voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Purge nixfmt!

Browse source
This commit is contained in:
Dmitry Voronin 2024-11-04 04:37:29 +03:00
parent d590e6e590
commit a1f4bae2a6
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
356 changed files with 13267 additions and 16348 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.editorconfig
View file

@ -5,9 +5,5 @@ indent_style = tab
insert_final_newline = true
trim_trailing_whitespace = true
[*.nix]
indent_style = space
indent_size = 2
[*.md]
trim_trailing_whitespace = false

3
.readme/keyboard/Readme.md
View file

@ -1,3 +0,0 @@
# Keyd layouts.
http://www.keyboard-layout-editor.com

151
.readme/keyboard/alt/keyboard-layout.json
View file

@ -1,151 +0,0 @@
[
[
{
"c": "#8ec07c"
},
"Esc",
{
"c": "#cccccc"
},
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
"Q",
{
"c": "#8ec07c"
},
"Page Up",
{
"c": "#cccccc"
},
"E",
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"Caps Lock",
"Home",
"Page Down",
"End",
{
"c": "#cccccc"
},
"F",
"G",
{
"c": "#8ec07c"
},
"Left",
"Down",
"Up",
"Right",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
"Z",
{
"c": "#8ec07c"
},
"Cut",
"Copy",
"Paste",
{
"c": "#cccccc"
},
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"c": "#d79921",
"w": 1.25
},
"Alterna-tive keys",
{
"c": "#cccccc",
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"c": "#8ec07c",
"w": 1.25
},
"Ctrl"
]
]

165
.readme/keyboard/app/firefox/keyboard-layout.json
View file

@ -1,165 +0,0 @@
[
[
"~\n`",
"!\n1\n\n\n\n\nTab 1",
"@\n2\n\n\n\n\nTab 2",
"#\n3\n\n\n\n\nTab 3",
"$\n4\n\n\n\n\nTab 4",
"%\n5\n\n\n\n\nTab 5",
"^\n6\n\n\n\n\nTab 6",
"&\n7\n\n\n\n\nTab 7",
"*\n8\n\n\n\n\nTab 8",
"(\n9\n\n\n\n\nTab 9",
")\n0\n\n\n\n\nTab 10",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Tab / Move",
"Up",
"Next Tab / Move",
"Full Refresh",
{
"c": "#cccccc"
},
"T",
"Y",
{
"c": "#8ec07c"
},
"Restore Tab",
{
"c": "#cccccc"
},
"I",
"O",
{
"c": "#8ec07c"
},
"Fill Pass-word",
{
"c": "#cccccc"
},
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"New Tab",
"Go Back",
"Down",
"Go Fwd",
"Find",
{
"c": "#cccccc"
},
"G",
"H",
"J",
"K",
{
"c": "#8ec07c"
},
"Toggle Dark Mode",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"c": "#8ec07c",
"w": 2.25
},
"Alternative Action (after slash)",
{
"c": "#cccccc"
},
"Z",
{
"c": "#8ec07c"
},
"Close Tab",
{
"c": "#cccccc"
},
"C",
"V",
"B",
{
"c": "#8ec07c"
},
"Find Next / Prev",
{
"c": "#cccccc"
},
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#8ec07c",
"w": 6.25
},
"Toggle Address Bar",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

162
.readme/keyboard/app/jetbrains/keyboard-layout.json
View file

@ -1,162 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
{
"c": "#8ec07c"
},
"Reformat",
{
"c": "#cccccc",
"w": 2
},
"Backspace"
],
[
{
"c": "#8ec07c",
"w": 1.5
},
"Step Over (Tap) / Step Into (Hold)",
"Prev Tab",
{
"c": "#cccccc"
},
"W",
{
"c": "#8ec07c"
},
"Next Tab",
"Run",
{
"c": "#cccccc"
},
"T",
"Y",
"U",
{
"c": "#8ec07c"
},
"Impl-ement",
"Over-ride",
{
"c": "#cccccc"
},
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"New Scratch",
"Attach Debug-ger",
"Refac-tor",
"Run Debug",
"Find",
"Go to Defini-tion",
{
"c": "#cccccc"
},
"H",
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Stop App",
"Close Tab",
"Close Bottom Panel",
"Show Doc",
{
"c": "#cccccc"
},
"B",
{
"c": "#8ec07c"
},
"Inline",
"Settings",
{
"c": "#cccccc"
},
"<\n,",
{
"c": "#8ec07c"
},
"Toggle Break-point\n.",
"Toggle Com-ment",
{
"c": "#cccccc",
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#cccccc",
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

167
.readme/keyboard/app/nautilus/keyboard-layout.json
View file

@ -1,167 +0,0 @@
[
[
"~\n`",
{
"c": "#8ec07c"
},
"List View",
"Grid View",
{
"c": "#cccccc"
},
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Tab / Move",
{
"c": "#cccccc"
},
"W",
{
"c": "#8ec07c"
},
"Next Tab / Move",
"Refresh Dir",
"New window",
"Copy Selection",
{
"c": "#cccccc"
},
"U",
{
"c": "#8ec07c"
},
"Invert Selec-tion",
{
"c": "#cccccc"
},
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"New Tab",
"Create Dir",
"Rename",
"Delete",
"Search Dir",
{
"c": "#cccccc"
},
"G",
{
"c": "#8ec07c"
},
"Toggle Hidden Files",
{
"c": "#cccccc"
},
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
"Z",
{
"c": "#8ec07c"
},
"Close Tab",
{
"c": "#cccccc"
},
"C",
{
"c": "#8ec07c"
},
"File Info",
"Go Back",
{
"c": "#cccccc"
},
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#8ec07c",
"w": 6.25
},
"Focus Navigation Bar",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

160
.readme/keyboard/app/tmux/keyboard-layout.json
View file

@ -1,160 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
{
"c": "#8ec07c"
},
"Split / Align Vertical",
"Equalize Splits",
{
"c": "#cccccc",
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Window",
"Up",
"Next Window",
"Reload Settings",
{
"c": "#cccccc"
},
"T",
{
"c": "#8ec07c"
},
"Copy Selection",
{
"c": "#cccccc"
},
"U",
"I",
"O",
{
"c": "#8ec07c"
},
"Paste",
{
"c": "#cccccc"
},
"{\n[",
"}\n]",
{
"c": "#8ec07c",
"w": 1.5
},
"Split / Align Horizontal"
],
[
{
"w": 1.75
},
"New Window",
"Left",
"Down",
"Right",
"Toggle Status Bar",
"Select Session",
"Resize Left",
"Resize/ Scroll Down",
"Resize/ Scroll Up",
"Resize Right",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Detach Session/Others",
"Close Window",
"Close Pane",
"Select",
{
"c": "#cccccc"
},
"B",
"N",
"M",
{
"c": "#8ec07c"
},
"Prev Session",
"Next Session",
{
"c": "#cccccc"
},
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"App Controls",
{
"c": "#cccccc",
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

142
.readme/keyboard/main/keyboard-layout.json
View file

@ -1,142 +0,0 @@
[
[
{
"c": "#d79921",
"sm": "alps"
},
"System Controls",
{
"c": "#cccccc"
},
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"c": "#8ec07c",
"w": 2
},
"Delete"
],
[
{
"c": "#cccccc",
"w": 1.5
},
"Tab",
"Q",
"W",
"E",
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"c": "#8ec07c",
"w": 1.75
},
"Ctrl / Esc",
{
"c": "#cccccc"
},
"A",
"S",
"D",
{
"n": true
},
"F",
"G",
"H",
{
"n": true
},
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
"Z",
"X",
"C",
"V",
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"c": "#8ec07c",
"w": 2.75
},
"Backspace"
],
[
{
"c": "#d79921",
"w": 1.25
},
"Alterna-tive Keys",
{
"w": 1.25
},
"WM Controls",
{
"w": 1.25
},
"App Controls",
{
"w": 6.25
},
"Neovim",
{
"c": "#8ec07c",
"w": 1.25
},
"Language Switch",
{
"c": "#d79921",
"w": 1.25
},
"Extra Numbers",
{
"w": 1.25
},
"Media Controls",
{
"c": "#cccccc",
"d": true
},
"Fn"
]
]

139
.readme/keyboard/media/keyboard-layout.json
View file

@ -1,139 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"Prev Song",
"Volume Up",
"Next Song",
{
"c": "#cccccc"
},
"R",
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"w": 1.75
},
"Caps Lock",
{
"c": "#8ec07c"
},
"Seek Back",
"Volume Down",
"Seek Fwd",
{
"c": "#cccccc"
},
"F",
"G",
"H",
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Mute Sound",
"Stop",
"Cycle Sound Device",
"Mute Mic",
{
"c": "#cccccc"
},
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"c": "#8ec07c",
"w": 6.25
},
"Play / Pause",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"c": "#d79921",
"w": 1.25
},
"Media Controls (RCtrl)"
]
]

144
.readme/keyboard/number/keyboard-layout.json
View file

@ -1,144 +0,0 @@
[
[
"~\n`",
{
"c": "#8ec07c"
},
"=",
"/",
"*",
"-",
{
"c": "#cccccc"
},
"f17",
"f18",
"f19",
"f20",
"f21",
"f22",
"f23",
"f24",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
{
"c": "#8ec07c"
},
"7",
"8",
"9",
"+",
{
"c": "#cccccc"
},
"T",
"Y",
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"w": 1.75
},
"Caps Lock",
{
"c": "#8ec07c"
},
"4",
"5",
"6",
"Enter",
{
"c": "#cccccc"
},
"G",
"H",
"J",
"K",
"L",
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"c": "#8ec07c",
"w": 2.25
},
"Backspace",
"1",
"2",
"3",
". (dot)",
{
"c": "#cccccc"
},
"B",
"N",
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"c": "#8ec07c",
"w": 6.25
},
"0",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"c": "#d79921",
"w": 1.25
},
"Extra Numbers",
{
"c": "#cccccc",
"w": 1.25
},
"Ctrl"
]
]

158
.readme/keyboard/sway/keyboard-layout.json
View file

@ -1,158 +0,0 @@
[
[
"~\n`",
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
{
"c": "#8ec07c"
},
"Split Vertic-ally",
{
"c": "#cccccc"
},
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"c": "#8ec07c",
"w": 1.5
},
"Tab mode toggle",
"Prev Work-space",
"Up",
"Next Work-space",
"Float layer / Waybar",
{
"c": "#cccccc"
},
"T",
{
"c": "#8ec07c"
},
"Full Scr / Rec",
{
"c": "#cccccc"
},
"U",
"I",
"O",
"P",
"{\n[",
"}\n]",
{
"c": "#8ec07c",
"w": 1.5
},
"Split Hori-zontally"
],
[
{
"w": 1.75
},
"Terminal",
"Left",
"Down",
"Right",
"Full-screen / Float",
{
"c": "#cccccc"
},
"G",
{
"c": "#8ec07c"
},
"Resize Left",
"Resize Down",
"Resize Up",
"Resize Right",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"c": "#8ec07c",
"w": 2.25
},
"Alternative action (after slash) or move window",
"Lock / +Sus-pend",
"Close Window",
"Scratch toggle / move",
"Select Scr / Rec",
{
"c": "#cccccc"
},
"B",
{
"c": "#8ec07c"
},
"Dismiss Notif / Repeat",
{
"c": "#cccccc"
},
"M",
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"c": "#d79921",
"w": 1.25
},
"WM Controls",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"c": "#8ec07c",
"w": 6.25
},
"Run",
{
"c": "#cccccc",
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

174
.readme/keyboard/system/keyboard-layout.json
View file

@ -1,174 +0,0 @@
[
[
{
"c": "#d79921"
},
"System controls",
{
"c": "#cccccc"
},
"!\n1",
"@\n2",
"#\n3",
"$\n4",
"%\n5",
"^\n6",
"&\n7",
"*\n8",
"(\n9",
")\n0",
"_\n-",
"+\n=",
{
"w": 2
},
"Backspace"
],
[
{
"w": 1.5
},
"Tab",
"Q",
{
"c": "#8ec07c"
},
"Bright- ness Up",
{
"c": "#cccccc"
},
"E",
{
"c": "#8ec07c"
},
"Live Config Reload",
{
"c": "#cccccc"
},
"T",
"Y",
"U",
"I",
"O",
{
"c": "#8ec07c"
},
"Toggle power-save",
{
"c": "#cccccc"
},
"{\n[",
"}\n]",
{
"w": 1.5
},
"|\n\\"
],
[
{
"w": 1.75
},
"Caps Lock",
"A",
{
"c": "#8ec07c"
},
"Bright-ness Down",
{
"c": "#cccccc"
},
"D",
"F",
{
"c": "#8ec07c"
},
"Toggle Gaming Mode",
{
"c": "#cccccc"
},
"H",
"J",
"K",
{
"c": "#8ec07c"
},
"Toggle charge limit",
{
"c": "#cccccc"
},
":\n;",
"\"\n'",
{
"w": 2.25
},
"Enter"
],
[
{
"w": 2.25
},
"Shift",
{
"c": "#8ec07c"
},
"Sus-pend",
"Power-off",
"Reboot",
"Toggle VPN",
{
"c": "#cccccc"
},
"B",
{
"c": "#8ec07c"
},
"Toggle DND",
"Toggle Monitor Power",
{
"c": "#cccccc"
},
"<\n,",
">\n.",
"?\n/",
{
"w": 2.75
},
"Shift"
],
[
{
"w": 1.25
},
"Ctrl",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Alt",
{
"a": 7,
"w": 6.25
},
"",
{
"a": 4,
"w": 1.25
},
"Alt",
{
"w": 1.25
},
"Win",
{
"w": 1.25
},
"Menu",
{
"w": 1.25
},
"Ctrl"
]
]

16
.treefmt.toml
View file

@ -1,16 +0,0 @@
# One CLI to format the code tree - https://git.numtide.com/numtide/treefmt
# [formatter.mylanguage]
# Formatter to run
# command = "command-to-run"
# Command-line arguments for the command
# options = []
# Glob pattern of files to include
# includes = [ "*.<language-extension>" ]
# Glob patterns of files to exclude
# excludes = []
[formatter.nixfmt-rfc-style]
command = "nixfmt"
options = [ "-s" ]
includes = [ "*.nix" ]

3
Makefile
View file

@ -30,9 +30,6 @@ fix-ulimit:
fix-unlock:
pkill nixos-rebuild || true
format:
treefmt --no-cache --on-unmatched=info
gc:
nix-collect-garbage -d
# nix-store --gc

68
Readme.md
View file

@ -1,4 +1,4 @@
# Dmitry 🌊 NixOS, Home Manager and Nix-on-Droid configurations.
# Dmitry 🌊 NixOS and Nix-on-Droid configurations.
## Please, support tabs in Nix!
@ -36,68 +36,4 @@ Newest first.
<a href="https://i.imgur.com/H943DFl.jpeg">Wallpaper link</a>
</details>
[My current wallpaper](config/Wallpaper.nix#L4)
Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/stylix).
## Discovering my configuration.
Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the [very basics of Nix language](https://nixos.org/guides/nix-pills/). Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
Please tell me if you find any undocumented parts.
## Configuration highlights.
* [Keyd](module/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
* NixOS Containers (nspawn). Containers are great. I LOVE containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! [Here](host/x86_64-linux/home/Container.nix) is how I add containers to the host, [here](container/default.nix) is the global configuration and [here](container) are all the containers.
* NixOnDroid can be used to set up your environment inside the Termux app on Android. It also gives you access to all the Nixpkgs binaries for Arm. Configuration can be found [here](home/Android.nix), but you also need to add the definition to the root `flake.nix (nixOnDroidConfigurations.default)`. [Here](https://github.com/nix-community/nix-on-droid) are the docs.
* [Stylix](config/Stylix.nix) can be used to change colors for the whole system based on current wallpaper. Example usages: [Sway](home/config/sway/module/Style.nix), [fuzzel](home/config/fuzzel/default.nix) and [Tmux](home/config/tmux/module/Status.nix).
* [Signed auto-updates](module/AutoUpdateSigned.nix). Updates are pulled every hour and require the last commit to be signed with my signature.
## Keyboard layouts.
Yellow are modifier keys, they enable layers when held. Green ones are just modified keys.
<details>
<summary>Default</summary>
<img src="https://i.imgur.com/MBb23eB.png" />
</details>
<details>
<summary>Alternative Keys</summary>
<img src="https://i.imgur.com/X9CGhLb.png" />
</details>
<details>
<summary>Sway keys</summary>
<img src="https://i.imgur.com/hiGZ86w.png" /><br>
</details>
<details>
<summary>Per-application controls</summary>
Firefox:<br>
<img src="https://i.imgur.com/GI0apoV.png" /><br>
Jetbrains:<br>
<img src="https://i.imgur.com/OFNlHnW.png" /><br>
Nautilus:<br>
<img src="https://i.imgur.com/9W1GmLn.png" /><br>
Tmux:<br>
<img src="https://i.imgur.com/GhmwyCO.png" />
</details>
<details>
<summary>Extra numbers</summary>
<img src="https://i.imgur.com/89ERKd9.png" />
</details>
<details>
<summary>Media Controls</summary>
<img src="https://i.imgur.com/HvdSdRP.png" />
</details>
<details>
<summary>System controls</summary>
<img src="https://i.imgur.com/rGC2HXf.png" />
</details>
[Link](http://www.keyboard-layout-editor.com) / [Source](https://github.com/ijprest/keyboard-layout-editor) of the tool I used to draw the images.
[My current wallpaper](module/Wallpaper.nix#L6)

68
config/Setting.nix
View file

@ -1,68 +0,0 @@
# Global settings.
# Just like I can configure each package, here I configure my config! :O)
{ lib, ... }:
{
options.setting = with lib; {
# Ollama settings.
# I use the best light model by default.
ollama = mkOption {
default = { };
type = types.submodule {
# freeformType = lib.jsonFormat.type;
options = {
primaryModel = mkOption {
default = "llama3";
type = types.str;
};
};
};
};
# Whether to use Dpi-aware setting in supported apps.
dpiAware = mkOption {
default = false;
type = types.bool;
};
# Keyboard options.
keyboard = mkOption {
default = { };
type = types.submodule {
options = {
layouts = mkOption {
default = "us,ru";
type = types.str;
};
options = mkOption {
default = "grp:toggle";
type = types.str;
};
};
};
};
# CPU configurations.
cpu = mkOption {
default = { };
type = types.submodule {
options = {
hwmon = mkOption {
default = { };
type = types.submodule {
options = {
path = mkOption {
default = "";
type = types.str;
};
file = mkOption {
default = "";
type = types.str;
};
};
};
};
};
};
};
};
}

123
config/Style.nix
View file

@ -1,123 +0,0 @@
{
lib,
config,
pkgs,
__findFile,
...
}:
with lib;
let
cfg = config.style;
mkTypeOption = default: type: mkOption { inherit default type; };
mkStrOption = default: mkTypeOption default types.str;
mkIntOption = default: mkTypeOption default types.int;
mkFloatOption = default: mkTypeOption default types.float;
mkPkgOption = default: mkTypeOption default types.package;
in
{
options.style = {
color = {
bg = {
dark = mkStrOption config.lib.stylix.colors.base00;
light = mkStrOption config.lib.stylix.colors.base07;
regular = mkStrOption config.lib.stylix.colors.base01;
};
fg = {
dark = mkStrOption config.lib.stylix.colors.base04;
light = mkStrOption config.lib.stylix.colors.base06;
regular = mkStrOption config.lib.stylix.colors.base05;
};
accent = mkStrOption config.lib.stylix.colors.base0A;
heading = mkStrOption config.lib.stylix.colors.base0D;
hl = mkStrOption config.lib.stylix.colors.base03;
keyword = mkStrOption config.lib.stylix.colors.base0E;
link = mkStrOption config.lib.stylix.colors.base09;
misc = mkStrOption config.lib.stylix.colors.base0F;
negative = mkStrOption config.lib.stylix.colors.base08;
neutral = mkStrOption config.lib.stylix.colors.base0C;
positive = mkStrOption config.lib.stylix.colors.base0B;
selection = mkStrOption config.lib.stylix.colors.base02;
transparent = mkStrOption "ffffff00";
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
border = mkStrOption config.lib.stylix.colors.base01;
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
};
font = {
size = {
application = mkIntOption 12;
terminal = mkIntOption 14;
popup = mkIntOption 12;
desktop = mkIntOption 14;
};
serif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
name = mkStrOption "SF Pro Display";
};
sansSerif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
name = mkStrOption "SF Pro Display";
};
monospace = {
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
name = mkStrOption "Terminess Nerd Font Mono";
};
emoji = {
package = mkPkgOption pkgs.noto-fonts-emoji;
name = mkStrOption "Noto Color Emoji";
};
};
opacity = {
application = mkFloatOption 0.85;
desktop = mkFloatOption 0.85;
popup = mkFloatOption 0.85;
terminal = mkFloatOption 0.85;
hex = mkStrOption "D9";
};
# cursor = {
# name = mkStrOption "Adwaita";
# package = mkPkgOption pkgs.adwaita-icon-theme;
# size = mkIntOption 14;
# };
cursor = {
name = mkStrOption "phinger-cursors-light";
package = mkPkgOption pkgs.phinger-cursors;
size = mkIntOption 24;
};
window = {
gap = mkIntOption 8;
border = mkIntOption 4;
};
};
}

42
config/Stylix.nix
View file

@ -1,42 +0,0 @@
{
pkgs,
config,
__findFile,
...
}:
{
stylix = {
enable = true;
image = config.module.wallpaper.path;
autoEnable = true;
polarity = "dark";
fonts = {
inherit (config.style.font)
serif
sansSerif
monospace
emoji
;
sizes = {
inherit (config.style.font.size) terminal desktop;
applications = config.style.font.size.application;
popups = config.style.font.size.popup;
};
};
opacity = {
inherit (config.style.opacity) desktop terminal;
applications = config.style.opacity.application;
popups = config.style.opacity.popups;
};
inherit (config.style) cursor;
override =
if config.module.wallpaper.forceContrastText then
{
base04 = "000000";
base05 = "ffffff";
base06 = "ffffff";
}
else
{ };
};
}

21
config/Wallpaper.nix
View file

@ -1,21 +0,0 @@
{ pkgs, lib, ... }:
with lib;
let
url = "https://i.imgur.com/yuZ2XSf.jpeg";
sha256 = "sha256-Z35D7gn28d2dtPHHVwzySOingy/d8CWKmK9LQjpyjEk=";
forceContrastText = false;
in
{
options = {
module.wallpaper = {
forceContrastText = mkOption {
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
type = types.bool;
};
path = mkOption {
default = pkgs.fetchurl { inherit url sha256; };
type = types.path;
};
};
};
}

99
container/Change.nix
View file

@ -1,57 +1,52 @@
{
container,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.change;
in
{
options = {
container.module.change = {
enable = mkEnableOption "Change detection service";
address = mkOption {
default = "10.1.0.41";
type = types.str;
};
port = mkOption {
default = 5000;
type = types.int;
};
domain = mkOption {
default = "change.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/change";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.change;
in {
options.container.module.change = {
enable = lib.mkEnableOption "the change detection service";
address = lib.mkOption {
default = "10.1.0.41";
type = lib.types.str;
};
port = lib.mkOption {
default = 5000;
type = lib.types.int;
};
domain = lib.mkOption {
default = "change.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/change";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.change = container.mkContainer cfg {
bindMounts = {
"/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.change = container.mkContainer cfg {
bindMounts = {
"/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.changedetection-io = {
enable = true;
baseURL = cfg.domain;
behindProxy = true;
listenAddress = cfg.address;
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.changedetection-io = {
enable = true;
baseURL = cfg.domain;
behindProxy = true;
listenAddress = cfg.address;
};
};
};
};
}

143
container/Chat.nix
View file

@ -1,81 +1,72 @@
{
container,
lib,
config,
pkgs,
...
}:
let
cfg = config.container.module.chat;
db = config.container.module.postgres;
in
{
options = {
container.module.chat = {
enable = lib.mkEnableOption "chat container.";
address = lib.mkOption {
default = "10.1.0.20";
type = lib.types.str;
};
port = lib.mkOption {
default = 8065;
type = lib.types.int;
};
domain = lib.mkOption {
default = "chat.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/chat";
type = lib.types.str;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.chat;
db = config.container.module.postgres;
in {
options.container.module.chat = {
enable = lib.mkEnableOption "the chat container.";
address = lib.mkOption {
default = "10.1.0.20";
type = lib.types.str;
};
port = lib.mkOption {
default = 8065;
type = lib.types.int;
};
domain = lib.mkOption {
default = "chat.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/chat";
type = lib.types.str;
};
};
# WIP: https://search.nixos.org/options?channel=24.05&from=0&size=50&sort=relevance&type=packages&query=mattermost
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
# WIP: https://search.nixos.org/options?channel=24.05&from=0&size=50&sort=relevance&type=packages&query=mattermost
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.chat = container.mkContainer cfg {
bindMounts = {
"/var/lib/mattermost" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.chat = container.mkContainer cfg {
bindMounts = {
"/var/lib/mattermost" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.mattermost = {
enable = true;
listenAddress = ":${toString cfg.port}";
localDatabaseCreate = false;
mutableConfig = false;
package = pkgs.mattermost;
siteName = "Chat";
siteUrl = "https://${cfg.domain}";
statePath = "/var/lib/mattermost";
plugins =
let
calls =
let
version = "1.2.0";
in
pkgs.fetchurl {
url = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz";
hash = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA=";
};
in
[ calls ];
extraConfig = {
SqlSettings = {
DataSource = "postgres://mattermost:any@${db.address}:${toString db.port}/mattermost?sslmode=disable&connect_timeout=10";
DriverName = "postgres";
};
};
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.mattermost = {
enable = true;
listenAddress = ":${toString cfg.port}";
localDatabaseCreate = false;
mutableConfig = false;
package = pkgs.mattermost;
siteName = "Chat";
siteUrl = "https://${cfg.domain}";
statePath = "/var/lib/mattermost";
plugins = [
(pkgs.fetchurl rec {
hash = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA=";
url = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz";
version = "1.2.0";
})
];
extraConfig = {
SqlSettings = {
DataSource = "postgres://mattermost:any@${db.address}:${toString db.port}/mattermost?sslmode=disable&connect_timeout=10";
DriverName = "postgres";
};
};
};
};
};
};
}

156
container/Cloud.nix
View file

@ -1,85 +1,81 @@
{
container,
pkgs,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.cloud;
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.cloud;
postgres = config.container.module.postgres;
proxy = config.container.module.proxy;
in {
options.container.module.cloud = {
enable = lib.mkEnableOption "the file cloud service.";
address = lib.mkOption {
default = "10.1.0.13";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "cloud.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/cloud";
type = lib.types.str;
};
};
postgres = config.container.module.postgres;
proxy = config.container.module.proxy;
in
{
options = {
container.module.cloud = {
enable = mkEnableOption "File cloud service";
address = mkOption {
default = "10.1.0.13";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "cloud.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/cloud";
type = types.str;
};
};
};
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
containers.cloud = container.mkContainer cfg {
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.cloud = container.mkContainer cfg {
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ config, ... }:
container.mkContainerConfig cfg {
services.nextcloud = {
enable = true;
# package = pkgs.nextcloud29;
hostName = cfg.domain;
# phpOptions = {
# memory_limit = lib.mkForce "20G";
# };
config = {
adminuser = "root";
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
dbhost = postgres.address;
dbname = "nextcloud";
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
dbtype = "pgsql";
dbuser = "nextcloud";
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice;
};
extraAppsEnable = true;
settings = {
trusted_domains = [
cfg.address
cfg.domain
];
trusted_proxies = [ proxy.address ];
allow_local_remote_servers = true;
};
};
};
};
};
config = { config, ... }: container.mkContainerConfig cfg {
services.nextcloud = {
enable = true;
hostName = cfg.domain;
# package = pkgs.nextcloud29;
# phpOptions = {
# memory_limit = lib.mkForce "20G";
# };
config = {
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
adminuser = "root";
dbhost = postgres.address;
dbname = "nextcloud";
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
dbtype = "pgsql";
dbuser = "nextcloud";
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts calendar onlyoffice;
};
extraAppsEnable = true;
settings = {
allow_local_remote_servers = true;
trusted_domains = [
cfg.address
cfg.domain
];
trusted_proxies = [
proxy.address
];
};
};
};
};
};
}

114
container/Ddns.nix
View file

@ -1,65 +1,59 @@
{
container,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.ddns;
in
{
options = {
container.module.ddns = {
enable = mkEnableOption "Dynamic dns client.";
address = mkOption {
default = "10.1.0.31";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/ddns";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.ddns;
in {
options.container.module.ddns = {
enable = lib.mkEnableOption "the dynamic dns client.";
address = lib.mkOption {
default = "10.1.0.31";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/ddns";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.ddns = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
containers.ddns = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = "/data/token";
deleteMissing = false;
ipv4 = true;
ipv6 = false;
proxied = false;
domains =
let
domain = config.container.domain;
in
[ domain ]
++ map (sub: "${sub}.${domain}") [
"cloud"
"git"
"mail"
"office"
"paste"
"play"
"vpn"
];
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = "/data/token";
deleteMissing = false;
ipv4 = true;
ipv6 = false;
proxied = false;
domains = let
domain = config.container.domain;
in [
domain
] ++ map (sub: "${sub}.${domain}") [
"cloud"
"git"
"mail"
"office"
"paste"
"play"
"vpn"
];
};
};
};
};
}

265
container/Dns.nix
View file

@ -1,144 +1,127 @@
{
container,
pkgs,
lib,
config,
...
}:
let
cfg = config.container.module.dns;
in
{
options = {
container.module.dns = {
enable = lib.mkEnableOption "the DNS server.";
address = lib.mkOption {
default = "10.1.0.6";
type = lib.types.str;
};
port = lib.mkOption {
default = 53;
type = lib.types.int;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.dns;
in {
options.container.module.dns = {
enable = lib.mkEnableOption "the DNS server.";
address = lib.mkOption {
default = "10.1.0.6";
type = lib.types.str;
};
port = lib.mkOption {
default = 53;
type = lib.types.int;
};
};
config = lib.mkIf cfg.enable {
containers.dns = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = [ pkgs.cloudflared ];
# systemd.services.cloudflared = {
# description = "Cloudflare DoH server.";
# enable = true;
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "simple";
# ExecStart = "${lib.getExe pkgs.cloudflared} proxy-dns --port 5054";
# };
# };
services.blocky = {
enable = true;
# REF: https://0xerr0r.github.io/blocky/main/configuration/
settings = {
bootstrapDns = "tcp+udp:1.1.1.1";
connectIPVersion = "v4";
upstreams.groups = {
default = [ "https://dns.quad9.net/dns-query" ];
};
caching = {
maxItemsCount = 100000;
maxTime = "30m";
minTime = "5m";
prefetchExpires = "2h";
prefetchMaxItemsCount = 100000;
prefetchThreshold = 5;
prefetching = true;
};
blocking = {
blockTTL = "1m";
blockType = "zeroIP";
loading = {
refreshPeriod = "24h";
strategy = "blocking";
downloads = {
timeout = "5m";
attempts = 3;
cooldown = "10s";
};
};
# SRC: https://oisd.nl
# SRC: https://v.firebog.net
denylists = {
suspicious = [
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts
"https://v.firebog.net/hosts/static/w3kbl.txt"
];
ads = [
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://v.firebog.net/hosts/Easylist.txt"
];
tracking = [
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
];
malicious = [
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://urlhaus.abuse.ch/downloads/hostfile/"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://v.firebog.net/hosts/Prigent-Malware.txt"
];
other = [
"https://big.oisd.nl/domainswild"
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
];
};
# allowlists = {
# other = [
# "/.*.vk.com/"
# ];
# };
clientGroupsBlock = {
default = [
"suspicious"
"ads"
"tracking"
"malicious"
"other"
];
};
};
customDNS = {
mapping =
let
block = host: { ${host} = "0.0.0.0"; };
in
{
# All subdomains to current host.
# ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1";
}
// block "gosuslugi.ru"
// block "rutube.ru"
// block "vk.com";
};
ports.dns = cfg.port;
# httpPort = "80";
};
};
};
};
};
config = lib.mkIf cfg.enable {
containers.dns = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.blocky = {
enable = true;
# REF: https://0xerr0r.github.io/blocky/main/configuration/
settings = {
bootstrapDns = "tcp+udp:1.1.1.1";
connectIPVersion = "v4";
ports.dns = cfg.port;
# httpPort = "80";
upstreams.groups = {
default = [
"https://dns.quad9.net/dns-query"
];
};
caching = {
maxItemsCount = 100000;
maxTime = "30m";
minTime = "5m";
prefetchExpires = "2h";
prefetchMaxItemsCount = 100000;
prefetchThreshold = 5;
prefetching = true;
};
blocking = {
blockTTL = "1m";
blockType = "zeroIP";
loading = {
refreshPeriod = "24h";
strategy = "blocking";
downloads = {
attempts = 3;
cooldown = "10s";
timeout = "5m";
};
};
# SRC: https://oisd.nl
# SRC: https://v.firebog.net
denylists = {
suspicious = [
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts
"https://v.firebog.net/hosts/static/w3kbl.txt"
];
ads = [
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://v.firebog.net/hosts/Easylist.txt"
];
tracking = [
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
];
malicious = [
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://urlhaus.abuse.ch/downloads/hostfile/"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://v.firebog.net/hosts/Prigent-Malware.txt"
];
other = [
"https://big.oisd.nl/domainswild"
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
];
};
# allowlists = {
# other = [
# "/.*.vk.com/"
# ];
# };
clientGroupsBlock = {
default = [
"ads"
"malicious"
"other"
"suspicious"
"tracking"
];
};
};
customDNS = {
mapping = let
block = host: { ${host} = "0.0.0.0"; };
in {
# All subdomains to current host.
# ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1";
}
// block "gosuslugi.ru"
// block "rutube.ru"
// block "vk.com"
;
};
};
};
};
};
};
}

121
container/Download.nix
View file

@ -1,68 +1,63 @@
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.download;
in
{
options = {
container.module.download = {
enable = mkEnableOption "Downloader.";
address = mkOption {
default = "10.1.0.12";
type = types.str;
};
port = mkOption {
default = 8112;
type = types.int;
};
domain = mkOption {
default = "download.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/download";
type = types.str;
};
memLimit = mkOption {
default = "4G";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.download;
in {
options.container.module.download = {
enable = lib.mkEnableOption "the bit-torrent downloader.";
address = lib.mkOption {
default = "10.1.0.12";
type = lib.types.str;
};
port = lib.mkOption {
default = 8112;
type = lib.types.int;
};
domain = lib.mkOption {
default = "download.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/download";
type = lib.types.str;
};
memLimit = lib.mkOption {
default = "4G";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.download = container.mkContainer cfg {
enableTun = true;
containers.download = container.mkContainer cfg {
enableTun = true;
bindMounts = {
"/var/lib/deluge/.config/deluge" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
}
// container.attachMedia "download" false
;
bindMounts = {
"/var/lib/deluge/.config/deluge" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
} // container.attachMedia "download" false;
config =
{ ... }:
container.mkContainerConfig cfg {
services.deluge = {
enable = true;
dataDir = "/var/lib/deluge";
web.enable = true;
};
systemd.services.deluged.serviceConfig = {
MemoryLimit = cfg.memLimit;
Restart = lib.mkForce "always";
RuntimeMaxSec = "6h";
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.deluge = {
enable = true;
dataDir = "/var/lib/deluge";
web.enable = true;
};
systemd.services.deluged.serviceConfig = {
MemoryLimit = cfg.memLimit;
Restart = lib.mkForce "always";
RuntimeMaxSec = "6h";
};
};
};
};
}

228
container/Frkn.nix
View file

@ -1,130 +1,122 @@
# TODO: Saved just in case for the dark future.
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
{
container,
pkgs,
lib,
config,
__findFile,
...
}:
with lib;
let
cfg = config.container.module.frkn;
in
{
options = {
container.module.frkn = {
enable = mkEnableOption "FRKN";
address = mkOption {
default = "10.1.0.69";
type = types.str;
};
port = mkOption {
default = 1080;
type = types.int;
};
torport = mkOption {
default = 9150;
type = types.int;
};
xrayport = mkOption {
default = 1081;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/frkn";
type = types.str;
};
};
};
__findFile,
config,
container,
lib,
pkgs,
util,
...
} @args: let
cfg = config.container.module.frkn;
in {
options.container.module.frkn = {
enable = lib.mkEnableOption "the Allmighty FRKN service.";
address = lib.mkOption {
default = "10.1.0.69";
type = lib.types.str;
};
port = lib.mkOption {
default = 1080;
type = lib.types.int;
};
torport = lib.mkOption {
default = 9150;
type = lib.types.int;
};
xrayport = lib.mkOption {
default = 1081;
type = lib.types.int;
};
storage = lib.mkOption {
default = "${config.container.storage}/frkn";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.frkn = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
containers.frkn = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
config = { ... }: container.mkContainerConfig cfg {
imports = [
(import <module/Zapret.nix> args)
];
imports = [ <module/Zapret.nix> ];
module.zapret = {
enable = true;
params = config.module.zapret.params;
};
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
services = {
microsocks = {
enable = true;
ip = cfg.address;
port = cfg.port;
disableLogging = true;
#authUsername
#outgoingBindIp
#authOnce
};
module.zapret = {
enable = true;
params = config.module.zapret.params;
};
tor = {
enable = true;
openFirewall = true;
settings =
let
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
in
{
# ExcludeExitNodes = exclude;
# ExcludeNodes = exclude;
#DNSPort = dnsport;
UseBridges = true;
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
Bridge = [
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
];
};
services = {
microsocks = {
enable = true;
disableLogging = true;
ip = cfg.address;
port = cfg.port;
};
client = {
enable = true;
#dns.enable = true;
socksListenAddress = {
IsolateDestAddr = true;
addr = cfg.address;
port = cfg.torport;
};
};
};
tor = {
enable = true;
openFirewall = true;
settings = let
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
in {
# ExcludeExitNodes = exclude;
# ExcludeNodes = exclude;
# DNSPort = dnsport;
UseBridges = true;
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
Bridge = [
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
];
};
xray = {
enable = true;
settingsFile = "/data/Client.json";
};
};
client = {
enable = true;
# dns.enable = true;
socksListenAddress = {
IsolateDestAddr = true;
addr = cfg.address;
port = cfg.torport;
};
};
};
systemd = {
services.tor.wantedBy = lib.mkForce [ ];
xray = {
enable = true;
settingsFile = "/data/Client.json";
};
};
timers.tor = {
timerConfig = {
OnBootSec = 5;
Unit = "tor.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
systemd = {
services.tor.wantedBy = lib.mkForce [ ];
timers.tor = {
timerConfig = {
OnBootSec = 5;
Unit = "tor.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
}

216
container/Git.nix
View file

@ -1,121 +1,111 @@
{
container,
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.container.module.git;
in
{
options = {
container.module.git = {
enable = mkEnableOption "Git server.";
address = mkOption {
default = "10.1.0.8";
type = types.str;
};
port = mkOption {
default = 3000;
type = types.int;
};
portSsh = mkOption {
default = 22144;
type = types.int;
};
domain = mkOption {
default = "git.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/git";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.git;
in {
options.container.module.git = {
enable = lib.mkEnableOption "the git server.";
address = lib.mkOption {
default = "10.1.0.8";
type = lib.types.str;
};
port = lib.mkOption {
default = 3000;
type = lib.types.int;
};
portSsh = lib.mkOption {
default = 22144;
type = lib.types.int;
};
domain = lib.mkOption {
default = "git.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/git";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.git = container.mkContainer cfg {
bindMounts = {
"/var/lib/forgejo" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.git = container.mkContainer cfg {
bindMounts = {
"/var/lib/forgejo" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ forgejo ];
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [
forgejo
];
services.forgejo = {
enable = true;
stateDir = "/var/lib/forgejo";
services.forgejo = {
enable = true;
stateDir = "/var/lib/forgejo";
database =
let
postgre = config.container.module.postgres;
in
{
type = "postgres";
host = postgre.address;
port = postgre.port;
user = "forgejo";
name = "forgejo";
createDatabase = false;
};
database = let
postgre = config.container.module.postgres;
in {
createDatabase = false;
host = postgre.address;
name = "forgejo";
port = postgre.port;
type = "postgres";
user = "forgejo";
};
settings =
let
gcArgs = "--aggressive --no-cruft --prune=now";
gcTimeout = 600;
in
{
"service".DISABLE_REGISTRATION = true;
"log".LEVEL = "Error";
"server" = {
DOMAIN = cfg.domain;
HTTP_ADDR = cfg.address;
ROOT_URL = "https://${cfg.domain}";
BUILTIN_SSH_SERVER_USER = "git";
DISABLE_SSH = false;
SSH_PORT = cfg.portSsh;
START_SSH_SERVER = true;
};
"ui" = {
AMBIGUOUS_UNICODE_DETECTION = false;
};
"repository" = {
DEFAULT_PRIVATE = "private";
DEFAULT_PUSH_CREATE_PRIVATE = true;
};
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
"repository.issue".MAX_PINNED = 99999;
"cron" = {
ENABLED = true;
RUN_AT_START = true;
};
"repo-archive".ENABLED = false;
"cron.update_mirrors".SCHEDULE = "@midnight";
"cron.cleanup_actions".ENABLED = true;
"cron.git_gc_repos" = {
ENABLED = true;
SCHEDULE = "@midnight";
TIMEOUT = gcTimeout;
ARGS = gcArgs;
};
"git" = {
GC_ARGS = gcArgs;
};
"git.timeout".GC = gcTimeout;
};
};
};
};
};
settings = let
gcArgs = "--aggressive --no-cruft --prune=now";
gcTimeout = 600;
in {
"cron.cleanup_actions".ENABLED = true;
"cron.update_mirrors".SCHEDULE = "@midnight";
"git".GC_ARGS = gcArgs;
"git.timeout".GC = gcTimeout;
"log".LEVEL = "Error";
"repo-archive".ENABLED = false;
"repository.issue".MAX_PINNED = 99999;
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
"service".DISABLE_REGISTRATION = true;
"server" = {
DOMAIN = cfg.domain;
HTTP_ADDR = cfg.address;
ROOT_URL = "https://${cfg.domain}";
BUILTIN_SSH_SERVER_USER = "git";
DISABLE_SSH = false;
SSH_PORT = cfg.portSsh;
START_SSH_SERVER = true;
};
"ui" = {
AMBIGUOUS_UNICODE_DETECTION = false;
};
"repository" = {
DEFAULT_PRIVATE = "private";
DEFAULT_PUSH_CREATE_PRIVATE = true;
};
"cron" = {
ENABLED = true;
RUN_AT_START = true;
};
"cron.git_gc_repos" = {
ENABLED = true;
ARGS = gcArgs;
SCHEDULE = "@midnight";
TIMEOUT = gcTimeout;
};
};
};
};
};
};
}

79
container/Hdd.nix
View file

@ -1,79 +0,0 @@
# ISSUE: Broken, can't read/write sda device.
{
container,
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.container.module.hdd;
in
{
options = {
container.module.hdd = {
enable = mkEnableOption "Hdd health monitor.";
address = mkOption {
default = "10.1.0.10";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "hdd.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/hdd";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
containers.hdd = container.mkContainer cfg {
# bindMounts = let
# attachDrive = hostPath: {
# inherit hostPath;
# isReadOnly = false;
# };
# in {
# "/opt/scrutiny" = {
# hostPath = "${cfg.storage}/data";
# isReadOnly = false;
# };
# "/dev/sda" = attachDrive "/dev/sda";
# };
# allowedDevices = [
# {
# modifier = "rwm";
# node = "/dev/sda";
# }
# ];
# additionalCapabilities = [ "CAP_SYS_ADMIN" ];
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ smartmontools ];
services.scrutiny = {
enable = true;
settings.web = {
listen = {
host = cfg.address;
port = cfg.port;
};
};
};
};
};
};
}

104
container/Home.nix
View file

@ -1,58 +1,54 @@
{
container,
pkgs,
util,
lib,
config,
__findFile,
...
}@args:
with lib;
let
cfg = config.container.module.home;
package = (pkgs.callPackage <package/homer> args);
in
{
options = {
container.module.home = {
enable = mkEnableOption "Dashboard.";
address = mkOption {
default = "10.1.0.18";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "home.${config.container.domain}";
type = types.str;
};
};
};
__findFile,
config,
container,
lib,
pkgs,
util,
...
} @args: let
cfg = config.container.module.home;
package = (pkgs.callPackage <package/homer> args);
in {
options.container.module.home = {
enable = lib.mkEnableOption "the dashboard.";
address = lib.mkOption {
default = "10.1.0.18";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "home.${config.container.domain}";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
containers.home = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = [ package ];
systemd.packages = [ package ];
config = lib.mkIf cfg.enable {
containers.home = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = [
package
];
systemd.packages = [
package
];
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = ''
try_files $uri $uri/index.html;
'';
};
};
};
};
};
};
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = util.trimTabs ''
try_files $uri $uri/index.html;
'';
};
};
};
};
};
};
}

226
container/Iot.nix
View file

@ -1,123 +1,119 @@
{
container,
lib,
config,
pkgsStable,
...
}:
with lib;
let
cfg = config.container.module.iot;
in
{
options = {
container.module.iot = {
enable = mkEnableOption "IoT service.";
address = mkOption {
default = "10.1.0.27";
type = types.str;
};
port = mkOption {
default = 8123;
type = types.int;
};
domain = mkOption {
default = "iot.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/iot";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.iot;
in {
options.container.module.iot = {
enable = lib.mkEnableOption "IoT service.";
address = lib.mkOption {
default = "10.1.0.27";
type = lib.types.str;
};
port = lib.mkOption {
default = 8123;
type = lib.types.int;
};
domain = lib.mkOption {
default = "iot.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/iot";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.iot = container.mkContainer cfg {
bindMounts = {
"/var/lib/hass" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/dev/ttyACM0" = {
hostPath = "/dev/ttyACM0";
isReadOnly = false;
};
"/dev/serial/by-id" = {
hostPath = "/dev/serial/by-id";
isReadOnly = false;
};
} // container.attachMedia "photo" true;
containers.iot = container.mkContainer cfg {
bindMounts = {
"/var/lib/hass" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/dev/ttyACM0" = {
hostPath = "/dev/ttyACM0";
isReadOnly = false;
};
"/dev/serial/by-id" = {
hostPath = "/dev/serial/by-id";
isReadOnly = false;
};
}
// container.attachMedia "photo" true
;
allowedDevices = [
{
modifier = "rwm";
node = "/dev/ttyACM0";
}
];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/ttyACM0";
}
];
config =
{ ... }:
container.mkContainerConfig cfg {
# Allow Hass to talk to Zigbee dongle.
users.users.hass.extraGroups = [
"dialout"
"tty"
];
config = { ... }: container.mkContainerConfig cfg {
# Allow Hass to talk to Zigbee dongle.
users.users.hass.extraGroups = [
"dialout"
"tty"
];
services.home-assistant = {
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
enable = true;
extraComponents = [
"caldav"
"met"
"sun"
"systemmonitor"
"zha"
];
extraPackages =
python3Packages: with python3Packages; [
aiodhcpwatcher
aiodiscover
aiogithubapi
arrow
async-upnp-client
av
gtts
ha-ffmpeg
hassil
home-assistant-intents
mutagen
numpy
pymicro-vad
pynacl
python-telegram-bot
pyturbojpeg
pyspeex-noise
zeroconf
];
configDir = "/var/lib/hass";
# lovelaceConfig = {
# title = "Home IoT control center.";
# };
# NOTE: Using imperative config because of secrets.
config = null;
};
services.home-assistant = {
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
enable = true;
# NOTE: Using imperative config because of secrets.
config = null;
configDir = "/var/lib/hass";
extraComponents = [
"caldav"
"met"
"sun"
"systemmonitor"
"zha"
];
extraPackages =
python3Packages: with python3Packages; [
aiodhcpwatcher
aiodiscover
aiogithubapi
arrow
async-upnp-client
av
gtts
ha-ffmpeg
hassil
home-assistant-intents
mutagen
numpy
pymicro-vad
pynacl
pyspeex-noise
python-telegram-bot
pyturbojpeg
zeroconf
];
# lovelaceConfig = {
# title = "Home IoT control center.";
# };
};
# HACK: Delay so that nextcloud calendar can reply on reboot.
systemd = {
services."home-assistant".wantedBy = mkForce [ ];
timers.fixsystemd = {
timerConfig = {
OnBootSec = 15;
Unit = "home-assistant.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
# HACK: Delay so that nextcloud calendar can reply on reboot.
systemd = {
services."home-assistant".wantedBy = lib.mkForce [ ];
timers.fixsystemd = {
timerConfig = {
OnBootSec = 60;
Unit = "home-assistant.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
}

144
container/Jobber.nix
View file

@ -1,79 +1,79 @@
{
container,
pkgsJobber,
poetry2nixJobber,
lib,
config,
__findFile,
...
}:
with lib;
let
cfg = config.container.module.jobber;
script = import <package/jobber> {
poetry2nix = poetry2nixJobber;
pkgs = pkgsJobber;
};
in
{
options = {
container.module.jobber = {
enable = mkEnableOption "Button pusher Stanley.";
address = mkOption {
default = "10.1.0.32";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/jobber";
type = types.str;
};
};
};
__findFile,
config,
container,
lib,
pkgsJobber,
poetry2nixJobber,
...
}: let
cfg = config.container.module.jobber;
script = import <package/jobber> {
pkgs = pkgsJobber;
poetry2nix = poetry2nixJobber;
};
in {
options.container.module.jobber = {
enable = lib.mkEnableOption "Stanley - the button pusher.";
address = lib.mkOption {
default = "10.1.0.32";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/jobber";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.jobber = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
containers.jobber = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
enableTun = true;
enableTun = true;
config =
{ lib, ... }:
let
packages =
[ script ]
++ (with pkgsJobber; [
firefox
geckodriver
openvpn
python311
]);
in
container.mkContainerConfig cfg {
networking = lib.mkForce { nameservers = [ "10.30.218.2" ]; };
config = { ... }: let
packages = [
script
] ++ (with pkgsJobber; [
firefox
geckodriver
openvpn
python311
]);
in container.mkContainerConfig cfg {
networking = lib.mkForce {
nameservers = [
"10.30.218.2"
];
};
systemd.services.jobber = {
description = "My job is pushing the button.";
enable = true;
wantedBy = [ "multi-user.target" ];
path = packages;
environment = {
PYTHONUNBUFFERED = "1";
PYTHONDONTWRITEBYTECODE = "1";
};
serviceConfig = {
Type = "simple";
ExecStart = "${script}/bin/jobber -u";
Restart = "on-failure";
};
};
};
};
};
systemd.services.jobber = {
description = "My job is pushing the button.";
enable = true;
path = packages;
wantedBy = [
"multi-user.target"
];
environment = {
PYTHONDONTWRITEBYTECODE = "1";
PYTHONUNBUFFERED = "1";
};
serviceConfig = {
ExecStart = "${script}/bin/jobber -u";
Restart = "on-failure";
Type = "simple";
};
};
};
};
};
}

430
container/Mail.nix
View file

@ -1,244 +1,224 @@
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
{
container,
pkgs,
util,
const,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.mail;
domain = config.container.domain;
in
{
options = {
container.module.mail = {
enable = mkEnableOption "Email server.";
address = mkOption {
default = "10.1.0.5";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "mail.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/mail";
type = types.str;
};
};
};
config,
const,
container,
lib,
pkgs,
util,
...
}: let
cfg = config.container.module.mail;
domain = config.container.domain;
in {
options.container.module.mail = {
enable = lib.mkEnableOption "the email server.";
address = lib.mkOption {
default = "10.1.0.5";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "mail.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/mail";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
# "data/indices"
# "data/vmail"
# "data/sieve"
# "data/dkim"
];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.mail = container.mkContainer cfg {
bindMounts = {
"/var/lib/dovecot/indices" = {
hostPath = "${cfg.storage}/data/indices";
isReadOnly = false;
};
"/var/vmail" = {
hostPath = "${cfg.storage}/data/vmail";
isReadOnly = false;
};
"/var/sieve" = {
hostPath = "${cfg.storage}/data/sieve";
isReadOnly = false;
};
"/var/dkim" = {
hostPath = "${cfg.storage}/data/dkim";
isReadOnly = false;
};
"/acme" = {
hostPath = "${config.container.module.proxy.storage}/letsencrypt";
isReadOnly = true;
};
};
containers.mail = container.mkContainer cfg {
bindMounts = {
"/var/lib/dovecot/indices" = {
hostPath = "${cfg.storage}/data/indices";
isReadOnly = false;
};
"/var/vmail" = {
hostPath = "${cfg.storage}/data/vmail";
isReadOnly = false;
};
"/var/sieve" = {
hostPath = "${cfg.storage}/data/sieve";
isReadOnly = false;
};
"/var/dkim" = {
hostPath = "${cfg.storage}/data/dkim";
isReadOnly = false;
};
"/acme" = {
hostPath = "${config.container.module.proxy.storage}/letsencrypt";
isReadOnly = true;
};
};
config =
{ config, ... }:
container.mkContainerConfig cfg {
imports = [
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
})
];
config = { config, ... }: container.mkContainerConfig cfg {
imports = [
(builtins.fetchTarball {
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
})
];
mailserver = {
enable = true;
domains = [ domain ];
fqdn = cfg.domain;
sendingFqdn = domain;
mailserver = {
enable = true;
domains = [ domain ];
fqdn = cfg.domain;
sendingFqdn = domain;
# Use `mkpasswd -sm bcrypt`.
loginAccounts =
let
defaultQuota = "1G";
in
{
"admin@${domain}" = {
name = "admin";
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
quota = defaultQuota;
};
"account@${domain}" = {
name = "account";
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
quota = defaultQuota;
};
"hi@${domain}" = {
name = "hi";
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
quota = defaultQuota;
aliases = [ "voronind@${domain}" ];
};
"job@${domain}" = {
name = "job";
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
quota = defaultQuota;
};
"trash@${domain}" = {
name = "trash";
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
catchAll = [ domain ];
quota = defaultQuota;
};
"noreply@${domain}" = {
name = "noreply";
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
sendOnly = true;
quota = defaultQuota;
};
};
# Use `mkpasswd -sm bcrypt`.
loginAccounts = let
defaultQuota = "1G";
in {
"admin@${domain}" = {
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
name = "admin";
quota = defaultQuota;
};
"account@${domain}" = {
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
name = "account";
quota = defaultQuota;
};
"hi@${domain}" = {
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
name = "hi";
quota = defaultQuota;
aliases = [
"voronind@${domain}"
];
};
"job@${domain}" = {
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
name = "job";
quota = defaultQuota;
};
"trash@${domain}" = {
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
name = "trash";
quota = defaultQuota;
catchAll = [
domain
];
};
"noreply@${domain}" = {
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
name = "noreply";
quota = defaultQuota;
sendOnly = true;
};
};
enableImap = true;
enableImapSsl = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableImap = true;
enableImapSsl = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableManageSieve = true;
virusScanning = false;
enableManageSieve = true;
virusScanning = false;
certificateScheme = "manual";
keyFile = "/acme/live/${domain}/privkey.pem";
certificateFile = "/acme/live/${domain}/cert.pem";
certificateFile = "/acme/live/${domain}/cert.pem";
certificateScheme = "manual";
keyFile = "/acme/live/${domain}/privkey.pem";
indexDir = "/var/lib/dovecot/indices";
mailDirectory = "/var/vmail";
sieveDirectory = "/var/sieve";
dkimKeyDirectory = "/var/dkim";
dkimKeyDirectory = "/var/dkim";
indexDir = "/var/lib/dovecot/indices";
mailDirectory = "/var/vmail";
sieveDirectory = "/var/sieve";
mailboxes = {
All = {
auto = "subscribe";
specialUse = "All";
};
Archive = {
auto = "subscribe";
specialUse = "Archive";
};
Drafts = {
auto = "subscribe";
specialUse = "Drafts";
};
Junk = {
auto = "subscribe";
specialUse = "Junk";
# autoexpunge = "3d";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
Trash = {
auto = "subscribe";
specialUse = "Trash";
# autoexpunge = "30d";
};
};
mailboxes = let
mkSpecialBox = specialUse: {
${specialUse} = {
inherit specialUse;
auto = "subscribe";
};
};
in builtins.foldl' (acc: box: acc // (mkSpecialBox box)) {} [
"All"
"Archive"
"Drafts"
"Junk"
"Sent"
"Trash"
];
dmarcReporting = {
inherit domain;
enable = true;
organizationName = "voronind";
# email = "noreply@${domain}";
};
dmarcReporting = {
inherit domain;
enable = true;
organizationName = "voronind";
# email = "noreply@${domain}";
};
# monitoring = {
# enable = true;
# alertAddress = "admin@${domain}";
# };
};
# monitoring = {
# enable = true;
# alertAddress = "admin@${domain}";
# };
};
services = {
roundcube = {
enable = true;
dicts = with pkgs.aspellDicts; [
en
ru
];
hostName = cfg.domain;
plugins = [ "managesieve" ];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
# $config['smtp_server'] = "tls://localhost";
$config['smtp_server'] = "localhost:25";
$config['smtp_auth_type'] = null;
$config['smtp_user'] = "";
$config['smtp_pass'] = "";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
'';
};
services = {
roundcube = {
enable = true;
hostName = cfg.domain;
dicts = with pkgs.aspellDicts; [
en
ru
];
plugins = [
"managesieve"
];
extraConfig = util.trimTabs ''
$config['smtp_server'] = "localhost:25";
$config['smtp_auth_type'] = null;
$config['smtp_user'] = "";
$config['smtp_pass'] = "";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
'';
};
nginx = {
virtualHosts.${cfg.domain} = {
forceSSL = false;
enableACME = false;
};
};
};
nginx.virtualHosts.${cfg.domain} = {
enableACME = false;
forceSSL = false;
};
};
systemd = {
services.autoexpunge = {
description = "Delete old mail";
serviceConfig.Type = "oneshot";
path = [ pkgs.dovecot ];
script = ''
doveadm expunge -A mailbox Junk SENTBEFORE 7d
doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A
'';
};
systemd = {
services.autoexpunge = {
description = "Delete old mail";
serviceConfig = {
Type = "oneshot";
};
path = [
pkgs.dovecot
];
script = util.trimTabs ''
doveadm expunge -A mailbox Junk SENTBEFORE 7d
doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A
'';
};
timers.autoexpunge = {
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "autoexpunge.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
timers.autoexpunge = {
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "autoexpunge.service";
};
wantedBy = [
"timers.target"
];
};
};
};
};
};
}

177
container/Office.nix
View file

@ -3,104 +3,99 @@
# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
# See https://git.voronind.com/voronind/nixos/issues/74
{
container,
pkgs,
util,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.office;
in
{
options = {
container.module.office = {
enable = mkEnableOption "Office web suite.";
address = mkOption {
default = "10.1.0.21";
type = types.str;
};
port = mkOption {
default = 8000;
type = types.int;
};
domain = mkOption {
default = "office.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/office";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
util,
...
}: let
cfg = config.container.module.office;
in {
options.container.module.office = {
enable = lib.mkEnableOption "the office web suite.";
address = lib.mkOption {
default = "10.1.0.21";
type = lib.types.str;
};
port = lib.mkOption {
default = 8000;
type = lib.types.int;
};
domain = lib.mkOption {
default = "office.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/office";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.office = container.mkContainer cfg {
bindMounts = {
"/var/lib/onlyoffice" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.office = container.mkContainer cfg {
bindMounts = {
"/var/lib/onlyoffice" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config =
{ pkgs, ... }:
container.mkContainerConfig cfg {
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.office = {
autoStart = true;
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
# ports = [ "${toString cfg.port}:8000" ];
extraOptions = [
"--network=host"
"--privileged"
];
environment = {
JWT_ENABLED = "true";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
DB_HOST = config.container.module.postgres.address;
DB_PORT = toString config.container.module.postgres.port;
DB_NAME = "onlyoffice";
DB_USER = "onlyoffice";
DB_PWD = "onlyoffice";
};
};
};
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config = { pkgs, ... }: container.mkContainerConfig cfg {
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.office = {
autoStart = true;
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
# ports = [ "${toString cfg.port}:8000" ];
extraOptions = [
"--network=host"
"--privileged"
];
environment = {
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
DB_HOST = config.container.module.postgres.address;
DB_NAME = "onlyoffice";
DB_PORT = toString config.container.module.postgres.port;
DB_PWD = "onlyoffice";
DB_USER = "onlyoffice";
JWT_ENABLED = "true";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
};
};
};
# config = { pkgs, ... }: container.mkContainerConfig cfg {
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# nixpkgs.overlays = [ (final: prev: {
# corefonts = prev.corefonts.overrideAttrs (old: {
# meta.license = mkForce licenses.mit;
# });
# })];
# config = { pkgs, ... }: container.mkContainerConfig cfg {
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# nixpkgs.overlays = [ (final: prev: {
# corefonts = prev.corefonts.overrideAttrs (old: {
# meta.license = mkForce licenses.mit;
# });
# })];
# services.onlyoffice = let
# dbName = "onlyoffice";
# in {
# enable = true;
# hostname = cfg.domain;
# services.onlyoffice = let
# dbName = "onlyoffice";
# in {
# enable = true;
# hostname = cfg.domain;
# postgresName = dbName;
# postgresHost = config.container.module.postgres.address;
# postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# postgresName = dbName;
# postgresHost = config.container.module.postgres.address;
# postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# examplePort = cfg.port;
# enableExampleServer = true;
# };
# };
};
};
# examplePort = cfg.port;
# enableExampleServer = true;
# };
# };
};
};
}

193
container/Paper.nix
View file

@ -1,106 +1,99 @@
{
container,
pkgs,
pkgsStable,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.paper;
in
{
options = {
container.module.paper = {
enable = mkEnableOption "Paper scans manager.";
address = mkOption {
default = "10.1.0.40";
type = types.str;
};
port = mkOption {
default = 28981;
type = types.int;
};
domain = mkOption {
default = "paper.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paper";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.paper;
in {
options.container.module.paper = {
enable = lib.mkEnableOption "the paper scans manager.";
address = lib.mkOption {
default = "10.1.0.40";
type = lib.types.str;
};
port = lib.mkOption {
default = 28981;
type = lib.types.int;
};
domain = lib.mkOption {
default = "paper.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/paper";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.paper = container.mkContainer cfg {
bindMounts = {
"/var/lib/paperless" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/lib/paperless/media" = {
hostPath = "${elemAt config.container.media.paper 0}";
isReadOnly = false;
};
};
containers.paper = container.mkContainer cfg {
bindMounts = {
"/var/lib/paperless" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/lib/paperless/media" = {
hostPath = "${lib.elemAt config.container.media.paper 0}";
isReadOnly = false;
};
};
config =
{ lib, ... }:
container.mkContainerConfig cfg {
services.paperless = {
enable = true;
dataDir = "/var/lib/paperless";
# address = cfg.domain;
address = "0.0.0.0";
port = cfg.port;
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596
# package = pkgsStable.paperless-ngx;
passwordFile = pkgs.writeText "PaperlessPassword" "root";
settings = {
PAPERLESS_URL = "https://${cfg.domain}";
PAPERLESS_ADMIN_USER = "root";
PAPERLESS_DBHOST = config.container.module.postgres.address;
PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBPASS = "paperless";
PAPERLESS_DBPORT = config.container.module.postgres.port;
PAPERLESS_DBUSER = "paperless";
PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
};
};
config = { ... }: container.mkContainerConfig cfg {
services.paperless = {
enable = true;
address = "0.0.0.0";
dataDir = "/var/lib/paperless";
port = cfg.port;
passwordFile = pkgs.writeText "PaperlessPassword" "root"; # NOTE: Only for initial setup, change later.
settings = {
PAPERLESS_ADMIN_USER = "root";
PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBHOST = config.container.module.postgres.address;
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBPASS = "paperless";
PAPERLESS_DBPORT = config.container.module.postgres.port;
PAPERLESS_DBUSER = "paperless";
PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
PAPERLESS_URL = "https://${cfg.domain}";
};
};
# HACK: This is required for TCP postgres connection.
systemd = {
services = {
paperless-scheduler = {
serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [ ];
};
paperless-consumer = {
serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [ ];
};
paperless-web = {
wantedBy = mkForce [ ];
};
paperless-task-queue = {
wantedBy = mkForce [ ];
};
};
timers.fixsystemd = {
timerConfig = {
OnBootSec = 5;
Unit = "paperless-web.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
# HACK: This is required for TCP postgres connection.
systemd = {
services = {
paperless-scheduler = {
serviceConfig.PrivateNetwork = lib.mkForce false;
wantedBy = lib.mkForce [ ];
};
paperless-consumer = {
serviceConfig.PrivateNetwork = lib.mkForce false;
wantedBy = lib.mkForce [ ];
};
paperless-web = {
wantedBy = lib.mkForce [ ];
};
paperless-task-queue = {
wantedBy = lib.mkForce [ ];
};
};
timers.fixsystemd = {
timerConfig = {
OnBootSec = 5;
Unit = "paperless-web.service";
};
wantedBy = [
"timers.target"
];
};
};
};
};
};
}

114
container/Pass.nix
View file

@ -1,65 +1,59 @@
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.pass;
in
{
options = {
container.module.pass = {
enable = mkEnableOption "Password manager";
address = mkOption {
default = "10.1.0.9";
type = types.str;
};
port = mkOption {
default = 8000;
type = types.int;
};
domain = mkOption {
default = "pass.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/pass";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.pass;
in {
options.container.module.pass = {
enable = lib.mkEnableOption "the password manager.";
address = lib.mkOption {
default = "10.1.0.9";
type = lib.types.str;
};
port = lib.mkOption {
default = 8000;
type = lib.types.int;
};
domain = lib.mkOption {
default = "pass.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/pass";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.pass = container.mkContainer cfg {
bindMounts = {
"/var/lib/bitwarden_rs" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.pass = container.mkContainer cfg {
bindMounts = {
"/var/lib/bitwarden_rs" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
environmentFile = "/var/lib/bitwarden_rs/Env";
config = {
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden";
DATA_FOLDER = "/var/lib/bitwarden_rs";
DOMAIN = "http://${cfg.domain}";
SIGNUPS_ALLOWED = false;
WEB_VAULT_ENABLED = true;
ROCKET_ADDRESS = cfg.address;
ROCKET_PORT = cfg.port;
};
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
environmentFile = "/var/lib/bitwarden_rs/Env";
config = {
DATA_FOLDER = "/var/lib/bitwarden_rs";
DOMAIN = "http://${cfg.domain}";
ROCKET_ADDRESS = cfg.address;
ROCKET_PORT = cfg.port;
SIGNUPS_ALLOWED = false;
WEB_VAULT_ENABLED = true;
};
};
};
};
};
}

250
container/Paste.nix
View file

@ -1,138 +1,134 @@
{
pkgs,
container,
lib,
config,
__findFile,
...
}@args:
with lib;
let
cfg = config.container.module.paste;
package = (pkgs.callPackage <package/privatebin> args);
in
{
options = {
container.module.paste = {
enable = mkEnableOption "Pastebin.";
address = mkOption {
default = "10.1.0.14";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "paste.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paste";
type = types.str;
};
};
};
__findFile,
config,
container,
lib,
pkgs,
util,
...
} @args: let
cfg = config.container.module.paste;
package = (pkgs.callPackage <package/privatebin> args);
in {
options.container.module.paste = {
enable = lib.mkEnableOption "the text share platform.";
address = lib.mkOption {
default = "10.1.0.14";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "paste.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/paste";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"tmp"
"nginxtmp"
"config"
];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"config"
"data"
"nginxtmp"
"tmp"
];
containers.paste = container.mkContainer cfg {
bindMounts = {
"/srv/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/tmp" = {
hostPath = "${cfg.storage}/tmp";
isReadOnly = false;
};
"/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false;
};
"/srv/config" = {
hostPath = "${cfg.storage}/config";
isReadOnly = false;
};
};
containers.paste = container.mkContainer cfg {
bindMounts = {
"/srv/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/tmp" = {
hostPath = "${cfg.storage}/tmp";
isReadOnly = false;
};
"/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false;
};
"/srv/config" = {
hostPath = "${cfg.storage}/config";
isReadOnly = false;
};
};
config =
{ config, ... }:
container.mkContainerConfig cfg {
environment.systemPackages = [ package ];
systemd.packages = [ package ];
config = { config, ... }: container.mkContainerConfig cfg {
environment.systemPackages = [
package
];
systemd.packages = [
package
];
users.users.paste = {
group = "nginx";
isSystemUser = true;
};
users.users.paste = {
group = "nginx";
isSystemUser = true;
};
services.phpfpm.pools.paste = {
user = "paste";
group = "nginx";
services = {
phpfpm.pools.paste = {
group = "nginx";
user = "paste";
phpPackage = pkgs.php;
settings = {
"catch_workers_output" = true;
"listen.owner" = "nginx";
"php_admin_flag[log_errors]" = true;
"php_admin_value[error_log]" = "stderr";
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
phpEnv = {
# CONFIG_PATH = "${package}/cfg"; # NOTE: Not working?
};
};
phpPackage = pkgs.php;
nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = util.trimTabs ''
rewrite ^ /index.php;
'';
settings = {
"pm" = "dynamic";
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"listen.owner" = "nginx";
"catch_workers_output" = true;
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
"~ \\.php$".extraConfig = util.trimTabs ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
phpEnv = {
# CONFIG_PATH = "${package}/cfg";
};
};
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
add_header Cache-Control "public, max-age=15778463";
add_header Referrer-Policy no-referrer;
add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag none;
add_header X-XSS-Protection "1; mode=block";
access_log off;
'';
};
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = ''
rewrite ^ /index.php;
'';
"~ \\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = ''
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
'';
};
extraConfig = ''
try_files $uri /index.php;
'';
};
};
};
};
};
extraConfig = util.trimTabs ''
try_files $uri /index.php;
'';
};
};
};
};
};
};
}

177
container/Postgres.nix
View file

@ -1,104 +1,95 @@
{
container,
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.container.module.postgres;
in
{
options = {
container.module.postgres = {
enable = mkEnableOption "Postgresql server.";
address = mkOption {
default = "10.1.0.3";
type = types.str;
};
port = mkOption {
default = 5432;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/postgres";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.postgres;
in {
options.container.module.postgres = {
enable = lib.mkEnableOption "the PostgreSQL server.";
address = lib.mkOption {
default = "10.1.0.3";
type = lib.types.str;
};
port = lib.mkOption {
default = 5432;
type = lib.types.int;
};
storage = lib.mkOption {
default = "${config.container.storage}/postgres";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.postgres = container.mkContainer cfg {
bindMounts = {
"/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.postgres = container.mkContainer cfg {
bindMounts = {
"/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.postgresql =
let
# Populate with services here.
configurations = with config.container.module; {
forgejo = git;
invidious = yt;
mattermost = chat;
nextcloud = cloud;
onlyoffice = office;
paperless = paper;
privatebin = paste;
};
config = { ... }: container.mkContainerConfig cfg {
services.postgresql = let
# Populate with services here.
configurations = with config.container.module; {
forgejo = git;
invidious = yt;
mattermost = chat;
nextcloud = cloud;
onlyoffice = office;
paperless = paper;
privatebin = paste;
};
access = configurations // {
all = {
address = config.container.host;
};
};
access = configurations // {
all.address = config.container.host;
};
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
);
authentication = let
rules = lib.mapAttrsToList (db: cfg:
"host ${db} ${db} ${cfg.address}/32 trust"
) access;
in builtins.foldl' (acc: item: acc + "${item}\n") "" rules;
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;
ensureDatabases = [
"root"
] ++ lib.mapAttrsToList (name: _: name) configurations;
ensureUsers = map (name: {
inherit name;
ensureClauses =
if name == "root" then
{
superuser = true;
createrole = true;
createdb = true;
}
else
{ };
ensureDBOwnership = true;
}) ensureDatabases;
in
{
inherit authentication ensureDatabases ensureUsers;
ensureUsers = map (name: {
inherit name;
ensureDBOwnership = true;
ensureClauses = if name == "root" then {
createdb = true;
createrole = true;
superuser = true;
} else { };
}) ensureDatabases;
in {
inherit authentication ensureDatabases ensureUsers;
enable = true;
package = pkgs.postgresql_14;
dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true;
enable = true;
dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true;
package = pkgs.postgresql_14;
# NOTE: Debug mode.
# settings = {
# log_connections = true;
# log_destination = lib.mkForce "syslog";
# log_disconnections = true;
# log_statement = "all";
# logging_collector = true;
# };
};
};
};
};
# NOTE: Debug mode.
# settings = {
# log_connections = true;
# log_destination = lib.mkForce "syslog";
# log_disconnections = true;
# log_statement = "all";
# logging_collector = true;
# };
};
};
};
};
}

132
container/Print.nix
View file

@ -1,78 +1,72 @@
# NOTE: Login to contaier, run passwd and use that root/pw combo for administration. `AllowFrom = all` doesn't seem to work.
# ipp://192.168.2.237
# Pantum M6500W-Series
{
container,
pkgs,
lib,
config,
__findFile,
...
}@args:
with lib;
let
cfg = config.container.module.print;
package = pkgs.callPackage <package/print> args;
host = config.container.host;
in
{
options = {
container.module.print = {
enable = mkEnableOption "Printing server.";
address = mkOption {
default = "10.1.0.46";
type = types.str;
};
port = mkOption {
default = 631;
type = types.int;
};
domain = mkOption {
default = "print.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/print";
type = types.str;
};
};
};
__findFile,
config,
container,
lib,
pkgs,
...
} @args: let
cfg = config.container.module.print;
host = config.container.host;
package = pkgs.callPackage <package/print> args;
in {
options.container.module.print = {
enable = lib.mkEnableOption "the printing server.";
address = lib.mkOption {
default = "10.1.0.46";
type = lib.types.str;
};
port = lib.mkOption {
default = 631;
type = lib.types.int;
};
domain = lib.mkOption {
default = "print.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/print";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.print = container.mkContainer cfg {
bindMounts = {
"/var/lib/cups" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.print = container.mkContainer cfg {
bindMounts = {
"/var/lib/cups" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
networking.interfaces."eth0".ipv4.routes = [
{
address = "192.168.2.237";
prefixLength = 32;
via = host;
}
];
config = { ... }: container.mkContainerConfig cfg {
networking.interfaces."eth0".ipv4.routes = [
{
address = "192.168.2.237"; # NOTE: Printer's IP address.
prefixLength = 32;
via = host;
}
];
services.printing = {
enable = true;
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
drivers = [ package ];
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
startWhenNeeded = true;
stateless = false;
webInterface = true;
};
};
};
};
services.printing = {
enable = true;
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
drivers = [ package ];
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
startWhenNeeded = true;
stateless = false;
webInterface = true;
};
};
};
};
}

154
container/Proxy.nix
View file

@ -10,91 +10,85 @@
# ```
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
{
util,
container,
pkgs,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.proxy;
virtualHosts = util.catSet (util.ls ./proxy/host) args;
in
{
options = {
container.module.proxy = {
enable = mkEnableOption "Proxy server.";
address = mkOption {
default = "10.1.0.2";
type = types.str;
};
port = mkOption {
default = 443;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/proxy";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
util,
...
} @args: let
cfg = config.container.module.proxy;
virtualHosts = util.catSet (util.ls ./proxy/host) args;
in {
options.container.module.proxy = {
enable = lib.mkEnableOption "the proxy server.";
address = lib.mkOption {
default = "10.1.0.2";
type = lib.types.str;
};
port = lib.mkOption {
default = 443;
type = lib.types.int;
};
storage = lib.mkOption {
default = "${config.container.storage}/proxy";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"challenge"
"letsencrypt"
];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"challenge"
"letsencrypt"
];
containers.proxy = container.mkContainer cfg {
bindMounts = {
"/etc/letsencrypt" = {
hostPath = "${cfg.storage}/letsencrypt";
isReadOnly = false;
};
"/var/www/.well-known" = {
hostPath = "${cfg.storage}/challenge";
isReadOnly = false;
};
};
containers.proxy = container.mkContainer cfg {
bindMounts = {
"/etc/letsencrypt" = {
hostPath = "${cfg.storage}/letsencrypt";
isReadOnly = false;
};
"/var/www/.well-known" = {
hostPath = "${cfg.storage}/challenge";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ certbot ];
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [
certbot
];
services.nginx = {
inherit virtualHosts;
services.nginx = {
inherit virtualHosts;
enable = true;
clientMaxBodySize = "4096m";
recommendedOptimisation = true;
recommendedProxySettings = true;
appendConfig = util.trimTabs ''
worker_processes 4;
'';
eventsConfig = util.trimTabs ''
worker_connections 4096;
'';
appendHttpConfig = util.trimTabs ''
proxy_max_temp_file_size 0;
proxy_buffering off;
enable = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
clientMaxBodySize = "4096m";
appendConfig = ''
worker_processes 4;
'';
eventsConfig = ''
worker_connections 4096;
'';
appendHttpConfig = ''
proxy_max_temp_file_size 0;
proxy_buffering off;
server {
listen 443 ssl default_server;
server_name _;
server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
return 403;
}
'';
};
};
};
};
return 403;
}
'';
};
};
};
};
}

101
container/Rabbitmq.nix
View file

@ -1,58 +1,53 @@
{
container,
pkgs,
util,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.rabbitmq;
in
{
options = {
container.module.rabbitmq = {
enable = mkEnableOption "Mqtt server.";
address = mkOption {
default = "10.1.0.28";
type = types.str;
};
port = mkOption {
default = 5672;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/rabbitmq";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
util,
...
}: let
cfg = config.container.module.rabbitmq;
in {
options.container.module.rabbitmq = {
enable = lib.mkEnableOption "the mqtt server.";
address = lib.mkOption {
default = "10.1.0.28";
type = lib.types.str;
};
port = lib.mkOption {
default = 5672;
type = lib.types.int;
};
storage = lib.mkOption {
default = "${config.container.storage}/rabbitmq";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.rabbitmq = container.mkContainer cfg {
bindMounts = {
"/var/lib/rabbitmq" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.rabbitmq = container.mkContainer cfg {
bindMounts = {
"/var/lib/rabbitmq" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.rabbitmq = {
enable = true;
listenAddress = cfg.address;
port = cfg.port;
dataDir = "/var/lib/rabbitmq";
configItems = {
"loopback_users" = "none";
};
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.rabbitmq = {
enable = true;
dataDir = "/var/lib/rabbitmq";
listenAddress = cfg.address;
port = cfg.port;
configItems = {
"loopback_users" = "none";
};
};
};
};
};
}

110
container/Read.nix
View file

@ -1,61 +1,59 @@
{
container,
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.container.module.read;
in
{
options = {
container.module.read = {
enable = mkEnableOption "Reading server.";
address = mkOption {
default = "10.1.0.39";
type = types.str;
};
port = mkOption {
default = 5000;
type = types.int;
};
domain = mkOption {
default = "read.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/read";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.read;
in {
options.container.module.read = {
enable = lib.mkEnableOption "the reading server.";
address = lib.mkOption {
default = "10.1.0.39";
type = lib.types.str;
};
port = lib.mkOption {
default = 5000;
type = lib.types.int;
};
domain = lib.mkOption {
default = "read.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/read";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.read = container.mkContainer cfg {
bindMounts = {
"/var/lib/kavita" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
} // container.attachMedia "book" true // container.attachMedia "manga" true;
containers.read = container.mkContainer cfg {
bindMounts = {
"/var/lib/kavita" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
}
// container.attachMedia "book" true
// container.attachMedia "manga" true
;
config =
{ ... }:
container.mkContainerConfig cfg {
services.kavita = {
enable = true;
dataDir = "/var/lib/kavita";
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
settings = {
IpAddresses = cfg.address;
Port = cfg.port;
};
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.kavita = {
enable = true;
dataDir = "/var/lib/kavita";
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
settings = {
IpAddresses = cfg.address;
Port = cfg.port;
};
};
};
};
};
}

71
container/Redis.nix
View file

@ -1,42 +1,35 @@
{
container,
pkgs,
util,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.redis;
in
{
options = {
container.module.redis = {
enable = mkEnableOption "Redis server.";
address = mkOption {
default = "10.1.0.38";
type = types.str;
};
port = mkOption {
default = 6379;
type = types.int;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.redis;
in {
options.container.module.redis = {
enable = lib.mkEnableOption "the Redis server.";
address = lib.mkOption {
default = "10.1.0.38";
type = lib.types.str;
};
port = lib.mkOption {
default = 6379;
type = lib.types.int;
};
};
config = mkIf cfg.enable {
containers.redis = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
services.redis.servers.main = {
enable = true;
port = cfg.port;
bind = cfg.address;
extraParams = [ "--protected-mode no" ];
};
};
};
};
config = lib.mkIf cfg.enable {
containers.redis = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.redis.servers.main = {
enable = true;
port = cfg.port;
bind = cfg.address;
extraParams = [
"--protected-mode no"
];
};
};
};
};
}

275
container/Search.nix
View file

@ -1,143 +1,138 @@
{
container,
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.search;
in
{
options = {
container.module.search = {
enable = mkEnableOption "Search frontend.";
address = mkOption {
default = "10.1.0.26";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "search.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/search";
type = types.str;
};
};
};
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.search;
in {
options.container.module.search = {
enable = lib.mkEnableOption "the search frontend.";
address = lib.mkOption {
default = "10.1.0.26";
type = lib.types.str;
};
port = lib.mkOption {
default = 8080;
type = lib.types.int;
};
domain = lib.mkOption {
default = "search.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/search";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
containers.search = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
services.searx = {
enable = true;
package = pkgs.searxng;
# REF: https://github.com/searxng/searxng/blob/master/searx/settings.yml
settings = {
general = {
debug = false;
instance_name = "SearX";
enable_metrics = false;
};
server = {
bind_address = cfg.address;
port = cfg.port;
secret_key = "searxxx";
limiter = false;
public_instance = false;
image_proxy = false;
method = "GET";
};
search = {
safe_search = 0;
autocomplete = "";
autocomplete_min = 4;
default_lang = "auto";
};
ui = {
infinite_scroll = false;
default_theme = "simple";
center_alignment = false;
default_locale = "";
simple_style = "dark";
hotkeys = "vim";
};
outgoing = {
request_timeout = 3.0;
max_request_timeout = 10.0;
pool_connections = 100;
pool_maxsize = 20;
enable_http2 = true;
# proxies = {
# "all://" = with config.container.module; [
# # "socks5:${frkn.address}:${frkn.port}"
# "socks5:${frkn.address}:1081"
# # "socks5:${frkn.address}:9150"
# ];
# };
# using_tor_proxy = true;
# extra_proxy_timeout = 10;
};
# plugins = [ ];
enabled_plugins = [
"Basic Calculator"
"Tracker URL remover"
"Hostnames plugin"
];
hostnames = {
replace = with config.container.module; {
"(.*\.)?youtube\.com$" = yt.domain;
"(.*\.)?youtu\.be$" = yt.domain;
};
remove = [
"(.*\.)?dzen\.ru?$"
"(.*\.)?facebook.com$"
"(.*\.)?gosuslugi\.ru?$"
"(.*\.)?quora\.com?$"
"(.*\.)?rutube\.ru?$"
"(.*\.)?vk\.com?$"
];
low_priority = [
"(.*\.)?google(\..*)?$"
"(.*\.)?microsoft\.com?$"
];
high_priority = [ "(.*\.)?wikipedia.org$" ];
};
categories_as_tabs = {
general = { };
images = { };
videos = { };
news = { };
map = { };
it = { };
files = { };
};
engines =
let
mkEnable = name: {
inherit name;
disabled = false;
};
mkDisable = name: {
inherit name;
disabled = true;
};
in
[
(mkEnable "bing")
(mkDisable "qwant")
];
};
};
};
};
};
config = lib.mkIf cfg.enable {
containers.search = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.searx = {
enable = true;
package = pkgs.searxng;
# REF: https://github.com/searxng/searxng/blob/master/searx/settings.yml
settings = {
general = {
debug = false;
enable_metrics = false;
instance_name = "SearX";
};
server = {
bind_address = cfg.address;
image_proxy = false;
limiter = false;
method = "GET";
port = cfg.port;
public_instance = false;
secret_key = "searxxx";
};
search = {
autocomplete = "";
autocomplete_min = 4;
default_lang = "auto";
safe_search = 0;
};
ui = {
center_alignment = false;
default_locale = "";
default_theme = "simple";
hotkeys = "vim";
infinite_scroll = false;
simple_style = "dark";
};
outgoing = {
enable_http2 = true;
max_request_timeout = 10.0;
pool_connections = 100;
pool_maxsize = 20;
request_timeout = 3.0;
# proxies = {
# "all://" = with config.container.module; [
# # "socks5:${frkn.address}:${frkn.port}"
# "socks5:${frkn.address}:1081"
# # "socks5:${frkn.address}:9150"
# ];
# };
# using_tor_proxy = true;
# extra_proxy_timeout = 10;
};
# plugins = [ ];
enabled_plugins = [
"Basic Calculator"
"Hostnames plugin"
"Tracker URL remover"
];
hostnames = {
replace = with config.container.module; {
"(.*\.)?youtu\.be$" = yt.domain;
"(.*\.)?youtube\.com$" = yt.domain;
};
remove = [
"(.*\.)?dzen\.ru?$"
"(.*\.)?facebook.com$"
"(.*\.)?gosuslugi\.ru?$"
"(.*\.)?quora\.com?$"
"(.*\.)?rutube\.ru?$"
"(.*\.)?vk\.com?$"
];
low_priority = [
"(.*\.)?google(\..*)?$"
"(.*\.)?microsoft\.com?$"
];
high_priority = [
"(.*\.)?4pda.to$"
"(.*\.)?github.com$"
"(.*\.)?wikipedia.org$"
];
};
categories_as_tabs = {
files = { };
general = { };
images = { };
it = { };
map = { };
news = { };
videos = { };
};
engines = let
mkEnable = name: {
inherit name;
disabled = false;
};
mkDisable = name: {
inherit name;
disabled = true;
};
in [
(mkEnable "bing")
(mkDisable "qwant")
];
};
};
};
};
};
}

119
container/Status.nix
View file

@ -1,67 +1,66 @@
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.status;
in
{
options = {
container.module.status = {
enable = mkEnableOption "Status monitor.";
address = mkOption {
default = "10.1.0.22";
type = types.str;
};
port = mkOption {
default = 3001;
type = types.int;
};
domain = mkOption {
default = "status.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/status";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.status;
in {
options.container.module.status = {
enable = lib.mkEnableOption "the status monitor.";
address = lib.mkOption {
default = "10.1.0.22";
type = lib.types.str;
};
port = lib.mkOption {
default = 3001;
type = lib.types.int;
};
domain = lib.mkOption {
default = "status.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/status";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.status = container.mkContainer cfg {
bindMounts = {
"/var/lib/uptime-kuma" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.status = container.mkContainer cfg {
bindMounts = {
"/var/lib/uptime-kuma" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ lib, ... }:
container.mkContainerConfig cfg {
networking = {
nameservers = mkForce [ config.container.module.dns.address ];
};
config = { ... }: container.mkContainerConfig cfg {
networking = {
nameservers = lib.mkForce [
config.container.module.dns.address
];
};
services.uptime-kuma = {
enable = true;
settings = {
DATA_DIR = "/var/lib/uptime-kuma/";
HOST = cfg.address;
PORT = toString cfg.port;
};
};
services.uptime-kuma = {
enable = true;
settings = {
DATA_DIR = "/var/lib/uptime-kuma/";
HOST = cfg.address;
PORT = toString cfg.port;
};
};
systemd.services.uptime-kuma = {
serviceConfig.DynamicUser = mkForce false;
};
};
};
};
systemd.services.uptime-kuma = {
serviceConfig = {
DynamicUser = lib.mkForce false;
};
};
};
};
};
}

117
container/Stock.nix
View file

@ -1,65 +1,62 @@
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.stock;
in
{
options = {
container.module.stock = {
enable = mkEnableOption "Stock management.";
address = mkOption {
default = "10.1.0.45";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "stock.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/stock";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.stock;
in {
options.container.module.stock = {
enable = lib.mkEnableOption "the stock management.";
address = lib.mkOption {
default = "10.1.0.45";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "stock.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/stock";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.stock = container.mkContainer cfg {
bindMounts = {
"/var/lib/grocy" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.stock = container.mkContainer cfg {
bindMounts = {
"/var/lib/grocy" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.grocy = {
enable = true;
dataDir = "/var/lib/grocy";
hostName = cfg.domain;
nginx.enableSSL = false;
settings = {
calendar = {
firstDayOfWeek = 1;
showWeekNumber = true;
};
culture = "en";
currency = "RUB";
};
};
};
};
};
config = { ... }: container.mkContainerConfig cfg {
services.grocy = {
enable = true;
dataDir = "/var/lib/grocy";
hostName = cfg.domain;
nginx = {
enableSSL = false;
};
settings = {
calendar = {
firstDayOfWeek = 1;
showWeekNumber = true;
};
culture = "en";
currency = "RUB";
};
};
};
};
};
}

182
container/Vpn.nix
View file

@ -1,100 +1,96 @@
{
container,
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.vpn;
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.vpn;
wireguardPeers =
let
mkPeer = name: ip: PublicKey: {
inherit PublicKey;
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
AllowedIPs = [ "${ip}/32" ];
};
in
[
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
];
in
{
options = {
container.module.vpn = {
enable = mkEnableOption "Vpn server.";
address = mkOption {
default = "10.1.0.23";
type = types.str;
};
port = mkOption {
default = 51820;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/vpn";
type = types.str;
};
};
};
wireguardPeers = let
mkPeer = name: ip: PublicKey: {
inherit PublicKey;
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
AllowedIPs = [
"${ip}/32"
];
};
in [
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
];
in {
options.container.module.vpn = {
enable = lib.mkEnableOption "the vpn server.";
address = lib.mkOption {
default = "10.1.0.23";
type = lib.types.str;
};
port = lib.mkOption {
default = 51820;
type = lib.types.int;
};
storage = lib.mkOption {
default = "${config.container.storage}/vpn";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"data/preshared"
];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"data/preshared"
];
containers.vpn = container.mkContainer cfg {
bindMounts = {
"/var/lib/wireguard" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.vpn = container.mkContainer cfg {
bindMounts = {
"/var/lib/wireguard" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
config = { ... }: container.mkContainerConfig cfg {
networking.useNetworkd = true;
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
environment.systemPackages = with pkgs; [
wireguard-tools
];
systemd.network = {
enable = true;
netdevs = {
"50-wg0" = {
inherit wireguardPeers;
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg0";
};
wireguardConfig = {
ListenPort = cfg.port;
PrivateKeyFile = "/var/lib/wireguard/privkey";
};
};
};
environment.systemPackages = with pkgs; [ wireguard-tools ];
networking.useNetworkd = true;
systemd.network = {
enable = true;
netdevs = {
"50-wg0" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = "/var/lib/wireguard/privkey";
ListenPort = cfg.port;
};
inherit wireguardPeers;
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.1.1.0/24" ];
networkConfig = {
IPv4Forwarding = "yes";
IPMasquerade = "ipv4";
};
};
};
};
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [
"10.1.1.0/24"
];
networkConfig = {
IPMasquerade = "ipv4";
IPv4Forwarding = "yes";
};
};
};
};
};
};
}

171
container/Watch.nix
View file

@ -1,96 +1,87 @@
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.watch;
in
{
options = {
container.module.watch = {
enable = mkEnableOption "Media server.";
address = mkOption {
default = "10.1.0.11";
type = types.str;
};
port = mkOption {
default = 8096;
type = types.int;
};
domain = mkOption {
default = "watch.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/watch";
type = types.str;
};
memLimit = mkOption {
default = "8G";
type = types.str;
};
};
};
config,
container,
lib,
...
}: let
cfg = config.container.module.watch;
in {
options.container.module.watch = {
enable = lib.mkEnableOption "the media server.";
address = lib.mkOption {
default = "10.1.0.11";
type = lib.types.str;
};
port = lib.mkOption {
default = 8096;
type = lib.types.int;
};
domain = lib.mkOption {
default = "watch.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/watch";
type = lib.types.str;
};
memLimit = lib.mkOption {
default = "8G";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"cache"
];
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"cache"
"data"
];
containers.watch = container.mkContainer cfg {
bindMounts =
{
"/var/lib/jellyfin" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/cache/jellyfin" = {
hostPath = "${cfg.storage}/cache";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
}
// container.attachMedia "anime" true
// container.attachMedia "download" true
// container.attachMedia "movie" true
// container.attachMedia "music" true
// container.attachMedia "photo" true
// container.attachMedia "porn" true
// container.attachMedia "show" true
// container.attachMedia "study" true
// container.attachMedia "work" true
// container.attachMedia "youtube" true;
containers.watch = container.mkContainer cfg {
bindMounts = {
"/var/lib/jellyfin" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/cache/jellyfin" = {
hostPath = "${cfg.storage}/cache";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
}
// container.attachMedia "anime" true
// container.attachMedia "download" true
// container.attachMedia "movie" true
// container.attachMedia "music" true
// container.attachMedia "photo" true
// container.attachMedia "porn" true
// container.attachMedia "show" true
// container.attachMedia "study" true
// container.attachMedia "work" true
// container.attachMedia "youtube" true
;
allowedDevices = [
{
modifier = "rwm";
node = "/dev/dri/renderD128";
}
];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/dri/renderD128";
}
];
config =
{ ... }:
container.mkContainerConfig cfg {
# users.users.jellyfin.extraGroups = [
# "video"
# "render"
# ];
services.jellyfin = {
enable = true;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
};
};
};
config = { ... }: container.mkContainerConfig cfg {
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
services.jellyfin = {
enable = true;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
# users.users.jellyfin.extraGroups = [
# "video"
# "render"
# ];
};
};
};
}

117
container/Yt.nix
View file

@ -1,64 +1,59 @@
{
container,
pkgs,
lib,
config,
__findFile,
...
}:
with lib;
let
cfg = config.container.module.yt;
in
{
options = {
container.module.yt = {
enable = mkEnableOption "YouTube frontend.";
address = mkOption {
default = "10.1.0.19";
type = types.str;
};
port = mkOption {
default = 3000;
type = types.int;
};
domain = mkOption {
default = "yt.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/yt";
type = types.str;
};
};
};
__findFile,
config,
container,
lib,
pkgs,
...
}: let
cfg = config.container.module.yt;
in {
options.container.module.yt = {
enable = lib.mkEnableOption "the YouTube frontend.";
address = lib.mkOption {
default = "10.1.0.19";
type = lib.types.str;
};
port = lib.mkOption {
default = 3000;
type = lib.types.int;
};
domain = lib.mkOption {
default = "yt.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/yt";
type = lib.types.str;
};
};
config = mkIf cfg.enable {
containers.yt = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
services.invidious = {
enable = true;
domain = cfg.domain;
port = cfg.port;
nginx.enable = false;
database = {
port = config.container.module.postgres.port;
host = config.container.module.postgres.address;
createLocally = false;
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
};
settings = {
admins = [ "root" ];
captcha_enabled = false;
check_tables = true;
registration_enabled = false;
external_port = 443;
https_only = true;
};
};
};
};
};
config = lib.mkIf cfg.enable {
containers.yt = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.invidious = {
enable = true;
domain = cfg.domain;
port = cfg.port;
nginx.enable = false;
database = {
host = config.container.module.postgres.address;
port = config.container.module.postgres.port;
createLocally = false;
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
};
settings = {
captcha_enabled = false;
check_tables = true;
external_port = 443;
https_only = true;
registration_enabled = false;
admins = [
"root"
];
};
};
};
};
};
}

112
container/default.nix
View file

@ -1,61 +1,57 @@
{ lib, config, ... }:
with lib;
let
cfg = config.container;
in
{
options = {
container = {
enable = mkEnableOption "Containers!!";
config,
lib,
...
}: let
cfg = config.container;
in {
options.container = {
enable = lib.mkEnableOption "Containers!!";
autoStart = lib.mkOption {
default = false;
type = lib.types.bool;
};
host = lib.mkOption {
default = "0.0.0.0";
type = lib.types.str;
};
localAccess = lib.mkOption {
default = "0.0.0.0";
type = lib.types.str;
};
storage = lib.mkOption {
default = "/tmp/container";
type = lib.types.str;
};
domain = lib.mkOption {
default = "local";
type = lib.types.str;
};
interface = lib.mkOption {
default = "lo";
type = lib.types.str;
};
media = lib.mkOption {
default = { };
type = lib.types.attrs;
};
};
autoStart = mkOption {
default = false;
type = types.bool;
};
host = mkOption {
default = "0.0.0.0";
type = types.str;
};
localAccess = mkOption {
default = "0.0.0.0";
type = types.str;
};
storage = mkOption {
default = "/tmp/container";
type = types.str;
};
domain = mkOption {
default = "local";
type = types.str;
};
interface = mkOption {
default = "lo";
type = types.str;
};
media = mkOption {
default = { };
type = types.attrs;
};
};
};
config = mkIf cfg.enable {
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = config.container.interface;
};
networkmanager.unmanaged = [ "interface-name:ve-*" ];
};
};
config = lib.mkIf cfg.enable {
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking = {
nat = {
enable = true;
externalInterface = config.container.interface;
internalInterfaces = [
"ve-+"
];
};
networkmanager.unmanaged = [
"interface-name:ve-*"
];
};
};
}

49
container/proxy/host/Camera.nix
View file

@ -1,27 +1,30 @@
{ config, container, ... }:
let
domain = "camera.${config.container.domain}";
address = "192.168.2.249";
port = 554;
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
config,
container,
util,
...
}: let
address = "192.168.2.249";
domain = "camera.${config.container.domain}";
port = 554;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
return 301 rtsp://${address}:${toString port}/live/main;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
return 301 rtsp://${address}:${toString port}/live/main;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

51
container/proxy/host/Change.nix
View file

@ -1,30 +1,33 @@
{ config, container, ... }:
let
cfg = config.container.module.change;
name = "change";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
config,
container,
util,
...
}: let
cfg = config.container.module.change;
name = "change";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
proxy_pass http://''$${name}$request_uri;
add_header Referrer-Policy 'origin';
}
add_header Referrer-Policy 'origin';
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Chat.nix
View file

@ -1,28 +1,31 @@
{ config, container, ... }:
let
cfg = config.container.module.chat;
name = "chat";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
config,
container,
util,
...
}: let
cfg = config.container.module.chat;
name = "chat";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

55
container/proxy/host/Cloud.nix
View file

@ -1,31 +1,34 @@
{ config, container, ... }:
let
cfg = config.container.module.cloud;
name = "cloud";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
config,
container,
util,
...
}: let
cfg = config.container.module.cloud;
name = "cloud";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Download.nix
View file

@ -1,27 +1,30 @@
{ config, container, ... }:
let
cfg = config.container.module.download;
name = "download";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
config,
container,
util,
...
}: let
cfg = config.container.module.download;
name = "download";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

53
container/proxy/host/Git.nix
View file

@ -1,30 +1,33 @@
{ container, config, ... }:
let
cfg = config.container.module.git;
name = "git";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.git;
name = "git";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(admin|api|user) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location ~ ^/(admin|api|user) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

27
container/proxy/host/Hdd.nix
View file

@ -1,27 +0,0 @@
{ container, config, ... }:
let
cfg = config.container.module.hdd;
name = "hdd";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Home.nix
View file

@ -1,27 +1,30 @@
{ config, container, ... }:
let
cfg = config.container.module.home;
name = "home";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
config,
container,
util,
...
}: let
cfg = config.container.module.home;
name = "home";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

59
container/proxy/host/Iot.nix
View file

@ -1,34 +1,37 @@
{ container, config, ... }:
let
cfg = config.container.module.iot;
name = "iot";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.iot;
name = "iot";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://''$${name}$request_uri;
}
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Mail.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.mail;
name = "mail";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.mail;
name = "mail";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

51
container/proxy/host/Office.nix
View file

@ -1,28 +1,31 @@
{ container, config, ... }:
let
cfg = config.container.module.office;
name = "office";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.office;
name = "office";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
# allow ${config.container.localAccess};
# allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address};
# deny all;
add_header X-Forwarded-Proto https;
proxy_pass http://''$${name}$request_uri;
}
location / {
# allow ${config.container.localAccess};
# allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address};
# deny all;
add_header X-Forwarded-Proto https;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Paper.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.paper;
name = "paper";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.paper;
name = "paper";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Pass.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.pass;
name = "pass";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.pass;
name = "pass";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

45
container/proxy/host/Paste.nix
View file

@ -1,26 +1,29 @@
{ container, config, ... }:
let
cfg = config.container.module.paste;
name = "paste";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.paste;
name = "paste";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location = / {
return 403;
}
location = / {
return 403;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

55
container/proxy/host/Print.nix
View file

@ -1,32 +1,35 @@
{ container, config, ... }:
let
cfg = config.container.module.print;
name = "print";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.print;
name = "print";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
proxy_pass http://''$${name}$request_uri;
proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

53
container/proxy/host/Printer.nix
View file

@ -1,29 +1,32 @@
{ container, config, ... }:
let
address = "192.168.2.237";
domain = "printer.${config.container.domain}";
port = 80;
name = "printer";
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
container,
config,
util,
...
}: let
address = "192.168.2.237";
domain = "printer.${config.container.domain}";
name = "printer";
port = 80;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Read.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.read;
name = "read";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.read;
name = "read";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

40
container/proxy/host/Resume.nix
View file

@ -1,24 +1,26 @@
{ container, config, ... }:
let
domain = "resume.${config.container.domain}";
name = "resume";
in
{
${domain} = container.mkServer {
extraConfig = ''
server_name ${domain};
listen 443 ssl;
container,
config,
util,
...
}: let
domain = "resume.${config.container.domain}";
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
server_name ${domain};
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
if ($http_accept_language ~ ru) {
return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
}
if ($http_accept_language ~ ru) {
return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
}
return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
'';
};
return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
'';
};
}

53
container/proxy/host/Router.nix
View file

@ -1,29 +1,32 @@
{ container, config, ... }:
let
address = "10.0.0.2";
domain = "router.${config.container.domain}";
port = 80;
name = "router";
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
container,
config,
util,
...
}: let
address = "10.0.0.2";
domain = "router.${config.container.domain}";
name = "router";
port = 80;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Search.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.search;
name = "search";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.search;
name = "search";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

61
container/proxy/host/Status.nix
View file

@ -1,34 +1,37 @@
{ container, config, ... }:
let
cfg = config.container.module.status;
name = "sstatus";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.status;
name = "sstatus";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(dashboard|settings) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location ~ ^/(dashboard|settings) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Stock.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.stock;
name = "stock";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.stock;
name = "stock";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

49
container/proxy/host/Watch.nix
View file

@ -1,27 +1,30 @@
{ container, config, ... }:
let
cfg = config.container.module.watch;
name = "watch";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.watch;
name = "watch";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

63
container/proxy/host/Yt.nix
View file

@ -1,37 +1,40 @@
{ container, config, ... }:
let
cfg = config.container.module.yt;
name = "yt";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
container,
config,
util,
...
}: let
cfg = config.container.module.yt;
name = "yt";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
proxy_pass http://''$${name}$request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options;
}
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

500
flake.nix
View file

@ -1,375 +1,163 @@
# This is a configuration entry-point called "Flake".
# Here you define your inputs (dependencies) and outputs (hosts).
{
# Those are external dependencies.
inputs = {
# Core system.
# Homepage: https://github.com/NixOS/nixpkgs
# Manual: https://nixos.org/manual/nixos/stable
# Search: https://search.nixos.org/packages and https://search.nixos.org/options
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
# This thing manages user's /home directroies. Because NixOS only manages system itself.
# Homepage: https://github.com/nix-community/home-manager
# Manual: https://nix-community.github.io/home-manager
# Search: https://home-manager-options.extranix.com
home-manager = {
url = "github:nix-community/home-manager";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# This means that home-manager and our Flake both depend on the same nixpkgs version.
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix";
# This allows automatic styling based on active Wallpaper.
# Homepage: https://github.com/danth/stylix
# Manual: https://danth.github.io/stylix
stylix.url = "github:danth/stylix";
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
# I use this for a single container called jobber. WARN: Do not update.
# You likely won't need this one, so just skip it for now.
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.11";
inputs.home-manager.follows = "home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations.
# Homepage: https://github.com/nix-community/nix-on-droid
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
nvimAlign = { flake = false; url = "github:echasnovski/mini.align"; };
nvimAutoclose = { flake = false; url = "github:m4xshen/autoclose.nvim"; };
nvimBufferline = { flake = false; url = "github:akinsho/bufferline.nvim"; };
nvimCloseBuffers = { flake = false; url = "github:kazhala/close-buffers.nvim"; };
nvimColorizer = { flake = false; url = "github:brenoprata10/nvim-highlight-colors"; };
nvimDevicons = { flake = false; url = "github:nvim-tree/nvim-web-devicons"; };
nvimDressing = { flake = false; url = "github:stevearc/dressing.nvim"; };
nvimGen = { flake = false; url = "github:David-Kunz/gen.nvim"; };
nvimGitsigns = { flake = false; url = "github:lewis6991/gitsigns.nvim"; };
nvimGruvboxMaterial = { flake = false; url = "github:sainnhe/gruvbox-material"; };
nvimIndentoMatic = { flake = false; url = "github:Darazaki/indent-o-matic"; };
nvimLspconfig = { flake = false; url = "github:neovim/nvim-lspconfig"; };
nvimPlenary = { flake = false; url = "github:nvim-lua/plenary.nvim"; };
nvimTelescope = { flake = false; url = "github:nvim-telescope/telescope.nvim"; };
nvimTodo = { flake = false; url = "github:folke/todo-comments.nvim"; };
nvimTree = { flake = false; url = "github:nvim-tree/nvim-tree.lua"; };
nvimTreesitter = { flake = false; url = "github:nvim-treesitter/nvim-treesitter"; };
nvimTrouble = { flake = false; url = "github:folke/trouble.nvim"; };
};
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix).
nvimAlign = {
url = "github:echasnovski/mini.align";
flake = false;
};
nvimAutoclose = {
url = "github:m4xshen/autoclose.nvim";
flake = false;
};
nvimBufferline = {
url = "github:akinsho/bufferline.nvim";
flake = false;
};
nvimCloseBuffers = {
url = "github:kazhala/close-buffers.nvim";
flake = false;
};
nvimColorizer = {
url = "github:brenoprata10/nvim-highlight-colors";
flake = false;
};
nvimDevicons = {
url = "github:nvim-tree/nvim-web-devicons";
flake = false;
};
nvimDressing = {
url = "github:stevearc/dressing.nvim";
flake = false;
};
nvimGen = {
url = "github:David-Kunz/gen.nvim";
flake = false;
};
nvimGitsigns = {
url = "github:lewis6991/gitsigns.nvim";
flake = false;
};
nvimGruvboxMaterial = {
url = "github:sainnhe/gruvbox-material";
flake = false;
};
nvimIndentoMatic = {
url = "github:Darazaki/indent-o-matic";
flake = false;
};
nvimLspconfig = {
url = "github:neovim/nvim-lspconfig";
flake = false;
};
nvimPlenary = {
url = "github:nvim-lua/plenary.nvim";
flake = false;
};
nvimTelescope = {
url = "github:nvim-telescope/telescope.nvim";
flake = false;
};
nvimTodo = {
url = "github:folke/todo-comments.nvim";
flake = false;
};
nvimTree = {
url = "github:nvim-tree/nvim-tree.lua";
flake = false;
};
nvimTreesitter = {
url = "github:nvim-treesitter/nvim-treesitter";
flake = false;
};
nvimTrouble = {
url = "github:folke/trouble.nvim";
flake = false;
};
};
outputs = {
home-manager,
nix-on-droid,
nixpkgs,
nixpkgsJobber,
nixpkgsMaster,
nixpkgsStable,
nixpkgsUnstable,
poetry2nixJobber,
self,
stylix,
...
} @inputs: {
const = {
droidStateVersion = "23.11";
stateVersion = "24.05";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
# Those are outputs (hosts, configurations) that can be produced by this whole config.
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
# `...` at the end of a set means "ignore other arguments provided to this function".
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
outputs =
{
self,
nixpkgs,
nixpkgsUnstable,
nixpkgsStable,
nixpkgsMaster,
nix-on-droid,
home-manager,
stylix,
poetry2nixJobber,
nixpkgsJobber,
...
}@inputs:
{
# Constant values.
const = {
droidStateVersion = "23.11";
stateVersion = "24.05";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
__findFile = _: p: ./${p};
# Hack to use <container/Change.nix> in other files.
# Need to add __findFile to args tho.
__findFile = _: p: ./${p};
findFiles = path: map (f: "${path}/${f}") (
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
builtins.attrNames (builtins.readDir path)
)
);
# List all files in a dir.
findFiles =
path:
map (f: "${path}/${f}") (
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
builtins.attrNames (builtins.readDir path)
)
);
devShells = let
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system};
system = "x86_64-linux";
in {
${system}.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
nixd
];
# buildInputs = with pkgs; [ ];
# Dev shell for this repo.
devShells =
let
system = "x86_64-linux";
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system};
in
{
${system}.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
nixd
nixfmt-rfc-style
treefmt
];
# buildInputs = with pkgs; [ ];
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
# SOURCE_DATE_EPOCH = "${toString self.lastModified}";
};
};
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
# SOURCE_DATE_EPOCH = "${toString self.lastModified}";
};
};
nixosConfigurations = let
mkHost = { system, hostname }: nixpkgs.lib.nixosSystem {
inherit system;
modules = [
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# Nixos systems.
nixosConfigurations =
let
# Function to create a host. It does basic setup, like adding common modules.
mkHost =
{ system, hostname }:
nixpkgs.lib.nixosSystem {
# `Inherit` is just an alias for `system = system;`, which means that
# keep the `system` argument as a property in a resulting set.
inherit system;
# Specify current release version.
{ system.stateVersion = self.const.stateVersion; }
# List of modules to use by defualt for all the hosts.
modules =
[
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# Add Home Manager module.
home-manager.nixosModules.home-manager
# Specify current release version.
{ system.stateVersion = self.const.stateVersion; }
# Add Stylix module.
stylix.nixosModules.stylix
# Add Home Manager module.
home-manager.nixosModules.home-manager
# HM config.
./home/NixOs.nix
]
++ (self.findFiles ./container)
++ (self.findFiles ./host/${system}/${hostname})
++ (self.findFiles ./module)
++ (self.findFiles ./overlay)
++ (self.findFiles ./system)
;
specialArgs = let
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
lib = nixpkgs.lib;
config = self.nixosConfigurations.${hostname}.config;
util = import ./lib/Util.nix { inherit lib; };
in {
inherit (self) const __findFile;
inherit inputs self poetry2nixJobber util;
container = import ./lib/Container.nix { inherit lib pkgs config util; inherit (self) const; };
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
secret = import ./secret { };
};
};
# Add Stylix module.
stylix.nixosModules.stylix
mkSystem = system: hostname: { "${hostname}" = mkHost { inherit system hostname; }; };
in nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (system: nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system}))
)) (builtins.attrNames (builtins.readDir ./host))
);
# HM config.
./home/NixOs.nix
]
++ (self.findFiles ./host/${system}/${hostname})
++ (self.findFiles ./config)
++ (self.findFiles ./container)
++ (self.findFiles ./module)
++ (self.findFiles ./system)
++ (self.findFiles ./overlay);
# SpecialArgs allows you to pass objects down to other NixOS modules.
specialArgs =
let
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
lib = nixpkgs.lib;
config = self.nixosConfigurations.${hostname}.config;
in
{
inherit inputs self;
inherit (self) const __findFile;
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
secret = import ./secret { }; # Secrets (public keys).
container = import ./lib/Container.nix {
inherit lib pkgs config;
inherit (self) const;
}; # Container utils.
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
# Stuff for Jobber container, skip this part.
inherit poetry2nixJobber;
};
};
mkSystem = system: hostname: { "${hostname}" = mkHost { inherit system hostname; }; };
in
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (
system:
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system}))
)
) (builtins.attrNames (builtins.readDir ./host))
);
# Home manager (distro-independent).
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
# Or with --daemon for multi-user (as root).
# $ nix run home-manager/master -- init --switch
# $ nix shell '<home-manager>' -A install
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
# And then # systemctl restart nix-daemon.service
# $ home-manager switch --flake ~/hmconf
homeConfigurations =
let
lib = nixpkgs.lib;
secret = import ./secret { };
util = import ./lib/Util.nix { inherit lib; };
mkCommonHome =
username: system:
let
pkgs = nixpkgs.legacyPackages.${system};
pkgsStable = nixpkgsStable.legacyPackages.${system};
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system};
pkgsMaster = nixpkgsMaster.legacyPackages.${system};
in
{
${username} = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
self
inputs
secret
util
pkgs
pkgsStable
pkgsMaster
;
inherit (self) const __findFile;
};
modules = [
./home/HomeManager.nix
{
home.hm = {
inherit username;
enable = true;
};
}
{ nixpkgs.config.allowUnfree = true; }
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.package = pkgs.nix; }
{
nix.settings.experimental-features = [
"nix-command "
"flakes"
];
}
inputs.stylix.homeManagerModules.stylix
] ++ (self.findFiles ./home/user/${system}/${username}) ++ (self.findFiles ./config);
};
};
in
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (
system:
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (username: mkCommonHome username system) (
builtins.attrNames (builtins.readDir ./home/user/${system})
)
)
) (builtins.attrNames (builtins.readDir ./home/user))
);
# Android.
nixOnDroidConfigurations.default =
let
system = "aarch64-linux";
config = self.nixOnDroidConfigurations.default.config;
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
in
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
# Android release version.
{ system.stateVersion = self.const.droidStateVersion; }
# I put all my Android configuration there.
./home/Android.nix
{ home.android.enable = true; }
# { nixpkgs.config.allowUnfree = true; }
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
# Some common modules.
./config/Setting.nix
./config/Wallpaper.nix
(import ./config/Style.nix {
inherit (config.home-manager) config;
inherit (self) __findFile;
inherit lib pkgs;
})
];
# SpecialArgs allows you to pass objects down to other configuration.
extraSpecialArgs = {
inherit inputs self;
inherit (self) const __findFile;
secret = import ./secret { }; # Secrets (public keys).
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
};
};
};
nixOnDroidConfigurations.default = let
config = self.nixOnDroidConfigurations.default.config;
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsUnstable = nixpkgsUnstable.legacyPackages.${system}.pkgs;
system = "aarch64-linux";
in nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
(import ./module/Style.nix { inherit (config.home-manager) config; inherit (self) __findFile; inherit lib pkgs; })
./home/Android.nix
./module/Wallpaper.nix
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
{ home.android.enable = true; }
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
{ system.stateVersion = self.const.droidStateVersion; }
];
extraSpecialArgs = {
inherit inputs self;
inherit (self) const __findFile;
secret = import ./secret { };
util = import ./lib/Util.nix { inherit lib; };
};
};
};
}
# That's it!

82
home/Android.nix
View file

@ -1,48 +1,42 @@
# This is a common user configuration.
{
const,
pkgs,
self,
config,
lib,
inputs,
pkgsStable,
pkgsMaster,
__findFile,
...
}@args:
with lib;
let
cfg = config.home.android;
stylix = import <config/Stylix.nix> args;
android = import ./android args;
package = import <package> args;
programs = import ./program args;
in
# homePath = "/data/data/com.termux.nix/files/home";
{
options = {
home.android = {
enable = mkEnableOption "Android HM config.";
};
};
__findFile,
config,
const,
inputs,
lib,
pkgs,
pkgsMaster,
pkgsStable,
self,
...
} @args: let
cfg = config.home.android;
android = import ./android args;
package = import <package> args;
programs = import ./program args;
stylix = import <system/Stylix.nix> args;
in {
options.home.android = {
enable = lib.mkEnableOption "the Android HM config.";
};
config = mkIf cfg.enable {
environment.packages = package.core;
time.timeZone = const.timeZone;
terminal = {
inherit (android) font colors;
};
home-manager.config = stylix // {
imports = [ inputs.stylix.homeManagerModules.stylix ];
home = {
file = import ./config args;
sessionVariables = import ./variable args;
stateVersion = const.droidStateVersion;
};
programs = with programs; core;
};
};
config = lib.mkIf cfg.enable {
environment.packages = package.core;
time.timeZone = const.timeZone;
terminal = {
inherit (android) font colors;
};
home-manager.config = stylix // {
programs = with programs; core;
imports = [
inputs.stylix.homeManagerModules.stylix
];
home = {
file = import ./config args;
sessionVariables = import ./variable args;
stateVersion = const.droidStateVersion;
};
};
};
}

70
home/HomeManager.nix
View file

@ -1,70 +0,0 @@
# This is a common user configuration.
{
const,
util,
config,
lib,
__findFile,
...
}@args:
with lib;
let
cfg = config.home.hm;
package = import <package> args;
programs = import ./program args;
in
{
options = {
home.hm = {
enable = mkEnableOption "Home-Manager standalone config.";
username = mkOption {
default = null;
type = types.str;
};
homeDirectory = mkOption {
default = "/home/${cfg.username}";
type = types.str;
};
package = mkOption {
default = { };
type = types.submodule {
options = {
common.enable = mkEnableOption "Common apps.";
core.enable = mkEnableOption "Core apps.";
creative.enable = mkEnableOption "Creative apps.";
desktop.enable = mkEnableOption "Desktop apps.";
dev.enable = mkEnableOption "Dev apps.";
extra.enable = mkEnableOption "Extra apps.";
gaming.enable = mkEnableOption "Gaming apps.";
};
};
};
};
};
config = mkIf cfg.enable (mkMerge [
{
home = {
inherit (cfg) username homeDirectory;
inherit (const) stateVersion;
file = import ./config args;
sessionVariables = import ./variable args;
};
xdg = import ./xdg { inherit (cfg) homeDirectory; };
programs = with programs; core;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
}
(mkIf cfg.package.common.enable { home.packages = package.common; })
(mkIf cfg.package.core.enable { home.packages = package.core; })
(mkIf cfg.package.creative.enable { home.packages = package.creative; })
(mkIf cfg.package.desktop.enable {
home = {
packages = package.desktop;
programs = programs.desktop;
};
})
(mkIf cfg.package.dev.enable { home.packages = package.dev; })
(mkIf cfg.package.extra.enable { home.packages = package.extra; })
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
]);
}

92
home/NixOs.nix
View file

@ -1,57 +1,47 @@
# This is a common user configuration.
{
const,
config,
util,
lib,
pkgs,
__findFile,
...
}@args:
with lib;
let
cfg = config.home.nixos;
programs = import ./program args;
in
{
imports = (util.ls <user>);
__findFile,
config,
const,
lib,
pkgs,
util,
...
} @args: let
cfg = config.home.nixos;
programs = import ./program args;
in {
imports = (util.ls <user>);
options = {
home.nixos = {
enable = mkEnableOption "NixOS user setup.";
users = mkOption {
default = [ ];
type = types.listOf types.attrs;
};
};
};
options.home.nixos = {
enable = lib.mkEnableOption "the NixOS user setup.";
users = lib.mkOption {
default = [ ];
type = with lib.types; listOf attrs;
};
};
config = mkIf cfg.enable {
home-manager = {
users = builtins.foldl' (
acc: user:
acc
// {
${user.username} = {
home = {
inherit (const) stateVersion;
inherit (user) username homeDirectory;
file = import ./config args;
sessionVariables = import ./variable args;
config = lib.mkIf cfg.enable {
home-manager = {
backupFileExtension = "backup-" + pkgs.lib.readFile "${pkgs.runCommand "timestamp" { } "echo -n date '+%Y%m%d%H%M%S' > $out"}";
users = builtins.foldl' (acc: user:
acc // {
${user.username} = {
home = {
inherit (const) stateVersion;
inherit (user) username homeDirectory;
file = import ./config args;
sessionVariables = import ./variable args;
# ISSUE: https://github.com/nix-community/home-manager/issues/5589
extraActivationPath = with pkgs; [ openssh ];
};
xdg = import ./xdg { inherit (user) homeDirectory; };
programs = with programs; core // desktop;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
};
}
) { } cfg.users;
backupFileExtension =
"backup-"
+ pkgs.lib.readFile "${pkgs.runCommand "timestamp" { } "echo -n date '+%Y%m%d%H%M%S' > $out"}";
};
};
# ISSUE: https://github.com/nix-community/home-manager/issues/5589
extraActivationPath = with pkgs; [ openssh ];
};
xdg = import ./xdg { inherit (user) homeDirectory; };
programs = with programs; core // desktop;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
};
}
) { } cfg.users;
};
};
}

23
home/android/default.nix
View file

@ -1,14 +1,15 @@
{ pkgs, config, ... }:
{
font = pkgs.runCommandNoCC "font" { } ''
cp ${
pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }
}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
'';
config,
pkgs,
...
}: {
font = pkgs.runCommandNoCC "font" { } ''
cp ${pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
'';
colors = with config.style.color; {
background = "#${bg.dark}";
cursor = "#${fg.light}";
foreground = "#${fg.light}";
};
colors = with config.module.style.color; {
background = "#${bg.dark}";
cursor = "#${fg.light}";
foreground = "#${fg.light}";
};
}

346
home/config/btop/default.nix
View file

@ -1,250 +1,100 @@
{ ... }:
{
text = ''
#? Config file for btop v. 1.3.0
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme"
#* If the theme set background should be shown, set to False if you want terminal background transparency.
theme_background = False
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
truecolor = True
#* Set to true to force tty mode regardless if a real tty has been detected or not.
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
force_tty = False
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
#* Use whitespace " " as separator between different presets.
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
presets = ""
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
vim_keys = True
#* Rounded corners on boxes, is ignored if TTY mode is ON.
rounded_corners = True
#* Default symbols to use for graph creation, "braille", "block" or "tty".
#* "braille" offers the highest resolution but might not be included in all fonts.
#* "block" has half the resolution of braille but uses more common characters.
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
graph_symbol = "braille"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_cpu = "default"
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
graph_symbol_gpu = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_mem = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_net = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_proc = "default"
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
shown_boxes = "cpu mem net proc"
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
update_ms = 2000
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
proc_sorting = "memory"
#* Reverse sorting order, True or False.
proc_reversed = False
#* Show processes as a tree.
proc_tree = False
#* Use the cpu graph colors in the process list.
proc_colors = True
#* Use a darkening gradient in the process list.
proc_gradient = True
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
proc_per_core = False
#* Show process memory as bytes instead of percent.
proc_mem_bytes = True
#* Show cpu graph for each process.
proc_cpu_graphs = True
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
proc_info_smaps = False
#* Show proc box on left side of screen instead of right.
proc_left = True
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
proc_filter_kernel = True
#* In tree-view, always accumulate child process resources in the parent process.
proc_aggregate = False
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_upper = "total"
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_lower = "total"
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
show_gpu_info = "Auto"
#* Toggles if the lower CPU graph should be inverted.
cpu_invert_lower = True
#* Set to True to completely disable the lower CPU graph.
cpu_single_graph = False
#* Show cpu box at bottom of screen instead of top.
cpu_bottom = False
#* Shows the system uptime in the CPU box.
show_uptime = True
#* Show cpu temperature.
check_temp = True
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
cpu_sensor = "Auto"
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
show_coretemp = True
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
#* Example: "4:0 5:1 6:3"
cpu_core_map = ""
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
temp_scale = "celsius"
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
base_10_sizes = True
#* Show CPU frequency.
show_cpu_freq = True
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
clock_format = "%X"
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
background_update = True
#* Custom cpu model name, empty string to disable.
custom_cpu_name = ""
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
disks_filter = "exclude=/boot /boot/efi"
#* Show graphs instead of meters for memory values.
mem_graphs = True
#* Show mem box below net box instead of above.
mem_below_net = False
#* Count ZFS ARC in cached and available memory.
zfs_arc_cached = True
#* If swap memory should be shown in memory box.
show_swap = True
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
swap_disk = False
#* If mem box should be split to also show disks info.
show_disks = True
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
only_physical = True
#* Read disks list from /etc/fstab. This also disables only_physical.
use_fstab = True
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
zfs_hide_datasets = False
#* Set to true to show available disk space for privileged users.
disk_free_priv = False
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
show_io_stat = True
#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
io_mode = False
#* Set to True to show combined read/write io graphs in io mode.
io_graph_combined = False
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
#* Example: "/mnt/media:100 /:20 /boot:1".
io_graph_speeds = ""
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
net_download = 100
net_upload = 100
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
net_auto = True
#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
net_sync = True
#* Starts with the Network Interface specified here.
net_iface = ""
#* Show battery stats in top right if battery is present.
show_battery = True
#* Which battery to use if multiple are present. "Auto" for auto detection.
selected_battery = "Auto"
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
log_level = "WARNING"
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
nvml_measure_pcie_speeds = True
#* Horizontally mirror the GPU graph.
gpu_mirror_graph = True
#* Custom gpu0 model name, empty string to disable.
custom_gpu_name0 = ""
#* Custom gpu1 model name, empty string to disable.
custom_gpu_name1 = ""
#* Custom gpu2 model name, empty string to disable.
custom_gpu_name2 = ""
#* Custom gpu3 model name, empty string to disable.
custom_gpu_name3 = ""
#* Custom gpu4 model name, empty string to disable.
custom_gpu_name4 = ""
#* Custom gpu5 model name, empty string to disable.
custom_gpu_name5 = ""
'';
pkgs,
lib,
...
}: let
config = {
background_update = true;
base_10_sizes = true;
check_temp = true;
clock_format = "%X";
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme";
cpu_bottom = false;
cpu_core_map = "";
cpu_graph_lower = "total";
cpu_graph_upper = "total";
cpu_invert_lower = true;
cpu_sensor = "Auto";
cpu_single_graph = false;
custom_cpu_name = "";
custom_gpu_name0 = "";
custom_gpu_name1 = "";
custom_gpu_name2 = "";
custom_gpu_name3 = "";
custom_gpu_name4 = "";
custom_gpu_name5 = "";
disk_free_priv = false;
disks_filter = "exclude = /boot /boot/efi";
force_tty = false;
gpu_mirror_graph = true;
graph_symbol = "braille";
graph_symbol_cpu = "default";
graph_symbol_gpu = "default";
graph_symbol_mem = "default";
graph_symbol_net = "default";
graph_symbol_proc = "default";
io_graph_combined = false;
io_graph_speeds = "";
io_mode = false;
log_level = "WARNING";
mem_below_net = false;
mem_graphs = true;
net_auto = true;
net_download = 100;
net_iface = "";
net_sync = true;
net_upload = 100;
nvml_measure_pcie_speeds = true;
only_physical = true;
presets = "";
proc_aggregate = true;
proc_colors = true;
proc_cpu_graphs = true;
proc_filter_kernel = true;
proc_gradient = false;
proc_info_smaps = false;
proc_left = true;
proc_mem_bytes = true;
proc_per_core = true;
proc_reversed = false;
proc_sorting = "memory";
proc_tree = true;
rounded_corners = true;
selected_battery = "Auto";
show_battery = true;
show_coretemp = true;
show_cpu_freq = true;
show_disks = true;
show_gpu_info = "Auto";
show_io_stat = true;
show_swap = true;
show_uptime = true;
shown_boxes = "cpu mem net proc";
swap_disk = false;
temp_scale = "celsius";
theme_background = false;
truecolor = true;
update_ms = 2000;
use_fstab = true;
vim_keys = true;
zfs_arc_cached = true;
zfs_hide_datasets = false;
};
mkOption = k: v: lib.generators.mkKeyValueDefault { } " = " k v;
in {
file = pkgs.writeText "BtopConfig" (
builtins.foldl' (acc: line: acc + "${line}\n") "" (
lib.mapAttrsToList (k: v: let
value = if builtins.isString v then
"\"${v}\""
else if builtins.isBool v then
if v then "True" else "False"
else
v
;
in mkOption k value
) config
)
);
}

183
home/config/chromium/default.nix
View file

@ -1,93 +1,98 @@
{ pkgs, config, ... }:
{
preferences = (pkgs.formats.json { }).generate "ChromiumConfig" {
bookmark_bar.show_on_all_tabs = false;
browser.show_home_button = false;
default_apps_install_state = 2;
default_search_provider = {
guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
};
default_search_provider_data = {
template_url_data = {
id = 11;
is_active = 1;
keyword = "s";
short_name = "SearX";
synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
url = "https://search.voronind.com/search?q={searchTerms}";
};
};
download.prompt_for_download = false;
download_bubble.partial_view_enabled = false;
extensions = {
alerts.initialized = false;
commands = {
"linux:Alt+Shift+L" = {
command_name = "addSite";
extension = "eimadpbcbfnmbkopoojfekhnkhdbieeh";
global = false;
};
"linux:Alt+Shift+B" = {
command_name = "_execute_browser_action";
extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
global = false;
};
"linux:Alt+Shift+K" = {
command_name = "launch-element-zapper";
extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
global = false;
};
"linux:Alt+Shift+J" = {
command_name = "toggle-javascript";
extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
global = false;
};
"linux:Alt+Shift+P" = {
command_name = "_execute_action";
extension = "gcknhkkoolaabfmlnjonogaaifnjlfnp";
global = false;
};
};
};
intl.selected_languages = "en-US,en";
password_manager = {
autofillable_credentials_account_store_login_database = false;
autofillable_credentials_profile_store_login_database = false;
};
name = "Work";
session.restore_on_startup = 1;
side_panel.is_right_aligned = false;
webkit = {
webprefs = {
default_fixed_font_size = 14;
default_font_size = 17;
minimum_font_size = 16;
fonts =
let
mono = config.style.font.monospace.name;
sans = config.style.font.sansSerif.name;
in
{
fixed.Zyyy = mono;
sansserif.Zyyy = sans;
serif.Zyyy = sans;
standard.Zyyy = sans;
};
};
};
};
pkgs,
config,
...
}: {
preferences = (pkgs.formats.json { }).generate "ChromiumConfig" {
name = "Work";
bookmark_bar.show_on_all_tabs = false;
browser.show_home_button = false;
default_apps_install_state = 2;
download.prompt_for_download = false;
download_bubble.partial_view_enabled = false;
intl.selected_languages = "en-US,en";
session.restore_on_startup = 1;
side_panel.is_right_aligned = false;
default_search_provider = {
guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
};
default_search_provider_data = {
template_url_data = {
id = 11;
is_active = 1;
keyword = "s";
short_name = "SearX";
synced_guid = "5761b040-db50-4f8e-9d00-c9ad985779a4";
url = "https://search.voronind.com/search?q={searchTerms}";
};
};
extensions = {
alerts.initialized = false;
commands = {
"linux:Alt+Shift+L" = {
command_name = "addSite";
extension = "eimadpbcbfnmbkopoojfekhnkhdbieeh";
global = false;
};
"linux:Alt+Shift+B" = {
command_name = "_execute_browser_action";
extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
global = false;
};
"linux:Alt+Shift+K" = {
command_name = "launch-element-zapper";
extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
global = false;
};
"linux:Alt+Shift+J" = {
command_name = "toggle-javascript";
extension = "cgbcahbpdhpcegmbfconppldiemgcoii";
global = false;
};
"linux:Alt+Shift+P" = {
command_name = "_execute_action";
extension = "gcknhkkoolaabfmlnjonogaaifnjlfnp";
global = false;
};
};
};
password_manager = {
autofillable_credentials_account_store_login_database = false;
autofillable_credentials_profile_store_login_database = false;
};
webkit = {
webprefs = {
default_fixed_font_size = 14;
default_font_size = 17;
minimum_font_size = 16;
fonts = let
mono = config.module.style.font.monospace.name;
sans = config.module.style.font.sansSerif.name;
in {
fixed.Zyyy = mono;
sansserif.Zyyy = sans;
serif.Zyyy = sans;
standard.Zyyy = sans;
};
};
};
};
localState = (pkgs.formats.json { }).generate "ChromiumLocalState" {
browser = {
enabled_labs_experiments = [ "smooth-scrolling@2" ];
first_run_finished = true;
};
};
localState = (pkgs.formats.json { }).generate "ChromiumLocalState" {
browser = {
first_run_finished = true;
enabled_labs_experiments = [
"smooth-scrolling@2"
];
};
};
# REF: https://chromeenterprise.google/intl/en_us/policies/
policy = (pkgs.formats.json { }).generate "ChromiumPolicy" {
URLBlocklist = [ "darkreader.org" ];
DefaultBrowserSettingEnabled = false;
};
# REF: https://chromeenterprise.google/intl/en_us/policies/
policy = (pkgs.formats.json { }).generate "ChromiumPolicy" {
DefaultBrowserSettingEnabled = false;
URLBlocklist = [
"darkreader.org"
];
};
}

9
home/config/dconf/Accessibility.nix
View file

@ -1,6 +1,5 @@
{ ... }:
{
"org/gnome/desktop/a11y" = {
always-show-universal-access-status = true;
};
{ ... }: {
"org/gnome/desktop/a11y" = {
always-show-universal-access-status = true;
};
}

51
home/config/dconf/Gtk.nix
View file

@ -1,28 +1,27 @@
{ ... }:
{
"org/gtk/gtk4/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sidebar-width = "166";
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
view-type = "list";
};
{ ... }: {
"org/gtk/gtk4/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sidebar-width = "166";
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
view-type = "list";
};
"org/gtk/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
};
"org/gtk/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
};
}

64
home/config/dconf/Input.nix
View file

@ -1,40 +1,32 @@
{ lib, config, ... }:
{
"org/gnome/desktop/input-sources" = with lib.gvariant; {
current = mkUint32 0;
mru-sources = [
(mkTuple [
"xkb"
"us"
])
(mkTuple [
"xkb"
"ru"
])
];
per-window = false;
show-all-sources = true;
sources = [
(mkTuple [
"xkb"
"us"
])
(mkTuple [
"xkb"
"ru"
])
];
xkb-options = [ config.setting.keyboard.options ];
};
lib,
config,
...
}: {
"org/gnome/desktop/input-sources" = with lib.gvariant; let
sources = [
(mkTuple [ "xkb" "us" ])
(mkTuple [ "xkb" "ru" ])
];
in {
inherit sources;
current = mkUint32 0;
mru-sources = sources;
per-window = false;
show-all-sources = true;
xkb-options = [
config.module.keyboard.options
];
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat";
natural-scroll = true;
speed = "0.0";
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat";
natural-scroll = true;
speed = "0.0";
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
}

18
home/config/dconf/Interface.nix
View file

@ -1,12 +1,12 @@
{ ... }:
{
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-animations = false;
enable-hot-corners = false;
gtk-enable-primary-paste = false;
show-battery-percentage = false;
};
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-animations = false;
enable-hot-corners = false;
gtk-enable-primary-paste = false;
show-battery-percentage = false;
};
}

244
home/config/dconf/Key.nix
View file

@ -1,134 +1,132 @@
{ config, ... }:
let
mod = "<Super>";
in
{
"org/gnome/desktop/wm/keybindings" = {
activate-window-menu = [ "" ];
begin-move = [ "" ];
begin-resize = [ "${mod}r" ];
close = [ "${mod}x" ];
cycle-group = [ "" ];
cycle-group-backward = [ "" ];
cycle-panels = [ "" ];
cycle-panels-backward = [ "" ];
cycle-windows = [ "" ];
cycle-windows-backward = [ "" ];
maximize = [ "" ];
maximize-horizontally = [ "" ];
minimize = [ "${mod}s" ];
move-to-monitor-down = [ "" ];
move-to-monitor-left = [ "" ];
move-to-monitor-right = [ "" ];
move-to-monitor-up = [ "" ];
move-to-workspace-1 = [ "" ];
move-to-workspace-2 = [ "" ];
move-to-workspace-3 = [ "" ];
move-to-workspace-4 = [ "" ];
move-to-workspace-last = [ "" ];
move-to-workspace-left = [ "<Shift>${mod}q" ];
move-to-workspace-right = [ "<Shift>${mod}e" ];
panel-run-dialog = [ "${mod}space" ];
show-desktop = [ "${mod}c" ];
switch-applications = [ "${mod}Tab" ];
switch-applications-backward = [ "<Shift>${mod}Tab" ];
switch-group = [ "<Alt>Tab" ];
switch-group-backward = [ "<Shift><Alt>Tab" ];
switch-input-source = [ "" ];
switch-input-source-backward = [ "" ];
switch-panels = [ "" ];
switch-panels-backward = [ "" ];
switch-to-workspace-1 = [ "" ];
switch-to-workspace-2 = [ "" ];
switch-to-workspace-3 = [ "" ];
switch-to-workspace-4 = [ "" ];
switch-to-workspace-last = [ "" ];
switch-to-workspace-left = [ "${mod}q" ];
switch-to-workspace-right = [ "${mod}e" ];
switch-windows = [ "" ];
switch-windows-backward = [ "" ];
toggle-fullscreen = [ "${mod}f" ];
toggle-maximized = [ "${mod}w" ];
unmaximize = [ "" ];
};
{ ... }: let
mod = "<Super>";
in {
"org/gnome/desktop/wm/keybindings" = {
activate-window-menu = [ "" ];
begin-move = [ "" ];
begin-resize = [ "${mod}r" ];
close = [ "${mod}x" ];
cycle-group = [ "" ];
cycle-group-backward = [ "" ];
cycle-panels = [ "" ];
cycle-panels-backward = [ "" ];
cycle-windows = [ "" ];
cycle-windows-backward = [ "" ];
maximize = [ "" ];
maximize-horizontally = [ "" ];
minimize = [ "${mod}s" ];
move-to-monitor-down = [ "" ];
move-to-monitor-left = [ "" ];
move-to-monitor-right = [ "" ];
move-to-monitor-up = [ "" ];
move-to-workspace-1 = [ "" ];
move-to-workspace-2 = [ "" ];
move-to-workspace-3 = [ "" ];
move-to-workspace-4 = [ "" ];
move-to-workspace-last = [ "" ];
move-to-workspace-left = [ "<Shift>${mod}q" ];
move-to-workspace-right = [ "<Shift>${mod}e" ];
panel-run-dialog = [ "${mod}space" ];
show-desktop = [ "${mod}c" ];
switch-applications = [ "${mod}Tab" ];
switch-applications-backward = [ "<Shift>${mod}Tab" ];
switch-group = [ "<Alt>Tab" ];
switch-group-backward = [ "<Shift><Alt>Tab" ];
switch-input-source = [ "" ];
switch-input-source-backward = [ "" ];
switch-panels = [ "" ];
switch-panels-backward = [ "" ];
switch-to-workspace-1 = [ "" ];
switch-to-workspace-2 = [ "" ];
switch-to-workspace-3 = [ "" ];
switch-to-workspace-4 = [ "" ];
switch-to-workspace-last = [ "" ];
switch-to-workspace-left = [ "${mod}q" ];
switch-to-workspace-right = [ "${mod}e" ];
switch-windows = [ "" ];
switch-windows-backward = [ "" ];
toggle-fullscreen = [ "${mod}f" ];
toggle-maximized = [ "${mod}w" ];
unmaximize = [ "" ];
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "${mod}a" ];
toggle-tiled-right = [ "${mod}d" ];
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "${mod}a" ];
toggle-tiled-right = [ "${mod}d" ];
};
"org/gnome/mutter/wayland/keybindings" = {
restore-shortcuts = [ "" ];
};
"org/gnome/mutter/wayland/keybindings" = {
restore-shortcuts = [ "" ];
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
];
magnifier = [ "" ];
magnifier-zoom-in = [ "" ];
magnifier-zoom-out = [ "" ];
screenreader = [ "" ];
screensaver = [ "${mod}z" ];
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
];
magnifier = [ "" ];
magnifier-zoom-in = [ "" ];
magnifier-zoom-out = [ "" ];
screenreader = [ "" ];
screensaver = [ "${mod}z" ];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "${mod}Escape";
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
name = "gnome-terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "${mod}Escape";
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
name = "gnome-terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "printz";
command = "systemctl suspend -i";
name = "System Sleep";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "printz";
command = "systemctl suspend -i";
name = "System Sleep";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
binding = "printx";
command = "systemctl poweroff -i";
name = "System Poweroff";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
binding = "printx";
command = "systemctl poweroff -i";
name = "System Poweroff";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
binding = "printc";
command = "systemctl reboot -i";
name = "System Reboot";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
binding = "printc";
command = "systemctl reboot -i";
name = "System Reboot";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
binding = "printp";
command = "powersave toggle";
name = "Toggle Powersave";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
binding = "printp";
command = "powersave toggle";
name = "Toggle Powersave";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
binding = "printl";
command = "powerlimit toggle";
name = "Toggle Powerlimit";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
binding = "printl";
command = "powerlimit toggle";
name = "Toggle Powerlimit";
};
"org/gnome/shell/keybindings" = {
focus-active-notification = [ "" ];
open-application-menu = [ "" ];
show-screenshot-ui = [ "${mod}v" ];
switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ];
toggle-application-view = [ "" ];
toggle-message-tray = [ "" ];
toggle-overview = [ "" ];
toggle-quick-settings = [ "" ];
};
"org/gnome/shell/keybindings" = {
focus-active-notification = [ "" ];
open-application-menu = [ "" ];
show-screenshot-ui = [ "${mod}v" ];
switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ];
toggle-application-view = [ "" ];
toggle-message-tray = [ "" ];
toggle-overview = [ "" ];
toggle-quick-settings = [ "" ];
};
}

13
home/config/dconf/Media.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
"org/gnome/desktop/media-handling" = {
automount = false;
automount-open = false;
autorun-never = true;
};
{ ... }: {
"org/gnome/desktop/media-handling" = {
automount = false;
automount-open = false;
autorun-never = true;
};
}

37
home/config/dconf/Nautilus.nix
View file

@ -1,22 +1,21 @@
{ ... }:
{
"org/gnome/nautilus/icon-view" = {
default-zoom-level = "larger";
};
{ ... }: {
"org/gnome/nautilus/icon-view" = {
default-zoom-level = "larger";
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
use-tree-view = false;
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
use-tree-view = false;
};
"org/gnome/nautilus/preferences" = {
click-policy = "single";
default-folder-viewer = "list-view";
default-sort-in-reverse-order = false;
default-sort-order = "name";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
search-view = "list-view";
show-image-thumbnails = "local-only";
};
"org/gnome/nautilus/preferences" = {
click-policy = "single";
default-folder-viewer = "list-view";
default-sort-in-reverse-order = false;
default-sort-order = "name";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
search-view = "list-view";
show-image-thumbnails = "local-only";
};
}

19
home/config/dconf/Power.nix
View file

@ -1,11 +1,10 @@
{ ... }:
{
"org/gnome/settings-daemon/plugins/power" = {
ambient-enabled = false;
idle-dim = false;
power-button-action = "nothing";
sleep-inactive-ac-timeout = "0";
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-type = "nothing";
};
{ ... }: {
"org/gnome/settings-daemon/plugins/power" = {
ambient-enabled = false;
idle-dim = false;
power-button-action = "nothing";
sleep-inactive-ac-timeout = "0";
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-type = "nothing";
};
}

28
home/config/dconf/Privacy.nix
View file

@ -1,16 +1,18 @@
{ lib, ... }:
{
"org/gnome/desktop/privacy" = with lib.gvariant; {
disable-camera = false;
disable-microphone = false;
old-files-age = mkUint32 30;
recent-files-max-age = mkUint32 30;
remove-old-temp-files = true;
remove-old-trash-files = true;
report-technical-problems = true;
};
lib,
...
}: {
"org/gnome/desktop/privacy" = with lib.gvariant; {
disable-camera = false;
disable-microphone = false;
old-files-age = mkUint32 30;
recent-files-max-age = mkUint32 30;
remove-old-temp-files = true;
remove-old-trash-files = true;
report-technical-problems = true;
};
"org/gnome/system/location" = {
enabled = false;
};
"org/gnome/system/location" = {
enabled = false;
};
}

10
home/config/dconf/Session.nix
View file

@ -1,6 +1,8 @@
{ lib, ... }:
{
"org/gnome/desktop/session" = with lib.gvariant; {
idle-delay = mkUint32 0;
};
lib,
...
}: {
"org/gnome/desktop/session" = with lib.gvariant; {
idle-delay = mkUint32 0;
};
}

25
home/config/dconf/Shell.nix
View file

@ -1,15 +1,14 @@
{ ... }:
{
"org/gnome/shell" = {
disable-extension-version-validation = true;
disable-user-extensions = false;
favorite-apps = [ "" ];
had-bluetooth-devices-setup = true;
last-selected-power-profile = "power-saver";
remember-mount-password = false;
};
{ ... }: {
"org/gnome/shell" = {
disable-extension-version-validation = true;
disable-user-extensions = false;
favorite-apps = [ "" ];
had-bluetooth-devices-setup = true;
last-selected-power-profile = "power-saver";
remember-mount-password = false;
};
"system/proxy" = {
mode = "none";
};
"system/proxy" = {
mode = "none";
};
}

15
home/config/dconf/Software.nix
View file

@ -1,9 +1,8 @@
{ ... }:
{
"org/gnome/software" = {
download-updates = false;
download-updates-notify = false;
first-run = false;
show-nonfree-prompt = false;
};
{ ... }: {
"org/gnome/software" = {
download-updates = false;
download-updates-notify = false;
first-run = false;
show-nonfree-prompt = false;
};
}

13
home/config/dconf/Sound.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = false;
event-sounds = false;
theme-name = "freedesktop";
};
{ ... }: {
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = false;
event-sounds = false;
theme-name = "freedesktop";
};
}

56
home/config/dconf/Wm.nix
View file

@ -1,33 +1,35 @@
{ lib, ... }:
{
"org/gnome/desktop/wm/preferences" = {
action-middle-click-titlebar = "minimize";
action-right-click-titlebar = "menu";
focus-mode = "click"; # `click` or `sloppy`.
button-layout = "appmenu:close";
};
lib,
...
}: {
"org/gnome/desktop/wm/preferences" = {
action-middle-click-titlebar = "minimize";
action-right-click-titlebar = "menu";
button-layout = "appmenu:close";
focus-mode = "click"; # `click` or `sloppy`.
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
center-new-windows = true;
dynamic-workspaces = true;
edge-tiling = true;
workspaces-only-on-primary = true;
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
center-new-windows = true;
dynamic-workspaces = true;
edge-tiling = true;
workspaces-only-on-primary = true;
};
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
night-light-enabled = false;
night-light-schedule-automatic = false;
night-light-schedule-from = "0.0";
night-light-schedule-to = "0.0";
night-light-temperature = mkUint32 3700;
};
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
night-light-enabled = false;
night-light-schedule-automatic = false;
night-light-schedule-from = "0.0";
night-light-schedule-to = "0.0";
night-light-temperature = mkUint32 3700;
};
"org/gnome/shell/app-switcher" = {
current-workspace-only = true;
};
"org/gnome/shell/app-switcher" = {
current-workspace-only = true;
};
"org/gnome/shell/overrides" = {
edge-tiling = false;
};
"org/gnome/shell/overrides" = {
edge-tiling = false;
};
}

112
home/config/default.nix
View file

@ -1,60 +1,56 @@
{
self,
inputs,
config,
...
}@args:
let
btop = import ./btop args;
chromium = import ./chromium args;
editor = import ./editorconfig args;
foot = import ./foot args;
fuzzel = import ./fuzzel args;
git = import ./git args;
gtk3 = import ./gtk/3 args;
jetbrains = import ./jetbrains args;
keyd = import ./keyd args;
mako = import ./mako args;
mangohud = import ./mangohud args;
nvim = import ./nvim args;
ssh = import ./ssh args;
swappy = import ./swappy args;
sway = import ./sway args;
tmux = import ./tmux args;
waybar = import ./waybar args;
yazi = import ./yazi args;
in
{
".Wallpaper".source = config.module.wallpaper.path;
".config/MangoHud/MangoHud.conf".source = mangohud.config;
".config/MangoHud/presets.conf".source = mangohud.presets;
".config/btop/btop.conf".text = btop.text;
".config/chromium/Default/Preferences".source = chromium.preferences;
".config/chromium/Local State".source = chromium.localState;
".config/foot/foot.ini".source = foot.file;
".config/fuzzel/fuzzel.ini".source = fuzzel.file;
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks;
".config/keyd/app.conf".text = keyd.text;
".config/mako/config".source = mako.file;
".config/nvim/init.vim".text = nvim.text;
".config/swappy/config".source = swappy.config;
".config/sway/config".text = sway.text;
".config/tmux/tmux.conf".text = tmux.text;
".config/waybar/config".source = waybar.config;
".config/waybar/style.css".source = waybar.style;
".config/yazi/init.lua".source = yazi.init;
".config/yazi/keymap.toml".source = yazi.keymap;
".config/yazi/theme.toml".source = yazi.theme;
".config/yazi/yazi.toml".source = yazi.yazi;
".editorconfig".source = editor.file;
".gitconfig".source = git.file;
".ideavimrc".text = jetbrains.ideavimrc;
".nix".source = self;
".nixpkgs".source = inputs.nixpkgs;
".parallel/will-cite".text = "";
".ssh/config".text = ssh.text;
".template".source = ./template;
# ".nixpkgs_master".source = inputs.nixpkgs;
# ".nixpkgs_unstable".source = inputs.nixpkgs;
# TODO: Add after migrating to stable.
config,
inputs,
self,
...
} @args: let
btop = import ./btop args;
chromium = import ./chromium args;
editor = import ./editorconfig args;
foot = import ./foot args;
fuzzel = import ./fuzzel args;
git = import ./git args;
jetbrains = import ./jetbrains args;
keyd = import ./keyd args;
mako = import ./mako args;
mangohud = import ./mangohud args;
nvim = import ./nvim args;
ssh = import ./ssh args;
swappy = import ./swappy args;
sway = import ./sway args;
tmux = import ./tmux args;
waybar = import ./waybar args;
yazi = import ./yazi args;
in {
".Wallpaper".source = config.module.wallpaper.path;
".config/MangoHud/MangoHud.conf".source = mangohud.config;
".config/MangoHud/presets.conf".source = mangohud.presets;
".config/btop/btop.conf".source = btop.file;
".config/chromium/Default/Preferences".source = chromium.preferences;
".config/chromium/Local State".source = chromium.localState;
".config/foot/foot.ini".source = foot.file;
".config/fuzzel/fuzzel.ini".source = fuzzel.file;
".config/keyd/app.conf".text = keyd.text;
".config/mako/config".source = mako.file;
".config/nvim/init.vim".text = nvim.text;
".config/swappy/config".source = swappy.config;
".config/sway/config".text = sway.text;
".config/tmux/tmux.conf".text = tmux.text;
".config/waybar/config".source = waybar.config;
".config/waybar/style.css".source = waybar.style;
".config/yazi/init.lua".source = yazi.init;
".config/yazi/keymap.toml".source = yazi.keymap;
".config/yazi/theme.toml".source = yazi.theme;
".config/yazi/yazi.toml".source = yazi.yazi;
".editorconfig".source = editor.file;
".gitconfig".source = git.file;
".ideavimrc".text = jetbrains.ideavimrc;
".nix".source = self;
".nixpkgs".source = inputs.nixpkgs;
".parallel/will-cite".text = "";
".ssh/config".text = ssh.text;
".template".source = ./template;
# ".nixpkgs_master".source = inputs.nixpkgs;
# ".nixpkgs_unstable".source = inputs.nixpkgs;
# TODO: Add after migrating to stable.
}

56
home/config/editorconfig/default.nix
View file

@ -1,34 +1,26 @@
{ pkgs, ... }:
{
file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" {
globalSection.root = true;
sections = {
"*" = {
end_of_line = "lf";
charset = "utf-8";
indent_style = "tab";
indent_size = 2;
insert_final_newline = false;
trim_trailing_whitespace = true;
};
"Makefile" = {
indent_size = 4;
};
"*.nix" = {
indent_style = "space";
indent_size = 2;
};
"*.{lua,kt,kts,rs,py}" = {
indent_size = 4;
};
"*.{sh,md}" = {
indent_size = 8;
};
};
};
pkgs,
...
}: {
file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" {
globalSection = {
root = true;
};
sections = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
indent_size = 8;
indent_style = "tab";
insert_final_newline = false;
trim_trailing_whitespace = true;
};
"*.nix" = {
indent_size = 2;
};
"*.{lua,kt,kts,rs,py}" = {
indent_size = 4;
};
};
};
}

57
home/config/foot/default.nix
View file

@ -1,30 +1,31 @@
{ config, pkgs, ... }:
let
dpiAware = if config.setting.dpiAware then "yes" else "no";
borderSize = toString config.style.window.border;
fontStep = 1;
in
{
file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" {
globalSection = {
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
dpi-aware = dpiAware;
font-size-adjustment = fontStep;
pad = "${borderSize}x${borderSize} center";
};
sections = {
colors = {
alpha = config.style.opacity.terminal;
background = config.style.color.bg.dark;
foreground = config.style.color.fg.light;
};
key-bindings = {
show-urls-launch = "Mod1+o";
};
};
};
config,
pkgs,
...
}: let
borderSize = toString config.module.style.window.border;
dpiAware = if config.module.dpi.aware then "yes" else "no";
fontStep = 1;
in {
file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" {
globalSection = {
dpi-aware = dpiAware;
font = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
font-bold = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
font-bold-italic = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
font-italic = "${config.module.style.font.monospace.name}:size=${toString config.module.style.font.size.terminal}";
font-size-adjustment = fontStep;
pad = "${borderSize}x${borderSize} center";
};
sections = {
colors = {
alpha = config.module.style.opacity.terminal;
background = config.module.style.color.bg.dark;
foreground = config.module.style.color.fg.light;
};
key-bindings = {
show-urls-launch = "Mod1+o";
};
};
};
}

74
home/config/fuzzel/default.nix
View file

@ -1,40 +1,38 @@
{ pkgs, config, ... }:
let
dpiAware = if config.setting.dpiAware then "yes" else "no";
in
{
file = (pkgs.formats.ini { }).generate "FuzzelConfig" {
main = {
dpi-aware = dpiAware;
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}";
font = "Minecraftia:size=${toString config.style.font.size.popup}";
lines = 20;
prompt = "\"\"";
show-actions = "yes";
terminal = "foot";
width = 40;
# list-executables-in-path = "no";
};
border = {
radius = 0;
width = 1;
};
colors =
let
defaultOpacity = "ff";
in
{
background = config.style.color.bg.dark + config.style.opacity.hex;
border = config.style.color.border + config.style.opacity.hex;
counter = config.style.color.bg.regular + defaultOpacity;
input = config.style.color.fg.light + defaultOpacity;
match = config.style.color.fg.light + defaultOpacity;
placeholder = config.style.color.bg.regular + defaultOpacity;
prompt = config.style.color.fg.light + defaultOpacity;
selection = config.style.color.bg.regular + defaultOpacity;
selection-match = config.style.color.accent + defaultOpacity;
selection-text = config.style.color.fg.light + defaultOpacity;
text = config.style.color.fg.light + defaultOpacity;
};
};
pkgs,
config,
...
}: let
dpiAware = if config.module.dpi.aware then "yes" else "no";
in {
file = (pkgs.formats.ini { }).generate "FuzzelConfig" {
main = {
dpi-aware = dpiAware;
font = "Minecraftia:size=${toString config.module.style.font.size.popup}";
lines = 20;
prompt = "\"\"";
show-actions = "yes";
terminal = "foot";
width = 40;
};
border = {
radius = 0;
width = 1;
};
colors = let
defaultOpacity = "ff";
in {
background = config.module.style.color.bg.dark + config.module.style.opacity.hex;
border = config.module.style.color.border + config.module.style.opacity.hex;
counter = config.module.style.color.bg.regular + defaultOpacity;
input = config.module.style.color.fg.light + defaultOpacity;
match = config.module.style.color.fg.light + defaultOpacity;
placeholder = config.module.style.color.bg.regular + defaultOpacity;
prompt = config.module.style.color.fg.light + defaultOpacity;
selection = config.module.style.color.bg.regular + defaultOpacity;
selection-match = config.module.style.color.accent + defaultOpacity;
selection-text = config.module.style.color.fg.light + defaultOpacity;
text = config.module.style.color.fg.light + defaultOpacity;
};
};
}

26
home/config/git/default.nix
View file

@ -1,14 +1,16 @@
{ secret, pkgs, ... }:
{
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
# credential.helper = "store";
gpg.format = secret.crypto.sign.git.format;
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
rebase.autoStash = true;
safe.directory = "*";
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
};
secret,
pkgs,
...
}: {
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
gpg.format = secret.crypto.sign.git.format;
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
rebase.autoStash = true;
safe.directory = "*";
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
};
}

10
home/config/gtk/3/default.nix
View file

@ -1,10 +0,0 @@
{ ... }:
{
bookmarks = ''
file:///storage
file:///home/voronind/tmp
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
sftp://10.0.0.1:22143/ home sftp
ftp://10.0.0.1/ home ftp
'';
}

Some files were not shown because too many files have changed in this diff Show more