chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

(mostly) update inputs

Browse source 
also add rz-ghidra, fix fdroid update script, and some other stuff
This commit is contained in:
chayleaf 2023-07-12 03:26:50 +07:00
parent f99ae26285
commit 64ff8be357
22 changed files with 313 additions and 166 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

112
flake.lock
View file

@ -69,11 +69,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"lastModified": 1688254665,
"narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"rev": "267149c58a14d15f7f81b4d737308421de9d7152",
"type": "github"
},
"original": {
@ -83,21 +83,6 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
@ -122,11 +107,11 @@
]
},
"locked": {
"lastModified": 1686391840,
"narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=",
"lastModified": 1688999869,
"narHash": "sha256-gLD2UI6+Nb9JV5Wh4FnLHAZwLMiY11RHYBKmBZCxLXc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f",
"rev": "a6d1d954b81caf4c9291b8ac35452fef842f289b",
"type": "github"
},
"original": {
@ -153,17 +138,16 @@
"maubot": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1687853065,
"narHash": "sha256-HNq95YrJm8ng7lSdGbyDCihgrS6xhQm6Agyej6ttmGg=",
"lastModified": 1688069522,
"narHash": "sha256-yvn2wt2AY0u4NElWffiJrrtNEj14lBLlIyvDOmP72Qw=",
"owner": "chayleaf",
"repo": "maubot.nix",
"rev": "f06cffda880a0a403a3b4c40263a03dd2523775b",
"rev": "d90b8eebe37c4382d2588e94a6bc721ca6e5f476",
"type": "github"
},
"original": {
@ -180,11 +164,11 @@
]
},
"locked": {
"lastModified": 1686489662,
"narHash": "sha256-kEuKsjWoFm3EeeiSwqHlUyV1wTxJu6/kfzrhuIwaIEQ=",
"lastModified": 1688951979,
"narHash": "sha256-5wGEXjNjlrVhP1tQUsBLjfT64uQ+b+jgc57MK/IvsW8=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "b32aeea96b838977a27804ba6a2cf2188f4b16af",
"rev": "0bf7751f831cd2bd17b54805b96f91fadf00aca2",
"type": "github"
},
"original": {
@ -195,11 +179,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1686452266,
"narHash": "sha256-zLKiX0iu6jZFeZDpR1gE6fNyMr8eiM8GLnj9SoUCjFs=",
"lastModified": 1689060619,
"narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2a807ad6e8dc458db08588b78cc3c0f0ec4ff321",
"rev": "44bc025007e5fcc10dbc3d9f96dcbf06fc0e8c1c",
"type": "github"
},
"original": {
@ -218,14 +202,15 @@
"nixpkgs-22_11": [
"nixpkgs"
],
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
},
"locked": {
"lastModified": 1686468558,
"narHash": "sha256-K69Ojlx3N8I6tRTZsrKFMIqK4yrnJ6/PjfKZi3wchYg=",
"lastModified": 1688586836,
"narHash": "sha256-5uLYGa+8lysS1X5ehdU3ewmrMIG8p9+qS7yJ0LyhMHs=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "290d00f6db4e80467013728819ad73dd4a394d9a",
"rev": "d460e9ff62ea1238fb3348a87326b743ae177902",
"type": "gitlab"
},
"original": {
@ -241,11 +226,11 @@
]
},
"locked": {
"lastModified": 1687589315,
"narHash": "sha256-yHeWC/6OatjLN56VfCw1gjnzZd++uyYIkJBbDckWj/E=",
"lastModified": 1689016040,
"narHash": "sha256-g2K2WD6wK6lMkV+fjSKfLLapv8nm+XimX+8tB7xh6hc=",
"owner": "chayleaf",
"repo": "nixos-router",
"rev": "b28e10ec8d247babd9ff461bb14725e504d3badf",
"rev": "6078d93845b70656cfdd0b3932ac7215f6c527c1",
"type": "github"
},
"original": {
@ -256,11 +241,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1686412476,
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
"lastModified": 1689008574,
"narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "21951114383770f96ae528d0ae68824557768e81",
"rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462",
"type": "github"
},
"original": {
@ -270,14 +255,29 @@
"type": "github"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1675183161,
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"lastModified": 1688049487,
"narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
"rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
"type": "github"
},
"original": {
@ -295,11 +295,11 @@
]
},
"locked": {
"lastModified": 1685774289,
"narHash": "sha256-7NXZ2S2FZzYW8lvX+zZ7x3wwCpjMLVK2tNL/u6JdSeE=",
"lastModified": 1688049338,
"narHash": "sha256-HRWFIl2UY6wVUc/xJh3kKX/Nb3kTm33e39ZO7MnY+x0=",
"owner": "chayleaf",
"repo": "notlua",
"rev": "12e810bf2c571ae80ae4fda4f8c63e40b8f9b392",
"rev": "1582e95567c13d5bf103e035a7cd18ce901b5186",
"type": "github"
},
"original": {
@ -315,11 +315,11 @@
]
},
"locked": {
"lastModified": 1687562693,
"narHash": "sha256-imxVKPmthtrMq5RFst8IfdbnDPy4sEeln2lo9374W4o=",
"lastModified": 1688609524,
"narHash": "sha256-Wqzk7qgiyGBZhy9PU0IIlaqnt3JCCOoxgS2/ZiGMtTc=",
"owner": "chayleaf",
"repo": "notnft",
"rev": "f090546a7c190557c2081129b7e49a595f2ab76f",
"rev": "442ec56617084bcc1b310cacb2e22e2c83bb6e3f",
"type": "github"
},
"original": {
@ -330,11 +330,11 @@
},
"nur": {
"locked": {
"lastModified": 1686488164,
"narHash": "sha256-DGfmD8ZCu9Xp0rB1tUct8FNlvz/orRr30DXeI9+fnPU=",
"lastModified": 1689062700,
"narHash": "sha256-uUD+KBJfX8kLALpB8cvIgSZ/xGWS34zBRbSlWsIyx80=",
"owner": "nix-community",
"repo": "NUR",
"rev": "daf7100b6147114c5f0a68583ba50e15d82e9788",
"rev": "7d0ac0daa6e05b6619f9172be4f05f785882dfaa",
"type": "github"
},
"original": {
@ -362,17 +362,17 @@
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1686450923,
"narHash": "sha256-a7B9VT2NHJWRCerHmZagAXu3z2QHJKhxUhzjh5vAnXU=",
"lastModified": 1689042658,
"narHash": "sha256-p7cQAFNt5kX19sZvK74CmY0nTrtujpZg6sZUiV1ntAk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4b3cb15179af3b8d640a29fa85cc9f332b4123e6",
"rev": "d7181bb2237035df17cab9295c95f987f5c527e6",
"type": "github"
},
"original": {

4
flake.nix
View file

@ -196,7 +196,7 @@
}
({ config, pkgs, lib, ...}: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixFlakes;
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
# this is only needed if nixos doesnt set plugin-files already
/*nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
@ -251,7 +251,7 @@
(getPrivUser hostname user)
({ config, pkgs, lib, ... }: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixFlakes;
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
# this is only needed if nixos doesnt set plugin-files already
/*nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so

1
home/common/firefox.nix
View file

@ -45,7 +45,6 @@
cookies-txt
don-t-fuck-with-paste
greasemonkey
i-dont-care-about-cookies
keepassxc-browser
libredirect
localcdn

5
home/common/i3-sway.nix
View file

@ -255,7 +255,10 @@ in
{ app_id = "nheko"; }
];
"3" = [{ app_id = "org.keepassxc.KeePassXC"; }];
"4" = [{ class = "Steam"; }];
"4" = [
{ class = "Steam"; }
{ class = "steam"; }
];
};
keybindings = genKeybindings options.wayland.windowManager.sway (with pkgs.sway-contrib;
/*let

2
home/common/nvim.nix
View file

@ -93,7 +93,7 @@
rust-analyzer
nodePackages_latest.bash-language-server shellcheck
nodePackages_latest.typescript-language-server
nodePackages_latest.svelte-language-server
# nodePackages_latest.svelte-language-server
clang-tools_latest
nodePackages_latest.vscode-langservers-extracted
nil

4
home/common/zsh.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, ... }:
{
programs.zsh = {
enable = true;
# zsh-autosuggestions
enableAutosuggestions = true;
# zsh-syntax-highlighting
enableSyntaxHighlighting = true;
syntaxHighlighting.enable = true;
defaultKeymap = "viins";
dotDir = ".config/zsh";
history.ignoreDups = true;

11
home/hosts/nixmsi.nix
View file

@ -12,10 +12,12 @@
nix.settings = {
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
# "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
];
trusted-substituters = [
"https://cache.nixos.org"
"https://nix-gaming.cachix.org"
# "https://nixpkgs-wayland.cachix.org"
];
};
@ -53,16 +55,17 @@
home.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "${pkgs.proton-ge}";
CARGO_PROFILE_DEV_INCREMENTAL = "true";
RUSTC_LINKER = "${pkgs.clang_latest}/bin/clang";
RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
# RUSTC_LINKER = "${pkgs.clang_latest}/bin/clang";
# RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER = "${pkgs.clang_latest}/bin/clang";
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
};
home.packages = with pkgs; [
mold
ghidra cutter
ghidra cutter2
openrgb piper
steam-run steam
faf-client
(osu-lazer-bin.override {
command_prefix = "${obs-studio-plugins.obs-vkcapture}/bin/obs-gamecapture";
})
@ -74,7 +77,7 @@
easyeffects
# wineWowPackages.waylandFull
winetricks
protontricks # proton-caller
# protontricks # proton-caller
# bottles
virtmanager
gimp krita blender-hip

29
pkgs/_sources/generated.json
View file

@ -37,39 +37,24 @@
"pinned": false,
"src": {
"name": null,
"sha256": "sha256-OPwmVxBGaWo51pDJcqvxvZ8qxMH8X0DwZTpwiKbdx/I=",
"sha256": "sha256-0ePO6ZzsZpAb9iM++k4fYDwKzJpuZNgfPKwZePAUc0Y=",
"type": "url",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-4/GE-Proton8-4.tar.gz"
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-6/GE-Proton8-6.tar.gz"
},
"version": "GE-Proton8-4"
"version": "GE-Proton8-6"
},
"searxng": {
"cargoLocks": null,
"date": "2023-06-25",
"date": "2023-07-07",
"extract": null,
"name": "searxng",
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-sk28RG9/ZoPL71x99tNi884Mw0taMTYWh6HXINTr1xQ=",
"sha256": "sha256-eOq4vZ8690H1lCRu8LXgUJvc/4lY+VqvVOqRyEURreI=",
"type": "tarball",
"url": "https://github.com/searxng/searxng/archive/e8706fb738da9feb21e596f403dddb40e69c8a7b.tar.gz"
"url": "https://github.com/searxng/searxng/archive/cada89ee3648de6ca5b458aeacafe6c10d5230a2.tar.gz"
},
"version": "e8706fb738da9feb21e596f403dddb40e69c8a7b"
},
"yomichan": {
"cargoLocks": null,
"date": null,
"extract": null,
"name": "yomichan",
"passthru": null,
"pinned": false,
"src": {
"name": null,
"sha256": "sha256-l70wVXHEArifukDelZeoVxIyP2Crs6QZSD/kFdEml/8=",
"type": "url",
"url": "https://github.com/FooSoft/yomichan/releases/download/22.10.23.0/yomichan-firefox-dev.xpi"
},
"version": "22.10.23.0"
"version": "cada89ee3648de6ca5b458aeacafe6c10d5230a2"
}
}

14
pkgs/_sources/generated.nix
View file

@ -20,19 +20,19 @@
};
proton-ge = {
pname = "proton-ge";
version = "GE-Proton8-4";
version = "GE-Proton8-6";
src = fetchurl {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-4/GE-Proton8-4.tar.gz";
sha256 = "sha256-OPwmVxBGaWo51pDJcqvxvZ8qxMH8X0DwZTpwiKbdx/I=";
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-6/GE-Proton8-6.tar.gz";
sha256 = "sha256-0ePO6ZzsZpAb9iM++k4fYDwKzJpuZNgfPKwZePAUc0Y=";
};
};
searxng = {
pname = "searxng";
version = "e8706fb738da9feb21e596f403dddb40e69c8a7b";
version = "cada89ee3648de6ca5b458aeacafe6c10d5230a2";
src = fetchTarball {
url = "https://github.com/searxng/searxng/archive/e8706fb738da9feb21e596f403dddb40e69c8a7b.tar.gz";
sha256 = "sha256-sk28RG9/ZoPL71x99tNi884Mw0taMTYWh6HXINTr1xQ=";
url = "https://github.com/searxng/searxng/archive/cada89ee3648de6ca5b458aeacafe6c10d5230a2.tar.gz";
sha256 = "sha256-eOq4vZ8690H1lCRu8LXgUJvc/4lY+VqvVOqRyEURreI=";
};
date = "2023-06-25";
date = "2023-07-07";
};
}

16
pkgs/default.nix
View file

@ -12,9 +12,13 @@ let
in
{
osu-lazer-bin = nix-gaming.osu-lazer-bin;
inherit (nix-gaming) faf-client osu-lazer-bin;
nixForNixPlugins = pkgs.nixVersions.nix_2_16;
clang-tools_latest = pkgs.clang-tools_16;
clang_latest = pkgs.clang_16;
steam-run = pkgs.steam-run.overrideAttrs (old: {
multiArch = true;
});
home-daemon = callPackage ./home-daemon { };
/*ghidra = pkgs.ghidra.overrideAttrs (old: {
patches = old.patches ++ [ ./ghidra-stdcall.patch ];
@ -31,6 +35,10 @@ in
fetchSubmodules = true;
};
});
kvmfrOverlay = pkgs.linuxPackages_latest.kvmfr.overrideAttrs (old: {
inherit (pkgs'.looking-glass-client) version src;
patches = [ ./kvmfr-linux6_4.patch ];
});
pineapplebot = callPackage ./pineapplebot.nix { };
proton-ge = pkgs.stdenvNoCC.mkDerivation {
inherit (sources.proton-ge) pname version src;
@ -88,4 +96,10 @@ in
CONFIG_AIRTIME_POLICY=y
'';
});
cutter2 = pkgs.callPackage ./rizin/wrapper.nix {
unwrapped = pkgs.cutter;
} [ (pkgs.libsForQt5.callPackage ./rizin/rz-ghidra.nix {
enableCutterPlugin = true;
}) ];
} // (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; })

16
pkgs/kvmfr-linux6_4.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/kvmfr.c b/kvmfr.c
index 121aae5b..2f4c9e1a 100644
--- a/kvmfr.c
+++ b/kvmfr.c
@@ -539,7 +539,11 @@ static int __init kvmfr_module_init(void)
if (kvmfr->major < 0)
goto out_free;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME);
+#else
+ kvmfr->pClass = class_create(KVMFR_DEV_NAME);
+#endif
if (IS_ERR(kvmfr->pClass))
goto out_unreg;

54
pkgs/rizin/rz-ghidra.nix Normal file
View file

@ -0,0 +1,54 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
# buildInputs
, rizin
, openssl
, pugixml
# optional buildInputs
, enableCutterPlugin ? true
, cutter
, qtbase
, qtsvg
}:
stdenv.mkDerivation rec {
pname = "rz-ghidra";
version = "0.5.0";
src = fetchFromGitHub {
owner = "rizinorg";
repo = "rz-ghidra";
rev = "v${version}";
hash = "sha256-2QQEj4TIBmiZgbb66R7q6iEp2WitUc8Ui6Nr71JelXs=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake ];
buildInputs = [
openssl
pugixml
rizin
] ++ lib.optionals enableCutterPlugin [
cutter
qtbase
qtsvg
];
dontWrapQtApps = true;
cmakeFlags = [
"-DUSE_SYSTEM_PUGIXML=ON"
] ++ lib.optionals enableCutterPlugin [
"-DBUILD_CUTTER_PLUGIN=ON"
"-DCUTTER_INSTALL_PLUGDIR=share/rizin/cutter/plugins/native"
];
meta = with lib; {
description = "Deep ghidra decompiler and sleigh disassembler integration for rizin";
homepage = src.meta.homepage;
license = licenses.lgpl3;
maintainers = with maintainers; [ chayleaf ];
};
}

29
pkgs/rizin/wrapper.nix Normal file
View file

@ -0,0 +1,29 @@
{ makeWrapper
, symlinkJoin
, unwrapped
}:
plugins:
symlinkJoin {
name = "cutter-with-plugins";
paths = [ unwrapped ] ++ plugins;
nativeBuildInputs = [ makeWrapper ];
passthru = {
inherit unwrapped;
};
postBuild = ''
rm $out/bin/*
wrapperArgs=(--set RZ_LIBR_PLUGINS $out/lib/rizin/plugins)
if [ -d $out/share/rizin/cutter ]; then
wrapperArgs+=(--prefix XDG_DATA_DIRS : $out/share)
fi
for binary in $(ls ${unwrapped}/bin); do
makeWrapper ${unwrapped}/bin/$binary $out/bin/$binary "''${wrapperArgs[@]}"
done
'';
}

37
system/hosts/nixmsi.nix
View file

@ -45,7 +45,9 @@
# zen619.configuration.boot.kernelPackages = zenKernelPackages "6.1.9" "0fsmcjsawxr32fxhpp6sgwfwwj8kqymy0rc6vh4qli42fqmwdjgv";
# };
nixpkgs.config.allowUnfreePredicate = pkg: (lib.getName pkg) == "steam-original";
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam-original"
];
hardware = {
steam-hardware.enable = true;
opengl.driSupport32Bit = true;
@ -111,23 +113,50 @@
games.matchers = [ "osu!" ];
};
common.workstation = true;
common.minimal = false;
common.gettyAutologin = true;
# programs.firejail.enable = true;
# doesn't work:
# programs.wireshark.enable = true;
# users.groups.wireshark.members = [ config.common.mainUsername"];
# users.groups.wireshark.members = [ config.common.mainUsername ];
services.printing.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# from nix-gaming
services.pipewire.lowLatency = {
lowLatency = {
enable = true;
# 96 is mostly fine but has some xruns
# 128 has xruns every now and then too, but is overall fine
quantum = 128;
rate = 48000;
};
};
security.polkit.enable = true;
security.rtkit.enable = true;
services.dbus.enable = true;
programs.sway.enable = true;
xdg.portal = {
enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
};
programs.ccache.enable = true;
services.sshd.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.settings.trusted-users = [ "root" config.common.mainUsername ];
services.udev.packages = [
pkgs.android-udev-rules
];
environment.systemPackages = with pkgs; [
comma
neovim
man-pages man-pages-posix
];
documentation.dev.enable = true;
}

9
system/hosts/nixserver/default.nix
View file

@ -296,7 +296,7 @@ in {
services.nextcloud = {
enable = true;
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud26;
package = pkgs.nextcloud27;
autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line
database.createLocally = false;
@ -319,6 +319,13 @@ in {
'' ];
};
systemd.services.pleroma.path = [ pkgs.exiftool pkgs.gawk ];
systemd.services.pleroma.serviceConfig = {
Restart = "on-failure";
};
systemd.services.pleroma.unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 3;
};
services.nginx.virtualHosts."pleroma.${cfg.domainName}" = {
enableACME = true;
forceSSL = true;

10
system/hosts/nixserver/fdroid.nix
View file

@ -10,6 +10,7 @@ in {
];
services.nginx.virtualHosts."${cfg.domainName}" = {
locations."/fdroid/".alias = "/var/lib/fdroid/repo/";
locations."/fdroid/repo/".alias = "/var/lib/fdroid/repo/";
};
users.users.fdroid = {
home = "/var/lib/fdroid";
@ -27,7 +28,7 @@ in {
serviceConfig = let
inherit (pkgs) fdroidserver;
fdroidScript = pkgs.writeText "update-froid.py" ''
import requests, subprocess, os, sys
import requests, subprocess, os, shutil, sys
x = requests.get('https://api.github.com/repos/ppy/osu/releases').json()
@ -36,14 +37,15 @@ in {
if w.get('name', "").endswith('.apk'):
os.chdir('/var/lib/fdroid')
subprocess.run(['${pkgs.wget}/bin/wget', w['browser_download_url'], '-O', '/var/tmp/lazer.apk'], check=True)
os.rename('/var/tmp/lazer.apk', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk')
subprocess.run(['${fdroidserver}/bin/fdroid', 'update', '--allow-disabled-algorithms'])
shutil.move('/var/tmp/lazer.apk', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk.tmp')
os.rename('/var/lib/fdroid/repo/sh.ppy.osulazer.apk.tmp', '/var/lib/fdroid/repo/sh.ppy.osulazer.apk')
subprocess.run(['${fdroidserver}/bin/fdroid', 'update', '--allow-disabled-algorithms'], check=True)
sys.exit()
'';
fdroidPython = pkgs.python3.withPackages (p: with p; [ requests ]);
in {
Type = "oneshot";
ExecStart = "${fdroidPython} ${fdroidScript}";
ExecStart = "${fdroidPython}/bin/python3 ${fdroidScript}";
};
environment.JAVA_HOME = "${pkgs.jdk11_headless}";
path = [ pkgs.jdk11_headless ];

34
system/hosts/nixserver/matrix.nix
View file

@ -1,5 +1,6 @@
{ config
, lib
, pkgs
, ... }:
let
@ -49,8 +50,37 @@ in {
enable = true;
homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
};
# so synapse can read the registration
users.groups.heisenbridge.members = [ "matrix-synapse" ];
# TODO: remove when https://github.com/NixOS/nixpkgs/pull/242912 is merged
systemd.services.heisenbridge.preStart = let
bridgeConfig = builtins.toFile "heisenbridge-registration.yml" (builtins.toJSON {
inherit (config.services.heisenbridge) namespaces; id = "heisenbridge";
url = config.services.heisenbridge.registrationUrl; rate_limited = false;
sender_localpart = "heisenbridge";
});
in lib.mkForce ''
umask 077
set -e -u -o pipefail
if ! [ -f "/var/lib/heisenbridge/registration.yml" ]; then
# Generate registration file if not present (actually, we only care about the tokens in it)
${config.services.heisenbridge.package}/bin/heisenbridge --generate --config /var/lib/heisenbridge/registration.yml
fi
# Overwrite the registration file with our generated one (the config may have changed since then),
# but keep the tokens. Two step procedure to be failure safe
${pkgs.yq}/bin/yq --slurp \
'.[0] + (.[1] | {as_token, hs_token})' \
${bridgeConfig} \
/var/lib/heisenbridge/registration.yml \
> /var/lib/heisenbridge/registration.yml.new
mv -f /var/lib/heisenbridge/registration.yml.new /var/lib/heisenbridge/registration.yml
# Grant Synapse access to the registration
if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then
chgrp -v matrix-synapse /var/lib/heisenbridge/registration.yml
chmod -v g+r /var/lib/heisenbridge/registration.yml
fi
'';
services.matrix-synapse = {
enable = true;

14
system/hosts/nixserver/maubot.nix
View file

@ -53,13 +53,13 @@ in {
server.public_url = "https://matrix.${cfg.domainName}";
};
services.maubot.plugins = with config.services.maubot.package.plugins; [
com.arachnitech.weather
com.dvdgsng.maubot.urban
xyz.maubot.media
xyz.maubot.reactbot
xyz.maubot.reminder
xyz.maubot.translate
xyz.maubot.rss
weather
urban
media
reactbot
reminder
translate
rss
];
services.maubot.pythonPackages = [
(pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; })

23
system/hosts/router/default.nix
View file

@ -249,18 +249,15 @@ in {
# dnat to server, take ports from its firewall config
router-settings.dnatRules = let
allTcp = server-config.networking.firewall.allowedTCPPorts;
allTcpRanges = server-config.networking.firewall.allowedTCPPortRanges;
allUdp = server-config.networking.firewall.allowedUDPPorts;
allUdpRanges = server-config.networking.firewall.allowedUDPPortRanges;
inherit (server-config.networking.firewall) allowedTCPPorts allowedTCPPortRanges allowedUDPPorts allowedUDPPortRanges;
tcpAndUdp = builtins.filter (x: x != 22 && builtins.elem x allTcp) allUdp;
tcpOnly = builtins.filter (x: x != 22 && !(builtins.elem x allUdp)) allTcp;
udpOnly = builtins.filter (x: x != 22 && !(builtins.elem x allTcp)) allUdp;
tcpAndUdp = builtins.filter (x: builtins.elem x allowedTCPPorts) allowedUDPPorts;
tcpOnly = builtins.filter (x: !(builtins.elem x allowedUDPPorts)) allowedTCPPorts;
udpOnly = builtins.filter (x: !(builtins.elem x allowedTCPPorts)) allowedUDPPorts;
rangesTcpAndUdp = builtins.filter (x: builtins.elem x allTcpRanges) allUdpRanges;
rangesTcpOnly = builtins.filter (x: !(builtins.elem x allUdpRanges)) allTcpRanges;
rangesUdpOnly = builtins.filter (x: !(builtins.elem x allTcpRanges)) allUdpRanges;
rangesTcpAndUdp = builtins.filter (x: builtins.elem x allowedTCPPortRanges) allowedUDPPortRanges;
rangesTcpOnly = builtins.filter (x: !(builtins.elem x allowedUDPPortRanges)) allowedTCPPortRanges;
rangesUdpOnly = builtins.filter (x: !(builtins.elem x allowedTCPPortRanges)) allowedUDPPortRanges;
in lib.optional (tcpAndUdp != [ ]) {
port = notnft.dsl.set tcpAndUdp; tcp = true; udp = true;
target4.address = serverAddress4; target6.address = serverAddress6;
@ -455,7 +452,6 @@ in {
# allow dnat ("ct status dnat" doesn't work)
];
inetInboundWanRules = with notnft.dsl; with payload; [
[(is.eq tcp.dport 22) accept]
[(is.eq ip.saddr (cidr netnsCidr4)) accept]
[(is.eq ip6.saddr (cidr netnsCidr6)) accept]
];
@ -626,7 +622,7 @@ in {
(is.eq icmpv6.type (f: with f; set [ nd-neighbor-solicit nd-neighbor-advert ]))
accept]
# SSH
[(is.eq tcp.dport 22) accept]
[(is.eq tcp.dport 23) accept]
];
};
};
@ -720,6 +716,7 @@ in {
};
# run an extra sshd so we can connect even if forwarding/routing between namespaces breaks
# (use port 23 because 22 is forwarded to the server)
systemd.services.sshd-wan = {
description = "SSH Daemon (WAN)";
wantedBy = [ "multi-user.target" ];
@ -731,7 +728,7 @@ in {
restartTriggers = [ config.environment.etc."ssh/sshd_config".source ];
preStart = config.systemd.services.sshd.preStart;
serviceConfig = {
ExecStart = "${config.programs.ssh.package}/bin/sshd -D -f /etc/ssh/sshd_config";
ExecStart = "${config.programs.ssh.package}/bin/sshd -D -f /etc/ssh/sshd_config -p 23";
KillMode = "process";
Restart = "always";
Type = "simple";

4
system/hosts/router/options.nix
View file

@ -124,7 +124,7 @@
description = "ipv4 address";
};
options.port = lib.mkOption {
type = nullOr int;
type = nullOr port;
description = "target port";
default = null;
};
@ -139,7 +139,7 @@
description = "ipv6 address";
};
options.port = lib.mkOption {
type = nullOr int;
type = nullOr port;
description = "target port";
default = null;
};

38
system/modules/common.nix
View file

@ -7,10 +7,10 @@
options.common = with lib; mkOption {
type = types.submodule {
options = {
workstation = mkOption {
minimal = mkOption {
type = types.bool;
default = false;
description = "whether this device is a workstation (meaning a device for personal use rather than a server/embedded device)";
default = true;
description = "whether this is a minimal (no DE/WM) system";
};
mainUsername = mkOption {
type = types.str;
@ -44,7 +44,7 @@
dates = "weekly";
options = "--delete-older-than 30d";
};
package = pkgs.nixFlakes;
package = pkgs.nixForNixPlugins;
extraOptions = ''
experimental-features = nix-command flakes
'';
@ -83,30 +83,25 @@
environment.systemPackages = with pkgs; ([
wget
git
] ++ (if cfg.workstation then [
comma
neovim
man-pages man-pages-posix
] else [
tmux
] ++ lib.optionals cfg.minimal [
kitty.terminfo
# rxvt-unicode-unwrapped.terminfo
vim
tmux
]));
documentation.dev.enable = lib.mkIf cfg.workstation true;
]);
programs.fish.enable = true;
/*programs.zsh = {
enable = true;
enableBashCompletion = true;
};*/
users.defaultUserShell = lib.mkIf (!cfg.workstation) pkgs.fish;
users.defaultUserShell = lib.mkIf cfg.minimal pkgs.fish;
users.users.${cfg.mainUsername} = {
uid = 1000;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
# nixos-hardware uses mkDefault here, so we use slightly higher priority
services.xserver.libinput.enable = lib.mkOverride 999 cfg.workstation;
services.xserver.libinput.enable = lib.mkOverride 999 (!cfg.minimal);
/*
services.xserver = {
enable = true;
@ -117,23 +112,8 @@
windowManager.i3.enable = true;
};
*/
programs.sway.enable = lib.mkIf cfg.workstation true;
services.dbus.enable = lib.mkIf cfg.workstation true;
security.polkit.enable = lib.mkIf cfg.workstation true;
# pipewire:
security.rtkit.enable = lib.mkIf cfg.workstation true;
services.pipewire = lib.mkIf cfg.workstation {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
programs.fuse.userAllowOther = true;
xdg.portal = lib.mkIf cfg.workstation {
enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
};
# autologin once after boot
# --skip-login means directly call login instead of first asking for username
# (normally login asks for username too, but getty prefers to do it by itself for whatever reason)

3
system/modules/vfio.nix
View file

@ -131,8 +131,7 @@ in {
"vfio_pci"
];
extraModulePackages =
with config.boot.kernelPackages;
lib.mkIf enableIvshmem [ kvmfr ];
lib.mkIf enableIvshmem [ (pkgs.kvmfrOverlay or config.boot.kernelPackages.kvmfr) ];
extraModprobeConfig = ''
options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1
options kvm ignore_msrs=1