voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Switch to using nixfmt & indent with spaces cause no tab support...

Browse source
This commit is contained in:
Dmitry Voronin 2024-10-11 23:27:07 +03:00
parent ac00537d6e
commit bdcb0caf7b
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
341 changed files with 14170 additions and 12789 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.editorconfig
View file

@ -2,22 +2,12 @@
end_of_line = lf
charset = utf-8
indent_style = tab
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true
[*.{nix,js}]
indent_size = 2
[*.lua]
indent_size = 4
[*.sh]
indent_size = 8
[Makefile]
indent_size = 2
[*.nix]
indent_style = space
indent_size = 2
[*.md]
indent_size = 8
trim_trailing_whitespace = false

15
.treefmt.toml Normal file
View file

@ -0,0 +1,15 @@
# One CLI to format the code tree - https://git.numtide.com/numtide/treefmt
# [formatter.mylanguage]
# Formatter to run
# command = "command-to-run"
# Command-line arguments for the command
# options = []
# Glob pattern of files to include
# includes = [ "*.<language-extension>" ]
# Glob patterns of files to exclude
# excludes = []
[formatter.nixfmt-rfc-style]
command = "nixfmt"
includes = [ "*.nix" ]

3
Makefile
View file

@ -26,6 +26,9 @@ check:
fix-ulimit:
ulimit -n 999999999
format:
treefmt --no-cache --on-unmatched=info
gc:
nix-collect-garbage -d
# nix-store --gc

123
config/Setting.nix
View file

@ -1,67 +1,68 @@
# Global settings.
# Just like I can configure each package, here I configure my config! :O)
{ lib, ... }: {
options.setting = with lib; {
# Ollama settings.
# I use the best light model by default.
ollama = mkOption {
default = { };
type = types.submodule {
# freeformType = lib.jsonFormat.type;
options = {
primaryModel = mkOption {
default = "llama3";
type = types.str;
};
};
};
};
{ lib, ... }:
{
options.setting = with lib; {
# Ollama settings.
# I use the best light model by default.
ollama = mkOption {
default = { };
type = types.submodule {
# freeformType = lib.jsonFormat.type;
options = {
primaryModel = mkOption {
default = "llama3";
type = types.str;
};
};
};
};
# Whether to use Dpi-aware setting in supported apps.
dpiAware = mkOption {
default = false;
type = types.bool;
};
# Whether to use Dpi-aware setting in supported apps.
dpiAware = mkOption {
default = false;
type = types.bool;
};
# Keyboard options.
keyboard = mkOption {
default = { };
type = types.submodule {
options = {
layouts = mkOption {
default = "us,ru";
type = types.str;
};
options = mkOption {
default = "grp:toggle";
type = types.str;
};
};
};
};
# Keyboard options.
keyboard = mkOption {
default = { };
type = types.submodule {
options = {
layouts = mkOption {
default = "us,ru";
type = types.str;
};
options = mkOption {
default = "grp:toggle";
type = types.str;
};
};
};
};
# CPU configurations.
cpu = mkOption {
default = {};
type = types.submodule {
options = {
hwmon = mkOption {
default = {};
type = types.submodule {
options = {
path = mkOption {
default = "";
type = types.str;
};
file = mkOption {
default = "";
type = types.str;
};
};
};
};
};
};
};
};
# CPU configurations.
cpu = mkOption {
default = { };
type = types.submodule {
options = {
hwmon = mkOption {
default = { };
type = types.submodule {
options = {
path = mkOption {
default = "";
type = types.str;
};
file = mkOption {
default = "";
type = types.str;
};
};
};
};
};
};
};
};
}

199
config/Style.nix
View file

@ -1,108 +1,117 @@
{ lib, config, pkgs, __findFile, ... }: with lib; let
cfg = config.style;
{
lib,
config,
pkgs,
__findFile,
...
}:
with lib;
let
cfg = config.style;
mkTypeOption = default: type: mkOption { inherit default type; };
mkStrOption = default: mkTypeOption default types.str;
mkIntOption = default: mkTypeOption default types.int;
mkFloatOption = default: mkTypeOption default types.float;
mkPkgOption = default: mkTypeOption default types.package;
in {
options.style = {
color = {
bg = {
dark = mkStrOption config.lib.stylix.colors.base00;
light = mkStrOption config.lib.stylix.colors.base07;
regular = mkStrOption config.lib.stylix.colors.base01;
};
fg = {
dark = mkStrOption config.lib.stylix.colors.base04;
light = mkStrOption config.lib.stylix.colors.base06;
regular = mkStrOption config.lib.stylix.colors.base05;
};
accent = mkStrOption config.lib.stylix.colors.base0A;
heading = mkStrOption config.lib.stylix.colors.base0D;
hl = mkStrOption config.lib.stylix.colors.base03;
keyword = mkStrOption config.lib.stylix.colors.base0E;
link = mkStrOption config.lib.stylix.colors.base09;
misc = mkStrOption config.lib.stylix.colors.base0F;
negative = mkStrOption config.lib.stylix.colors.base08;
neutral = mkStrOption config.lib.stylix.colors.base0C;
positive = mkStrOption config.lib.stylix.colors.base0B;
selection = mkStrOption config.lib.stylix.colors.base02;
transparent = mkStrOption "ffffff00";
mkTypeOption = default: type: mkOption { inherit default type; };
mkStrOption = default: mkTypeOption default types.str;
mkIntOption = default: mkTypeOption default types.int;
mkFloatOption = default: mkTypeOption default types.float;
mkPkgOption = default: mkTypeOption default types.package;
in
{
options.style = {
color = {
bg = {
dark = mkStrOption config.lib.stylix.colors.base00;
light = mkStrOption config.lib.stylix.colors.base07;
regular = mkStrOption config.lib.stylix.colors.base01;
};
fg = {
dark = mkStrOption config.lib.stylix.colors.base04;
light = mkStrOption config.lib.stylix.colors.base06;
regular = mkStrOption config.lib.stylix.colors.base05;
};
accent = mkStrOption config.lib.stylix.colors.base0A;
heading = mkStrOption config.lib.stylix.colors.base0D;
hl = mkStrOption config.lib.stylix.colors.base03;
keyword = mkStrOption config.lib.stylix.colors.base0E;
link = mkStrOption config.lib.stylix.colors.base09;
misc = mkStrOption config.lib.stylix.colors.base0F;
negative = mkStrOption config.lib.stylix.colors.base08;
neutral = mkStrOption config.lib.stylix.colors.base0C;
positive = mkStrOption config.lib.stylix.colors.base0B;
selection = mkStrOption config.lib.stylix.colors.base02;
transparent = mkStrOption "ffffff00";
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
border = mkStrOption config.lib.stylix.colors.base01;
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
};
border = mkStrOption config.lib.stylix.colors.base01;
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
};
font = {
size = {
application = mkIntOption 12;
terminal = mkIntOption 14;
popup = mkIntOption 12;
desktop = mkIntOption 14;
};
serif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> {});
name = mkStrOption "SF Pro Display";
};
sansSerif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> {});
name = mkStrOption "SF Pro Display";
};
monospace = {
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
name = mkStrOption "Terminess Nerd Font Mono";
};
emoji = {
package = mkPkgOption pkgs.noto-fonts-emoji;
name = mkStrOption "Noto Color Emoji";
};
};
font = {
size = {
application = mkIntOption 12;
terminal = mkIntOption 14;
popup = mkIntOption 12;
desktop = mkIntOption 14;
};
serif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
name = mkStrOption "SF Pro Display";
};
sansSerif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
name = mkStrOption "SF Pro Display";
};
monospace = {
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
name = mkStrOption "Terminess Nerd Font Mono";
};
emoji = {
package = mkPkgOption pkgs.noto-fonts-emoji;
name = mkStrOption "Noto Color Emoji";
};
};
opacity = {
application = mkFloatOption 0.85;
desktop = mkFloatOption 0.85;
popup = mkFloatOption 0.85;
terminal = mkFloatOption 0.85;
hex = mkStrOption "D9";
};
opacity = {
application = mkFloatOption 0.85;
desktop = mkFloatOption 0.85;
popup = mkFloatOption 0.85;
terminal = mkFloatOption 0.85;
hex = mkStrOption "D9";
};
cursor = {
name = mkStrOption "Adwaita";
package = mkPkgOption pkgs.adwaita-icon-theme;
size = mkIntOption 14;
};
cursor = {
name = mkStrOption "Adwaita";
package = mkPkgOption pkgs.adwaita-icon-theme;
size = mkIntOption 14;
};
window = {
gap = mkIntOption 8;
border = mkIntOption 4;
};
};
window = {
gap = mkIntOption 8;
border = mkIntOption 4;
};
};
}

67
config/Stylix.nix
View file

@ -1,27 +1,42 @@
{ pkgs, config, __findFile, ... }: {
stylix = {
enable = true;
image = config.module.wallpaper.path;
autoEnable = true;
polarity = "dark";
fonts = {
inherit (config.style.font) serif sansSerif monospace emoji;
sizes = {
inherit (config.style.font.size) terminal desktop;
applications = config.style.font.size.application;
popups = config.style.font.size.popup;
};
};
opacity = {
inherit (config.style.opacity) desktop terminal;
applications = config.style.opacity.application;
popups = config.style.opacity.popups;
};
inherit (config.style) cursor;
override = if config.module.wallpaper.forceContrastText then {
base04 = "000000";
base05 = "ffffff";
base06 = "ffffff";
} else {};
};
{
pkgs,
config,
__findFile,
...
}:
{
stylix = {
enable = true;
image = config.module.wallpaper.path;
autoEnable = true;
polarity = "dark";
fonts = {
inherit (config.style.font)
serif
sansSerif
monospace
emoji
;
sizes = {
inherit (config.style.font.size) terminal desktop;
applications = config.style.font.size.application;
popups = config.style.font.size.popup;
};
};
opacity = {
inherit (config.style.opacity) desktop terminal;
applications = config.style.opacity.application;
popups = config.style.opacity.popups;
};
inherit (config.style) cursor;
override =
if config.module.wallpaper.forceContrastText then
{
base04 = "000000";
base05 = "ffffff";
base06 = "ffffff";
}
else
{ };
};
}

37
config/Wallpaper.nix
View file

@ -1,18 +1,21 @@
{ pkgs, lib, ... }: with lib; let
url = "https://i.imgur.com/gYy0mzG.jpeg";
sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k";
forceContrastText = true;
in {
options = {
module.wallpaper = {
forceContrastText = mkOption {
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
type = types.bool;
};
path = mkOption {
default = pkgs.fetchurl { inherit url sha256; };
type = types.path;
};
};
};
{ pkgs, lib, ... }:
with lib;
let
url = "https://i.imgur.com/gYy0mzG.jpeg";
sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k";
forceContrastText = true;
in
{
options = {
module.wallpaper = {
forceContrastText = mkOption {
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
type = types.bool;
};
path = mkOption {
default = pkgs.fetchurl { inherit url sha256; };
type = types.path;
};
};
};
}

100
container/Change.nix
View file

@ -1,49 +1,59 @@
{ container, lib, config, ... } @args: with lib; let
cfg = config.container.module.change;
in {
options = {
container.module.change = {
enable = mkEnableOption "Change detection service";
address = mkOption {
default = "10.1.0.41";
type = types.str;
};
port = mkOption {
default = 5000;
type = types.int;
};
domain = mkOption {
default = "change.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/change";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.change;
in
{
options = {
container.module.change = {
enable = mkEnableOption "Change detection service";
address = mkOption {
default = "10.1.0.41";
type = types.str;
};
port = mkOption {
default = 5000;
type = types.int;
};
domain = mkOption {
default = "change.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/change";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.change = container.mkContainer cfg {
bindMounts = {
"/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.change = container.mkContainer cfg {
bindMounts = {
"/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
services.changedetection-io = {
enable = true;
baseURL = cfg.domain;
behindProxy = true;
listenAddress = cfg.address;
};
};
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.changedetection-io = {
enable = true;
baseURL = cfg.domain;
behindProxy = true;
listenAddress = cfg.address;
};
};
};
};
}

148
container/Cloud.nix
View file

@ -1,73 +1,87 @@
{ container, pkgs, lib, config, ... } @args: with lib; let
cfg = config.container.module.cloud;
{
container,
pkgs,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.cloud;
postgres = config.container.module.postgres;
proxy = config.container.module.proxy;
in {
options = {
container.module.cloud = {
enable = mkEnableOption "File cloud service";
address = mkOption {
default = "10.1.0.13";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "cloud.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/cloud";
type = types.str;
};
};
};
postgres = config.container.module.postgres;
proxy = config.container.module.proxy;
in
{
options = {
container.module.cloud = {
enable = mkEnableOption "File cloud service";
address = mkOption {
default = "10.1.0.13";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "cloud.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/cloud";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.cloud = container.mkContainer cfg {
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.cloud = container.mkContainer cfg {
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { config, ... }: container.mkContainerConfig cfg {
services.nextcloud = {
enable = true;
# package = pkgs.nextcloud29;
hostName = cfg.domain;
# phpOptions = {
# memory_limit = lib.mkForce "20G";
# };
config = {
adminuser = "root";
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
config =
{ config, ... }:
container.mkContainerConfig cfg {
services.nextcloud = {
enable = true;
# package = pkgs.nextcloud29;
hostName = cfg.domain;
# phpOptions = {
# memory_limit = lib.mkForce "20G";
# };
config = {
adminuser = "root";
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
dbhost = postgres.address;
dbname = "nextcloud";
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
dbtype = "pgsql";
dbuser = "nextcloud";
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice;
};
extraAppsEnable = true;
settings = {
trusted_domains = [ cfg.address cfg.domain ];
trusted_proxies = [ proxy.address ];
allow_local_remote_servers = true;
};
};
};
};
};
dbhost = postgres.address;
dbname = "nextcloud";
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
dbtype = "pgsql";
dbuser = "nextcloud";
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice;
};
extraAppsEnable = true;
settings = {
trusted_domains = [
cfg.address
cfg.domain
];
trusted_proxies = [ proxy.address ];
allow_local_remote_servers = true;
};
};
};
};
};
}

113
container/Ddns.nix
View file

@ -1,54 +1,67 @@
{ container, lib, config, ... } @args: with lib; let
cfg = config.container.module.ddns;
in {
options = {
container.module.ddns = {
enable = mkEnableOption "Dynamic dns client.";
address = mkOption {
default = "10.1.0.31";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/ddns";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.ddns;
in
{
options = {
container.module.ddns = {
enable = mkEnableOption "Dynamic dns client.";
address = mkOption {
default = "10.1.0.31";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/ddns";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.ddns = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
containers.ddns = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
config = { ... }: container.mkContainerConfig cfg {
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = "/data/token";
deleteMissing = false;
ipv4 = true;
ipv6 = false;
proxied = false;
domains = let
domain = config.container.domain;
in [ domain ] ++ map (sub: "${sub}.${domain}") [
"cloud"
"git"
"mail"
"office"
"paste"
"play"
"vpn"
];
};
};
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = "/data/token";
deleteMissing = false;
ipv4 = true;
ipv6 = false;
proxied = false;
domains =
let
domain = config.container.domain;
in
[ domain ]
++ map (sub: "${sub}.${domain}") [
"cloud"
"git"
"mail"
"office"
"paste"
"play"
"vpn"
];
};
};
};
};
}

259
container/Dns.nix
View file

@ -1,128 +1,141 @@
{ container, pkgs, lib, config, util, ... } @args: with lib; let
cfg = config.container.module.dns;
in {
options = {
container.module.dns = {
enable = mkEnableOption "Dns server.";
address = mkOption {
default = "10.1.0.6";
type = types.str;
};
port = mkOption {
default = 53;
type = types.int;
};
};
};
{
container,
pkgs,
lib,
config,
util,
...
}@args:
with lib;
let
cfg = config.container.module.dns;
in
{
options = {
container.module.dns = {
enable = mkEnableOption "Dns server.";
address = mkOption {
default = "10.1.0.6";
type = types.str;
};
port = mkOption {
default = 53;
type = types.int;
};
};
};
config = mkIf cfg.enable {
containers.dns = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = [
pkgs.cloudflared
];
config = mkIf cfg.enable {
containers.dns = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = [
pkgs.cloudflared
];
systemd.services.cloudflared = {
description = "Cloudflare DoH server.";
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054";
};
};
systemd.services.cloudflared = {
description = "Cloudflare DoH server.";
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054";
};
};
services.blocky = {
enable = true;
settings = {
upstream = {
default = [
"0.0.0.0:5054"
"0.0.0.0:5054"
];
};
blocking = {
blackLists = {
suspicious = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt"
];
ads = [
"https://easylist-downloads.adblockplus.org/bitblock.txt"
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt"
];
tracking = [
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
];
malicious = [
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://v.firebog.net/hosts/RPiList-Malware.txt"
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://urlhaus.abuse.ch/downloads/hostfile/"
];
other = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
];
};
# whiteLists = {
# other = [
# "/.*.vk.com/"
# ];
# };
clientGroupsBlock = {
default = [
"suspicious"
"ads"
"tracking"
"malicious"
"other"
];
};
};
customDNS = {
mapping = let
block = "0.0.0.0";
in {
# All subdomains to current host.
# ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1";
services.blocky = {
enable = true;
settings = {
upstream = {
default = [
"0.0.0.0:5054"
"0.0.0.0:5054"
];
};
blocking = {
blackLists = {
suspicious = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt"
];
ads = [
"https://easylist-downloads.adblockplus.org/bitblock.txt"
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt"
];
tracking = [
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
];
malicious = [
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://v.firebog.net/hosts/RPiList-Malware.txt"
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://urlhaus.abuse.ch/downloads/hostfile/"
];
other = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
];
};
# whiteLists = {
# other = [
# "/.*.vk.com/"
# ];
# };
clientGroupsBlock = {
default = [
"suspicious"
"ads"
"tracking"
"malicious"
"other"
];
};
};
customDNS = {
mapping =
let
block = "0.0.0.0";
in
{
# All subdomains to current host.
# ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1";
# Blocklist.
"gosuslugi.ru" = block;
"rutube.ru" = block;
"vk.com" = block;
};
};
port = cfg.port;
# httpPort = "80";
};
};
};
};
};
# Blocklist.
"gosuslugi.ru" = block;
"rutube.ru" = block;
"vk.com" = block;
};
};
port = cfg.port;
# httpPort = "80";
};
};
};
};
};
}

118
container/Download.nix
View file

@ -1,60 +1,70 @@
{ container, lib, config, ... }: with lib; let
cfg = config.container.module.download;
in {
options = {
container.module.download = {
enable = mkEnableOption "Downloader.";
address = mkOption {
default = "10.1.0.12";
type = types.str;
};
port = mkOption {
default = 8112;
type = types.int;
};
domain = mkOption {
default = "download.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/download";
type = types.str;
};
memLimit = mkOption {
default = "4G";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.download;
in
{
options = {
container.module.download = {
enable = mkEnableOption "Downloader.";
address = mkOption {
default = "10.1.0.12";
type = types.str;
};
port = mkOption {
default = 8112;
type = types.int;
};
domain = mkOption {
default = "download.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/download";
type = types.str;
};
memLimit = mkOption {
default = "4G";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.download = container.mkContainer cfg {
enableTun = true;
containers.download = container.mkContainer cfg {
enableTun = true;
bindMounts = {
"/var/lib/deluge/.config/deluge" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
} // container.attachMedia "download" false;
bindMounts = {
"/var/lib/deluge/.config/deluge" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
} // container.attachMedia "download" false;
config = { ... }: container.mkContainerConfig cfg {
services.deluge = {
enable = true;
dataDir = "/var/lib/deluge";
web.enable = true;
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.deluge = {
enable = true;
dataDir = "/var/lib/deluge";
web.enable = true;
};
systemd.services.deluged.serviceConfig = {
MemoryLimit = cfg.memLimit;
Restart = lib.mkForce "always";
RuntimeMaxSec = "1d";
};
};
};
};
systemd.services.deluged.serviceConfig = {
MemoryLimit = cfg.memLimit;
Restart = lib.mkForce "always";
RuntimeMaxSec = "1d";
};
};
};
};
}

224
container/Frkn.nix
View file

@ -1,118 +1,132 @@
# TODO: Saved just in case for the dark future.
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
{ container, pkgs, lib, config, __findFile, ... }: with lib; let
cfg = config.container.module.frkn;
in {
options = {
container.module.frkn = {
enable = mkEnableOption "FRKN";
address = mkOption {
default = "10.1.0.69";
type = types.str;
};
port = mkOption {
default = 1080;
type = types.int;
};
torport = mkOption {
default = 9150;
type = types.int;
};
xrayport = mkOption {
default = 1081;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/frkn";
type = types.str;
};
};
};
{
container,
pkgs,
lib,
config,
__findFile,
...
}:
with lib;
let
cfg = config.container.module.frkn;
in
{
options = {
container.module.frkn = {
enable = mkEnableOption "FRKN";
address = mkOption {
default = "10.1.0.69";
type = types.str;
};
port = mkOption {
default = 1080;
type = types.int;
};
torport = mkOption {
default = 9150;
type = types.int;
};
xrayport = mkOption {
default = 1081;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/frkn";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.frkn = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
containers.frkn = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
config = { ... }: container.mkContainerConfig cfg {
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
config =
{ ... }:
container.mkContainerConfig cfg {
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
imports = [ <module/Zapret.nix> ];
module.zapret = {
enable = true;
params = config.module.zapret.params;
};
imports = [ <module/Zapret.nix> ];
module.zapret = {
enable = true;
params = config.module.zapret.params;
};
services = {
microsocks = {
enable = true;
ip = cfg.address;
port = cfg.port;
disableLogging = true;
#authUsername
#outgoingBindIp
#authOnce
};
services = {
microsocks = {
enable = true;
ip = cfg.address;
port = cfg.port;
disableLogging = true;
#authUsername
#outgoingBindIp
#authOnce
};
tor = {
enable = true;
openFirewall = true;
settings = let
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
in {
# ExcludeExitNodes = exclude;
# ExcludeNodes = exclude;
#DNSPort = dnsport;
UseBridges = true;
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
Bridge = [
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
];
};
tor = {
enable = true;
openFirewall = true;
settings =
let
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
in
{
# ExcludeExitNodes = exclude;
# ExcludeNodes = exclude;
#DNSPort = dnsport;
UseBridges = true;
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
Bridge = [
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
];
};
client = {
enable = true;
#dns.enable = true;
socksListenAddress = {
IsolateDestAddr = true;
addr = cfg.address;
port = cfg.torport;
};
};
};
client = {
enable = true;
#dns.enable = true;
socksListenAddress = {
IsolateDestAddr = true;
addr = cfg.address;
port = cfg.torport;
};
};
};
xray = {
enable = true;
settingsFile = "/data/Client.json";
};
};
xray = {
enable = true;
settingsFile = "/data/Client.json";
};
};
systemd = {
services.tor.wantedBy = lib.mkForce [];
systemd = {
services.tor.wantedBy = lib.mkForce [ ];
timers.tor = {
timerConfig = {
OnBootSec = 5;
Unit = "tor.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
timers.tor = {
timerConfig = {
OnBootSec = 5;
Unit = "tor.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
}

215
container/Git.nix
View file

@ -1,108 +1,123 @@
{ container, pkgs, config, lib, ... }: with lib; let
cfg = config.container.module.git;
in {
options = {
container.module.git = {
enable = mkEnableOption "Git server.";
address = mkOption {
default = "10.1.0.8";
type = types.str;
};
port = mkOption {
default = 3000;
type = types.int;
};
portSsh = mkOption {
default = 22144;
type = types.int;
};
domain = mkOption {
default = "git.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/git";
type = types.str;
};
};
};
{
container,
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.container.module.git;
in
{
options = {
container.module.git = {
enable = mkEnableOption "Git server.";
address = mkOption {
default = "10.1.0.8";
type = types.str;
};
port = mkOption {
default = 3000;
type = types.int;
};
portSsh = mkOption {
default = 22144;
type = types.int;
};
domain = mkOption {
default = "git.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/git";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.git = container.mkContainer cfg {
bindMounts = {
"/var/lib/forgejo" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.git = container.mkContainer cfg {
bindMounts = {
"/var/lib/forgejo" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ forgejo ];
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ forgejo ];
services.forgejo = {
enable = true;
stateDir = "/var/lib/forgejo";
services.forgejo = {
enable = true;
stateDir = "/var/lib/forgejo";
database = let
postgre = config.container.module.postgres;
in {
type = "postgres";
host = postgre.address;
port = postgre.port;
user = "forgejo";
name = "forgejo";
createDatabase = false;
};
database =
let
postgre = config.container.module.postgres;
in
{
type = "postgres";
host = postgre.address;
port = postgre.port;
user = "forgejo";
name = "forgejo";
createDatabase = false;
};
settings = let
gcArgs = "--aggressive --no-cruft --prune=now";
gcTimeout = 600;
in {
"service".DISABLE_REGISTRATION = true;
"log".LEVEL = "Error";
"server" = {
DOMAIN = cfg.domain;
HTTP_ADDR = cfg.address;
ROOT_URL = "https://${cfg.domain}";
settings =
let
gcArgs = "--aggressive --no-cruft --prune=now";
gcTimeout = 600;
in
{
"service".DISABLE_REGISTRATION = true;
"log".LEVEL = "Error";
"server" = {
DOMAIN = cfg.domain;
HTTP_ADDR = cfg.address;
ROOT_URL = "https://${cfg.domain}";
BUILTIN_SSH_SERVER_USER = "git";
DISABLE_SSH = false;
SSH_PORT = cfg.portSsh;
START_SSH_SERVER = true;
};
"ui" = {
AMBIGUOUS_UNICODE_DETECTION = false;
};
"repository" = {
DEFAULT_PRIVATE = "private";
DEFAULT_PUSH_CREATE_PRIVATE = true;
};
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
"repository.issue".MAX_PINNED = 99999;
"cron" = {
ENABLED = true;
RUN_AT_START = true;
};
"repo-archive".ENABLED = false;
"cron.update_mirrors".SCHEDULE = "@midnight";
"cron.cleanup_actions".ENABLED = true;
"cron.git_gc_repos" = {
ENABLED = true;
SCHEDULE = "@midnight";
TIMEOUT = gcTimeout;
ARGS = gcArgs;
};
"git" = {
GC_ARGS = gcArgs;
};
"git.timeout".GC = gcTimeout;
};
};
};
};
};
BUILTIN_SSH_SERVER_USER = "git";
DISABLE_SSH = false;
SSH_PORT = cfg.portSsh;
START_SSH_SERVER = true;
};
"ui" = {
AMBIGUOUS_UNICODE_DETECTION = false;
};
"repository" = {
DEFAULT_PRIVATE = "private";
DEFAULT_PUSH_CREATE_PRIVATE = true;
};
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
"repository.issue".MAX_PINNED = 99999;
"cron" = {
ENABLED = true;
RUN_AT_START = true;
};
"repo-archive".ENABLED = false;
"cron.update_mirrors".SCHEDULE = "@midnight";
"cron.cleanup_actions".ENABLED = true;
"cron.git_gc_repos" = {
ENABLED = true;
SCHEDULE = "@midnight";
TIMEOUT = gcTimeout;
ARGS = gcArgs;
};
"git" = {
GC_ARGS = gcArgs;
};
"git.timeout".GC = gcTimeout;
};
};
};
};
};
}

135
container/Hdd.nix
View file

@ -1,70 +1,81 @@
# ISSUE: Broken, can't read/write sda device.
{ container, pkgs, config, lib, ... }: with lib; let
cfg = config.container.module.hdd;
in {
options = {
container.module.hdd = {
enable = mkEnableOption "Hdd health monitor.";
address = mkOption {
default = "10.1.0.10";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "hdd.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/hdd";
type = types.str;
};
};
};
{
container,
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.container.module.hdd;
in
{
options = {
container.module.hdd = {
enable = mkEnableOption "Hdd health monitor.";
address = mkOption {
default = "10.1.0.10";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "hdd.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/hdd";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.hdd = container.mkContainer cfg {
# bindMounts = let
# attachDrive = hostPath: {
# inherit hostPath;
# isReadOnly = false;
# };
# in {
# "/opt/scrutiny" = {
# hostPath = "${cfg.storage}/data";
# isReadOnly = false;
# };
# "/dev/sda" = attachDrive "/dev/sda";
# };
containers.hdd = container.mkContainer cfg {
# bindMounts = let
# attachDrive = hostPath: {
# inherit hostPath;
# isReadOnly = false;
# };
# in {
# "/opt/scrutiny" = {
# hostPath = "${cfg.storage}/data";
# isReadOnly = false;
# };
# "/dev/sda" = attachDrive "/dev/sda";
# };
# allowedDevices = [
# {
# modifier = "rwm";
# node = "/dev/sda";
# }
# ];
# allowedDevices = [
# {
# modifier = "rwm";
# node = "/dev/sda";
# }
# ];
# additionalCapabilities = [ "CAP_SYS_ADMIN" ];
# additionalCapabilities = [ "CAP_SYS_ADMIN" ];
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ smartmontools ];
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ smartmontools ];
services.scrutiny = {
enable = true;
settings.web = {
listen = {
host = cfg.address;
port = cfg.port;
};
};
};
};
};
};
services.scrutiny = {
enable = true;
settings.web = {
listen = {
host = cfg.address;
port = cfg.port;
};
};
};
};
};
};
}

95
container/Home.nix
View file

@ -1,45 +1,58 @@
{ container, pkgs, util, lib, config, __findFile, ... } @args: with lib; let
cfg = config.container.module.home;
package = (pkgs.callPackage <package/homer> args);
in {
options = {
container.module.home = {
enable = mkEnableOption "Dashboard.";
address = mkOption {
default = "10.1.0.18";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "home.${config.container.domain}";
type = types.str;
};
};
};
{
container,
pkgs,
util,
lib,
config,
__findFile,
...
}@args:
with lib;
let
cfg = config.container.module.home;
package = (pkgs.callPackage <package/homer> args);
in
{
options = {
container.module.home = {
enable = mkEnableOption "Dashboard.";
address = mkOption {
default = "10.1.0.18";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "home.${config.container.domain}";
type = types.str;
};
};
};
config = mkIf cfg.enable {
containers.home = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = [ package ];
systemd.packages = [ package ];
config = mkIf cfg.enable {
containers.home = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = [ package ];
systemd.packages = [ package ];
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = ''
try_files $uri $uri/index.html;
'';
};
};
};
};
};
};
locations = {
"/".extraConfig = ''
try_files $uri $uri/index.html;
'';
};
};
};
};
};
};
}

221
container/Iot.nix
View file

@ -1,110 +1,125 @@
{ container, lib, config, pkgsStable, ... }: with lib; let
cfg = config.container.module.iot;
in {
options = {
container.module.iot = {
enable = mkEnableOption "IoT service.";
address = mkOption {
default = "10.1.0.27";
type = types.str;
};
port = mkOption {
default = 8123;
type = types.int;
};
domain = mkOption {
default = "iot.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/iot";
type = types.str;
};
};
};
{
container,
lib,
config,
pkgsStable,
...
}:
with lib;
let
cfg = config.container.module.iot;
in
{
options = {
container.module.iot = {
enable = mkEnableOption "IoT service.";
address = mkOption {
default = "10.1.0.27";
type = types.str;
};
port = mkOption {
default = 8123;
type = types.int;
};
domain = mkOption {
default = "iot.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/iot";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.iot = container.mkContainer cfg {
bindMounts = {
"/var/lib/hass" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/dev/ttyACM0" = {
hostPath = "/dev/ttyACM0";
isReadOnly = false;
};
"/dev/serial/by-id" = {
hostPath = "/dev/serial/by-id";
isReadOnly = false;
};
} // container.attachMedia "photo" true;
containers.iot = container.mkContainer cfg {
bindMounts = {
"/var/lib/hass" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/dev/ttyACM0" = {
hostPath = "/dev/ttyACM0";
isReadOnly = false;
};
"/dev/serial/by-id" = {
hostPath = "/dev/serial/by-id";
isReadOnly = false;
};
} // container.attachMedia "photo" true;
allowedDevices = [
{
modifier = "rwm";
node = "/dev/ttyACM0";
}
];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/ttyACM0";
}
];
config = { ... }: container.mkContainerConfig cfg {
# Allow Hass to talk to Zigbee dongle.
users.users.hass.extraGroups = [ "dialout" "tty" ];
config =
{ ... }:
container.mkContainerConfig cfg {
# Allow Hass to talk to Zigbee dongle.
users.users.hass.extraGroups = [
"dialout"
"tty"
];
services.home-assistant = {
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
enable = true;
extraComponents = [
"caldav"
"met"
"sun"
"systemmonitor"
"zha"
];
extraPackages = python3Packages: with python3Packages; [
aiodhcpwatcher
aiodiscover
aiogithubapi
arrow
async-upnp-client
av
gtts
ha-ffmpeg
hassil
home-assistant-intents
mutagen
numpy
pymicro-vad
pynacl
python-telegram-bot
pyturbojpeg
pyspeex-noise
zeroconf
];
configDir = "/var/lib/hass";
# lovelaceConfig = {
# title = "Home IoT control center.";
# };
# NOTE: Using imperative config because of secrets.
config = null;
};
services.home-assistant = {
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
enable = true;
extraComponents = [
"caldav"
"met"
"sun"
"systemmonitor"
"zha"
];
extraPackages =
python3Packages: with python3Packages; [
aiodhcpwatcher
aiodiscover
aiogithubapi
arrow
async-upnp-client
av
gtts
ha-ffmpeg
hassil
home-assistant-intents
mutagen
numpy
pymicro-vad
pynacl
python-telegram-bot
pyturbojpeg
pyspeex-noise
zeroconf
];
configDir = "/var/lib/hass";
# lovelaceConfig = {
# title = "Home IoT control center.";
# };
# NOTE: Using imperative config because of secrets.
config = null;
};
# HACK: Delay so that nextcloud calendar can reply on reboot.
systemd = {
services."home-assistant".wantedBy = mkForce [];
timers.fixsystemd = {
timerConfig = {
OnBootSec = 15;
Unit = "home-assistant.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
# HACK: Delay so that nextcloud calendar can reply on reboot.
systemd = {
services."home-assistant".wantedBy = mkForce [ ];
timers.fixsystemd = {
timerConfig = {
OnBootSec = 15;
Unit = "home-assistant.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
}

139
container/Jobber.nix
View file

@ -1,66 +1,85 @@
{ container, pkgsJobber, poetry2nixJobber, lib, config, __findFile, ... }: with lib; let
cfg = config.container.module.jobber;
script = import <package/jobber> { poetry2nix = poetry2nixJobber; pkgs = pkgsJobber; };
in {
options = {
container.module.jobber = {
enable = mkEnableOption "Button pusher Stanley.";
address = mkOption {
default = "10.1.0.32";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/jobber";
type = types.str;
};
};
};
{
container,
pkgsJobber,
poetry2nixJobber,
lib,
config,
__findFile,
...
}:
with lib;
let
cfg = config.container.module.jobber;
script = import <package/jobber> {
poetry2nix = poetry2nixJobber;
pkgs = pkgsJobber;
};
in
{
options = {
container.module.jobber = {
enable = mkEnableOption "Button pusher Stanley.";
address = mkOption {
default = "10.1.0.32";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/jobber";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.jobber = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
containers.jobber = container.mkContainer cfg {
bindMounts = {
"/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = true;
};
};
enableTun = true;
enableTun = true;
config = { lib, ... }: let
packages = [ script ] ++ (with pkgsJobber; [
firefox
geckodriver
openvpn
python311
]);
in container.mkContainerConfig cfg {
networking = lib.mkForce {
nameservers = [
"10.30.218.2"
];
};
config =
{ lib, ... }:
let
packages =
[ script ]
++ (with pkgsJobber; [
firefox
geckodriver
openvpn
python311
]);
in
container.mkContainerConfig cfg {
networking = lib.mkForce {
nameservers = [
"10.30.218.2"
];
};
systemd.services.jobber = {
description = "My job is pushing the button.";
enable = true;
wantedBy = [ "multi-user.target" ];
path = packages;
environment = {
PYTHONUNBUFFERED = "1";
PYTHONDONTWRITEBYTECODE = "1";
};
serviceConfig = {
Type = "simple";
ExecStart = "${script}/bin/jobber -u";
Restart = "on-failure";
};
};
};
};
};
systemd.services.jobber = {
description = "My job is pushing the button.";
enable = true;
wantedBy = [ "multi-user.target" ];
path = packages;
environment = {
PYTHONUNBUFFERED = "1";
PYTHONDONTWRITEBYTECODE = "1";
};
serviceConfig = {
Type = "simple";
ExecStart = "${script}/bin/jobber -u";
Restart = "on-failure";
};
};
};
};
};
}

438
container/Mail.nix
View file

@ -1,228 +1,246 @@
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
{ container, pkgs, util, const, lib, config, ... }: with lib; let
cfg = config.container.module.mail;
domain = config.container.domain;
in {
options = {
container.module.mail = {
enable = mkEnableOption "Email server.";
address = mkOption {
default = "10.1.0.5";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "mail.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/mail";
type = types.str;
};
};
};
{
container,
pkgs,
util,
const,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.mail;
domain = config.container.domain;
in
{
options = {
container.module.mail = {
enable = mkEnableOption "Email server.";
address = mkOption {
default = "10.1.0.5";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "mail.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/mail";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
# "data/indices"
# "data/vmail"
# "data/sieve"
# "data/dkim"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
# "data/indices"
# "data/vmail"
# "data/sieve"
# "data/dkim"
];
containers.mail = container.mkContainer cfg {
bindMounts = {
"/var/lib/dovecot/indices" = {
hostPath = "${cfg.storage}/data/indices";
isReadOnly = false;
};
"/var/vmail" = {
hostPath = "${cfg.storage}/data/vmail";
isReadOnly = false;
};
"/var/sieve" = {
hostPath = "${cfg.storage}/data/sieve";
isReadOnly = false;
};
"/var/dkim" = {
hostPath = "${cfg.storage}/data/dkim";
isReadOnly = false;
};
"/acme" = {
hostPath = "${config.container.module.proxy.storage}/letsencrypt";
isReadOnly = true;
};
};
containers.mail = container.mkContainer cfg {
bindMounts = {
"/var/lib/dovecot/indices" = {
hostPath = "${cfg.storage}/data/indices";
isReadOnly = false;
};
"/var/vmail" = {
hostPath = "${cfg.storage}/data/vmail";
isReadOnly = false;
};
"/var/sieve" = {
hostPath = "${cfg.storage}/data/sieve";
isReadOnly = false;
};
"/var/dkim" = {
hostPath = "${cfg.storage}/data/dkim";
isReadOnly = false;
};
"/acme" = {
hostPath = "${config.container.module.proxy.storage}/letsencrypt";
isReadOnly = true;
};
};
config = { config, ... }: container.mkContainerConfig cfg {
imports = [
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
})
];
config =
{ config, ... }:
container.mkContainerConfig cfg {
imports = [
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
})
];
mailserver = {
enable = true;
domains = [ domain ];
fqdn = cfg.domain;
sendingFqdn = domain;
mailserver = {
enable = true;
domains = [ domain ];
fqdn = cfg.domain;
sendingFqdn = domain;
# Use `mkpasswd -sm bcrypt`.
loginAccounts = let
defaultQuota = "1G";
in {
"admin@${domain}" = {
name = "admin";
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
quota = defaultQuota;
};
"account@${domain}" = {
name = "account";
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
quota = defaultQuota;
};
"hi@${domain}" = {
name = "hi";
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
quota = defaultQuota;
aliases = [ "voronind@${domain}" ];
};
"job@${domain}" = {
name = "job";
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
quota = defaultQuota;
};
"trash@${domain}" = {
name = "trash";
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
catchAll = [ domain ];
quota = defaultQuota;
};
"noreply@${domain}" = {
name = "noreply";
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
sendOnly = true;
quota = defaultQuota;
};
};
# Use `mkpasswd -sm bcrypt`.
loginAccounts =
let
defaultQuota = "1G";
in
{
"admin@${domain}" = {
name = "admin";
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
quota = defaultQuota;
};
"account@${domain}" = {
name = "account";
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
quota = defaultQuota;
};
"hi@${domain}" = {
name = "hi";
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
quota = defaultQuota;
aliases = [ "voronind@${domain}" ];
};
"job@${domain}" = {
name = "job";
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
quota = defaultQuota;
};
"trash@${domain}" = {
name = "trash";
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
catchAll = [ domain ];
quota = defaultQuota;
};
"noreply@${domain}" = {
name = "noreply";
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
sendOnly = true;
quota = defaultQuota;
};
};
enableImap = true;
enableImapSsl = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableImap = true;
enableImapSsl = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableManageSieve = true;
virusScanning = false;
enableManageSieve = true;
virusScanning = false;
certificateScheme = "manual";
keyFile = "/acme/live/${domain}/privkey.pem";
certificateFile = "/acme/live/${domain}/cert.pem";
certificateScheme = "manual";
keyFile = "/acme/live/${domain}/privkey.pem";
certificateFile = "/acme/live/${domain}/cert.pem";
indexDir = "/var/lib/dovecot/indices";
mailDirectory = "/var/vmail";
sieveDirectory = "/var/sieve";
dkimKeyDirectory = "/var/dkim";
indexDir = "/var/lib/dovecot/indices";
mailDirectory = "/var/vmail";
sieveDirectory = "/var/sieve";
dkimKeyDirectory = "/var/dkim";
mailboxes = {
All = {
auto = "subscribe";
specialUse = "All";
};
Archive = {
auto = "subscribe";
specialUse = "Archive";
};
Drafts = {
auto = "subscribe";
specialUse = "Drafts";
};
Junk = {
auto = "subscribe";
specialUse = "Junk";
# autoexpunge = "3d";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
Trash = {
auto = "subscribe";
specialUse = "Trash";
# autoexpunge = "30d";
};
};
mailboxes = {
All = {
auto = "subscribe";
specialUse = "All";
};
Archive = {
auto = "subscribe";
specialUse = "Archive";
};
Drafts = {
auto = "subscribe";
specialUse = "Drafts";
};
Junk = {
auto = "subscribe";
specialUse = "Junk";
# autoexpunge = "3d";
};
Sent = {
auto = "subscribe";
specialUse = "Sent";
};
Trash = {
auto = "subscribe";
specialUse = "Trash";
# autoexpunge = "30d";
};
};
dmarcReporting = {
inherit domain;
enable = true;
organizationName = "voronind";
# email = "noreply@${domain}";
};
dmarcReporting = {
inherit domain;
enable = true;
organizationName = "voronind";
# email = "noreply@${domain}";
};
# monitoring = {
# enable = true;
# alertAddress = "admin@${domain}";
# };
};
# monitoring = {
# enable = true;
# alertAddress = "admin@${domain}";
# };
};
services = {
roundcube = {
enable = true;
dicts = with pkgs.aspellDicts; [ en ru ];
hostName = cfg.domain;
plugins = [
"managesieve"
];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
# $config['smtp_server'] = "tls://localhost";
$config['smtp_server'] = "localhost:25";
$config['smtp_auth_type'] = null;
$config['smtp_user'] = "";
$config['smtp_pass'] = "";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
'';
};
services = {
roundcube = {
enable = true;
dicts = with pkgs.aspellDicts; [
en
ru
];
hostName = cfg.domain;
plugins = [
"managesieve"
];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
# $config['smtp_server'] = "tls://localhost";
$config['smtp_server'] = "localhost:25";
$config['smtp_auth_type'] = null;
$config['smtp_user'] = "";
$config['smtp_pass'] = "";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
'';
};
nginx = {
virtualHosts.${cfg.domain} = {
forceSSL = false;
enableACME = false;
};
};
};
nginx = {
virtualHosts.${cfg.domain} = {
forceSSL = false;
enableACME = false;
};
};
};
systemd = {
services.autoexpunge = {
description = "Delete old mail";
serviceConfig.Type = "oneshot";
path = [ pkgs.dovecot ];
script = ''
doveadm expunge -A mailbox Junk SENTBEFORE 7d
doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A
'';
};
systemd = {
services.autoexpunge = {
description = "Delete old mail";
serviceConfig.Type = "oneshot";
path = [ pkgs.dovecot ];
script = ''
doveadm expunge -A mailbox Junk SENTBEFORE 7d
doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A
'';
};
timers.autoexpunge = {
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "autoexpunge.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
timers.autoexpunge = {
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "autoexpunge.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
}

174
container/Office.nix
View file

@ -2,93 +2,107 @@
# 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason.
# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
# See https://git.voronind.com/voronind/nixos/issues/74
{ container, pkgs, util, lib, config, ... }: with lib; let
cfg = config.container.module.office;
in {
options = {
container.module.office = {
enable = mkEnableOption "Office web suite.";
address = mkOption {
default = "10.1.0.21";
type = types.str;
};
port = mkOption {
default = 8000;
type = types.int;
};
domain = mkOption {
default = "office.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/office";
type = types.str;
};
};
};
{
container,
pkgs,
util,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.office;
in
{
options = {
container.module.office = {
enable = mkEnableOption "Office web suite.";
address = mkOption {
default = "10.1.0.21";
type = types.str;
};
port = mkOption {
default = 8000;
type = types.int;
};
domain = mkOption {
default = "office.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/office";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.office = container.mkContainer cfg {
bindMounts = {
"/var/lib/onlyoffice" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.office = container.mkContainer cfg {
bindMounts = {
"/var/lib/onlyoffice" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config =
{ pkgs, ... }:
container.mkContainerConfig cfg {
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.office = {
autoStart = true;
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
# ports = [ "${toString cfg.port}:8000" ];
extraOptions = [
"--network=host"
"--privileged"
];
environment = {
JWT_ENABLED = "true";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
DB_HOST = config.container.module.postgres.address;
DB_PORT = toString config.container.module.postgres.port;
DB_NAME = "onlyoffice";
DB_USER = "onlyoffice";
DB_PWD = "onlyoffice";
};
};
};
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config = { pkgs, ... }: container.mkContainerConfig cfg {
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.office = {
autoStart = true;
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
# ports = [ "${toString cfg.port}:8000" ];
extraOptions = [ "--network=host" "--privileged" ];
environment = {
JWT_ENABLED = "true";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
DB_HOST = config.container.module.postgres.address;
DB_PORT = toString config.container.module.postgres.port;
DB_NAME = "onlyoffice";
DB_USER = "onlyoffice";
DB_PWD = "onlyoffice";
};
};
};
# config = { pkgs, ... }: container.mkContainerConfig cfg {
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# nixpkgs.overlays = [ (final: prev: {
# corefonts = prev.corefonts.overrideAttrs (old: {
# meta.license = mkForce licenses.mit;
# });
# })];
# config = { pkgs, ... }: container.mkContainerConfig cfg {
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# nixpkgs.overlays = [ (final: prev: {
# corefonts = prev.corefonts.overrideAttrs (old: {
# meta.license = mkForce licenses.mit;
# });
# })];
# services.onlyoffice = let
# dbName = "onlyoffice";
# in {
# enable = true;
# hostname = cfg.domain;
# services.onlyoffice = let
# dbName = "onlyoffice";
# in {
# enable = true;
# hostname = cfg.domain;
# postgresName = dbName;
# postgresHost = config.container.module.postgres.address;
# postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# postgresName = dbName;
# postgresHost = config.container.module.postgres.address;
# postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# examplePort = cfg.port;
# enableExampleServer = true;
# };
# };
};
};
# examplePort = cfg.port;
# enableExampleServer = true;
# };
# };
};
};
}

194
container/Paper.nix
View file

@ -1,96 +1,108 @@
{ container, pkgs, pkgsStable, lib, config, ... }: with lib; let
cfg = config.container.module.paper;
in {
options = {
container.module.paper = {
enable = mkEnableOption "Paper scans manager.";
address = mkOption {
default = "10.1.0.40";
type = types.str;
};
port = mkOption {
default = 28981;
type = types.int;
};
domain = mkOption {
default = "paper.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paper";
type = types.str;
};
};
};
{
container,
pkgs,
pkgsStable,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.paper;
in
{
options = {
container.module.paper = {
enable = mkEnableOption "Paper scans manager.";
address = mkOption {
default = "10.1.0.40";
type = types.str;
};
port = mkOption {
default = 28981;
type = types.int;
};
domain = mkOption {
default = "paper.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paper";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.paper = container.mkContainer cfg {
bindMounts = {
"/var/lib/paperless" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/lib/paperless/media" = {
hostPath = "${elemAt config.container.media.paper 0}";
isReadOnly = false;
};
};
containers.paper = container.mkContainer cfg {
bindMounts = {
"/var/lib/paperless" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/lib/paperless/media" = {
hostPath = "${elemAt config.container.media.paper 0}";
isReadOnly = false;
};
};
config = { lib, ... }: container.mkContainerConfig cfg {
services.paperless = {
enable = true;
dataDir = "/var/lib/paperless";
# address = cfg.domain;
address = "0.0.0.0";
port = cfg.port;
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596
# package = pkgsStable.paperless-ngx;
passwordFile = pkgs.writeText "PaperlessPassword" "root";
settings = {
PAPERLESS_URL = "https://${cfg.domain}";
PAPERLESS_ADMIN_USER = "root";
PAPERLESS_DBHOST = config.container.module.postgres.address;
PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBPASS = "paperless";
PAPERLESS_DBPORT = config.container.module.postgres.port;
PAPERLESS_DBUSER = "paperless";
PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
};
};
config =
{ lib, ... }:
container.mkContainerConfig cfg {
services.paperless = {
enable = true;
dataDir = "/var/lib/paperless";
# address = cfg.domain;
address = "0.0.0.0";
port = cfg.port;
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596
# package = pkgsStable.paperless-ngx;
passwordFile = pkgs.writeText "PaperlessPassword" "root";
settings = {
PAPERLESS_URL = "https://${cfg.domain}";
PAPERLESS_ADMIN_USER = "root";
PAPERLESS_DBHOST = config.container.module.postgres.address;
PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBPASS = "paperless";
PAPERLESS_DBPORT = config.container.module.postgres.port;
PAPERLESS_DBUSER = "paperless";
PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
};
};
# HACK: This is required for TCP postgres connection.
systemd = {
services = {
paperless-scheduler = {
serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [];
};
paperless-consumer = {
serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [];
};
paperless-web = {
wantedBy = mkForce [];
};
paperless-task-queue = {
wantedBy = mkForce [];
};
};
timers.fixsystemd = {
timerConfig = {
OnBootSec = 5;
Unit = "paperless-web.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
# HACK: This is required for TCP postgres connection.
systemd = {
services = {
paperless-scheduler = {
serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [ ];
};
paperless-consumer = {
serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [ ];
};
paperless-web = {
wantedBy = mkForce [ ];
};
paperless-task-queue = {
wantedBy = mkForce [ ];
};
};
timers.fixsystemd = {
timerConfig = {
OnBootSec = 5;
Unit = "paperless-web.service";
};
wantedBy = [ "timers.target" ];
};
};
};
};
};
}

116
container/Pass.nix
View file

@ -1,57 +1,67 @@
{ container, lib, config, ... }: with lib; let
cfg = config.container.module.pass;
in {
options = {
container.module.pass = {
enable = mkEnableOption "Password manager";
address = mkOption {
default = "10.1.0.9";
type = types.str;
};
port = mkOption {
default = 8000;
type = types.int;
};
domain = mkOption {
default = "pass.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/pass";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.pass;
in
{
options = {
container.module.pass = {
enable = mkEnableOption "Password manager";
address = mkOption {
default = "10.1.0.9";
type = types.str;
};
port = mkOption {
default = 8000;
type = types.int;
};
domain = mkOption {
default = "pass.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/pass";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.pass = container.mkContainer cfg {
bindMounts = {
"/var/lib/bitwarden_rs" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.pass = container.mkContainer cfg {
bindMounts = {
"/var/lib/bitwarden_rs" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
environmentFile = "/var/lib/bitwarden_rs/Env";
config = {
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden";
DATA_FOLDER = "/var/lib/bitwarden_rs";
DOMAIN = "http://${cfg.domain}";
SIGNUPS_ALLOWED = false;
WEB_VAULT_ENABLED = true;
ROCKET_ADDRESS = cfg.address;
ROCKET_PORT = cfg.port;
};
};
};
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
environmentFile = "/var/lib/bitwarden_rs/Env";
config = {
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden";
DATA_FOLDER = "/var/lib/bitwarden_rs";
DOMAIN = "http://${cfg.domain}";
SIGNUPS_ALLOWED = false;
WEB_VAULT_ENABLED = true;
ROCKET_ADDRESS = cfg.address;
ROCKET_PORT = cfg.port;
};
};
};
};
};
}

236
container/Paste.nix
View file

@ -1,126 +1,138 @@
{ pkgs, util, container, lib, config, __findFile, ... } @args: with lib; let
cfg = config.container.module.paste;
package = (pkgs.callPackage <package/privatebin> args);
in {
options = {
container.module.paste = {
enable = mkEnableOption "Pastebin.";
address = mkOption {
default = "10.1.0.14";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "paste.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paste";
type = types.str;
};
};
};
{
pkgs,
container,
lib,
config,
__findFile,
...
}@args:
with lib;
let
cfg = config.container.module.paste;
package = (pkgs.callPackage <package/privatebin> args);
in
{
options = {
container.module.paste = {
enable = mkEnableOption "Pastebin.";
address = mkOption {
default = "10.1.0.14";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "paste.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paste";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"tmp"
"nginxtmp"
"config"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"tmp"
"nginxtmp"
"config"
];
containers.paste = container.mkContainer cfg {
bindMounts = {
"/srv/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/tmp" = {
hostPath = "${cfg.storage}/tmp";
isReadOnly = false;
};
"/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false;
};
"/srv/config" = {
hostPath = "${cfg.storage}/config";
isReadOnly = false;
};
};
containers.paste = container.mkContainer cfg {
bindMounts = {
"/srv/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/tmp" = {
hostPath = "${cfg.storage}/tmp";
isReadOnly = false;
};
"/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false;
};
"/srv/config" = {
hostPath = "${cfg.storage}/config";
isReadOnly = false;
};
};
config = { config, ... }: container.mkContainerConfig cfg {
environment.systemPackages = [ package ];
systemd.packages = [ package ];
config =
{ config, ... }:
container.mkContainerConfig cfg {
environment.systemPackages = [ package ];
systemd.packages = [ package ];
users.users.paste = {
group = "nginx";
isSystemUser = true;
};
users.users.paste = {
group = "nginx";
isSystemUser = true;
};
services.phpfpm.pools.paste = {
user = "paste";
group = "nginx";
services.phpfpm.pools.paste = {
user = "paste";
group = "nginx";
phpPackage = pkgs.php;
phpPackage = pkgs.php;
settings = {
"pm" = "dynamic";
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"listen.owner" = "nginx";
"catch_workers_output" = true;
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
settings = {
"pm" = "dynamic";
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"listen.owner" = "nginx";
"catch_workers_output" = true;
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
phpEnv = {
# CONFIG_PATH = "${package}/cfg";
};
};
phpEnv = {
# CONFIG_PATH = "${package}/cfg";
};
};
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = ''
rewrite ^ /index.php;
'';
locations = {
"/".extraConfig = ''
rewrite ^ /index.php;
'';
"~ \\.php$".extraConfig = util.trimTabs ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
"~ \\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
'';
};
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = ''
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
'';
};
extraConfig = util.trimTabs ''
try_files $uri /index.php;
'';
};
};
};
};
};
extraConfig = ''
try_files $uri /index.php;
'';
};
};
};
};
};
}

171
container/Postgres.nix
View file

@ -1,86 +1,105 @@
{ container, lib, pkgs, config, ... }: with lib; let
cfg = config.container.module.postgres;
in {
options = {
container.module.postgres = {
enable = mkEnableOption "Postgresql server.";
address = mkOption {
default = "10.1.0.3";
type = types.str;
};
port = mkOption {
default = 5432;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/postgres";
type = types.str;
};
};
};
{
container,
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.container.module.postgres;
in
{
options = {
container.module.postgres = {
enable = mkEnableOption "Postgresql server.";
address = mkOption {
default = "10.1.0.3";
type = types.str;
};
port = mkOption {
default = 5432;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/postgres";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.postgres = container.mkContainer cfg {
bindMounts = {
"/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.postgres = container.mkContainer cfg {
bindMounts = {
"/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
services.postgresql = let
# Populate with services here.
configurations = with config.container.module; {
forgejo = git;
invidious = yt;
nextcloud = cloud;
onlyoffice = office;
paperless = paper;
privatebin = paste;
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.postgresql =
let
# Populate with services here.
configurations = with config.container.module; {
forgejo = git;
invidious = yt;
nextcloud = cloud;
onlyoffice = office;
paperless = paper;
privatebin = paste;
};
access = configurations // {
all = { address = config.container.host; };
};
access = configurations // {
all = {
address = config.container.host;
};
};
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
);
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
);
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;
ensureUsers = map (name: {
inherit name;
ensureClauses = if name == "root" then {
superuser = true;
createrole = true;
createdb = true;
} else {};
ensureDBOwnership = true;
}) ensureDatabases;
in {
inherit authentication ensureDatabases ensureUsers;
ensureUsers = map (name: {
inherit name;
ensureClauses =
if name == "root" then
{
superuser = true;
createrole = true;
createdb = true;
}
else
{ };
ensureDBOwnership = true;
}) ensureDatabases;
in
{
inherit authentication ensureDatabases ensureUsers;
enable = true;
package = pkgs.postgresql_14;
dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true;
enable = true;
package = pkgs.postgresql_14;
dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true;
# NOTE: Debug mode.
# settings = {
# log_connections = true;
# log_destination = lib.mkForce "syslog";
# log_disconnections = true;
# log_statement = "all";
# logging_collector = true;
# };
};
};
};
};
# NOTE: Debug mode.
# settings = {
# log_connections = true;
# log_destination = lib.mkForce "syslog";
# log_disconnections = true;
# log_statement = "all";
# logging_collector = true;
# };
};
};
};
};
}

129
container/Print.nix
View file

@ -2,66 +2,79 @@
# ipp://192.168.2.237
# Pantum M6500W-Series
{ container, pkgs, lib, config, __findFile, ... } @args: with lib; let
cfg = config.container.module.print;
package = pkgs.callPackage <package/print> args;
host = config.container.host;
in {
options = {
container.module.print = {
enable = mkEnableOption "Printing server.";
address = mkOption {
default = "10.1.0.46";
type = types.str;
};
port = mkOption {
default = 631;
type = types.int;
};
domain = mkOption {
default = "print.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/print";
type = types.str;
};
};
};
{
container,
pkgs,
lib,
config,
__findFile,
...
}@args:
with lib;
let
cfg = config.container.module.print;
package = pkgs.callPackage <package/print> args;
host = config.container.host;
in
{
options = {
container.module.print = {
enable = mkEnableOption "Printing server.";
address = mkOption {
default = "10.1.0.46";
type = types.str;
};
port = mkOption {
default = 631;
type = types.int;
};
domain = mkOption {
default = "print.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/print";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.print = container.mkContainer cfg {
bindMounts = {
"/var/lib/cups" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.print = container.mkContainer cfg {
bindMounts = {
"/var/lib/cups" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
networking.interfaces."eth0".ipv4.routes = [{
address = "192.168.2.237";
prefixLength = 32;
via = host;
}];
config =
{ ... }:
container.mkContainerConfig cfg {
networking.interfaces."eth0".ipv4.routes = [
{
address = "192.168.2.237";
prefixLength = 32;
via = host;
}
];
services.printing = {
enable = true;
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
drivers = [ package ];
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
startWhenNeeded = true;
stateless = false;
webInterface = true;
};
};
};
};
services.printing = {
enable = true;
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
drivers = [ package ];
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
startWhenNeeded = true;
stateless = false;
webInterface = true;
};
};
};
};
}

190
container/Proxy.nix
View file

@ -9,107 +9,119 @@
# ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
# ```
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
{ util, container, pkgs, lib, config, ... } @args: with lib; let
cfg = config.container.module.proxy;
virtualHosts = util.catSet (util.ls ./proxy/host) args;
in {
options = {
container.module.proxy = {
enable = mkEnableOption "Proxy server.";
address = mkOption {
default = "10.1.0.2";
type = types.str;
};
port = mkOption {
default = 443;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/proxy";
type = types.str;
};
};
};
{
util,
container,
pkgs,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.proxy;
virtualHosts = util.catSet (util.ls ./proxy/host) args;
in
{
options = {
container.module.proxy = {
enable = mkEnableOption "Proxy server.";
address = mkOption {
default = "10.1.0.2";
type = types.str;
};
port = mkOption {
default = 443;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/proxy";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"challenge"
"letsencrypt"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"challenge"
"letsencrypt"
];
containers.proxy = container.mkContainer cfg {
bindMounts = {
"/etc/letsencrypt" = {
hostPath = "${cfg.storage}/letsencrypt";
isReadOnly = false;
};
"/var/www/.well-known" = {
hostPath = "${cfg.storage}/challenge";
isReadOnly = false;
};
};
containers.proxy = container.mkContainer cfg {
bindMounts = {
"/etc/letsencrypt" = {
hostPath = "${cfg.storage}/letsencrypt";
isReadOnly = false;
};
"/var/www/.well-known" = {
hostPath = "${cfg.storage}/challenge";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ certbot ];
config =
{ ... }:
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ certbot ];
services.nginx = {
inherit virtualHosts;
services.nginx = {
inherit virtualHosts;
enable = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
clientMaxBodySize = "4096m";
appendConfig = util.trimTabs ''
worker_processes 4;
'';
eventsConfig = util.trimTabs ''
worker_connections 4096;
'';
# TODO: Fix 80 redirect and 403 default.
appendHttpConfig = util.trimTabs ''
proxy_max_temp_file_size 0;
proxy_buffering off;
enable = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
clientMaxBodySize = "4096m";
appendConfig = ''
worker_processes 4;
'';
eventsConfig = ''
worker_connections 4096;
'';
# TODO: Fix 80 redirect and 403 default.
appendHttpConfig = ''
proxy_max_temp_file_size 0;
proxy_buffering off;
server {
server_name default_server;
listen 80;
server {
server_name default_server;
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
location / {
return 301 https://$host$request_uri;
}
}
map $http_accept_language $resume {
default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
~ru https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
}
map $http_accept_language $resume {
default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
~ru https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
}
server {
server_name ${config.container.domain};
listen 443 ssl;
server {
server_name ${config.container.domain};
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
return 301 $resume;
}
return 301 $resume;
}
server {
listen 443 ssl default_server;
server_name _;
server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
return 403;
}
'';
};
};
};
};
return 403;
}
'';
};
};
};
};
}

100
container/Rabbitmq.nix
View file

@ -1,48 +1,60 @@
{ container, pkgs, util, lib, config, ... }: with lib; let
cfg = config.container.module.rabbitmq;
in {
options = {
container.module.rabbitmq = {
enable = mkEnableOption "Mqtt server.";
address = mkOption {
default = "10.1.0.28";
type = types.str;
};
port = mkOption {
default = 5672;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/rabbitmq";
type = types.str;
};
};
};
{
container,
pkgs,
util,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.rabbitmq;
in
{
options = {
container.module.rabbitmq = {
enable = mkEnableOption "Mqtt server.";
address = mkOption {
default = "10.1.0.28";
type = types.str;
};
port = mkOption {
default = 5672;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/rabbitmq";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.rabbitmq = container.mkContainer cfg {
bindMounts = {
"/var/lib/rabbitmq" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.rabbitmq = container.mkContainer cfg {
bindMounts = {
"/var/lib/rabbitmq" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
services.rabbitmq = {
enable = true;
listenAddress = cfg.address;
port = cfg.port;
dataDir = "/var/lib/rabbitmq";
configItems = {
"loopback_users" = "none";
};
};
};
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.rabbitmq = {
enable = true;
listenAddress = cfg.address;
port = cfg.port;
dataDir = "/var/lib/rabbitmq";
configItems = {
"loopback_users" = "none";
};
};
};
};
};
}

110
container/Read.nix
View file

@ -1,55 +1,63 @@
{ container, lib, pkgs, config, ... }: with lib; let
cfg = config.container.module.read;
in {
options = {
container.module.read = {
enable = mkEnableOption "Reading server.";
address = mkOption {
default = "10.1.0.39";
type = types.str;
};
port = mkOption {
default = 5000;
type = types.int;
};
domain = mkOption {
default = "read.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/read";
type = types.str;
};
};
};
{
container,
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.container.module.read;
in
{
options = {
container.module.read = {
enable = mkEnableOption "Reading server.";
address = mkOption {
default = "10.1.0.39";
type = types.str;
};
port = mkOption {
default = 5000;
type = types.int;
};
domain = mkOption {
default = "read.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/read";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.read = container.mkContainer cfg {
bindMounts = {
"/var/lib/kavita" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
}
// container.attachMedia "book" true
// container.attachMedia "manga" true
;
containers.read = container.mkContainer cfg {
bindMounts = {
"/var/lib/kavita" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
} // container.attachMedia "book" true // container.attachMedia "manga" true;
config = { ... }: container.mkContainerConfig cfg {
services.kavita = {
enable = true;
dataDir = "/var/lib/kavita";
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
settings = {
IpAddresses = cfg.address;
Port = cfg.port;
};
};
};
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.kavita = {
enable = true;
dataDir = "/var/lib/kavita";
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
settings = {
IpAddresses = cfg.address;
Port = cfg.port;
};
};
};
};
};
}

69
container/Redis.nix
View file

@ -1,31 +1,42 @@
{ container, pkgs, util, lib, config, ... }: with lib; let
cfg = config.container.module.redis;
in {
options = {
container.module.redis = {
enable = mkEnableOption "Redis server.";
address = mkOption {
default = "10.1.0.38";
type = types.str;
};
port = mkOption {
default = 6379;
type = types.int;
};
};
};
{
container,
pkgs,
util,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.redis;
in
{
options = {
container.module.redis = {
enable = mkEnableOption "Redis server.";
address = mkOption {
default = "10.1.0.38";
type = types.str;
};
port = mkOption {
default = 6379;
type = types.int;
};
};
};
config = mkIf cfg.enable {
containers.redis = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.redis.servers.main = {
enable = true;
port = cfg.port;
bind = cfg.address;
extraParams = [ "--protected-mode no" ];
};
};
};
};
config = mkIf cfg.enable {
containers.redis = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
services.redis.servers.main = {
enable = true;
port = cfg.port;
bind = cfg.address;
extraParams = [ "--protected-mode no" ];
};
};
};
};
}

93
container/Search.nix
View file

@ -1,43 +1,54 @@
{ container, pkgs, lib, config, ... }: with lib; let
cfg = config.container.module.search;
in {
options = {
container.module.search = {
enable = mkEnableOption "Search frontend.";
address = mkOption {
default = "10.1.0.26";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "search.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/search";
type = types.str;
};
};
};
{
container,
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.search;
in
{
options = {
container.module.search = {
enable = mkEnableOption "Search frontend.";
address = mkOption {
default = "10.1.0.26";
type = types.str;
};
port = mkOption {
default = 8080;
type = types.int;
};
domain = mkOption {
default = "search.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/search";
type = types.str;
};
};
};
config = mkIf cfg.enable {
containers.search = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server = {
bind_address = cfg.address;
port = cfg.port;
secret_key = "searxxx";
};
};
};
};
};
};
config = mkIf cfg.enable {
containers.search = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server = {
bind_address = cfg.address;
port = cfg.port;
secret_key = "searxxx";
};
};
};
};
};
};
}

121
container/Status.nix
View file

@ -1,62 +1,71 @@
{ container, lib, config, ... }: with lib; let
cfg = config.container.module.status;
in {
options = {
container.module.status = {
enable = mkEnableOption "Status monitor.";
address = mkOption {
default = "10.1.0.22";
type = types.str;
};
port = mkOption {
default = 3001;
type = types.int;
};
domain = mkOption {
default = "status.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/status";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.status;
in
{
options = {
container.module.status = {
enable = mkEnableOption "Status monitor.";
address = mkOption {
default = "10.1.0.22";
type = types.str;
};
port = mkOption {
default = 3001;
type = types.int;
};
domain = mkOption {
default = "status.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/status";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.status = container.mkContainer cfg {
bindMounts = {
"/var/lib/uptime-kuma" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.status = container.mkContainer cfg {
bindMounts = {
"/var/lib/uptime-kuma" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { lib, ... }: container.mkContainerConfig cfg {
networking = {
nameservers = mkForce [
config.container.module.dns.address
];
};
config =
{ lib, ... }:
container.mkContainerConfig cfg {
networking = {
nameservers = mkForce [
config.container.module.dns.address
];
};
services.uptime-kuma = {
enable = true;
settings = {
DATA_DIR = "/var/lib/uptime-kuma/";
HOST = cfg.address;
PORT = toString cfg.port;
};
};
services.uptime-kuma = {
enable = true;
settings = {
DATA_DIR = "/var/lib/uptime-kuma/";
HOST = cfg.address;
PORT = toString cfg.port;
};
};
systemd.services.uptime-kuma = {
serviceConfig.DynamicUser = mkForce false;
};
};
};
};
systemd.services.uptime-kuma = {
serviceConfig.DynamicUser = mkForce false;
};
};
};
};
}

116
container/Stock.nix
View file

@ -1,57 +1,67 @@
{ container, lib, config, ... }: with lib; let
cfg = config.container.module.stock;
in {
options = {
container.module.stock = {
enable = mkEnableOption "Stock management.";
address = mkOption {
default = "10.1.0.45";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "stock.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/stock";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.stock;
in
{
options = {
container.module.stock = {
enable = mkEnableOption "Stock management.";
address = mkOption {
default = "10.1.0.45";
type = types.str;
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "stock.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/stock";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
];
containers.stock = container.mkContainer cfg {
bindMounts = {
"/var/lib/grocy" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.stock = container.mkContainer cfg {
bindMounts = {
"/var/lib/grocy" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
services.grocy = {
enable = true;
dataDir = "/var/lib/grocy";
hostName = cfg.domain;
nginx.enableSSL = false;
settings = {
calendar = {
firstDayOfWeek = 1;
showWeekNumber = true;
};
culture = "en";
currency = "RUB";
};
};
};
};
};
config =
{ ... }:
container.mkContainerConfig cfg {
services.grocy = {
enable = true;
dataDir = "/var/lib/grocy";
hostName = cfg.domain;
nginx.enableSSL = false;
settings = {
calendar = {
firstDayOfWeek = 1;
showWeekNumber = true;
};
culture = "en";
currency = "RUB";
};
};
};
};
};
}

174
container/Vpn.nix
View file

@ -1,88 +1,100 @@
{ container, pkgs, lib, config, ... }: with lib; let
cfg = config.container.module.vpn;
{
container,
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.vpn;
wireguardPeers = let
mkPeer = name: ip: PublicKey: {
inherit PublicKey;
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
AllowedIPs = [ "${ip}/32" ];
};
in [
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
];
in {
options = {
container.module.vpn = {
enable = mkEnableOption "Vpn server.";
address = mkOption {
default = "10.1.0.23";
type = types.str;
};
port = mkOption {
default = 51820;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/vpn";
type = types.str;
};
};
};
wireguardPeers =
let
mkPeer = name: ip: PublicKey: {
inherit PublicKey;
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
AllowedIPs = [ "${ip}/32" ];
};
in
[
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
];
in
{
options = {
container.module.vpn = {
enable = mkEnableOption "Vpn server.";
address = mkOption {
default = "10.1.0.23";
type = types.str;
};
port = mkOption {
default = 51820;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/vpn";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"data/preshared"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"data/preshared"
];
containers.vpn = container.mkContainer cfg {
bindMounts = {
"/var/lib/wireguard" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
containers.vpn = container.mkContainer cfg {
bindMounts = {
"/var/lib/wireguard" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
};
config = { ... }: container.mkContainerConfig cfg {
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
config =
{ ... }:
container.mkContainerConfig cfg {
boot.kernel.sysctl = {
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.ip_forward" = 1;
};
environment.systemPackages = with pkgs; [ wireguard-tools ];
networking.useNetworkd = true;
systemd.network = {
enable = true;
netdevs = {
"50-wg0" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = "/var/lib/wireguard/privkey";
ListenPort = cfg.port;
};
inherit wireguardPeers;
};
};
environment.systemPackages = with pkgs; [ wireguard-tools ];
networking.useNetworkd = true;
systemd.network = {
enable = true;
netdevs = {
"50-wg0" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = "/var/lib/wireguard/privkey";
ListenPort = cfg.port;
};
inherit wireguardPeers;
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = ["10.1.1.0/24"];
networkConfig = {
IPv4Forwarding = "yes";
IPMasquerade = "ipv4";
};
};
};
};
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.1.1.0/24" ];
networkConfig = {
IPv4Forwarding = "yes";
IPMasquerade = "ipv4";
};
};
};
};
};
};
}

168
container/Watch.nix
View file

@ -1,86 +1,96 @@
{ container, lib, config, ... }: with lib; let
cfg = config.container.module.watch;
in {
options = {
container.module.watch = {
enable = mkEnableOption "Media server.";
address = mkOption {
default = "10.1.0.11";
type = types.str;
};
port = mkOption {
default = 8096;
type = types.int;
};
domain = mkOption {
default = "watch.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/watch";
type = types.str;
};
memLimit = mkOption {
default = "8G";
type = types.str;
};
};
};
{
container,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.watch;
in
{
options = {
container.module.watch = {
enable = mkEnableOption "Media server.";
address = mkOption {
default = "10.1.0.11";
type = types.str;
};
port = mkOption {
default = 8096;
type = types.int;
};
domain = mkOption {
default = "watch.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/watch";
type = types.str;
};
memLimit = mkOption {
default = "8G";
type = types.str;
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"cache"
];
config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data"
"cache"
];
containers.watch = container.mkContainer cfg {
bindMounts = {
"/var/lib/jellyfin" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/cache/jellyfin" = {
hostPath = "${cfg.storage}/cache";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
}
// container.attachMedia "anime" true
// container.attachMedia "download" true
// container.attachMedia "movie" true
// container.attachMedia "music" true
// container.attachMedia "photo" true
// container.attachMedia "porn" true
// container.attachMedia "show" true
// container.attachMedia "study" true
// container.attachMedia "work" true
// container.attachMedia "youtube" true
;
containers.watch = container.mkContainer cfg {
bindMounts =
{
"/var/lib/jellyfin" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/var/cache/jellyfin" = {
hostPath = "${cfg.storage}/cache";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
}
// container.attachMedia "anime" true
// container.attachMedia "download" true
// container.attachMedia "movie" true
// container.attachMedia "music" true
// container.attachMedia "photo" true
// container.attachMedia "porn" true
// container.attachMedia "show" true
// container.attachMedia "study" true
// container.attachMedia "work" true
// container.attachMedia "youtube" true;
allowedDevices = [
{
modifier = "rwm";
node = "/dev/dri/renderD128";
}
];
allowedDevices = [
{
modifier = "rwm";
node = "/dev/dri/renderD128";
}
];
config = { ... }: container.mkContainerConfig cfg {
# users.users.jellyfin.extraGroups = [
# "video"
# "render"
# ];
config =
{ ... }:
container.mkContainerConfig cfg {
# users.users.jellyfin.extraGroups = [
# "video"
# "render"
# ];
services.jellyfin = {
enable = true;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
services.jellyfin = {
enable = true;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
};
};
};
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
};
};
};
}

112
container/Yt.nix
View file

@ -1,52 +1,64 @@
{ container, pkgs, lib, config, __findFile, ... }: with lib; let
cfg = config.container.module.yt;
in {
options = {
container.module.yt = {
enable = mkEnableOption "YouTube frontend.";
address = mkOption {
default = "10.1.0.19";
type = types.str;
};
port = mkOption {
default = 3000;
type = types.int;
};
domain = mkOption {
default = "yt.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/yt";
type = types.str;
};
};
};
{
container,
pkgs,
lib,
config,
__findFile,
...
}:
with lib;
let
cfg = config.container.module.yt;
in
{
options = {
container.module.yt = {
enable = mkEnableOption "YouTube frontend.";
address = mkOption {
default = "10.1.0.19";
type = types.str;
};
port = mkOption {
default = 3000;
type = types.int;
};
domain = mkOption {
default = "yt.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/yt";
type = types.str;
};
};
};
config = mkIf cfg.enable {
containers.yt = container.mkContainer cfg {
config = { ... }: container.mkContainerConfig cfg {
services.invidious = {
enable = true;
domain = cfg.domain;
port = cfg.port;
nginx.enable = false;
database = {
port = config.container.module.postgres.port;
host = config.container.module.postgres.address;
createLocally = false;
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
};
settings = {
admins = [ "root" ];
captcha_enabled = false;
check_tables = true;
registration_enabled = false;
external_port = 443;
https_only = true;
};
};
};
};
};
config = mkIf cfg.enable {
containers.yt = container.mkContainer cfg {
config =
{ ... }:
container.mkContainerConfig cfg {
services.invidious = {
enable = true;
domain = cfg.domain;
port = cfg.port;
nginx.enable = false;
database = {
port = config.container.module.postgres.port;
host = config.container.module.postgres.address;
createLocally = false;
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
};
settings = {
admins = [ "root" ];
captcha_enabled = false;
check_tables = true;
registration_enabled = false;
external_port = 443;
https_only = true;
};
};
};
};
};
}

101
container/default.nix
View file

@ -1,58 +1,61 @@
{ lib, config, ... }: with lib; let
cfg = config.container;
in {
options = {
container = {
enable = mkEnableOption "Containers!!";
{ lib, config, ... }:
with lib;
let
cfg = config.container;
in
{
options = {
container = {
enable = mkEnableOption "Containers!!";
autoStart = mkOption {
default = false;
type = types.bool;
};
autoStart = mkOption {
default = false;
type = types.bool;
};
host = mkOption {
default = "0.0.0.0";
type = types.str;
};
host = mkOption {
default = "0.0.0.0";
type = types.str;
};
localAccess = mkOption {
default = "0.0.0.0";
type = types.str;
};
localAccess = mkOption {
default = "0.0.0.0";
type = types.str;
};
storage = mkOption {
default = "/tmp/container";
type = types.str;
};
storage = mkOption {
default = "/tmp/container";
type = types.str;
};
domain = mkOption {
default = "local";
type = types.str;
};
domain = mkOption {
default = "local";
type = types.str;
};
interface = mkOption {
default = "lo";
type = types.str;
};
interface = mkOption {
default = "lo";
type = types.str;
};
media = mkOption {
default = {};
type = types.attrs;
};
};
};
media = mkOption {
default = { };
type = types.attrs;
};
};
};
config = mkIf cfg.enable {
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = config.container.interface;
};
networkmanager.unmanaged = [ "interface-name:ve-*" ];
};
};
config = mkIf cfg.enable {
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = config.container.interface;
};
networkmanager.unmanaged = [ "interface-name:ve-*" ];
};
};
}

50
container/proxy/host/Camera.nix
View file

@ -1,25 +1,31 @@
{ util, config, lib, container, ... }: let
domain = "camera.${config.container.domain}";
address = "192.168.2.249";
port = 554;
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
{
config,
container,
...
}:
let
domain = "camera.${config.container.domain}";
address = "192.168.2.249";
port = 554;
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
return 301 rtsp://${address}:${toString port}/live/main;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
return 301 rtsp://${address}:${toString port}/live/main;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

48
container/proxy/host/Change.nix
View file

@ -1,28 +1,30 @@
{ util, config, container, ... }: let
cfg = config.container.module.change;
name = "change";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ config, container, ... }:
let
cfg = config.container.module.change;
name = "change";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
proxy_pass http://''$${name}$request_uri;
add_header Referrer-Policy 'origin';
}
add_header Referrer-Policy 'origin';
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

53
container/proxy/host/Cloud.nix
View file

@ -1,30 +1,31 @@
{ util, config, container, ... }: let
cfg = config.container.module.cloud;
name = "cloud";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ config, container, ... }:
let
cfg = config.container.module.cloud;
name = "cloud";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Download.nix
View file

@ -1,25 +1,27 @@
{ util, config, container, ... }: let
cfg = config.container.module.download;
name = "download";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ config, container, ... }:
let
cfg = config.container.module.download;
name = "download";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

60
container/proxy/host/Git.nix
View file

@ -1,33 +1,35 @@
{ util, container, config, ... }: let
cfg = config.container.module.git;
name = "git";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.git;
name = "git";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(admin|api|user) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location ~ ^/(admin|api|user) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
# allow ${config.container.localAccess};
# allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address};
# deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
# allow ${config.container.localAccess};
# allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address};
# deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

50
container/proxy/host/Hdd.nix
View file

@ -1,25 +1,31 @@
{ util, container, config, ... }: let
cfg = config.container.module.hdd;
name = "hdd";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{
container,
config,
...
}:
let
cfg = config.container.module.hdd;
name = "hdd";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

50
container/proxy/host/Home.nix
View file

@ -1,25 +1,31 @@
{ util, config, container, ... }: let
cfg = config.container.module.home;
name = "home";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{
config,
container,
...
}:
let
cfg = config.container.module.home;
name = "home";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

60
container/proxy/host/Iot.nix
View file

@ -1,32 +1,38 @@
{ util, container, config, ... }: let
cfg = config.container.module.iot;
name = "iot";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{
container,
config,
...
}:
let
cfg = config.container.module.iot;
name = "iot";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://''$${name}$request_uri;
}
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Mail.nix
View file

@ -1,25 +1,27 @@
{ util, container, config, ... }: let
cfg = config.container.module.mail;
name = "mail";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.mail;
name = "mail";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

48
container/proxy/host/Office.nix
View file

@ -1,26 +1,28 @@
{ util, container, config, ... }: let
cfg = config.container.module.office;
name = "office";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.office;
name = "office";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
# allow ${config.container.localAccess};
# allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address};
# deny all;
add_header X-Forwarded-Proto https;
proxy_pass http://''$${name}$request_uri;
}
location / {
# allow ${config.container.localAccess};
# allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address};
# deny all;
add_header X-Forwarded-Proto https;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Paper.nix
View file

@ -1,25 +1,27 @@
{ util, container, config, ... }: let
cfg = config.container.module.paper;
name = "paper";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.paper;
name = "paper";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Pass.nix
View file

@ -1,25 +1,27 @@
{ util, container, config, ... }: let
cfg = config.container.module.pass;
name = "pass";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.pass;
name = "pass";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

42
container/proxy/host/Paste.nix
View file

@ -1,24 +1,26 @@
{ util, container, config, ... }: let
cfg = config.container.module.paste;
name = "paste";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.paste;
name = "paste";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location = / {
return 403;
}
location = / {
return 403;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
location / {
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

52
container/proxy/host/Print.nix
View file

@ -1,30 +1,32 @@
{ util, container, config, ... }: let
cfg = config.container.module.print;
name = "print";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.print;
name = "print";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
proxy_pass http://''$${name}$request_uri;
proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

50
container/proxy/host/Printer.nix
View file

@ -1,27 +1,29 @@
{ util, container, config, ... }: let
address = "192.168.2.237";
domain = "printer.${config.container.domain}";
port = 80;
name = "printer";
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
{ container, config, ... }:
let
address = "192.168.2.237";
domain = "printer.${config.container.domain}";
port = 80;
name = "printer";
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Read.nix
View file

@ -1,25 +1,27 @@
{ util, container, config, ... }: let
cfg = config.container.module.read;
name = "read";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.read;
name = "read";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

51
container/proxy/host/Router.nix
View file

@ -1,28 +1,29 @@
{ util, container, config, ... }: let
address = "10.0.0.2";
domain = "router.${config.container.domain}";
port = 80;
name = "router";
in {
${domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
{ container, config, ... }:
let
address = "10.0.0.2";
domain = "router.${config.container.domain}";
port = 80;
name = "router";
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

50
container/proxy/host/Search.nix
View file

@ -1,25 +1,31 @@
{ util, container, config, ... }: let
cfg = config.container.module.search;
name = "search";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{
container,
config,
...
}:
let
cfg = config.container.module.search;
name = "search";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

58
container/proxy/host/Status.nix
View file

@ -1,32 +1,34 @@
{ util, container, config, ... }: let
cfg = config.container.module.status;
name = "sstatus";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.status;
name = "sstatus";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(dashboard|settings) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location ~ ^/(dashboard|settings) {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Stock.nix
View file

@ -1,25 +1,27 @@
{ util, container, config, ... }: let
cfg = config.container.module.stock;
name = "stock";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.stock;
name = "stock";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

46
container/proxy/host/Watch.nix
View file

@ -1,25 +1,27 @@
{ util, container, config, ... }: let
cfg = config.container.module.watch;
name = "watch";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.watch;
name = "watch";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

60
container/proxy/host/Yt.nix
View file

@ -1,35 +1,37 @@
{ util, container, config, ... }: let
cfg = config.container.module.yt;
name = "yt";
in {
${cfg.domain} = container.mkServer {
extraConfig = util.trimTabs ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
{ container, config, ... }:
let
cfg = config.container.module.yt;
name = "yt";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
proxy_pass http://''$${name}$request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options;
}
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

623
flake.nix
View file

@ -1,328 +1,373 @@
# This is a configuration entry-point called "Flake".
# Here you define your inputs (dependencies) and outputs (hosts).
{
# Those are external dependencies.
inputs = {
# Core system.
# Homepage: https://github.com/NixOS/nixpkgs
# Manual: https://nixos.org/manual/nixos/stable
# Search: https://search.nixos.org/packages and https://search.nixos.org/options
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
# Those are external dependencies.
inputs = {
# Core system.
# Homepage: https://github.com/NixOS/nixpkgs
# Manual: https://nixos.org/manual/nixos/stable
# Search: https://search.nixos.org/packages and https://search.nixos.org/options
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
# This thing manages user's /home directroies. Because NixOS only manages system itself.
# Homepage: https://github.com/nix-community/home-manager
# Manual: https://nix-community.github.io/home-manager
# Search: https://home-manager-options.extranix.com
home-manager = {
url = "github:nix-community/home-manager";
# This thing manages user's /home directroies. Because NixOS only manages system itself.
# Homepage: https://github.com/nix-community/home-manager
# Manual: https://nix-community.github.io/home-manager
# Search: https://home-manager-options.extranix.com
home-manager = {
url = "github:nix-community/home-manager";
# This means that home-manager and our Flake both depend on the same nixpkgs version.
inputs.nixpkgs.follows = "nixpkgs";
};
# This means that home-manager and our Flake both depend on the same nixpkgs version.
inputs.nixpkgs.follows = "nixpkgs";
};
# This allows automatic styling based on active Wallpaper.
# Homepage: https://github.com/danth/stylix
# Manual: https://danth.github.io/stylix
stylix.url = "github:danth/stylix";
# This allows automatic styling based on active Wallpaper.
# Homepage: https://github.com/danth/stylix
# Manual: https://danth.github.io/stylix
stylix.url = "github:danth/stylix";
# I use this for a single container called jobber. WARN: Do not update.
# You likely won't need this one, so just skip it for now.
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
# I use this for a single container called jobber. WARN: Do not update.
# You likely won't need this one, so just skip it for now.
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations.
# Homepage: https://github.com/nix-community/nix-on-droid
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations.
# Homepage: https://github.com/nix-community/nix-on-droid
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix).
nvimAlign = {
url = "github:echasnovski/mini.align";
flake = false;
};
nvimAutoclose = {
url = "github:m4xshen/autoclose.nvim";
flake = false;
};
nvimBufferline = {
url = "github:akinsho/bufferline.nvim";
flake = false;
};
nvimCloseBuffers = {
url = "github:kazhala/close-buffers.nvim";
flake = false;
};
nvimColorizer = {
url = "github:brenoprata10/nvim-highlight-colors";
flake = false;
};
nvimDevicons = {
url = "github:nvim-tree/nvim-web-devicons";
flake = false;
};
nvimGitsigns = {
url = "github:lewis6991/gitsigns.nvim";
flake = false;
};
nvimGruvboxMaterial = {
url = "github:sainnhe/gruvbox-material";
flake = false;
};
nvimIndentoMatic = {
url = "github:Darazaki/indent-o-matic";
flake = false;
};
nvimLspconfig = {
url = "github:neovim/nvim-lspconfig";
flake = false;
};
nvimOllama = {
url = "github:nomnivore/ollama.nvim";
flake = false;
};
nvimPlenary = {
url = "github:nvim-lua/plenary.nvim";
flake = false;
};
nvimTelescope = {
url = "github:nvim-telescope/telescope.nvim";
flake = false;
};
nvimTodo = {
url = "github:folke/todo-comments.nvim";
flake = false;
};
nvimTree = {
url = "github:nvim-tree/nvim-tree.lua";
flake = false;
};
nvimTreesitter = {
url = "github:nvim-treesitter/nvim-treesitter";
flake = false;
};
nvimTrouble = {
url = "github:folke/trouble.nvim";
flake = false;
};
};
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix).
nvimAlign = {
url = "github:echasnovski/mini.align";
flake = false;
};
nvimAutoclose = {
url = "github:m4xshen/autoclose.nvim";
flake = false;
};
nvimBufferline = {
url = "github:akinsho/bufferline.nvim";
flake = false;
};
nvimCloseBuffers = {
url = "github:kazhala/close-buffers.nvim";
flake = false;
};
nvimColorizer = {
url = "github:brenoprata10/nvim-highlight-colors";
flake = false;
};
nvimDevicons = {
url = "github:nvim-tree/nvim-web-devicons";
flake = false;
};
nvimGitsigns = {
url = "github:lewis6991/gitsigns.nvim";
flake = false;
};
nvimGruvboxMaterial = {
url = "github:sainnhe/gruvbox-material";
flake = false;
};
nvimIndentoMatic = {
url = "github:Darazaki/indent-o-matic";
flake = false;
};
nvimLspconfig = {
url = "github:neovim/nvim-lspconfig";
flake = false;
};
nvimOllama = {
url = "github:nomnivore/ollama.nvim";
flake = false;
};
nvimPlenary = {
url = "github:nvim-lua/plenary.nvim";
flake = false;
};
nvimTelescope = {
url = "github:nvim-telescope/telescope.nvim";
flake = false;
};
nvimTodo = {
url = "github:folke/todo-comments.nvim";
flake = false;
};
nvimTree = {
url = "github:nvim-tree/nvim-tree.lua";
flake = false;
};
nvimTreesitter = {
url = "github:nvim-treesitter/nvim-treesitter";
flake = false;
};
nvimTrouble = {
url = "github:folke/trouble.nvim";
flake = false;
};
};
# Those are outputs (hosts, configurations) that can be produced by this whole config.
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
# `...` at the end of a set means "ignore other arguments provided to this function".
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
outputs = { self, nixpkgs, nixpkgsStable, nixpkgsMaster, nix-on-droid, home-manager, stylix, poetry2nixJobber, nixpkgsJobber, ... } @inputs: {
# Constant values.
const = {
droidStateVersion = "23.11";
stateVersion = "24.05";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
# Those are outputs (hosts, configurations) that can be produced by this whole config.
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
# `...` at the end of a set means "ignore other arguments provided to this function".
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
outputs =
{
self,
nixpkgs,
nixpkgsStable,
nixpkgsMaster,
nix-on-droid,
home-manager,
stylix,
poetry2nixJobber,
nixpkgsJobber,
...
}@inputs:
{
# Constant values.
const = {
droidStateVersion = "23.11";
stateVersion = "24.05";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
# Hack to use <container/Change.nix> in other files.
# Need to add __findFile to args tho.
__findFile = _: p: ./${p};
# Hack to use <container/Change.nix> in other files.
# Need to add __findFile to args tho.
__findFile = _: p: ./${p};
# List all files in a dir.
findFiles = path: map (f: "${path}/${f}") (
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
builtins.attrNames (builtins.readDir path)
)
);
# List all files in a dir.
findFiles =
path:
map (f: "${path}/${f}") (
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
builtins.attrNames (builtins.readDir path)
)
);
# Dev shell for this repo.
devShells = let
system = "x86_64-linux";
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system};
in {
${system}.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
nixd
];
# buildInputs = with pkgs; [ ];
# Dev shell for this repo.
devShells =
let
system = "x86_64-linux";
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system};
in
{
${system}.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
nixd
nixfmt-rfc-style
treefmt
];
# buildInputs = with pkgs; [ ];
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
# SOURCE_DATE_EPOCH = "${toString self.lastModified}";
};
};
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
# SOURCE_DATE_EPOCH = "${toString self.lastModified}";
};
};
# Nixos systems.
nixosConfigurations = let
# Function to create a host. It does basic setup, like adding common modules.
mkHost = { system, hostname }: nixpkgs.lib.nixosSystem {
# `Inherit` is just an alias for `system = system;`, which means that
# keep the `system` argument as a property in a resulting set.
inherit system;
# Nixos systems.
nixosConfigurations =
let
# Function to create a host. It does basic setup, like adding common modules.
mkHost =
{ system, hostname }:
nixpkgs.lib.nixosSystem {
# `Inherit` is just an alias for `system = system;`, which means that
# keep the `system` argument as a property in a resulting set.
inherit system;
# List of modules to use by defualt for all the hosts.
modules = [
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# List of modules to use by defualt for all the hosts.
modules =
[
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# Specify current release version.
{ system.stateVersion = self.const.stateVersion; }
# Specify current release version.
{ system.stateVersion = self.const.stateVersion; }
# Add Home Manager module.
home-manager.nixosModules.home-manager
# Add Home Manager module.
home-manager.nixosModules.home-manager
# Add Stylix module.
stylix.nixosModules.stylix
# Add Stylix module.
stylix.nixosModules.stylix
# HM config.
./home/NixOs.nix
]
++ (self.findFiles ./host/${system}/${hostname})
++ (self.findFiles ./config)
++ (self.findFiles ./container)
++ (self.findFiles ./module)
++ (self.findFiles ./system)
++ (self.findFiles ./overlay);
# HM config.
./home/NixOs.nix
]
++ (self.findFiles ./host/${system}/${hostname})
++ (self.findFiles ./config)
++ (self.findFiles ./container)
++ (self.findFiles ./module)
++ (self.findFiles ./system)
++ (self.findFiles ./overlay);
# SpecialArgs allows you to pass objects down to other NixOS modules.
specialArgs = let
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
lib = nixpkgs.lib;
config = self.nixosConfigurations.${hostname}.config;
in {
inherit inputs self;
inherit (self) const __findFile;
# SpecialArgs allows you to pass objects down to other NixOS modules.
specialArgs =
let
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
lib = nixpkgs.lib;
config = self.nixosConfigurations.${hostname}.config;
in
{
inherit inputs self;
inherit (self) const __findFile;
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
secret = import ./secret {}; # Secrets (public keys).
container = import ./lib/Container.nix { inherit lib pkgs config; inherit (self) const; }; # Container utils.
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
secret = import ./secret { }; # Secrets (public keys).
container = import ./lib/Container.nix {
inherit lib pkgs config;
inherit (self) const;
}; # Container utils.
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
# Stuff for Jobber container, skip this part.
inherit poetry2nixJobber;
};
};
# Stuff for Jobber container, skip this part.
inherit poetry2nixJobber;
};
};
mkSystem = system: hostname: {
"${hostname}" = mkHost {
inherit system hostname;
};
};
in nixpkgs.lib.foldl' (acc: h: acc // h) {} (
map (system:
nixpkgs.lib.foldl' (acc: h: acc // h) {} (
map (host:
mkSystem system host
) (builtins.attrNames (builtins.readDir ./host/${system}))
)
) (builtins.attrNames (builtins.readDir ./host))
);
mkSystem = system: hostname: {
"${hostname}" = mkHost {
inherit system hostname;
};
};
in
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (
system:
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system}))
)
) (builtins.attrNames (builtins.readDir ./host))
);
# Home manager (distro-independent).
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
# Or with --daemon for multi-user (as root).
# $ nix run home-manager/master -- init --switch
# $ nix shell '<home-manager>' -A install
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
# And then # systemctl restart nix-daemon.service
# $ home-manager switch --flake ~/hmconf
homeConfigurations =
let
lib = nixpkgs.lib;
secret = import ./secret { };
util = import ./lib/Util.nix { inherit lib; };
# Home manager (distro-independent).
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
# Or with --daemon for multi-user (as root).
# $ nix run home-manager/master -- init --switch
# $ nix shell '<home-manager>' -A install
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
# And then # systemctl restart nix-daemon.service
# $ home-manager switch --flake ~/hmconf
homeConfigurations = let
lib = nixpkgs.lib;
secret = import ./secret {};
util = import ./lib/Util.nix { inherit lib; };
mkCommonHome =
username: homeDirectory: system: modules:
let
pkgs = nixpkgs.legacyPackages.${system};
pkgsStable = nixpkgsStable.legacyPackages.${system};
pkgsMaster = nixpkgsMaster.legacyPackages.${system};
in
{
${username} = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
mkCommonHome = username: homeDirectory: system: modules: let
pkgs = nixpkgs.legacyPackages.${system};
pkgsStable = nixpkgsStable.legacyPackages.${system};
pkgsMaster = nixpkgsMaster.legacyPackages.${system};
in {
${username} = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
self
inputs
secret
util
pkgs
pkgsStable
pkgsMaster
;
inherit (self) const __findFile;
};
modules = [
./home/HomeManager.nix
{
home.hm = {
inherit username homeDirectory;
enable = true;
package = {
core.enable = true;
};
};
}
extraSpecialArgs = {
inherit self inputs secret util pkgs pkgsStable pkgsMaster;
inherit (self) const __findFile;
};
modules = [
./home/HomeManager.nix
{
home.hm = {
inherit username homeDirectory;
enable = true;
package = {
core.enable = true;
};
};
}
{ nixpkgs.config.allowUnfree = true; }
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.package = pkgs.nix; }
{
nix.settings.experimental-features = [
"nix-command "
"flakes"
];
}
{ nixpkgs.config.allowUnfree = true; }
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.package = pkgs.nix; }
{ nix.settings.experimental-features = [ "nix-command " "flakes" ]; }
inputs.stylix.homeManagerModules.stylix
] ++ modules ++ (self.findFiles ./config);
};
};
inputs.stylix.homeManagerModules.stylix
]
++ modules
++ (self.findFiles ./config);
};
};
x86LinuxHome = username: modules: mkCommonHome username "/home/${username}" "x86_64-linux" modules;
x86LinuxRoot = mkCommonHome "root" "/root" "x86_64-linux" [ ];
in
nixpkgs.lib.foldl' (acc: h: acc // h) { } [
x86LinuxRoot
(x86LinuxHome "voronind" [
{
home.hm.package = {
common.enable = true;
};
}
])
];
x86LinuxHome = username: modules: mkCommonHome username "/home/${username}" "x86_64-linux" modules;
x86LinuxRoot = mkCommonHome "root" "/root" "x86_64-linux" [];
in nixpkgs.lib.foldl' (acc: h: acc // h) {} [
x86LinuxRoot
(x86LinuxHome "voronind" [
{
home.hm.package = {
common.enable = true;
};
}
])
];
# Android.
nixOnDroidConfigurations.default =
let
config = self.nixOnDroidConfigurations.default.config;
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages."aarch64-linux".pkgs;
in
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
# Android release version.
{ system.stateVersion = self.const.droidStateVersion; }
# Android.
nixOnDroidConfigurations.default = let
config = self.nixOnDroidConfigurations.default.config;
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages."aarch64-linux".pkgs;
in nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
# Android release version.
{ system.stateVersion = self.const.droidStateVersion; }
# I put all my Android configuration there.
./home/Android.nix
{ home.android.enable = true; }
# I put all my Android configuration there.
./home/Android.nix
{ home.android.enable = true; }
# { nixpkgs.config.allowUnfree = true; }
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
# { nixpkgs.config.allowUnfree = true; }
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
# Some common modules.
./config/Setting.nix
./config/Wallpaper.nix
(import ./config/Style.nix {
inherit (config.home-manager) config;
inherit (self) __findFile;
inherit lib pkgs;
})
];
# Some common modules.
./config/Setting.nix
./config/Wallpaper.nix
(import ./config/Style.nix {
inherit (config.home-manager) config;
inherit (self) __findFile;
inherit lib pkgs;
})
];
# SpecialArgs allows you to pass objects down to other configuration.
extraSpecialArgs = {
inherit inputs self;
inherit (self) const __findFile;
# SpecialArgs allows you to pass objects down to other configuration.
extraSpecialArgs = {
inherit inputs self;
inherit (self) const __findFile;
secret = import ./secret {}; # Secrets (public keys).
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
};
};
};
secret = import ./secret { }; # Secrets (public keys).
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
};
};
};
}
# That's it!

79
home/Android.nix
View file

@ -1,40 +1,45 @@
# This is a common user configuration.
{ const
, pkgs
, self
, config
, lib
, inputs
, pkgsStable
, pkgsMaster
, __findFile
, ... } @args: with lib; let
cfg = config.home.android;
stylix = import <config/Stylix.nix> args;
android = import ./android args;
package = import <package> args;
# homePath = "/data/data/com.termux.nix/files/home";
in {
options = {
home.android = {
enable = mkEnableOption "Android HM config.";
};
};
{
const,
pkgs,
self,
config,
lib,
inputs,
pkgsStable,
pkgsMaster,
__findFile,
...
}@args:
with lib;
let
cfg = config.home.android;
stylix = import <config/Stylix.nix> args;
android = import ./android args;
package = import <package> args;
in
# homePath = "/data/data/com.termux.nix/files/home";
{
options = {
home.android = {
enable = mkEnableOption "Android HM config.";
};
};
config = mkIf cfg.enable {
time.timeZone = const.timeZone;
environment.packages = package.core;
home-manager.config = stylix // {
imports = [ inputs.stylix.homeManagerModules.stylix ];
home = {
stateVersion = const.droidStateVersion;
sessionVariables = import ./variable args;
file = (import ./config args) // {
".termux/_font.ttf".source = android.font;
".termux/_colors.properties".text = android.colors;
};
};
programs = import ./program args;
};
};
config = mkIf cfg.enable {
time.timeZone = const.timeZone;
environment.packages = package.core;
home-manager.config = stylix // {
imports = [ inputs.stylix.homeManagerModules.stylix ];
home = {
stateVersion = const.droidStateVersion;
sessionVariables = import ./variable args;
file = (import ./config args) // {
".termux/_font.ttf".source = android.font;
".termux/_colors.properties".text = android.colors;
};
};
programs = import ./program args;
};
};
}

117
home/HomeManager.nix
View file

@ -1,59 +1,64 @@
# This is a common user configuration.
{ const
, util
, config
, lib
, __findFile
, ... } @args: with lib; let
cfg = config.home.hm;
package = import <package> args;
in {
options = {
home.hm = {
enable = mkEnableOption "Home-Manager standalone config.";
username = mkOption {
default = null;
type = types.str;
};
homeDirectory = mkOption {
default = "/home/${cfg.username}";
type = types.str;
};
package = mkOption {
default = {};
type = types.submodule {
options = {
common.enable = mkEnableOption "Common apps.";
core.enable = mkEnableOption "Core apps.";
creative.enable = mkEnableOption "Creative apps.";
desktop.enable = mkEnableOption "Desktop apps.";
dev.enable = mkEnableOption "Dev apps.";
extra.enable = mkEnableOption "Extra apps.";
gaming.enable = mkEnableOption "Gaming apps.";
};
};
};
};
};
{
const,
util,
config,
lib,
__findFile,
...
}@args:
with lib;
let
cfg = config.home.hm;
package = import <package> args;
in
{
options = {
home.hm = {
enable = mkEnableOption "Home-Manager standalone config.";
username = mkOption {
default = null;
type = types.str;
};
homeDirectory = mkOption {
default = "/home/${cfg.username}";
type = types.str;
};
package = mkOption {
default = { };
type = types.submodule {
options = {
common.enable = mkEnableOption "Common apps.";
core.enable = mkEnableOption "Core apps.";
creative.enable = mkEnableOption "Creative apps.";
desktop.enable = mkEnableOption "Desktop apps.";
dev.enable = mkEnableOption "Dev apps.";
extra.enable = mkEnableOption "Extra apps.";
gaming.enable = mkEnableOption "Gaming apps.";
};
};
};
};
};
config = mkIf cfg.enable (mkMerge [
{
home = {
inherit (cfg) username homeDirectory;
inherit (const) stateVersion;
file = import ./config args;
sessionVariables = import ./variable args;
};
xdg = import ./xdg { inherit (cfg) homeDirectory; };
programs = import ./program args;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
}
(mkIf cfg.package.common.enable { home.packages = package.common; })
(mkIf cfg.package.core.enable { home.packages = package.core; })
(mkIf cfg.package.creative.enable { home.packages = package.creative; })
(mkIf cfg.package.desktop.enable { home.packages = package.desktop; })
(mkIf cfg.package.dev.enable { home.packages = package.dev; })
(mkIf cfg.package.extra.enable { home.packages = package.extra; })
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
]);
config = mkIf cfg.enable (mkMerge [
{
home = {
inherit (cfg) username homeDirectory;
inherit (const) stateVersion;
file = import ./config args;
sessionVariables = import ./variable args;
};
xdg = import ./xdg { inherit (cfg) homeDirectory; };
programs = import ./program args;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
}
(mkIf cfg.package.common.enable { home.packages = package.common; })
(mkIf cfg.package.core.enable { home.packages = package.core; })
(mkIf cfg.package.creative.enable { home.packages = package.creative; })
(mkIf cfg.package.desktop.enable { home.packages = package.desktop; })
(mkIf cfg.package.dev.enable { home.packages = package.dev; })
(mkIf cfg.package.extra.enable { home.packages = package.extra; })
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
]);
}

85
home/NixOs.nix
View file

@ -1,44 +1,53 @@
# This is a common user configuration.
{ const
, config
, util
, lib
, pkgs
, ... } @args: with lib; let
cfg = config.home.nixos;
in {
imports = (util.ls ./user);
{
const,
config,
util,
lib,
pkgs,
...
}@args:
with lib;
let
cfg = config.home.nixos;
in
{
imports = (util.ls ./user);
options = {
home.nixos = {
enable = mkEnableOption "NixOS user setup.";
users = mkOption {
default = [];
type = types.listOf types.attrs;
};
};
};
options = {
home.nixos = {
enable = mkEnableOption "NixOS user setup.";
users = mkOption {
default = [ ];
type = types.listOf types.attrs;
};
};
};
config = mkIf cfg.enable {
home-manager = {
users = builtins.foldl' (acc: user: acc // {
${user.username} = {
home = {
inherit (const) stateVersion;
inherit (user) username homeDirectory;
file = import ./config args;
sessionVariables = import ./variable args;
config = mkIf cfg.enable {
home-manager = {
users = builtins.foldl' (
acc: user:
acc
// {
${user.username} = {
home = {
inherit (const) stateVersion;
inherit (user) username homeDirectory;
file = import ./config args;
sessionVariables = import ./variable args;
# ISSUE: https://github.com/nix-community/home-manager/issues/5589
extraActivationPath = with pkgs; [ openssh ];
};
xdg = import ./xdg { inherit (user) homeDirectory; };
programs = import ./program args;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
};
}) {} cfg.users;
# ISSUE: https://github.com/nix-community/home-manager/issues/5589
extraActivationPath = with pkgs; [ openssh ];
};
xdg = import ./xdg { inherit (user) homeDirectory; };
programs = import ./program args;
dconf.settings = util.catSet (util.ls ./config/dconf) args;
};
}
) { } cfg.users;
backupFileExtension = "old";
};
};
backupFileExtension = "old";
};
};
}

19
home/android/default.nix
View file

@ -1,10 +1,13 @@
{ pkgs, util, config, ... }: {
font = pkgs.runCommandNoCC "font" {} ''
cp ${pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
'';
{ pkgs, config, ... }:
{
font = pkgs.runCommandNoCC "font" { } ''
cp ${
pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }
}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
'';
colors = util.trimTabs ''
background=#${config.style.color.bg.dark}
foreground=#${config.style.color.fg.light}
'';
colors = ''
background=#${config.style.color.bg.dark}
foreground=#${config.style.color.fg.light}
'';
}

347
home/config/btop/default.nix
View file

@ -1,249 +1,250 @@
{ config, util, ... }: {
text = util.trimTabs ''
#? Config file for btop v. 1.3.0
{ ... }:
{
text = ''
#? Config file for btop v. 1.3.0
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme"
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme"
#* If the theme set background should be shown, set to False if you want terminal background transparency.
theme_background = False
#* If the theme set background should be shown, set to False if you want terminal background transparency.
theme_background = False
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
truecolor = True
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
truecolor = True
#* Set to true to force tty mode regardless if a real tty has been detected or not.
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
force_tty = False
#* Set to true to force tty mode regardless if a real tty has been detected or not.
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
force_tty = False
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
#* Use whitespace " " as separator between different presets.
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
presets = ""
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
#* Use whitespace " " as separator between different presets.
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
presets = ""
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
vim_keys = True
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
vim_keys = True
#* Rounded corners on boxes, is ignored if TTY mode is ON.
rounded_corners = True
#* Rounded corners on boxes, is ignored if TTY mode is ON.
rounded_corners = True
#* Default symbols to use for graph creation, "braille", "block" or "tty".
#* "braille" offers the highest resolution but might not be included in all fonts.
#* "block" has half the resolution of braille but uses more common characters.
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
graph_symbol = "braille"
#* Default symbols to use for graph creation, "braille", "block" or "tty".
#* "braille" offers the highest resolution but might not be included in all fonts.
#* "block" has half the resolution of braille but uses more common characters.
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
graph_symbol = "braille"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_cpu = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_cpu = "default"
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
graph_symbol_gpu = "default"
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
graph_symbol_gpu = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_mem = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_mem = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_net = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_net = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_proc = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_proc = "default"
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
shown_boxes = "cpu mem net proc"
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
shown_boxes = "cpu mem net proc"
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
update_ms = 2000
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
update_ms = 2000
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
proc_sorting = "memory"
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
proc_sorting = "memory"
#* Reverse sorting order, True or False.
proc_reversed = False
#* Reverse sorting order, True or False.
proc_reversed = False
#* Show processes as a tree.
proc_tree = False
#* Show processes as a tree.
proc_tree = False
#* Use the cpu graph colors in the process list.
proc_colors = True
#* Use the cpu graph colors in the process list.
proc_colors = True
#* Use a darkening gradient in the process list.
proc_gradient = True
#* Use a darkening gradient in the process list.
proc_gradient = True
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
proc_per_core = False
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
proc_per_core = False
#* Show process memory as bytes instead of percent.
proc_mem_bytes = True
#* Show process memory as bytes instead of percent.
proc_mem_bytes = True
#* Show cpu graph for each process.
proc_cpu_graphs = True
#* Show cpu graph for each process.
proc_cpu_graphs = True
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
proc_info_smaps = False
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
proc_info_smaps = False
#* Show proc box on left side of screen instead of right.
proc_left = True
#* Show proc box on left side of screen instead of right.
proc_left = True
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
proc_filter_kernel = True
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
proc_filter_kernel = True
#* In tree-view, always accumulate child process resources in the parent process.
proc_aggregate = False
#* In tree-view, always accumulate child process resources in the parent process.
proc_aggregate = False
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_upper = "total"
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_upper = "total"
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_lower = "total"
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu.
cpu_graph_lower = "total"
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
show_gpu_info = "Auto"
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
show_gpu_info = "Auto"
#* Toggles if the lower CPU graph should be inverted.
cpu_invert_lower = True
#* Toggles if the lower CPU graph should be inverted.
cpu_invert_lower = True
#* Set to True to completely disable the lower CPU graph.
cpu_single_graph = False
#* Set to True to completely disable the lower CPU graph.
cpu_single_graph = False
#* Show cpu box at bottom of screen instead of top.
cpu_bottom = False
#* Show cpu box at bottom of screen instead of top.
cpu_bottom = False
#* Shows the system uptime in the CPU box.
show_uptime = True
#* Shows the system uptime in the CPU box.
show_uptime = True
#* Show cpu temperature.
check_temp = True
#* Show cpu temperature.
check_temp = True
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
cpu_sensor = "Auto"
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
cpu_sensor = "Auto"
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
show_coretemp = True
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
show_coretemp = True
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
#* Example: "4:0 5:1 6:3"
cpu_core_map = ""
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
#* Example: "4:0 5:1 6:3"
cpu_core_map = ""
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
temp_scale = "celsius"
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
temp_scale = "celsius"
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
base_10_sizes = True
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
base_10_sizes = True
#* Show CPU frequency.
show_cpu_freq = True
#* Show CPU frequency.
show_cpu_freq = True
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
clock_format = "%X"
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
clock_format = "%X"
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
background_update = True
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
background_update = True
#* Custom cpu model name, empty string to disable.
custom_cpu_name = ""
#* Custom cpu model name, empty string to disable.
custom_cpu_name = ""
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
disks_filter = "exclude=/boot /boot/efi"
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
disks_filter = "exclude=/boot /boot/efi"
#* Show graphs instead of meters for memory values.
mem_graphs = True
#* Show graphs instead of meters for memory values.
mem_graphs = True
#* Show mem box below net box instead of above.
mem_below_net = False
#* Show mem box below net box instead of above.
mem_below_net = False
#* Count ZFS ARC in cached and available memory.
zfs_arc_cached = True
#* Count ZFS ARC in cached and available memory.
zfs_arc_cached = True
#* If swap memory should be shown in memory box.
show_swap = True
#* If swap memory should be shown in memory box.
show_swap = True
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
swap_disk = False
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
swap_disk = False
#* If mem box should be split to also show disks info.
show_disks = True
#* If mem box should be split to also show disks info.
show_disks = True
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
only_physical = True
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
only_physical = True
#* Read disks list from /etc/fstab. This also disables only_physical.
use_fstab = True
#* Read disks list from /etc/fstab. This also disables only_physical.
use_fstab = True
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
zfs_hide_datasets = False
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
zfs_hide_datasets = False
#* Set to true to show available disk space for privileged users.
disk_free_priv = False
#* Set to true to show available disk space for privileged users.
disk_free_priv = False
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
show_io_stat = True
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
show_io_stat = True
#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
io_mode = False
#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
io_mode = False
#* Set to True to show combined read/write io graphs in io mode.
io_graph_combined = False
#* Set to True to show combined read/write io graphs in io mode.
io_graph_combined = False
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
#* Example: "/mnt/media:100 /:20 /boot:1".
io_graph_speeds = ""
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
#* Example: "/mnt/media:100 /:20 /boot:1".
io_graph_speeds = ""
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
net_download = 100
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
net_download = 100
net_upload = 100
net_upload = 100
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
net_auto = True
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
net_auto = True
#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
net_sync = True
#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
net_sync = True
#* Starts with the Network Interface specified here.
net_iface = ""
#* Starts with the Network Interface specified here.
net_iface = ""
#* Show battery stats in top right if battery is present.
show_battery = True
#* Show battery stats in top right if battery is present.
show_battery = True
#* Which battery to use if multiple are present. "Auto" for auto detection.
selected_battery = "Auto"
#* Which battery to use if multiple are present. "Auto" for auto detection.
selected_battery = "Auto"
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
log_level = "WARNING"
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
log_level = "WARNING"
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
nvml_measure_pcie_speeds = True
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
nvml_measure_pcie_speeds = True
#* Horizontally mirror the GPU graph.
gpu_mirror_graph = True
#* Horizontally mirror the GPU graph.
gpu_mirror_graph = True
#* Custom gpu0 model name, empty string to disable.
custom_gpu_name0 = ""
#* Custom gpu0 model name, empty string to disable.
custom_gpu_name0 = ""
#* Custom gpu1 model name, empty string to disable.
custom_gpu_name1 = ""
#* Custom gpu1 model name, empty string to disable.
custom_gpu_name1 = ""
#* Custom gpu2 model name, empty string to disable.
custom_gpu_name2 = ""
#* Custom gpu2 model name, empty string to disable.
custom_gpu_name2 = ""
#* Custom gpu3 model name, empty string to disable.
custom_gpu_name3 = ""
#* Custom gpu3 model name, empty string to disable.
custom_gpu_name3 = ""
#* Custom gpu4 model name, empty string to disable.
custom_gpu_name4 = ""
#* Custom gpu4 model name, empty string to disable.
custom_gpu_name4 = ""
#* Custom gpu5 model name, empty string to disable.
custom_gpu_name5 = ""
'';
#* Custom gpu5 model name, empty string to disable.
custom_gpu_name5 = ""
'';
}

9
home/config/dconf/Accessibility.nix
View file

@ -1,5 +1,6 @@
{ ... }: {
"org/gnome/desktop/a11y" = {
always-show-universal-access-status = true;
};
{ ... }:
{
"org/gnome/desktop/a11y" = {
always-show-universal-access-status = true;
};
}

51
home/config/dconf/Gtk.nix
View file

@ -1,27 +1,28 @@
{ ... }: {
"org/gtk/gtk4/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sidebar-width = "166";
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
view-type = "list";
};
{ ... }:
{
"org/gtk/gtk4/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sidebar-width = "166";
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
view-type = "list";
};
"org/gtk/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
};
"org/gtk/settings/file-chooser" = {
date-format = "regular";
location-mode = "path-bar";
show-hidden = false;
show-size-column = true;
show-type-column = true;
sort-column = "modified";
sort-directories-first = true;
sort-order = "descending";
type-format = "category";
};
}

55
home/config/dconf/Input.nix
View file

@ -1,21 +1,40 @@
{ lib, config, ... }: {
"org/gnome/desktop/input-sources" = with lib.gvariant; {
current = mkUint32 0;
mru-sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
per-window = false;
show-all-sources = true;
sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
xkb-options = [ config.setting.keyboard.options ];
};
{ lib, config, ... }:
{
"org/gnome/desktop/input-sources" = with lib.gvariant; {
current = mkUint32 0;
mru-sources = [
(mkTuple [
"xkb"
"us"
])
(mkTuple [
"xkb"
"ru"
])
];
per-window = false;
show-all-sources = true;
sources = [
(mkTuple [
"xkb"
"us"
])
(mkTuple [
"xkb"
"ru"
])
];
xkb-options = [ config.setting.keyboard.options ];
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat";
natural-scroll = true;
speed = "0.0";
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat";
natural-scroll = true;
speed = "0.0";
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
}

21
home/config/dconf/Interface.nix
View file

@ -1,11 +1,12 @@
{ ... }: {
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-animations = false;
enable-hot-corners = false;
gtk-enable-primary-paste = false;
show-battery-percentage = false;
};
{ ... }:
{
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-animations = false;
enable-hot-corners = false;
gtk-enable-primary-paste = false;
show-battery-percentage = false;
};
}

244
home/config/dconf/Key.nix
View file

@ -1,132 +1,134 @@
{ config, ... }: let
mod = "<Super>";
in {
"org/gnome/desktop/wm/keybindings" = {
activate-window-menu = [ "" ];
begin-move = [ "" ];
begin-resize = [ "${mod}r" ];
close = [ "${mod}x" ];
cycle-group = [ "" ];
cycle-group-backward = [ "" ];
cycle-panels = [ "" ];
cycle-panels-backward = [ "" ];
cycle-windows = [ "" ];
cycle-windows-backward = [ "" ];
maximize = [ "" ];
maximize-horizontally = [ "" ];
minimize = [ "${mod}s" ];
move-to-monitor-down = [ "" ];
move-to-monitor-left = [ "" ];
move-to-monitor-right = [ "" ];
move-to-monitor-up = [ "" ];
move-to-workspace-1 = [ "" ];
move-to-workspace-2 = [ "" ];
move-to-workspace-3 = [ "" ];
move-to-workspace-4 = [ "" ];
move-to-workspace-last = [ "" ];
move-to-workspace-left = [ "<Shift>${mod}q" ];
move-to-workspace-right = [ "<Shift>${mod}e" ];
panel-run-dialog = [ "${mod}space" ];
show-desktop = [ "${mod}c" ];
switch-applications = [ "${mod}Tab" ];
switch-applications-backward = [ "<Shift>${mod}Tab" ];
switch-group = [ "<Alt>Tab" ];
switch-group-backward = [ "<Shift><Alt>Tab" ];
switch-input-source = [ "" ];
switch-input-source-backward = [ "" ];
switch-panels = [ "" ];
switch-panels-backward = [ "" ];
switch-to-workspace-1 = [ "" ];
switch-to-workspace-2 = [ "" ];
switch-to-workspace-3 = [ "" ];
switch-to-workspace-4 = [ "" ];
switch-to-workspace-last = [ "" ];
switch-to-workspace-left = [ "${mod}q" ];
switch-to-workspace-right = [ "${mod}e" ];
switch-windows = [ "" ];
switch-windows-backward = [ "" ];
toggle-fullscreen = [ "${mod}f" ];
toggle-maximized = [ "${mod}w" ];
unmaximize = [ "" ];
};
{ config, ... }:
let
mod = "<Super>";
in
{
"org/gnome/desktop/wm/keybindings" = {
activate-window-menu = [ "" ];
begin-move = [ "" ];
begin-resize = [ "${mod}r" ];
close = [ "${mod}x" ];
cycle-group = [ "" ];
cycle-group-backward = [ "" ];
cycle-panels = [ "" ];
cycle-panels-backward = [ "" ];
cycle-windows = [ "" ];
cycle-windows-backward = [ "" ];
maximize = [ "" ];
maximize-horizontally = [ "" ];
minimize = [ "${mod}s" ];
move-to-monitor-down = [ "" ];
move-to-monitor-left = [ "" ];
move-to-monitor-right = [ "" ];
move-to-monitor-up = [ "" ];
move-to-workspace-1 = [ "" ];
move-to-workspace-2 = [ "" ];
move-to-workspace-3 = [ "" ];
move-to-workspace-4 = [ "" ];
move-to-workspace-last = [ "" ];
move-to-workspace-left = [ "<Shift>${mod}q" ];
move-to-workspace-right = [ "<Shift>${mod}e" ];
panel-run-dialog = [ "${mod}space" ];
show-desktop = [ "${mod}c" ];
switch-applications = [ "${mod}Tab" ];
switch-applications-backward = [ "<Shift>${mod}Tab" ];
switch-group = [ "<Alt>Tab" ];
switch-group-backward = [ "<Shift><Alt>Tab" ];
switch-input-source = [ "" ];
switch-input-source-backward = [ "" ];
switch-panels = [ "" ];
switch-panels-backward = [ "" ];
switch-to-workspace-1 = [ "" ];
switch-to-workspace-2 = [ "" ];
switch-to-workspace-3 = [ "" ];
switch-to-workspace-4 = [ "" ];
switch-to-workspace-last = [ "" ];
switch-to-workspace-left = [ "${mod}q" ];
switch-to-workspace-right = [ "${mod}e" ];
switch-windows = [ "" ];
switch-windows-backward = [ "" ];
toggle-fullscreen = [ "${mod}f" ];
toggle-maximized = [ "${mod}w" ];
unmaximize = [ "" ];
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "${mod}a" ];
toggle-tiled-right = [ "${mod}d" ];
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "${mod}a" ];
toggle-tiled-right = [ "${mod}d" ];
};
"org/gnome/mutter/wayland/keybindings" = {
restore-shortcuts = [ "" ];
};
"org/gnome/mutter/wayland/keybindings" = {
restore-shortcuts = [ "" ];
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
];
magnifier = [ "" ];
magnifier-zoom-in = [ "" ];
magnifier-zoom-out = [ "" ];
screenreader = [ "" ];
screensaver = [ "${mod}z" ];
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
];
magnifier = [ "" ];
magnifier-zoom-in = [ "" ];
magnifier-zoom-out = [ "" ];
screenreader = [ "" ];
screensaver = [ "${mod}z" ];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "${mod}Escape";
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
name = "gnome-terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "${mod}Escape";
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
name = "gnome-terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "printz";
command = "systemctl suspend -i";
name = "System Sleep";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "printz";
command = "systemctl suspend -i";
name = "System Sleep";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
binding = "printx";
command = "systemctl poweroff -i";
name = "System Poweroff";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
binding = "printx";
command = "systemctl poweroff -i";
name = "System Poweroff";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
binding = "printc";
command = "systemctl reboot -i";
name = "System Reboot";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
binding = "printc";
command = "systemctl reboot -i";
name = "System Reboot";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
binding = "printp";
command = "powersave toggle";
name = "Toggle Powersave";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
binding = "printp";
command = "powersave toggle";
name = "Toggle Powersave";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
binding = "printl";
command = "powerlimit toggle";
name = "Toggle Powerlimit";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
binding = "printl";
command = "powerlimit toggle";
name = "Toggle Powerlimit";
};
"org/gnome/shell/keybindings" = {
focus-active-notification = [ "" ];
open-application-menu = [ "" ];
show-screenshot-ui = [ "${mod}v" ];
switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ];
toggle-application-view = [ "" ];
toggle-message-tray = [ "" ];
toggle-overview = [ "" ];
toggle-quick-settings = [ "" ];
};
"org/gnome/shell/keybindings" = {
focus-active-notification = [ "" ];
open-application-menu = [ "" ];
show-screenshot-ui = [ "${mod}v" ];
switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ];
toggle-application-view = [ "" ];
toggle-message-tray = [ "" ];
toggle-overview = [ "" ];
toggle-quick-settings = [ "" ];
};
}

13
home/config/dconf/Media.nix
View file

@ -1,7 +1,8 @@
{ ... }: {
"org/gnome/desktop/media-handling" = {
automount = false;
automount-open = false;
autorun-never = true;
};
{ ... }:
{
"org/gnome/desktop/media-handling" = {
automount = false;
automount-open = false;
autorun-never = true;
};
}

37
home/config/dconf/Nautilus.nix
View file

@ -1,21 +1,22 @@
{ ... }: {
"org/gnome/nautilus/icon-view" = {
default-zoom-level = "larger";
};
{ ... }:
{
"org/gnome/nautilus/icon-view" = {
default-zoom-level = "larger";
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
use-tree-view = false;
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
use-tree-view = false;
};
"org/gnome/nautilus/preferences" = {
click-policy = "single";
default-folder-viewer = "list-view";
default-sort-in-reverse-order = false;
default-sort-order = "name";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
search-view = "list-view";
show-image-thumbnails = "local-only";
};
"org/gnome/nautilus/preferences" = {
click-policy = "single";
default-folder-viewer = "list-view";
default-sort-in-reverse-order = false;
default-sort-order = "name";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
search-view = "list-view";
show-image-thumbnails = "local-only";
};
}

19
home/config/dconf/Power.nix
View file

@ -1,10 +1,11 @@
{ ... }: {
"org/gnome/settings-daemon/plugins/power" = {
ambient-enabled = false;
idle-dim = false;
power-button-action = "nothing";
sleep-inactive-ac-timeout = "0";
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-type = "nothing";
};
{ ... }:
{
"org/gnome/settings-daemon/plugins/power" = {
ambient-enabled = false;
idle-dim = false;
power-button-action = "nothing";
sleep-inactive-ac-timeout = "0";
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-type = "nothing";
};
}

27
home/config/dconf/Privacy.nix
View file

@ -1,15 +1,16 @@
{ lib, ... }: {
"org/gnome/desktop/privacy" = with lib.gvariant; {
disable-camera = false;
disable-microphone = false;
old-files-age = mkUint32 30;
recent-files-max-age = mkUint32 30;
remove-old-temp-files = true;
remove-old-trash-files = true;
report-technical-problems = true;
};
{ lib, ... }:
{
"org/gnome/desktop/privacy" = with lib.gvariant; {
disable-camera = false;
disable-microphone = false;
old-files-age = mkUint32 30;
recent-files-max-age = mkUint32 30;
remove-old-temp-files = true;
remove-old-trash-files = true;
report-technical-problems = true;
};
"org/gnome/system/location" = {
enabled = false;
};
"org/gnome/system/location" = {
enabled = false;
};
}

9
home/config/dconf/Session.nix
View file

@ -1,5 +1,6 @@
{ lib, ... }: {
"org/gnome/desktop/session" = with lib.gvariant; {
idle-delay = mkUint32 0;
};
{ lib, ... }:
{
"org/gnome/desktop/session" = with lib.gvariant; {
idle-delay = mkUint32 0;
};
}

25
home/config/dconf/Shell.nix
View file

@ -1,14 +1,15 @@
{ ... }: {
"org/gnome/shell" = {
disable-extension-version-validation = true;
disable-user-extensions = false;
favorite-apps = [ "" ];
had-bluetooth-devices-setup = true;
last-selected-power-profile = "power-saver";
remember-mount-password = false;
};
{ ... }:
{
"org/gnome/shell" = {
disable-extension-version-validation = true;
disable-user-extensions = false;
favorite-apps = [ "" ];
had-bluetooth-devices-setup = true;
last-selected-power-profile = "power-saver";
remember-mount-password = false;
};
"system/proxy" = {
mode = "none";
};
"system/proxy" = {
mode = "none";
};
}

15
home/config/dconf/Software.nix
View file

@ -1,8 +1,9 @@
{ ... }: {
"org/gnome/software" = {
download-updates = false;
download-updates-notify = false;
first-run = false;
show-nonfree-prompt = false;
};
{ ... }:
{
"org/gnome/software" = {
download-updates = false;
download-updates-notify = false;
first-run = false;
show-nonfree-prompt = false;
};
}

13
home/config/dconf/Sound.nix
View file

@ -1,7 +1,8 @@
{ ... }: {
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = false;
event-sounds = false;
theme-name = "freedesktop";
};
{ ... }:
{
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = false;
event-sounds = false;
theme-name = "freedesktop";
};
}

55
home/config/dconf/Wm.nix
View file

@ -1,32 +1,33 @@
{ lib, ... }: {
"org/gnome/desktop/wm/preferences" = {
action-middle-click-titlebar = "minimize";
action-right-click-titlebar = "menu";
focus-mode = "click"; # `click` or `sloppy`.
button-layout = "appmenu:close";
};
{ lib, ... }:
{
"org/gnome/desktop/wm/preferences" = {
action-middle-click-titlebar = "minimize";
action-right-click-titlebar = "menu";
focus-mode = "click"; # `click` or `sloppy`.
button-layout = "appmenu:close";
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
center-new-windows = true;
dynamic-workspaces = true;
edge-tiling = true;
workspaces-only-on-primary = true;
};
"org/gnome/mutter" = {
attach-modal-dialogs = true;
center-new-windows = true;
dynamic-workspaces = true;
edge-tiling = true;
workspaces-only-on-primary = true;
};
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
night-light-enabled = false;
night-light-schedule-automatic = false;
night-light-schedule-from = "0.0";
night-light-schedule-to = "0.0";
night-light-temperature = mkUint32 3700;
};
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
night-light-enabled = false;
night-light-schedule-automatic = false;
night-light-schedule-from = "0.0";
night-light-schedule-to = "0.0";
night-light-temperature = mkUint32 3700;
};
"org/gnome/shell/app-switcher" = {
current-workspace-only = true;
};
"org/gnome/shell/app-switcher" = {
current-workspace-only = true;
};
"org/gnome/shell/overrides" = {
edge-tiling = false;
};
"org/gnome/shell/overrides" = {
edge-tiling = false;
};
}

105
home/config/default.nix
View file

@ -1,50 +1,57 @@
{ self, inputs, config, ... } @args: let
btop = import ./btop args;
editor = import ./editorconfig args;
foot = import ./foot args;
fuzzel = import ./fuzzel args;
git = import ./git args;
gtk3 = import ./gtk/3 args;
jetbrains = import ./jetbrains args;
keyd = import ./keyd args;
mako = import ./mako args;
mangohud = import ./mangohud args;
nvim = import ./nvim args;
ssh = import ./ssh args;
swappy = import ./swappy args;
sway = import ./sway args;
tmux = import ./tmux args;
waybar = import ./waybar args;
yazi = import ./yazi args;
in {
".Wallpaper".source = config.module.wallpaper.path;
".config/MangoHud/MangoHud.conf".source = mangohud.config;
".config/MangoHud/presets.conf".source = mangohud.presets;
".config/btop/btop.conf".text = btop.text;
".config/foot/foot.ini".source = foot.file;
".config/fuzzel/fuzzel.ini".source = fuzzel.file;
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks;
".config/keyd/app.conf".text = keyd.text;
".config/mako/config".source = mako.file;
".config/nvim/init.vim".text = nvim.text;
".config/swappy/config".source = swappy.config;
".config/sway/config".text = sway.text;
".config/tmux/tmux.conf".text = tmux.text;
".config/waybar/config".source = waybar.config;
".config/waybar/style.css".source = waybar.style;
".config/yazi/init.lua".source = yazi.init;
".config/yazi/keymap.toml".source = yazi.keymap;
".config/yazi/theme.toml".source = yazi.theme;
".config/yazi/yazi.toml".source = yazi.yazi;
".editorconfig".source = editor.file;
".gitconfig".source = git.file;
".ideavimrc".text = jetbrains.ideavimrc;
".nix".source = self;
".nixpkgs".source = inputs.nixpkgs;
# TODO: Add after migrating to stable.
# ".nixpkgs_unstable".source = inputs.nixpkgs;
# ".nixpkgs_master".source = inputs.nixpkgs;
".parallel/will-cite".text = "";
".ssh/config".text = ssh.text;
".template".source = ./template;
{
self,
inputs,
config,
...
}@args:
let
btop = import ./btop args;
editor = import ./editorconfig args;
foot = import ./foot args;
fuzzel = import ./fuzzel args;
git = import ./git args;
gtk3 = import ./gtk/3 args;
jetbrains = import ./jetbrains args;
keyd = import ./keyd args;
mako = import ./mako args;
mangohud = import ./mangohud args;
nvim = import ./nvim args;
ssh = import ./ssh args;
swappy = import ./swappy args;
sway = import ./sway args;
tmux = import ./tmux args;
waybar = import ./waybar args;
yazi = import ./yazi args;
in
{
".Wallpaper".source = config.module.wallpaper.path;
".config/MangoHud/MangoHud.conf".source = mangohud.config;
".config/MangoHud/presets.conf".source = mangohud.presets;
".config/btop/btop.conf".text = btop.text;
".config/foot/foot.ini".source = foot.file;
".config/fuzzel/fuzzel.ini".source = fuzzel.file;
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks;
".config/keyd/app.conf".text = keyd.text;
".config/mako/config".source = mako.file;
".config/nvim/init.vim".text = nvim.text;
".config/swappy/config".source = swappy.config;
".config/sway/config".text = sway.text;
".config/tmux/tmux.conf".text = tmux.text;
".config/waybar/config".source = waybar.config;
".config/waybar/style.css".source = waybar.style;
".config/yazi/init.lua".source = yazi.init;
".config/yazi/keymap.toml".source = yazi.keymap;
".config/yazi/theme.toml".source = yazi.theme;
".config/yazi/yazi.toml".source = yazi.yazi;
".editorconfig".source = editor.file;
".gitconfig".source = git.file;
".ideavimrc".text = jetbrains.ideavimrc;
".nix".source = self;
".nixpkgs".source = inputs.nixpkgs;
# TODO: Add after migrating to stable.
# ".nixpkgs_unstable".source = inputs.nixpkgs;
# ".nixpkgs_master".source = inputs.nixpkgs;
".parallel/will-cite".text = "";
".ssh/config".text = ssh.text;
".template".source = ./template;
}

54
home/config/editorconfig/default.nix
View file

@ -1,32 +1,34 @@
{ pkgs, ... }: {
file = (pkgs.formats.iniWithGlobalSection {}).generate "EditorconfigConfig" {
globalSection.root = true;
{ pkgs, ... }:
{
file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" {
globalSection.root = true;
sections = {
"*" = {
end_of_line = "lf";
charset = "utf-8";
indent_style = "tab";
indent_size = "2";
insert_final_newline = "true";
trim_trailing_whitespace = "true";
};
sections = {
"*" = {
end_of_line = "lf";
charset = "utf-8";
indent_style = "tab";
indent_size = 2;
insert_final_newline = "true";
trim_trailing_whitespace = "true";
};
Makefile = {
indent_size = 2;
};
"Makefile" = {
indent_size = 4;
};
"*.{nix,js}" = {
indent_size = 2;
};
"*.nix" = {
indent_style = "space";
indent_size = 2;
};
"*.{lua,kt,kts,rs,py}" = {
indent_size = 4;
};
"*.{lua,kt,kts,rs,py}" = {
indent_size = 4;
};
"*.{sh,md}" = {
indent_size = 8;
};
};
};
"*.{sh,md}" = {
indent_size = 8;
};
};
};
}

54
home/config/foot/default.nix
View file

@ -1,28 +1,30 @@
{ config, pkgs, ... }: let
dpiAware = if config.setting.dpiAware then "yes" else "no";
borderSize = toString config.style.window.border;
fontStep = 1;
in {
file = (pkgs.formats.iniWithGlobalSection {}).generate "FootConfig" {
globalSection = {
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
dpi-aware = dpiAware;
font-size-adjustment = fontStep;
pad = "${borderSize}x${borderSize} center";
};
{ config, pkgs, ... }:
let
dpiAware = if config.setting.dpiAware then "yes" else "no";
borderSize = toString config.style.window.border;
fontStep = 1;
in
{
file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" {
globalSection = {
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
dpi-aware = dpiAware;
font-size-adjustment = fontStep;
pad = "${borderSize}x${borderSize} center";
};
sections = {
colors = {
alpha = config.style.opacity.terminal;
background = config.style.color.bg.dark;
foreground = config.style.color.fg.light;
};
key-bindings = {
show-urls-launch = "Mod1+o";
};
};
};
sections = {
colors = {
alpha = config.style.opacity.terminal;
background = config.style.color.bg.dark;
foreground = config.style.color.fg.light;
};
key-bindings = {
show-urls-launch = "Mod1+o";
};
};
};
}

74
home/config/fuzzel/default.nix
View file

@ -1,36 +1,40 @@
{ pkgs, config, ... }: let
dpiAware = if config.setting.dpiAware then "yes" else "no";
in {
file = (pkgs.formats.ini {}).generate "FuzzelConfig" {
main = {
dpi-aware = dpiAware;
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}";
font = "Minecraftia:size=${toString config.style.font.size.popup}";
lines = 20;
prompt = "\"\"";
show-actions = "yes";
terminal = "foot";
width = 40;
# list-executables-in-path = "no";
};
border = {
radius = 0;
width = 1;
};
colors = let
defaultOpacity = "ff";
in {
background = config.style.color.bg.dark + config.style.opacity.hex;
border = config.style.color.border + config.style.opacity.hex;
counter = config.style.color.bg.regular + defaultOpacity;
input = config.style.color.fg.light + defaultOpacity;
match = config.style.color.fg.light + defaultOpacity;
placeholder = config.style.color.bg.regular + defaultOpacity;
prompt = config.style.color.fg.light + defaultOpacity;
selection = config.style.color.bg.regular + defaultOpacity;
selection-match = config.style.color.accent + defaultOpacity;
selection-text = config.style.color.fg.light + defaultOpacity;
text = config.style.color.fg.light + defaultOpacity;
};
};
{ pkgs, config, ... }:
let
dpiAware = if config.setting.dpiAware then "yes" else "no";
in
{
file = (pkgs.formats.ini { }).generate "FuzzelConfig" {
main = {
dpi-aware = dpiAware;
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}";
font = "Minecraftia:size=${toString config.style.font.size.popup}";
lines = 20;
prompt = "\"\"";
show-actions = "yes";
terminal = "foot";
width = 40;
# list-executables-in-path = "no";
};
border = {
radius = 0;
width = 1;
};
colors =
let
defaultOpacity = "ff";
in
{
background = config.style.color.bg.dark + config.style.opacity.hex;
border = config.style.color.border + config.style.opacity.hex;
counter = config.style.color.bg.regular + defaultOpacity;
input = config.style.color.fg.light + defaultOpacity;
match = config.style.color.fg.light + defaultOpacity;
placeholder = config.style.color.bg.regular + defaultOpacity;
prompt = config.style.color.fg.light + defaultOpacity;
selection = config.style.color.bg.regular + defaultOpacity;
selection-match = config.style.color.accent + defaultOpacity;
selection-text = config.style.color.fg.light + defaultOpacity;
text = config.style.color.fg.light + defaultOpacity;
};
};
}

25
home/config/git/default.nix
View file

@ -1,13 +1,14 @@
{ secret, pkgs, ... }: {
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
# credential.helper = "store";
gpg.format = secret.crypto.sign.git.format;
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
rebase.autoStash = true;
safe.directory = "*";
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
};
{ secret, pkgs, ... }:
{
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
# credential.helper = "store";
gpg.format = secret.crypto.sign.git.format;
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
rebase.autoStash = true;
safe.directory = "*";
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
};
}

17
home/config/gtk/3/default.nix
View file

@ -1,9 +1,10 @@
{ util, ... }:{
bookmarks = util.trimTabs ''
file:///storage
file:///home/voronind/tmp
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
sftp://10.0.0.1:22143/ home sftp
ftp://10.0.0.1/ home ftp
'';
{ ... }:
{
bookmarks = ''
file:///storage
file:///home/voronind/tmp
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
sftp://10.0.0.1:22143/ home sftp
ftp://10.0.0.1/ home ftp
'';
}

43
home/config/jetbrains/default.nix
View file

@ -1,26 +1,27 @@
{ util, ... }: {
ideavimrc = util.trimTabs ''
" Plugins.
Plug 'tpope/vim-commentary'
Plug 'machakann/vim-highlightedyank'
" Plug 'junegunn/vim-easy-align'
{ ... }:
{
ideavimrc = ''
" Plugins.
Plug 'tpope/vim-commentary'
Plug 'machakann/vim-highlightedyank'
" Plug 'junegunn/vim-easy-align'
" General config.
set scrolloff=4
set incsearch
set hlsearch
set clipboard=unnamedplus
set relativenumber
set number
" General config.
set scrolloff=4
set incsearch
set hlsearch
set clipboard=unnamedplus
set relativenumber
set number
" Space as a leader.
nnoremap <SPACE> <Nop>
let mapleader=" "
" Space as a leader.
nnoremap <SPACE> <Nop>
let mapleader=" "
" Align. ISSUE: Broken.
" vmap <Leader>a <Plug>(EasyAlign)
" Align. ISSUE: Broken.
" vmap <Leader>a <Plug>(EasyAlign)
" Sort.
vmap <Leader>A :sort<cr>
'';
" Sort.
vmap <Leader>A :sort<cr>
'';
}

5
home/config/keyd/default.nix
View file

@ -1,3 +1,4 @@
{ util, ... } @args: {
text = util.catFile (util.ls ./module) args;
{ util, ... }@args:
{
text = util.catFile (util.ls ./module) args;
}

63
home/config/keyd/module/DRG.nix
View file

@ -1,32 +1,33 @@
{ pkgs, ... }: {
file = (pkgs.formats.ini {}).generate "KeydDrgConfig" {
steam-app-548430 = {
"alt.1" = "macro(enter 10ms L e t ' s 10ms space d o 10ms space t h i s 10ms space T e x a s 10ms space s t y l e ! 10ms enter)";
"alt.2" = "macro(enter 10ms H e c k space y e s ! enter)";
"alt.3" = "macro(enter 10ms J u s t space a space s i d e - j o b space w h i l e 10ms space w a i t i n g space f o r space a space s e x space u p d a t e . enter)";
"alt.4" = "macro(enter 10ms < 3 enter)";
"alt.[" = "macro(enter 10ms W h a t space i s space c r u n c h y 10ms space o n space t h e space o u t s i d e , 10ms space g o o e y space o n space 10ms t h e space i n s i d e ? enter)";
"alt.]" = "macro(enter 10ms Q ' r o n a r space S h e l l b a c k ! enter)";
"alt.a" = "macro(enter 10ms N o enter)";
"alt.b" = "macro(enter 10ms I ' m space b a c k enter)";
"alt.c" = "macro(enter 10ms > space R i g h t enter)";
"alt.d" = "macro(enter 10ms Y e s enter)";
"alt.e" = "macro(enter 10ms T h a n k s ! enter)";
"alt.f" = "macro(enter 10ms I space n e e d space h e l p ! enter)";
"alt.g" = "macro(enter 10ms g g enter)";
"alt.j" = "macro(enter 10ms G o o d space j o b enter)";
"alt.k" = "macro(enter 10ms O k a y enter)";
"alt.l" = "macro(enter 10ms L e a f space l o v e r enter)";
"alt.m" = "macro(enter 10ms I space r e p l y space u s i n g space m a c r o s . 10ms space U s e space s o f t w a r e space l i k e space k e y d , 10ms space o r space b u y space a space Q M K space k e y b o a r d . enter)";
"alt.q" = "macro(enter 10ms S o r r y ! enter)";
"alt.r" = "macro(enter 10ms N e e d space m o r e space a m m o enter)";
"alt.s" = "macro(enter 10ms W a i t enter)";
"alt.t" = "macro(enter 10ms M a y space I space t a k e space e x t r a ? enter)";
"alt.v" = "macro(enter 10ms A F K enter)";
"alt.w" = "macro(enter 10ms r enter)";
"alt.x" = "macro(enter 10ms > space H e r e space < enter)";
"alt.z" = "macro(enter 10ms < space L e f t enter)";
leftshift = "timeout(leftcontrol, 150, leftshift)";
};
};
{ pkgs, ... }:
{
file = (pkgs.formats.ini { }).generate "KeydDrgConfig" {
steam-app-548430 = {
"alt.1" = "macro(enter 10ms L e t ' s 10ms space d o 10ms space t h i s 10ms space T e x a s 10ms space s t y l e ! 10ms enter)";
"alt.2" = "macro(enter 10ms H e c k space y e s ! enter)";
"alt.3" = "macro(enter 10ms J u s t space a space s i d e - j o b space w h i l e 10ms space w a i t i n g space f o r space a space s e x space u p d a t e . enter)";
"alt.4" = "macro(enter 10ms < 3 enter)";
"alt.[" = "macro(enter 10ms W h a t space i s space c r u n c h y 10ms space o n space t h e space o u t s i d e , 10ms space g o o e y space o n space 10ms t h e space i n s i d e ? enter)";
"alt.]" = "macro(enter 10ms Q ' r o n a r space S h e l l b a c k ! enter)";
"alt.a" = "macro(enter 10ms N o enter)";
"alt.b" = "macro(enter 10ms I ' m space b a c k enter)";
"alt.c" = "macro(enter 10ms > space R i g h t enter)";
"alt.d" = "macro(enter 10ms Y e s enter)";
"alt.e" = "macro(enter 10ms T h a n k s ! enter)";
"alt.f" = "macro(enter 10ms I space n e e d space h e l p ! enter)";
"alt.g" = "macro(enter 10ms g g enter)";
"alt.j" = "macro(enter 10ms G o o d space j o b enter)";
"alt.k" = "macro(enter 10ms O k a y enter)";
"alt.l" = "macro(enter 10ms L e a f space l o v e r enter)";
"alt.m" = "macro(enter 10ms I space r e p l y space u s i n g space m a c r o s . 10ms space U s e space s o f t w a r e space l i k e space k e y d , 10ms space o r space b u y space a space Q M K space k e y b o a r d . enter)";
"alt.q" = "macro(enter 10ms S o r r y ! enter)";
"alt.r" = "macro(enter 10ms N e e d space m o r e space a m m o enter)";
"alt.s" = "macro(enter 10ms W a i t enter)";
"alt.t" = "macro(enter 10ms M a y space I space t a k e space e x t r a ? enter)";
"alt.v" = "macro(enter 10ms A F K enter)";
"alt.w" = "macro(enter 10ms r enter)";
"alt.x" = "macro(enter 10ms > space H e r e space < enter)";
"alt.z" = "macro(enter 10ms < space L e f t enter)";
leftshift = "timeout(leftcontrol, 150, leftshift)";
};
};
}

47
home/config/keyd/module/Firefox.nix
View file

@ -1,24 +1,25 @@
{ pkgs, ... }: {
file = (pkgs.formats.ini {}).generate "KeydFirefoxConfig" {
"firefox-esr" = {
"alt.capslock" = "C-t"; # New tab.
"alt.x" = "C-w"; # Close tab.
"alt.u" = "C-S-t"; # Restore closed tab.
"alt.q" = "C-pageup"; # Prev tab.
"alt.e" = "C-pagedown"; # Next tab.
"alt.Q" = "C-S-pageup"; # Move tab left.
"alt.E" = "C-S-pagedown"; # Move tab right.
"alt.a" = "A-left"; # Go back.
"alt.d" = "A-right"; # Go forward.
"alt.s" = "down"; # Scroll down.
"alt.w" = "up"; # Scroll up.
"alt.f" = "C-f"; # Find text.
"alt.N" = "S-f3"; # Find prev.
"alt.n" = "f3"; # Find next.
"alt.space" = "f6"; # Focus address bar.
"alt.r" = "C-f5"; # Full refresh.
"alt.l" = "A-S-a"; # Toggle dark mode.
"alt.p" = "C-S-l"; # Fill password.
};
};
{ pkgs, ... }:
{
file = (pkgs.formats.ini { }).generate "KeydFirefoxConfig" {
"firefox-esr" = {
"alt.capslock" = "C-t"; # New tab.
"alt.x" = "C-w"; # Close tab.
"alt.u" = "C-S-t"; # Restore closed tab.
"alt.q" = "C-pageup"; # Prev tab.
"alt.e" = "C-pagedown"; # Next tab.
"alt.Q" = "C-S-pageup"; # Move tab left.
"alt.E" = "C-S-pagedown"; # Move tab right.
"alt.a" = "A-left"; # Go back.
"alt.d" = "A-right"; # Go forward.
"alt.s" = "down"; # Scroll down.
"alt.w" = "up"; # Scroll up.
"alt.f" = "C-f"; # Find text.
"alt.N" = "S-f3"; # Find prev.
"alt.n" = "f3"; # Find next.
"alt.space" = "f6"; # Focus address bar.
"alt.r" = "C-f5"; # Full refresh.
"alt.l" = "A-S-a"; # Toggle dark mode.
"alt.p" = "C-S-l"; # Fill password.
};
};
}

53
home/config/keyd/module/Jetbrains.nix
View file

@ -1,28 +1,29 @@
{ pkgs, ... }: {
file = (pkgs.formats.ini {}).generate "KeydJetbrainsConfig" {
"jetbrains-*" = {
"alt./" = "C-/"; # Toggle comment.
"alt.." = "C-f8"; # Toggle line breakpoint.
"alt.=" = "C-A-l"; # Reformat.
"alt.c" = "S-escape"; # Close panel.
"alt.capslock" = "C-A-S-insert"; # New scratch file.
"alt.q" = "A-left"; # Prev tab.
"alt.e" = "A-right"; # Next tab.
"alt.x" = "C-f4"; # Close tab.
"alt.f" = "C-S-f"; # Find text.
"alt.n" = "C-A-n"; # Find next.
"alt.g" = "macro(gd)"; # Go to definition.
"alt.i" = "C-i"; # Implement.
"alt.o" = "C-o"; # Override.
"alt.r" = "S-f10"; # Run.
"alt.z" = "C-f2"; # Stop app.
"alt.d" = "S-f9"; # Run debugger.
"alt.a" = "C-A-5"; # Attach debugger.
"alt.m" = "C-A-s"; # Settings.
"alt.v" = "C-q"; # Show doc under cursor.
"alt.s" = "C-S-A-t"; # Refactor selection.
{ pkgs, ... }:
{
file = (pkgs.formats.ini { }).generate "KeydJetbrainsConfig" {
"jetbrains-*" = {
"alt./" = "C-/"; # Toggle comment.
"alt.." = "C-f8"; # Toggle line breakpoint.
"alt.=" = "C-A-l"; # Reformat.
"alt.c" = "S-escape"; # Close panel.
"alt.capslock" = "C-A-S-insert"; # New scratch file.
"alt.q" = "A-left"; # Prev tab.
"alt.e" = "A-right"; # Next tab.
"alt.x" = "C-f4"; # Close tab.
"alt.f" = "C-S-f"; # Find text.
"alt.n" = "C-A-n"; # Find next.
"alt.g" = "macro(gd)"; # Go to definition.
"alt.i" = "C-i"; # Implement.
"alt.o" = "C-o"; # Override.
"alt.r" = "S-f10"; # Run.
"alt.z" = "C-f2"; # Stop app.
"alt.d" = "S-f9"; # Run debugger.
"alt.a" = "C-A-5"; # Attach debugger.
"alt.m" = "C-A-s"; # Settings.
"alt.v" = "C-q"; # Show doc under cursor.
"alt.s" = "C-S-A-t"; # Refactor selection.
"alt.tab" = "timeout(f8, 150, macro2(0, 0, f7))"; # Tap to step over, hold to step into.
};
};
"alt.tab" = "timeout(f8, 150, macro2(0, 0, f7))"; # Tap to step over, hold to step into.
};
};
}

51
home/config/keyd/module/Nautilus.nix
View file

@ -1,26 +1,27 @@
{ pkgs, ... }: {
file = (pkgs.formats.ini {}).generate "KeydNautilusConfig" {
"org-gnome-nautilus" = {
"alt.capslock" = "C-t"; # New tab.
"alt.t" = "C-n"; # New window.
"alt.x" = "C-w"; # Close tab.
"alt.u" = "C-S-t"; # Restore tab.
"alt.e" = "C-pagedown"; # Next tab.
"alt.q" = "C-pageup"; # Prev tab.
"alt.E" = "C-S-pagedown"; # Move tab next.
"alt.Q" = "C-S-pageup"; # Move tab prev.
"alt.h" = "C-h"; # Toggle hidden files.
"alt.1" = "C-1"; # List view.
"alt.2" = "C-2"; # Grid view.
"alt.b" = "A-up"; # Go back.
"alt.space" = "C-l"; # Focus location bar.
"alt.i" = "C-S-i"; # Invert selection.
"alt.v" = "C-i"; # File info.
"alt.d" = "C-S-delete"; # Delete file.
"alt.s" = "f2"; # Rename.
"alt.a" = "C-S-n"; # Create dir.
"alt.f" = "C-f"; # Search dir.
"alt.r" = "f5"; # Refresh dir.
};
};
{ pkgs, ... }:
{
file = (pkgs.formats.ini { }).generate "KeydNautilusConfig" {
"org-gnome-nautilus" = {
"alt.capslock" = "C-t"; # New tab.
"alt.t" = "C-n"; # New window.
"alt.x" = "C-w"; # Close tab.
"alt.u" = "C-S-t"; # Restore tab.
"alt.e" = "C-pagedown"; # Next tab.
"alt.q" = "C-pageup"; # Prev tab.
"alt.E" = "C-S-pagedown"; # Move tab next.
"alt.Q" = "C-S-pageup"; # Move tab prev.
"alt.h" = "C-h"; # Toggle hidden files.
"alt.1" = "C-1"; # List view.
"alt.2" = "C-2"; # Grid view.
"alt.b" = "A-up"; # Go back.
"alt.space" = "C-l"; # Focus location bar.
"alt.i" = "C-S-i"; # Invert selection.
"alt.v" = "C-i"; # File info.
"alt.d" = "C-S-delete"; # Delete file.
"alt.s" = "f2"; # Rename.
"alt.a" = "C-S-n"; # Create dir.
"alt.f" = "C-f"; # Search dir.
"alt.r" = "f5"; # Refresh dir.
};
};
}

46
home/config/mako/default.nix
View file

@ -1,24 +1,26 @@
{ pkgs, config, ... }: let
alpha = config.style.opacity.hex;
in {
file = (pkgs.formats.iniWithGlobalSection {}).generate "MakoConfig" {
globalSection = {
anchor = "top-center";
background-color = "#${config.style.color.bg.dark}${alpha}";
border-color = "#${config.style.color.border}${alpha}";
default-timeout = 10000;
font = "${config.style.font.serif.name} ${toString config.style.font.size.popup}";
height = 120;
icons = 0;
margin = 32;
text-color = "#${config.style.color.fg.light}";
width = 480;
};
{ pkgs, config, ... }:
let
alpha = config.style.opacity.hex;
in
{
file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" {
globalSection = {
anchor = "top-center";
background-color = "#${config.style.color.bg.dark}${alpha}";
border-color = "#${config.style.color.border}${alpha}";
default-timeout = 10000;
font = "${config.style.font.serif.name} ${toString config.style.font.size.popup}";
height = 120;
icons = 0;
margin = 32;
text-color = "#${config.style.color.fg.light}";
width = 480;
};
sections = {
"mode=dnd" = {
invisible = 1;
};
};
};
sections = {
"mode=dnd" = {
invisible = 1;
};
};
};
}

81
home/config/mangohud/default.nix
View file

@ -1,44 +1,45 @@
{ pkgs, ... }: {
config = (pkgs.formats.iniWithGlobalSection {}).generate "MangoConfig" {
globalSection = {
blacklist = "example";
fps_sampling_period = 1000;
frame_timing = 0;
preset = "0,1,2";
toggle_logging = "F2";
toggle_preset = "F1";
};
};
{ pkgs, ... }:
{
config = (pkgs.formats.iniWithGlobalSection { }).generate "MangoConfig" {
globalSection = {
blacklist = "example";
fps_sampling_period = 1000;
frame_timing = 0;
preset = "0,1,2";
toggle_logging = "F2";
toggle_preset = "F1";
};
};
presets = (pkgs.formats.ini {}).generate "MangoPresets" {
"preset 0" = {
no_display = 1;
};
presets = (pkgs.formats.ini { }).generate "MangoPresets" {
"preset 0" = {
no_display = 1;
};
"preset 1" = {
alpha = 1.0;
arch = 0;
background_alpha = 0.5;
battery = 1;
battery_time = 1;
benchmark_percentiles = 0;
cpu_temp = 1;
device_battery = "gamepad,mouse";
font_size = 12;
fps_sampling_period = 1000;
gpu_junction_temp = 0;
gpu_mem_temp = 1;
gpu_temp = 1;
hud_no_margin = 1;
ram = 1;
swap = 1;
throttling_status = 1;
time = 1;
vram = 1;
};
"preset 1" = {
alpha = 1.0;
arch = 0;
background_alpha = 0.5;
battery = 1;
battery_time = 1;
benchmark_percentiles = 0;
cpu_temp = 1;
device_battery = "gamepad,mouse";
font_size = 12;
fps_sampling_period = 1000;
gpu_junction_temp = 0;
gpu_mem_temp = 1;
gpu_temp = 1;
hud_no_margin = 1;
ram = 1;
swap = 1;
throttling_status = 1;
time = 1;
vram = 1;
};
"preset 2" = {
full = 1;
};
};
"preset 2" = {
full = 1;
};
};
}

166
home/config/nvim/default.nix
View file

@ -1,83 +1,91 @@
{ inputs, pkgs, util, ... } @args: let
# Create Neovim configuration.
nvimRc = { runtimes, configs }: let
# Plugin paths to install.
runtimeRc = util.trimTabs (builtins.foldl' (acc: r:
acc + "set runtimepath+=${r}\n"
) "" runtimes);
{
inputs,
pkgs,
util,
...
}@args:
let
# Create Neovim configuration.
nvimRc =
{ runtimes, configs }:
let
# Plugin paths to install.
runtimeRc = builtins.foldl' (acc: r: acc + "set runtimepath+=${r}\n") "" runtimes;
# My configuration files combined into one big file.
config = pkgs.writeText "nvimRc" (util.catText configs args);
# My configuration files combined into one big file.
config = pkgs.writeText "nvimRc" (util.catText configs args);
# Tell Neovim to load this file.
configRc = "lua dofile(\"${config}\")";
in runtimeRc + configRc;
in {
text = nvimRc {
runtimes = [
"~/.cache/nvim"
"~/.cache/nvim/treesitter"
"${inputs.nvimAlign}"
"${inputs.nvimAutoclose}"
"${inputs.nvimBufferline}"
"${inputs.nvimCloseBuffers}"
"${inputs.nvimColorizer}"
"${inputs.nvimDevicons}"
"${inputs.nvimGitsigns}"
"${inputs.nvimGruvboxMaterial}"
"${inputs.nvimIndentoMatic}"
"${inputs.nvimLspconfig}"
"${inputs.nvimOllama}"
"${inputs.nvimPlenary}"
"${inputs.nvimTelescope}"
"${inputs.nvimTodo}"
"${inputs.nvimTreesitter}"
"${inputs.nvimTree}"
"${inputs.nvimTrouble}"
];
# Tell Neovim to load this file.
configRc = "lua dofile(\"${config}\")";
in
runtimeRc + configRc;
in
{
text = nvimRc {
runtimes = [
"~/.cache/nvim"
"~/.cache/nvim/treesitter"
"${inputs.nvimAlign}"
"${inputs.nvimAutoclose}"
"${inputs.nvimBufferline}"
"${inputs.nvimCloseBuffers}"
"${inputs.nvimColorizer}"
"${inputs.nvimDevicons}"
"${inputs.nvimGitsigns}"
"${inputs.nvimGruvboxMaterial}"
"${inputs.nvimIndentoMatic}"
"${inputs.nvimLspconfig}"
"${inputs.nvimOllama}"
"${inputs.nvimPlenary}"
"${inputs.nvimTelescope}"
"${inputs.nvimTodo}"
"${inputs.nvimTreesitter}"
"${inputs.nvimTree}"
"${inputs.nvimTrouble}"
];
configs = [
./module/key/Rekey.nix
./module/key/Leader.nix
./module/config/Autoread.nix
./module/config/Etc.nix
./module/config/Search.nix
./module/config/Tab.nix
./module/config/Highlight.nix
./module/plugin/Filetree.nix
./module/plugin/Gruvbox.nix
./module/plugin/Bufferline.nix
./module/plugin/Autoclose.nix
./module/plugin/Gitsigns.nix
./module/plugin/Trouble.nix
./module/plugin/Closebuffers.nix
./module/plugin/Telescope.nix
./module/plugin/Todo.nix
./module/plugin/Indent.nix
./module/plugin/Align.nix
./module/plugin/Treesitter.nix
./module/plugin/Fold.nix
./module/plugin/Ollama.nix
./module/plugin/Colorizer.nix
./module/plugin/lsp/Haskell.nix
./module/plugin/lsp/Rust.nix
./module/plugin/lsp/Tex.nix
./module/plugin/lsp/Nix.nix
./module/key/Autocomplete.nix
./module/key/Buffer.nix
./module/key/Cmd.nix
./module/key/Colorscheme.nix
./module/key/Comment.nix
./module/key/Filetree.nix
./module/key/Gitsigns.nix
./module/key/Navigation.nix
./module/key/Ollama.nix
./module/key/Save.nix
./module/key/Sort.nix
./module/key/TabWidth.nix
./module/key/Telescope.nix
./module/key/Terminal.nix
./module/key/Trouble.nix
];
};
configs = [
./module/key/Rekey.nix
./module/key/Leader.nix
./module/config/Autoread.nix
./module/config/Etc.nix
./module/config/Search.nix
./module/config/Tab.nix
./module/config/Highlight.nix
./module/plugin/Filetree.nix
./module/plugin/Gruvbox.nix
./module/plugin/Bufferline.nix
./module/plugin/Autoclose.nix
./module/plugin/Gitsigns.nix
./module/plugin/Trouble.nix
./module/plugin/Closebuffers.nix
./module/plugin/Telescope.nix
./module/plugin/Todo.nix
./module/plugin/Indent.nix
./module/plugin/Align.nix
./module/plugin/Treesitter.nix
./module/plugin/Fold.nix
./module/plugin/Ollama.nix
./module/plugin/Colorizer.nix
./module/plugin/lsp/Haskell.nix
./module/plugin/lsp/Rust.nix
./module/plugin/lsp/Tex.nix
./module/plugin/lsp/Nix.nix
./module/key/Autocomplete.nix
./module/key/Buffer.nix
./module/key/Cmd.nix
./module/key/Colorscheme.nix
./module/key/Comment.nix
./module/key/Filetree.nix
./module/key/Gitsigns.nix
./module/key/Navigation.nix
./module/key/Ollama.nix
./module/key/Save.nix
./module/key/Sort.nix
./module/key/TabWidth.nix
./module/key/Telescope.nix
./module/key/Terminal.nix
./module/key/Trouble.nix
];
};
}

17
home/config/nvim/module/config/Autoread.nix
View file

@ -1,9 +1,10 @@
{ ... }: {
text = ''
vim.o.autoread = true
vim.api.nvim_create_autocmd({ "BufEnter", "CursorHold", "CursorHoldI", "FocusGained" }, {
command = "if mode() != 'c' | checktime | endif",
pattern = { "*" },
})
'';
{ ... }:
{
text = ''
vim.o.autoread = true
vim.api.nvim_create_autocmd({ "BufEnter", "CursorHold", "CursorHoldI", "FocusGained" }, {
command = "if mode() != 'c' | checktime | endif",
pattern = { "*" },
})
'';
}

59
home/config/nvim/module/config/Etc.nix
View file

@ -1,36 +1,37 @@
{ ... }: {
text = ''
-- TODO: Add comments and separate files.
vim.opt.clipboard = "unnamedplus"
vim.opt.cursorline = false
vim.opt.fixeol = false
vim.opt.incsearch = true
vim.opt.number = true
vim.opt.scrolloff = 4
vim.opt.splitbelow = true
vim.opt.splitright = true
vim.opt.termguicolors = true
vim.opt.ttyfast = true
vim.opt.wildmode = "longest,list"
-- vim.opt.completeopt = "menuone,noselect"
{ ... }:
{
text = ''
-- TODO: Add comments and separate files.
vim.opt.clipboard = "unnamedplus"
vim.opt.cursorline = false
vim.opt.fixeol = false
vim.opt.incsearch = true
vim.opt.number = true
vim.opt.scrolloff = 4
vim.opt.splitbelow = true
vim.opt.splitright = true
vim.opt.termguicolors = true
vim.opt.ttyfast = true
vim.opt.wildmode = "longest,list"
-- vim.opt.completeopt = "menuone,noselect"
-- Disable continuing comments on newline.
vim.cmd("autocmd BufEnter * set fo-=c fo-=r fo-=o")
-- Disable continuing comments on newline.
vim.cmd("autocmd BufEnter * set fo-=c fo-=r fo-=o")
-- Disable mouse.
vim.cmd("set mouse=")
-- Disable mouse.
vim.cmd("set mouse=")
-- Disable signs for diagnostics.
vim.diagnostic.config({ signs = false })
-- Disable signs for diagnostics.
vim.diagnostic.config({ signs = false })
-- Display invisible characters.
-- vim.cmd("set list listchars=tab:>\\ ,trail:-,eol:,lead:.")
vim.cmd("set list listchars=tab:>\\ ,trail:-,lead:.")
-- Display invisible characters.
-- vim.cmd("set list listchars=tab:>\\ ,trail:-,eol:,lead:.")
vim.cmd("set list listchars=tab:>\\ ,trail:-,lead:.")
-- Relative line numbers.
vim.wo.relativenumber = true
-- Relative line numbers.
vim.wo.relativenumber = true
-- Disable swap files.
vim.opt.swapfile = false
'';
-- Disable swap files.
vim.opt.swapfile = false
'';
}

61
home/config/nvim/module/config/Highlight.nix
View file

@ -1,27 +1,44 @@
{ config, lib, ... }: let
color = config.style.color;
{ config, lib, ... }:
let
color = config.style.color;
mkHighlight = name: value: ''vim.api.nvim_set_hl(0, "${name}", ${lib.generators.toLua { multiline = false; asBindings = false; } value})'';
mkHighlight =
name: value:
''vim.api.nvim_set_hl(0, "${name}", ${
lib.generators.toLua {
multiline = false;
asBindings = false;
} value
})'';
bg = { bg = "#${color.bg.regular}"; };
selection = { bg = "#${color.selection}"; fg = "#${color.fg.dark}"; bold = true; };
transparent = { bg = lib.generators.mkLuaInline "clear"; };
in {
text = ''
vim.api.nvim_create_autocmd({"ColorScheme", "VimEnter"}, {
group = vim.api.nvim_create_augroup('Color', {}),
pattern = "*",
callback = function ()
-- Backgrounds.
${mkHighlight "CursorLine" bg}
${mkHighlight "TelescopeSelection" bg}
bg = {
bg = "#${color.bg.regular}";
};
selection = {
bg = "#${color.selection}";
fg = "#${color.fg.dark}";
bold = true;
};
transparent = {
bg = lib.generators.mkLuaInline "clear";
};
in
{
text = ''
vim.api.nvim_create_autocmd({"ColorScheme", "VimEnter"}, {
group = vim.api.nvim_create_augroup('Color', {}),
pattern = "*",
callback = function ()
-- Backgrounds.
${mkHighlight "CursorLine" bg}
${mkHighlight "TelescopeSelection" bg}
-- Selection.
${mkHighlight "Visual" selection}
-- Selection.
${mkHighlight "Visual" selection}
-- Transparent.
${mkHighlight "NormalFloat" transparent}
end
})
'';
-- Transparent.
${mkHighlight "NormalFloat" transparent}
end
})
'';
}

17
home/config/nvim/module/config/Search.nix
View file

@ -1,9 +1,10 @@
{ ... }: {
text = ''
vim.opt.hlsearch = true
vim.opt.ignorecase = true
vim.opt.incsearch = true
vim.opt.showmatch = true
vim.opt.smartcase = true
'';
{ ... }:
{
text = ''
vim.opt.hlsearch = true
vim.opt.ignorecase = true
vim.opt.incsearch = true
vim.opt.showmatch = true
vim.opt.smartcase = true
'';
}

28
home/config/nvim/module/config/Tab.nix
View file

@ -1,15 +1,17 @@
{ ... }: let
indentDefault = 2;
in {
text = ''
vim.opt.autoindent = true
vim.opt.expandtab = false
-- vim.opt.smartindent = true
vim.opt.shiftwidth = ${toString indentDefault}
vim.opt.softtabstop = ${toString indentDefault}
vim.opt.tabstop = ${toString indentDefault}
{ ... }:
let
indentDefault = 2;
in
{
text = ''
vim.opt.autoindent = true
vim.opt.expandtab = false
-- vim.opt.smartindent = true
vim.opt.shiftwidth = ${toString indentDefault}
vim.opt.softtabstop = ${toString indentDefault}
vim.opt.tabstop = ${toString indentDefault}
-- Disable Markdown forced formatting.
vim.g.markdown_recommended_style = 0
'';
-- Disable Markdown forced formatting.
vim.g.markdown_recommended_style = 0
'';
}

15
home/config/nvim/module/key/Autocomplete.nix
View file

@ -1,9 +1,10 @@
{ ... }: {
text = ''
-- Autocomplete.
rekey_input("<C-space>", "<C-n>")
{ ... }:
{
text = ''
-- Autocomplete.
rekey_input("<C-space>", "<C-n>")
-- LSP autocomplete.
rekey_normal("<C-space>", "<cmd>lua vim.lsp.buf.code_action()<cr>")
'';
-- LSP autocomplete.
rekey_normal("<C-space>", "<cmd>lua vim.lsp.buf.code_action()<cr>")
'';
}

27
home/config/nvim/module/key/Buffer.nix
View file

@ -1,16 +1,17 @@
{ ... }: {
text = ''
-- New empty buffer.
remap_normal("<Leader>n", "<cmd>enew<cr>")
{ ... }:
{
text = ''
-- New empty buffer.
remap_normal("<Leader>n", "<cmd>enew<cr>")
-- Close buffer.
function _buf_close()
pcall(vim.cmd, "w")
vim.cmd[[bp|sp|bn|bd!]]
end
rekey_normal("<Leader>x", "<cmd>lua _buf_close()<cr>")
-- Close buffer.
function _buf_close()
pcall(vim.cmd, "w")
vim.cmd[[bp|sp|bn|bd!]]
end
rekey_normal("<Leader>x", "<cmd>lua _buf_close()<cr>")
-- Close all hidden buffers.
rekey_normal("<Leader>X", "<cmd>BDelete hidden<cr><C-l>")
'';
-- Close all hidden buffers.
rekey_normal("<Leader>X", "<cmd>BDelete hidden<cr><C-l>")
'';
}

Some files were not shown because too many files have changed in this diff Show more