voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Switch to release 24.11.

Browse source
This commit is contained in:
Dmitry Voronin 2024-11-15 01:42:21 +03:00
parent ba436580e7
commit 9b5a2541d9
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
16 changed files with 184 additions and 331 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
container/Frkn.nix
View file

@ -2,8 +2,10 @@
__findFile, __findFile,
config, config,
container, container,
inputs,
lib, lib,
pkgs, pkgs,
pkgsMaster,
util, util,
... ...
} @args: let } @args: let
@ -47,18 +49,23 @@ in {
}; };
config = { ... }: container.mkContainerConfig cfg { config = { ... }: container.mkContainerConfig cfg {
imports = [ disabledModules = [ "services/networking/zapret.nix" ];
(import <module/Zapret.nix> args) imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/networking/zapret.nix" ];
];
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
}; };
module.zapret = { # TODO: Single place.
services.zapret = {
enable = true; enable = true;
params = config.module.zapret.params; package = pkgsMaster.zapret;
params = [
"--dpi-desync=fake,disorder2"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
];
}; };
services = { services = {

12
container/Yt.nix
View file

@ -2,8 +2,10 @@
__findFile, __findFile,
config, config,
container, container,
inputs,
lib, lib,
pkgs, pkgs,
pkgsMaster,
... ...
}: let }: let
cfg = config.container.module.yt; cfg = config.container.module.yt;
@ -31,10 +33,14 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
containers.yt = container.mkContainer cfg { containers.yt = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg { config = { ... }: container.mkContainerConfig cfg {
disabledModules = [ "services/web-apps/invidious.nix" ];
imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/web-apps/invidious.nix" ];
services.invidious = { services.invidious = {
enable = true; enable = true;
domain = cfg.domain; domain = cfg.domain;
port = cfg.port; package = pkgsMaster.invidious;
port = cfg.port;
nginx.enable = false; nginx.enable = false;
database = { database = {
host = config.container.module.postgres.address; host = config.container.module.postgres.address;

145
flake.lock
View file

@ -161,11 +161,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728337164, "lastModified": 1731604581,
"narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", "narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "038630363e7de57c36c417fd2f5d7c14773403e4", "rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -253,32 +253,32 @@
"nmd": "nmd_2" "nmd": "nmd_2"
}, },
"locked": { "locked": {
"lastModified": 1709879753, "lastModified": 1720396533,
"narHash": "sha256-zEpy3eweBus/cW/oRMBINps6Bnlazpa7TadonwWibHA=", "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"owner": "t184256", "owner": "t184256",
"repo": "nix-on-droid", "repo": "nix-on-droid",
"rev": "7b3cc6e3f9919b2d23003cfafb60c146c3f45793", "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "t184256", "owner": "t184256",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "nix-on-droid", "repo": "nix-on-droid",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1728241625, "lastModified": 1731613620,
"narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", "narHash": "sha256-Qb4cpVp1pr29mvbqMROn7BcYt60GJ948RSM4UKU2DV4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", "rev": "f4a0fbc120cd775346111246b453f8af94afc1d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable", "ref": "release-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -301,17 +301,17 @@
}, },
"nixpkgs-for-bootstrap": { "nixpkgs-for-bootstrap": {
"locked": { "locked": {
"lastModified": 1708105575, "lastModified": 1720244366,
"narHash": "sha256-sS4AItZeUnAei6v8FqxNlm+/27MPlfoGym/TZP0rmH0=", "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github" "type": "github"
} }
}, },
@ -333,11 +333,11 @@
}, },
"nixpkgsMaster": { "nixpkgsMaster": {
"locked": { "locked": {
"lastModified": 1728515287, "lastModified": 1731623783,
"narHash": "sha256-i9TCVoeiaYC+ivN6z08yBDwnQ7F5Hn7RGSPVpD0tzSE=", "narHash": "sha256-Ewyuq7Q62p7qNFtD8cuqA1VGASfkRsODiP7yihhe3pI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6422c786dd51f95f66bb2f2ba91798faf08b02ae", "rev": "360e88231c3137c6aedc60c7f5570ae1722ec83e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -347,29 +347,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgsStable": {
"locked": {
"lastModified": 1728328465,
"narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgsUnstable": { "nixpkgsUnstable": {
"locked": { "locked": {
"lastModified": 1729413321, "lastModified": 1731319897,
"narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=", "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26", "rev": "dc460ec76cbff0e66e269457d7b728432263166c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -500,11 +484,11 @@
"nvimBufferline": { "nvimBufferline": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1721303864, "lastModified": 1729768480,
"narHash": "sha256-VjusgJ3nEc+P/3bRjdS93qAErn6PZh7YkAAjxFF6Dxk=", "narHash": "sha256-MpSX8a51Avc9O1XxfWIDOVLiqD7omwAFIwSa02oXNs0=",
"owner": "akinsho", "owner": "akinsho",
"repo": "bufferline.nvim", "repo": "bufferline.nvim",
"rev": "0b2fd861eee7595015b6561dade52fb060be10c4", "rev": "5cc447cb2b463cb499c82eaeabbed4f5fa6a0a44",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -532,11 +516,11 @@
"nvimColorizer": { "nvimColorizer": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1722700398, "lastModified": 1730963691,
"narHash": "sha256-A3ijtLk/ECAVDDojmke9pKzZlvhEsuGrzjNzf5SBs1Q=", "narHash": "sha256-7AkqIcXllAQ1gSzT1COMNm2y/01uMT2XiL4WgdEeNU0=",
"owner": "brenoprata10", "owner": "brenoprata10",
"repo": "nvim-highlight-colors", "repo": "nvim-highlight-colors",
"rev": "a411550ef85cae467b889ba7d1a96bd78332d90e", "rev": "e967e2ba13fd4ca731b41d0e5cc1ac2edcd6e25e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,11 +532,11 @@
"nvimDevicons": { "nvimDevicons": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1728082969, "lastModified": 1728608318,
"narHash": "sha256-2NHhQq3W/OnyhK29WJHepgLXdOsddxlq4MTIs0akpaA=", "narHash": "sha256-SUWEOp+QcfHjYaqqr4Zwvh0x91IAJXvrdMkQtuWMlGc=",
"owner": "nvim-tree", "owner": "nvim-tree",
"repo": "nvim-web-devicons", "repo": "nvim-web-devicons",
"rev": "56f17def81478e406e3a8ec4aa727558e79786f3", "rev": "19d257cf889f79f4022163c3fbb5e08639077bd8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -564,11 +548,11 @@
"nvimDressing": { "nvimDressing": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1726594554, "lastModified": 1731521499,
"narHash": "sha256-EtLYhAwoSoHyGiGrHAVYL4/CqcgO4rSbV6otO3V08hM=", "narHash": "sha256-O0sdxU+ZQnclnnC5IfBpgqlMxjsJKlmPYQYPP+S3cn8=",
"owner": "stevearc", "owner": "stevearc",
"repo": "dressing.nvim", "repo": "dressing.nvim",
"rev": "1b7921eecc65af1baf8ac1dc06f0794934cbcfb2", "rev": "fc78a3ca96f4db9f8893bb7e2fd9823e0780451b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -580,11 +564,11 @@
"nvimGen": { "nvimGen": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1728201978, "lastModified": 1730968406,
"narHash": "sha256-rBUltJdluSseNUiTfjBZyuBwrGrASWbW1ROVdcAW6ug=", "narHash": "sha256-QM7DCO27rLk5NcPeD4YJcSj5QVohXU4eHJnvhwAuOHg=",
"owner": "David-Kunz", "owner": "David-Kunz",
"repo": "gen.nvim", "repo": "gen.nvim",
"rev": "83f1d6b6ffa6a6f32f6a93a33adc853f27541a94", "rev": "c9dd401ec4d9e98a4f06d5c090464e126129a3b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -596,11 +580,11 @@
"nvimGitsigns": { "nvimGitsigns": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1727424886, "lastModified": 1731605154,
"narHash": "sha256-o2Y57z7IuIa9wvLlzyslcs3/+iaZzuqM1NImlKAPt5Y=", "narHash": "sha256-8vWilpsVw22+nAEAjhGOvZniRRj5r1UITcW9YeuDH8o=",
"owner": "lewis6991", "owner": "lewis6991",
"repo": "gitsigns.nvim", "repo": "gitsigns.nvim",
"rev": "863903631e676b33e8be2acb17512fdc1b80b4fb", "rev": "ac5aba6dce8c06ea22bea2c9016f51a2dbf90dc7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -644,11 +628,11 @@
"nvimLspconfig": { "nvimLspconfig": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1728499974, "lastModified": 1731401169,
"narHash": "sha256-NWruciswztBWWxqwYPYp8GwZqZRdlUYsGHHyv/TGLlM=", "narHash": "sha256-JmNIK/es9svoi73OZXj50eJq+FD0ZBqWYjtcTU+KxUA=",
"owner": "neovim", "owner": "neovim",
"repo": "nvim-lspconfig", "repo": "nvim-lspconfig",
"rev": "ff69ecca55d83ffc70657f260a799f79a5637831", "rev": "d2d153a179ed59aa7134d7ebdf4d7dcb156efa22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -676,11 +660,11 @@
"nvimTelescope": { "nvimTelescope": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1728180665, "lastModified": 1730164948,
"narHash": "sha256-bhGlFAJIWJw/jrNWTJs2ywJkX/W+0EP5L4CX6M78dko=", "narHash": "sha256-Qa/f+0asQvA8mhIUajC4BGZCI92OqA6ySVoQSC3ZY3s=",
"owner": "nvim-telescope", "owner": "nvim-telescope",
"repo": "telescope.nvim", "repo": "telescope.nvim",
"rev": "dc6fc321a5ba076697cca89c9d7ea43153276d81", "rev": "85922dde3767e01d42a08e750a773effbffaea3e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -708,11 +692,11 @@
"nvimTree": { "nvimTree": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1728371267, "lastModified": 1731275826,
"narHash": "sha256-mlk6dskse0LT8NZ7JFDZpQtXM3XaUydzmh9SGt7fnWQ=", "narHash": "sha256-YIClwxyw4fNos5OIBZOjM0dlCw+yOhDDnq5jONSu7rs=",
"owner": "nvim-tree", "owner": "nvim-tree",
"repo": "nvim-tree.lua", "repo": "nvim-tree.lua",
"rev": "50e919426a4a2053f78b2f8ab001c8ad8eb47ef6", "rev": "28eac2801b201f301449e976d7a9e8cfde053ba3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -724,11 +708,11 @@
"nvimTreesitter": { "nvimTreesitter": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1728458493, "lastModified": 1731567327,
"narHash": "sha256-pW/ujbMjSTqVYWe59qOUIGF2TkBZ6+BIEXco2da+xPw=", "narHash": "sha256-M/pjY52wKx5OZhjjAx3awM3now5dEP0UxX4aFXEIjPc=",
"owner": "nvim-treesitter", "owner": "nvim-treesitter",
"repo": "nvim-treesitter", "repo": "nvim-treesitter",
"rev": "9d2acd49976e2a9da72949008df03436f781fd23", "rev": "6389ceb1758b8f62a15194e3b790e33268304cb8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -740,11 +724,11 @@
"nvimTrouble": { "nvimTrouble": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1727856084, "lastModified": 1730928038,
"narHash": "sha256-DR3zRwGkjEFzXcssXsX6Iw7R5uLKOt/OKFN+tnxfyS4=", "narHash": "sha256-zUh0o+piRVDMSXLjBj+IygZj3VX7i5nXsaNn2pPu1fg=",
"owner": "folke", "owner": "folke",
"repo": "trouble.nvim", "repo": "trouble.nvim",
"rev": "254145ffd528b98eb20be894338e2d5c93fa02c2", "rev": "3dc00c0447c016cd43e03054c3d49436a1f2076d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -783,7 +767,6 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgsJobber": "nixpkgsJobber", "nixpkgsJobber": "nixpkgsJobber",
"nixpkgsMaster": "nixpkgsMaster", "nixpkgsMaster": "nixpkgsMaster",
"nixpkgsStable": "nixpkgsStable",
"nixpkgsUnstable": "nixpkgsUnstable", "nixpkgsUnstable": "nixpkgsUnstable",
"nvimAlign": "nvimAlign", "nvimAlign": "nvimAlign",
"nvimAutoclose": "nvimAutoclose", "nvimAutoclose": "nvimAutoclose",
@ -840,11 +823,11 @@
"tinted-tmux": "tinted-tmux" "tinted-tmux": "tinted-tmux"
}, },
"locked": { "locked": {
"lastModified": 1728487226, "lastModified": 1731577695,
"narHash": "sha256-gTOUdO94Y24QgnPVnHTQ/Kch0eM6pHEk/c1WoIxg+qE=", "narHash": "sha256-ohxX2gG7zDWIA3slEbiSyAVSiO98clCoL+CmiEiYwVU=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "5699ba97c60455ebafde0fd4e78ca0a2e5a58282", "rev": "e0a278871b63b1800ccdda568861b5324dd93797",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -900,32 +883,34 @@
"tinted-foot": { "tinted-foot": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696725948, "lastModified": 1726913040,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-foot", "repo": "tinted-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-foot", "repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github" "type": "github"
} }
}, },
"tinted-kitty": { "tinted-kitty": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1727867815, "lastModified": 1716423189,
"narHash": "sha256-cghdwzPyve13JFeW+Mpqy/sDswlJ4DTffY24R0R7r/U=", "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "81b15cb9eb696247af857808d37122188423f73b", "rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
} }
}, },

24
flake.nix
View file

@ -1,8 +1,7 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/release-24.11";
nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master"; nixpkgsMaster.url = "github:nixos/nixpkgs/master";
home-manager = { home-manager = {
@ -16,9 +15,11 @@
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95"; poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
nix-on-droid = { nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.11"; url = "github:t184256/nix-on-droid/release-24.05";
inputs.home-manager.follows = "home-manager"; inputs = {
inputs.nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs";
};
}; };
nvimAlign = { flake = false; url = "github:echasnovski/mini.align"; }; nvimAlign = { flake = false; url = "github:echasnovski/mini.align"; };
@ -47,7 +48,6 @@
nixpkgs, nixpkgs,
nixpkgsJobber, nixpkgsJobber,
nixpkgsMaster, nixpkgsMaster,
nixpkgsStable,
nixpkgsUnstable, nixpkgsUnstable,
poetry2nixJobber, poetry2nixJobber,
self, self,
@ -55,8 +55,8 @@
... ...
} @inputs: { } @inputs: {
const = { const = {
droidStateVersion = "23.11"; droidStateVersion = "24.05";
stateVersion = "24.05"; stateVersion = "24.11";
timeZone = "Europe/Moscow"; timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git"; url = "https://git.voronind.com/voronind/nix.git";
}; };
@ -121,7 +121,6 @@
container = import ./lib/Container.nix { inherit lib pkgs config util; inherit (self) const; }; container = import ./lib/Container.nix { inherit lib pkgs config util; inherit (self) const; };
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs; pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs; pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs; pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
secret = import ./secret { }; secret = import ./secret { };
}; };
@ -139,7 +138,6 @@
lib = nixpkgs.lib; lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system}.pkgs; pkgs = nixpkgs.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs; pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs; pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
system = "aarch64-linux"; system = "aarch64-linux";
in nix-on-droid.lib.nixOnDroidConfiguration { in nix-on-droid.lib.nixOnDroidConfiguration {
@ -147,13 +145,9 @@
(import ./module/Style.nix { inherit (config.home-manager) config; inherit (self) __findFile; inherit lib pkgs; }) (import ./module/Style.nix { inherit (config.home-manager) config; inherit (self) __findFile; inherit lib pkgs; })
./home/Android.nix ./home/Android.nix
./module/Wallpaper.nix ./module/Wallpaper.nix
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
{ home.android.enable = true; }
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
{ system.stateVersion = self.const.droidStateVersion; }
]; ];
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs self; inherit inputs self pkgsMaster pkgsUnstable;
inherit (self) const __findFile; inherit (self) const __findFile;
secret = import ./secret { }; secret = import ./secret { };
util = import ./lib/Util.nix { inherit lib; }; util = import ./lib/Util.nix { inherit lib; };

8
home/Android.nix
View file

@ -7,7 +7,7 @@
lib, lib,
pkgs, pkgs,
pkgsMaster, pkgsMaster,
pkgsStable, pkgsUnstable,
self, self,
... ...
} @args: let } @args: let
@ -23,11 +23,15 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.packages = package.core; environment.packages = package.core;
time.timeZone = const.timeZone; home.android.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
system.stateVersion = const.droidStateVersion;
time.timeZone = const.timeZone;
terminal = { terminal = {
inherit (android) font colors; inherit (android) font colors;
}; };
home-manager.config = stylix // { home-manager.config = stylix // {
stylix.autoEnable = lib.mkForce false;
programs = with programs; core; programs = with programs; core;
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeManagerModules.stylix

5
home/program/chromium/default.nix
View file

@ -1,9 +1,10 @@
{ {
pkgs, pkgs,
pkgsUnstable,
lib, lib,
... ...
}: let }: let
package = pkgs.ungoogled-chromium; package = pkgsUnstable.ungoogled-chromium;
browserVersion = lib.versions.major package.version; browserVersion = lib.versions.major package.version;
extensions = let extensions = let
fetchFromStore = { id, sha256, version, }: { fetchFromStore = { id, sha256, version, }: {
@ -57,7 +58,7 @@
in { in {
inherit extensions package; inherit extensions package;
enable = true; enable = true;
dictionaries = with pkgs.hunspellDictsChromium; [ dictionaries = with pkgsUnstable.hunspellDictsChromium; [
en_US en_US
]; ];
commandLineArgs = [ commandLineArgs = [

3
home/program/firefox/default.nix
View file

@ -2,6 +2,7 @@
__findFile, __findFile,
config, config,
pkgs, pkgs,
pkgsUnstable,
... ...
}: let }: let
bookmarks = [ bookmarks = [
@ -144,7 +145,7 @@
mkUserPref = Name: Value: mkPref Name Value "user"; mkUserPref = Name: Value: mkPref Name Value "user";
in { in {
enable = true; enable = true;
package = pkgs.firefox-esr; package = pkgsUnstable.firefox-esr;
# languagePacks = [ "en-US" "ru" ]; # languagePacks = [ "en-US" "ru" ];
profiles.default = { profiles.default = {
inherit userChrome userContent; inherit userChrome userContent;

42
host/x86_64-linux/home/Zapret.nix Normal file
View file

@ -0,0 +1,42 @@
{
inputs,
pkgsMaster,
...
}: {
disabledModules = [ "services/networking/zapret.nix" ];
imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/networking/zapret.nix" ];
# TODO: Single place.
services.zapret = {
enable = true;
package = pkgsMaster.zapret;
params = [
"--dpi-desync=fake,disorder2"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
];
whitelist = [
"youtube.com"
"googlevideo.com"
"ytimg.com"
"youtu.be"
"rutracker.org"
"rutracker.cc"
"rutrk.org"
"t-ru.org"
"medium.com"
"dis.gd"
"discord.co"
"discord.com"
"discord.dev"
"discord.gg"
"discord.gift"
"discord.media"
"discord.new"
"discordapp.com"
"discordapp.net"
"discordcdn.com"
"discordstatus.com"
];
};
}

31
host/x86_64-linux/home/default.nix
View file

@ -27,36 +27,5 @@
core.enable = true; core.enable = true;
desktop.enable = true; desktop.enable = true;
}; };
zapret = {
enable = true;
params = [
"--dpi-desync=fake,disorder2"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
];
whitelist = [
"youtube.com"
"googlevideo.com"
"ytimg.com"
"youtu.be"
"rutracker.org"
"rutracker.cc"
"rutrk.org"
"t-ru.org"
"medium.com"
"dis.gd"
"discord.co"
"discord.com"
"discord.dev"
"discord.gg"
"discord.gift"
"discord.media"
"discord.new"
"discordapp.com"
"discordapp.net"
"discordcdn.com"
"discordstatus.com"
];
};
}; };
} }

2
host/x86_64-linux/pocket/default.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }: { { ... }: {
home.nixos.enable = true; home.nixos.enable = true;
user = { user = {
root.enable = true; root.enable = true;

1
lib/Container.nix
View file

@ -29,6 +29,7 @@
boot.isContainer = true; boot.isContainer = true;
# HACK: Do not evaluate nixpkgs inside the container. Use host's instead. # HACK: Do not evaluate nixpkgs inside the container. Use host's instead.
# nixpkgs.pkgs = lib.mkForce pkgs;
nixpkgs.pkgs = lib.mkForce pkgs; nixpkgs.pkgs = lib.mkForce pkgs;
# Release version. # Release version.

4
lib/Util.nix
View file

@ -1,5 +1,7 @@
# Collection of common functions. # Collection of common functions.
{ lib }: rec { {
lib
}: rec {
# Remove tabs indentation, # Remove tabs indentation,
trimTabs = text: let trimTabs = text: let
shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines; shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines;

3
module/Kernel.nix
View file

@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgsUnstable,
... ...
}: let }: let
cfg = config.module.kernel; cfg = config.module.kernel;
@ -85,7 +86,7 @@ in {
}) })
(lib.mkIf cfg.latest { (lib.mkIf cfg.latest {
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgsUnstable.linuxPackages_latest;
}) })
]); ]);
} }

153
module/Zapret.nix
View file

@ -1,153 +0,0 @@
{
config,
lib,
pkgs,
util,
...
}: let
cfg = config.module.zapret;
whitelist = if cfg.whitelist != null then
"--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}"
else
"";
blacklist = if cfg.blacklist != null then
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}"
else
"";
ports = if cfg.httpSupport then "80,443" else "443";
in {
options.module.zapret = {
enable = lib.mkEnableOption "Enable Zapret DPI bypass service.";
package = lib.mkPackageOption pkgs "zapret" { };
params = lib.mkOption {
default = null;
type = with lib.types; listOf str;
example = ''
[
"--dpi-desync=fake,disorder2"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
];
'';
description = ''
Specify the bypass parameters for Zapret binary.
There are no universal parameters as they vary between different networks, so you'll have to find them yourself.
This can be done by running the `blockcheck` binary from zapret package, i.e. `nix-shell -p zapret --command blockcheck`.
It'll try different params and then tell you which params are working for your network.
'';
};
whitelist = lib.mkOption {
default = null;
type = with lib.types; nullOr (listOf str);
example = ''
[
"youtube.com"
"googlevideo.com"
"ytimg.com"
"youtu.be"
]
'';
description = ''
Specify a list of domains to bypass. All other domains will be ignored.
You can specify either whitelist or blacklist, but not both.
If neither are specified, then bypass all domains.
It is recommended to specify the whitelist. This will make sure that other resources won't be affected by this service.
'';
};
blacklist = lib.mkOption {
default = null;
type = with lib.types; nullOr (listOf str);
example = ''
[
"example.com"
]
'';
description = ''
Specify a list of domains NOT to bypass. All other domains will be bypassed.
You can specify either whitelist or blacklist, but not both.
If neither are specified, then bypass all domains.
'';
};
qnum = lib.mkOption {
default = 200;
type = lib.types.int;
description = ''
Routing queue number.
Only change this if you already use the default queue number somewhere else.
'';
};
configureFirewall = lib.mkOption {
default = true;
type = lib.types.bool;
description = ''
Whether to setup firewall routing so that system http(s) traffic is forwarded via this service.
Disable if you want to set it up manually.
'';
};
httpSupport = lib.mkOption {
default = true;
type = lib.types.bool;
description = ''
Whether to route http traffic on port 80.
Http bypass rarely works and you might want to disable it if you don't utilise http connections.
'';
};
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
{
assertions = [
{
assertion = cfg.whitelist == null || cfg.blacklist == null;
message = "Can't specify both whitelist and blacklist.";
}
];
systemd.services.zapret = {
description = "DPI bypass service.";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/nfqws --pidfile=/run/nfqws.pid ${lib.concatStringsSep " " cfg.params} ${whitelist} ${blacklist} --qnum=${toString cfg.qnum}";
Type = "simple";
PIDFile = "/run/nfqws.pid";
Restart = "always";
RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
# Hardening.
DevicePolicy = "closed";
KeyringMode = "private";
PrivateTmp = true;
PrivateMounts = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ProtectProc = "invisible";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
};
}
# Route system traffic via service for specified ports.
(lib.mkIf cfg.configureFirewall {
networking.firewall.extraCommands = util.trimTabs ''
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports ${ports} -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass
'';
})
]
);
meta.maintainers = with lib.maintainers; [ voronind ];
}

10
overlay/Nix.nix
View file

@ -1,10 +0,0 @@
# Use stable packages for Nix and Nixos-Rebuild.
{
pkgsStable,
...
}: {
nixpkgs.overlays = [(final: prev: {
nix = pkgsStable.nix;
nixos-rebuild = pkgsStable.nixos-rebuild;
})];
}

55
package/default.nix
View file

@ -1,10 +1,10 @@
{ {
pkgs, pkgs,
pkgsMaster, pkgsMaster,
pkgsStable, pkgsUnstable,
... ...
} @args: { } @args: {
core = with pkgs; [ core = (with pkgs; [
android-tools # Android adb tool. Can be used to connect to itself via wireless debugging. android-tools # Android adb tool. Can be used to connect to itself via wireless debugging.
bat # Pretty cat. bat # Pretty cat.
binwalk # Can analyze files for other files inside them. binwalk # Can analyze files for other files inside them.
@ -18,8 +18,6 @@
diffutils # Diff tool. diffutils # Diff tool.
dnsutils # NS utilities. dnsutils # NS utilities.
exiftool # Image info. exiftool # Image info.
fastfetch # Systeminfo summary.
ffmpeg # Video/audio converter.
file # Get general info about a file. file # Get general info about a file.
findutils # Find tool. findutils # Find tool.
gawk # Awk. gawk # Awk.
@ -65,17 +63,20 @@
ventoy # Boot multiple ISO/images from a single USB stick. ventoy # Boot multiple ISO/images from a single USB stick.
wcurl # CLI http client. wcurl # CLI http client.
wireguard-tools # Tools to work with Wireguard. wireguard-tools # Tools to work with Wireguard.
xray # Proxy.
xz # Archive and compression tools. xz # Archive and compression tools.
yazi # File manager. yazi # File manager.
yt-dlp # Video downloader.
zapret # FRKN.
zip # Zip utility. zip # Zip utility.
zmap # Network analyzer.
# (pkgs.callPackage ./ytdlp {}) # Youtube downloader bin package. # (pkgs.callPackage ./ytdlp {}) # Youtube downloader bin package.
(pkgs.callPackage ./yamusicdownload { }) # Yandex music downloader. (pkgs.callPackage ./yamusicdownload { }) # Yandex music downloader.
]; ]) ++ (with pkgsUnstable; [
fastfetch # Systeminfo summary.
ffmpeg # Video/audio converter.
]) ++ (with pkgsMaster; [
xray # Proxy.
yt-dlp # Video downloader.
zapret # FRKN.
]);
desktop = with pkgs; [ desktop = with pkgs; [
adwaita-icon-theme # GTK icons. adwaita-icon-theme # GTK icons.
@ -97,7 +98,7 @@
(pkgs.callPackage ./swayscript args) (pkgs.callPackage ./swayscript args)
]; ];
common = with pkgs; [ common = (with pkgs; [
evince # Document viewer. evince # Document viewer.
gimp # Image manipulation program. gimp # Image manipulation program.
gnome-calculator # Calculator. gnome-calculator # Calculator.
@ -111,7 +112,9 @@
upscayl # Image upscaler. upscayl # Image upscaler.
(mpv.override { scripts = [ mpvScripts.mpris ]; }) # Media player. (mpv.override { scripts = [ mpvScripts.mpris ]; }) # Media player.
]; ]) ++ (with pkgsUnstable; [
tor-browser # Privacy browser.
]);
gaming = with pkgs; [ gaming = with pkgs; [
bottles # GUI for Wine. bottles # GUI for Wine.
@ -126,9 +129,9 @@
]; ];
creative = with pkgs; [ creative = with pkgs; [
aseprite # Pixel Art draw app.
blender-hip # Blender with HiP support. blender-hip # Blender with HiP support.
krita # Draw! krita # Draw!
aseprite # Pixel Art draw app.
]; ];
dev = with pkgs; [ dev = with pkgs; [
@ -136,19 +139,19 @@
jetbrains.idea-community jetbrains.idea-community
]; ];
extra = with pkgs; [ extra = (with pkgs; [
anilibria-winmaclinux # Anime! anilibria-winmaclinux # Anime!
appimage-run # Tool to run .AppImage files in NixOS. appimage-run # Tool to run .AppImage files in NixOS.
blanket # Sounds generator. blanket # Sounds generator.
calibre # Book library manager. calibre # Book library manager.
cbonsai # Draw trees. cbonsai # Draw trees.
cmatrix # CLI Screensavers. cmatrix # CLI Screensavers.
cowsay # Cow quotes. cowsay # Cow quotes.
gnome-font-viewer # Font viewer. gnome-font-viewer # Font viewer.
jamesdsp # Active audio processing. jamesdsp # Active audio processing.
lolcat # CLI funni colors. lolcat # CLI funni colors.
p7zip # Weird archive tool. p7zip # Weird archive tool.
tor-browser # Privacy browser. ]) ++ (with pkgsUnstable; [
universal-android-debloater # Debloat Android devices. universal-android-debloater # Debloat Android devices.
]; ]);
} }