voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Purge nixfmt!

Browse source
This commit is contained in:
Dmitry Voronin 2024-11-04 04:37:29 +03:00
parent d590e6e590
commit a1f4bae2a6
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
356 changed files with 13267 additions and 16348 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.editorconfig
View file

@ -5,9 +5,5 @@ indent_style = tab
insert_final_newline = true insert_final_newline = true
trim_trailing_whitespace = true trim_trailing_whitespace = true
[*.nix]
indent_style = space
indent_size = 2
[*.md] [*.md]
trim_trailing_whitespace = false trim_trailing_whitespace = false

3
.readme/keyboard/Readme.md
View file

@ -1,3 +0,0 @@
# Keyd layouts.
http://www.keyboard-layout-editor.com

151
.readme/keyboard/alt/keyboard-layout.json
View file

@ -1,151 +0,0 @@
[
[
{
"c": "#8ec07c"
},
"Esc",
{
"c": "#cccccc"
},
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
"Q",
{
"c": "#8ec07c"
},
"Page Up",
{
"c": "#cccccc"
},
"E",
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"Caps Lock",
"Home",
"Page Down",
"End",
{
"c": "#cccccc"
},
"F",
"G",
{
"c": "#8ec07c"
},
"Left",
"Down",
"Up",
"Right",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
"Z",
{
"c": "#8ec07c"
},
"Cut",
"Copy",
"Paste",
{
"c": "#cccccc"
},
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"c": "#d79921",
"w": 1.25
},
"Alterna-tive keys",
{
"c": "#cccccc",
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"c": "#8ec07c",
"w": 1.25
},
"Ctrl"
]
]

165
.readme/keyboard/app/firefox/keyboard-layout.json
View file

@ -1,165 +0,0 @@
[
[
"~\n`",
"!\n1\n\n\n\n\nTab 1",
"@\n2\n\n\n\n\nTab 2",
"#\n3\n\n\n\n\nTab 3",
"$\n4\n\n\n\n\nTab 4",
"%\n5\n\n\n\n\nTab 5",
"^\n6\n\n\n\n\nTab 6",
"&\n7\n\n\n\n\nTab 7",
"*\n8\n\n\n\n\nTab 8",
"(\n9\n\n\n\n\nTab 9",
")\n0\n\n\n\n\nTab 10",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Tab / Move",
"Up",
"Next Tab / Move",
"Full Refresh",
{
"c": "#cccccc"
},
"T",
"Y",
{
"c": "#8ec07c"
},
"Restore Tab",
{
"c": "#cccccc"
},
"I",
"O",
{
"c": "#8ec07c"
},
"Fill Pass-word",
{
"c": "#cccccc"
},
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"New Tab",
"Go Back",
"Down",
"Go Fwd",
"Find",
{
"c": "#cccccc"
},
"G",
"H",
"J",
"K",
{
"c": "#8ec07c"
},
"Toggle Dark Mode",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"c": "#8ec07c",
"w": 2.25
},
"Alternative Action (after slash)",
{
"c": "#cccccc"
},
"Z",
{
"c": "#8ec07c"
},
"Close Tab",
{
"c": "#cccccc"
},
"C",
"V",
"B",
{
"c": "#8ec07c"
},
"Find Next / Prev",
{
"c": "#cccccc"
},
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#8ec07c",
"w": 6.25
},
"Toggle Address Bar",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

162
.readme/keyboard/app/jetbrains/keyboard-layout.json
View file

@ -1,162 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
{
"c": "#8ec07c"
},
"Reformat",
{
"c": "#cccccc",
"w": 2
},
"Backspace"
],
[
{
"c": "#8ec07c",
"w": 1.5
},
"Step Over (Tap) / Step Into (Hold)",
"Prev Tab",
{
"c": "#cccccc"
},
"W",
{
"c": "#8ec07c"
},
"Next Tab",
"Run",
{
"c": "#cccccc"
},
"T",
"Y",
"U",
{
"c": "#8ec07c"
},
"Impl-ement",
"Over-ride",
{
"c": "#cccccc"
},
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"New Scratch",
"Attach Debug-ger",
"Refac-tor",
"Run Debug",
"Find",
"Go to Defini-tion",
{
"c": "#cccccc"
},
"H",
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Stop App",
"Close Tab",
"Close Bottom Panel",
"Show Doc",
{
"c": "#cccccc"
},
"B",
{
"c": "#8ec07c"
},
"Inline",
"Settings",
{
"c": "#cccccc"
},
"<\n,",
{
"c": "#8ec07c"
},
"Toggle Break-point\n.",
"Toggle Com-ment",
{
"c": "#cccccc",
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#cccccc",
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

167
.readme/keyboard/app/nautilus/keyboard-layout.json
View file

@ -1,167 +0,0 @@
[
[
"~\n`",
{
"c": "#8ec07c"
},
"List View",
"Grid View",
{
"c": "#cccccc"
},
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Tab / Move",
{
"c": "#cccccc"
},
"W",
{
"c": "#8ec07c"
},
"Next Tab / Move",
"Refresh Dir",
"New window",
"Copy Selection",
{
"c": "#cccccc"
},
"U",
{
"c": "#8ec07c"
},
"Invert Selec-tion",
{
"c": "#cccccc"
},
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"New Tab",
"Create Dir",
"Rename",
"Delete",
"Search Dir",
{
"c": "#cccccc"
},
"G",
{
"c": "#8ec07c"
},
"Toggle Hidden Files",
{
"c": "#cccccc"
},
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
"Z",
{
"c": "#8ec07c"
},
"Close Tab",
{
"c": "#cccccc"
},
"C",
{
"c": "#8ec07c"
},
"File Info",
"Go Back",
{
"c": "#cccccc"
},
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#8ec07c",
"w": 6.25
},
"Focus Navigation Bar",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

160
.readme/keyboard/app/tmux/keyboard-layout.json
View file

@ -1,160 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
{
"c": "#8ec07c"
},
"Split / Align Vertical",
"Equalize Splits",
{
"c": "#cccccc",
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Window",
"Up",
"Next Window",
"Reload Settings",
{
"c": "#cccccc"
},
"T",
{
"c": "#8ec07c"
},
"Copy Selection",
{
"c": "#cccccc"
},
"U",
"I",
"O",
{
"c": "#8ec07c"
},
"Paste",
{
"c": "#cccccc"
},
"{\n[",
"}\n]",
{
"c": "#8ec07c",
"w": 1.5
},
"Split / Align Horizontal"
],
[
{
"w": 1.75
},
"New Window",
"Left",
"Down",
"Right",
"Toggle Status Bar",
"Select Session",
"Resize Left",
"Resize/ Scroll Down",
"Resize/ Scroll Up",
"Resize Right",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Detach Session/Others",
"Close Window",
"Close Pane",
"Select",
{
"c": "#cccccc"
},
"B",
"N",
"M",
{
"c": "#8ec07c"
},
"Prev Session",
"Next Session",
{
"c": "#cccccc"
},
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#cccccc",
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

142
.readme/keyboard/main/keyboard-layout.json
View file

@ -1,142 +0,0 @@
[
[
{
"c": "#d79921",
"sm": "alps"
},
"System Controls",
{
"c": "#cccccc"
},
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"c": "#8ec07c",
"w": 2
},
"Delete"
],
[
{
"c": "#cccccc",
"w": 1.5
},
"Tab",
"Q",
"W",
"E",
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"Ctrl / Esc",
{
"c": "#cccccc"
},
"A",
"S",
"D",
{
"n": true
},
"F",
"G",
"H",
{
"n": true
},
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
"Z",
"X",
"C",
"V",
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"c": "#8ec07c",
"w": 2.75
},
"Backspace"
],
[
{
"c": "#d79921",
"w": 1.25
},
"Alterna-tive Keys",
{
"w": 1.25
},
"WM Controls",
{
"w": 1.25
},
"App Controls",
{
"w": 6.25
},
"Neovim",
{
"c": "#8ec07c",
"w": 1.25
},
"Language Switch",
{
"c": "#d79921",
"w": 1.25
},
"Extra Numbers",
{
"w": 1.25
},
"Media Controls",
{
"c": "#cccccc",
"d": true
},
"Fn"
]
]

139
.readme/keyboard/media/keyboard-layout.json
View file

@ -1,139 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Song",
"Volume Up",
"Next Song",
{
"c": "#cccccc"
},
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"w": 1.75
},
"Caps Lock",
{
"c": "#8ec07c"
},
"Seek Back",
"Volume Down",
"Seek Fwd",
{
"c": "#cccccc"
},
"F",
"G",
"H",
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Mute Sound",
"Stop",
"Cycle Sound Device",
"Mute Mic",
{
"c": "#cccccc"
},
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"c": "#8ec07c",
"w": 6.25
},
"Play / Pause",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"c": "#d79921",
"w": 1.25
},
"Media Controls (RCtrl)"
]
]

144
.readme/keyboard/number/keyboard-layout.json
View file

@ -1,144 +0,0 @@
[
[
"~\n`",
{
"c": "#8ec07c"
},
"=",
"/",
"*",
"-",
{
"c": "#cccccc"
},
"f17",
"f18",
"f19",
"f20",
"f21",
"f22",
"f23",
"f24",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"7",
"8",
"9",
"+",
{
"c": "#cccccc"
},
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"w": 1.75
},
"Caps Lock",
{
"c": "#8ec07c"
},
"4",
"5",
"6",
"Enter",
{
"c": "#cccccc"
},
"G",
"H",
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"c": "#8ec07c",
"w": 2.25
},
"Backspace",
"1",
"2",
"3",
". (dot)",
{
"c": "#cccccc"
},
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"c": "#8ec07c",
"w": 6.25
},
"0",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"Extra Numbers",
{
"c": "#cccccc",
"w": 1.25
},
"Ctrl"
]
]

158
.readme/keyboard/sway/keyboard-layout.json
View file

@ -1,158 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
{
"c": "#8ec07c"
},
"Split Vertic-ally",
{
"c": "#cccccc"
},
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"c": "#8ec07c",
"w": 1.5
},
"Tab mode toggle",
"Prev Work-space",
"Up",
"Next Work-space",
"Float layer / Waybar",
{
"c": "#cccccc"
},
"T",
{
"c": "#8ec07c"
},
"Full Scr / Rec",
{
"c": "#cccccc"
},
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"c": "#8ec07c",
"w": 1.5
},
"Split Hori-zontally"
],
[
{
"w": 1.75
},
"Terminal",
"Left",
"Down",
"Right",
"Full-screen / Float",
{
"c": "#cccccc"
},
"G",
{
"c": "#8ec07c"
},
"Resize Left",
"Resize Down",
"Resize Up",
"Resize Right",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"c": "#8ec07c",
"w": 2.25
},
"Alternative action (after slash) or move window",
"Lock / +Sus-pend",
"Close Window",
"Scratch toggle / move",
"Select Scr / Rec",
{
"c": "#cccccc"
},
"B",
{
"c": "#8ec07c"
},
"Dismiss Notif / Repeat",
{
"c": "#cccccc"
},
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"c": "#d79921",
"w": 1.25
},
"WM Controls",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"c": "#8ec07c",
"w": 6.25
},
"Run",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

174
.readme/keyboard/system/keyboard-layout.json
View file

@ -1,174 +0,0 @@
[
[
{
"c": "#d79921"
},
"System controls",
{
"c": "#cccccc"
},
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
"Q",
{
"c": "#8ec07c"
},
"Bright- ness Up",
{
"c": "#cccccc"
},
"E",
{
"c": "#8ec07c"
},
"Live Config Reload",
{
"c": "#cccccc"
},
"T",
"Y",
"U",
"I",
"O",
{
"c": "#8ec07c"
},
"Toggle power-save",
{
"c": "#cccccc"
},
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"w": 1.75
},
"Caps Lock",
"A",
{
"c": "#8ec07c"
},
"Bright-ness Down",
{
"c": "#cccccc"
},
"D",
"F",
{
"c": "#8ec07c"
},
"Toggle Gaming Mode",
{
"c": "#cccccc"
},
"H",
"J",
"K",
{
"c": "#8ec07c"
},
"Toggle charge limit",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Sus-pend",
"Power-off",
"Reboot",
"Toggle VPN",
{
"c": "#cccccc"
},
"B",
{
"c": "#8ec07c"
},
"Toggle DND",
"Toggle Monitor Power",
{
"c": "#cccccc"
},
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

16
.treefmt.toml
View file

@ -1,16 +0,0 @@
# One CLI to format the code tree - https://git.numtide.com/numtide/treefmt
# [formatter.mylanguage]
# Formatter to run
# command = "command-to-run"
# Command-line arguments for the command
# options = []
# Glob pattern of files to include
# includes = [ "*.<language-extension>" ]
# Glob patterns of files to exclude
# excludes = []
[formatter.nixfmt-rfc-style]
command = "nixfmt"
options = [ "-s" ]
includes = [ "*.nix" ]

3
Makefile
View file

@ -30,9 +30,6 @@ fix-ulimit:
fix-unlock: fix-unlock:
pkill nixos-rebuild || true pkill nixos-rebuild || true
format:
treefmt --no-cache --on-unmatched=info
gc: gc:
nix-collect-garbage -d nix-collect-garbage -d
# nix-store --gc # nix-store --gc

68
Readme.md
View file

@ -1,4 +1,4 @@
# Dmitry 🌊 NixOS, Home Manager and Nix-on-Droid configurations. # Dmitry 🌊 NixOS and Nix-on-Droid configurations.
## Please, support tabs in Nix! ## Please, support tabs in Nix!
@ -36,68 +36,4 @@ Newest first.
<a href="https://i.imgur.com/H943DFl.jpeg">Wallpaper link</a> <a href="https://i.imgur.com/H943DFl.jpeg">Wallpaper link</a>
</details> </details>
[My current wallpaper](config/Wallpaper.nix#L4) [My current wallpaper](module/Wallpaper.nix#L6)
Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/stylix).
## Discovering my configuration.
Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the [very basics of Nix language](https://nixos.org/guides/nix-pills/). Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
Please tell me if you find any undocumented parts.
## Configuration highlights.
* [Keyd](module/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
* NixOS Containers (nspawn). Containers are great. I LOVE containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! [Here](host/x86_64-linux/home/Container.nix) is how I add containers to the host, [here](container/default.nix) is the global configuration and [here](container) are all the containers.
* NixOnDroid can be used to set up your environment inside the Termux app on Android. It also gives you access to all the Nixpkgs binaries for Arm. Configuration can be found [here](home/Android.nix), but you also need to add the definition to the root `flake.nix (nixOnDroidConfigurations.default)`. [Here](https://github.com/nix-community/nix-on-droid) are the docs.
* [Stylix](config/Stylix.nix) can be used to change colors for the whole system based on current wallpaper. Example usages: [Sway](home/config/sway/module/Style.nix), [fuzzel](home/config/fuzzel/default.nix) and [Tmux](home/config/tmux/module/Status.nix).
* [Signed auto-updates](module/AutoUpdateSigned.nix). Updates are pulled every hour and require the last commit to be signed with my signature.
## Keyboard layouts.
Yellow are modifier keys, they enable layers when held. Green ones are just modified keys.
<details>
<summary>Default</summary>
<img src="https://i.imgur.com/MBb23eB.png" />
</details>
<details>
<summary>Alternative Keys</summary>
<img src="https://i.imgur.com/X9CGhLb.png" />
</details>
<details>
<summary>Sway keys</summary>
<img src="https://i.imgur.com/hiGZ86w.png" /><br>
</details>
<details>
<summary>Per-application controls</summary>
Firefox:<br>
<img src="https://i.imgur.com/GI0apoV.png" /><br>
Jetbrains:<br>
<img src="https://i.imgur.com/OFNlHnW.png" /><br>
Nautilus:<br>
<img src="https://i.imgur.com/9W1GmLn.png" /><br>
Tmux:<br>
<img src="https://i.imgur.com/GhmwyCO.png" />
</details>
<details>
<summary>Extra numbers</summary>
<img src="https://i.imgur.com/89ERKd9.png" />
</details>
<details>
<summary>Media Controls</summary>
<img src="https://i.imgur.com/HvdSdRP.png" />
</details>
<details>
<summary>System controls</summary>
<img src="https://i.imgur.com/rGC2HXf.png" />
</details>
[Link](http://www.keyboard-layout-editor.com) / [Source](https://github.com/ijprest/keyboard-layout-editor) of the tool I used to draw the images.

68
config/Setting.nix
View file

@ -1,68 +0,0 @@
# Global settings.
# Just like I can configure each package, here I configure my config! :O)
{ lib, ... }:
{
options.setting = with lib; {
# Ollama settings.
# I use the best light model by default.
ollama = mkOption {
default = { };
type = types.submodule {
# freeformType = lib.jsonFormat.type;
options = {
primaryModel = mkOption {
default = "llama3";
type = types.str;
};
};
};
};
# Whether to use Dpi-aware setting in supported apps.
dpiAware = mkOption {
default = false;
type = types.bool;
};
# Keyboard options.
keyboard = mkOption {
default = { };
type = types.submodule {
options = {
layouts = mkOption {
default = "us,ru";
type = types.str;
};
options = mkOption {
default = "grp:toggle";
type = types.str;
};
};
};
};
# CPU configurations.
cpu = mkOption {
default = { };
type = types.submodule {
options = {
hwmon = mkOption {
default = { };
type = types.submodule {
options = {
path = mkOption {
default = "";
type = types.str;
};
file = mkOption {
default = "";
type = types.str;
};
};
};
};
};
};
};
};
}

123
config/Style.nix
View file

@ -1,123 +0,0 @@
{
lib,
config,
pkgs,
__findFile,
...
}:
with lib;
let
cfg = config.style;
mkTypeOption = default: type: mkOption { inherit default type; };
mkStrOption = default: mkTypeOption default types.str;
mkIntOption = default: mkTypeOption default types.int;
mkFloatOption = default: mkTypeOption default types.float;
mkPkgOption = default: mkTypeOption default types.package;
in
{
options.style = {
color = {
bg = {
dark = mkStrOption config.lib.stylix.colors.base00;
light = mkStrOption config.lib.stylix.colors.base07;
regular = mkStrOption config.lib.stylix.colors.base01;
};
fg = {
dark = mkStrOption config.lib.stylix.colors.base04;
light = mkStrOption config.lib.stylix.colors.base06;
regular = mkStrOption config.lib.stylix.colors.base05;
};
accent = mkStrOption config.lib.stylix.colors.base0A;
heading = mkStrOption config.lib.stylix.colors.base0D;
hl = mkStrOption config.lib.stylix.colors.base03;
keyword = mkStrOption config.lib.stylix.colors.base0E;
link = mkStrOption config.lib.stylix.colors.base09;
misc = mkStrOption config.lib.stylix.colors.base0F;
negative = mkStrOption config.lib.stylix.colors.base08;
neutral = mkStrOption config.lib.stylix.colors.base0C;
positive = mkStrOption config.lib.stylix.colors.base0B;
selection = mkStrOption config.lib.stylix.colors.base02;
transparent = mkStrOption "ffffff00";
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
border = mkStrOption config.lib.stylix.colors.base01;
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
};
font = {
size = {
application = mkIntOption 12;
terminal = mkIntOption 14;
popup = mkIntOption 12;
desktop = mkIntOption 14;
};
serif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
name = mkStrOption "SF Pro Display";
};
sansSerif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
name = mkStrOption "SF Pro Display";
};
monospace = {
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
name = mkStrOption "Terminess Nerd Font Mono";
};
emoji = {
package = mkPkgOption pkgs.noto-fonts-emoji;
name = mkStrOption "Noto Color Emoji";
};
};
opacity = {
application = mkFloatOption 0.85;
desktop = mkFloatOption 0.85;
popup = mkFloatOption 0.85;
terminal = mkFloatOption 0.85;
hex = mkStrOption "D9";
};
# cursor = {
# name = mkStrOption "Adwaita";
# package = mkPkgOption pkgs.adwaita-icon-theme;
# size = mkIntOption 14;
# };
cursor = {
name = mkStrOption "phinger-cursors-light";
package = mkPkgOption pkgs.phinger-cursors;
size = mkIntOption 24;
};
window = {
gap = mkIntOption 8;
border = mkIntOption 4;
};
};
}

42
config/Stylix.nix
View file

@ -1,42 +0,0 @@
{
pkgs,
config,
__findFile,
...
}:
{
stylix = {
enable = true;
image = config.module.wallpaper.path;
autoEnable = true;
polarity = "dark";
fonts = {
inherit (config.style.font)
serif
sansSerif
monospace
emoji
;
sizes = {
inherit (config.style.font.size) terminal desktop;
applications = config.style.font.size.application;
popups = config.style.font.size.popup;
};
};
opacity = {
inherit (config.style.opacity) desktop terminal;
applications = config.style.opacity.application;
popups = config.style.opacity.popups;
};
inherit (config.style) cursor;
override =
if config.module.wallpaper.forceContrastText then
{
base04 = "000000";
base05 = "ffffff";
base06 = "ffffff";
}
else
{ };
};
}

21
config/Wallpaper.nix
View file

@ -1,21 +0,0 @@
{ pkgs, lib, ... }:
with lib;
let
url = "https://i.imgur.com/yuZ2XSf.jpeg";
sha256 = "sha256-Z35D7gn28d2dtPHHVwzySOingy/d8CWKmK9LQjpyjEk=";
forceContrastText = false;
in
{
options = {
module.wallpaper = {
forceContrastText = mkOption {
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
type = types.bool;
};
path = mkOption {
default = pkgs.fetchurl { inherit url sha256; };
type = types.path;
};
};
};
}

99
container/Change.nix
View file

@ -1,57 +1,52 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}@args: }: let
with lib; cfg = config.container.module.change;
let in {
cfg = config.container.module.change; options.container.module.change = {
in enable = lib.mkEnableOption "the change detection service";
{ address = lib.mkOption {
options = { default = "10.1.0.41";
container.module.change = { type = lib.types.str;
enable = mkEnableOption "Change detection service"; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.41"; default = 5000;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 5000; default = "change.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "change.${config.container.domain}"; default = "${config.container.storage}/change";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/change";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.change = container.mkContainer cfg { containers.change = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/changedetection-io" = { "/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.changedetection-io = {
container.mkContainerConfig cfg { enable = true;
services.changedetection-io = { baseURL = cfg.domain;
enable = true; behindProxy = true;
baseURL = cfg.domain; listenAddress = cfg.address;
behindProxy = true; };
listenAddress = cfg.address; };
}; };
}; };
};
};
} }

143
container/Chat.nix
View file

@ -1,81 +1,72 @@
{ {
container, config,
lib, container,
config, lib,
pkgs, pkgs,
... ...
}: }: let
let cfg = config.container.module.chat;
cfg = config.container.module.chat; db = config.container.module.postgres;
db = config.container.module.postgres; in {
in options.container.module.chat = {
{ enable = lib.mkEnableOption "the chat container.";
options = { address = lib.mkOption {
container.module.chat = { default = "10.1.0.20";
enable = lib.mkEnableOption "chat container."; type = lib.types.str;
address = lib.mkOption { };
default = "10.1.0.20"; port = lib.mkOption {
type = lib.types.str; default = 8065;
}; type = lib.types.int;
port = lib.mkOption { };
default = 8065; domain = lib.mkOption {
type = lib.types.int; default = "chat.${config.container.domain}";
}; type = lib.types.str;
domain = lib.mkOption { };
default = "chat.${config.container.domain}"; storage = lib.mkOption {
type = lib.types.str; default = "${config.container.storage}/chat";
}; type = lib.types.str;
storage = lib.mkOption { };
default = "${config.container.storage}/chat"; };
type = lib.types.str;
};
};
};
# WIP: https://search.nixos.org/options?channel=24.05&from=0&size=50&sort=relevance&type=packages&query=mattermost # WIP: https://search.nixos.org/options?channel=24.05&from=0&size=50&sort=relevance&type=packages&query=mattermost
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.chat = container.mkContainer cfg { containers.chat = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/mattermost" = { "/var/lib/mattermost" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.mattermost = {
container.mkContainerConfig cfg { enable = true;
services.mattermost = { listenAddress = ":${toString cfg.port}";
enable = true; localDatabaseCreate = false;
listenAddress = ":${toString cfg.port}"; mutableConfig = false;
localDatabaseCreate = false; package = pkgs.mattermost;
mutableConfig = false; siteName = "Chat";
package = pkgs.mattermost; siteUrl = "https://${cfg.domain}";
siteName = "Chat"; statePath = "/var/lib/mattermost";
siteUrl = "https://${cfg.domain}"; plugins = [
statePath = "/var/lib/mattermost"; (pkgs.fetchurl rec {
plugins = hash = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA=";
let url = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz";
calls = version = "1.2.0";
let })
version = "1.2.0"; ];
in extraConfig = {
pkgs.fetchurl { SqlSettings = {
url = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz"; DataSource = "postgres://mattermost:any@${db.address}:${toString db.port}/mattermost?sslmode=disable&connect_timeout=10";
hash = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA="; DriverName = "postgres";
}; };
in };
[ calls ]; };
extraConfig = { };
SqlSettings = { };
DataSource = "postgres://mattermost:any@${db.address}:${toString db.port}/mattermost?sslmode=disable&connect_timeout=10"; };
DriverName = "postgres";
};
};
};
};
};
};
} }

156
container/Cloud.nix
View file

@ -1,85 +1,81 @@
{ {
container, config,
pkgs, container,
lib, lib,
config, pkgs,
... ...
}@args: }: let
with lib; cfg = config.container.module.cloud;
let postgres = config.container.module.postgres;
cfg = config.container.module.cloud; proxy = config.container.module.proxy;
in {
options.container.module.cloud = {
enable = lib.mkEnableOption "the file cloud service.";
address = lib.mkOption {
default = "10.1.0.13";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "cloud.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/cloud";
type = lib.types.str;
};
};
postgres = config.container.module.postgres; config = lib.mkIf cfg.enable {
proxy = config.container.module.proxy; systemd.tmpfiles.rules = container.mkContainerDir cfg [
in "data"
{ ];
options = {
container.module.cloud = {
enable = mkEnableOption "File cloud service";
address = mkOption {
default = "10.1.0.13";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "cloud.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/cloud";
type = types.str;
};
};
};
config = mkIf cfg.enable { containers.cloud = container.mkContainer cfg {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.cloud = container.mkContainer cfg { config = { config, ... }: container.mkContainerConfig cfg {
bindMounts = { services.nextcloud = {
"/var/lib/nextcloud" = { enable = true;
hostPath = "${cfg.storage}/data"; hostName = cfg.domain;
isReadOnly = false; # package = pkgs.nextcloud29;
}; # phpOptions = {
}; # memory_limit = lib.mkForce "20G";
# };
config = config = {
{ config, ... }: adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
container.mkContainerConfig cfg { adminuser = "root";
services.nextcloud = { dbhost = postgres.address;
enable = true; dbname = "nextcloud";
# package = pkgs.nextcloud29; dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
hostName = cfg.domain; dbtype = "pgsql";
# phpOptions = { dbuser = "nextcloud";
# memory_limit = lib.mkForce "20G"; };
# }; extraApps = {
config = { inherit (config.services.nextcloud.package.packages.apps)
adminuser = "root"; contacts calendar onlyoffice;
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}"; };
extraAppsEnable = true;
dbhost = postgres.address; settings = {
dbname = "nextcloud"; allow_local_remote_servers = true;
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}"; trusted_domains = [
dbtype = "pgsql"; cfg.address
dbuser = "nextcloud"; cfg.domain
}; ];
extraApps = { trusted_proxies = [
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice; proxy.address
}; ];
extraAppsEnable = true; };
settings = { };
trusted_domains = [ };
cfg.address };
cfg.domain };
];
trusted_proxies = [ proxy.address ];
allow_local_remote_servers = true;
};
};
};
};
};
} }

114
container/Ddns.nix
View file

@ -1,65 +1,59 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}@args: }: let
with lib; cfg = config.container.module.ddns;
let in {
cfg = config.container.module.ddns; options.container.module.ddns = {
in enable = lib.mkEnableOption "the dynamic dns client.";
{ address = lib.mkOption {
options = { default = "10.1.0.31";
container.module.ddns = { type = lib.types.str;
enable = mkEnableOption "Dynamic dns client."; };
address = mkOption { storage = lib.mkOption {
default = "10.1.0.31"; default = "${config.container.storage}/ddns";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/ddns";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.ddns = container.mkContainer cfg { containers.ddns = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/data" = { "/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.cloudflare-dyndns = {
container.mkContainerConfig cfg { enable = true;
services.cloudflare-dyndns = { apiTokenFile = "/data/token";
enable = true; deleteMissing = false;
apiTokenFile = "/data/token"; ipv4 = true;
deleteMissing = false; ipv6 = false;
ipv4 = true; proxied = false;
ipv6 = false; domains = let
proxied = false; domain = config.container.domain;
domains = in [
let domain
domain = config.container.domain; ] ++ map (sub: "${sub}.${domain}") [
in "cloud"
[ domain ] "git"
++ map (sub: "${sub}.${domain}") [ "mail"
"cloud" "office"
"git" "paste"
"mail" "play"
"office" "vpn"
"paste" ];
"play" };
"vpn" };
]; };
}; };
};
};
};
} }

265
container/Dns.nix
View file

@ -1,144 +1,127 @@
{ {
container, config,
pkgs, container,
lib, lib,
config, pkgs,
... ...
}: }: let
let cfg = config.container.module.dns;
cfg = config.container.module.dns; in {
in options.container.module.dns = {
{ enable = lib.mkEnableOption "the DNS server.";
options = { address = lib.mkOption {
container.module.dns = { default = "10.1.0.6";
enable = lib.mkEnableOption "the DNS server."; type = lib.types.str;
address = lib.mkOption { };
default = "10.1.0.6"; port = lib.mkOption {
type = lib.types.str; default = 53;
}; type = lib.types.int;
port = lib.mkOption { };
default = 53; };
type = lib.types.int;
};
};
};
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
containers.dns = container.mkContainer cfg { containers.dns = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.blocky = {
container.mkContainerConfig cfg { enable = true;
environment.systemPackages = [ pkgs.cloudflared ]; # REF: https://0xerr0r.github.io/blocky/main/configuration/
settings = {
# systemd.services.cloudflared = { bootstrapDns = "tcp+udp:1.1.1.1";
# description = "Cloudflare DoH server."; connectIPVersion = "v4";
# enable = true; ports.dns = cfg.port;
# wantedBy = [ "multi-user.target" ]; # httpPort = "80";
# serviceConfig = { upstreams.groups = {
# Type = "simple"; default = [
# ExecStart = "${lib.getExe pkgs.cloudflared} proxy-dns --port 5054"; "https://dns.quad9.net/dns-query"
# }; ];
# }; };
caching = {
services.blocky = { maxItemsCount = 100000;
enable = true; maxTime = "30m";
# REF: https://0xerr0r.github.io/blocky/main/configuration/ minTime = "5m";
settings = { prefetchExpires = "2h";
bootstrapDns = "tcp+udp:1.1.1.1"; prefetchMaxItemsCount = 100000;
connectIPVersion = "v4"; prefetchThreshold = 5;
upstreams.groups = { prefetching = true;
default = [ "https://dns.quad9.net/dns-query" ]; };
}; blocking = {
caching = { blockTTL = "1m";
maxItemsCount = 100000; blockType = "zeroIP";
maxTime = "30m"; loading = {
minTime = "5m"; refreshPeriod = "24h";
prefetchExpires = "2h"; strategy = "blocking";
prefetchMaxItemsCount = 100000; downloads = {
prefetchThreshold = 5; attempts = 3;
prefetching = true; cooldown = "10s";
}; timeout = "5m";
blocking = { };
blockTTL = "1m"; };
blockType = "zeroIP"; # SRC: https://oisd.nl
loading = { # SRC: https://v.firebog.net
refreshPeriod = "24h"; denylists = {
strategy = "blocking"; suspicious = [
downloads = { "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
timeout = "5m"; "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts
attempts = 3; "https://v.firebog.net/hosts/static/w3kbl.txt"
cooldown = "10s"; ];
}; ads = [
}; "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
# SRC: https://oisd.nl "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
# SRC: https://v.firebog.net "https://v.firebog.net/hosts/AdguardDNS.txt"
denylists = { "https://v.firebog.net/hosts/Admiral.txt"
suspicious = [ "https://v.firebog.net/hosts/Easylist.txt"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" ];
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts tracking = [
"https://v.firebog.net/hosts/static/w3kbl.txt" "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
]; "https://v.firebog.net/hosts/Easyprivacy.txt"
ads = [ "https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" ];
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts" malicious = [
"https://v.firebog.net/hosts/AdguardDNS.txt" "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://v.firebog.net/hosts/Admiral.txt" "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://v.firebog.net/hosts/Easylist.txt" "https://phishing.army/download/phishing_army_blocklist_extended.txt"
]; "https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
tracking = [ "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt" "https://urlhaus.abuse.ch/downloads/hostfile/"
"https://v.firebog.net/hosts/Easyprivacy.txt" "https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt" "https://v.firebog.net/hosts/Prigent-Malware.txt"
]; ];
malicious = [ other = [
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt" "https://big.oisd.nl/domainswild"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt" "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
"https://phishing.army/download/phishing_army_blocklist_extended.txt" ];
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts" };
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt" # allowlists = {
"https://urlhaus.abuse.ch/downloads/hostfile/" # other = [
"https://v.firebog.net/hosts/Prigent-Crypto.txt" # "/.*.vk.com/"
"https://v.firebog.net/hosts/Prigent-Malware.txt" # ];
]; # };
other = [ clientGroupsBlock = {
"https://big.oisd.nl/domainswild" default = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser" "ads"
]; "malicious"
}; "other"
# allowlists = { "suspicious"
# other = [ "tracking"
# "/.*.vk.com/" ];
# ]; };
# }; };
clientGroupsBlock = { customDNS = {
default = [ mapping = let
"suspicious" block = host: { ${host} = "0.0.0.0"; };
"ads" in {
"tracking" # All subdomains to current host.
"malicious" # ${config.container.domain} = config.container.host;
"other" "voronind.com" = "10.0.0.1";
]; }
}; // block "gosuslugi.ru"
}; // block "rutube.ru"
customDNS = { // block "vk.com"
mapping = ;
let };
block = host: { ${host} = "0.0.0.0"; }; };
in };
{ };
# All subdomains to current host. };
# ${config.container.domain} = config.container.host; };
"voronind.com" = "10.0.0.1";
}
// block "gosuslugi.ru"
// block "rutube.ru"
// block "vk.com";
};
ports.dns = cfg.port;
# httpPort = "80";
};
};
};
};
};
} }

121
container/Download.nix
View file

@ -1,68 +1,63 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}: }: let
with lib; cfg = config.container.module.download;
let in {
cfg = config.container.module.download; options.container.module.download = {
in enable = lib.mkEnableOption "the bit-torrent downloader.";
{ address = lib.mkOption {
options = { default = "10.1.0.12";
container.module.download = { type = lib.types.str;
enable = mkEnableOption "Downloader."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.12"; default = 8112;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 8112; default = "download.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "download.${config.container.domain}"; default = "${config.container.storage}/download";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { memLimit = lib.mkOption {
default = "${config.container.storage}/download"; default = "4G";
type = types.str; type = lib.types.str;
}; };
memLimit = mkOption { };
default = "4G";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.download = container.mkContainer cfg { containers.download = container.mkContainer cfg {
enableTun = true; enableTun = true;
bindMounts = {
"/var/lib/deluge/.config/deluge" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
}
// container.attachMedia "download" false
;
bindMounts = { config = { ... }: container.mkContainerConfig cfg {
"/var/lib/deluge/.config/deluge" = { services.deluge = {
hostPath = "${cfg.storage}/data"; enable = true;
isReadOnly = false; dataDir = "/var/lib/deluge";
}; web.enable = true;
} // container.attachMedia "download" false; };
systemd.services.deluged.serviceConfig = {
config = MemoryLimit = cfg.memLimit;
{ ... }: Restart = lib.mkForce "always";
container.mkContainerConfig cfg { RuntimeMaxSec = "6h";
services.deluge = { };
enable = true; };
dataDir = "/var/lib/deluge"; };
web.enable = true; };
};
systemd.services.deluged.serviceConfig = {
MemoryLimit = cfg.memLimit;
Restart = lib.mkForce "always";
RuntimeMaxSec = "6h";
};
};
};
};
} }

228
container/Frkn.nix
View file

@ -1,130 +1,122 @@
# TODO: Saved just in case for the dark future.
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
{ {
container, __findFile,
pkgs, config,
lib, container,
config, lib,
__findFile, pkgs,
... util,
}: ...
with lib; } @args: let
let cfg = config.container.module.frkn;
cfg = config.container.module.frkn; in {
in options.container.module.frkn = {
{ enable = lib.mkEnableOption "the Allmighty FRKN service.";
options = { address = lib.mkOption {
container.module.frkn = { default = "10.1.0.69";
enable = mkEnableOption "FRKN"; type = lib.types.str;
address = mkOption { };
default = "10.1.0.69"; port = lib.mkOption {
type = types.str; default = 1080;
}; type = lib.types.int;
port = mkOption { };
default = 1080; torport = lib.mkOption {
type = types.int; default = 9150;
}; type = lib.types.int;
torport = mkOption { };
default = 9150; xrayport = lib.mkOption {
type = types.int; default = 1081;
}; type = lib.types.int;
xrayport = mkOption { };
default = 1081; storage = lib.mkOption {
type = types.int; default = "${config.container.storage}/frkn";
}; type = lib.types.str;
storage = mkOption { };
default = "${config.container.storage}/frkn"; };
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.frkn = container.mkContainer cfg { containers.frkn = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/data" = { "/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: imports = [
container.mkContainerConfig cfg { (import <module/Zapret.nix> args)
boot.kernel.sysctl = { ];
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
imports = [ <module/Zapret.nix> ]; boot.kernel.sysctl = {
module.zapret = { "net.ipv4.conf.all.src_valid_mark" = 1;
enable = true; "net.ipv4.ip_forward" = 1;
params = config.module.zapret.params; };
};
services = { module.zapret = {
microsocks = { enable = true;
enable = true; params = config.module.zapret.params;
ip = cfg.address; };
port = cfg.port;
disableLogging = true;
#authUsername
#outgoingBindIp
#authOnce
};
tor = { services = {
enable = true; microsocks = {
openFirewall = true; enable = true;
settings = disableLogging = true;
let ip = cfg.address;
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}"; port = cfg.port;
in };
{
# ExcludeExitNodes = exclude;
# ExcludeNodes = exclude;
#DNSPort = dnsport;
UseBridges = true;
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
Bridge = [
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
];
};
client = { tor = {
enable = true; enable = true;
#dns.enable = true; openFirewall = true;
socksListenAddress = { settings = let
IsolateDestAddr = true; exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
addr = cfg.address; in {
port = cfg.torport; # ExcludeExitNodes = exclude;
}; # ExcludeNodes = exclude;
}; # DNSPort = dnsport;
}; UseBridges = true;
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
Bridge = [
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
];
};
xray = { client = {
enable = true; enable = true;
settingsFile = "/data/Client.json"; # dns.enable = true;
}; socksListenAddress = {
}; IsolateDestAddr = true;
addr = cfg.address;
port = cfg.torport;
};
};
};
systemd = { xray = {
services.tor.wantedBy = lib.mkForce [ ]; enable = true;
settingsFile = "/data/Client.json";
};
};
timers.tor = { systemd = {
timerConfig = { services.tor.wantedBy = lib.mkForce [ ];
OnBootSec = 5;
Unit = "tor.service"; timers.tor = {
}; timerConfig = {
wantedBy = [ "timers.target" ]; OnBootSec = 5;
}; Unit = "tor.service";
}; };
}; wantedBy = [ "timers.target" ];
}; };
}; };
};
};
};
} }

216
container/Git.nix
View file

@ -1,121 +1,111 @@
{ {
container, config,
pkgs, container,
config, lib,
lib, pkgs,
... ...
}: }: let
with lib; cfg = config.container.module.git;
let in {
cfg = config.container.module.git; options.container.module.git = {
in enable = lib.mkEnableOption "the git server.";
{ address = lib.mkOption {
options = { default = "10.1.0.8";
container.module.git = { type = lib.types.str;
enable = mkEnableOption "Git server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.8"; default = 3000;
type = types.str; type = lib.types.int;
}; };
port = mkOption { portSsh = lib.mkOption {
default = 3000; default = 22144;
type = types.int; type = lib.types.int;
}; };
portSsh = mkOption { domain = lib.mkOption {
default = 22144; default = "git.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "git.${config.container.domain}"; default = "${config.container.storage}/git";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/git";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.git = container.mkContainer cfg { containers.git = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/forgejo" = { "/var/lib/forgejo" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = with pkgs; [
container.mkContainerConfig cfg { forgejo
environment.systemPackages = with pkgs; [ forgejo ]; ];
services.forgejo = { services.forgejo = {
enable = true; enable = true;
stateDir = "/var/lib/forgejo"; stateDir = "/var/lib/forgejo";
database = database = let
let postgre = config.container.module.postgres;
postgre = config.container.module.postgres; in {
in createDatabase = false;
{ host = postgre.address;
type = "postgres"; name = "forgejo";
host = postgre.address; port = postgre.port;
port = postgre.port; type = "postgres";
user = "forgejo"; user = "forgejo";
name = "forgejo"; };
createDatabase = false;
};
settings = settings = let
let gcArgs = "--aggressive --no-cruft --prune=now";
gcArgs = "--aggressive --no-cruft --prune=now"; gcTimeout = 600;
gcTimeout = 600; in {
in "cron.cleanup_actions".ENABLED = true;
{ "cron.update_mirrors".SCHEDULE = "@midnight";
"service".DISABLE_REGISTRATION = true; "git".GC_ARGS = gcArgs;
"log".LEVEL = "Error"; "git.timeout".GC = gcTimeout;
"server" = { "log".LEVEL = "Error";
DOMAIN = cfg.domain; "repo-archive".ENABLED = false;
HTTP_ADDR = cfg.address; "repository.issue".MAX_PINNED = 99999;
ROOT_URL = "https://${cfg.domain}"; "repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
"service".DISABLE_REGISTRATION = true;
BUILTIN_SSH_SERVER_USER = "git"; "server" = {
DISABLE_SSH = false; DOMAIN = cfg.domain;
SSH_PORT = cfg.portSsh; HTTP_ADDR = cfg.address;
START_SSH_SERVER = true; ROOT_URL = "https://${cfg.domain}";
}; BUILTIN_SSH_SERVER_USER = "git";
"ui" = { DISABLE_SSH = false;
AMBIGUOUS_UNICODE_DETECTION = false; SSH_PORT = cfg.portSsh;
}; START_SSH_SERVER = true;
"repository" = { };
DEFAULT_PRIVATE = "private"; "ui" = {
DEFAULT_PUSH_CREATE_PRIVATE = true; AMBIGUOUS_UNICODE_DETECTION = false;
}; };
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase"; "repository" = {
"repository.issue".MAX_PINNED = 99999; DEFAULT_PRIVATE = "private";
"cron" = { DEFAULT_PUSH_CREATE_PRIVATE = true;
ENABLED = true; };
RUN_AT_START = true; "cron" = {
}; ENABLED = true;
"repo-archive".ENABLED = false; RUN_AT_START = true;
"cron.update_mirrors".SCHEDULE = "@midnight"; };
"cron.cleanup_actions".ENABLED = true; "cron.git_gc_repos" = {
"cron.git_gc_repos" = { ENABLED = true;
ENABLED = true; ARGS = gcArgs;
SCHEDULE = "@midnight"; SCHEDULE = "@midnight";
TIMEOUT = gcTimeout; TIMEOUT = gcTimeout;
ARGS = gcArgs; };
}; };
"git" = { };
GC_ARGS = gcArgs; };
}; };
"git.timeout".GC = gcTimeout; };
};
};
};
};
};
} }

79
container/Hdd.nix
View file

@ -1,79 +0,0 @@
# ISSUE: Broken, can't read/write sda device.
{
container,
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.container.module.hdd;
in
{
options = {
container.module.hdd = {
enable = mkEnableOption "Hdd health monitor.";
address = mkOption {
default = "10.1.0.10";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "hdd.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/hdd";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
containers.hdd = container.mkContainer cfg {
# bindMounts = let
# attachDrive = hostPath: {
# inherit hostPath;
# isReadOnly = false;
# };
# in {
# "/opt/scrutiny" = {
# hostPath = "${cfg.storage}/data";
# isReadOnly = false;
# };
# "/dev/sda" = attachDrive "/dev/sda";
# };
# allowedDevices = [
# {
# modifier = "rwm";
# node = "/dev/sda";
# }
# ];
# additionalCapabilities = [ "CAP_SYS_ADMIN" ];
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ smartmontools ];
services.scrutiny = {
enable = true;
settings.web = {
listen = {
host = cfg.address;
port = cfg.port;
};
};
};
};
};
};
}

104
container/Home.nix
View file

@ -1,58 +1,54 @@
{ {
container, __findFile,
pkgs, config,
util, container,
lib, lib,
config, pkgs,
__findFile, util,
... ...
}@args: } @args: let
with lib; cfg = config.container.module.home;
let package = (pkgs.callPackage <package/homer> args);
cfg = config.container.module.home; in {
package = (pkgs.callPackage <package/homer> args); options.container.module.home = {
in enable = lib.mkEnableOption "the dashboard.";
{ address = lib.mkOption {
options = { default = "10.1.0.18";
container.module.home = { type = lib.types.str;
enable = mkEnableOption "Dashboard."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.18"; default = 80;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 80; default = "home.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { };
default = "home.${config.container.domain}";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
containers.home = container.mkContainer cfg { containers.home = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = [
container.mkContainerConfig cfg { package
environment.systemPackages = [ package ]; ];
systemd.packages = [ package ]; systemd.packages = [
package
];
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts.${cfg.domain} = container.mkServer { virtualHosts.${cfg.domain} = container.mkServer {
default = true; default = true;
root = "${package}"; root = "${package}";
locations = {
locations = { "/".extraConfig = util.trimTabs ''
"/".extraConfig = '' try_files $uri $uri/index.html;
try_files $uri $uri/index.html; '';
''; };
}; };
}; };
}; };
}; };
}; };
};
} }

226
container/Iot.nix
View file

@ -1,123 +1,119 @@
{ {
container, config,
lib, container,
config, lib,
pkgsStable, ...
... }: let
}: cfg = config.container.module.iot;
with lib; in {
let options.container.module.iot = {
cfg = config.container.module.iot; enable = lib.mkEnableOption "IoT service.";
in address = lib.mkOption {
{ default = "10.1.0.27";
options = { type = lib.types.str;
container.module.iot = { };
enable = mkEnableOption "IoT service."; port = lib.mkOption {
address = mkOption { default = 8123;
default = "10.1.0.27"; type = lib.types.int;
type = types.str; };
}; domain = lib.mkOption {
port = mkOption { default = "iot.${config.container.domain}";
default = 8123; type = lib.types.str;
type = types.int; };
}; storage = lib.mkOption {
domain = mkOption { default = "${config.container.storage}/iot";
default = "iot.${config.container.domain}"; type = lib.types.str;
type = types.str; };
}; };
storage = mkOption {
default = "${config.container.storage}/iot";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.iot = container.mkContainer cfg { containers.iot = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/hass" = { "/var/lib/hass" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
"/dev/ttyACM0" = { "/dev/ttyACM0" = {
hostPath = "/dev/ttyACM0"; hostPath = "/dev/ttyACM0";
isReadOnly = false; isReadOnly = false;
}; };
"/dev/serial/by-id" = { "/dev/serial/by-id" = {
hostPath = "/dev/serial/by-id"; hostPath = "/dev/serial/by-id";
isReadOnly = false; isReadOnly = false;
}; };
} // container.attachMedia "photo" true; }
// container.attachMedia "photo" true
;
allowedDevices = [ allowedDevices = [
{ {
modifier = "rwm"; modifier = "rwm";
node = "/dev/ttyACM0"; node = "/dev/ttyACM0";
} }
]; ];
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: # Allow Hass to talk to Zigbee dongle.
container.mkContainerConfig cfg { users.users.hass.extraGroups = [
# Allow Hass to talk to Zigbee dongle. "dialout"
users.users.hass.extraGroups = [ "tty"
"dialout" ];
"tty"
];
services.home-assistant = { services.home-assistant = {
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`. # NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
enable = true; enable = true;
extraComponents = [ # NOTE: Using imperative config because of secrets.
"caldav" config = null;
"met" configDir = "/var/lib/hass";
"sun" extraComponents = [
"systemmonitor" "caldav"
"zha" "met"
]; "sun"
extraPackages = "systemmonitor"
python3Packages: with python3Packages; [ "zha"
aiodhcpwatcher ];
aiodiscover extraPackages =
aiogithubapi python3Packages: with python3Packages; [
arrow aiodhcpwatcher
async-upnp-client aiodiscover
av aiogithubapi
gtts arrow
ha-ffmpeg async-upnp-client
hassil av
home-assistant-intents gtts
mutagen ha-ffmpeg
numpy hassil
pymicro-vad home-assistant-intents
pynacl mutagen
python-telegram-bot numpy
pyturbojpeg pymicro-vad
pyspeex-noise pynacl
zeroconf pyspeex-noise
]; python-telegram-bot
configDir = "/var/lib/hass"; pyturbojpeg
# lovelaceConfig = { zeroconf
# title = "Home IoT control center."; ];
# }; # lovelaceConfig = {
# NOTE: Using imperative config because of secrets. # title = "Home IoT control center.";
config = null; # };
}; };
# HACK: Delay so that nextcloud calendar can reply on reboot. # HACK: Delay so that nextcloud calendar can reply on reboot.
systemd = { systemd = {
services."home-assistant".wantedBy = mkForce [ ]; services."home-assistant".wantedBy = lib.mkForce [ ];
timers.fixsystemd = { timers.fixsystemd = {
timerConfig = { timerConfig = {
OnBootSec = 15; OnBootSec = 60;
Unit = "home-assistant.service"; Unit = "home-assistant.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
}; };
}; };
}; };
}; };
}; };
} }

144
container/Jobber.nix
View file

@ -1,79 +1,79 @@
{ {
container, __findFile,
pkgsJobber, config,
poetry2nixJobber, container,
lib, lib,
config, pkgsJobber,
__findFile, poetry2nixJobber,
... ...
}: }: let
with lib; cfg = config.container.module.jobber;
let script = import <package/jobber> {
cfg = config.container.module.jobber; pkgs = pkgsJobber;
script = import <package/jobber> { poetry2nix = poetry2nixJobber;
poetry2nix = poetry2nixJobber; };
pkgs = pkgsJobber; in {
}; options.container.module.jobber = {
in enable = lib.mkEnableOption "Stanley - the button pusher.";
{ address = lib.mkOption {
options = { default = "10.1.0.32";
container.module.jobber = { type = lib.types.str;
enable = mkEnableOption "Button pusher Stanley."; };
address = mkOption { storage = lib.mkOption {
default = "10.1.0.32"; default = "${config.container.storage}/jobber";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/jobber";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.jobber = container.mkContainer cfg { containers.jobber = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/data" = { "/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = true; isReadOnly = true;
}; };
}; };
enableTun = true; enableTun = true;
config = config = { ... }: let
{ lib, ... }: packages = [
let script
packages = ] ++ (with pkgsJobber; [
[ script ] firefox
++ (with pkgsJobber; [ geckodriver
firefox openvpn
geckodriver python311
openvpn ]);
python311 in container.mkContainerConfig cfg {
]); networking = lib.mkForce {
in nameservers = [
container.mkContainerConfig cfg { "10.30.218.2"
networking = lib.mkForce { nameservers = [ "10.30.218.2" ]; }; ];
};
systemd.services.jobber = { systemd.services.jobber = {
description = "My job is pushing the button."; description = "My job is pushing the button.";
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; path = packages;
path = packages; wantedBy = [
environment = { "multi-user.target"
PYTHONUNBUFFERED = "1"; ];
PYTHONDONTWRITEBYTECODE = "1"; environment = {
}; PYTHONDONTWRITEBYTECODE = "1";
serviceConfig = { PYTHONUNBUFFERED = "1";
Type = "simple"; };
ExecStart = "${script}/bin/jobber -u"; serviceConfig = {
Restart = "on-failure"; ExecStart = "${script}/bin/jobber -u";
}; Restart = "on-failure";
}; Type = "simple";
}; };
}; };
}; };
};
};
} }

430
container/Mail.nix
View file

@ -1,244 +1,224 @@
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html # Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
{ {
container, config,
pkgs, const,
util, container,
const, lib,
lib, pkgs,
config, util,
... ...
}: }: let
with lib; cfg = config.container.module.mail;
let domain = config.container.domain;
cfg = config.container.module.mail; in {
domain = config.container.domain; options.container.module.mail = {
in enable = lib.mkEnableOption "the email server.";
{ address = lib.mkOption {
options = { default = "10.1.0.5";
container.module.mail = { type = lib.types.str;
enable = mkEnableOption "Email server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.5"; default = 80;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 80; default = "mail.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "mail.${config.container.domain}"; default = "${config.container.storage}/mail";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/mail";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
# "data/indices" ];
# "data/vmail"
# "data/sieve"
# "data/dkim"
];
containers.mail = container.mkContainer cfg { containers.mail = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/dovecot/indices" = { "/var/lib/dovecot/indices" = {
hostPath = "${cfg.storage}/data/indices"; hostPath = "${cfg.storage}/data/indices";
isReadOnly = false; isReadOnly = false;
}; };
"/var/vmail" = { "/var/vmail" = {
hostPath = "${cfg.storage}/data/vmail"; hostPath = "${cfg.storage}/data/vmail";
isReadOnly = false; isReadOnly = false;
}; };
"/var/sieve" = { "/var/sieve" = {
hostPath = "${cfg.storage}/data/sieve"; hostPath = "${cfg.storage}/data/sieve";
isReadOnly = false; isReadOnly = false;
}; };
"/var/dkim" = { "/var/dkim" = {
hostPath = "${cfg.storage}/data/dkim"; hostPath = "${cfg.storage}/data/dkim";
isReadOnly = false; isReadOnly = false;
}; };
"/acme" = { "/acme" = {
hostPath = "${config.container.module.proxy.storage}/letsencrypt"; hostPath = "${config.container.module.proxy.storage}/letsencrypt";
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = config = { config, ... }: container.mkContainerConfig cfg {
{ config, ... }: imports = [
container.mkContainerConfig cfg { (builtins.fetchTarball {
imports = [ sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
(builtins.fetchTarball { url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz"; })
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b"; ];
})
];
mailserver = { mailserver = {
enable = true; enable = true;
domains = [ domain ]; domains = [ domain ];
fqdn = cfg.domain; fqdn = cfg.domain;
sendingFqdn = domain; sendingFqdn = domain;
# Use `mkpasswd -sm bcrypt`. # Use `mkpasswd -sm bcrypt`.
loginAccounts = loginAccounts = let
let defaultQuota = "1G";
defaultQuota = "1G"; in {
in "admin@${domain}" = {
{ hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
"admin@${domain}" = { name = "admin";
name = "admin"; quota = defaultQuota;
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi"; };
quota = defaultQuota; "account@${domain}" = {
}; hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
"account@${domain}" = { name = "account";
name = "account"; quota = defaultQuota;
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO"; };
quota = defaultQuota; "hi@${domain}" = {
}; hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
"hi@${domain}" = { name = "hi";
name = "hi"; quota = defaultQuota;
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq"; aliases = [
quota = defaultQuota; "voronind@${domain}"
aliases = [ "voronind@${domain}" ]; ];
}; };
"job@${domain}" = { "job@${domain}" = {
name = "job"; hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC"; name = "job";
quota = defaultQuota; quota = defaultQuota;
}; };
"trash@${domain}" = { "trash@${domain}" = {
name = "trash"; hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm"; name = "trash";
catchAll = [ domain ]; quota = defaultQuota;
quota = defaultQuota; catchAll = [
}; domain
"noreply@${domain}" = { ];
name = "noreply"; };
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK"; "noreply@${domain}" = {
sendOnly = true; hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
quota = defaultQuota; name = "noreply";
}; quota = defaultQuota;
}; sendOnly = true;
};
};
enableImap = true; enableImap = true;
enableImapSsl = true; enableImapSsl = true;
enableSubmission = true; enableSubmission = true;
enableSubmissionSsl = true; enableSubmissionSsl = true;
enableManageSieve = true; enableManageSieve = true;
virusScanning = false; virusScanning = false;
certificateScheme = "manual"; certificateFile = "/acme/live/${domain}/cert.pem";
keyFile = "/acme/live/${domain}/privkey.pem"; certificateScheme = "manual";
certificateFile = "/acme/live/${domain}/cert.pem"; keyFile = "/acme/live/${domain}/privkey.pem";
indexDir = "/var/lib/dovecot/indices"; dkimKeyDirectory = "/var/dkim";
mailDirectory = "/var/vmail"; indexDir = "/var/lib/dovecot/indices";
sieveDirectory = "/var/sieve"; mailDirectory = "/var/vmail";
dkimKeyDirectory = "/var/dkim"; sieveDirectory = "/var/sieve";
mailboxes = { mailboxes = let
All = { mkSpecialBox = specialUse: {
auto = "subscribe"; ${specialUse} = {
specialUse = "All"; inherit specialUse;
}; auto = "subscribe";
Archive = { };
auto = "subscribe"; };
specialUse = "Archive"; in builtins.foldl' (acc: box: acc // (mkSpecialBox box)) {} [
}; "All"
Drafts = { "Archive"
auto = "subscribe"; "Drafts"
specialUse = "Drafts"; "Junk"
}; "Sent"
Junk = { "Trash"
auto = "subscribe"; ];
specialUse = "Junk";
# autoexpunge = "3d";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
Trash = {
auto = "subscribe";
specialUse = "Trash";
# autoexpunge = "30d";
};
};
dmarcReporting = { dmarcReporting = {
inherit domain; inherit domain;
enable = true; enable = true;
organizationName = "voronind"; organizationName = "voronind";
# email = "noreply@${domain}"; # email = "noreply@${domain}";
}; };
# monitoring = { # monitoring = {
# enable = true; # enable = true;
# alertAddress = "admin@${domain}"; # alertAddress = "admin@${domain}";
# }; # };
}; };
services = { services = {
roundcube = { roundcube = {
enable = true; enable = true;
dicts = with pkgs.aspellDicts; [ hostName = cfg.domain;
en dicts = with pkgs.aspellDicts; [
ru en
]; ru
hostName = cfg.domain; ];
plugins = [ "managesieve" ]; plugins = [
extraConfig = '' "managesieve"
# starttls needed for authentication, so the fqdn required to match ];
# the certificate extraConfig = util.trimTabs ''
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_server'] = "localhost:25";
# $config['smtp_server'] = "tls://localhost"; $config['smtp_auth_type'] = null;
$config['smtp_server'] = "localhost:25"; $config['smtp_user'] = "";
$config['smtp_auth_type'] = null; $config['smtp_pass'] = "";
$config['smtp_user'] = ""; # $config['smtp_user'] = "%u";
$config['smtp_pass'] = ""; # $config['smtp_pass'] = "%p";
# $config['smtp_user'] = "%u"; '';
# $config['smtp_pass'] = "%p"; };
'';
};
nginx = { nginx.virtualHosts.${cfg.domain} = {
virtualHosts.${cfg.domain} = { enableACME = false;
forceSSL = false; forceSSL = false;
enableACME = false; };
}; };
};
};
systemd = { systemd = {
services.autoexpunge = { services.autoexpunge = {
description = "Delete old mail"; description = "Delete old mail";
serviceConfig.Type = "oneshot"; serviceConfig = {
path = [ pkgs.dovecot ]; Type = "oneshot";
script = '' };
doveadm expunge -A mailbox Junk SENTBEFORE 7d path = [
doveadm expunge -A mailbox Trash SENTBEFORE 30d pkgs.dovecot
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d ];
doveadm purge -A script = util.trimTabs ''
''; doveadm expunge -A mailbox Junk SENTBEFORE 7d
}; doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A
'';
};
timers.autoexpunge = { timers.autoexpunge = {
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
Persistent = true; Persistent = true;
Unit = "autoexpunge.service"; Unit = "autoexpunge.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [
}; "timers.target"
}; ];
}; };
}; };
}; };
};
};
} }

177
container/Office.nix
View file

@ -3,104 +3,99 @@
# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS # 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
# See https://git.voronind.com/voronind/nixos/issues/74 # See https://git.voronind.com/voronind/nixos/issues/74
{ {
container, config,
pkgs, container,
util, lib,
lib, pkgs,
config, util,
... ...
}: }: let
with lib; cfg = config.container.module.office;
let in {
cfg = config.container.module.office; options.container.module.office = {
in enable = lib.mkEnableOption "the office web suite.";
{ address = lib.mkOption {
options = { default = "10.1.0.21";
container.module.office = { type = lib.types.str;
enable = mkEnableOption "Office web suite."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.21"; default = 8000;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 8000; default = "office.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "office.${config.container.domain}"; default = "${config.container.storage}/office";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/office";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.office = container.mkContainer cfg { containers.office = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/onlyoffice" = { "/var/lib/onlyoffice" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931 # HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config = config = { pkgs, ... }: container.mkContainerConfig cfg {
{ pkgs, ... }: virtualisation.oci-containers.backend = "docker";
container.mkContainerConfig cfg { virtualisation.oci-containers.containers.office = {
virtualisation.oci-containers.backend = "docker"; autoStart = true;
virtualisation.oci-containers.containers.office = { image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
autoStart = true; # ports = [ "${toString cfg.port}:8000" ];
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest"; extraOptions = [
# ports = [ "${toString cfg.port}:8000" ]; "--network=host"
extraOptions = [ "--privileged"
"--network=host" ];
"--privileged" environment = {
]; AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
environment = { DB_HOST = config.container.module.postgres.address;
JWT_ENABLED = "true"; DB_NAME = "onlyoffice";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS"; DB_PORT = toString config.container.module.postgres.port;
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; DB_PWD = "onlyoffice";
DB_HOST = config.container.module.postgres.address; DB_USER = "onlyoffice";
DB_PORT = toString config.container.module.postgres.port; JWT_ENABLED = "true";
DB_NAME = "onlyoffice"; JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
DB_USER = "onlyoffice"; };
DB_PWD = "onlyoffice"; };
}; };
};
};
# config = { pkgs, ... }: container.mkContainerConfig cfg { # config = { pkgs, ... }: container.mkContainerConfig cfg {
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig). # # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# nixpkgs.overlays = [ (final: prev: { # nixpkgs.overlays = [ (final: prev: {
# corefonts = prev.corefonts.overrideAttrs (old: { # corefonts = prev.corefonts.overrideAttrs (old: {
# meta.license = mkForce licenses.mit; # meta.license = mkForce licenses.mit;
# }); # });
# })]; # })];
# services.onlyoffice = let # services.onlyoffice = let
# dbName = "onlyoffice"; # dbName = "onlyoffice";
# in { # in {
# enable = true; # enable = true;
# hostname = cfg.domain; # hostname = cfg.domain;
# postgresName = dbName; # postgresName = dbName;
# postgresHost = config.container.module.postgres.address; # postgresHost = config.container.module.postgres.address;
# postgresUser = dbName; # postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}"; # postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# jwtSecretFile = "/var/lib/onlyoffice/jwt"; # jwtSecretFile = "/var/lib/onlyoffice/jwt";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; # rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# examplePort = cfg.port; # examplePort = cfg.port;
# enableExampleServer = true; # enableExampleServer = true;
# }; # };
# }; # };
}; };
}; };
} }

193
container/Paper.nix
View file

@ -1,106 +1,99 @@
{ {
container, config,
pkgs, container,
pkgsStable, lib,
lib, pkgs,
config, ...
... }: let
}: cfg = config.container.module.paper;
with lib; in {
let options.container.module.paper = {
cfg = config.container.module.paper; enable = lib.mkEnableOption "the paper scans manager.";
in address = lib.mkOption {
{ default = "10.1.0.40";
options = { type = lib.types.str;
container.module.paper = { };
enable = mkEnableOption "Paper scans manager."; port = lib.mkOption {
address = mkOption { default = 28981;
default = "10.1.0.40"; type = lib.types.int;
type = types.str; };
}; domain = lib.mkOption {
port = mkOption { default = "paper.${config.container.domain}";
default = 28981; type = lib.types.str;
type = types.int; };
}; storage = lib.mkOption {
domain = mkOption { default = "${config.container.storage}/paper";
default = "paper.${config.container.domain}"; type = lib.types.str;
type = types.str; };
}; };
storage = mkOption {
default = "${config.container.storage}/paper";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.paper = container.mkContainer cfg { containers.paper = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/paperless" = { "/var/lib/paperless" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/paperless/media" = { "/var/lib/paperless/media" = {
hostPath = "${elemAt config.container.media.paper 0}"; hostPath = "${lib.elemAt config.container.media.paper 0}";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ lib, ... }: services.paperless = {
container.mkContainerConfig cfg { enable = true;
services.paperless = { address = "0.0.0.0";
enable = true; dataDir = "/var/lib/paperless";
dataDir = "/var/lib/paperless"; port = cfg.port;
# address = cfg.domain; passwordFile = pkgs.writeText "PaperlessPassword" "root"; # NOTE: Only for initial setup, change later.
address = "0.0.0.0"; settings = {
port = cfg.port; PAPERLESS_ADMIN_USER = "root";
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596 PAPERLESS_DBENGINE = "postgresql";
# package = pkgsStable.paperless-ngx; PAPERLESS_DBHOST = config.container.module.postgres.address;
passwordFile = pkgs.writeText "PaperlessPassword" "root"; PAPERLESS_DBNAME = "paperless";
settings = { PAPERLESS_DBPASS = "paperless";
PAPERLESS_URL = "https://${cfg.domain}"; PAPERLESS_DBPORT = config.container.module.postgres.port;
PAPERLESS_ADMIN_USER = "root"; PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBHOST = config.container.module.postgres.address; PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
PAPERLESS_DBNAME = "paperless"; PAPERLESS_URL = "https://${cfg.domain}";
PAPERLESS_DBPASS = "paperless"; };
PAPERLESS_DBPORT = config.container.module.postgres.port; };
PAPERLESS_DBUSER = "paperless";
PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
};
};
# HACK: This is required for TCP postgres connection. # HACK: This is required for TCP postgres connection.
systemd = { systemd = {
services = { services = {
paperless-scheduler = { paperless-scheduler = {
serviceConfig.PrivateNetwork = mkForce false; serviceConfig.PrivateNetwork = lib.mkForce false;
wantedBy = mkForce [ ]; wantedBy = lib.mkForce [ ];
}; };
paperless-consumer = { paperless-consumer = {
serviceConfig.PrivateNetwork = mkForce false; serviceConfig.PrivateNetwork = lib.mkForce false;
wantedBy = mkForce [ ]; wantedBy = lib.mkForce [ ];
}; };
paperless-web = { paperless-web = {
wantedBy = mkForce [ ]; wantedBy = lib.mkForce [ ];
}; };
paperless-task-queue = { paperless-task-queue = {
wantedBy = mkForce [ ]; wantedBy = lib.mkForce [ ];
}; };
}; };
timers.fixsystemd = { timers.fixsystemd = {
timerConfig = { timerConfig = {
OnBootSec = 5; OnBootSec = 5;
Unit = "paperless-web.service"; Unit = "paperless-web.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [
}; "timers.target"
}; ];
}; };
}; };
}; };
};
};
} }

114
container/Pass.nix
View file

@ -1,65 +1,59 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}: }: let
with lib; cfg = config.container.module.pass;
let in {
cfg = config.container.module.pass; options.container.module.pass = {
in enable = lib.mkEnableOption "the password manager.";
{ address = lib.mkOption {
options = { default = "10.1.0.9";
container.module.pass = { type = lib.types.str;
enable = mkEnableOption "Password manager"; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.9"; default = 8000;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 8000; default = "pass.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "pass.${config.container.domain}"; default = "${config.container.storage}/pass";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/pass";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.pass = container.mkContainer cfg { containers.pass = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/bitwarden_rs" = { "/var/lib/bitwarden_rs" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.vaultwarden = {
container.mkContainerConfig cfg { enable = true;
services.vaultwarden = { dbBackend = "sqlite";
enable = true; environmentFile = "/var/lib/bitwarden_rs/Env";
dbBackend = "sqlite"; config = {
environmentFile = "/var/lib/bitwarden_rs/Env"; DATA_FOLDER = "/var/lib/bitwarden_rs";
config = { DOMAIN = "http://${cfg.domain}";
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden"; ROCKET_ADDRESS = cfg.address;
DATA_FOLDER = "/var/lib/bitwarden_rs"; ROCKET_PORT = cfg.port;
DOMAIN = "http://${cfg.domain}"; SIGNUPS_ALLOWED = false;
SIGNUPS_ALLOWED = false; WEB_VAULT_ENABLED = true;
WEB_VAULT_ENABLED = true; };
ROCKET_ADDRESS = cfg.address; };
ROCKET_PORT = cfg.port; };
}; };
}; };
};
};
};
} }

250
container/Paste.nix
View file

@ -1,138 +1,134 @@
{ {
pkgs, __findFile,
container, config,
lib, container,
config, lib,
__findFile, pkgs,
... util,
}@args: ...
with lib; } @args: let
let cfg = config.container.module.paste;
cfg = config.container.module.paste; package = (pkgs.callPackage <package/privatebin> args);
package = (pkgs.callPackage <package/privatebin> args); in {
in options.container.module.paste = {
{ enable = lib.mkEnableOption "the text share platform.";
options = { address = lib.mkOption {
container.module.paste = { default = "10.1.0.14";
enable = mkEnableOption "Pastebin."; type = lib.types.str;
address = mkOption { };
default = "10.1.0.14"; port = lib.mkOption {
type = types.str; default = 80;
}; type = lib.types.int;
port = mkOption { };
default = 80; domain = lib.mkOption {
type = types.int; default = "paste.${config.container.domain}";
}; type = lib.types.str;
domain = mkOption { };
default = "paste.${config.container.domain}"; storage = lib.mkOption {
type = types.str; default = "${config.container.storage}/paste";
}; type = lib.types.str;
storage = mkOption { };
default = "${config.container.storage}/paste"; };
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "config"
"tmp" "data"
"nginxtmp" "nginxtmp"
"config" "tmp"
]; ];
containers.paste = container.mkContainer cfg { containers.paste = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/srv/data" = { "/srv/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
"/tmp" = { "/tmp" = {
hostPath = "${cfg.storage}/tmp"; hostPath = "${cfg.storage}/tmp";
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/nginx/tmp" = { "/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp"; hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false; isReadOnly = false;
}; };
"/srv/config" = { "/srv/config" = {
hostPath = "${cfg.storage}/config"; hostPath = "${cfg.storage}/config";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { config, ... }: container.mkContainerConfig cfg {
{ config, ... }: environment.systemPackages = [
container.mkContainerConfig cfg { package
environment.systemPackages = [ package ]; ];
systemd.packages = [ package ]; systemd.packages = [
package
];
users.users.paste = { users.users.paste = {
group = "nginx"; group = "nginx";
isSystemUser = true; isSystemUser = true;
}; };
services.phpfpm.pools.paste = { services = {
user = "paste"; phpfpm.pools.paste = {
group = "nginx"; group = "nginx";
user = "paste";
phpPackage = pkgs.php;
settings = {
"catch_workers_output" = true;
"listen.owner" = "nginx";
"php_admin_flag[log_errors]" = true;
"php_admin_value[error_log]" = "stderr";
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
phpEnv = {
# CONFIG_PATH = "${package}/cfg"; # NOTE: Not working?
};
};
phpPackage = pkgs.php; nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = util.trimTabs ''
rewrite ^ /index.php;
'';
settings = { "~ \\.php$".extraConfig = util.trimTabs ''
"pm" = "dynamic"; fastcgi_split_path_info ^(.+\.php)(/.+)$;
"php_admin_value[error_log]" = "stderr"; fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
"php_admin_flag[log_errors]" = true; include ${config.services.nginx.package}/conf/fastcgi.conf;
"listen.owner" = "nginx"; include ${config.services.nginx.package}/conf/fastcgi_params;
"catch_workers_output" = true; '';
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
phpEnv = { "~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
# CONFIG_PATH = "${package}/cfg"; add_header Cache-Control "public, max-age=15778463";
}; add_header Referrer-Policy no-referrer;
}; add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag none;
add_header X-XSS-Protection "1; mode=block";
access_log off;
'';
};
services.nginx = { extraConfig = util.trimTabs ''
enable = true; try_files $uri /index.php;
virtualHosts.${cfg.domain} = container.mkServer { '';
default = true; };
root = "${package}"; };
};
locations = { };
"/".extraConfig = '' };
rewrite ^ /index.php; };
'';
"~ \\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = ''
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
'';
};
extraConfig = ''
try_files $uri /index.php;
'';
};
};
};
};
};
} }

177
container/Postgres.nix
View file

@ -1,104 +1,95 @@
{ {
container, config,
lib, container,
pkgs, lib,
config, pkgs,
... ...
}: }: let
with lib; cfg = config.container.module.postgres;
let in {
cfg = config.container.module.postgres; options.container.module.postgres = {
in enable = lib.mkEnableOption "the PostgreSQL server.";
{ address = lib.mkOption {
options = { default = "10.1.0.3";
container.module.postgres = { type = lib.types.str;
enable = mkEnableOption "Postgresql server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.3"; default = 5432;
type = types.str; type = lib.types.int;
}; };
port = mkOption { storage = lib.mkOption {
default = 5432; default = "${config.container.storage}/postgres";
type = types.int; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/postgres";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.postgres = container.mkContainer cfg { containers.postgres = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/postgresql/data" = { "/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.postgresql = let
container.mkContainerConfig cfg { # Populate with services here.
services.postgresql = configurations = with config.container.module; {
let forgejo = git;
# Populate with services here. invidious = yt;
configurations = with config.container.module; { mattermost = chat;
forgejo = git; nextcloud = cloud;
invidious = yt; onlyoffice = office;
mattermost = chat; paperless = paper;
nextcloud = cloud; privatebin = paste;
onlyoffice = office; };
paperless = paper;
privatebin = paste;
};
access = configurations // { access = configurations // {
all = { all.address = config.container.host;
address = config.container.host; };
};
};
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" ( authentication = let
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access rules = lib.mapAttrsToList (db: cfg:
); "host ${db} ${db} ${cfg.address}/32 trust"
) access;
in builtins.foldl' (acc: item: acc + "${item}\n") "" rules;
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations; ensureDatabases = [
"root"
] ++ lib.mapAttrsToList (name: _: name) configurations;
ensureUsers = map (name: { ensureUsers = map (name: {
inherit name; inherit name;
ensureClauses = ensureDBOwnership = true;
if name == "root" then ensureClauses = if name == "root" then {
{ createdb = true;
superuser = true; createrole = true;
createrole = true; superuser = true;
createdb = true; } else { };
} }) ensureDatabases;
else in {
{ }; inherit authentication ensureDatabases ensureUsers;
ensureDBOwnership = true;
}) ensureDatabases;
in
{
inherit authentication ensureDatabases ensureUsers;
enable = true; enable = true;
package = pkgs.postgresql_14; dataDir = "/var/lib/postgresql/data/14";
dataDir = "/var/lib/postgresql/data/14"; enableTCPIP = true;
enableTCPIP = true; package = pkgs.postgresql_14;
# NOTE: Debug mode. # NOTE: Debug mode.
# settings = { # settings = {
# log_connections = true; # log_connections = true;
# log_destination = lib.mkForce "syslog"; # log_destination = lib.mkForce "syslog";
# log_disconnections = true; # log_disconnections = true;
# log_statement = "all"; # log_statement = "all";
# logging_collector = true; # logging_collector = true;
# }; # };
}; };
}; };
}; };
}; };
} }

132
container/Print.nix
View file

@ -1,78 +1,72 @@
# NOTE: Login to contaier, run passwd and use that root/pw combo for administration. `AllowFrom = all` doesn't seem to work. # NOTE: Login to contaier, run passwd and use that root/pw combo for administration. `AllowFrom = all` doesn't seem to work.
# ipp://192.168.2.237 # ipp://192.168.2.237
# Pantum M6500W-Series # Pantum M6500W-Series
{ {
container, __findFile,
pkgs, config,
lib, container,
config, lib,
__findFile, pkgs,
... ...
}@args: } @args: let
with lib; cfg = config.container.module.print;
let host = config.container.host;
cfg = config.container.module.print; package = pkgs.callPackage <package/print> args;
package = pkgs.callPackage <package/print> args; in {
host = config.container.host; options.container.module.print = {
in enable = lib.mkEnableOption "the printing server.";
{ address = lib.mkOption {
options = { default = "10.1.0.46";
container.module.print = { type = lib.types.str;
enable = mkEnableOption "Printing server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.46"; default = 631;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 631; default = "print.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "print.${config.container.domain}"; default = "${config.container.storage}/print";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/print";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.print = container.mkContainer cfg { containers.print = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/cups" = { "/var/lib/cups" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: networking.interfaces."eth0".ipv4.routes = [
container.mkContainerConfig cfg { {
networking.interfaces."eth0".ipv4.routes = [ address = "192.168.2.237"; # NOTE: Printer's IP address.
{ prefixLength = 32;
address = "192.168.2.237"; via = host;
prefixLength = 32; }
via = host; ];
}
];
services.printing = { services.printing = {
enable = true; enable = true;
allowFrom = [ "all" ]; allowFrom = [ "all" ];
browsing = true; browsing = true;
defaultShared = true; defaultShared = true;
drivers = [ package ]; drivers = [ package ];
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ]; listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
startWhenNeeded = true; startWhenNeeded = true;
stateless = false; stateless = false;
webInterface = true; webInterface = true;
}; };
}; };
}; };
}; };
} }

154
container/Proxy.nix
View file

@ -10,91 +10,85 @@
# ``` # ```
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com` # For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
{ {
util, config,
container, container,
pkgs, lib,
lib, pkgs,
config, util,
... ...
}@args: } @args: let
with lib; cfg = config.container.module.proxy;
let virtualHosts = util.catSet (util.ls ./proxy/host) args;
cfg = config.container.module.proxy; in {
virtualHosts = util.catSet (util.ls ./proxy/host) args; options.container.module.proxy = {
in enable = lib.mkEnableOption "the proxy server.";
{ address = lib.mkOption {
options = { default = "10.1.0.2";
container.module.proxy = { type = lib.types.str;
enable = mkEnableOption "Proxy server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.2"; default = 443;
type = types.str; type = lib.types.int;
}; };
port = mkOption { storage = lib.mkOption {
default = 443; default = "${config.container.storage}/proxy";
type = types.int; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/proxy";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"challenge" "challenge"
"letsencrypt" "letsencrypt"
]; ];
containers.proxy = container.mkContainer cfg { containers.proxy = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/etc/letsencrypt" = { "/etc/letsencrypt" = {
hostPath = "${cfg.storage}/letsencrypt"; hostPath = "${cfg.storage}/letsencrypt";
isReadOnly = false; isReadOnly = false;
}; };
"/var/www/.well-known" = { "/var/www/.well-known" = {
hostPath = "${cfg.storage}/challenge"; hostPath = "${cfg.storage}/challenge";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = with pkgs; [
container.mkContainerConfig cfg { certbot
environment.systemPackages = with pkgs; [ certbot ]; ];
services.nginx = { services.nginx = {
inherit virtualHosts; inherit virtualHosts;
enable = true;
clientMaxBodySize = "4096m";
recommendedOptimisation = true;
recommendedProxySettings = true;
appendConfig = util.trimTabs ''
worker_processes 4;
'';
eventsConfig = util.trimTabs ''
worker_connections 4096;
'';
appendHttpConfig = util.trimTabs ''
proxy_max_temp_file_size 0;
proxy_buffering off;
enable = true; server {
recommendedOptimisation = true; listen 443 ssl default_server;
recommendedProxySettings = true; server_name _;
clientMaxBodySize = "4096m";
appendConfig = ''
worker_processes 4;
'';
eventsConfig = ''
worker_connections 4096;
'';
appendHttpConfig = ''
proxy_max_temp_file_size 0;
proxy_buffering off;
server { ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
listen 443 ssl default_server; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
server_name _; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; return 403;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; }
include /etc/letsencrypt/conf/options-ssl-nginx.conf; '';
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; };
};
return 403; };
} };
'';
};
};
};
};
} }

101
container/Rabbitmq.nix
View file

@ -1,58 +1,53 @@
{ {
container, config,
pkgs, container,
util, lib,
lib, pkgs,
config, util,
... ...
}: }: let
with lib; cfg = config.container.module.rabbitmq;
let in {
cfg = config.container.module.rabbitmq; options.container.module.rabbitmq = {
in enable = lib.mkEnableOption "the mqtt server.";
{ address = lib.mkOption {
options = { default = "10.1.0.28";
container.module.rabbitmq = { type = lib.types.str;
enable = mkEnableOption "Mqtt server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.28"; default = 5672;
type = types.str; type = lib.types.int;
}; };
port = mkOption { storage = lib.mkOption {
default = 5672; default = "${config.container.storage}/rabbitmq";
type = types.int; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/rabbitmq";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.rabbitmq = container.mkContainer cfg { containers.rabbitmq = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/rabbitmq" = { "/var/lib/rabbitmq" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.rabbitmq = {
container.mkContainerConfig cfg { enable = true;
services.rabbitmq = { dataDir = "/var/lib/rabbitmq";
enable = true; listenAddress = cfg.address;
listenAddress = cfg.address; port = cfg.port;
port = cfg.port; configItems = {
dataDir = "/var/lib/rabbitmq"; "loopback_users" = "none";
configItems = { };
"loopback_users" = "none"; };
}; };
}; };
}; };
};
};
} }

110
container/Read.nix
View file

@ -1,61 +1,59 @@
{ {
container, config,
lib, container,
pkgs, lib,
config, pkgs,
... ...
}: }: let
with lib; cfg = config.container.module.read;
let in {
cfg = config.container.module.read; options.container.module.read = {
in enable = lib.mkEnableOption "the reading server.";
{ address = lib.mkOption {
options = { default = "10.1.0.39";
container.module.read = { type = lib.types.str;
enable = mkEnableOption "Reading server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.39"; default = 5000;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 5000; default = "read.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "read.${config.container.domain}"; default = "${config.container.storage}/read";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/read";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.read = container.mkContainer cfg { containers.read = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/kavita" = { "/var/lib/kavita" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
} // container.attachMedia "book" true // container.attachMedia "manga" true; }
// container.attachMedia "book" true
// container.attachMedia "manga" true
;
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.kavita = {
container.mkContainerConfig cfg { enable = true;
services.kavita = { dataDir = "/var/lib/kavita";
enable = true; tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
dataDir = "/var/lib/kavita"; settings = {
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q=="; IpAddresses = cfg.address;
settings = { Port = cfg.port;
IpAddresses = cfg.address; };
Port = cfg.port; };
}; };
}; };
}; };
};
};
} }

71
container/Redis.nix
View file

@ -1,42 +1,35 @@
{ {
container, config,
pkgs, container,
util, lib,
lib, ...
config, }: let
... cfg = config.container.module.redis;
}: in {
with lib; options.container.module.redis = {
let enable = lib.mkEnableOption "the Redis server.";
cfg = config.container.module.redis; address = lib.mkOption {
in default = "10.1.0.38";
{ type = lib.types.str;
options = { };
container.module.redis = { port = lib.mkOption {
enable = mkEnableOption "Redis server."; default = 6379;
address = mkOption { type = lib.types.int;
default = "10.1.0.38"; };
type = types.str; };
};
port = mkOption {
default = 6379;
type = types.int;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
containers.redis = container.mkContainer cfg { containers.redis = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.redis.servers.main = {
container.mkContainerConfig cfg { enable = true;
services.redis.servers.main = { port = cfg.port;
enable = true; bind = cfg.address;
port = cfg.port; extraParams = [
bind = cfg.address; "--protected-mode no"
extraParams = [ "--protected-mode no" ]; ];
}; };
}; };
}; };
}; };
} }

275
container/Search.nix
View file

@ -1,143 +1,138 @@
{ {
container, config,
pkgs, container,
lib, lib,
config, pkgs,
... ...
}: }: let
with lib; cfg = config.container.module.search;
let in {
cfg = config.container.module.search; options.container.module.search = {
in enable = lib.mkEnableOption "the search frontend.";
{ address = lib.mkOption {
options = { default = "10.1.0.26";
container.module.search = { type = lib.types.str;
enable = mkEnableOption "Search frontend."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.26"; default = 8080;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 8080; default = "search.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "search.${config.container.domain}"; default = "${config.container.storage}/search";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/search";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
containers.search = container.mkContainer cfg { containers.search = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.searx = {
container.mkContainerConfig cfg { enable = true;
services.searx = { package = pkgs.searxng;
enable = true; # REF: https://github.com/searxng/searxng/blob/master/searx/settings.yml
package = pkgs.searxng; settings = {
# REF: https://github.com/searxng/searxng/blob/master/searx/settings.yml general = {
settings = { debug = false;
general = { enable_metrics = false;
debug = false; instance_name = "SearX";
instance_name = "SearX"; };
enable_metrics = false; server = {
}; bind_address = cfg.address;
server = { image_proxy = false;
bind_address = cfg.address; limiter = false;
port = cfg.port; method = "GET";
secret_key = "searxxx"; port = cfg.port;
limiter = false; public_instance = false;
public_instance = false; secret_key = "searxxx";
image_proxy = false; };
method = "GET"; search = {
}; autocomplete = "";
search = { autocomplete_min = 4;
safe_search = 0; default_lang = "auto";
autocomplete = ""; safe_search = 0;
autocomplete_min = 4; };
default_lang = "auto"; ui = {
}; center_alignment = false;
ui = { default_locale = "";
infinite_scroll = false; default_theme = "simple";
default_theme = "simple"; hotkeys = "vim";
center_alignment = false; infinite_scroll = false;
default_locale = ""; simple_style = "dark";
simple_style = "dark"; };
hotkeys = "vim"; outgoing = {
}; enable_http2 = true;
outgoing = { max_request_timeout = 10.0;
request_timeout = 3.0; pool_connections = 100;
max_request_timeout = 10.0; pool_maxsize = 20;
pool_connections = 100; request_timeout = 3.0;
pool_maxsize = 20; # proxies = {
enable_http2 = true; # "all://" = with config.container.module; [
# proxies = { # # "socks5:${frkn.address}:${frkn.port}"
# "all://" = with config.container.module; [ # "socks5:${frkn.address}:1081"
# # "socks5:${frkn.address}:${frkn.port}" # # "socks5:${frkn.address}:9150"
# "socks5:${frkn.address}:1081" # ];
# # "socks5:${frkn.address}:9150" # };
# ]; # using_tor_proxy = true;
# }; # extra_proxy_timeout = 10;
# using_tor_proxy = true; };
# extra_proxy_timeout = 10; # plugins = [ ];
}; enabled_plugins = [
# plugins = [ ]; "Basic Calculator"
enabled_plugins = [ "Hostnames plugin"
"Basic Calculator" "Tracker URL remover"
"Tracker URL remover" ];
"Hostnames plugin" hostnames = {
]; replace = with config.container.module; {
hostnames = { "(.*\.)?youtu\.be$" = yt.domain;
replace = with config.container.module; { "(.*\.)?youtube\.com$" = yt.domain;
"(.*\.)?youtube\.com$" = yt.domain; };
"(.*\.)?youtu\.be$" = yt.domain; remove = [
}; "(.*\.)?dzen\.ru?$"
remove = [ "(.*\.)?facebook.com$"
"(.*\.)?dzen\.ru?$" "(.*\.)?gosuslugi\.ru?$"
"(.*\.)?facebook.com$" "(.*\.)?quora\.com?$"
"(.*\.)?gosuslugi\.ru?$" "(.*\.)?rutube\.ru?$"
"(.*\.)?quora\.com?$" "(.*\.)?vk\.com?$"
"(.*\.)?rutube\.ru?$" ];
"(.*\.)?vk\.com?$" low_priority = [
]; "(.*\.)?google(\..*)?$"
low_priority = [ "(.*\.)?microsoft\.com?$"
"(.*\.)?google(\..*)?$" ];
"(.*\.)?microsoft\.com?$" high_priority = [
]; "(.*\.)?4pda.to$"
high_priority = [ "(.*\.)?wikipedia.org$" ]; "(.*\.)?github.com$"
}; "(.*\.)?wikipedia.org$"
categories_as_tabs = { ];
general = { }; };
images = { }; categories_as_tabs = {
videos = { }; files = { };
news = { }; general = { };
map = { }; images = { };
it = { }; it = { };
files = { }; map = { };
}; news = { };
engines = videos = { };
let };
mkEnable = name: { engines = let
inherit name; mkEnable = name: {
disabled = false; inherit name;
}; disabled = false;
mkDisable = name: { };
inherit name; mkDisable = name: {
disabled = true; inherit name;
}; disabled = true;
in };
[ in [
(mkEnable "bing") (mkEnable "bing")
(mkDisable "qwant") (mkDisable "qwant")
]; ];
}; };
}; };
}; };
}; };
}; };
} }

119
container/Status.nix
View file

@ -1,67 +1,66 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}: }: let
with lib; cfg = config.container.module.status;
let in {
cfg = config.container.module.status; options.container.module.status = {
in enable = lib.mkEnableOption "the status monitor.";
{ address = lib.mkOption {
options = { default = "10.1.0.22";
container.module.status = { type = lib.types.str;
enable = mkEnableOption "Status monitor."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.22"; default = 3001;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 3001; default = "status.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "status.${config.container.domain}"; default = "${config.container.storage}/status";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/status";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.status = container.mkContainer cfg { containers.status = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/uptime-kuma" = { "/var/lib/uptime-kuma" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ lib, ... }: networking = {
container.mkContainerConfig cfg { nameservers = lib.mkForce [
networking = { config.container.module.dns.address
nameservers = mkForce [ config.container.module.dns.address ]; ];
}; };
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
settings = { settings = {
DATA_DIR = "/var/lib/uptime-kuma/"; DATA_DIR = "/var/lib/uptime-kuma/";
HOST = cfg.address; HOST = cfg.address;
PORT = toString cfg.port; PORT = toString cfg.port;
}; };
}; };
systemd.services.uptime-kuma = { systemd.services.uptime-kuma = {
serviceConfig.DynamicUser = mkForce false; serviceConfig = {
}; DynamicUser = lib.mkForce false;
}; };
}; };
}; };
};
};
} }

117
container/Stock.nix
View file

@ -1,65 +1,62 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}: }: let
with lib; cfg = config.container.module.stock;
let in {
cfg = config.container.module.stock; options.container.module.stock = {
in enable = lib.mkEnableOption "the stock management.";
{ address = lib.mkOption {
options = { default = "10.1.0.45";
container.module.stock = { type = lib.types.str;
enable = mkEnableOption "Stock management."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.45"; default = 80;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 80; default = "stock.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "stock.${config.container.domain}"; default = "${config.container.storage}/stock";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/stock";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.stock = container.mkContainer cfg { containers.stock = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/grocy" = { "/var/lib/grocy" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.grocy = {
container.mkContainerConfig cfg { enable = true;
services.grocy = { dataDir = "/var/lib/grocy";
enable = true; hostName = cfg.domain;
dataDir = "/var/lib/grocy"; nginx = {
hostName = cfg.domain; enableSSL = false;
nginx.enableSSL = false; };
settings = { settings = {
calendar = { calendar = {
firstDayOfWeek = 1; firstDayOfWeek = 1;
showWeekNumber = true; showWeekNumber = true;
}; };
culture = "en"; culture = "en";
currency = "RUB"; currency = "RUB";
}; };
}; };
}; };
}; };
}; };
} }

182
container/Vpn.nix
View file

@ -1,100 +1,96 @@
{ {
container, config,
pkgs, container,
lib, lib,
config, pkgs,
... ...
}: }: let
with lib; cfg = config.container.module.vpn;
let
cfg = config.container.module.vpn;
wireguardPeers = wireguardPeers = let
let mkPeer = name: ip: PublicKey: {
mkPeer = name: ip: PublicKey: { inherit PublicKey;
inherit PublicKey; PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}"; AllowedIPs = [
AllowedIPs = [ "${ip}/32" ]; "${ip}/32"
}; ];
in };
[ in [
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=") (mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=") (mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=") (mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=") (mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=") (mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
]; ];
in in {
{ options.container.module.vpn = {
options = { enable = lib.mkEnableOption "the vpn server.";
container.module.vpn = { address = lib.mkOption {
enable = mkEnableOption "Vpn server."; default = "10.1.0.23";
address = mkOption { type = lib.types.str;
default = "10.1.0.23"; };
type = types.str; port = lib.mkOption {
}; default = 51820;
port = mkOption { type = lib.types.int;
default = 51820; };
type = types.int; storage = lib.mkOption {
}; default = "${config.container.storage}/vpn";
storage = mkOption { type = lib.types.str;
default = "${config.container.storage}/vpn"; };
type = types.str; };
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
"data/preshared" "data/preshared"
]; ];
containers.vpn = container.mkContainer cfg { containers.vpn = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/wireguard" = { "/var/lib/wireguard" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: networking.useNetworkd = true;
container.mkContainerConfig cfg { boot.kernel.sysctl = {
boot.kernel.sysctl = { "net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.ip_forward" = 1;
"net.ipv4.ip_forward" = 1; };
}; environment.systemPackages = with pkgs; [
wireguard-tools
];
systemd.network = {
enable = true;
netdevs = {
"50-wg0" = {
inherit wireguardPeers;
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg0";
};
wireguardConfig = {
ListenPort = cfg.port;
PrivateKeyFile = "/var/lib/wireguard/privkey";
};
};
};
environment.systemPackages = with pkgs; [ wireguard-tools ]; networks.wg0 = {
networking.useNetworkd = true; matchConfig.Name = "wg0";
systemd.network = { address = [
enable = true; "10.1.1.0/24"
netdevs = { ];
"50-wg0" = { networkConfig = {
netdevConfig = { IPMasquerade = "ipv4";
Kind = "wireguard"; IPv4Forwarding = "yes";
MTUBytes = "1300"; };
Name = "wg0"; };
}; };
wireguardConfig = { };
PrivateKeyFile = "/var/lib/wireguard/privkey"; };
ListenPort = cfg.port; };
};
inherit wireguardPeers;
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.1.1.0/24" ];
networkConfig = {
IPv4Forwarding = "yes";
IPMasquerade = "ipv4";
};
};
};
};
};
};
} }

171
container/Watch.nix
View file

@ -1,96 +1,87 @@
{ {
container, config,
lib, container,
config, lib,
... ...
}: }: let
with lib; cfg = config.container.module.watch;
let in {
cfg = config.container.module.watch; options.container.module.watch = {
in enable = lib.mkEnableOption "the media server.";
{ address = lib.mkOption {
options = { default = "10.1.0.11";
container.module.watch = { type = lib.types.str;
enable = mkEnableOption "Media server."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.11"; default = 8096;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 8096; default = "watch.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "watch.${config.container.domain}"; default = "${config.container.storage}/watch";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { memLimit = lib.mkOption {
default = "${config.container.storage}/watch"; default = "8G";
type = types.str; type = lib.types.str;
}; };
memLimit = mkOption { };
default = "8G";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "cache"
"cache" "data"
]; ];
containers.watch = container.mkContainer cfg { containers.watch = container.mkContainer cfg {
bindMounts = bindMounts = {
{ "/var/lib/jellyfin" = {
"/var/lib/jellyfin" = { hostPath = "${cfg.storage}/data";
hostPath = "${cfg.storage}/data"; isReadOnly = false;
isReadOnly = false; };
}; "/var/cache/jellyfin" = {
"/var/cache/jellyfin" = { hostPath = "${cfg.storage}/cache";
hostPath = "${cfg.storage}/cache"; isReadOnly = false;
isReadOnly = false; };
}; "/dev/dri" = {
"/dev/dri" = { hostPath = "/dev/dri";
hostPath = "/dev/dri"; isReadOnly = false;
isReadOnly = false; };
}; }
} // container.attachMedia "anime" true
// container.attachMedia "anime" true // container.attachMedia "download" true
// container.attachMedia "download" true // container.attachMedia "movie" true
// container.attachMedia "movie" true // container.attachMedia "music" true
// container.attachMedia "music" true // container.attachMedia "photo" true
// container.attachMedia "photo" true // container.attachMedia "porn" true
// container.attachMedia "porn" true // container.attachMedia "show" true
// container.attachMedia "show" true // container.attachMedia "study" true
// container.attachMedia "study" true // container.attachMedia "work" true
// container.attachMedia "work" true // container.attachMedia "youtube" true
// container.attachMedia "youtube" true; ;
allowedDevices = [ allowedDevices = [
{ {
modifier = "rwm"; modifier = "rwm";
node = "/dev/dri/renderD128"; node = "/dev/dri/renderD128";
} }
]; ];
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
container.mkContainerConfig cfg { services.jellyfin = {
# users.users.jellyfin.extraGroups = [ enable = true;
# "video" cacheDir = "/var/cache/jellyfin";
# "render" dataDir = "/var/lib/jellyfin";
# ]; };
# users.users.jellyfin.extraGroups = [
services.jellyfin = { # "video"
enable = true; # "render"
cacheDir = "/var/cache/jellyfin"; # ];
dataDir = "/var/lib/jellyfin"; };
}; };
};
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
};
};
};
} }

117
container/Yt.nix
View file

@ -1,64 +1,59 @@
{ {
container, __findFile,
pkgs, config,
lib, container,
config, lib,
__findFile, pkgs,
... ...
}: }: let
with lib; cfg = config.container.module.yt;
let in {
cfg = config.container.module.yt; options.container.module.yt = {
in enable = lib.mkEnableOption "the YouTube frontend.";
{ address = lib.mkOption {
options = { default = "10.1.0.19";
container.module.yt = { type = lib.types.str;
enable = mkEnableOption "YouTube frontend."; };
address = mkOption { port = lib.mkOption {
default = "10.1.0.19"; default = 3000;
type = types.str; type = lib.types.int;
}; };
port = mkOption { domain = lib.mkOption {
default = 3000; default = "yt.${config.container.domain}";
type = types.int; type = lib.types.str;
}; };
domain = mkOption { storage = lib.mkOption {
default = "yt.${config.container.domain}"; default = "${config.container.storage}/yt";
type = types.str; type = lib.types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/yt";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
containers.yt = container.mkContainer cfg { containers.yt = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.invidious = {
container.mkContainerConfig cfg { enable = true;
services.invidious = { domain = cfg.domain;
enable = true; port = cfg.port;
domain = cfg.domain; nginx.enable = false;
port = cfg.port; database = {
nginx.enable = false; host = config.container.module.postgres.address;
database = { port = config.container.module.postgres.port;
port = config.container.module.postgres.port; createLocally = false;
host = config.container.module.postgres.address; passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
createLocally = false; };
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}"; settings = {
}; captcha_enabled = false;
settings = { check_tables = true;
admins = [ "root" ]; external_port = 443;
captcha_enabled = false; https_only = true;
check_tables = true; registration_enabled = false;
registration_enabled = false; admins = [
external_port = 443; "root"
https_only = true; ];
}; };
}; };
}; };
}; };
}; };
} }

112
container/default.nix
View file

@ -1,61 +1,57 @@
{ lib, config, ... }:
with lib;
let
cfg = config.container;
in
{ {
options = { config,
container = { lib,
enable = mkEnableOption "Containers!!"; ...
}: let
cfg = config.container;
in {
options.container = {
enable = lib.mkEnableOption "Containers!!";
autoStart = lib.mkOption {
default = false;
type = lib.types.bool;
};
host = lib.mkOption {
default = "0.0.0.0";
type = lib.types.str;
};
localAccess = lib.mkOption {
default = "0.0.0.0";
type = lib.types.str;
};
storage = lib.mkOption {
default = "/tmp/container";
type = lib.types.str;
};
domain = lib.mkOption {
default = "local";
type = lib.types.str;
};
interface = lib.mkOption {
default = "lo";
type = lib.types.str;
};
media = lib.mkOption {
default = { };
type = lib.types.attrs;
};
};
autoStart = mkOption { config = lib.mkIf cfg.enable {
default = false; # This is the network for all the containers.
type = types.bool; # They are not available to the external interface by default,
}; # instead they all expose specific ports in their configuration.
networking = {
host = mkOption { nat = {
default = "0.0.0.0"; enable = true;
type = types.str; externalInterface = config.container.interface;
}; internalInterfaces = [
"ve-+"
localAccess = mkOption { ];
default = "0.0.0.0"; };
type = types.str; networkmanager.unmanaged = [
}; "interface-name:ve-*"
];
storage = mkOption { };
default = "/tmp/container"; };
type = types.str;
};
domain = mkOption {
default = "local";
type = types.str;
};
interface = mkOption {
default = "lo";
type = types.str;
};
media = mkOption {
default = { };
type = types.attrs;
};
};
};
config = mkIf cfg.enable {
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = config.container.interface;
};
networkmanager.unmanaged = [ "interface-name:ve-*" ];
};
};
} }

49
container/proxy/host/Camera.nix
View file

@ -1,27 +1,30 @@
{ config, container, ... }:
let
domain = "camera.${config.container.domain}";
address = "192.168.2.249";
port = 554;
in
{ {
${domain} = container.mkServer { config,
extraConfig = '' container,
listen 443 ssl; util,
...
}: let
address = "192.168.2.249";
domain = "camera.${config.container.domain}";
port = 554;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
return 301 rtsp://${address}:${toString port}/live/main; return 301 rtsp://${address}:${toString port}/live/main;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

51
container/proxy/host/Change.nix
View file

@ -1,30 +1,33 @@
{ config, container, ... }:
let
cfg = config.container.module.change;
name = "change";
in
{ {
${cfg.domain} = container.mkServer { config,
extraConfig = '' container,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.change;
name = "change";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
add_header Referrer-Policy 'origin'; add_header Referrer-Policy 'origin';
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Chat.nix
View file

@ -1,28 +1,31 @@
{ config, container, ... }:
let
cfg = config.container.module.chat;
name = "chat";
in
{ {
${cfg.domain} = container.mkServer { config,
extraConfig = '' container,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.chat;
name = "chat";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

55
container/proxy/host/Cloud.nix
View file

@ -1,31 +1,34 @@
{ config, container, ... }:
let
cfg = config.container.module.cloud;
name = "cloud";
in
{ {
${cfg.domain} = container.mkServer { config,
extraConfig = '' container,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.cloud;
name = "cloud";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) { location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
location / { location / {
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Download.nix
View file

@ -1,27 +1,30 @@
{ config, container, ... }:
let
cfg = config.container.module.download;
name = "download";
in
{ {
${cfg.domain} = container.mkServer { config,
extraConfig = '' container,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.download;
name = "download";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

53
container/proxy/host/Git.nix
View file

@ -1,30 +1,33 @@
{ container, config, ... }:
let
cfg = config.container.module.git;
name = "git";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.git;
name = "git";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(admin|api|user) { location ~ ^/(admin|api|user) {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
location / { location / {
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

27
container/proxy/host/Hdd.nix
View file

@ -1,27 +0,0 @@
{ container, config, ... }:
let
cfg = config.container.module.hdd;
name = "hdd";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Home.nix
View file

@ -1,27 +1,30 @@
{ config, container, ... }:
let
cfg = config.container.module.home;
name = "home";
in
{ {
${cfg.domain} = container.mkServer { config,
extraConfig = '' container,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.home;
name = "home";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

59
container/proxy/host/Iot.nix
View file

@ -1,34 +1,37 @@
{ container, config, ... }:
let
cfg = config.container.module.iot;
name = "iot";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.iot;
name = "iot";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Mail.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.mail;
name = "mail";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.mail;
name = "mail";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

51
container/proxy/host/Office.nix
View file

@ -1,28 +1,31 @@
{ container, config, ... }:
let
cfg = config.container.module.office;
name = "office";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.office;
name = "office";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
# allow ${config.container.localAccess}; # allow ${config.container.localAccess};
# allow ${config.container.module.status.address}; # allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address}; # allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address}; # allow ${config.container.module.frkn.address};
# deny all; # deny all;
add_header X-Forwarded-Proto https; add_header X-Forwarded-Proto https;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Paper.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.paper;
name = "paper";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.paper;
name = "paper";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Pass.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.pass;
name = "pass";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.pass;
name = "pass";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

45
container/proxy/host/Paste.nix
View file

@ -1,26 +1,29 @@
{ container, config, ... }:
let
cfg = config.container.module.paste;
name = "paste";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.paste;
name = "paste";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location = / { location = / {
return 403; return 403;
} }
location / { location / {
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

55
container/proxy/host/Print.nix
View file

@ -1,32 +1,35 @@
{ container, config, ... }:
let
cfg = config.container.module.print;
name = "print";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.print;
name = "print";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
proxy_set_header Host "127.0.0.1"; proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

53
container/proxy/host/Printer.nix
View file

@ -1,29 +1,32 @@
{ container, config, ... }:
let
address = "192.168.2.237";
domain = "printer.${config.container.domain}";
port = 80;
name = "printer";
in
{ {
${domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${address}:${toString port}; ...
}: let
address = "192.168.2.237";
domain = "printer.${config.container.domain}";
name = "printer";
port = 80;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Read.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.read;
name = "read";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.read;
name = "read";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

40
container/proxy/host/Resume.nix
View file

@ -1,24 +1,26 @@
{ container, config, ... }:
let
domain = "resume.${config.container.domain}";
name = "resume";
in
{ {
${domain} = container.mkServer { container,
extraConfig = '' config,
server_name ${domain}; util,
listen 443 ssl; ...
}: let
domain = "resume.${config.container.domain}";
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
server_name ${domain};
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
if ($http_accept_language ~ ru) { if ($http_accept_language ~ ru) {
return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf; return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
} }
return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf; return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
''; '';
}; };
} }

53
container/proxy/host/Router.nix
View file

@ -1,29 +1,32 @@
{ container, config, ... }:
let
address = "10.0.0.2";
domain = "router.${config.container.domain}";
port = 80;
name = "router";
in
{ {
${domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${address}:${toString port}; ...
}: let
address = "10.0.0.2";
domain = "router.${config.container.domain}";
name = "router";
port = 80;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Search.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.search;
name = "search";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.search;
name = "search";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

61
container/proxy/host/Status.nix
View file

@ -1,34 +1,37 @@
{ container, config, ... }:
let
cfg = config.container.module.status;
name = "sstatus";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.status;
name = "sstatus";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(dashboard|settings) { location ~ ^/(dashboard|settings) {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Stock.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.stock;
name = "stock";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.stock;
name = "stock";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

49
container/proxy/host/Watch.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.watch;
name = "watch";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.watch;
name = "watch";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

63
container/proxy/host/Yt.nix
View file

@ -1,37 +1,40 @@
{ container, config, ... }:
let
cfg = config.container.module.yt;
name = "yt";
in
{ {
${cfg.domain} = container.mkServer { container,
extraConfig = '' config,
listen 443 ssl; util,
set ''$${name} ${cfg.address}:${toString cfg.port}; ...
}: let
cfg = config.container.module.yt;
name = "yt";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_hide_header Content-Security-Policy; proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options; proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Content-Type-Options;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

500
flake.nix
View file

@ -1,375 +1,163 @@
# This is a configuration entry-point called "Flake".
# Here you define your inputs (dependencies) and outputs (hosts).
{ {
# Those are external dependencies. inputs = {
inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Core system. nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Homepage: https://github.com/NixOS/nixpkgs nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
# Manual: https://nixos.org/manual/nixos/stable nixpkgsMaster.url = "github:nixos/nixpkgs/master";
# Search: https://search.nixos.org/packages and https://search.nixos.org/options
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
# This thing manages user's /home directroies. Because NixOS only manages system itself. home-manager = {
# Homepage: https://github.com/nix-community/home-manager url = "github:nix-community/home-manager";
# Manual: https://nix-community.github.io/home-manager inputs.nixpkgs.follows = "nixpkgs";
# Search: https://home-manager-options.extranix.com };
home-manager = {
url = "github:nix-community/home-manager";
# This means that home-manager and our Flake both depend on the same nixpkgs version. stylix.url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
# This allows automatic styling based on active Wallpaper. nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
# Homepage: https://github.com/danth/stylix poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
# Manual: https://danth.github.io/stylix
stylix.url = "github:danth/stylix";
# I use this for a single container called jobber. WARN: Do not update. nix-on-droid = {
# You likely won't need this one, so just skip it for now. url = "github:t184256/nix-on-droid/release-23.11";
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95"; inputs.home-manager.follows = "home-manager";
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e"; inputs.nixpkgs.follows = "nixpkgs";
};
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations. nvimAlign = { flake = false; url = "github:echasnovski/mini.align"; };
# Homepage: https://github.com/nix-community/nix-on-droid nvimAutoclose = { flake = false; url = "github:m4xshen/autoclose.nvim"; };
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md nvimBufferline = { flake = false; url = "github:akinsho/bufferline.nvim"; };
nix-on-droid = { nvimCloseBuffers = { flake = false; url = "github:kazhala/close-buffers.nvim"; };
url = "github:t184256/nix-on-droid/release-23.11"; nvimColorizer = { flake = false; url = "github:brenoprata10/nvim-highlight-colors"; };
inputs.nixpkgs.follows = "nixpkgs"; nvimDevicons = { flake = false; url = "github:nvim-tree/nvim-web-devicons"; };
inputs.home-manager.follows = "home-manager"; nvimDressing = { flake = false; url = "github:stevearc/dressing.nvim"; };
}; nvimGen = { flake = false; url = "github:David-Kunz/gen.nvim"; };
nvimGitsigns = { flake = false; url = "github:lewis6991/gitsigns.nvim"; };
nvimGruvboxMaterial = { flake = false; url = "github:sainnhe/gruvbox-material"; };
nvimIndentoMatic = { flake = false; url = "github:Darazaki/indent-o-matic"; };
nvimLspconfig = { flake = false; url = "github:neovim/nvim-lspconfig"; };
nvimPlenary = { flake = false; url = "github:nvim-lua/plenary.nvim"; };
nvimTelescope = { flake = false; url = "github:nvim-telescope/telescope.nvim"; };
nvimTodo = { flake = false; url = "github:folke/todo-comments.nvim"; };
nvimTree = { flake = false; url = "github:nvim-tree/nvim-tree.lua"; };
nvimTreesitter = { flake = false; url = "github:nvim-treesitter/nvim-treesitter"; };
nvimTrouble = { flake = false; url = "github:folke/trouble.nvim"; };
};
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix). outputs = {
nvimAlign = { home-manager,
url = "github:echasnovski/mini.align"; nix-on-droid,
flake = false; nixpkgs,
}; nixpkgsJobber,
nvimAutoclose = { nixpkgsMaster,
url = "github:m4xshen/autoclose.nvim"; nixpkgsStable,
flake = false; nixpkgsUnstable,
}; poetry2nixJobber,
nvimBufferline = { self,
url = "github:akinsho/bufferline.nvim"; stylix,
flake = false; ...
}; } @inputs: {
nvimCloseBuffers = { const = {
url = "github:kazhala/close-buffers.nvim"; droidStateVersion = "23.11";
flake = false; stateVersion = "24.05";
}; timeZone = "Europe/Moscow";
nvimColorizer = { url = "https://git.voronind.com/voronind/nix.git";
url = "github:brenoprata10/nvim-highlight-colors"; };
flake = false;
};
nvimDevicons = {
url = "github:nvim-tree/nvim-web-devicons";
flake = false;
};
nvimDressing = {
url = "github:stevearc/dressing.nvim";
flake = false;
};
nvimGen = {
url = "github:David-Kunz/gen.nvim";
flake = false;
};
nvimGitsigns = {
url = "github:lewis6991/gitsigns.nvim";
flake = false;
};
nvimGruvboxMaterial = {
url = "github:sainnhe/gruvbox-material";
flake = false;
};
nvimIndentoMatic = {
url = "github:Darazaki/indent-o-matic";
flake = false;
};
nvimLspconfig = {
url = "github:neovim/nvim-lspconfig";
flake = false;
};
nvimPlenary = {
url = "github:nvim-lua/plenary.nvim";
flake = false;
};
nvimTelescope = {
url = "github:nvim-telescope/telescope.nvim";
flake = false;
};
nvimTodo = {
url = "github:folke/todo-comments.nvim";
flake = false;
};
nvimTree = {
url = "github:nvim-tree/nvim-tree.lua";
flake = false;
};
nvimTreesitter = {
url = "github:nvim-treesitter/nvim-treesitter";
flake = false;
};
nvimTrouble = {
url = "github:folke/trouble.nvim";
flake = false;
};
};
# Those are outputs (hosts, configurations) that can be produced by this whole config. __findFile = _: p: ./${p};
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
# `...` at the end of a set means "ignore other arguments provided to this function".
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
outputs =
{
self,
nixpkgs,
nixpkgsUnstable,
nixpkgsStable,
nixpkgsMaster,
nix-on-droid,
home-manager,
stylix,
poetry2nixJobber,
nixpkgsJobber,
...
}@inputs:
{
# Constant values.
const = {
droidStateVersion = "23.11";
stateVersion = "24.05";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
# Hack to use <container/Change.nix> in other files. findFiles = path: map (f: "${path}/${f}") (
# Need to add __findFile to args tho. builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
__findFile = _: p: ./${p}; builtins.attrNames (builtins.readDir path)
)
);
# List all files in a dir. devShells = let
findFiles = lib = nixpkgs.lib;
path: pkgs = nixpkgs.legacyPackages.${system};
map (f: "${path}/${f}") ( system = "x86_64-linux";
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") ( in {
builtins.attrNames (builtins.readDir path) ${system}.default = pkgs.mkShell {
) nativeBuildInputs = with pkgs; [
); nixd
];
# buildInputs = with pkgs; [ ];
# Dev shell for this repo. # LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
devShells = # SOURCE_DATE_EPOCH = "${toString self.lastModified}";
let };
system = "x86_64-linux"; };
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system};
in
{
${system}.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
nixd
nixfmt-rfc-style
treefmt
];
# buildInputs = with pkgs; [ ];
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}"; nixosConfigurations = let
# SOURCE_DATE_EPOCH = "${toString self.lastModified}"; mkHost = { system, hostname }: nixpkgs.lib.nixosSystem {
}; inherit system;
}; modules = [
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# Nixos systems. # Specify current release version.
nixosConfigurations = { system.stateVersion = self.const.stateVersion; }
let
# Function to create a host. It does basic setup, like adding common modules.
mkHost =
{ system, hostname }:
nixpkgs.lib.nixosSystem {
# `Inherit` is just an alias for `system = system;`, which means that
# keep the `system` argument as a property in a resulting set.
inherit system;
# List of modules to use by defualt for all the hosts. # Add Home Manager module.
modules = home-manager.nixosModules.home-manager
[
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# Specify current release version. # Add Stylix module.
{ system.stateVersion = self.const.stateVersion; } stylix.nixosModules.stylix
# Add Home Manager module. # HM config.
home-manager.nixosModules.home-manager ./home/NixOs.nix
]
++ (self.findFiles ./container)
++ (self.findFiles ./host/${system}/${hostname})
++ (self.findFiles ./module)
++ (self.findFiles ./overlay)
++ (self.findFiles ./system)
;
specialArgs = let
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
lib = nixpkgs.lib;
config = self.nixosConfigurations.${hostname}.config;
util = import ./lib/Util.nix { inherit lib; };
in {
inherit (self) const __findFile;
inherit inputs self poetry2nixJobber util;
container = import ./lib/Container.nix { inherit lib pkgs config util; inherit (self) const; };
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
secret = import ./secret { };
};
};
# Add Stylix module. mkSystem = system: hostname: { "${hostname}" = mkHost { inherit system hostname; }; };
stylix.nixosModules.stylix in nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (system: nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system}))
)) (builtins.attrNames (builtins.readDir ./host))
);
# HM config. nixOnDroidConfigurations.default = let
./home/NixOs.nix config = self.nixOnDroidConfigurations.default.config;
] lib = nixpkgs.lib;
++ (self.findFiles ./host/${system}/${hostname}) pkgs = nixpkgs.legacyPackages.${system}.pkgs;
++ (self.findFiles ./config) pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
++ (self.findFiles ./container) pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
++ (self.findFiles ./module) pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
++ (self.findFiles ./system) system = "aarch64-linux";
++ (self.findFiles ./overlay); in nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
# SpecialArgs allows you to pass objects down to other NixOS modules. (import ./module/Style.nix { inherit (config.home-manager) config; inherit (self) __findFile; inherit lib pkgs; })
specialArgs = ./home/Android.nix
let ./module/Wallpaper.nix
pkgs = nixpkgs.legacyPackages.${system}.pkgs; { home-manager.config.stylix.autoEnable = lib.mkForce false; }
lib = nixpkgs.lib; { home.android.enable = true; }
config = self.nixosConfigurations.${hostname}.config; { nix.extraOptions = "experimental-features = nix-command flakes"; }
in { system.stateVersion = self.const.droidStateVersion; }
{ ];
inherit inputs self; extraSpecialArgs = {
inherit (self) const __findFile; inherit inputs self;
inherit (self) const __findFile;
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs; secret = import ./secret { };
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs; util = import ./lib/Util.nix { inherit lib; };
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs; };
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs; };
};
secret = import ./secret { }; # Secrets (public keys).
container = import ./lib/Container.nix {
inherit lib pkgs config;
inherit (self) const;
}; # Container utils.
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
# Stuff for Jobber container, skip this part.
inherit poetry2nixJobber;
};
};
mkSystem = system: hostname: { "${hostname}" = mkHost { inherit system hostname; }; };
in
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (
system:
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system}))
)
) (builtins.attrNames (builtins.readDir ./host))
);
# Home manager (distro-independent).
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
# Or with --daemon for multi-user (as root).
# $ nix run home-manager/master -- init --switch
# $ nix shell '<home-manager>' -A install
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
# And then # systemctl restart nix-daemon.service
# $ home-manager switch --flake ~/hmconf
homeConfigurations =
let
lib = nixpkgs.lib;
secret = import ./secret { };
util = import ./lib/Util.nix { inherit lib; };
mkCommonHome =
username: system:
let
pkgs = nixpkgs.legacyPackages.${system};
pkgsStable = nixpkgsStable.legacyPackages.${system};
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system};
pkgsMaster = nixpkgsMaster.legacyPackages.${system};
in
{
${username} = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
self
inputs
secret
util
pkgs
pkgsStable
pkgsMaster
;
inherit (self) const __findFile;
};
modules = [
./home/HomeManager.nix
{
home.hm = {
inherit username;
enable = true;
};
}
{ nixpkgs.config.allowUnfree = true; }
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.package = pkgs.nix; }
{
nix.settings.experimental-features = [
"nix-command "
"flakes"
];
}
inputs.stylix.homeManagerModules.stylix
] ++ (self.findFiles ./home/user/${system}/${username}) ++ (self.findFiles ./config);
};
};
in
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (
system:
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (username: mkCommonHome username system) (
builtins.attrNames (builtins.readDir ./home/user/${system})
)
)
) (builtins.attrNames (builtins.readDir ./home/user))
);
# Android.
nixOnDroidConfigurations.default =
let
system = "aarch64-linux";
config = self.nixOnDroidConfigurations.default.config;
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
in
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
# Android release version.
{ system.stateVersion = self.const.droidStateVersion; }
# I put all my Android configuration there.
./home/Android.nix
{ home.android.enable = true; }
# { nixpkgs.config.allowUnfree = true; }
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
# Some common modules.
./config/Setting.nix
./config/Wallpaper.nix
(import ./config/Style.nix {
inherit (config.home-manager) config;
inherit (self) __findFile;
inherit lib pkgs;
})
];
# SpecialArgs allows you to pass objects down to other configuration.
extraSpecialArgs = {
inherit inputs self;
inherit (self) const __findFile;
secret = import ./secret { }; # Secrets (public keys).
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
};
};
};
} }
# That's it!

82
home/Android.nix
View file

@ -1,48 +1,42 @@
# This is a common user configuration. # This is a common user configuration.
{ {
const, __findFile,
pkgs, config,
self, const,
config, inputs,
lib, lib,
inputs, pkgs,
pkgsStable, pkgsMaster,
pkgsMaster, pkgsStable,
__findFile, self,
... ...
}@args: } @args: let
with lib; cfg = config.home.android;
let android = import ./android args;
cfg = config.home.android; package = import <package> args;
stylix = import <config/Stylix.nix> args; programs = import ./program args;
android = import ./android args; stylix = import <system/Stylix.nix> args;
package = import <package> args; in {
programs = import ./program args; options.home.android = {
in enable = lib.mkEnableOption "the Android HM config.";
# homePath = "/data/data/com.termux.nix/files/home"; };
{
options = {
home.android = {
enable = mkEnableOption "Android HM config.";
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.packages = package.core; environment.packages = package.core;
time.timeZone = const.timeZone; time.timeZone = const.timeZone;
terminal = {
terminal = { inherit (android) font colors;
inherit (android) font colors; };
}; home-manager.config = stylix // {
programs = with programs; core;
home-manager.config = stylix // { imports = [
imports = [ inputs.stylix.homeManagerModules.stylix ]; inputs.stylix.homeManagerModules.stylix
home = { ];
file = import ./config args; home = {
sessionVariables = import ./variable args; file = import ./config args;
stateVersion = const.droidStateVersion; sessionVariables = import ./variable args;
}; stateVersion = const.droidStateVersion;
programs = with programs; core; };
}; };
}; };
} }

70
home/HomeManager.nix
View file

@ -1,70 +0,0 @@
# This is a common user configuration.
{
const,
util,
config,
lib,
__findFile,
...
}@args:
with lib;
let
cfg = config.home.hm;
package = import <package> args;
programs = import ./program args;
in
{
options = {
home.hm = {
enable = mkEnableOption "Home-Manager standalone config.";
username = mkOption {
default = null;
type = types.str;
};
homeDirectory = mkOption {
default = "/home/${cfg.username}";
type = types.str;
};
package = mkOption {
default = { };
type = types.submodule {
options = {
common.enable = mkEnableOption "Common apps.";
core.enable = mkEnableOption "Core apps.";
creative.enable = mkEnableOption "Creative apps.";
desktop.enable = mkEnableOption "Desktop apps.";
dev.enable = mkEnableOption "Dev apps.";
extra.enable = mkEnableOption "Extra apps.";
gaming.enable = mkEnableOption "Gaming apps.";
};
};
};
};
};
config = mkIf cfg.enable (mkMerge [
{
home = {
inherit (cfg) username homeDirectory;
inherit (const) stateVersion;
file = import ./config args;
sessionVariables = import ./variable args;
};
xdg = import ./xdg { inherit (cfg) homeDirectory; };
programs = with programs; core;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
}
(mkIf cfg.package.common.enable { home.packages = package.common; })
(mkIf cfg.package.core.enable { home.packages = package.core; })
(mkIf cfg.package.creative.enable { home.packages = package.creative; })
(mkIf cfg.package.desktop.enable {
home = {
packages = package.desktop;
programs = programs.desktop;
};
})
(mkIf cfg.package.dev.enable { home.packages = package.dev; })
(mkIf cfg.package.extra.enable { home.packages = package.extra; })
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
]);
}

92
home/NixOs.nix
View file

@ -1,57 +1,47 @@
# This is a common user configuration. # This is a common user configuration.
{ {
const, __findFile,
config, config,
util, const,
lib, lib,
pkgs, pkgs,
__findFile, util,
... ...
}@args: } @args: let
with lib; cfg = config.home.nixos;
let programs = import ./program args;
cfg = config.home.nixos; in {
programs = import ./program args; imports = (util.ls <user>);
in
{
imports = (util.ls <user>);
options = { options.home.nixos = {
home.nixos = { enable = lib.mkEnableOption "the NixOS user setup.";
enable = mkEnableOption "NixOS user setup."; users = lib.mkOption {
users = mkOption { default = [ ];
default = [ ]; type = with lib.types; listOf attrs;
type = types.listOf types.attrs; };
}; };
};
};
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
home-manager = { home-manager = {
users = builtins.foldl' ( backupFileExtension = "backup-" + pkgs.lib.readFile "${pkgs.runCommand "timestamp" { } "echo -n date '+%Y%m%d%H%M%S' > $out"}";
acc: user: users = builtins.foldl' (acc: user:
acc acc // {
// { ${user.username} = {
${user.username} = { home = {
home = { inherit (const) stateVersion;
inherit (const) stateVersion; inherit (user) username homeDirectory;
inherit (user) username homeDirectory; file = import ./config args;
file = import ./config args; sessionVariables = import ./variable args;
sessionVariables = import ./variable args;
# ISSUE: https://github.com/nix-community/home-manager/issues/5589 # ISSUE: https://github.com/nix-community/home-manager/issues/5589
extraActivationPath = with pkgs; [ openssh ]; extraActivationPath = with pkgs; [ openssh ];
}; };
xdg = import ./xdg { inherit (user) homeDirectory; }; xdg = import ./xdg { inherit (user) homeDirectory; };
programs = with programs; core // desktop; programs = with programs; core // desktop;
dconf.settings = util.catSet (util.ls ./config/dconf) args; dconf.settings = util.catSet (util.ls ./config/dconf) args;
}; };
} }
) { } cfg.users; ) { } cfg.users;
};
backupFileExtension = };
"backup-"
+ pkgs.lib.readFile "${pkgs.runCommand "timestamp" { } "echo -n date '+%Y%m%d%H%M%S' > $out"}";
};
};
} }

23
home/android/default.nix
View file

@ -1,14 +1,15 @@
{ pkgs, config, ... }:
{ {
font = pkgs.runCommandNoCC "font" { } '' config,
cp ${ pkgs,
pkgs.nerdfonts.override { fonts = [ "Terminus" ]; } ...
}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out }: {
''; font = pkgs.runCommandNoCC "font" { } ''
cp ${pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
'';
colors = with config.style.color; { colors = with config.module.style.color; {
background = "#${bg.dark}"; background = "#${bg.dark}";
cursor = "#${fg.light}"; cursor = "#${fg.light}";
foreground = "#${fg.light}"; foreground = "#${fg.light}";
}; };
} }

346
home/config/btop/default.nix
View file

@ -1,250 +1,100 @@
{ ... }:
{ {
text = '' pkgs,
#? Config file for btop v. 1.3.0 lib,
...
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes. }: let
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes" config = {
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme" background_update = true;
base_10_sizes = true;
#* If the theme set background should be shown, set to False if you want terminal background transparency. check_temp = true;
theme_background = False clock_format = "%X";
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme";
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false. cpu_bottom = false;
truecolor = True cpu_core_map = "";
cpu_graph_lower = "total";
#* Set to true to force tty mode regardless if a real tty has been detected or not. cpu_graph_upper = "total";
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols. cpu_invert_lower = true;
force_tty = False cpu_sensor = "Auto";
cpu_single_graph = false;
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets. custom_cpu_name = "";
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box. custom_gpu_name0 = "";
#* Use whitespace " " as separator between different presets. custom_gpu_name1 = "";
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty" custom_gpu_name2 = "";
presets = "" custom_gpu_name3 = "";
custom_gpu_name4 = "";
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists. custom_gpu_name5 = "";
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift. disk_free_priv = false;
vim_keys = True disks_filter = "exclude = /boot /boot/efi";
force_tty = false;
#* Rounded corners on boxes, is ignored if TTY mode is ON. gpu_mirror_graph = true;
rounded_corners = True graph_symbol = "braille";
graph_symbol_cpu = "default";
#* Default symbols to use for graph creation, "braille", "block" or "tty". graph_symbol_gpu = "default";
#* "braille" offers the highest resolution but might not be included in all fonts. graph_symbol_mem = "default";
#* "block" has half the resolution of braille but uses more common characters. graph_symbol_net = "default";
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY. graph_symbol_proc = "default";
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view. io_graph_combined = false;
graph_symbol = "braille" io_graph_speeds = "";
io_mode = false;
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". log_level = "WARNING";
graph_symbol_cpu = "default" mem_below_net = false;
mem_graphs = true;
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty". net_auto = true;
graph_symbol_gpu = "default" net_download = 100;
net_iface = "";
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". net_sync = true;
graph_symbol_mem = "default" net_upload = 100;
nvml_measure_pcie_speeds = true;
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". only_physical = true;
graph_symbol_net = "default" presets = "";
proc_aggregate = true;
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". proc_colors = true;
graph_symbol_proc = "default" proc_cpu_graphs = true;
proc_filter_kernel = true;
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace. proc_gradient = false;
shown_boxes = "cpu mem net proc" proc_info_smaps = false;
proc_left = true;
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs. proc_mem_bytes = true;
update_ms = 2000 proc_per_core = true;
proc_reversed = false;
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct", proc_sorting = "memory";
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly. proc_tree = true;
proc_sorting = "memory" rounded_corners = true;
selected_battery = "Auto";
#* Reverse sorting order, True or False. show_battery = true;
proc_reversed = False show_coretemp = true;
show_cpu_freq = true;
#* Show processes as a tree. show_disks = true;
proc_tree = False show_gpu_info = "Auto";
show_io_stat = true;
#* Use the cpu graph colors in the process list. show_swap = true;
proc_colors = True show_uptime = true;
shown_boxes = "cpu mem net proc";
#* Use a darkening gradient in the process list. swap_disk = false;
proc_gradient = True temp_scale = "celsius";
theme_background = false;
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power. truecolor = true;
proc_per_core = False update_ms = 2000;
use_fstab = true;
#* Show process memory as bytes instead of percent. vim_keys = true;
proc_mem_bytes = True zfs_arc_cached = true;
zfs_hide_datasets = false;
#* Show cpu graph for each process. };
proc_cpu_graphs = True
mkOption = k: v: lib.generators.mkKeyValueDefault { } " = " k v;
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate) in {
proc_info_smaps = False file = pkgs.writeText "BtopConfig" (
builtins.foldl' (acc: line: acc + "${line}\n") "" (
#* Show proc box on left side of screen instead of right. lib.mapAttrsToList (k: v: let
proc_left = True value = if builtins.isString v then
"\"${v}\""
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop). else if builtins.isBool v then
proc_filter_kernel = True if v then "True" else "False"
else
#* In tree-view, always accumulate child process resources in the parent process. v
proc_aggregate = False ;
in mkOption k value
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available. ) config
#* Select from a list of detected attributes from the options menu. )
cpu_graph_upper = "total" );
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_lower = "total"
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
show_gpu_info = "Auto"
#* Toggles if the lower CPU graph should be inverted.
cpu_invert_lower = True
#* Set to True to completely disable the lower CPU graph.
cpu_single_graph = False
#* Show cpu box at bottom of screen instead of top.
cpu_bottom = False
#* Shows the system uptime in the CPU box.
show_uptime = True
#* Show cpu temperature.
check_temp = True
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
cpu_sensor = "Auto"
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
show_coretemp = True
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
#* Example: "4:0 5:1 6:3"
cpu_core_map = ""
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
temp_scale = "celsius"
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
base_10_sizes = True
#* Show CPU frequency.
show_cpu_freq = True
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
clock_format = "%X"
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
background_update = True
#* Custom cpu model name, empty string to disable.
custom_cpu_name = ""
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
disks_filter = "exclude=/boot /boot/efi"
#* Show graphs instead of meters for memory values.
mem_graphs = True
#* Show mem box below net box instead of above.
mem_below_net = False
#* Count ZFS ARC in cached and available memory.
zfs_arc_cached = True
#* If swap memory should be shown in memory box.
show_swap = True
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
swap_disk = False
#* If mem box should be split to also show disks info.
show_disks = True
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
only_physical = True
#* Read disks list from /etc/fstab. This also disables only_physical.
use_fstab = True
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
zfs_hide_datasets = False
#* Set to true to show available disk space for privileged users.
disk_free_priv = False
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
show_io_stat = True
#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
io_mode = False
#* Set to True to show combined read/write io graphs in io mode.
io_graph_combined = False
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
#* Example: "/mnt/media:100 /:20 /boot:1".
io_graph_speeds = ""
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
net_download = 100
net_upload = 100
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
net_auto = True
#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
net_sync = True
#* Starts with the Network Interface specified here.
net_iface = ""
#* Show battery stats in top right if battery is present.
show_battery = True
#* Which battery to use if multiple are present. "Auto" for auto detection.
selected_battery = "Auto"
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
log_level = "WARNING"
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
nvml_measure_pcie_speeds = True
#* Horizontally mirror the GPU graph.
gpu_mirror_graph = True
#* Custom gpu0 model name, empty string to disable.
custom_gpu_name0 = ""
#* Custom gpu1 model name, empty string to disable.
custom_gpu_name1 = ""
#* Custom gpu2 model name, empty string to disable.
custom_gpu_name2 = ""
#* Custom gpu3 model name, empty string to disable.
custom_gpu_name3 = ""
#* Custom gpu4 model name, empty string to disable.
custom_gpu_name4 = ""
#* Custom gpu5 model name, empty string to disable.
custom_gpu_name5 = ""
'';
} }

183
home/config/chromium/default.nix
View file

@ -1,93 +1,98 @@
{ pkgs, config, ... }:
{ {
preferences = (pkgs.formats.json { }).generate "ChromiumConfig" { pkgs,
bookmark_bar.show_on_all_tabs = false; config,
browser.show_home_button = false; ...
default_apps_install_state = 2; }: {
default_search_provider = { preferences = (pkgs.formats.json { }).generate "ChromiumConfig" {
guid = "5761b040-db50-4f8e-9d00-c9ad985779a4"; name = "Work";
synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4"; bookmark_bar.show_on_all_tabs = false;
}; browser.show_home_button = false;
default_search_provider_data = { default_apps_install_state = 2;
template_url_data = { download.prompt_for_download = false;
id = 11; download_bubble.partial_view_enabled = false;
is_active = 1; intl.selected_languages = "en-US,en";
keyword = "s"; session.restore_on_startup = 1;
short_name = "SearX"; side_panel.is_right_aligned = false;
synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4"; default_search_provider = {
url = "https://search.voronind.com/search?q={searchTerms}"; guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
}; synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
}; };
download.prompt_for_download = false; default_search_provider_data = {
download_bubble.partial_view_enabled = false; template_url_data = {
extensions = { id = 11;
alerts.initialized = false; is_active = 1;
commands = { keyword = "s";
"linux:Alt+Shift+L" = { short_name = "SearX";
command_name = "addSite"; synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
extension = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; url = "https://search.voronind.com/search?q={searchTerms}";
global = false; };
}; };
"linux:Alt+Shift+B" = { extensions = {
command_name = "_execute_browser_action"; alerts.initialized = false;
extension = "cgbcahbpdhpcegmbfconppldiemgcoii"; commands = {
global = false; "linux:Alt+Shift+L" = {
}; command_name = "addSite";
"linux:Alt+Shift+K" = { extension = "eimadpbcbfnmbkopoojfekhnkhdbieeh";
command_name = "launch-element-zapper"; global = false;
extension = "cgbcahbpdhpcegmbfconppldiemgcoii"; };
global = false; "linux:Alt+Shift+B" = {
}; command_name = "_execute_browser_action";
"linux:Alt+Shift+J" = { extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
command_name = "toggle-javascript"; global = false;
extension = "cgbcahbpdhpcegmbfconppldiemgcoii"; };
global = false; "linux:Alt+Shift+K" = {
}; command_name = "launch-element-zapper";
"linux:Alt+Shift+P" = { extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
command_name = "_execute_action"; global = false;
extension = "gcknhkkoolaabfmlnjonogaaifnjlfnp"; };
global = false; "linux:Alt+Shift+J" = {
}; command_name = "toggle-javascript";
}; extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
}; global = false;
intl.selected_languages = "en-US,en"; };
password_manager = { "linux:Alt+Shift+P" = {
autofillable_credentials_account_store_login_database = false; command_name = "_execute_action";
autofillable_credentials_profile_store_login_database = false; extension = "gcknhkkoolaabfmlnjonogaaifnjlfnp";
}; global = false;
name = "Work"; };
session.restore_on_startup = 1; };
side_panel.is_right_aligned = false; };
webkit = { password_manager = {
webprefs = { autofillable_credentials_account_store_login_database = false;
default_fixed_font_size = 14; autofillable_credentials_profile_store_login_database = false;
default_font_size = 17; };
minimum_font_size = 16; webkit = {
fonts = webprefs = {
let default_fixed_font_size = 14;
mono = config.style.font.monospace.name; default_font_size = 17;
sans = config.style.font.sansSerif.name; minimum_font_size = 16;
in fonts = let
{ mono = config.module.style.font.monospace.name;
fixed.Zyyy = mono; sans = config.module.style.font.sansSerif.name;
sansserif.Zyyy = sans; in {
serif.Zyyy = sans; fixed.Zyyy = mono;
standard.Zyyy = sans; sansserif.Zyyy = sans;
}; serif.Zyyy = sans;
}; standard.Zyyy = sans;
}; };
}; };
};
};
localState = (pkgs.formats.json { }).generate "ChromiumLocalState" { localState = (pkgs.formats.json { }).generate "ChromiumLocalState" {
browser = { browser = {
enabled_labs_experiments = [ "smooth-scrolling@2" ]; first_run_finished = true;
first_run_finished = true; enabled_labs_experiments = [
}; "smooth-scrolling@2"
}; ];
};
};
# REF: https://chromeenterprise.google/intl/en_us/policies/ # REF: https://chromeenterprise.google/intl/en_us/policies/
policy = (pkgs.formats.json { }).generate "ChromiumPolicy" { policy = (pkgs.formats.json { }).generate "ChromiumPolicy" {
URLBlocklist = [ "darkreader.org" ]; DefaultBrowserSettingEnabled = false;
DefaultBrowserSettingEnabled = false; URLBlocklist = [
}; "darkreader.org"
];
};
} }

9
home/config/dconf/Accessibility.nix
View file

@ -1,6 +1,5 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/a11y" = {
"org/gnome/desktop/a11y" = { always-show-universal-access-status = true;
always-show-universal-access-status = true; };
};
} }

51
home/config/dconf/Gtk.nix
View file

@ -1,28 +1,27 @@
{ ... }: { ... }: {
{ "org/gtk/gtk4/settings/file-chooser" = {
"org/gtk/gtk4/settings/file-chooser" = { date-format = "regular";
date-format = "regular"; location-mode = "path-bar";
location-mode = "path-bar"; show-hidden = false;
show-hidden = false; show-size-column = true;
show-size-column = true; show-type-column = true;
show-type-column = true; sidebar-width = "166";
sidebar-width = "166"; sort-column = "modified";
sort-column = "modified"; sort-directories-first = true;
sort-directories-first = true; sort-order = "descending";
sort-order = "descending"; type-format = "category";
type-format = "category"; view-type = "list";
view-type = "list"; };
};
"org/gtk/settings/file-chooser" = { "org/gtk/settings/file-chooser" = {
date-format = "regular"; date-format = "regular";
location-mode = "path-bar"; location-mode = "path-bar";
show-hidden = false; show-hidden = false;
show-size-column = true; show-size-column = true;
show-type-column = true; show-type-column = true;
sort-column = "modified"; sort-column = "modified";
sort-directories-first = true; sort-directories-first = true;
sort-order = "descending"; sort-order = "descending";
type-format = "category"; type-format = "category";
}; };
} }

64
home/config/dconf/Input.nix
View file

@ -1,40 +1,32 @@
{ lib, config, ... }:
{ {
"org/gnome/desktop/input-sources" = with lib.gvariant; { lib,
current = mkUint32 0; config,
mru-sources = [ ...
(mkTuple [ }: {
"xkb" "org/gnome/desktop/input-sources" = with lib.gvariant; let
"us" sources = [
]) (mkTuple [ "xkb" "us" ])
(mkTuple [ (mkTuple [ "xkb" "ru" ])
"xkb" ];
"ru" in {
]) inherit sources;
]; current = mkUint32 0;
per-window = false; mru-sources = sources;
show-all-sources = true; per-window = false;
sources = [ show-all-sources = true;
(mkTuple [ xkb-options = [
"xkb" config.module.keyboard.options
"us" ];
]) };
(mkTuple [
"xkb"
"ru"
])
];
xkb-options = [ config.setting.keyboard.options ];
};
"org/gnome/desktop/peripherals/mouse" = { "org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat"; accel-profile = "flat";
natural-scroll = true; natural-scroll = true;
speed = "0.0"; speed = "0.0";
}; };
"org/gnome/desktop/peripherals/touchpad" = { "org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true; tap-to-click = true;
two-finger-scrolling-enabled = true; two-finger-scrolling-enabled = true;
}; };
} }

18
home/config/dconf/Interface.nix
View file

@ -1,12 +1,12 @@
{ ... }: { ... }:
{ {
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {
clock-show-date = true; clock-show-date = true;
clock-show-weekday = true; clock-show-weekday = true;
color-scheme = "prefer-dark"; color-scheme = "prefer-dark";
enable-animations = false; enable-animations = false;
enable-hot-corners = false; enable-hot-corners = false;
gtk-enable-primary-paste = false; gtk-enable-primary-paste = false;
show-battery-percentage = false; show-battery-percentage = false;
}; };
} }

244
home/config/dconf/Key.nix
View file

@ -1,134 +1,132 @@
{ config, ... }: { ... }: let
let mod = "<Super>";
mod = "<Super>"; in {
in "org/gnome/desktop/wm/keybindings" = {
{ activate-window-menu = [ "" ];
"org/gnome/desktop/wm/keybindings" = { begin-move = [ "" ];
activate-window-menu = [ "" ]; begin-resize = [ "${mod}r" ];
begin-move = [ "" ]; close = [ "${mod}x" ];
begin-resize = [ "${mod}r" ]; cycle-group = [ "" ];
close = [ "${mod}x" ]; cycle-group-backward = [ "" ];
cycle-group = [ "" ]; cycle-panels = [ "" ];
cycle-group-backward = [ "" ]; cycle-panels-backward = [ "" ];
cycle-panels = [ "" ]; cycle-windows = [ "" ];
cycle-panels-backward = [ "" ]; cycle-windows-backward = [ "" ];
cycle-windows = [ "" ]; maximize = [ "" ];
cycle-windows-backward = [ "" ]; maximize-horizontally = [ "" ];
maximize = [ "" ]; minimize = [ "${mod}s" ];
maximize-horizontally = [ "" ]; move-to-monitor-down = [ "" ];
minimize = [ "${mod}s" ]; move-to-monitor-left = [ "" ];
move-to-monitor-down = [ "" ]; move-to-monitor-right = [ "" ];
move-to-monitor-left = [ "" ]; move-to-monitor-up = [ "" ];
move-to-monitor-right = [ "" ]; move-to-workspace-1 = [ "" ];
move-to-monitor-up = [ "" ]; move-to-workspace-2 = [ "" ];
move-to-workspace-1 = [ "" ]; move-to-workspace-3 = [ "" ];
move-to-workspace-2 = [ "" ]; move-to-workspace-4 = [ "" ];
move-to-workspace-3 = [ "" ]; move-to-workspace-last = [ "" ];
move-to-workspace-4 = [ "" ]; move-to-workspace-left = [ "<Shift>${mod}q" ];
move-to-workspace-last = [ "" ]; move-to-workspace-right = [ "<Shift>${mod}e" ];
move-to-workspace-left = [ "<Shift>${mod}q" ]; panel-run-dialog = [ "${mod}space" ];
move-to-workspace-right = [ "<Shift>${mod}e" ]; show-desktop = [ "${mod}c" ];
panel-run-dialog = [ "${mod}space" ]; switch-applications = [ "${mod}Tab" ];
show-desktop = [ "${mod}c" ]; switch-applications-backward = [ "<Shift>${mod}Tab" ];
switch-applications = [ "${mod}Tab" ]; switch-group = [ "<Alt>Tab" ];
switch-applications-backward = [ "<Shift>${mod}Tab" ]; switch-group-backward = [ "<Shift><Alt>Tab" ];
switch-group = [ "<Alt>Tab" ]; switch-input-source = [ "" ];
switch-group-backward = [ "<Shift><Alt>Tab" ]; switch-input-source-backward = [ "" ];
switch-input-source = [ "" ]; switch-panels = [ "" ];
switch-input-source-backward = [ "" ]; switch-panels-backward = [ "" ];
switch-panels = [ "" ]; switch-to-workspace-1 = [ "" ];
switch-panels-backward = [ "" ]; switch-to-workspace-2 = [ "" ];
switch-to-workspace-1 = [ "" ]; switch-to-workspace-3 = [ "" ];
switch-to-workspace-2 = [ "" ]; switch-to-workspace-4 = [ "" ];
switch-to-workspace-3 = [ "" ]; switch-to-workspace-last = [ "" ];
switch-to-workspace-4 = [ "" ]; switch-to-workspace-left = [ "${mod}q" ];
switch-to-workspace-last = [ "" ]; switch-to-workspace-right = [ "${mod}e" ];
switch-to-workspace-left = [ "${mod}q" ]; switch-windows = [ "" ];
switch-to-workspace-right = [ "${mod}e" ]; switch-windows-backward = [ "" ];
switch-windows = [ "" ]; toggle-fullscreen = [ "${mod}f" ];
switch-windows-backward = [ "" ]; toggle-maximized = [ "${mod}w" ];
toggle-fullscreen = [ "${mod}f" ]; unmaximize = [ "" ];
toggle-maximized = [ "${mod}w" ]; };
unmaximize = [ "" ];
};
"org/gnome/mutter/keybindings" = { "org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "${mod}a" ]; toggle-tiled-left = [ "${mod}a" ];
toggle-tiled-right = [ "${mod}d" ]; toggle-tiled-right = [ "${mod}d" ];
}; };
"org/gnome/mutter/wayland/keybindings" = { "org/gnome/mutter/wayland/keybindings" = {
restore-shortcuts = [ "" ]; restore-shortcuts = [ "" ];
}; };
"org/gnome/settings-daemon/plugins/media-keys" = { "org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [ custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
]; ];
magnifier = [ "" ]; magnifier = [ "" ];
magnifier-zoom-in = [ "" ]; magnifier-zoom-in = [ "" ];
magnifier-zoom-out = [ "" ]; magnifier-zoom-out = [ "" ];
screenreader = [ "" ]; screenreader = [ "" ];
screensaver = [ "${mod}z" ]; screensaver = [ "${mod}z" ];
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "${mod}Escape"; binding = "${mod}Escape";
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'"; command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
name = "gnome-terminal"; name = "gnome-terminal";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "printz"; binding = "printz";
command = "systemctl suspend -i"; command = "systemctl suspend -i";
name = "System Sleep"; name = "System Sleep";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
binding = "printx"; binding = "printx";
command = "systemctl poweroff -i"; command = "systemctl poweroff -i";
name = "System Poweroff"; name = "System Poweroff";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
binding = "printc"; binding = "printc";
command = "systemctl reboot -i"; command = "systemctl reboot -i";
name = "System Reboot"; name = "System Reboot";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
binding = "printp"; binding = "printp";
command = "powersave toggle"; command = "powersave toggle";
name = "Toggle Powersave"; name = "Toggle Powersave";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
binding = "printl"; binding = "printl";
command = "powerlimit toggle"; command = "powerlimit toggle";
name = "Toggle Powerlimit"; name = "Toggle Powerlimit";
}; };
"org/gnome/shell/keybindings" = { "org/gnome/shell/keybindings" = {
focus-active-notification = [ "" ]; focus-active-notification = [ "" ];
open-application-menu = [ "" ]; open-application-menu = [ "" ];
show-screenshot-ui = [ "${mod}v" ]; show-screenshot-ui = [ "${mod}v" ];
switch-to-application-1 = [ "" ]; switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ]; switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ]; switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ]; switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ]; switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ]; switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ]; switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ]; switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ]; switch-to-application-9 = [ "" ];
toggle-application-view = [ "" ]; toggle-application-view = [ "" ];
toggle-message-tray = [ "" ]; toggle-message-tray = [ "" ];
toggle-overview = [ "" ]; toggle-overview = [ "" ];
toggle-quick-settings = [ "" ]; toggle-quick-settings = [ "" ];
}; };
} }

13
home/config/dconf/Media.nix
View file

@ -1,8 +1,7 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/media-handling" = {
"org/gnome/desktop/media-handling" = { automount = false;
automount = false; automount-open = false;
automount-open = false; autorun-never = true;
autorun-never = true; };
};
} }

37
home/config/dconf/Nautilus.nix
View file

@ -1,22 +1,21 @@
{ ... }: { ... }: {
{ "org/gnome/nautilus/icon-view" = {
"org/gnome/nautilus/icon-view" = { default-zoom-level = "larger";
default-zoom-level = "larger"; };
};
"org/gnome/nautilus/list-view" = { "org/gnome/nautilus/list-view" = {
default-zoom-level = "small"; default-zoom-level = "small";
use-tree-view = false; use-tree-view = false;
}; };
"org/gnome/nautilus/preferences" = { "org/gnome/nautilus/preferences" = {
click-policy = "single"; click-policy = "single";
default-folder-viewer = "list-view"; default-folder-viewer = "list-view";
default-sort-in-reverse-order = false; default-sort-in-reverse-order = false;
default-sort-order = "name"; default-sort-order = "name";
migrated-gtk-settings = true; migrated-gtk-settings = true;
search-filter-time-type = "last_modified"; search-filter-time-type = "last_modified";
search-view = "list-view"; search-view = "list-view";
show-image-thumbnails = "local-only"; show-image-thumbnails = "local-only";
}; };
} }

19
home/config/dconf/Power.nix
View file

@ -1,11 +1,10 @@
{ ... }: { ... }: {
{ "org/gnome/settings-daemon/plugins/power" = {
"org/gnome/settings-daemon/plugins/power" = { ambient-enabled = false;
ambient-enabled = false; idle-dim = false;
idle-dim = false; power-button-action = "nothing";
power-button-action = "nothing"; sleep-inactive-ac-timeout = "0";
sleep-inactive-ac-timeout = "0"; sleep-inactive-ac-type = "nothing";
sleep-inactive-ac-type = "nothing"; sleep-inactive-battery-type = "nothing";
sleep-inactive-battery-type = "nothing"; };
};
} }

28
home/config/dconf/Privacy.nix
View file

@ -1,16 +1,18 @@
{ lib, ... }:
{ {
"org/gnome/desktop/privacy" = with lib.gvariant; { lib,
disable-camera = false; ...
disable-microphone = false; }: {
old-files-age = mkUint32 30; "org/gnome/desktop/privacy" = with lib.gvariant; {
recent-files-max-age = mkUint32 30; disable-camera = false;
remove-old-temp-files = true; disable-microphone = false;
remove-old-trash-files = true; old-files-age = mkUint32 30;
report-technical-problems = true; recent-files-max-age = mkUint32 30;
}; remove-old-temp-files = true;
remove-old-trash-files = true;
report-technical-problems = true;
};
"org/gnome/system/location" = { "org/gnome/system/location" = {
enabled = false; enabled = false;
}; };
} }

10
home/config/dconf/Session.nix
View file

@ -1,6 +1,8 @@
{ lib, ... }:
{ {
"org/gnome/desktop/session" = with lib.gvariant; { lib,
idle-delay = mkUint32 0; ...
}; }: {
"org/gnome/desktop/session" = with lib.gvariant; {
idle-delay = mkUint32 0;
};
} }

25
home/config/dconf/Shell.nix
View file

@ -1,15 +1,14 @@
{ ... }: { ... }: {
{ "org/gnome/shell" = {
"org/gnome/shell" = { disable-extension-version-validation = true;
disable-extension-version-validation = true; disable-user-extensions = false;
disable-user-extensions = false; favorite-apps = [ "" ];
favorite-apps = [ "" ]; had-bluetooth-devices-setup = true;
had-bluetooth-devices-setup = true; last-selected-power-profile = "power-saver";
last-selected-power-profile = "power-saver"; remember-mount-password = false;
remember-mount-password = false; };
};
"system/proxy" = { "system/proxy" = {
mode = "none"; mode = "none";
}; };
} }

15
home/config/dconf/Software.nix
View file

@ -1,9 +1,8 @@
{ ... }: { ... }: {
{ "org/gnome/software" = {
"org/gnome/software" = { download-updates = false;
download-updates = false; download-updates-notify = false;
download-updates-notify = false; first-run = false;
first-run = false; show-nonfree-prompt = false;
show-nonfree-prompt = false; };
};
} }

13
home/config/dconf/Sound.nix
View file

@ -1,8 +1,7 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/sound" = {
"org/gnome/desktop/sound" = { allow-volume-above-100-percent = false;
allow-volume-above-100-percent = false; event-sounds = false;
event-sounds = false; theme-name = "freedesktop";
theme-name = "freedesktop"; };
};
} }

56
home/config/dconf/Wm.nix
View file

@ -1,33 +1,35 @@
{ lib, ... }:
{ {
"org/gnome/desktop/wm/preferences" = { lib,
action-middle-click-titlebar = "minimize"; ...
action-right-click-titlebar = "menu"; }: {
focus-mode = "click"; # `click` or `sloppy`. "org/gnome/desktop/wm/preferences" = {
button-layout = "appmenu:close"; action-middle-click-titlebar = "minimize";
}; action-right-click-titlebar = "menu";
button-layout = "appmenu:close";
focus-mode = "click"; # `click` or `sloppy`.
};
"org/gnome/mutter" = { "org/gnome/mutter" = {
attach-modal-dialogs = true; attach-modal-dialogs = true;
center-new-windows = true; center-new-windows = true;
dynamic-workspaces = true; dynamic-workspaces = true;
edge-tiling = true; edge-tiling = true;
workspaces-only-on-primary = true; workspaces-only-on-primary = true;
}; };
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; { "org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
night-light-enabled = false; night-light-enabled = false;
night-light-schedule-automatic = false; night-light-schedule-automatic = false;
night-light-schedule-from = "0.0"; night-light-schedule-from = "0.0";
night-light-schedule-to = "0.0"; night-light-schedule-to = "0.0";
night-light-temperature = mkUint32 3700; night-light-temperature = mkUint32 3700;
}; };
"org/gnome/shell/app-switcher" = { "org/gnome/shell/app-switcher" = {
current-workspace-only = true; current-workspace-only = true;
}; };
"org/gnome/shell/overrides" = { "org/gnome/shell/overrides" = {
edge-tiling = false; edge-tiling = false;
}; };
} }

112
home/config/default.nix
View file

@ -1,60 +1,56 @@
{ {
self, config,
inputs, inputs,
config, self,
... ...
}@args: } @args: let
let btop = import ./btop args;
btop = import ./btop args; chromium = import ./chromium args;
chromium = import ./chromium args; editor = import ./editorconfig args;
editor = import ./editorconfig args; foot = import ./foot args;
foot = import ./foot args; fuzzel = import ./fuzzel args;
fuzzel = import ./fuzzel args; git = import ./git args;
git = import ./git args; jetbrains = import ./jetbrains args;
gtk3 = import ./gtk/3 args; keyd = import ./keyd args;
jetbrains = import ./jetbrains args; mako = import ./mako args;
keyd = import ./keyd args; mangohud = import ./mangohud args;
mako = import ./mako args; nvim = import ./nvim args;
mangohud = import ./mangohud args; ssh = import ./ssh args;
nvim = import ./nvim args; swappy = import ./swappy args;
ssh = import ./ssh args; sway = import ./sway args;
swappy = import ./swappy args; tmux = import ./tmux args;
sway = import ./sway args; waybar = import ./waybar args;
tmux = import ./tmux args; yazi = import ./yazi args;
waybar = import ./waybar args; in {
yazi = import ./yazi args; ".Wallpaper".source = config.module.wallpaper.path;
in ".config/MangoHud/MangoHud.conf".source = mangohud.config;
{ ".config/MangoHud/presets.conf".source = mangohud.presets;
".Wallpaper".source = config.module.wallpaper.path; ".config/btop/btop.conf".source = btop.file;
".config/MangoHud/MangoHud.conf".source = mangohud.config; ".config/chromium/Default/Preferences".source = chromium.preferences;
".config/MangoHud/presets.conf".source = mangohud.presets; ".config/chromium/Local State".source = chromium.localState;
".config/btop/btop.conf".text = btop.text; ".config/foot/foot.ini".source = foot.file;
".config/chromium/Default/Preferences".source = chromium.preferences; ".config/fuzzel/fuzzel.ini".source = fuzzel.file;
".config/chromium/Local State".source = chromium.localState; ".config/keyd/app.conf".text = keyd.text;
".config/foot/foot.ini".source = foot.file; ".config/mako/config".source = mako.file;
".config/fuzzel/fuzzel.ini".source = fuzzel.file; ".config/nvim/init.vim".text = nvim.text;
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks; ".config/swappy/config".source = swappy.config;
".config/keyd/app.conf".text = keyd.text; ".config/sway/config".text = sway.text;
".config/mako/config".source = mako.file; ".config/tmux/tmux.conf".text = tmux.text;
".config/nvim/init.vim".text = nvim.text; ".config/waybar/config".source = waybar.config;
".config/swappy/config".source = swappy.config; ".config/waybar/style.css".source = waybar.style;
".config/sway/config".text = sway.text; ".config/yazi/init.lua".source = yazi.init;
".config/tmux/tmux.conf".text = tmux.text; ".config/yazi/keymap.toml".source = yazi.keymap;
".config/waybar/config".source = waybar.config; ".config/yazi/theme.toml".source = yazi.theme;
".config/waybar/style.css".source = waybar.style; ".config/yazi/yazi.toml".source = yazi.yazi;
".config/yazi/init.lua".source = yazi.init; ".editorconfig".source = editor.file;
".config/yazi/keymap.toml".source = yazi.keymap; ".gitconfig".source = git.file;
".config/yazi/theme.toml".source = yazi.theme; ".ideavimrc".text = jetbrains.ideavimrc;
".config/yazi/yazi.toml".source = yazi.yazi; ".nix".source = self;
".editorconfig".source = editor.file; ".nixpkgs".source = inputs.nixpkgs;
".gitconfig".source = git.file; ".parallel/will-cite".text = "";
".ideavimrc".text = jetbrains.ideavimrc; ".ssh/config".text = ssh.text;
".nix".source = self; ".template".source = ./template;
".nixpkgs".source = inputs.nixpkgs; # ".nixpkgs_master".source = inputs.nixpkgs;
".parallel/will-cite".text = ""; # ".nixpkgs_unstable".source = inputs.nixpkgs;
".ssh/config".text = ssh.text; # TODO: Add after migrating to stable.
".template".source = ./template;
# ".nixpkgs_master".source = inputs.nixpkgs;
# ".nixpkgs_unstable".source = inputs.nixpkgs;
# TODO: Add after migrating to stable.
} }

56
home/config/editorconfig/default.nix
View file

@ -1,34 +1,26 @@
{ pkgs, ... }:
{ {
file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" { pkgs,
globalSection.root = true; ...
}: {
sections = { file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" {
"*" = { globalSection = {
end_of_line = "lf"; root = true;
charset = "utf-8"; };
indent_style = "tab"; sections = {
indent_size = 2; "*" = {
insert_final_newline = false; charset = "utf-8";
trim_trailing_whitespace = true; end_of_line = "lf";
}; indent_size = 8;
indent_style = "tab";
"Makefile" = { insert_final_newline = false;
indent_size = 4; trim_trailing_whitespace = true;
}; };
"*.nix" = {
"*.nix" = { indent_size = 2;
indent_style = "space"; };
indent_size = 2; "*.{lua,kt,kts,rs,py}" = {
}; indent_size = 4;
};
"*.{lua,kt,kts,rs,py}" = { };
indent_size = 4; };
};
"*.{sh,md}" = {
indent_size = 8;
};
};
};
} }

57
home/config/foot/default.nix
View file

@ -1,30 +1,31 @@
{ config, pkgs, ... }:
let
dpiAware = if config.setting.dpiAware then "yes" else "no";
borderSize = toString config.style.window.border;
fontStep = 1;
in
{ {
file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" { config,
globalSection = { pkgs,
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; ...
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; }: let
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; borderSize = toString config.module.style.window.border;
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; dpiAware = if config.module.dpi.aware then "yes" else "no";
dpi-aware = dpiAware; fontStep = 1;
font-size-adjustment = fontStep; in {
pad = "${borderSize}x${borderSize} center"; file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" {
}; globalSection = {
dpi-aware = dpiAware;
sections = { font = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
colors = { font-bold = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
alpha = config.style.opacity.terminal; font-bold-italic = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
background = config.style.color.bg.dark; font-italic = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
foreground = config.style.color.fg.light; font-size-adjustment = fontStep;
}; pad = "${borderSize}x${borderSize} center";
key-bindings = { };
show-urls-launch = "Mod1+o"; sections = {
}; colors = {
}; alpha = config.module.style.opacity.terminal;
}; background = config.module.style.color.bg.dark;
foreground = config.module.style.color.fg.light;
};
key-bindings = {
show-urls-launch = "Mod1+o";
};
};
};
} }

74
home/config/fuzzel/default.nix
View file

@ -1,40 +1,38 @@
{ pkgs, config, ... }:
let
dpiAware = if config.setting.dpiAware then "yes" else "no";
in
{ {
file = (pkgs.formats.ini { }).generate "FuzzelConfig" { pkgs,
main = { config,
dpi-aware = dpiAware; ...
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}"; }: let
font = "Minecraftia:size=${toString config.style.font.size.popup}"; dpiAware = if config.module.dpi.aware then "yes" else "no";
lines = 20; in {
prompt = "\"\""; file = (pkgs.formats.ini { }).generate "FuzzelConfig" {
show-actions = "yes"; main = {
terminal = "foot"; dpi-aware = dpiAware;
width = 40; font = "Minecraftia:size=${toString config.module.style.font.size.popup}";
# list-executables-in-path = "no"; lines = 20;
}; prompt = "\"\"";
border = { show-actions = "yes";
radius = 0; terminal = "foot";
width = 1; width = 40;
}; };
colors = border = {
let radius = 0;
defaultOpacity = "ff"; width = 1;
in };
{ colors = let
background = config.style.color.bg.dark + config.style.opacity.hex; defaultOpacity = "ff";
border = config.style.color.border + config.style.opacity.hex; in {
counter = config.style.color.bg.regular + defaultOpacity; background = config.module.style.color.bg.dark + config.module.style.opacity.hex;
input = config.style.color.fg.light + defaultOpacity; border = config.module.style.color.border + config.module.style.opacity.hex;
match = config.style.color.fg.light + defaultOpacity; counter = config.module.style.color.bg.regular + defaultOpacity;
placeholder = config.style.color.bg.regular + defaultOpacity; input = config.module.style.color.fg.light + defaultOpacity;
prompt = config.style.color.fg.light + defaultOpacity; match = config.module.style.color.fg.light + defaultOpacity;
selection = config.style.color.bg.regular + defaultOpacity; placeholder = config.module.style.color.bg.regular + defaultOpacity;
selection-match = config.style.color.accent + defaultOpacity; prompt = config.module.style.color.fg.light + defaultOpacity;
selection-text = config.style.color.fg.light + defaultOpacity; selection = config.module.style.color.bg.regular + defaultOpacity;
text = config.style.color.fg.light + defaultOpacity; selection-match = config.module.style.color.accent + defaultOpacity;
}; selection-text = config.module.style.color.fg.light + defaultOpacity;
}; text = config.module.style.color.fg.light + defaultOpacity;
};
};
} }

26
home/config/git/default.nix
View file

@ -1,14 +1,16 @@
{ secret, pkgs, ... }:
{ {
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" { secret,
# credential.helper = "store"; pkgs,
gpg.format = secret.crypto.sign.git.format; ...
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed; }: {
init.defaultBranch = "main"; file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
pull.rebase = true; gpg.format = secret.crypto.sign.git.format;
push.autoSetupRemote = true; gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
rebase.autoStash = true; init.defaultBranch = "main";
safe.directory = "*"; pull.rebase = true;
user.signingkey = builtins.readFile secret.crypto.sign.git.key; push.autoSetupRemote = true;
}; rebase.autoStash = true;
safe.directory = "*";
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
};
} }

10
home/config/gtk/3/default.nix
View file

@ -1,10 +0,0 @@
{ ... }:
{
bookmarks = ''
file:///storage
file:///home/voronind/tmp
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
sftp://10.0.0.1:22143/ home sftp
ftp://10.0.0.1/ home ftp
'';
}

Some files were not shown because too many files have changed in this diff Show more