Compare commits

..

8 commits

17 changed files with 119 additions and 164 deletions

View file

@ -27,11 +27,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723080788, "lastModified": 1723426710,
"narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=", "narHash": "sha256-yrS9al6l3fYfFfvovnyBWnyELDQOdfKyai4K/jKgoBw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed", "rev": "0d510fe40b56ed74907a021d7e1ffd0042592914",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -122,11 +122,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723015306, "lastModified": 1723399884,
"narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -251,16 +251,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1723316219, "lastModified": 1723603349,
"narHash": "sha256-2B9qh8QBvw3kV/8cHc7ZJcrbVsRwP8wKjkwPXTSz76Y=", "narHash": "sha256-VMg6N7MryOuvSJ8Sj6YydarnUCkL7cvMdrMcnsJnJCE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bef98989a27429e1cb9e3d9c25701ba2da742af2", "rev": "daf7bb95821b789db24fc1ac21f613db0c1bf2cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -323,11 +323,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723343015, "lastModified": 1723602049,
"narHash": "sha256-oS8Qhpo71B/6OOsuVBFJbems7RKD/5e3TN2AdXhwMjg=", "narHash": "sha256-Z/noCSn9WPkv7O77dWKLcBxe4Ub4bWyNzsL5JhjaQfw=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "ed4fe9af3814694d59c572649e881a6aa6eba533", "rev": "ea0bf33a11a26a62c60123c49d96011da396602c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -346,11 +346,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722897572, "lastModified": 1723501126,
"narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=", "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9", "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -381,11 +381,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723303070, "lastModified": 1723454642,
"narHash": "sha256-krGNVA30yptyRonohQ+i9cnK+CfCpedg6z3qzqVJcTs=", "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "14c092e0326de759e16b37535161b3cb9770cea3", "rev": "349de7bc435bdff37785c2466f054ed1766173be",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -7,7 +7,7 @@
# `nixpkgs-unstable` contains less(?) jobs, and usually updates faster. # `nixpkgs-unstable` contains less(?) jobs, and usually updates faster.
# #
# REFERENCE: https://discourse.nixos.org/t/differences-between-nix-channels/13998/5 # REFERENCE: https://discourse.nixos.org/t/differences-between-nix-channels/13998/5
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";

View file

@ -1,25 +1,22 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
# lsp
alejandra alejandra
colmena
comma
deadnix deadnix
nh
nil nil
statix nix-diff
nix-index
# nixpkgs PRs
nix-init nix-init
nix-output-monitor
nix-tree
nix-update nix-update
nixfmt-rfc-style nixfmt-rfc-style
nixpkgs-review nixpkgs-review
nurl
# misc
colmena
comma
nh
nix-index
nix-output-monitor
nix-tree
sops sops
statix
]; ];
# nh # nh

View file

@ -35,12 +35,8 @@
checkConfig = false; # wtf? checkConfig = false; # wtf?
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
systemd.xdgAutostart = true; systemd.xdgAutostart = true;
xwayland = false;
config = { config = {
### Startup
startup = [
{command = "systemctl --user import-environment PATH";}
];
### Visuals ### Visuals
output."*".bg = "${inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.background} fill"; output."*".bg = "${inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.background} fill";
bars = [ bars = [

View file

@ -9,7 +9,7 @@
daemonize = true; daemonize = true;
show-failed-attempts = true; show-failed-attempts = true;
show-keyboard-layout = true; show-keyboard-layout = true;
image = toString inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.background.dark; image = toString inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.background;
scaling = "fill"; scaling = "fill";
}; };
}; };

View file

@ -71,13 +71,6 @@
runHook postInstall runHook postInstall
''; '';
}) })
(source-sans.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm444 VF/*.otf -t $out/share/fonts/variable
runHook postInstall
'';
})
(source-serif.overrideAttrs { (source-serif.overrideAttrs {
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
@ -87,9 +80,11 @@
}) })
source-han-sans-vf-otf source-han-sans-vf-otf
source-han-serif-vf-otf source-han-serif-vf-otf
noto-fonts
noto-fonts-color-emoji noto-fonts-color-emoji
]; ];
fontconfig.defaultFonts = { fontconfig = {
defaultFonts = {
emoji = [ emoji = [
"Noto Color Emoji" "Noto Color Emoji"
]; ];
@ -111,6 +106,19 @@
"Noto Color Emoji" "Noto Color Emoji"
]; ];
}; };
# GitHub perfers Noto Sans...
localConf = ''
<selectfont>
<rejectfont>
<pattern>
<patelt name="family">
<string>Noto Sans</string>
</patelt>
</pattern>
</rejectfont>
</selectfont>
'';
};
}; };
console = { console = {
@ -121,10 +129,7 @@
services.greetd = { services.greetd = {
enable = true; enable = true;
settings.default_session.command = "${lib.getExe pkgs.greetd.tuigreet} --cmd ${pkgs.writeShellScript "sway" '' settings.default_session.command = "${lib.getExe pkgs.greetd.tuigreet} --cmd ${pkgs.writeShellScript "sway" ''
while read -r l; do dbus-update-activation-environment --all --systemd
eval export $l
done < <(/run/current-system/systemd/lib/systemd/user-environment-generators/30-systemd-environment-d-generator)
exec systemd-cat --identifier=sway sway exec systemd-cat --identifier=sway sway
''}"; ''}";
}; };

View file

@ -1,8 +1,4 @@
{ {pkgs, ...}: {
pkgs,
inputs,
...
}: {
imports = imports =
[ [
./theme.nix ./theme.nix
@ -38,7 +34,6 @@
loupe loupe
mousai mousai
seahorse seahorse
inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.scripts.lofi
]; ];
programs.obs-studio.enable = true; programs.obs-studio.enable = true;

View file

@ -85,6 +85,10 @@ id.ny4.dev {
element.ny4.dev { element.ny4.dev {
import default import default
root * @element@ root * @element@
header X-Frame-Options SAMEORIGIN;
header X-Content-Type-Options nosniff;
header X-XSS-Protection "1; mode=block";
header Content-Security-Policy "frame-ancestors 'self'";
file_server file_server
} }
@ -122,3 +126,8 @@ reddit.ny4.dev {
import default import default
reverse_proxy localhost:9400 reverse_proxy localhost:9400
} }
vault.ny4.dev {
import default
reverse_proxy localhost:9500
}

View file

@ -17,6 +17,7 @@
./services/ntfy.nix ./services/ntfy.nix
./services/pixivfe.nix ./services/pixivfe.nix
./services/searx.nix ./services/searx.nix
./services/vaultwarden.nix
]; ];
time.timeZone = "Asia/Tokyo"; time.timeZone = "Asia/Tokyo";
@ -47,6 +48,9 @@
"miniflux/environment" = { "miniflux/environment" = {
restartUnits = ["miniflux.service"]; restartUnits = ["miniflux.service"];
}; };
"vaultwarden/environment" = {
restartUnits = ["vaultwarden.service"];
};
}; };
### Services ### Services

View file

@ -6,6 +6,8 @@ pixivfe:
environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str] environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str]
miniflux: miniflux:
environment: ENC[AES256_GCM,data:eT1rVeXbDANk/+9xmxmTHvMNofyplNGvVFgTj4lFQlJSHTi+br1qfg0tddf5aCtE8cNGt0fNm63qguI2Df/+KWENhb0vCpjRG7zryfBhEwMP5jkVgDnaHYolS1z3OmhlEpE=,iv:tWAUCtlk8wDGWGmn7j00QOVwjPYDkTPDGpyxd1pP6ig=,tag:gLNdzK9GZ/m5mWL5YNrzyQ==,type:str] environment: ENC[AES256_GCM,data:eT1rVeXbDANk/+9xmxmTHvMNofyplNGvVFgTj4lFQlJSHTi+br1qfg0tddf5aCtE8cNGt0fNm63qguI2Df/+KWENhb0vCpjRG7zryfBhEwMP5jkVgDnaHYolS1z3OmhlEpE=,iv:tWAUCtlk8wDGWGmn7j00QOVwjPYDkTPDGpyxd1pP6ig=,tag:gLNdzK9GZ/m5mWL5YNrzyQ==,type:str]
vaultwarden:
environment: ENC[AES256_GCM,data:+pcUVL7yVXKVp57/feHHWmSuH/2B0hLtADxZWCQOOMG+M3UQh+4dHA5debiv,iv:Zy6xn4Z4VwVXfWWjVeCYY/gRnDp//7yUPLbtLuABFPY=,tag:LxEc31YhgyjEhDrqoJxCJw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -30,8 +32,8 @@ sops:
R1ZMMG1jWnljNWl5Nk5MU3RCMlFPYjgKL1ScxzF0D1R18H+oe6dlxUGlL9myHEr3 R1ZMMG1jWnljNWl5Nk5MU3RCMlFPYjgKL1ScxzF0D1R18H+oe6dlxUGlL9myHEr3
3HBPoapKCSQ/cT7Xma4bsWD1AVJIf1Ak+MeCs9ItGwKAcnd9JYZ9KA== 3HBPoapKCSQ/cT7Xma4bsWD1AVJIf1Ak+MeCs9ItGwKAcnd9JYZ9KA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-18T09:46:47Z" lastmodified: "2024-08-12T12:55:54Z"
mac: ENC[AES256_GCM,data:EJsQO/XsF8SpyEP8s9u1DXQkSsqodknF9ibl94/kOOIutx9ML+L0ltYA3+/eW17K9Mwvy6CyojKiQLiYgL2RLJd1zxZKedmp+l3klu1im8Wocwh073nemHIR1J6H5hoE6y36tDCXRrMDbWIfMjvlp6FlhFsI/n3Na1iCDall6mA=,iv:O9Y0j5G3sE67Bfz0MhcPYYpU71cGgtIdde8a1WQiigs=,tag:eNIvBVu7LPnC5s2f3MzptQ==,type:str] mac: ENC[AES256_GCM,data:H1zm+Rk9F9SkRbANU4GYjhZpys3e5qQNBBsdIbgXD3AZTAKZVyemT6Vb8k0ufkfzQ98L0Xrm/S1JQFvcyaZqRHv+C2GW3F34FlSS4IOtaJz9IgVIdvaM4WvaOTtpC5B+5CKnA/oBPOmhEBCdi2LIjzrUltEzKpemWHkIIT2eHQA=,iv:1RCjLEz0W+tHQep4EguweYKSfePXa1VE3+gzlcFsAug=,tag:Oonqihfe83l5SNOmLjOPYg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

View file

@ -0,0 +1,17 @@
{config, ...}: {
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environment".path;
config = {
DOMAIN = "https://vault.ny4.dev";
IP_HEADER = "X-Forwarded-For";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 9500;
EMERGENCY_ACCESS_ALLOWED = false;
SENDS_ALLOWED = false;
SIGNUPS_ALLOWED = false;
ORG_CREATION_USERS = "none";
};
};
}

View file

@ -36,7 +36,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
unzip unzip
wget
tree tree
file file
htop htop

View file

@ -10,7 +10,7 @@
webui = pkgs.metacubexd; webui = pkgs.metacubexd;
}; };
systemd.services.mihomo.serviceConfig.preStart = '' systemd.services.mihomo.preStart = ''
${pkgs.coreutils}/bin/ln -sf ${pkgs.v2ray-geoip}/share/v2ray/geoip.dat /var/lib/private/mihomo/GeoIP.dat ${pkgs.coreutils}/bin/ln -sf ${pkgs.v2ray-geoip}/share/v2ray/geoip.dat /var/lib/private/mihomo/GeoIP.dat
${pkgs.coreutils}/bin/ln -sf ${pkgs.v2ray-domain-list-community}/share/v2ray/geosite.dat /var/lib/private/mihomo/GeoSite.dat ${pkgs.coreutils}/bin/ln -sf ${pkgs.v2ray-domain-list-community}/share/v2ray/geosite.dat /var/lib/private/mihomo/GeoSite.dat
''; '';

View file

@ -1,24 +0,0 @@
{
fetchurl,
imagemagick,
runCommandLocal,
}:
runCommandLocal "49983419_p0.jpg" {
nativeBuildInputs = [imagemagick];
# https://www.pixiv.net/en/artworks/49983419
image = fetchurl {
url = "https://i.pximg.net/img-original/img/2015/04/23/12/43/35/49983419_p0.jpg";
hash = "sha256-JZ5VmsjVjZfHXpx3JxzAyYzZppZmgH38AiAA+B0TDiw=";
curlOptsList = ["-e" "https://www.pixiv.net/"];
};
outputs = ["out" "dark"];
} ''
magick $image -crop 3500x1600+0+100 $out
magick $image \
-crop 3500x1600+0+100 \
-blur 8x8 \
-brightness-contrast -10,0 \
$dark
''

View file

@ -1,20 +1,10 @@
# NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`, # NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`,
# only keeping some packages that only fits for personal use. # only keeping some packages that only fits for personal use.
pkgs: let pkgs: let
inherit (pkgs) lib callPackage; inherit (pkgs) callPackage;
in { in {
# https://github.com/NixOS/nixpkgs/pull/308720 # https://github.com/NixOS/nixpkgs/pull/308720
pixivfe = callPackage ./pixivfe.nix {}; pixivfe = callPackage ./pixivfe.nix {};
background = callPackage ./background.nix {}; background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src;
scripts = lib.makeScope pkgs.newScope (self: let
inherit (self) callPackage;
in {
# util
makeScript = callPackage ./scripts/makeScript.nix {};
# scripts
lofi = callPackage ./scripts/lofi.nix {};
});
} }

View file

@ -1,14 +0,0 @@
{
makeScript,
coreutils,
mpv,
fetchurl,
}:
makeScript {
name = "lofi";
runtimeInputs = [coreutils mpv];
src = fetchurl {
url = "https://raw.githubusercontent.com/lime-desu/bin/69422c37582c5914863997c75c268791a0de136e/lofi";
hash = "sha256-hT+S/rqOHUYnnFcSDFfQht4l1DGasz1L3wDHKUWLraA=";
};
}

View file

@ -1,21 +0,0 @@
{
lib,
runtimeShell,
runCommandLocal,
makeBinaryWrapper,
}: {
name,
src,
runtimeInputs ? [],
}:
# FIXME: incorrect argv0
runCommandLocal name {
inherit src;
nativeBuildInputs = [makeBinaryWrapper];
meta.mainProgram = name;
} ''
install -Dm755 $src $out/bin/.$name
makeBinaryWrapper ${runtimeShell} $out/bin/$name \
--add-flags $out/bin/.$name \
--prefix PATH : ${lib.makeBinPath runtimeInputs}
''