+Shift+d" = "exec ${lib.getExe pkgs.cliphist} list | ${lib.getExe pkgs.wmenu} -l 10 | ${lib.getExe pkgs.cliphist} decode | ${lib.getExe' pkgs.wl-clipboard "wl-copy"}"; "${modifier}+Shift+d" = "exec ${lib.getExe pkgs.cliphist} list | rofi -dmenu | ${lib.getExe pkgs.cliphist} decode | ${pkgs.wl-clipboard}/bin/wl-copy";
"${modifier}+Shift+Semicolon" = "exec loginctl lock-session"; "${modifier}+Shift+Semicolon" = ''exec rofi -modi "power-menu:rofi-power-menu --confirm=reboot/shutdown" -show power-menu'';
# Screenshot # Screenshot
"Print" = "exec env XDG_SCREENSHOTS_DIR=$HOME/Pictures/Screenshots ${lib.getExe pkgs.sway-contrib.grimshot} --notify savecopy anything"; "${modifier}+Shift+s" = "exec ${screenshot} region";
"Print" = "exec ${screenshot} fullscreen";
"Print+Control" = "exec ${screenshot} swappy";
# Fn keys # Fn keys
"XF86MonBrightnessUp" = "exec ${lib.getExe pkgs.brightnessctl} set 5%+"; "XF86MonBrightnessUp" = "exec ${lib.getExe pkgs.brightnessctl} set 5%+";

5
home/applications/sway/unset-im-module.nix
View file

@ -1,5 +0,0 @@
{lib, ...}: {
options.home.sessionVariables = lib.mkOption {
apply = x: removeAttrs x ["QT_IM_MODULE" "GTK_IM_MODULE"];
};
}

7
home/applications/thunderbird/default.nix
View file

@ -1,12 +1,13 @@
{ {pkgs, ...}: {
programs.thunderbird = { programs.thunderbird = {
enable = true; enable = true;
profiles.default = { profiles.default = {
isDefault = true; isDefault = true;
extraConfig = '' extraConfig = ''
${builtins.readFile (builtins.fetchurl { ${builtins.readFile (pkgs.fetchurl {
# FIXME: IFD
url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/d6b18302e46349d9924c8a76951bae6efca51501/user.js"; url = "https://raw.githubusercontent.com/HorlogeSkynet/thunderbird-user.js/d6b18302e46349d9924c8a76951bae6efca51501/user.js";
sha256 = "sha256-66B1yLQkQnydAUXD7KGt32OhWSYcdWX+BUozrgW9uAg="; hash = "sha256-66B1yLQkQnydAUXD7KGt32OhWSYcdWX+BUozrgW9uAg=";
})} })}
${builtins.readFile ./user-overrides.js} ${builtins.readFile ./user-overrides.js}
''; '';

21
home/applications/tmux/default.nix
View file

@ -1,21 +0,0 @@
{
programs.tmux = {
enable = true;
# value from tmux-sensible, but got overridden by HM (?)
aggressiveResize = true;
escapeTime = 0;
historyLimit = 50000;
baseIndex = 1;
customPaneNavigationAndResize = true;
keyMode = "vi";
mouse = true;
newSession = true;
terminal = "tmux-256color";
extraConfig = ''
set -g set-clipboard on
set -g renumber-windows on
'';
};
}

38
home/applications/zellij/default.nix Normal file
View file

@ -0,0 +1,38 @@
{lib, ...}: {
programs.zellij = {
enable = true;
enableFishIntegration = true;
};
# Unsure about the syntax for defining keybindings in Nix (refer to line 16)
xdg.configFile."zellij/config.kdl".text = lib.mkForce ''
// TODO: Text selection is not displayed due to the use of the same color as
// my terminal background.
theme "tokyo-night-dark"
simplified_ui true
pane_frames false
default_layout "compact"
on_force_close "quit"
mirror_session false
// WORKAROUND: This feature slows down startup speed, and I don't need it anyway.
// See: https://github.com/zellij-org/zellij/issues/1757#issuecomment-1962981641
session_serialization false
keybinds {
normal {
bind "Alt 1" { GoToTab 1; }
bind "Alt 2" { GoToTab 2; }
bind "Alt 3" { GoToTab 3; }
bind "Alt 4" { GoToTab 4; }
bind "Alt 5" { GoToTab 5; }
bind "Alt 6" { GoToTab 6; }
bind "Alt 7" { GoToTab 7; }
bind "Alt 8" { GoToTab 8; }
bind "Alt 9" { GoToTab 9; }
bind "Alt 0" { GoToTab 10; }
}
}
'';
}

7
home/default.nix
View file

@ -38,18 +38,17 @@
./applications/bash ./applications/bash
./applications/bat ./applications/bat
./applications/eza ./applications/eza
./applications/neovim
./applications/fish ./applications/fish
./applications/git ./applications/git
./applications/gpg ./applications/gpg
./applications/neovim ./applications/skim
./applications/starship ./applications/starship
./applications/tealdeer ./applications/tealdeer
./applications/tmux ./applications/zellij
]; ];
programs.jq.enable = true;
programs.ripgrep.enable = true; programs.ripgrep.enable = true;
programs.skim.enable = true;
programs.zoxide.enable = true; programs.zoxide.enable = true;
home.packages = home.packages =
(with pkgs; [ (with pkgs; [

13
hosts/aristotle/README.md Normal file
View file

@ -0,0 +1,13 @@
### About this device
### Hardware
```
$ hostnamectl --json short | jq -r '.HardwareVendor, .HardwareModel'
Lenovo
Lenovo Legion Y7000
```
### Description
My first computer & my main device (as of Feb. 2024).

4
hosts/aristotle/anti-feature.nix
View file

@ -8,7 +8,6 @@
"adoptopenjdk-hotspot-bin" "adoptopenjdk-hotspot-bin"
"cargo-bootstrap" "cargo-bootstrap"
"cef-binary" "cef-binary"
"dart"
"osu-lazer-bin" "osu-lazer-bin"
"rustc-bootstrap" "rustc-bootstrap"
"rustc-bootstrap-wrapper" "rustc-bootstrap-wrapper"
@ -19,14 +18,11 @@
allowUnfree = false; allowUnfree = false;
allowUnfreePredicate = pkg: allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"fcitx5-pinyin-minecraft"
"fcitx5-pinyin-moegirl"
"libXNVCtrl" "libXNVCtrl"
"nvidia-x11" "nvidia-x11"
"osu-lazer-bin" "osu-lazer-bin"
"steam" "steam"
"steam-original" "steam-original"
"steam-run"
"xow_dongle-firmware" "xow_dongle-firmware"
]; ];
}; };

178
hosts/aristotle/default.nix
View file

@ -1,157 +1,59 @@
{pkgs, ...}: { {
pkgs,
inputs,
...
}: {
imports = [ imports = [
../../nixos/profiles/opt-in/mihomo # OS
../../nixos/profiles/opt-in/wireless ../../nixos/profiles/laptop
../../nixos/profiles/common/opt-in/mihomo
../../nixos/profiles/common/opt-in/gaming
./anti-feature.nix # Hardware
./disko.nix
./hardware-configuration.nix ./hardware-configuration.nix
./impermanence.nix ./anti-feature.nix
./lanzaboote.nix ../../nixos/profiles/common/opt-in/lanzaboote.nix
../../nixos/profiles/common/opt-in/impermanence.nix
../../nixos/profiles/common/opt-in/disko.nix
]; ];
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "aristotle"; networking.hostName = "aristotle";
time.timeZone = "Asia/Shanghai"; time.timeZone = "Asia/Shanghai";
_module.args.disks = ["/dev/nvme0n1"]; # Disko
system.stateVersion = "23.11"; system.stateVersion = "23.11";
home-manager.users.guanranwang = import ./home;
services.tailscale = { services.tailscale = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
}; };
environment.systemPackages = with pkgs; [ # Stuff that I only want on my main machine
yubikey-manager home-manager.users.guanranwang = {
localsend imports = map (n: ../../home/applications/${n}) [
]; "thunderbird"
"ydict"
networking.firewall.allowedTCPPorts = [53317];
networking.firewall.allowedUDPPorts = [53317];
programs.adb.enable = true;
programs.anime-game-launcher.enable = true;
programs.seahorse.enable = true;
programs.steam.enable = true;
programs.kdeconnect = {
enable = true;
package = pkgs.valent;
};
services.power-profiles-daemon.enable = true;
services.gvfs.enable = true;
services.gnome = {
gnome-keyring.enable = true;
gnome-online-accounts.enable = true;
sushi.enable = true;
};
# https://wiki.archlinux.org/title/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth
hardware.xone.enable = true; # via wired or wireless dongle
hardware.xpadneo.enable = true; # via Bluetooth
# yubikey
services.pcscd.enable = true;
services.udev.packages = [pkgs.yubikey-personalization];
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
(nerdfonts.override {
fonts = ["NerdFontsSymbolsOnly"];
})
(inter.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/truetype/ InterVariable*.ttf
runHook postInstall
'';
})
(jetbrains-mono.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/truetype/ fonts/variable/*.ttf
runHook postInstall
'';
})
(source-sans.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm444 VF/*.otf -t $out/share/fonts/variable
runHook postInstall
'';
})
(source-serif.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm444 VAR/*.otf -t $out/share/fonts/variable
runHook postInstall
'';
})
source-han-sans-vf-otf
source-han-serif-vf-otf
noto-fonts-color-emoji
]; ];
fontconfig.defaultFonts = {
emoji = [ home.packages = with pkgs;
"Noto Color Emoji" [
]; amberol
# Append emoji font for Qt apps, they might use the monochrome emoji fractal
monospace = [ gnome.gnome-calculator
"JetBrains Mono" hyperfine
"Source Han Sans SC VF" mousai
"Symbols Nerd Font" ]
"Noto Color Emoji" ++ (with inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.scripts; [
]; lofi
sansSerif = [ ]);
"Inter Variable"
"Source Han Sans SC VF" programs.obs-studio.enable = true;
"Noto Color Emoji"
];
serif = [
"Source Serif 4 Variable"
"Source Han Serif SC VF"
"Noto Color Emoji"
];
};
}; };
# polkit # for udev rules
security.polkit.enable = true; programs.adb.enable = true;
# systemd.user.services.polkit-gnome-authentication-agent-1 = {
# description = "polkit-gnome-authentication-agent-1";
# wantedBy = ["graphical-session.target"];
# wants = ["graphical-session.target"];
# after = ["graphical-session.target"];
# serviceConfig = {
# Type = "simple";
# ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
# Restart = "on-failure";
# RestartSec = 1;
# TimeoutStopSec = 10;
# };
# };
# security.pam.services.swaylock = {}; # fucking hell
# xdg.portal = { # FIXME: IFD
# enable = true; programs.anime-game-launcher.enable = true;
# xdgOpenUsePortal = true;
# wlr.enable = true;
# extraPortals = [pkgs.xdg-desktop-portal-gtk];
# # https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
# config."sway" = {
# default = "gtk";
# "org.freedesktop.impl.portal.ScreenCast" = "wlr";
# "org.freedesktop.impl.portal.Screenshot" = "wlr";
# "org.freedesktop.impl.portal.Inhibit" = "none";
# };
# };
### Removes debounce time
# https://www.reddit.com/r/linux_gaming/comments/ku6gth
environment.etc."libinput/local-overrides.quirks".text = ''
[Never Debounce]
MatchUdevType=mouse
ModelBouncingKeys=1
'';
} }

38
hosts/aristotle/hardware-configuration.nix
View file

@ -2,43 +2,17 @@
imports = [ imports = [
inputs.nixpkgs.nixosModules.notDetected inputs.nixpkgs.nixosModules.notDetected
inputs.nixos-hardware.nixosModules.lenovo-legion-y530-15ich inputs.nixos-hardware.nixosModules.lenovo-legion-y530-15ich
inputs.nixos-sensible.nixosModules.zram
]; ];
hardware.nvidia.nvidiaSettings = false;
services.hdapsd.enable = false; services.hdapsd.enable = false;
services.thermald.enable = true; my.hardware = {
audio.enable = true;
security.rtkit.enable = true; bluetooth.enable = true;
hardware.pulseaudio.enable = false; tpm.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
}; };
hardware.bluetooth = {
enable = true;
settings.General.FastConnectable = true;
};
# nouveou
services.xserver.videoDrivers = [];
# novideo
# hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
# hardware.nvidia.nvidiaSettings = false;
# environment.sessionVariables."MOZ_ENABLE_WAYLAND" = "0";
# networking.networkmanager.enable = false;
# services.xserver.desktopManager.gnome.enable = true;
# services.xserver.displayManager.gdm.enable = true;
# # https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1562
# services.udev.extraRules = ''
# ENV{DEVNAME}=="/dev/dri/card1", TAG+="mutter-device-preferred-primary"
# '';
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";

62
hosts/aristotle/home/default.nix
View file

@ -1,62 +0,0 @@
{
pkgs,
inputs,
...
}: {
imports =
[
./theme.nix
./xdg-mime.nix
]
++ map (n: ../../../home/applications/${n}) [
"fcitx5"
"firefox"
"foot"
"go"
"mpv"
"nautilus"
"nix"
"sway"
"thunderbird"
"ydict"
];
# https://wiki.archlinux.org/title/Fish#Start_X_at_login
programs.fish.loginShellInit = ''
if test -z "$DISPLAY" -a "$XDG_VTNR" = 1
exec sway
end
'';
home.packages =
(with pkgs; [
amberol
dconf-editor
file-roller
fractal
gnome-calculator
hyperfine
loupe
mousai
seahorse
(prismlauncher.override {
glfw = glfw-wayland-minecraft;
gamemodeSupport = false;
})
mumble
osu-lazer-bin
])
++ (with inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.scripts; [
lofi
]);
home.sessionVariables = {
# https://github.com/ppy/osu-framework/pull/6292
"OSU_SDL3" = "1";
};
programs.mangohud.enable = true;
programs.obs-studio.enable = true;
services.ssh-agent.enable = true;
}

51
hosts/blacksteel/Caddyfile
View file

@ -1,51 +0,0 @@
(default) {
encode zstd gzip
handle_path /robots.txt {
file_server * {
root /var/www/robots/robots.txt
}
}
}
http://mastodon.ny4.dev:80 {
import default
handle_path /system/* {
file_server * {
root /var/lib/mastodon/public-system
}
}
handle /api/v1/streaming/* {
reverse_proxy unix//run/mastodon-streaming/streaming-1.socket {
header_up X-Forwarded-Proto "https"
}
}
route * {
file_server * {
root @mastodon@/public
pass_thru
}
reverse_proxy * unix//run/mastodon-web/web.socket {
header_up X-Forwarded-Proto "https"
}
}
handle_errors {
root * @mastodon@/public
rewrite 500.html
file_server
}
}
http://matrix.ny4.dev:80 {
import default
reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock
reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock
reverse_proxy /health unix//run/matrix-synapse/synapse.sock
}
http://syncv3.ny4.dev:80 {
import default
reverse_proxy unix//run/matrix-sliding-sync/sync.sock
}

23
hosts/blacksteel/README.md Normal file
View file

@ -0,0 +1,23 @@
# About this device
### Hardware
```
$ hostnamectl --json short | jq -r '.HardwareVendor, .HardwareModel'
Apple Inc.
MacBookPro11,3
```
### Description
Homelab, hosting random stuff through tailscale and rathole.
### TODOs:
- [ ] backlight is always 33% when booted up
- [ ] encrypted swap
- [ ] impermanence
- [ ] luks1 -> luks2
- [ ] tpm luks unlocking
- [ ] nouveau -> nvidia
- [x] networkmanager -> iwd

3
hosts/blacksteel/anti-feature.nix
View file

@ -8,11 +8,13 @@
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"adoptopenjdk-hotspot-bin" "adoptopenjdk-hotspot-bin"
"cargo-bootstrap" "cargo-bootstrap"
"cef-binary"
"minecraft-server" "minecraft-server"
"rustc-bootstrap" "rustc-bootstrap"
"rustc-bootstrap-wrapper" "rustc-bootstrap-wrapper"
"sof-firmware" "sof-firmware"
"temurin-bin" "temurin-bin"
"vscodium"
]; ];
allowUnfree = false; allowUnfree = false;
@ -20,6 +22,7 @@
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"broadcom-sta" "broadcom-sta"
"minecraft-server" "minecraft-server"
"nvidia-x11"
]; ];
}; };
} }

141
hosts/blacksteel/default.nix
View file

@ -2,12 +2,16 @@
pkgs, pkgs,
lib, lib,
config, config,
inputs,
... ...
}: { }: {
imports = [ imports = [
# OS # OS
../../nixos/profiles/opt-in/mihomo # FIXME:
../../nixos/profiles/opt-in/wireless ../../nixos/profiles/common/core
../../nixos/profiles/common/physical
../../nixos/profiles/common/mobile
../../nixos/profiles/common/opt-in/mihomo
# Hardware # Hardware
./hardware-configuration.nix ./hardware-configuration.nix
@ -39,10 +43,6 @@
"mastodon/environment" = { "mastodon/environment" = {
restartUnits = ["mastodon-web.service"]; restartUnits = ["mastodon-web.service"];
}; };
"cloudflared/secret" = {
restartUnits = ["cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41.service"];
owner = config.systemd.services."cloudflared-tunnel-6222a3e0-98da-4325-be19-0f86a7318a41".serviceConfig.User;
};
}; };
}; };
@ -54,41 +54,67 @@
openFirewall = true; openFirewall = true;
}; };
services.cloudflared = { services.frp = {
enable = true; enable = true;
tunnels = { role = "client";
"6222a3e0-98da-4325-be19-0f86a7318a41" = { settings = {
credentialsFile = config.sops.secrets."cloudflared/secret".path; serverAddr = "18.177.132.61"; # TODO: can I use a domain name?
default = "http_status:404"; serverPort = 7000;
ingress = { auth.method = "token";
# TODO: is this safe? auth.token = "p4$m93060THuwtYaF0Jnr(RvYGZkI*Lqvh!kGXNesZCm4JQubMQlFDzr#F7rAycE"; # FIXME: secret!
# browser <-> cloudflare cdn <-> cloudflared <-> caddy <-> mastodon proxies = [
# ^ no tls in this part? {
"mastodon.ny4.dev" = "http://localhost:80"; name = "synapse";
"matrix.ny4.dev" = "http://localhost:80"; type = "tcp";
"syncv3.ny4.dev" = "http://localhost:80"; localIP = "127.0.0.1";
}; localPort = 8100;
}; remotePort = 8600;
}
{
name = "syncv3";
type = "tcp";
localIP = "127.0.0.1";
remotePort = 8700;
plugin = {
type = "unix_domain_socket";
unixPath = "/run/matrix-sliding-sync/sync.sock";
};
}
{
name = "mastodon-web";
type = "tcp";
localIP = "127.0.0.1";
remotePort = 8900;
plugin = {
type = "unix_domain_socket";
unixPath = "/run/mastodon-web/web.socket";
};
}
{
name = "mastodon-streaming";
type = "tcp";
localIP = "127.0.0.1";
remotePort = 9000;
plugin = {
type = "unix_domain_socket";
unixPath = "/run/mastodon-streaming/streaming-1.socket";
};
}
{
name = "mastodon-system";
type = "tcp";
localIP = "127.0.0.1";
remotePort = 9100;
plugin = {
type = "static_file";
localPath = "/var/lib/mastodon/public-system";
};
}
];
}; };
}; };
services.caddy = { systemd.services.frp.serviceConfig.SupplementaryGroups = ["mastodon"];
enable = true;
configFile = pkgs.substituteAll {
src = ./Caddyfile;
inherit (pkgs) mastodon;
};
};
systemd.services.caddy.serviceConfig = {
SupplementaryGroups = ["mastodon" "matrix-synapse"];
};
systemd.tmpfiles.settings = {
"10-www" = {
"/var/www/robots/robots.txt".C.argument = toString ../lightsail-tokyo/robots.txt;
};
};
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -142,7 +168,12 @@
eula = true; eula = true;
openFirewall = true; openFirewall = true;
package = pkgs.minecraftServers.vanilla-1-21; package = pkgs.callPackage "${inputs.nixpkgs}/pkgs/games/minecraft-servers/derivation.nix" {
version = "1.21";
sha1 = "450698d1863ab5180c25d7c804ef0fe6369dd1ba";
url = "https://piston-data.mojang.com/v1/objects/450698d1863ab5180c25d7c804ef0fe6369dd1ba/server.jar";
jre_headless = pkgs.javaPackages.compiler.openjdk21.headless;
};
# Aikar's flag # Aikar's flag
# https://aikar.co/2018/07/02/tuning-the-jvm-g1gc-garbage-collector-flags-for-minecraft/ # https://aikar.co/2018/07/02/tuning-the-jvm-g1gc-garbage-collector-flags-for-minecraft/
@ -190,15 +221,9 @@
services.samba = { services.samba = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
shares = { shares."share" = {
"share" = { path = "/srv/samba/share";
path = "/srv/samba/share"; "read only" = "no";
"read only" = "no";
};
"external" = {
path = "/mnt";
"read only" = "no";
};
}; };
}; };
@ -214,7 +239,6 @@
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
withJemalloc = true; withJemalloc = true;
enableRegistrationScript = false;
extraConfigFiles = [config.sops.secrets."synapse/secret".path]; extraConfigFiles = [config.sops.secrets."synapse/secret".path];
settings = { settings = {
server_name = "ny4.dev"; server_name = "ny4.dev";
@ -222,8 +246,11 @@
presence.enabled = false; # tradeoff presence.enabled = false; # tradeoff
listeners = [ listeners = [
{ {
path = "/run/matrix-synapse/synapse.sock"; port = 8100;
bind_addresses = ["127.0.0.1"];
type = "http"; type = "http";
tls = false;
x_forwarded = true;
resources = [ resources = [
{ {
names = ["client" "federation"]; names = ["client" "federation"];
@ -238,7 +265,7 @@
{ {
idp_id = "keycloak"; idp_id = "keycloak";
idp_name = "id.ny4.dev"; idp_name = "id.ny4.dev";
issuer = "https://id.ny4.dev/realms/ny4"; issuer = "https://id.ny4.dev/realms/master";
client_id = "synapse"; client_id = "synapse";
client_secret_path = config.sops.secrets."synapse/oidc".path; client_secret_path = config.sops.secrets."synapse/oidc".path;
scopes = ["openid" "profile"]; scopes = ["openid" "profile"];
@ -253,24 +280,18 @@
}; };
}; };
systemd.services.matrix-synapse = { systemd.services.matrix-synapse.environment = config.networking.proxy.envVars;
environment = config.networking.proxy.envVars;
serviceConfig.RuntimeDirectory = ["matrix-synapse"];
};
services.matrix-sliding-sync = { services.matrix-sliding-sync = {
enable = true; enable = true;
environmentFile = config.sops.secrets."syncv3/environment".path; environmentFile = config.sops.secrets."syncv3/environment".path;
settings = { settings = {
SYNCV3_SERVER = "/run/matrix-synapse/synapse.sock"; SYNCV3_SERVER = "http://127.0.0.1:8100";
SYNCV3_BINDADDR = "/run/matrix-sliding-sync/sync.sock"; SYNCV3_BINDADDR = "/run/matrix-sliding-sync/sync.sock";
}; };
}; };
systemd.services.matrix-sliding-sync.serviceConfig = { systemd.services.matrix-sliding-sync.serviceConfig.RuntimeDirectory = ["matrix-sliding-sync"];
RuntimeDirectory = ["matrix-sliding-sync"];
SupplementaryGroups = ["matrix-synapse"];
};
services.mastodon = { services.mastodon = {
enable = true; enable = true;
@ -293,7 +314,7 @@
# OIDC_CLIENT_SECRET # EnvironmentFile # OIDC_CLIENT_SECRET # EnvironmentFile
OIDC_DISCOVERY = "true"; OIDC_DISCOVERY = "true";
OIDC_DISPLAY_NAME = "id.ny4.dev"; OIDC_DISPLAY_NAME = "id.ny4.dev";
OIDC_ISSUER = "https://id.ny4.dev/realms/ny4"; OIDC_ISSUER = "https://id.ny4.dev/realms/master";
OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback"; OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback";
OIDC_SCOPE = "openid,profile,email"; OIDC_SCOPE = "openid,profile,email";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";

7
hosts/blacksteel/hardware-configuration.nix
View file

@ -11,9 +11,14 @@
inputs.nixos-hardware.nixosModules.common-hidpi inputs.nixos-hardware.nixosModules.common-hidpi
inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
inputs.nixos-sensible.nixosModules.zram
]; ];
services.thermald.enable = true; my.hardware = {
audio.enable = true;
bluetooth.enable = true;
tpm.enable = true;
};
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.kernelModules = ["kvm-intel" "wl"]; boot.kernelModules = ["kvm-intel" "wl"];

10
hosts/blacksteel/secrets.yaml
View file

@ -1,12 +1,10 @@
synapse: synapse:
secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str] secret: ENC[AES256_GCM,data:H7bHbreE4NmpqXHpkPQ5AkwGOAs97YcQhQZIr5zgK1mgHMTGSbMP57elWMyMAQ3+wCy7x9Jx0H2omrdQh39iG32XoVyyMMoVMQ0OCgFa4O77DHdgG+wrWl7VLWNY,iv:cFbMEqJQG482ShZlpoxRhk7z/y5216WucXfJbkMxuxU=,tag:7iUyMlu2yStLLdkC/V9/DQ==,type:str]
oidc: ENC[AES256_GCM,data:ihiMcrrYvPrNDJ13p6/FbINgh5wxv2vyOYxg0sthipM=,iv:+aESWZLI7/4HWjV7QT94py+zGLbTl+VoSsWdiGNHkjU=,tag:yxxZeDOtzFegCQGQT2HCgA==,type:str] oidc: ENC[AES256_GCM,data:vGQcPcUfbv6II6buEMKELc1+xZ5XccpEeCy3vZx4fdk=,iv:ORok/FXZ9SA54zD1+OhyFnZAPhGpMpTetWYgge2QSwQ=,tag:7DxrruTbenUfI/V6hGYBaw==,type:str]
syncv3: syncv3:
environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str] environment: ENC[AES256_GCM,data:xVBXP3+w38T700OYu6XL1R1I0NWzcKeORWk5GE2lkWS+kooplcQb/wbov40H+DB522cRzCRutMXmrvGVWO86kIH/jT5tq5iWrdxbSKjTxA==,iv:6rtSdSMYtGnZl8WMmqxaCxbDG7SXhKy0LCXJJkorTvU=,tag:3PE5R31oU3ClL7elK/ca0g==,type:str]
mastodon: mastodon:
environment: ENC[AES256_GCM,data:9RjpYXbGo8lBsXKg71Vbp2iTJlvXEGhn8hTl37o8G1E28JWF5Io7+evfqUv+N7QfSk1zbA==,iv:ejfe7f941QB7iiREXx1T9Vej43cW/S9nr03P5lkw9Yg=,tag:odI7xsxoPGBrxd0GnCsnOg==,type:str] environment: ENC[AES256_GCM,data:cEGz8ZEPUmtPXyJx5oB1xOUvya7lSCW4vQKCp6F6WpgakZdrarez0cOzM8VsfNe3lFe6VQ==,iv:17k4EWB4v/79ApfKw5e8FyqJ1zKEn9xxewkrsRbya9A=,tag:dJjVjhEQGjSrxD9FO2hYEw==,type:str]
cloudflared:
secret: ENC[AES256_GCM,data:QXIl0MqreqPH4LP7IQdA5qQCQdizjFixbOHjqQi/3RjYDt9zt0OejW9rIYnkIRyVj4hnkJBqd1ov/VgdSoNmy/iafIgwqwgsMH0e4R9J6n255p3JG3XBmiYry89xXvQ1SXyzWdUF6p3qgevwzjZnKYyYHT9TbLWc/BkTyyA8g1EGg0O1WfDXhq7u9kOPV4CaU1UX1MMpvZQnsV389PJEWYuK,iv:ASGw5dGOuukRREZ8vMLw5hgZmJhDZSJxDqvfWaxXKJk=,tag:75jf48BEDd4uHkb+2LV5Tg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -31,8 +29,8 @@ sops:
bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ bGQ1cytGR09Dd2JoaU5CSW1DL1FVR0kK8F2DoJcnd+T+eQ9h39DtaAGCSpS4wXVJ
hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA== hOZBh9fDeue1PwMWufDJ6KGeR0atPbUjn2w0dquvLEdBjt3Un9rFcA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-21T07:19:43Z" lastmodified: "2024-05-21T10:09:01Z"
mac: ENC[AES256_GCM,data:pKWUM3uhmtrwTOlR2jZauWsGSY1d//z+cojpWLFAAKedGjotLB6cmektyAVRHhw3waiM4WR5+BNZ6ghp7qBrM0z2WanJCdSmXqdyxJEydUC9CCFXZG+7SmIZS+7+/LsqejzdYSAMf9DijN74E1EJVS5F0mHhw8QuRmDy3wU789M=,iv:IrOm1Maz8os9Q/ez+TbOxOTr1zwB1loDVHcPbN8kMvg=,tag:AAKp3OH/s2c7u8lp6vkLVg==,type:str] mac: ENC[AES256_GCM,data:HwZxrU64AQ9icbPWi5E8wQOfVDuSXF9/S9s9BoWpX4yewarKS/k2kRagaW4pBHeL3QUDXxQuTazaLEb06LyWezuS/ij1InCZu4D4DPe7EQ/YfQTDj/r1iCEvo1X2fLuSQ8+H8p5KXy0iV7rZbFLPYY3puYJTVwVJbI3m2rSU9bw=,iv:MzoOmFFTPbfA8FxPRZ2gL4HcYbBWxFJ+LfBB2fL0CSk=,tag:kIqgrNow4u2sbMKijyAKfg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

76
hosts/lightsail-tokyo/Caddyfile
View file

@ -6,8 +6,25 @@
} }
} }
(default) { (header) {
header {
# https://observatory.mozilla.org/analyze/ny4.dev
# https://infosec.mozilla.org/guidelines/web_security
# https://caddyserver.com/docs/caddyfile/directives/header#examples
?Content-Security-Policy "default-src https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'"
?Permissions-Policy interest-Hpcohort=()
?Strict-Transport-Security max-age=31536000;
?X-Content-Type-Options nosniff
?X-Frame-Options DENY
}
}
(compression) {
encode zstd gzip encode zstd gzip
}
(robots) {
handle_path /robots.txt { handle_path /robots.txt {
file_server * { file_server * {
root /var/www/robots/robots.txt root /var/www/robots/robots.txt
@ -15,13 +32,13 @@
} }
} }
www.ny4.dev { (default) {
import default import header
redir https://ny4.dev import compression
import robots
} }
# get the certificate for hysteria www.ny4.dev {
tyo0.ny4.dev {
import default import default
redir https://ny4.dev redir https://ny4.dev
} }
@ -74,6 +91,18 @@ pixiv.ny4.dev {
reverse_proxy unix//run/pixivfe/pixiv.sock reverse_proxy unix//run/pixivfe/pixiv.sock
} }
matrix.ny4.dev {
import default
reverse_proxy /_matrix/* localhost:8600
reverse_proxy /_synapse/client/* localhost:8600
reverse_proxy /health localhost:8600
}
syncv3.ny4.dev {
import default
reverse_proxy localhost:8700
}
id.ny4.dev { id.ny4.dev {
import default import default
reverse_proxy localhost:8800 reverse_proxy localhost:8800
@ -85,17 +114,32 @@ element.ny4.dev {
file_server file_server
} }
mastodon.ny4.dev {
import default
handle_path /system/* {
reverse_proxy localhost:9100
}
handle /api/v1/streaming/* {
reverse_proxy localhost:9000
}
route * {
file_server * {
root @mastodon@/public
pass_thru
}
reverse_proxy * localhost:8900
}
handle_errors {
root * @mastodon@/public
rewrite 500.html
file_server
}
}
git.ny4.dev { git.ny4.dev {
import default import default
reverse_proxy unix//run/forgejo/forgejo.sock reverse_proxy unix//run/forgejo/forgejo.sock
} }
rss.ny4.dev {
import default
reverse_proxy localhost:9300
}
reddit.ny4.dev {
import default
reverse_proxy localhost:9400
}

248
hosts/lightsail-tokyo/default.nix
View file

@ -1,13 +1,14 @@
{ {
modulesPath,
lib, lib,
config, config,
inputs, inputs,
modulesPath,
pkgs, pkgs,
... ...
}: { }: {
imports = [ imports = [
"${modulesPath}/virtualisation/amazon-image.nix" "${modulesPath}/virtualisation/amazon-image.nix"
inputs.nixos-sensible.nixosModules.zram
../../nixos/profiles/server ../../nixos/profiles/server
./anti-feature.nix ./anti-feature.nix
]; ];
@ -26,10 +27,6 @@
# WORKAROUND: # WORKAROUND:
systemd.services."print-host-key".enable = false; systemd.services."print-host-key".enable = false;
# FIXME:
# error: 1 dependencies of derivation '/nix/store/h0wkpjfh0hr1vswyz2f7wk8n03yj0l81-linux-6.10-modules.drv' failed to build
boot.kernelPackages = pkgs.linuxPackages;
### Secrets ### Secrets
sops = { sops = {
secrets = builtins.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) { secrets = builtins.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
@ -42,15 +39,37 @@
"searx/environment" = { "searx/environment" = {
restartUnits = ["searx.service"]; restartUnits = ["searx.service"];
}; };
"miniflux/environment" = { };
restartUnits = ["miniflux.service"];
}; templates = {
"hysteria.yaml".content = ''
tls:
cert: /run/credentials/hysteria.service/cert
key: /run/credentials/hysteria.service/key
masquerade:
type: proxy
proxy:
url: https://ny4.dev/
${config.sops.placeholder."hysteria/auth"}
'';
}; };
}; };
### Services ### Services
networking.firewall.allowedUDPPorts = [443]; # hysteria networking.firewall.allowedUDPPorts = [
networking.firewall.allowedTCPPorts = [80 443]; # caddy # hysteria
443
];
networking.firewall.allowedTCPPorts = [
# caddy
80
443
# frp
7000
];
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-www" = { "10-www" = {
@ -67,12 +86,12 @@
"element" = pkgs.element-web.override { "element" = pkgs.element-web.override {
element-web-unwrapped = pkgs.element-web-unwrapped.overrideAttrs (oldAttrs: { element-web-unwrapped = pkgs.element-web-unwrapped.overrideAttrs (oldAttrs: {
version = "1.11.70"; version = "1.11.69-rc.1";
src = oldAttrs.src.overrideAttrs { src = oldAttrs.src.overrideAttrs {
outputHash = "sha256-UzSqChCa94LqaQpMzwQGPX3G2xxOpP3jp5OvR1iBzRs="; outputHash = "sha256-vL21wTI9qeIhrFdbI0WsehVy0ZLBj9rayuQnTPC7k8g=";
}; };
offlineCache = oldAttrs.offlineCache.overrideAttrs { offlineCache = oldAttrs.offlineCache.overrideAttrs {
outputHash = "sha256-M4FTUtx7vpZIEdu/NM98/zIDGyPOtfocrj29/qChyyQ="; outputHash = "sha256-nZWclW2tEq7vPRPG5zzhYfExVnmPxYDm8DxME5w5ORI=";
}; };
}); });
@ -88,31 +107,23 @@
services.hysteria = { services.hysteria = {
enable = true; enable = true;
settings = { configFile = config.sops.templates."hysteria.yaml".path;
auth = { credentials = [
type = "userpass"; # FIXME: remove hardcoded path
userpass = { "cert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/ny4.dev/ny4.dev.crt"
_secret = "/run/credentials/hysteria.service/auth"; "key:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/ny4.dev/ny4.dev.key"
quote = false; ];
};
};
masquerade = {
type = "proxy";
proxy.url = "https://ny4.dev/";
};
tls = {
cert = "/run/credentials/hysteria.service/cert";
key = "/run/credentials/hysteria.service/key";
};
};
}; };
systemd.services."hysteria".serviceConfig.LoadCredential = [ services.frp = {
# FIXME: remove hardcoded path enable = true;
"auth:${config.sops.secrets."hysteria/auth".path}" role = "server";
"cert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tyo0.ny4.dev/tyo0.ny4.dev.crt" settings = {
"key:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tyo0.ny4.dev/tyo0.ny4.dev.key" bindPort = 7000;
]; auth.method = "token";
auth.token = "p4$m93060THuwtYaF0Jnr(RvYGZkI*Lqvh!kGXNesZCm4JQubMQlFDzr#F7rAycE";
};
};
# `journalctl -u murmur.service | grep Password` # `journalctl -u murmur.service | grep Password`
services.murmur = { services.murmur = {
@ -178,17 +189,16 @@
services.keycloak = { services.keycloak = {
enable = true; enable = true;
settings = { settings = {
cache = "local";
hostname = "id.ny4.dev";
http-host = "127.0.0.1"; http-host = "127.0.0.1";
http-port = 8800; http-port = 8800;
proxy = "edge"; proxy = "edge";
# proxy-headers = "xforwarded"; # FIXME: Key material not provided to setup HTTPS. hostname-strict-backchannel = true;
hostname = "id.ny4.dev";
cache = "local";
}; };
database.passwordFile = toString (pkgs.writeText "password" "keycloak"); database.passwordFile = toString (pkgs.writeText "password" "keycloak");
}; };
# TODO: eventually, use blog homepage
services.homepage-dashboard = { services.homepage-dashboard = {
enable = true; enable = true;
listenPort = 9200; listenPort = 9200;
@ -204,66 +214,80 @@
services = let services = let
getDesc = pkg: pkg.meta.description; getDesc = pkg: pkg.meta.description;
mapAttrsToList' = lib.mapAttrsToList (name: value: {"${name}" = value;}); # also sorts the thing alphabetically in [
in {
mapAttrsToList' { "Services" = [
"Services" = mapAttrsToList' { {
"Mumble" = { "SearXNG" = {
description = "${getDesc pkgs.mumble} (Connect with tyo0.ny4.dev:64738)"; description = getDesc pkgs.searxng;
}; href = "https://searx.ny4.dev";
"Ntfy" = { };
description = getDesc pkgs.ntfy; }
href = "https://ntfy.ny4.dev/"; {
}; "Wastebin" = {
"Redlib" = { description = getDesc pkgs.wastebin;
description = getDesc pkgs.redlib; href = "https://pb.ny4.dev";
href = "https://reddit.ny4.dev/"; };
}; }
"SearXNG" = { {
description = getDesc pkgs.searxng; "Ntfy" = {
href = "https://searx.ny4.dev/"; description = getDesc pkgs.ntfy;
}; href = "https://ntfy.ny4.dev/";
"Wastebin" = { };
description = getDesc pkgs.wastebin; }
href = "https://pb.ny4.dev/"; {
}; "Mumble" = {
}; description = "${getDesc pkgs.mumble} (Connect with ny4.dev:64738)";
"Links" = mapAttrsToList' { };
"Blog".href = "https://blog.ny4.dev/"; }
"Forgejo".href = "https://git.ny4.dev/nyancat"; ];
"GitHub".href = "https://github.com/Guanran928"; }
"Mastodon".herf = "https://mastodon.ny4.dev/@nyancat"; {
"Matrix".href = "https://matrix.to/#/@nyancat:ny4.dev"; "Private stuff" = [
}; {
"Private stuff" = mapAttrsToList' { "Mastodon" = rec {
"Forgejo" = { description = getDesc pkgs.mastodon;
description = getDesc pkgs.forgejo; href = "https://mastodon.ny4.dev/";
href = "https://git.ny4.dev/"; widget.type = "mastodon";
}; widget.url = href;
"Mastodon" = rec { };
description = getDesc pkgs.mastodon; }
href = "https://mastodon.ny4.dev/"; {
widget.type = "mastodon"; "Matrix" = {
widget.url = href; description = getDesc pkgs.element-web;
}; href = "https://element.ny4.dev/";
"Matrix" = { };
description = getDesc pkgs.element-web; }
href = "https://element.ny4.dev/"; {
}; "PixivFE" = {
"Miniflux" = { description = "A privacy respecting frontend for Pixiv.";
description = getDesc pkgs.miniflux; href = "https://pixiv.ny4.dev";
href = "https://rss.ny4.dev/"; };
}; }
"PixivFE" = { {
description = getDesc inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.pixivfe; "Uptime Kuma" = {
href = "https://pixiv.ny4.dev"; description = getDesc pkgs.uptime-kuma;
}; href = "https://uptime.ny4.dev/";
"Uptime Kuma" = { };
description = getDesc pkgs.uptime-kuma; }
href = "https://uptime.ny4.dev/"; {
}; "Forgejo" = {
}; description = getDesc pkgs.forgejo;
}; href = "https://git.ny4.dev/";
};
}
];
}
{
"Links" = [
{"Blog".href = "https://blog.ny4.dev/";}
{"GitHub".href = "https://github.com/Guanran928";}
{"Mastodon".herf = "https://mastodon.ny4.dev/@nyancat";}
{"Matrix".href = "https://matrix.to/#/@root:ny4.dev";}
{"Forgejo".href = "https://git.ny4.dev/nyancat";}
];
}
];
}; };
services.forgejo = { services.forgejo = {
@ -271,10 +295,10 @@
database.type = "postgres"; database.type = "postgres";
settings = { settings = {
server = { server = {
# TODO: whats the difference between this and fcgi+unix
DOMAIN = "git.ny4.dev"; DOMAIN = "git.ny4.dev";
PROTOCOL = "http+unix"; PROTOCOL = "http+unix";
ROOT_URL = "https://git.ny4.dev/"; ROOT_URL = "https://git.ny4.dev/";
SSH_DOMAIN = "tyo0.ny4.dev";
}; };
service = { service = {
@ -283,28 +307,6 @@
}; };
}; };
services.miniflux = {
enable = true;
adminCredentialsFile = config.sops.secrets."miniflux/environment".path;
config = {
LISTEN_ADDR = "127.0.0.1:9300";
BASE_URL = "https://rss.ny4.dev";
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
# OAUTH2_CLIENT_SECRET = "replace_me"; # EnvironmentFile
OAUTH2_REDIRECT_URL = "https://rss.ny4.dev/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.ny4.dev/realms/ny4";
};
};
services.libreddit = {
enable = true;
package = pkgs.redlib;
address = "127.0.0.1";
port = 9400;
};
### Prevents me from bankrupt ### Prevents me from bankrupt
# https://fmk.im/p/shutdown-aws/ # https://fmk.im/p/shutdown-aws/
services.vnstat.enable = true; services.vnstat.enable = true;

30
hosts/lightsail-tokyo/robots.txt
View file

@ -1,3 +1,33 @@
User-agent: Amazonbot
Disallow: /
User-agent: CCBot
Disallow: /
User-agent: ChatGPT-User
Disallow: /
User-agent: Claude-Web
Disallow: /
User-agent: FacebookBot
Disallow: /
User-agent: GPTBot
Disallow: /
User-agent: Google-Extended
Disallow: /
User-agent: Omgilibot
Disallow: /
User-agent: anthopic-ai
Disallow: /
User-agent: cohere-ai
Disallow: /
User-Agent: * User-Agent: *
Disallow: /harming/humans Disallow: /harming/humans
Disallow: /ignoring/human/orders Disallow: /ignoring/human/orders

10
hosts/lightsail-tokyo/secrets.yaml
View file

@ -1,11 +1,9 @@
hysteria: hysteria:
auth: ENC[AES256_GCM,data:cApNP7RrRV+IAqGEhZ4uWQu2U09a0q+bEkW9rdGNJedQF1kykdLFintvmCl4zmJyYOSp8pe+P4xvjmyG1st7F9jhBr/gv9PG30uY1z2GvLKLrKMANosAxq3w6ZhRgUEILsQ=,iv:lAKy/qw1liuoas1P5ZZxssNPCzuV4mZ3i91ctecJVHY=,tag:pSoRRr2jVj2OLchtFQKVsw==,type:str] auth: ENC[AES256_GCM,data:w92q/SYF6PYEIzW26uIgtjI3TU/ljqzbDrXoCCYw3SdIefYVqQOgyhpe/G7tkQIIh0STaTs7YN8NYUxu23dZcq3/0ooZLPZR+f7autHXYVz9vNMRteNCRtrtqzhiAW47LKXtrUxHMirlEESD+18kPxsUK7i2sjbltA==,iv:yK0ht1l46frIpHVTmQxXgvFMhupXEbjhsRlMGxdt9jQ=,tag:q7XFiLxNxTw9rvioJc/bWw==,type:str]
searx: searx:
environment: ENC[AES256_GCM,data:Chtb7yhooCMU+Hfnqdgwpd1w5gI2LZm4cz8d3YRgznjveO/4HOZ54XMdQVDoiC6ukojHfEUxl+3qIG1wi/s29rhxJekHLtWgJ++OUQKW,iv:viGQRoWbaSlRoovBV01Vl/d17eRVeM8CQUHYRWrflNQ=,tag:2QMYVCXON129pRpW3oOQXg==,type:str] environment: ENC[AES256_GCM,data:Chtb7yhooCMU+Hfnqdgwpd1w5gI2LZm4cz8d3YRgznjveO/4HOZ54XMdQVDoiC6ukojHfEUxl+3qIG1wi/s29rhxJekHLtWgJ++OUQKW,iv:viGQRoWbaSlRoovBV01Vl/d17eRVeM8CQUHYRWrflNQ=,tag:2QMYVCXON129pRpW3oOQXg==,type:str]
pixivfe: pixivfe:
environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str] environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str]
miniflux:
environment: ENC[AES256_GCM,data:eT1rVeXbDANk/+9xmxmTHvMNofyplNGvVFgTj4lFQlJSHTi+br1qfg0tddf5aCtE8cNGt0fNm63qguI2Df/+KWENhb0vCpjRG7zryfBhEwMP5jkVgDnaHYolS1z3OmhlEpE=,iv:tWAUCtlk8wDGWGmn7j00QOVwjPYDkTPDGpyxd1pP6ig=,tag:gLNdzK9GZ/m5mWL5YNrzyQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -30,8 +28,8 @@ sops:
R1ZMMG1jWnljNWl5Nk5MU3RCMlFPYjgKL1ScxzF0D1R18H+oe6dlxUGlL9myHEr3 R1ZMMG1jWnljNWl5Nk5MU3RCMlFPYjgKL1ScxzF0D1R18H+oe6dlxUGlL9myHEr3
3HBPoapKCSQ/cT7Xma4bsWD1AVJIf1Ak+MeCs9ItGwKAcnd9JYZ9KA== 3HBPoapKCSQ/cT7Xma4bsWD1AVJIf1Ak+MeCs9ItGwKAcnd9JYZ9KA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-18T09:46:47Z" lastmodified: "2024-05-15T07:19:59Z"
mac: ENC[AES256_GCM,data:EJsQO/XsF8SpyEP8s9u1DXQkSsqodknF9ibl94/kOOIutx9ML+L0ltYA3+/eW17K9Mwvy6CyojKiQLiYgL2RLJd1zxZKedmp+l3klu1im8Wocwh073nemHIR1J6H5hoE6y36tDCXRrMDbWIfMjvlp6FlhFsI/n3Na1iCDall6mA=,iv:O9Y0j5G3sE67Bfz0MhcPYYpU71cGgtIdde8a1WQiigs=,tag:eNIvBVu7LPnC5s2f3MzptQ==,type:str] mac: ENC[AES256_GCM,data:kaOXFVuCPG0enPjvhJRWyHqOrVnlm1+ifFd/ore3WbB0IjDvC3UAuPHQEG/V/wZJOgqx/BmaL31GQWuHHDYgeRqjmcmCFofI4262fuf4XAaCS/vkZCRGTUgqQxmLNBpGNRMxy+Oyk2wCW92Q9HOJl7Suc8snufdext3Nn7AL+TA=,iv:8n6tNsHnwF8iGyTGo15MrpHfWkY4Fuu/Q3DfCFQgGv4=,tag:EbiACYHI14GMQhIBudzgzw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.8.1

1
hosts/enchilada/default.nix → hosts/socrates/default.nix
View file

@ -8,7 +8,6 @@
environment.packages = with pkgs; [ environment.packages = with pkgs; [
git git
openssh openssh
curl
diffutils diffutils
findutils findutils

21
hosts/socrates/robotnix/disable-gapps.patch Normal file
View file

@ -0,0 +1,21 @@
---
lineage_socrates.mk | 3 ---
1 file changed, 3 deletions(-)
diff --git a/lineage_socrates.mk b/lineage_socrates.mk
index c3e5c0a..f9f0f74 100644
--- a/lineage_socrates.mk
+++ b/lineage_socrates.mk
@@ -14,9 +14,6 @@ $(call inherit-product, vendor/lineage/config/common_full_phone.mk)
# Inherit device configurations
$(call inherit-product, device/xiaomi/socrates/device.mk)
-# Inherit from Gapps
-$(call inherit-product, vendor/gapps/arm64/arm64-vendor.mk)
-
## Device identifier
PRODUCT_DEVICE := socrates
PRODUCT_NAME := lineage_socrates
--
2.44.0

130
hosts/socrates/robotnix/flake.lock Normal file
View file

@ -0,0 +1,130 @@
{
"nodes": {
"androidPkgs": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1638562808,
"narHash": "sha256-nnGyBugMQo9WweTgpfPbJu0fHnRtxvsPQ9el2D3wPrY=",
"owner": "tadfisher",
"repo": "android-nixpkgs",
"rev": "a191ab6adb019b09d3bb919bb98dca31d83519d5",
"type": "github"
},
"original": {
"owner": "tadfisher",
"ref": "stable",
"repo": "android-nixpkgs",
"type": "github"
}
},
"devshell": {
"locked": {
"lastModified": 1637575296,
"narHash": "sha256-ZY8YR5u8aglZPe27+AJMnPTG6645WuavB+w0xmhTarw=",
"owner": "numtide",
"repo": "devshell",
"rev": "0e56ef21ba1a717169953122c7415fa6a8cd2618",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1637841632,
"narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgsUnstable": {
"locked": {
"lastModified": 1638376152,
"narHash": "sha256-ucgLpVqhFnClH7YRUHBHnmiOd82RZdFR3XJt36ks5fE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1638371214,
"narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a640d8394f34714578f3e6335fc767d0755d78f9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"robotnix": {
"inputs": {
"androidPkgs": "androidPkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgsUnstable": "nixpkgsUnstable"
},
"locked": {
"lastModified": 1699510635,
"narHash": "sha256-OpScLedUNJ6xyEyd5PeAMNKaoi8LMI7RT1lzXPp+UaY=",
"owner": "danielfullmer",
"repo": "robotnix",
"rev": "f941a20537384418c22000f6e6487c92441e0a7f",
"type": "github"
},
"original": {
"owner": "danielfullmer",
"repo": "robotnix",
"type": "github"
}
},
"root": {
"inputs": {
"robotnix": "robotnix"
}
}
},
"root": "root",
"version": 7
}

49
hosts/socrates/robotnix/flake.nix Normal file
View file

@ -0,0 +1,49 @@
{
description = "Build LineageOS for Redmi K60 Pro";
inputs.robotnix.url = "github:danielfullmer/robotnix";
outputs = inputs: {
packages.x86_64-linux.default = inputs.self.robotnixConfigurations."socrates".img;
robotnixConfigurations."socrates" = inputs.robotnix.lib.robotnixSystem ({pkgs, ...}: {
device = "socrates";
flavor = "lineageos";
androidVersion = 14;
apps.chromium.enable = false;
webview.chromium.enable = false;
ccache.enable = true;
source.dirs."device/xiaomi/socrates".src = pkgs.fetchFromGitHub {
owner = "danielml3";
repo = "android_device_xiaomi_socrates";
rev = "8b48a7a18b8db76d7122ca6e1b5bde8765d16665"; # lineage-21
hash = "sha256-pQIbxpZhaxc7nI8Pl8sjG3kmvD3ComFDowjcKb9eZRo=";
};
source.dirs."device/xiaomi/socrates-kernel".src = pkgs.fetchFromGitHub {
owner = "danielml3";
repo = "android_device_xiaomi_socrates";
rev = "60cd3aebf59cdf96366e8e4a8a1e2887f7d4d063"; # lineage-21-kernel
hash = "sha256-i5QtxvApvGk24WeH6i6nC6jhS2jL2BolRUr/M02y6lc=";
};
source.dirs."hardware/xiaomi".src = pkgs.fetchFromGitHub {
owner = "LineageOS";
repo = "android_hardware_xiaomi";
rev = "4453055456bb452830144d9526342b032289495e"; # lineage-21
hash = "sha256-kQoHGKsa5L+usIChTMm63P85N8ZGofcllE4Hybf7itA=";
};
# TODO:
source.dirs."vendor/xiaomi/socrates".src = pkgs.fetchFromGitHub {
owner = "kmiit";
repo = "android_vendor_xiaomi_socrates";
rev = "";
hash = "";
};
});
};
}

7
nixos/modules/default.nix
View file

@ -1,5 +1,12 @@
{...}: { {...}: {
imports = [ imports = [
# utils that is used internally
./my/boot.nix
./my/hardware/audio.nix
./my/hardware/bluetooth.nix
./my/hardware/tpm.nix
# nixpkgs styled options
./services/hysteria.nix ./services/hysteria.nix
./services/pixivfe.nix ./services/pixivfe.nix
./services/rathole.nix ./services/rathole.nix

29
nixos/modules/my/boot.nix Normal file
View file

@ -0,0 +1,29 @@
{
config,
lib,
...
}: let
cfg = config.my.boot;
in {
options = {
my.boot = {
silentBoot = lib.mkEnableOption "silent boot";
noLoaderMenu = lib.mkEnableOption "" // {description = "Whether to disable bootloader menu.";};
};
};
config = {
### cfg.noLoaderMenu
boot.loader.timeout = lib.mkIf cfg.noLoaderMenu 0;
### cfg.silentBoot
boot.consoleLogLevel = lib.mkIf cfg.silentBoot 0;
boot.kernelParams =
lib.mkIf cfg.silentBoot
(["quiet"]
++ lib.optionals config.boot.initrd.systemd.enable [
"systemd.show_status=auto"
"rd.udev.log_level=3"
]);
};
}

24
nixos/modules/my/hardware/audio.nix Normal file
View file

@ -0,0 +1,24 @@
{
lib,
config,
...
}: let
cfg = config.my.hardware.audio;
in {
options = {
my.hardware.audio.enable = lib.mkEnableOption "audio";
};
# https://nixos.wiki/wiki/PipeWire
config = lib.mkIf cfg.enable {
security.rtkit.enable = true;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
}

21
nixos/modules/my/hardware/bluetooth.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.my.hardware.bluetooth;
in {
options = {
my.hardware.bluetooth.enable = lib.mkEnableOption "bluetooth";
};
# https://nixos.wiki/wiki/Bluetooth
config = lib.mkIf cfg.enable {
environment.systemPackages = lib.mkIf config.services.xserver.enable (with pkgs; [blueberry]);
hardware.bluetooth = {
enable = true;
settings.General.FastConnectable = true;
};
};
}

20
nixos/modules/my/hardware/tpm.nix Normal file
View file

@ -0,0 +1,20 @@
{
lib,
config,
...
}: let
cfg = config.my.hardware.tpm;
in {
options = {
my.hardware.tpm.enable = lib.mkEnableOption "TPM";
};
# https://nixos.wiki/wiki/TPM
config = lib.mkIf cfg.enable {
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
};
}

45
nixos/modules/services/hysteria.nix
View file

@ -1,12 +1,10 @@
{ {
pkgs,
config, config,
lib, lib,
pkgs,
utils,
... ...
}: let }: let
cfg = config.services.hysteria; cfg = config.services.hysteria;
settingsFormat = pkgs.formats.json {};
in { in {
options.services.hysteria = { options.services.hysteria = {
enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy"; enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy";
@ -19,39 +17,54 @@ in {
description = "Whether to use Hysteria as a client or a server."; description = "Whether to use Hysteria as a client or a server.";
}; };
settings = lib.mkOption { configFile = lib.mkOption {
type = lib.types.submodule { default = null;
freeformType = settingsFormat.type; type = lib.types.nullOr lib.types.path;
}; description = "Configuration file to use.";
default = {}; };
credentials = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = lib.literalExpression ''
[
"cert:/tmp/certificate.crt"
"key:/tmp/private-key.key"
];
'';
description = '' description = ''
The Hysteria configuration, see https://hysteria.network/ for documentation. Extra credentials loaded by systemd, you can access them by `/run/credentials/hysteria.service/foobar`.
Options containing secret data should be set to an attribute set See `systemd.exec(5)` for more information.
containing the attribute `_secret` - a string pointing to a file
containing the value the option should be set to.
Ignored when `services.hysteria.configFile` is set.
''; '';
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.configFile != null;
message = "A configuration file is required for Hysteria";
}
];
systemd.services."hysteria" = { systemd.services."hysteria" = {
description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy."; description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy.";
documentation = ["https://hysteria.network/"]; documentation = ["https://hysteria.network/"];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network-online.target"]; after = ["network-online.target"];
wants = ["network-online.target"]; wants = ["network-online.target"];
preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/private/hysteria/config.json"; restartTriggers = [cfg.configFile];
serviceConfig = { serviceConfig = {
ExecStart = lib.concatStringsSep " " [ ExecStart = lib.concatStringsSep " " [
(lib.getExe cfg.package) (lib.getExe cfg.package)
cfg.mode cfg.mode
"--config /var/lib/private/hysteria/config.json" "--disable-update-check"
"--config $\{CREDENTIALS_DIRECTORY}/config.yaml" # TODO: support other formats
]; ];
DynamicUser = true; DynamicUser = true;
StateDirectory = "hysteria"; StateDirectory = "hysteria";
LoadCredential = ["config.yaml:${cfg.configFile}"] ++ cfg.credentials;
### Hardening ### Hardening
AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"]; AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW"];

12
pkgs/pixivfe.nix → nixos/modules/services/pixivfe-pkg.nix
View file

@ -18,22 +18,18 @@ buildGoModule rec {
vendorHash = "sha256-QapDR964Tn+RxXdkGqCQXacdmlSapF841Y84n4d/6VI="; vendorHash = "sha256-QapDR964Tn+RxXdkGqCQXacdmlSapF841Y84n4d/6VI=";
ldflags = [ ldflags = ["-s" "-w"];
"-s"
"-w"
];
nativeBuildInputs = [makeBinaryWrapper]; nativeBuildInputs = [makeBinaryWrapper];
# PixivFE require files from source code
postInstall = '' postInstall = ''
mkdir -p $out/share/pixivfe
cp -r ./views/ $out/share/pixivfe/views
wrapProgram $out/bin/pixivfe \ wrapProgram $out/bin/pixivfe \
--chdir $out/share/pixivfe --chdir ${src}
''; '';
meta = { meta = {
description = "Privacy respecting frontend for Pixiv"; description = "A privacy respecting frontend for Pixiv";
homepage = "https://codeberg.org/VnPower/PixivFE"; homepage = "https://codeberg.org/VnPower/PixivFE";
license = lib.licenses.agpl3Only; license = lib.licenses.agpl3Only;
mainProgram = "pixivfe"; mainProgram = "pixivfe";

10
nixos/modules/services/pixivfe.nix
View file

@ -1,8 +1,7 @@
{ {
lib,
config,
inputs,
pkgs, pkgs,
config,
lib,
... ...
}: let }: let
cfg = config.services.pixivfe; cfg = config.services.pixivfe;
@ -10,7 +9,10 @@ in {
options.services.pixivfe = { options.services.pixivfe = {
enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv"; enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv";
package = lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe" {}; # package = lib.mkPackageOption pkgs "pixivfe" {};
package = lib.mkOption {
default = pkgs.callPackage ./pixivfe-pkg.nix {};
};
openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function"; openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function";

44
nixos/profiles/core/default.nix → nixos/profiles/common/core/default.nix
View file

@ -7,10 +7,10 @@
}: { }: {
imports = imports =
[ [
./hardening.nix ./hardening
./networking.nix ./networking
./nix.nix ./nix
"${inputs.srvos}/nixos/common/well-known-hosts.nix" ./fun.nix
] ]
++ (with inputs; [ ++ (with inputs; [
aagl.nixosModules.default aagl.nixosModules.default
@ -19,7 +19,6 @@
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
nixos-sensible.nixosModules.default nixos-sensible.nixosModules.default
nixos-sensible.nixosModules.zram
nur.nixosModules.nur nur.nixosModules.nur
self.nixosModules.default self.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -29,14 +28,16 @@
inputs.self.overlays.patches inputs.self.overlays.patches
]; ];
### home-manager
home-manager.users.guanranwang = import ../../../../home;
home-manager = { home-manager = {
users.guanranwang = import ../../../home;
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ??? extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
}; };
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
### Default Programs ### Default Programs
# In addition of https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/config/system-path.nix # In addition of https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/config/system-path.nix
@ -85,27 +86,22 @@
programs.dconf.enable = true; programs.dconf.enable = true;
programs.fish.enable = true; programs.fish.enable = true;
programs.command-not-found.enable = false; users.groups."nix-access-tokens" = {};
environment.stub-ld.enable = false; nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
documentation = {
doc.enable = false;
info.enable = false;
nixos.enable = false;
};
# https://github.com/NixOS/nixpkgs/pull/308801
# nixos/switch-to-configuration: add new implementation
system.switch = {
enable = false;
enableNg = true;
};
### sops-nix ### sops-nix
sops = { sops = {
defaultSopsFile = ../../../secrets.yaml; defaultSopsFile = ../../../../secrets.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
gnupg.sshKeyPaths = []; gnupg.sshKeyPaths = [];
secrets."hashed-passwd".neededForUsers = true; secrets = {
"hashed-passwd" = {
neededForUsers = true;
};
"nix-access-tokens" = {
group = config.users.groups."nix-access-tokens".name;
mode = "0440";
};
};
}; };
} }

24
nixos/profiles/common/core/fun.nix Normal file
View file

@ -0,0 +1,24 @@
{
lib,
config,
...
}: {
options = {
system.nixos.codeName = lib.mkOption {readOnly = false;};
};
config = {
# https://github.com/NixOS/nixpkgs/issues/315574
system.nixos.codeName = "";
services.getty.greetingLine = let
inherit (config.system) nixos;
in ''
NixOS ${nixos.label} ${nixos.codeName} (\m) - \l
${lib.strings.optionalString (builtins.elem "nvidia" config.services.xserver.videoDrivers)
"--my-next-gpu-wont-be-nvidia"}
${lib.strings.optionalString (builtins.elem "amdgpu" config.boot.initrd.kernelModules)
"[ 5.996722] amdgpu 0000:67:00.0: Fatal error during GPU init"}
'';
};
}

13
nixos/profiles/core/hardening.nix → nixos/profiles/common/core/hardening/default.nix
View file

@ -1,6 +1,15 @@
{ {...}: {
### Basic hardening
# ref: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
# ref: https://madaidans-insecurities.github.io/guides/linux-hardening.html
imports = [
./sysctl.nix
];
environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
security.sudo.execWheelOnly = true; security.apparmor.enable = true;
security.sudo-rs.enable = true;
security.sudo-rs.execWheelOnly = true;
boot.blacklistedKernelModules = [ boot.blacklistedKernelModules = [
# Obscure network protocols # Obscure network protocols

50
nixos/profiles/common/core/hardening/sysctl.nix Normal file
View file

@ -0,0 +1,50 @@
{
boot.kernel.sysctl = {
### https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
# Kernel self-protection
"kernel.kptr_restrict" = "2";
"kernel.dmesg_restrict" = "1";
"kernel.printk" = "3 3 3 3"; #
"kernel.unprivileged_bpf_disabled" = "1";
"net.core.bpf_jit_harden" = "2";
"dev.tty.ldisc_autoload" = "0";
"vm.unprivileged_userfaultfd" = "0";
"kernel.kexec_load_disabled" = "1";
"kernel.sysrq" = "4"; #
#"kernel.unprivileged_userns_clone" = "0"; # does not exist on nixos
"kernel.perf_event_paranoid" = "3";
# Network
"net.ipv4.tcp_syncookies" = "1";
"net.ipv4.tcp_rfc1337" = "1";
"net.ipv4.conf.all.rp_filter" = "1";
"net.ipv4.conf.default.rp_filter" = "1";
"net.ipv4.conf.all.accept_redirects" = "0";
"net.ipv4.conf.default.accept_redirects" = "0";
"net.ipv4.conf.all.secure_redirects" = "0";
"net.ipv4.conf.default.secure_redirects" = "0";
"net.ipv6.conf.all.accept_redirects" = "0";
"net.ipv6.conf.default.accept_redirects" = "0";
"net.ipv4.conf.all.send_redirects" = "0";
"net.ipv4.conf.default.send_redirects" = "0";
"net.ipv4.icmp_echo_ignore_all" = "1";
"net.ipv4.conf.all.accept_source_route" = "0";
"net.ipv4.conf.default.accept_source_route" = "0";
"net.ipv6.conf.all.accept_source_route" = "0";
"net.ipv6.conf.default.accept_source_route" = "0";
"net.ipv6.conf.all.accept_ra" = "0";
"net.ipv6.conf.default.accept_ra" = "0";
"net.ipv4.tcp_sack" = "0";
"net.ipv4.tcp_dsack" = "0";
"net.ipv4.tcp_fack" = "0";
# User Space
"kernel.yama.ptrace_scope" = "2";
"vm.mmap_rnd_bits" = "32";
"vm.mmap_rnd_compat_bits" = "16";
"fs.protected_symlinks" = "1";
"fs.protected_hardlinks" = "1";
"fs.protected_fifos" = "2";
"fs.protected_regular" = "2";
};
}

18
nixos/profiles/common/core/networking/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
config,
...
}: {
networking.wireless.iwd.enable = lib.mkDefault true;
services.resolved.enable = true;
sops.secrets."wireless/wangxiaobo".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/wangxiaobo.psk";
sops.secrets."wireless/OpenWrt".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/OpenWrt.psk";
### https://wiki.archlinux.org/title/Sysctl#Improving_performance
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.core.default_qdisc" = "cake";
"net.ipv4.tcp_congestion_control" = "bbr";
};
}

8
nixos/profiles/common/core/nix/default.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
imports = [
./flake.nix
./nix.nix
./gc.nix
#./monitor.nix
];
}

27
nixos/profiles/common/core/nix/flake.nix Normal file
View file

@ -0,0 +1,27 @@
# ref: https://github.com/Misterio77/nix-config/blob/main/hosts/common/global/nix.nix
{
pkgs,
inputs,
lib,
...
}: {
# Enable Flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
# Disable nix-channel
nix.channel.enable = false;
# Disable flake-registry
nix.settings.flake-registry = "";
# Add each flake input as a registry
# To make nix3 commands consistent with the flake
nix.registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# Install Git
environment.systemPackages = [pkgs.git];
# Does not work with Flake based configurations
system.copySystemConfiguration = false;
programs.command-not-found.enable = false;
}

19
nixos/profiles/common/core/nix/gc.nix Normal file
View file

@ -0,0 +1,19 @@
{
nix = {
### Auto hard linking
settings.auto-optimise-store = true;
### Automatically delete older NixOS builds
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
### optimiser
optimise = {
automatic = true;
dates = ["03:45"];
};
};
}

48
nixos/profiles/common/core/nix/nix.nix Normal file
View file

@ -0,0 +1,48 @@
{config, ...}: {
nix.settings = {
substituters =
{
"Asia/Shanghai" = [
"https://mirror.sjtu.edu.cn/nix-channels/store" # SJTU - 上海交通大学 Mirror
"https://mirrors.ustc.edu.cn/nix-channels/store" # USTC - 中国科学技术大学 Mirror
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" # TUNA - 清华大学 Mirror
];
}
.${config.time.timeZone}
or []
++ [
"https://nix-community.cachix.org"
"https://cache.garnix.io"
# Personal cachix-s
"https://berberman.cachix.org"
"https://guanran928.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"berberman.cachix.org-1:UHGhodNXVruGzWrwJ12B1grPK/6Qnrx2c3TjKueQPds="
"guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c="
];
trusted-users = ["@wheel"];
experimental-features = ["auto-allocate-uids" "cgroups"];
auto-allocate-uids = true;
builders-use-substitutes = true;
use-cgroups = true;
use-xdg-base-directories = true;
};
documentation = {
doc.enable = false;
info.enable = false;
nixos.enable = false;
};
# https://github.com/NixOS/nixpkgs/pull/308801
# nixos/switch-to-configuration: add new implementation
system.switch = {
enable = false;
enableNg = true;
};
}

92
nixos/profiles/common/graphical/default.nix Normal file
View file

@ -0,0 +1,92 @@
{
pkgs,
lib,
...
}: {
### home-manager
home-manager.users.guanranwang = import ./home;
# plymouth
#boot.plymouth.enable = true;
# xserver
services.xserver = {
enable = true;
excludePackages = with pkgs; [xterm];
displayManager.startx.enable = true;
};
# gnome keyring
programs.seahorse.enable = true;
# polkit
security.polkit.enable = true;
environment.systemPackages = with pkgs; [polkit_gnome];
systemd.user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = ["graphical-session.target"];
wants = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
### Options
my.boot.noLoaderMenu = lib.mkDefault true;
fonts.enableDefaultPackages = false;
security.pam.services.swaylock = {};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
wlr.enable = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
# https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
config."sway" = {
default = "gtk";
"org.freedesktop.impl.portal.ScreenCast" = "wlr";
"org.freedesktop.impl.portal.Screenshot" = "wlr";
"org.freedesktop.impl.portal.Inhibit" = "none";
};
};
services = {
gvfs.enable = true;
gnome = {
gnome-keyring.enable = true;
sushi.enable = true;
gnome-online-accounts.enable = true;
};
};
programs = {
kdeconnect = {
enable = true;
#package = pkgs.gnomeExtensions.gsconnect;
package = pkgs.valent;
};
};
services.libinput = {
touchpad = {
accelProfile = "flat";
naturalScrolling = true;
middleEmulation = false;
};
mouse = {
accelProfile = "flat";
naturalScrolling = true;
middleEmulation = false;
};
};
### Removes debounce time
# https://www.reddit.com/r/linux_gaming/comments/ku6gth
environment.etc."libinput/local-overrides.quirks".text = ''
[Never Debounce]
MatchUdevType=mouse
ModelBouncingKeys=1
'';
}

40
nixos/profiles/common/graphical/home/default.nix Normal file
View file

@ -0,0 +1,40 @@
{pkgs, ...}: {
imports =
[
./fonts
./theme.nix
./xdg-mime.nix
]
++ map (n: ../../../../../home/applications/${n}) [
"alacritty"
"fcitx5"
"firefox"
"go"
"mpv"
"nautilus"
"nix"
"sway"
];
# https://wiki.archlinux.org/title/Fish#Start_X_at_login
programs.fish.loginShellInit = ''
if test -z "$DISPLAY" -a "$XDG_VTNR" = 1
exec sway
end
'';
home.packages =
(with pkgs; [
loupe
])
++ (with pkgs.gnome; [
seahorse
file-roller
gnome-calculator
dconf-editor
]);
services = {
ssh-agent.enable = true;
};
}

71
nixos/profiles/common/graphical/home/fonts/default.nix Normal file
View file

@ -0,0 +1,71 @@
{pkgs, ...}: {
# WARN: I don't know fontconfig and I have no idea what am I doing. Please do not use as reference.
xdg.configFile = {
"fontconfig/fonts.conf".source = ./fonts.conf;
"fontconfig/conf.d/10-web-ui-fonts.conf".source = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/lilydjwg/dotconfig/1b22d4f0740bb5bbd7c65b6c468920775171b207/fontconfig/web-ui-fonts.conf";
hash = "sha256-A4DcV6HTW/IRxXN3NaI1GUfoFdalwgFLpCjgbWENdZU=";
};
"fontconfig/conf.d/10-source-han-for-noto-cjk.conf".source = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/lilydjwg/dotconfig/1b22d4f0740bb5bbd7c65b6c468920775171b207/fontconfig/source-han-for-noto-cjk.conf";
hash = "sha256-jcdDr5VW1qZXbApgfT5FZgxonpRnLs9AY0QagfdL8ic=";
postFetch = ''
substitutionInPlace $out \
--replace-warn "Source Han Sans" "Source Han Sans VF" \
--replace-warn "Source Han Serif" "Source Han Serif VF"
'';
};
"fontconfig/conf.d/10-nerd-font-symbols.conf".source = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/ryanoasis/nerd-fonts/${pkgs.nerdfonts.version}/10-nerd-font-symbols.conf";
hash = "sha256-XwJMkcDtGlI+LFMrjCl/gicAnoBWnq3p9adrmieNZwU=";
};
};
# Make GTK listen to fontconfig
dconf.settings = {
"org/gnome/desktop/wm/preferences" = {
"titlebar-font" = "Sans Bold";
};
"org/gnome/desktop/interface" = {
"font-name" = "Sans";
"document-font-name" = "Sans";
"monospace-font-name" = "Monospace";
};
};
# HM managed fonts
#
# The reason I use Source Han instead of Noto CJK,
# is because I heard from #archlinux-cn, Adobe packages font better.
# You can 100% use noto-fonts-cjk-{sans,serif} if you prefer consistency/other reason.
#
# Using VF to reduce closure size:
# Version 1579 -> 1580:
# home-manager: -10.4 KiB
# inter: -12695.6 KiB
# jetbrains-mono: -7621.0 KiB
fonts.fontconfig.enable = true;
home.packages = with pkgs; [
(nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];})
(inter.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/truetype/ InterVariable*.ttf
runHook postInstall
'';
})
(jetbrains-mono.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/truetype/ fonts/variable/*.ttf
runHook postInstall
'';
})
noto-fonts
noto-fonts-color-emoji
source-han-sans-vf-otf
source-han-serif-vf-otf
];
}

112
nixos/profiles/common/graphical/home/fonts/fonts.conf Normal file
View file

@ -0,0 +1,112 @@
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<its:rules version="1.0" xmlns:its="http://www.w3.org/2005/11/its">
<its:translateRule selector="/fontconfig/*[not(self::description)]" translate="no"/>
</its:rules>
<description>trash Font Config 4.0</description>
<match target="font">
<!-- <edit mode="assign" name="antialias"> <bool>true</bool></edit> --> <!-- breaks emoji in GTK, unsure why -->
<edit mode="assign" name="hinting"> <bool>true</bool></edit>
<edit mode="assign" name="hintstyle"> <const>hintslight</const></edit>
<edit mode="assign" name="autohint"> <bool>false</bool></edit>
<edit mode="assign" name="embeddedbitmap"> <bool>false</bool></edit>
<edit mode="assign" name="lcdfilter"> <const>lcddefault</const></edit>
<edit mode="assign" name="rgba"> <const>rgb</const></edit>
</match>
<!-- Default fonts -->
<alias binding="strong">
<family>serif</family>
<prefer>
<family>Source Han Serif SC VF</family>
<family>Noto Color Emoji</family>
</prefer>
</alias>
<alias binding="strong">
<family>sans-serif</family>
<prefer>
<family>Inter Variable</family>
<family>Source Han Sans SC VF</family>
<family>Noto Color Emoji</family>
</prefer>
</alias>
<alias binding="strong">
<family>monospace</family>
<prefer>
<family>JetBrains Mono</family>
<family>Source Han Sans SC VF</family>
<family>Noto Color Emoji</family>
</prefer>
</alias>
<alias binding="strong">
<family>system-ui</family>
<prefer>
<family>Inter Variable</family>
<family>Source Han Sans SC VF</family>
<family>Noto Color Emoji</family>
</prefer>
</alias>
<!-- Rebind unliked/old fonts -->
<!-- Sans -->
<match target="pattern">
<test name="family" qual="any"><string>Microsoft YaHei</string></test>
<edit name="family" binding="same" mode="assign"><string>sans-serif</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>SimHei</string></test>
<edit name="family" binding="same" mode="assign"><string>sans-serif</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>WenQuanYi Zen Hei</string></test>
<edit name="family" binding="same" mode="assign"><string>sans-serif</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>WenQuanYi Micro Hei</string></test>
<edit name="family" binding="same" mode="assign"><string>sans-serif</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>WenQuanYi Micro Hei Light</string></test>
<edit name="family" binding="same" mode="assign"><string>sans-serif</string></edit>
</match>
<!-- Serif -->
<match target="pattern">
<test name="family" qual="any"><string>SimSun</string></test>
<edit name="family" binding="same" mode="assign"><string>serif</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>SimSun-18030</string></test>
<edit name="family" binding="same" mode="assign"><string>serif</string></edit>
</match>
<!-- Monospace -->
<match target="pattern">
<test name="family" qual="any"><string>Liberation Mono</string></test>
<edit name="family" binding="same" mode="assign"><string>monospace</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>SF Mono</string></test>
<edit name="family" binding="same" mode="assign"><string>monospace</string></edit>
</match>
<match target="pattern">
<test name="family" qual="any"><string>Noto Sans Mono</string></test>
<edit name="family" binding="same" mode="assign"><string>monospace</string></edit>
</match>
<!-- Reject DejaVu Sans -->
<!-- why is DejaVu Sans still here after fonts.enableDefaultPackages = false -->
<selectfont>
<rejectfont>
<pattern><patelt name="family" ><string>DejaVu Sans</string></patelt></pattern>
</rejectfont>
</selectfont>
</fontconfig>

23
hosts/aristotle/home/theme.nix → nixos/profiles/common/graphical/home/theme.nix
View file

@ -6,8 +6,9 @@
}: { }: {
home.pointerCursor = { home.pointerCursor = {
name = "Adwaita"; name = "Adwaita";
package = pkgs.adwaita-icon-theme; package = pkgs.gnome.adwaita-icon-theme;
size = 24; size = 24;
x11.enable = true;
gtk.enable = true; gtk.enable = true;
}; };
@ -16,12 +17,12 @@
gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
gtk3.bookmarks = [ gtk3.bookmarks = [
"file://${config.home.homeDirectory}/Documents/Projects/flake" "file://${config.home.homeDirectory}/Documents/Projects/git-repos/github.com/Guanran928/flake"
]; ];
iconTheme = { iconTheme = {
name = "Adwaita"; name = "Adwaita";
package = pkgs.adwaita-icon-theme; package = pkgs.gnome.adwaita-icon-theme;
}; };
theme = { theme = {
@ -30,21 +31,7 @@
}; };
}; };
dconf.settings = { dconf.settings."org/gnome/desktop/interface"."color-scheme" = "prefer-dark";
"org/gnome/desktop/interface" = {
"color-scheme" = "prefer-dark";
};
# Make GTK listen to fontconfig
"org/gnome/desktop/wm/preferences" = {
"titlebar-font" = "Sans Bold 11";
};
"org/gnome/desktop/interface" = {
"font-name" = "Sans 11";
"document-font-name" = "Sans 11";
"monospace-font-name" = "Monospace 10";
};
};
# ??? this commit broke nautilus's spacing ??? # ??? this commit broke nautilus's spacing ???
# https://github.com/nix-community/home-manager/commit/e9b9ecef4295a835ab073814f100498716b05a96 # https://github.com/nix-community/home-manager/commit/e9b9ecef4295a835ab073814f100498716b05a96

0
hosts/aristotle/home/xdg-mime.nix → nixos/profiles/common/graphical/home/xdg-mime.nix
View file

5
nixos/profiles/common/minimal/default.nix Normal file
View file

@ -0,0 +1,5 @@
{modulesPath, ...}: {
imports = [
(modulesPath + "/profiles/minimal.nix")
];
}

3
nixos/profiles/common/mobile/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
home-manager.users.guanranwang = import ./home;
}

3
nixos/profiles/common/mobile/home/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.batsignal.enable = true;
}

3
hosts/aristotle/disko.nix → nixos/profiles/common/opt-in/disko.nix
View file

@ -1,5 +1,4 @@
let {disks ? ["/dev/sda"], ...}: let
disks = ["/dev/nvme0n1"];
# compress-force: https://t.me/archlinuxcn_group/3054167 # compress-force: https://t.me/archlinuxcn_group/3054167
mountOptions = ["defaults" "compress-force=zstd" "noatime"]; mountOptions = ["defaults" "compress-force=zstd" "noatime"];
cryptSettings = { cryptSettings = {

58
nixos/profiles/common/opt-in/gaming/default.nix Normal file
View file

@ -0,0 +1,58 @@
{
pkgs,
lib,
config,
...
}: {
### home-manager
home-manager.users.guanranwang.imports = [./home];
### for steam
# https://github.com/NixOS/nixpkgs/issues/47932
hardware.opengl.driSupport32Bit = true;
# https://wiki.archlinux.org/title/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth
hardware.xone.enable = true; # via wired or wireless dongle
hardware.xpadneo.enable = true; # via Bluetooth
programs.gamemode = {
enable = true;
settings.custom = {
start = "${lib.getExe pkgs.libnotify} 'GameMode Activated' 'GameMode Activated! Enjoy enhanced performance. 🚀'";
end = "${lib.getExe pkgs.libnotify} 'GameMode Deactivated' 'GameMode Deactivated. Back to normal mode. '";
};
};
# Integrate with NVIDIA Optimus offloading.
# https://github.com/FeralInteractive/gamemode#note-for-hybrid-gpu-users
environment.sessionVariables = {
"GAMEMODERUNEXEC" = let
inherit (config.hardware.nvidia.prime) offload;
in
lib.mkIf
(builtins.elem "nvidia" config.services.xserver.videoDrivers && offload.enable && offload.enableOffloadCmd)
(lib.mkDefault "nvidia-offload");
};
### https://wiki.archlinux.org/title/Gaming#Improving_performance
systemd.tmpfiles.rules = [
# Path Mode UID GID Age Argument
#"w /proc/sys/vm/compaction_proactiveness - - - - 0"
"w /proc/sys/vm/min_free_kbytes - - - - 1048576"
"w /proc/sys/vm/swappiness - - - - 10"
"w /sys/kernel/mm/lru_gen/enabled - - - - 5"
"w /proc/sys/vm/zone_reclaim_mode - - - - 0"
#"w /sys/kernel/mm/transparent_hugepage/enabled - - - - never"
#"w /sys/kernel/mm/transparent_hugepage/shmem_enabled - - - - never"
#"w /sys/kernel/mm/transparent_hugepage/khugepaged/defrag - - - - 0"
"w /proc/sys/vm/page_lock_unfairness - - - - 1"
"w /proc/sys/kernel/sched_child_runs_first - - - - 0"
"w /proc/sys/kernel/sched_autogroup_enabled - - - - 1"
"w /proc/sys/kernel/sched_cfs_bandwidth_slice_us - - - - 500"
"w /sys/kernel/debug/sched/latency_ns - - - - 1000000"
"w /sys/kernel/debug/sched/migration_cost_ns - - - - 500000"
"w /sys/kernel/debug/sched/min_granularity_ns - - - - 500000"
"w /sys/kernel/debug/sched/wakeup_granularity_ns - - - - 0"
"w /sys/kernel/debug/sched/nr_migrate - - - - 8"
];
}

16
nixos/profiles/common/opt-in/gaming/home/default.nix Normal file
View file

@ -0,0 +1,16 @@
{pkgs, ...}: {
programs.mangohud.enable = true;
home.packages = with pkgs; [
(prismlauncher.override {glfw = glfw-wayland-minecraft;})
(steam.override {
extraEnv = {
# STEAM_EXTRA_COMPAT_TOOLS_PATHS = gamePkgs.proton-ge;
};
})
mumble
osu-lazer-bin
# lunar-client
# protonup-qt
];
}

0
hosts/aristotle/impermanence.nix → nixos/profiles/common/opt-in/impermanence.nix
View file

3
hosts/aristotle/lanzaboote.nix → nixos/profiles/common/opt-in/lanzaboote.nix
View file

@ -1,5 +1,6 @@
{pkgs, ...}: { {pkgs, ...}: {
environment.systemPackages = [pkgs.sbctl]; environment.systemPackages = with pkgs; [sbctl];
boot.loader.systemd-boot.enable = false;
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";

0
nixos/profiles/opt-in/mihomo/config.yaml → nixos/profiles/common/opt-in/mihomo/config.yaml
View file

7
nixos/profiles/opt-in/mihomo/default.nix → nixos/profiles/common/opt-in/mihomo/default.nix
View file

@ -25,12 +25,7 @@
}; };
### sops-nix ### sops-nix
sops.secrets = builtins.mapAttrs (_name: value: sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["mihomo.service"];}) {
value
// {
restartUnits = ["mihomo.service"];
sopsFile = ./secrets.yaml;
}) {
"clash/secret" = {}; "clash/secret" = {};
"clash/proxies/lightsail" = {}; "clash/proxies/lightsail" = {};
"clash/proxy-providers/efcloud" = {}; "clash/proxy-providers/efcloud" = {};

11
nixos/profiles/common/physical/default.nix Normal file
View file

@ -0,0 +1,11 @@
{pkgs, ...}: {
networking.stevenblack.enable = true;
services.system76-scheduler.enable = true;
services.power-profiles-daemon.enable = true;
services.thermald.enable = true;
# YubiKey
environment.systemPackages = [pkgs.yubikey-manager];
services.pcscd.enable = true;
services.udev.packages = [pkgs.yubikey-personalization];
}

10
nixos/profiles/core/networking.nix
View file

@ -1,10 +0,0 @@
{
services.resolved.enable = true;
### https://wiki.archlinux.org/title/Sysctl#Improving_performance
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.core.default_qdisc" = "cake";
"net.ipv4.tcp_congestion_control" = "bbr";
};
}

60
nixos/profiles/core/nix.nix
View file

@ -1,60 +0,0 @@
{
lib,
config,
inputs,
...
}: {
nix.settings = {
substituters =
(lib.optionals (config.time.timeZone == "Asia/Shanghai") [
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" # TUNA - 清华大学 Mirror
])
++ [
"https://nix-community.cachix.org"
"https://guanran928.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c="
];
experimental-features = [
"auto-allocate-uids"
"cgroups"
"flakes"
"nix-command"
"no-url-literals"
];
flake-registry = "";
trusted-users = ["@wheel"];
allow-import-from-derivation = false;
auto-allocate-uids = true;
auto-optimise-store = true;
builders-use-substitutes = true;
use-cgroups = true;
use-xdg-base-directories = true;
};
nix = {
# Add each flake input as a registry
# To make nix3 commands consistent with the flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# Disable nix-channel
channel.enable = false;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
};
users.groups."nix-access-tokens" = {};
sops.secrets."nix-access-tokens" = {
group = config.users.groups."nix-access-tokens".name;
mode = "0440";
};
}

7
nixos/profiles/desktop/default.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
imports = [
../common/core
../common/graphical
../common/physical
];
}

8
nixos/profiles/laptop/default.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
imports = [
../common/core
../common/graphical
../common/physical
../common/mobile
];
}

46
nixos/profiles/opt-in/mihomo/secrets.yaml
View file

@ -1,46 +0,0 @@
clash:
secret: ENC[AES256_GCM,data:0dikpMbntA==,iv:63yclHF0yUJXWr7/RN0RLMFmASD847i6WAplx6sfvGQ=,tag:Y7lw2sn34CEfAmzy/0IugA==,type:str]
proxies:
lightsail: ENC[AES256_GCM,data:YfyZsBi3yMIAMIjotAk4g4M+yYYozSSbKE77oz3lwbRHCMVJqxeo5nR04HrG8Hy2mQvVV09et1MbgnDMhEaSERZvsfaBojFUoRE6Du18n1ET8P1/ez5aKgC6ZnHy90a99mktqD4QDGNE8VDX2xBtNcVLF6i9dJ9di9tJEtnOdw+Q,iv:/uqtX6E2I0sqSWt2FmKwzG9zQb2TjdQqfDBZQXLh8cs=,tag:ofvc5GKEPrizajUaevI1jA==,type:str]
proxy-providers:
flyairport: ENC[AES256_GCM,data:x6li/5tWuAX9ZvLVUETLaBDqjB8pb8vSD9jD8HDMXNiiilq03RVHx7eXTiWMVJMlRUBOxvhTXH1fQxzye34aZQMx4BftMOQzvG5soF/P+K5hGapC9wbFnoH8znHkAdIgRLIeDBHRix3ll2OqGhqCENkWF4jjs/Pxqfz5bJlhcA==,iv:lO59riu5seloBRIy8QG02afNciEKvElzovLyaX90iSA=,tag:/L+elOLB2agQdRvg9tR0WQ==,type:str]
efcloud: ENC[AES256_GCM,data:36mToXGiHVAgM4vVQFOYvNPaHHuVf4mtvnNOgMBTyzbZ/mKpT1Exx7rWZ7i9EVBy5eX7SJtKmnHs0CqD48hr7R708W2oW3YNPEfkK7aGDqfQFyS1TVjT+MM=,iv:+qiFyM10fcAjcdyVZCC+0hb83GYENooM52+1GPXpamQ=,tag:wZupiFJMQq8A5ZwJtjXiOg==,type:str]
spcloud: ENC[AES256_GCM,data:gmJM+sTTaUrIxQXRBlDtE+K1gEfseMPUC2AQLq1LeY6iQmgq3wK7oJlz+buLbm/LUDitvls9d517905hz/Mpp2F7ohBeW9m1Jkcvdh/Zfgnfqg==,iv:FPe//+/ZMDZloZg2AnQ7JXRzqZdKDjLYs3wqMxqNA/Y=,tag:JPEU/WnUfy8bNlhAgPQwJw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaXJJdVlKb0lpa3pkZ0px
UGwveFAydHBUMzdXOU5ibHRBNmg1VllUVWxBCkh5SWQrQUhFSFA2NHA2WWhhYXhV
bFlteVVCM1M1VlRoakZ1UW1ENmJWM3cKLS0tIDdpZVo0Z2dQQ29DVnVOQU5kWkMy
N2djZElOQUtINXY5bGJKZFROK1VpZWcKMQY/1i3yvoKhDUdkmvQ0boVHzh9vta1Z
hz9WY8aYIMsa0PY71FuBMklOfNtaPKbewx9XXfLDetFLQ7tmWnIzFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVzFrcWdBNlYvdWRzNVNr
T3YyQ3JBakRQcnd2MzMyNnN4Z3h0TkN3S1NvCmdCZnFaeVdFcCtoVzh6OGRnd2o3
cVpxTCtpV1RYRjloUElLek9NcDlrMWsKLS0tIEdtZWVNUXY4VDAzSUxkUGhodjlJ
UHFlbi9JYTBVYWIyOGZ6SnBZcWo4K1kK9TkNUwrKIywSaXoExUaBb3y4L5Gg+2CT
0eI/CUL8LuYSSGeGRtypMPklHUQS4qV3UmXbnNSKctdLrNcDRperXg==
-----END AGE ENCRYPTED FILE-----
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MHd3Qjl1ODJzVWlwN3VB
L3ZFdVBPbmRzQUJBbWdiRUtqVzJYeVlHdkZJCit4YzExQ1UweXcrRkpVMEVKQlB3
NGt0VHE1alFvSkJGKzU5ZzM5akFwUG8KLS0tIGdvNS9ZYWU4TXM2Y1hVbjl2Z3cy
QStSb1FJb0xUUkV5cjg1Qk5ORDRQMzQKiTUdlCbgRX0zRPURsolB4O0dvxl9+lkn
0cIBYnVxzSdlDj+TXnTR2zL2cqZg94cNaTz0qWk/kmkmgmqm80hZ7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-09T22:04:17Z"
mac: ENC[AES256_GCM,data:iKwYqxBllI8SydCUjyK2cJkcUKVj4CqjmfDSMNJtLwM6IWUoOScV4Pu0YJz0aui5F8nbyC92vdDwsE599GZMTWdCH20MeWEMo7pbkPFxxL1bY5BMCNNE3Tm354nz4ihmBXMB9aI1JRiSareV5yQ1v6lOxzDargDigMrPI/6DRfo=,iv:JRvJQ3YdFZsBstT55xKcCMGJODy42FImugHbwEbpV2I=,tag:go33lpTdouZoFk53g9FXTw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

8
nixos/profiles/opt-in/wireless/default.nix
View file

@ -1,8 +0,0 @@
{lib, ...}: {
sops.secrets = builtins.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
"wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk";
"wireless/ImmortalWrt".path = "/var/lib/iwd/ImmortalWrt.psk";
};
networking.wireless.iwd.enable = lib.mkDefault true;
}

Some files were not shown because too many files have changed in this diff Show more