From 9b5a2541d9200aaba94c262a91cf2625cec886da Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Fri, 15 Nov 2024 01:42:21 +0300 Subject: [PATCH] Switch to release 24.11. --- container/Frkn.nix | 17 ++- container/Yt.nix | 12 ++- flake.lock | 145 ++++++++++++------------- flake.nix | 24 ++--- home/Android.nix | 8 +- home/program/chromium/default.nix | 5 +- home/program/firefox/default.nix | 3 +- host/x86_64-linux/home/Zapret.nix | 42 ++++++++ host/x86_64-linux/home/default.nix | 31 ------ host/x86_64-linux/pocket/default.nix | 2 +- lib/Container.nix | 1 + lib/Util.nix | 4 +- module/Kernel.nix | 3 +- module/Zapret.nix | 153 --------------------------- overlay/Nix.nix | 10 -- package/default.nix | 55 +++++----- 16 files changed, 184 insertions(+), 331 deletions(-) create mode 100644 host/x86_64-linux/home/Zapret.nix delete mode 100644 module/Zapret.nix delete mode 100644 overlay/Nix.nix diff --git a/container/Frkn.nix b/container/Frkn.nix index 522f361..8d078f2 100644 --- a/container/Frkn.nix +++ b/container/Frkn.nix @@ -2,8 +2,10 @@ __findFile, config, container, + inputs, lib, pkgs, + pkgsMaster, util, ... } @args: let @@ -47,18 +49,23 @@ in { }; config = { ... }: container.mkContainerConfig cfg { - imports = [ - (import args) - ]; + disabledModules = [ "services/networking/zapret.nix" ]; + imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/networking/zapret.nix" ]; boot.kernel.sysctl = { "net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.ip_forward" = 1; }; - module.zapret = { + # TODO: Single place. + services.zapret = { enable = true; - params = config.module.zapret.params; + package = pkgsMaster.zapret; + params = [ + "--dpi-desync=fake,disorder2" + "--dpi-desync-ttl=1" + "--dpi-desync-autottl=2" + ]; }; services = { diff --git a/container/Yt.nix b/container/Yt.nix index 24e5069..bdde52a 100644 --- a/container/Yt.nix +++ b/container/Yt.nix @@ -2,8 +2,10 @@ __findFile, config, container, + inputs, lib, pkgs, + pkgsMaster, ... }: let cfg = config.container.module.yt; @@ -31,10 +33,14 @@ in { config = lib.mkIf cfg.enable { containers.yt = container.mkContainer cfg { config = { ... }: container.mkContainerConfig cfg { + disabledModules = [ "services/web-apps/invidious.nix" ]; + imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/web-apps/invidious.nix" ]; + services.invidious = { - enable = true; - domain = cfg.domain; - port = cfg.port; + enable = true; + domain = cfg.domain; + package = pkgsMaster.invidious; + port = cfg.port; nginx.enable = false; database = { host = config.container.module.postgres.address; diff --git a/flake.lock b/flake.lock index 47a1b27..eb6b160 100644 --- a/flake.lock +++ b/flake.lock @@ -161,11 +161,11 @@ ] }, "locked": { - "lastModified": 1728337164, - "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", + "lastModified": 1731604581, + "narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=", "owner": "nix-community", "repo": "home-manager", - "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", + "rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10", "type": "github" }, "original": { @@ -253,32 +253,32 @@ "nmd": "nmd_2" }, "locked": { - "lastModified": 1709879753, - "narHash": "sha256-zEpy3eweBus/cW/oRMBINps6Bnlazpa7TadonwWibHA=", + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", "owner": "t184256", "repo": "nix-on-droid", - "rev": "7b3cc6e3f9919b2d23003cfafb60c146c3f45793", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", "type": "github" }, "original": { "owner": "t184256", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nix-on-droid", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1731613620, + "narHash": "sha256-Qb4cpVp1pr29mvbqMROn7BcYt60GJ948RSM4UKU2DV4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "f4a0fbc120cd775346111246b453f8af94afc1d1", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "release-24.11", "repo": "nixpkgs", "type": "github" } @@ -301,17 +301,17 @@ }, "nixpkgs-for-bootstrap": { "locked": { - "lastModified": 1708105575, - "narHash": "sha256-sS4AItZeUnAei6v8FqxNlm+/27MPlfoGym/TZP0rmH0=", + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", "type": "github" } }, @@ -333,11 +333,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1728515287, - "narHash": "sha256-i9TCVoeiaYC+ivN6z08yBDwnQ7F5Hn7RGSPVpD0tzSE=", + "lastModified": 1731623783, + "narHash": "sha256-Ewyuq7Q62p7qNFtD8cuqA1VGASfkRsODiP7yihhe3pI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6422c786dd51f95f66bb2f2ba91798faf08b02ae", + "rev": "360e88231c3137c6aedc60c7f5570ae1722ec83e", "type": "github" }, "original": { @@ -347,29 +347,13 @@ "type": "github" } }, - "nixpkgsStable": { - "locked": { - "lastModified": 1728328465, - "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgsUnstable": { "locked": { - "lastModified": 1729413321, - "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=", + "lastModified": 1731319897, + "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26", + "rev": "dc460ec76cbff0e66e269457d7b728432263166c", "type": "github" }, "original": { @@ -500,11 +484,11 @@ "nvimBufferline": { "flake": false, "locked": { - "lastModified": 1721303864, - "narHash": "sha256-VjusgJ3nEc+P/3bRjdS93qAErn6PZh7YkAAjxFF6Dxk=", + "lastModified": 1729768480, + "narHash": "sha256-MpSX8a51Avc9O1XxfWIDOVLiqD7omwAFIwSa02oXNs0=", "owner": "akinsho", "repo": "bufferline.nvim", - "rev": "0b2fd861eee7595015b6561dade52fb060be10c4", + "rev": "5cc447cb2b463cb499c82eaeabbed4f5fa6a0a44", "type": "github" }, "original": { @@ -532,11 +516,11 @@ "nvimColorizer": { "flake": false, "locked": { - "lastModified": 1722700398, - "narHash": "sha256-A3ijtLk/ECAVDDojmke9pKzZlvhEsuGrzjNzf5SBs1Q=", + "lastModified": 1730963691, + "narHash": "sha256-7AkqIcXllAQ1gSzT1COMNm2y/01uMT2XiL4WgdEeNU0=", "owner": "brenoprata10", "repo": "nvim-highlight-colors", - "rev": "a411550ef85cae467b889ba7d1a96bd78332d90e", + "rev": "e967e2ba13fd4ca731b41d0e5cc1ac2edcd6e25e", "type": "github" }, "original": { @@ -548,11 +532,11 @@ "nvimDevicons": { "flake": false, "locked": { - "lastModified": 1728082969, - "narHash": "sha256-2NHhQq3W/OnyhK29WJHepgLXdOsddxlq4MTIs0akpaA=", + "lastModified": 1728608318, + "narHash": "sha256-SUWEOp+QcfHjYaqqr4Zwvh0x91IAJXvrdMkQtuWMlGc=", "owner": "nvim-tree", "repo": "nvim-web-devicons", - "rev": "56f17def81478e406e3a8ec4aa727558e79786f3", + "rev": "19d257cf889f79f4022163c3fbb5e08639077bd8", "type": "github" }, "original": { @@ -564,11 +548,11 @@ "nvimDressing": { "flake": false, "locked": { - "lastModified": 1726594554, - "narHash": "sha256-EtLYhAwoSoHyGiGrHAVYL4/CqcgO4rSbV6otO3V08hM=", + "lastModified": 1731521499, + "narHash": "sha256-O0sdxU+ZQnclnnC5IfBpgqlMxjsJKlmPYQYPP+S3cn8=", "owner": "stevearc", "repo": "dressing.nvim", - "rev": "1b7921eecc65af1baf8ac1dc06f0794934cbcfb2", + "rev": "fc78a3ca96f4db9f8893bb7e2fd9823e0780451b", "type": "github" }, "original": { @@ -580,11 +564,11 @@ "nvimGen": { "flake": false, "locked": { - "lastModified": 1728201978, - "narHash": "sha256-rBUltJdluSseNUiTfjBZyuBwrGrASWbW1ROVdcAW6ug=", + "lastModified": 1730968406, + "narHash": "sha256-QM7DCO27rLk5NcPeD4YJcSj5QVohXU4eHJnvhwAuOHg=", "owner": "David-Kunz", "repo": "gen.nvim", - "rev": "83f1d6b6ffa6a6f32f6a93a33adc853f27541a94", + "rev": "c9dd401ec4d9e98a4f06d5c090464e126129a3b2", "type": "github" }, "original": { @@ -596,11 +580,11 @@ "nvimGitsigns": { "flake": false, "locked": { - "lastModified": 1727424886, - "narHash": "sha256-o2Y57z7IuIa9wvLlzyslcs3/+iaZzuqM1NImlKAPt5Y=", + "lastModified": 1731605154, + "narHash": "sha256-8vWilpsVw22+nAEAjhGOvZniRRj5r1UITcW9YeuDH8o=", "owner": "lewis6991", "repo": "gitsigns.nvim", - "rev": "863903631e676b33e8be2acb17512fdc1b80b4fb", + "rev": "ac5aba6dce8c06ea22bea2c9016f51a2dbf90dc7", "type": "github" }, "original": { @@ -644,11 +628,11 @@ "nvimLspconfig": { "flake": false, "locked": { - "lastModified": 1728499974, - "narHash": "sha256-NWruciswztBWWxqwYPYp8GwZqZRdlUYsGHHyv/TGLlM=", + "lastModified": 1731401169, + "narHash": "sha256-JmNIK/es9svoi73OZXj50eJq+FD0ZBqWYjtcTU+KxUA=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "ff69ecca55d83ffc70657f260a799f79a5637831", + "rev": "d2d153a179ed59aa7134d7ebdf4d7dcb156efa22", "type": "github" }, "original": { @@ -676,11 +660,11 @@ "nvimTelescope": { "flake": false, "locked": { - "lastModified": 1728180665, - "narHash": "sha256-bhGlFAJIWJw/jrNWTJs2ywJkX/W+0EP5L4CX6M78dko=", + "lastModified": 1730164948, + "narHash": "sha256-Qa/f+0asQvA8mhIUajC4BGZCI92OqA6ySVoQSC3ZY3s=", "owner": "nvim-telescope", "repo": "telescope.nvim", - "rev": "dc6fc321a5ba076697cca89c9d7ea43153276d81", + "rev": "85922dde3767e01d42a08e750a773effbffaea3e", "type": "github" }, "original": { @@ -708,11 +692,11 @@ "nvimTree": { "flake": false, "locked": { - "lastModified": 1728371267, - "narHash": "sha256-mlk6dskse0LT8NZ7JFDZpQtXM3XaUydzmh9SGt7fnWQ=", + "lastModified": 1731275826, + "narHash": "sha256-YIClwxyw4fNos5OIBZOjM0dlCw+yOhDDnq5jONSu7rs=", "owner": "nvim-tree", "repo": "nvim-tree.lua", - "rev": "50e919426a4a2053f78b2f8ab001c8ad8eb47ef6", + "rev": "28eac2801b201f301449e976d7a9e8cfde053ba3", "type": "github" }, "original": { @@ -724,11 +708,11 @@ "nvimTreesitter": { "flake": false, "locked": { - "lastModified": 1728458493, - "narHash": "sha256-pW/ujbMjSTqVYWe59qOUIGF2TkBZ6+BIEXco2da+xPw=", + "lastModified": 1731567327, + "narHash": "sha256-M/pjY52wKx5OZhjjAx3awM3now5dEP0UxX4aFXEIjPc=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "9d2acd49976e2a9da72949008df03436f781fd23", + "rev": "6389ceb1758b8f62a15194e3b790e33268304cb8", "type": "github" }, "original": { @@ -740,11 +724,11 @@ "nvimTrouble": { "flake": false, "locked": { - "lastModified": 1727856084, - "narHash": "sha256-DR3zRwGkjEFzXcssXsX6Iw7R5uLKOt/OKFN+tnxfyS4=", + "lastModified": 1730928038, + "narHash": "sha256-zUh0o+piRVDMSXLjBj+IygZj3VX7i5nXsaNn2pPu1fg=", "owner": "folke", "repo": "trouble.nvim", - "rev": "254145ffd528b98eb20be894338e2d5c93fa02c2", + "rev": "3dc00c0447c016cd43e03054c3d49436a1f2076d", "type": "github" }, "original": { @@ -783,7 +767,6 @@ "nixpkgs": "nixpkgs", "nixpkgsJobber": "nixpkgsJobber", "nixpkgsMaster": "nixpkgsMaster", - "nixpkgsStable": "nixpkgsStable", "nixpkgsUnstable": "nixpkgsUnstable", "nvimAlign": "nvimAlign", "nvimAutoclose": "nvimAutoclose", @@ -840,11 +823,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1728487226, - "narHash": "sha256-gTOUdO94Y24QgnPVnHTQ/Kch0eM6pHEk/c1WoIxg+qE=", + "lastModified": 1731577695, + "narHash": "sha256-ohxX2gG7zDWIA3slEbiSyAVSiO98clCoL+CmiEiYwVU=", "owner": "danth", "repo": "stylix", - "rev": "5699ba97c60455ebafde0fd4e78ca0a2e5a58282", + "rev": "e0a278871b63b1800ccdda568861b5324dd93797", "type": "github" }, "original": { @@ -900,32 +883,34 @@ "tinted-foot": { "flake": false, "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", "owner": "tinted-theming", "repo": "tinted-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" } }, "tinted-kitty": { "flake": false, "locked": { - "lastModified": 1727867815, - "narHash": "sha256-cghdwzPyve13JFeW+Mpqy/sDswlJ4DTffY24R0R7r/U=", + "lastModified": 1716423189, + "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=", "owner": "tinted-theming", "repo": "tinted-kitty", - "rev": "81b15cb9eb696247af857808d37122188423f73b", + "rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-kitty", + "rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github" } }, diff --git a/flake.nix b/flake.nix index c761cc9..aad149a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,8 +1,7 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/release-24.11"; nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgsMaster.url = "github:nixos/nixpkgs/master"; home-manager = { @@ -16,9 +15,11 @@ poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95"; nix-on-droid = { - url = "github:t184256/nix-on-droid/release-23.11"; - inputs.home-manager.follows = "home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:t184256/nix-on-droid/release-24.05"; + inputs = { + home-manager.follows = "home-manager"; + nixpkgs.follows = "nixpkgs"; + }; }; nvimAlign = { flake = false; url = "github:echasnovski/mini.align"; }; @@ -47,7 +48,6 @@ nixpkgs, nixpkgsJobber, nixpkgsMaster, - nixpkgsStable, nixpkgsUnstable, poetry2nixJobber, self, @@ -55,8 +55,8 @@ ... } @inputs: { const = { - droidStateVersion = "23.11"; - stateVersion = "24.05"; + droidStateVersion = "24.05"; + stateVersion = "24.11"; timeZone = "Europe/Moscow"; url = "https://git.voronind.com/voronind/nix.git"; }; @@ -121,7 +121,6 @@ container = import ./lib/Container.nix { inherit lib pkgs config util; inherit (self) const; }; pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs; pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs; - pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs; pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs; secret = import ./secret { }; }; @@ -139,7 +138,6 @@ lib = nixpkgs.lib; pkgs = nixpkgs.legacyPackages.${system}.pkgs; pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs; - pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs; pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs; system = "aarch64-linux"; in nix-on-droid.lib.nixOnDroidConfiguration { @@ -147,13 +145,9 @@ (import ./module/Style.nix { inherit (config.home-manager) config; inherit (self) __findFile; inherit lib pkgs; }) ./home/Android.nix ./module/Wallpaper.nix - { home-manager.config.stylix.autoEnable = lib.mkForce false; } - { home.android.enable = true; } - { nix.extraOptions = "experimental-features = nix-command flakes"; } - { system.stateVersion = self.const.droidStateVersion; } ]; extraSpecialArgs = { - inherit inputs self; + inherit inputs self pkgsMaster pkgsUnstable; inherit (self) const __findFile; secret = import ./secret { }; util = import ./lib/Util.nix { inherit lib; }; diff --git a/home/Android.nix b/home/Android.nix index 548a100..00df893 100644 --- a/home/Android.nix +++ b/home/Android.nix @@ -7,7 +7,7 @@ lib, pkgs, pkgsMaster, - pkgsStable, + pkgsUnstable, self, ... } @args: let @@ -23,11 +23,15 @@ in { config = lib.mkIf cfg.enable { environment.packages = package.core; - time.timeZone = const.timeZone; + home.android.enable = true; + nix.extraOptions = "experimental-features = nix-command flakes"; + system.stateVersion = const.droidStateVersion; + time.timeZone = const.timeZone; terminal = { inherit (android) font colors; }; home-manager.config = stylix // { + stylix.autoEnable = lib.mkForce false; programs = with programs; core; imports = [ inputs.stylix.homeManagerModules.stylix diff --git a/home/program/chromium/default.nix b/home/program/chromium/default.nix index 2939541..830dfc4 100644 --- a/home/program/chromium/default.nix +++ b/home/program/chromium/default.nix @@ -1,9 +1,10 @@ { pkgs, + pkgsUnstable, lib, ... }: let - package = pkgs.ungoogled-chromium; + package = pkgsUnstable.ungoogled-chromium; browserVersion = lib.versions.major package.version; extensions = let fetchFromStore = { id, sha256, version, }: { @@ -57,7 +58,7 @@ in { inherit extensions package; enable = true; - dictionaries = with pkgs.hunspellDictsChromium; [ + dictionaries = with pkgsUnstable.hunspellDictsChromium; [ en_US ]; commandLineArgs = [ diff --git a/home/program/firefox/default.nix b/home/program/firefox/default.nix index 8d73317..dff41cc 100644 --- a/home/program/firefox/default.nix +++ b/home/program/firefox/default.nix @@ -2,6 +2,7 @@ __findFile, config, pkgs, + pkgsUnstable, ... }: let bookmarks = [ @@ -144,7 +145,7 @@ mkUserPref = Name: Value: mkPref Name Value "user"; in { enable = true; - package = pkgs.firefox-esr; + package = pkgsUnstable.firefox-esr; # languagePacks = [ "en-US" "ru" ]; profiles.default = { inherit userChrome userContent; diff --git a/host/x86_64-linux/home/Zapret.nix b/host/x86_64-linux/home/Zapret.nix new file mode 100644 index 0000000..6a6d7b0 --- /dev/null +++ b/host/x86_64-linux/home/Zapret.nix @@ -0,0 +1,42 @@ +{ + inputs, + pkgsMaster, + ... +}: { + disabledModules = [ "services/networking/zapret.nix" ]; + imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/networking/zapret.nix" ]; + + # TODO: Single place. + services.zapret = { + enable = true; + package = pkgsMaster.zapret; + params = [ + "--dpi-desync=fake,disorder2" + "--dpi-desync-ttl=1" + "--dpi-desync-autottl=2" + ]; + whitelist = [ + "youtube.com" + "googlevideo.com" + "ytimg.com" + "youtu.be" + "rutracker.org" + "rutracker.cc" + "rutrk.org" + "t-ru.org" + "medium.com" + "dis.gd" + "discord.co" + "discord.com" + "discord.dev" + "discord.gg" + "discord.gift" + "discord.media" + "discord.new" + "discordapp.com" + "discordapp.net" + "discordcdn.com" + "discordstatus.com" + ]; + }; +} diff --git a/host/x86_64-linux/home/default.nix b/host/x86_64-linux/home/default.nix index 14a8ddb..7ea881d 100644 --- a/host/x86_64-linux/home/default.nix +++ b/host/x86_64-linux/home/default.nix @@ -27,36 +27,5 @@ core.enable = true; desktop.enable = true; }; - zapret = { - enable = true; - params = [ - "--dpi-desync=fake,disorder2" - "--dpi-desync-ttl=1" - "--dpi-desync-autottl=2" - ]; - whitelist = [ - "youtube.com" - "googlevideo.com" - "ytimg.com" - "youtu.be" - "rutracker.org" - "rutracker.cc" - "rutrk.org" - "t-ru.org" - "medium.com" - "dis.gd" - "discord.co" - "discord.com" - "discord.dev" - "discord.gg" - "discord.gift" - "discord.media" - "discord.new" - "discordapp.com" - "discordapp.net" - "discordcdn.com" - "discordstatus.com" - ]; - }; }; } diff --git a/host/x86_64-linux/pocket/default.nix b/host/x86_64-linux/pocket/default.nix index 21173e8..3d90f80 100644 --- a/host/x86_64-linux/pocket/default.nix +++ b/host/x86_64-linux/pocket/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ ... }: { home.nixos.enable = true; user = { root.enable = true; diff --git a/lib/Container.nix b/lib/Container.nix index 9f90fc0..1389279 100644 --- a/lib/Container.nix +++ b/lib/Container.nix @@ -29,6 +29,7 @@ boot.isContainer = true; # HACK: Do not evaluate nixpkgs inside the container. Use host's instead. + # nixpkgs.pkgs = lib.mkForce pkgs; nixpkgs.pkgs = lib.mkForce pkgs; # Release version. diff --git a/lib/Util.nix b/lib/Util.nix index 0923af7..0709e6e 100644 --- a/lib/Util.nix +++ b/lib/Util.nix @@ -1,5 +1,7 @@ # Collection of common functions. -{ lib }: rec { +{ + lib +}: rec { # Remove tabs indentation, trimTabs = text: let shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines; diff --git a/module/Kernel.nix b/module/Kernel.nix index 06bf626..30df172 100644 --- a/module/Kernel.nix +++ b/module/Kernel.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + pkgsUnstable, ... }: let cfg = config.module.kernel; @@ -85,7 +86,7 @@ in { }) (lib.mkIf cfg.latest { - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgsUnstable.linuxPackages_latest; }) ]); } diff --git a/module/Zapret.nix b/module/Zapret.nix deleted file mode 100644 index 5556535..0000000 --- a/module/Zapret.nix +++ /dev/null @@ -1,153 +0,0 @@ -{ - config, - lib, - pkgs, - util, - ... -}: let - cfg = config.module.zapret; - - whitelist = if cfg.whitelist != null then - "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}" - else - ""; - - blacklist = if cfg.blacklist != null then - "--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}" - else - ""; - - ports = if cfg.httpSupport then "80,443" else "443"; -in { - options.module.zapret = { - enable = lib.mkEnableOption "Enable Zapret DPI bypass service."; - package = lib.mkPackageOption pkgs "zapret" { }; - params = lib.mkOption { - default = null; - type = with lib.types; listOf str; - example = '' - [ - "--dpi-desync=fake,disorder2" - "--dpi-desync-ttl=1" - "--dpi-desync-autottl=2" - ]; - ''; - description = '' - Specify the bypass parameters for Zapret binary. - There are no universal parameters as they vary between different networks, so you'll have to find them yourself. - - This can be done by running the `blockcheck` binary from zapret package, i.e. `nix-shell -p zapret --command blockcheck`. - It'll try different params and then tell you which params are working for your network. - ''; - }; - whitelist = lib.mkOption { - default = null; - type = with lib.types; nullOr (listOf str); - example = '' - [ - "youtube.com" - "googlevideo.com" - "ytimg.com" - "youtu.be" - ] - ''; - description = '' - Specify a list of domains to bypass. All other domains will be ignored. - You can specify either whitelist or blacklist, but not both. - If neither are specified, then bypass all domains. - - It is recommended to specify the whitelist. This will make sure that other resources won't be affected by this service. - ''; - }; - blacklist = lib.mkOption { - default = null; - type = with lib.types; nullOr (listOf str); - example = '' - [ - "example.com" - ] - ''; - description = '' - Specify a list of domains NOT to bypass. All other domains will be bypassed. - You can specify either whitelist or blacklist, but not both. - If neither are specified, then bypass all domains. - ''; - }; - qnum = lib.mkOption { - default = 200; - type = lib.types.int; - description = '' - Routing queue number. - Only change this if you already use the default queue number somewhere else. - ''; - }; - configureFirewall = lib.mkOption { - default = true; - type = lib.types.bool; - description = '' - Whether to setup firewall routing so that system http(s) traffic is forwarded via this service. - Disable if you want to set it up manually. - ''; - }; - httpSupport = lib.mkOption { - default = true; - type = lib.types.bool; - description = '' - Whether to route http traffic on port 80. - Http bypass rarely works and you might want to disable it if you don't utilise http connections. - ''; - }; - }; - - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - { - assertions = [ - { - assertion = cfg.whitelist == null || cfg.blacklist == null; - message = "Can't specify both whitelist and blacklist."; - } - ]; - - systemd.services.zapret = { - description = "DPI bypass service."; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${cfg.package}/bin/nfqws --pidfile=/run/nfqws.pid ${lib.concatStringsSep " " cfg.params} ${whitelist} ${blacklist} --qnum=${toString cfg.qnum}"; - Type = "simple"; - PIDFile = "/run/nfqws.pid"; - Restart = "always"; - RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience. - - # Hardening. - DevicePolicy = "closed"; - KeyringMode = "private"; - PrivateTmp = true; - PrivateMounts = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - ProtectProc = "invisible"; - RemoveIPC = true; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - }; - }; - } - - # Route system traffic via service for specified ports. - (lib.mkIf cfg.configureFirewall { - networking.firewall.extraCommands = util.trimTabs '' - iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports ${ports} -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass - ''; - }) - ] - ); - - meta.maintainers = with lib.maintainers; [ voronind ]; -} diff --git a/overlay/Nix.nix b/overlay/Nix.nix deleted file mode 100644 index 88606f7..0000000 --- a/overlay/Nix.nix +++ /dev/null @@ -1,10 +0,0 @@ -# Use stable packages for Nix and Nixos-Rebuild. -{ - pkgsStable, - ... -}: { - nixpkgs.overlays = [(final: prev: { - nix = pkgsStable.nix; - nixos-rebuild = pkgsStable.nixos-rebuild; - })]; -} diff --git a/package/default.nix b/package/default.nix index d0fd56e..0adb954 100644 --- a/package/default.nix +++ b/package/default.nix @@ -1,10 +1,10 @@ { pkgs, pkgsMaster, - pkgsStable, + pkgsUnstable, ... } @args: { - core = with pkgs; [ + core = (with pkgs; [ android-tools # Android adb tool. Can be used to connect to itself via wireless debugging. bat # Pretty cat. binwalk # Can analyze files for other files inside them. @@ -18,8 +18,6 @@ diffutils # Diff tool. dnsutils # NS utilities. exiftool # Image info. - fastfetch # Systeminfo summary. - ffmpeg # Video/audio converter. file # Get general info about a file. findutils # Find tool. gawk # Awk. @@ -65,17 +63,20 @@ ventoy # Boot multiple ISO/images from a single USB stick. wcurl # CLI http client. wireguard-tools # Tools to work with Wireguard. - xray # Proxy. xz # Archive and compression tools. yazi # File manager. - yt-dlp # Video downloader. - zapret # FRKN. zip # Zip utility. - zmap # Network analyzer. # (pkgs.callPackage ./ytdlp {}) # Youtube downloader bin package. (pkgs.callPackage ./yamusicdownload { }) # Yandex music downloader. - ]; + ]) ++ (with pkgsUnstable; [ + fastfetch # Systeminfo summary. + ffmpeg # Video/audio converter. + ]) ++ (with pkgsMaster; [ + xray # Proxy. + yt-dlp # Video downloader. + zapret # FRKN. + ]); desktop = with pkgs; [ adwaita-icon-theme # GTK icons. @@ -97,7 +98,7 @@ (pkgs.callPackage ./swayscript args) ]; - common = with pkgs; [ + common = (with pkgs; [ evince # Document viewer. gimp # Image manipulation program. gnome-calculator # Calculator. @@ -111,7 +112,9 @@ upscayl # Image upscaler. (mpv.override { scripts = [ mpvScripts.mpris ]; }) # Media player. - ]; + ]) ++ (with pkgsUnstable; [ + tor-browser # Privacy browser. + ]); gaming = with pkgs; [ bottles # GUI for Wine. @@ -126,9 +129,9 @@ ]; creative = with pkgs; [ + aseprite # Pixel Art draw app. blender-hip # Blender with HiP support. krita # Draw! - aseprite # Pixel Art draw app. ]; dev = with pkgs; [ @@ -136,19 +139,19 @@ jetbrains.idea-community ]; - extra = with pkgs; [ - anilibria-winmaclinux # Anime! - appimage-run # Tool to run .AppImage files in NixOS. - blanket # Sounds generator. - calibre # Book library manager. - cbonsai # Draw trees. - cmatrix # CLI Screensavers. - cowsay # Cow quotes. - gnome-font-viewer # Font viewer. - jamesdsp # Active audio processing. - lolcat # CLI funni colors. - p7zip # Weird archive tool. - tor-browser # Privacy browser. + extra = (with pkgs; [ + anilibria-winmaclinux # Anime! + appimage-run # Tool to run .AppImage files in NixOS. + blanket # Sounds generator. + calibre # Book library manager. + cbonsai # Draw trees. + cmatrix # CLI Screensavers. + cowsay # Cow quotes. + gnome-font-viewer # Font viewer. + jamesdsp # Active audio processing. + lolcat # CLI funni colors. + p7zip # Weird archive tool. + ]) ++ (with pkgsUnstable; [ universal-android-debloater # Debloat Android devices. - ]; + ]); }