diff --git a/flake.lock b/flake.lock index c629ddf..91e5a48 100644 --- a/flake.lock +++ b/flake.lock @@ -69,11 +69,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "lastModified": 1688254665, + "narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "rev": "267149c58a14d15f7f81b4d737308421de9d7152", "type": "github" }, "original": { @@ -83,21 +83,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -122,11 +107,11 @@ ] }, "locked": { - "lastModified": 1686391840, - "narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=", + "lastModified": 1688999869, + "narHash": "sha256-gLD2UI6+Nb9JV5Wh4FnLHAZwLMiY11RHYBKmBZCxLXc=", "owner": "nix-community", "repo": "home-manager", - "rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f", + "rev": "a6d1d954b81caf4c9291b8ac35452fef842f289b", "type": "github" }, "original": { @@ -153,17 +138,16 @@ "maubot": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1687853065, - "narHash": "sha256-HNq95YrJm8ng7lSdGbyDCihgrS6xhQm6Agyej6ttmGg=", + "lastModified": 1688069522, + "narHash": "sha256-yvn2wt2AY0u4NElWffiJrrtNEj14lBLlIyvDOmP72Qw=", "owner": "chayleaf", "repo": "maubot.nix", - "rev": "f06cffda880a0a403a3b4c40263a03dd2523775b", + "rev": "d90b8eebe37c4382d2588e94a6bc721ca6e5f476", "type": "github" }, "original": { @@ -180,11 +164,11 @@ ] }, "locked": { - "lastModified": 1686489662, - "narHash": "sha256-kEuKsjWoFm3EeeiSwqHlUyV1wTxJu6/kfzrhuIwaIEQ=", + "lastModified": 1688951979, + "narHash": "sha256-5wGEXjNjlrVhP1tQUsBLjfT64uQ+b+jgc57MK/IvsW8=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "b32aeea96b838977a27804ba6a2cf2188f4b16af", + "rev": "0bf7751f831cd2bd17b54805b96f91fadf00aca2", "type": "github" }, "original": { @@ -195,11 +179,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1686452266, - "narHash": "sha256-zLKiX0iu6jZFeZDpR1gE6fNyMr8eiM8GLnj9SoUCjFs=", + "lastModified": 1689060619, + "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2a807ad6e8dc458db08588b78cc3c0f0ec4ff321", + "rev": "44bc025007e5fcc10dbc3d9f96dcbf06fc0e8c1c", "type": "github" }, "original": { @@ -218,14 +202,15 @@ "nixpkgs-22_11": [ "nixpkgs" ], + "nixpkgs-23_05": "nixpkgs-23_05", "utils": "utils" }, "locked": { - "lastModified": 1686468558, - "narHash": "sha256-K69Ojlx3N8I6tRTZsrKFMIqK4yrnJ6/PjfKZi3wchYg=", + "lastModified": 1688586836, + "narHash": "sha256-5uLYGa+8lysS1X5ehdU3ewmrMIG8p9+qS7yJ0LyhMHs=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "290d00f6db4e80467013728819ad73dd4a394d9a", + "rev": "d460e9ff62ea1238fb3348a87326b743ae177902", "type": "gitlab" }, "original": { @@ -241,11 +226,11 @@ ] }, "locked": { - "lastModified": 1687589315, - "narHash": "sha256-yHeWC/6OatjLN56VfCw1gjnzZd++uyYIkJBbDckWj/E=", + "lastModified": 1689016040, + "narHash": "sha256-g2K2WD6wK6lMkV+fjSKfLLapv8nm+XimX+8tB7xh6hc=", "owner": "chayleaf", "repo": "nixos-router", - "rev": "b28e10ec8d247babd9ff461bb14725e504d3badf", + "rev": "6078d93845b70656cfdd0b3932ac7215f6c527c1", "type": "github" }, "original": { @@ -256,11 +241,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686412476, - "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=", + "lastModified": 1689008574, + "narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "21951114383770f96ae528d0ae68824557768e81", + "rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462", "type": "github" }, "original": { @@ -270,14 +255,29 @@ "type": "github" } }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1675183161, - "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "lastModified": 1688049487, + "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1685774289, - "narHash": "sha256-7NXZ2S2FZzYW8lvX+zZ7x3wwCpjMLVK2tNL/u6JdSeE=", + "lastModified": 1688049338, + "narHash": "sha256-HRWFIl2UY6wVUc/xJh3kKX/Nb3kTm33e39ZO7MnY+x0=", "owner": "chayleaf", "repo": "notlua", - "rev": "12e810bf2c571ae80ae4fda4f8c63e40b8f9b392", + "rev": "1582e95567c13d5bf103e035a7cd18ce901b5186", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1687562693, - "narHash": "sha256-imxVKPmthtrMq5RFst8IfdbnDPy4sEeln2lo9374W4o=", + "lastModified": 1688609524, + "narHash": "sha256-Wqzk7qgiyGBZhy9PU0IIlaqnt3JCCOoxgS2/ZiGMtTc=", "owner": "chayleaf", "repo": "notnft", - "rev": "f090546a7c190557c2081129b7e49a595f2ab76f", + "rev": "442ec56617084bcc1b310cacb2e22e2c83bb6e3f", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nur": { "locked": { - "lastModified": 1686488164, - "narHash": "sha256-DGfmD8ZCu9Xp0rB1tUct8FNlvz/orRr30DXeI9+fnPU=", + "lastModified": 1689062700, + "narHash": "sha256-uUD+KBJfX8kLALpB8cvIgSZ/xGWS34zBRbSlWsIyx80=", "owner": "nix-community", "repo": "NUR", - "rev": "daf7100b6147114c5f0a68583ba50e15d82e9788", + "rev": "7d0ac0daa6e05b6619f9172be4f05f785882dfaa", "type": "github" }, "original": { @@ -362,17 +362,17 @@ }, "rust-overlay": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1686450923, - "narHash": "sha256-a7B9VT2NHJWRCerHmZagAXu3z2QHJKhxUhzjh5vAnXU=", + "lastModified": 1689042658, + "narHash": "sha256-p7cQAFNt5kX19sZvK74CmY0nTrtujpZg6sZUiV1ntAk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "4b3cb15179af3b8d640a29fa85cc9f332b4123e6", + "rev": "d7181bb2237035df17cab9295c95f987f5c527e6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d81abec..306bd9e 100644 --- a/flake.nix +++ b/flake.nix @@ -196,7 +196,7 @@ } ({ config, pkgs, lib, ...}: { nixpkgs.overlays = [ overlay ]; - nix.package = lib.mkDefault pkgs.nixFlakes; + nix.package = lib.mkDefault pkgs.nixForNixPlugins; # this is only needed if nixos doesnt set plugin-files already /*nix.extraOptions = '' plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so @@ -251,7 +251,7 @@ (getPrivUser hostname user) ({ config, pkgs, lib, ... }: { nixpkgs.overlays = [ overlay ]; - nix.package = lib.mkDefault pkgs.nixFlakes; + nix.package = lib.mkDefault pkgs.nixForNixPlugins; # this is only needed if nixos doesnt set plugin-files already /*nix.extraOptions = '' plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so diff --git a/home/common/firefox.nix b/home/common/firefox.nix index 22acc87..8149b92 100644 --- a/home/common/firefox.nix +++ b/home/common/firefox.nix @@ -45,7 +45,6 @@ cookies-txt don-t-fuck-with-paste greasemonkey - i-dont-care-about-cookies keepassxc-browser libredirect localcdn diff --git a/home/common/i3-sway.nix b/home/common/i3-sway.nix index 349af4a..11ecd09 100644 --- a/home/common/i3-sway.nix +++ b/home/common/i3-sway.nix @@ -255,7 +255,10 @@ in { app_id = "nheko"; } ]; "3" = [{ app_id = "org.keepassxc.KeePassXC"; }]; - "4" = [{ class = "Steam"; }]; + "4" = [ + { class = "Steam"; } + { class = "steam"; } + ]; }; keybindings = genKeybindings options.wayland.windowManager.sway (with pkgs.sway-contrib; /*let diff --git a/home/common/nvim.nix b/home/common/nvim.nix index d612153..4397b7e 100644 --- a/home/common/nvim.nix +++ b/home/common/nvim.nix @@ -93,7 +93,7 @@ rust-analyzer nodePackages_latest.bash-language-server shellcheck nodePackages_latest.typescript-language-server - nodePackages_latest.svelte-language-server + # nodePackages_latest.svelte-language-server clang-tools_latest nodePackages_latest.vscode-langservers-extracted nil diff --git a/home/common/zsh.nix b/home/common/zsh.nix index 97bfceb..02c4fe1 100644 --- a/home/common/zsh.nix +++ b/home/common/zsh.nix @@ -1,11 +1,11 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { programs.zsh = { enable = true; # zsh-autosuggestions enableAutosuggestions = true; # zsh-syntax-highlighting - enableSyntaxHighlighting = true; + syntaxHighlighting.enable = true; defaultKeymap = "viins"; dotDir = ".config/zsh"; history.ignoreDups = true; diff --git a/home/hosts/nixmsi.nix b/home/hosts/nixmsi.nix index e1ee66b..a9007ae 100644 --- a/home/hosts/nixmsi.nix +++ b/home/hosts/nixmsi.nix @@ -12,10 +12,12 @@ nix.settings = { trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" ]; trusted-substituters = [ "https://cache.nixos.org" + "https://nix-gaming.cachix.org" # "https://nixpkgs-wayland.cachix.org" ]; }; @@ -53,16 +55,17 @@ home.sessionVariables = { STEAM_EXTRA_COMPAT_TOOLS_PATHS = "${pkgs.proton-ge}"; CARGO_PROFILE_DEV_INCREMENTAL = "true"; - RUSTC_LINKER = "${pkgs.clang_latest}/bin/clang"; - RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold"; + # RUSTC_LINKER = "${pkgs.clang_latest}/bin/clang"; + # RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold"; CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER = "${pkgs.clang_latest}/bin/clang"; CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold"; }; home.packages = with pkgs; [ mold - ghidra cutter + ghidra cutter2 openrgb piper steam-run steam + faf-client (osu-lazer-bin.override { command_prefix = "${obs-studio-plugins.obs-vkcapture}/bin/obs-gamecapture"; }) @@ -74,7 +77,7 @@ easyeffects # wineWowPackages.waylandFull winetricks - protontricks # proton-caller + # protontricks # proton-caller # bottles virtmanager gimp krita blender-hip diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json index 1a4c961..db61001 100644 --- a/pkgs/_sources/generated.json +++ b/pkgs/_sources/generated.json @@ -37,39 +37,24 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-OPwmVxBGaWo51pDJcqvxvZ8qxMH8X0DwZTpwiKbdx/I=", + "sha256": "sha256-0ePO6ZzsZpAb9iM++k4fYDwKzJpuZNgfPKwZePAUc0Y=", "type": "url", - "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-4/GE-Proton8-4.tar.gz" + "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-6/GE-Proton8-6.tar.gz" }, - "version": "GE-Proton8-4" + "version": "GE-Proton8-6" }, "searxng": { "cargoLocks": null, - "date": "2023-06-25", + "date": "2023-07-07", "extract": null, "name": "searxng", "passthru": null, "pinned": false, "src": { - "sha256": "sha256-sk28RG9/ZoPL71x99tNi884Mw0taMTYWh6HXINTr1xQ=", + "sha256": "sha256-eOq4vZ8690H1lCRu8LXgUJvc/4lY+VqvVOqRyEURreI=", "type": "tarball", - "url": "https://github.com/searxng/searxng/archive/e8706fb738da9feb21e596f403dddb40e69c8a7b.tar.gz" + "url": "https://github.com/searxng/searxng/archive/cada89ee3648de6ca5b458aeacafe6c10d5230a2.tar.gz" }, - "version": "e8706fb738da9feb21e596f403dddb40e69c8a7b" - }, - "yomichan": { - "cargoLocks": null, - "date": null, - "extract": null, - "name": "yomichan", - "passthru": null, - "pinned": false, - "src": { - "name": null, - "sha256": "sha256-l70wVXHEArifukDelZeoVxIyP2Crs6QZSD/kFdEml/8=", - "type": "url", - "url": "https://github.com/FooSoft/yomichan/releases/download/22.10.23.0/yomichan-firefox-dev.xpi" - }, - "version": "22.10.23.0" + "version": "cada89ee3648de6ca5b458aeacafe6c10d5230a2" } } \ No newline at end of file diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index 6549939..6e48c14 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -20,19 +20,19 @@ }; proton-ge = { pname = "proton-ge"; - version = "GE-Proton8-4"; + version = "GE-Proton8-6"; src = fetchurl { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-4/GE-Proton8-4.tar.gz"; - sha256 = "sha256-OPwmVxBGaWo51pDJcqvxvZ8qxMH8X0DwZTpwiKbdx/I="; + url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-6/GE-Proton8-6.tar.gz"; + sha256 = "sha256-0ePO6ZzsZpAb9iM++k4fYDwKzJpuZNgfPKwZePAUc0Y="; }; }; searxng = { pname = "searxng"; - version = "e8706fb738da9feb21e596f403dddb40e69c8a7b"; + version = "cada89ee3648de6ca5b458aeacafe6c10d5230a2"; src = fetchTarball { - url = "https://github.com/searxng/searxng/archive/e8706fb738da9feb21e596f403dddb40e69c8a7b.tar.gz"; - sha256 = "sha256-sk28RG9/ZoPL71x99tNi884Mw0taMTYWh6HXINTr1xQ="; + url = "https://github.com/searxng/searxng/archive/cada89ee3648de6ca5b458aeacafe6c10d5230a2.tar.gz"; + sha256 = "sha256-eOq4vZ8690H1lCRu8LXgUJvc/4lY+VqvVOqRyEURreI="; }; - date = "2023-06-25"; + date = "2023-07-07"; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 156e247..2cb48a6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,9 +12,13 @@ let in { - osu-lazer-bin = nix-gaming.osu-lazer-bin; + inherit (nix-gaming) faf-client osu-lazer-bin; + nixForNixPlugins = pkgs.nixVersions.nix_2_16; clang-tools_latest = pkgs.clang-tools_16; clang_latest = pkgs.clang_16; + steam-run = pkgs.steam-run.overrideAttrs (old: { + multiArch = true; + }); home-daemon = callPackage ./home-daemon { }; /*ghidra = pkgs.ghidra.overrideAttrs (old: { patches = old.patches ++ [ ./ghidra-stdcall.patch ]; @@ -31,6 +35,10 @@ in fetchSubmodules = true; }; }); + kvmfrOverlay = pkgs.linuxPackages_latest.kvmfr.overrideAttrs (old: { + inherit (pkgs'.looking-glass-client) version src; + patches = [ ./kvmfr-linux6_4.patch ]; + }); pineapplebot = callPackage ./pineapplebot.nix { }; proton-ge = pkgs.stdenvNoCC.mkDerivation { inherit (sources.proton-ge) pname version src; @@ -88,4 +96,10 @@ in CONFIG_AIRTIME_POLICY=y ''; }); + + cutter2 = pkgs.callPackage ./rizin/wrapper.nix { + unwrapped = pkgs.cutter; + } [ (pkgs.libsForQt5.callPackage ./rizin/rz-ghidra.nix { + enableCutterPlugin = true; + }) ]; } // (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }) diff --git a/pkgs/kvmfr-linux6_4.patch b/pkgs/kvmfr-linux6_4.patch new file mode 100644 index 0000000..e57d1d2 --- /dev/null +++ b/pkgs/kvmfr-linux6_4.patch @@ -0,0 +1,16 @@ +diff --git a/kvmfr.c b/kvmfr.c +index 121aae5b..2f4c9e1a 100644 +--- a/kvmfr.c ++++ b/kvmfr.c +@@ -539,7 +539,11 @@ static int __init kvmfr_module_init(void) + if (kvmfr->major < 0) + goto out_free; + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0) + kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME); ++#else ++ kvmfr->pClass = class_create(KVMFR_DEV_NAME); ++#endif + if (IS_ERR(kvmfr->pClass)) + goto out_unreg; + diff --git a/pkgs/rizin/rz-ghidra.nix b/pkgs/rizin/rz-ghidra.nix new file mode 100644 index 0000000..b3b813e --- /dev/null +++ b/pkgs/rizin/rz-ghidra.nix @@ -0,0 +1,54 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +# buildInputs +, rizin +, openssl +, pugixml +# optional buildInputs +, enableCutterPlugin ? true +, cutter +, qtbase +, qtsvg +}: + +stdenv.mkDerivation rec { + pname = "rz-ghidra"; + version = "0.5.0"; + + src = fetchFromGitHub { + owner = "rizinorg"; + repo = "rz-ghidra"; + rev = "v${version}"; + hash = "sha256-2QQEj4TIBmiZgbb66R7q6iEp2WitUc8Ui6Nr71JelXs="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ + openssl + pugixml + rizin + ] ++ lib.optionals enableCutterPlugin [ + cutter + qtbase + qtsvg + ]; + + dontWrapQtApps = true; + + cmakeFlags = [ + "-DUSE_SYSTEM_PUGIXML=ON" + ] ++ lib.optionals enableCutterPlugin [ + "-DBUILD_CUTTER_PLUGIN=ON" + "-DCUTTER_INSTALL_PLUGDIR=share/rizin/cutter/plugins/native" + ]; + + meta = with lib; { + description = "Deep ghidra decompiler and sleigh disassembler integration for rizin"; + homepage = src.meta.homepage; + license = licenses.lgpl3; + maintainers = with maintainers; [ chayleaf ]; + }; +} diff --git a/pkgs/rizin/wrapper.nix b/pkgs/rizin/wrapper.nix new file mode 100644 index 0000000..575f11e --- /dev/null +++ b/pkgs/rizin/wrapper.nix @@ -0,0 +1,29 @@ +{ makeWrapper +, symlinkJoin +, unwrapped +}: + +plugins: + +symlinkJoin { + name = "cutter-with-plugins"; + + paths = [ unwrapped ] ++ plugins; + + nativeBuildInputs = [ makeWrapper ]; + + passthru = { + inherit unwrapped; + }; + + postBuild = '' + rm $out/bin/* + wrapperArgs=(--set RZ_LIBR_PLUGINS $out/lib/rizin/plugins) + if [ -d $out/share/rizin/cutter ]; then + wrapperArgs+=(--prefix XDG_DATA_DIRS : $out/share) + fi + for binary in $(ls ${unwrapped}/bin); do + makeWrapper ${unwrapped}/bin/$binary $out/bin/$binary "''${wrapperArgs[@]}" + done + ''; +} diff --git a/system/hosts/nixmsi.nix b/system/hosts/nixmsi.nix index 3422372..9e4127d 100644 --- a/system/hosts/nixmsi.nix +++ b/system/hosts/nixmsi.nix @@ -45,7 +45,9 @@ # zen619.configuration.boot.kernelPackages = zenKernelPackages "6.1.9" "0fsmcjsawxr32fxhpp6sgwfwwj8kqymy0rc6vh4qli42fqmwdjgv"; # }; - nixpkgs.config.allowUnfreePredicate = pkg: (lib.getName pkg) == "steam-original"; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "steam-original" + ]; hardware = { steam-hardware.enable = true; opengl.driSupport32Bit = true; @@ -111,23 +113,50 @@ games.matchers = [ "osu!" ]; }; - common.workstation = true; + common.minimal = false; common.gettyAutologin = true; # programs.firejail.enable = true; # doesn't work: # programs.wireshark.enable = true; - # users.groups.wireshark.members = [ config.common.mainUsername"]; + # users.groups.wireshark.members = [ config.common.mainUsername ]; services.printing.enable = true; - # from nix-gaming - services.pipewire.lowLatency = { + services.pipewire = { enable = true; - # 96 is mostly fine but has some xruns - # 128 has xruns every now and then too, but is overall fine - quantum = 128; - rate = 48000; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + # from nix-gaming + lowLatency = { + enable = true; + # 96 is mostly fine but has some xruns + # 128 has xruns every now and then too, but is overall fine + quantum = 128; + rate = 48000; + }; + }; + security.polkit.enable = true; + security.rtkit.enable = true; + + services.dbus.enable = true; + programs.sway.enable = true; + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; }; programs.ccache.enable = true; services.sshd.enable = true; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + nix.settings.trusted-users = [ "root" config.common.mainUsername ]; + services.udev.packages = [ + pkgs.android-udev-rules + ]; + environment.systemPackages = with pkgs; [ + comma + neovim + man-pages man-pages-posix + ]; + documentation.dev.enable = true; } diff --git a/system/hosts/nixserver/default.nix b/system/hosts/nixserver/default.nix index 2435931..4cf4fb9 100644 --- a/system/hosts/nixserver/default.nix +++ b/system/hosts/nixserver/default.nix @@ -296,7 +296,7 @@ in { services.nextcloud = { enable = true; enableBrokenCiphersForSSE = false; - package = pkgs.nextcloud26; + package = pkgs.nextcloud27; autoUpdateApps.enable = true; # TODO: use socket auth and remove the next line database.createLocally = false; @@ -319,6 +319,13 @@ in { '' ]; }; systemd.services.pleroma.path = [ pkgs.exiftool pkgs.gawk ]; + systemd.services.pleroma.serviceConfig = { + Restart = "on-failure"; + }; + systemd.services.pleroma.unitConfig = { + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; services.nginx.virtualHosts."pleroma.${cfg.domainName}" = { enableACME = true; forceSSL = true; diff --git a/system/hosts/nixserver/fdroid.nix b/system/hosts/nixserver/fdroid.nix index a7d0111..356dbc5 100644 --- a/system/hosts/nixserver/fdroid.nix +++ b/system/hosts/nixserver/fdroid.nix @@ -10,6 +10,7 @@ in { ]; services.nginx.virtualHosts."${cfg.domainName}" = { locations."/fdroid/".alias = "/var/lib/fdroid/repo/"; + locations."/fdroid/repo/".alias = "/var/lib/fdroid/repo/"; }; users.users.fdroid = { home = "/var/lib/fdroid"; @@ -27,7 +28,7 @@ in { serviceConfig = let inherit (pkgs) fdroidserver; fdroidScript = pkgs.writeText "update-froid.py" '' - import requests, subprocess, os, sys + import requests, subprocess, os, shutil, sys x = requests.get('https://api.github.com/repos/ppy/osu/releases').json() @@ -36,14 +37,15 @@ in { if w.get('name', "").endswith('.apk'): os.chdir('/var/lib/fdroid') subprocess.run(['${pkgs.wget}/bin/wget', w['browser_download_url'], '-O', '/var/tmp/lazer.apk'], check=True) - os.rename('/var/tmp/lazer.apk', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk') - subprocess.run(['${fdroidserver}/bin/fdroid', 'update', '--allow-disabled-algorithms']) + shutil.move('/var/tmp/lazer.apk', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk.tmp') + os.rename('/var/lib/fdroid/repo/sh.ppy.osulazer.apk.tmp', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk') + subprocess.run(['${fdroidserver}/bin/fdroid', 'update', '--allow-disabled-algorithms'], check=True) sys.exit() ''; fdroidPython = pkgs.python3.withPackages (p: with p; [ requests ]); in { Type = "oneshot"; - ExecStart = "${fdroidPython} ${fdroidScript}"; + ExecStart = "${fdroidPython}/bin/python3 ${fdroidScript}"; }; environment.JAVA_HOME = "${pkgs.jdk11_headless}"; path = [ pkgs.jdk11_headless ]; diff --git a/system/hosts/nixserver/matrix.nix b/system/hosts/nixserver/matrix.nix index 2d060c2..e46809c 100644 --- a/system/hosts/nixserver/matrix.nix +++ b/system/hosts/nixserver/matrix.nix @@ -1,5 +1,6 @@ { config , lib +, pkgs , ... }: let @@ -49,8 +50,37 @@ in { enable = true; homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/"; }; - # so synapse can read the registration - users.groups.heisenbridge.members = [ "matrix-synapse" ]; + # TODO: remove when https://github.com/NixOS/nixpkgs/pull/242912 is merged + systemd.services.heisenbridge.preStart = let + bridgeConfig = builtins.toFile "heisenbridge-registration.yml" (builtins.toJSON { + inherit (config.services.heisenbridge) namespaces; id = "heisenbridge"; + url = config.services.heisenbridge.registrationUrl; rate_limited = false; + sender_localpart = "heisenbridge"; + }); + in lib.mkForce '' + umask 077 + set -e -u -o pipefail + + if ! [ -f "/var/lib/heisenbridge/registration.yml" ]; then + # Generate registration file if not present (actually, we only care about the tokens in it) + ${config.services.heisenbridge.package}/bin/heisenbridge --generate --config /var/lib/heisenbridge/registration.yml + fi + + # Overwrite the registration file with our generated one (the config may have changed since then), + # but keep the tokens. Two step procedure to be failure safe + ${pkgs.yq}/bin/yq --slurp \ + '.[0] + (.[1] | {as_token, hs_token})' \ + ${bridgeConfig} \ + /var/lib/heisenbridge/registration.yml \ + > /var/lib/heisenbridge/registration.yml.new + mv -f /var/lib/heisenbridge/registration.yml.new /var/lib/heisenbridge/registration.yml + + # Grant Synapse access to the registration + if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then + chgrp -v matrix-synapse /var/lib/heisenbridge/registration.yml + chmod -v g+r /var/lib/heisenbridge/registration.yml + fi + ''; services.matrix-synapse = { enable = true; diff --git a/system/hosts/nixserver/maubot.nix b/system/hosts/nixserver/maubot.nix index c3707c5..aba4940 100644 --- a/system/hosts/nixserver/maubot.nix +++ b/system/hosts/nixserver/maubot.nix @@ -53,13 +53,13 @@ in { server.public_url = "https://matrix.${cfg.domainName}"; }; services.maubot.plugins = with config.services.maubot.package.plugins; [ - com.arachnitech.weather - com.dvdgsng.maubot.urban - xyz.maubot.media - xyz.maubot.reactbot - xyz.maubot.reminder - xyz.maubot.translate - xyz.maubot.rss + weather + urban + media + reactbot + reminder + translate + rss ]; services.maubot.pythonPackages = [ (pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; }) diff --git a/system/hosts/router/default.nix b/system/hosts/router/default.nix index 2dcaff3..87b4661 100644 --- a/system/hosts/router/default.nix +++ b/system/hosts/router/default.nix @@ -249,18 +249,15 @@ in { # dnat to server, take ports from its firewall config router-settings.dnatRules = let - allTcp = server-config.networking.firewall.allowedTCPPorts; - allTcpRanges = server-config.networking.firewall.allowedTCPPortRanges; - allUdp = server-config.networking.firewall.allowedUDPPorts; - allUdpRanges = server-config.networking.firewall.allowedUDPPortRanges; + inherit (server-config.networking.firewall) allowedTCPPorts allowedTCPPortRanges allowedUDPPorts allowedUDPPortRanges; - tcpAndUdp = builtins.filter (x: x != 22 && builtins.elem x allTcp) allUdp; - tcpOnly = builtins.filter (x: x != 22 && !(builtins.elem x allUdp)) allTcp; - udpOnly = builtins.filter (x: x != 22 && !(builtins.elem x allTcp)) allUdp; + tcpAndUdp = builtins.filter (x: builtins.elem x allowedTCPPorts) allowedUDPPorts; + tcpOnly = builtins.filter (x: !(builtins.elem x allowedUDPPorts)) allowedTCPPorts; + udpOnly = builtins.filter (x: !(builtins.elem x allowedTCPPorts)) allowedUDPPorts; - rangesTcpAndUdp = builtins.filter (x: builtins.elem x allTcpRanges) allUdpRanges; - rangesTcpOnly = builtins.filter (x: !(builtins.elem x allUdpRanges)) allTcpRanges; - rangesUdpOnly = builtins.filter (x: !(builtins.elem x allTcpRanges)) allUdpRanges; + rangesTcpAndUdp = builtins.filter (x: builtins.elem x allowedTCPPortRanges) allowedUDPPortRanges; + rangesTcpOnly = builtins.filter (x: !(builtins.elem x allowedUDPPortRanges)) allowedTCPPortRanges; + rangesUdpOnly = builtins.filter (x: !(builtins.elem x allowedTCPPortRanges)) allowedUDPPortRanges; in lib.optional (tcpAndUdp != [ ]) { port = notnft.dsl.set tcpAndUdp; tcp = true; udp = true; target4.address = serverAddress4; target6.address = serverAddress6; @@ -455,7 +452,6 @@ in { # allow dnat ("ct status dnat" doesn't work) ]; inetInboundWanRules = with notnft.dsl; with payload; [ - [(is.eq tcp.dport 22) accept] [(is.eq ip.saddr (cidr netnsCidr4)) accept] [(is.eq ip6.saddr (cidr netnsCidr6)) accept] ]; @@ -626,7 +622,7 @@ in { (is.eq icmpv6.type (f: with f; set [ nd-neighbor-solicit nd-neighbor-advert ])) accept] # SSH - [(is.eq tcp.dport 22) accept] + [(is.eq tcp.dport 23) accept] ]; }; }; @@ -720,6 +716,7 @@ in { }; # run an extra sshd so we can connect even if forwarding/routing between namespaces breaks + # (use port 23 because 22 is forwarded to the server) systemd.services.sshd-wan = { description = "SSH Daemon (WAN)"; wantedBy = [ "multi-user.target" ]; @@ -731,7 +728,7 @@ in { restartTriggers = [ config.environment.etc."ssh/sshd_config".source ]; preStart = config.systemd.services.sshd.preStart; serviceConfig = { - ExecStart = "${config.programs.ssh.package}/bin/sshd -D -f /etc/ssh/sshd_config"; + ExecStart = "${config.programs.ssh.package}/bin/sshd -D -f /etc/ssh/sshd_config -p 23"; KillMode = "process"; Restart = "always"; Type = "simple"; diff --git a/system/hosts/router/options.nix b/system/hosts/router/options.nix index 559f0f1..ba558ed 100644 --- a/system/hosts/router/options.nix +++ b/system/hosts/router/options.nix @@ -124,7 +124,7 @@ description = "ipv4 address"; }; options.port = lib.mkOption { - type = nullOr int; + type = nullOr port; description = "target port"; default = null; }; @@ -139,7 +139,7 @@ description = "ipv6 address"; }; options.port = lib.mkOption { - type = nullOr int; + type = nullOr port; description = "target port"; default = null; }; diff --git a/system/modules/common.nix b/system/modules/common.nix index a5720cb..4baac18 100644 --- a/system/modules/common.nix +++ b/system/modules/common.nix @@ -7,10 +7,10 @@ options.common = with lib; mkOption { type = types.submodule { options = { - workstation = mkOption { + minimal = mkOption { type = types.bool; - default = false; - description = "whether this device is a workstation (meaning a device for personal use rather than a server/embedded device)"; + default = true; + description = "whether this is a minimal (no DE/WM) system"; }; mainUsername = mkOption { type = types.str; @@ -44,7 +44,7 @@ dates = "weekly"; options = "--delete-older-than 30d"; }; - package = pkgs.nixFlakes; + package = pkgs.nixForNixPlugins; extraOptions = '' experimental-features = nix-command flakes ''; @@ -83,30 +83,25 @@ environment.systemPackages = with pkgs; ([ wget git - ] ++ (if cfg.workstation then [ - comma - neovim - man-pages man-pages-posix - ] else [ + tmux + ] ++ lib.optionals cfg.minimal [ kitty.terminfo # rxvt-unicode-unwrapped.terminfo vim - tmux - ])); - documentation.dev.enable = lib.mkIf cfg.workstation true; + ]); programs.fish.enable = true; /*programs.zsh = { enable = true; enableBashCompletion = true; };*/ - users.defaultUserShell = lib.mkIf (!cfg.workstation) pkgs.fish; + users.defaultUserShell = lib.mkIf cfg.minimal pkgs.fish; users.users.${cfg.mainUsername} = { uid = 1000; isNormalUser = true; extraGroups = [ "wheel" ]; }; # nixos-hardware uses mkDefault here, so we use slightly higher priority - services.xserver.libinput.enable = lib.mkOverride 999 cfg.workstation; + services.xserver.libinput.enable = lib.mkOverride 999 (!cfg.minimal); /* services.xserver = { enable = true; @@ -117,23 +112,8 @@ windowManager.i3.enable = true; }; */ - programs.sway.enable = lib.mkIf cfg.workstation true; - services.dbus.enable = lib.mkIf cfg.workstation true; - security.polkit.enable = lib.mkIf cfg.workstation true; # pipewire: - security.rtkit.enable = lib.mkIf cfg.workstation true; - services.pipewire = lib.mkIf cfg.workstation { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; programs.fuse.userAllowOther = true; - xdg.portal = lib.mkIf cfg.workstation { - enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; - }; # autologin once after boot # --skip-login means directly call login instead of first asking for username # (normally login asks for username too, but getty prefers to do it by itself for whatever reason) diff --git a/system/modules/vfio.nix b/system/modules/vfio.nix index 4fc5764..4158aee 100644 --- a/system/modules/vfio.nix +++ b/system/modules/vfio.nix @@ -131,8 +131,7 @@ in { "vfio_pci" ]; extraModulePackages = - with config.boot.kernelPackages; - lib.mkIf enableIvshmem [ kvmfr ]; + lib.mkIf enableIvshmem [ (pkgs.kvmfrOverlay or config.boot.kernelPackages.kvmfr) ]; extraModprobeConfig = '' options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1 options kvm ignore_msrs=1