Container : Add some docs.

2024-06-24 03:32:33 +03:00 · 2024-06-24 03:32:33 +03:00 · d6604dd12b
parent f07fe401f1
commit d6604dd12b
10 changed files with 170 additions and 171 deletions
--- a/Readme.md
+++ b/Readme.md
@ -4,8 +4,8 @@
 <details>
 <summary>Screenshot 1</summary>
-<img src="https://i.imgur.com/aGmmVJa.png" />
+<img src="https://i.imgur.com/F7ki7sQ.jpeg" />
-<a href="https://r4.wallpaperflare.com/wallpaper/500/198/463/pixel-art-digital-art-pixelated-pixels-wallpaper-b980f83df17add4b2677d8cf6091268d.jpg">Wallpaper link</a>
+<a href="https://i.imgur.com/0RldJsX.jpeg">Wallpaper link</a>
 </details>
 <details>
@ -24,6 +24,20 @@
 Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/stylix).
 ## Discovering my configuration.
 Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the [very basics of Nix language](https://nixos.org/guides/nix-pills/). Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
 Please tell me if you find any undocumented parts.
 ## Configuration highlights.
 * [Keyd](module/common/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
 * NixOS Containers (nspawn). Containers are great. I LOVE containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! [Here](host/home/Container.nix) is how I add containers to the host, [here](container/default.nix) is the global configuration and [here](container) are all the containers.
 * NixOnDroid can be used to set up your environment inside the Termux app on Android. It also gives you access to all the Nixpkgs binaries for Arm. Configuration can be found [here](android/), but you also need to add the definition to the root `flake.nix (nixOnDroidConfigurations.default)`. [Here](https://github.com/nix-community/nix-on-droid) are the docs.
 * [Stylix](module/common/Stylix.nix) can be used to change colors for the whole system based on current wallpaper. Example usages: [Sway](module/desktop/sway/module/Style.nix), [fuzzel](user/common/fuzzel/default.nix) and [Tmux](module/common/tmux/module/Status.nix).
 * [Signed auto-updates](module/common/AutoUpdateSigned.nix). Updates are pulled every hour and require the last commit to be signed with my signature.
 ## WIP: NixOS learning roadmap.
 0. [Nix Pills](https://nixos.org/guides/nix-pills/). This is a bit controversial one. Try it, but if it's hard to read for you - just skip it for now.
@ -39,20 +53,6 @@ Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/sty
 ??? (Optional) Dev Shells.  
 ??? (Optional) Impermanence.  
 ## WIP: Discovering my configuration.
 Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the very basics of Nix language. If you can give a basic answer to these questions, you may continue:
 1. What a set is?
 2. How to define a function?
 3. *???*
 Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
 ## WIP: Configuration highlights.
 * [Keyd](module/common/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
 ## Keyboard layouts.
 Yellow are modifier keys, they enable layers when held. Green ones are just modified keys.
--- a/android/Environment.nix
+++ b/android/Environment.nix
@ -1,10 +1,18 @@
-{ pkgs, setting, ... }: {
+{ pkgs, ... }: {
 	variables = {
 		# Default text editor.
 		EDITOR = "nvim";
 		# App to use for man pages.
 		MANPAGER = "nvim +Man!";
 		# Allow unfree packages in shell.
 		NIXPKGS_ALLOW_UNFREE = "1";
 		# Current system architecture.
 		NIX_CURRENT_SYSTEM = "${pkgs.stdenv.system}";
 		# Terminal settings.
 		TERM = "xterm-256color";
 		TERMINAL             = setting.terminal.bin;
 	};
 }
--- a/android/Package.nix
+++ b/android/Package.nix
@ -1,33 +1,36 @@
 { pkgs, ... }: {
 	list = with pkgs; [
-		android-tools
+		android-tools   # Android adb tool. Can be used to connect to itself via wireless debugging.
-		binwalk
+		binwalk         # Can analyze files for other files inside them.
-		coreutils dnsutils diffutils findutils utillinux
+		curl            # CLI http client.
-		curl
+		exiftool        # Image info.
-		ffmpeg
+		ffmpeg          # Video/audio converter.
-		file
+		file            # Get general info about a file.
-		gawk gnused gnugrep gnumake ripgrep
+		gdu             # TUI storage analyzer.
-		gcc
+		git             # Version control system.
-		gdu
+		gnutar gzip xz  # Archive and compression tools.
-		git
+		imagemagick     # Image converter and transformation tool.
-		gnutar gzip xz
+		inetutils       # Things like FTP.
-		hostname
+		jq              # Json parser.
-		imagemagick
+		lsof            # Find current file users.
-		inetutils
+		man             # App to read manuals.
-		jq
+		neovim gcc      # CLI text editor.
-		lsof
+		nmap            # Network analyzer.
-		man
+		openssh         # Ssh client.
-		nmap
+		parallel        # Run programs in parallel.
-		openssh
+		pv              # IO progress bar.
-		parallel
+		ripgrep         # Grep for file search.
-		tmux
+		rsync           # File copy tool.
-		pv
+		sqlite          # Serverless file-based database engine.
-		rsync
+		tmux            # Terminal multiplexor.
-		sqlite
+		tree            # Show directory stricture as a tree.
-		tree
+		wget            # CLI http download tool.
-		wget
+		wireguard-tools # Tools to work with Wireguard.
-		yt-dlp
+		yazi chafa      # CLI file manager.
-		yazi chafa
+		yt-dlp          # Video downloader.
-		zip unzip
+		zip unzip       # Zip archive/unarchive tools.
 		coreutils dnsutils diffutils findutils utillinux # Common utilities.
 		gawk gnused gnugrep gnumake ripgrep              # Common Gnu utils.
 	];
 }
--- a/android/default.nix
+++ b/android/default.nix
@ -24,15 +24,22 @@
 	tmux = import ../module/common/tmux args;
 	yazi = import ../user/common/yazi args;
 in {
 	# Configure system.
 	time.timeZone    = const.timeZone;
 	nix.extraOptions = nix.extraOptions;
 	# Install packages.
 	environment.packages = package.list;
 	home-manager.config = {
 		home = {
 			# Release version.
 			stateVersion = const.droidStateVersion;
 			# Environment variables.
 			sessionVariables = environment.variables;
 			# Where to put config files.
 			file = {
 				".dotfiles".source = inputs.self;
 				".ssh/config".text = ssh.config;
@ -45,6 +52,7 @@ in {
 			};
 		};
 		# Special app configuration.
 		programs = {
 			bash = {
 				enable = true;
@ -68,7 +76,7 @@ in {
 			gpg = {
 				enable = true;
-				publicKeys = secret.crypto.publicKeys;
+				inherit (secret.crypto) publicKeys;
 			};
 		};
 	};
--- a/container/default.nix
+++ b/container/default.nix
@ -8,35 +8,57 @@
 , ... }: {
 	inherit host;
 	# Common configuration for all the containers.
 	mkContainer = config: cfg: lib.recursiveUpdate {
 		# Start containers with the system by default.
 		autoStart = true;
 		# IP Address of the host. This is required for container to have access to the Internet.
 		hostAddress = host;
 		# Container's IP address.
 		localAddress = config.address;
 		# Isolate container from other hosts.
 		privateNetwork = true;
 	} cfg;
 	# Common configuration for the system inside the container.
 	mkContainerConfig = config: cfg: lib.recursiveUpdate {
 		# HACK: Do not evaluate nixpkgs inside the container. Use host's instead.
 		nixpkgs.pkgs = lib.mkForce pkgs;
 		# Release version.
 		system.stateVersion = const.stateVersion;
 		# Allow passwordless login as root.
 		users.users.root.password = "";
 		users.mutableUsers = false;
 		networking = {
 			# Default DNS servers.
 			nameservers = [
 				"1.1.1.1"
 			];
 			# HACK: Fix for upstream issue: https://github.com/NixOS/nixpkgs/issues/162686
 			useHostResolvConf = lib.mkForce false;
 			# Disable firewall.
 			firewall.enable = false;
 		};
 	} cfg;
 	# Create a directory on the host for container use.
 	mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs;
 	# Common configuration for Nginx server.
 	mkServer = cfg: lib.recursiveUpdate {
 		forceSSL = false;
 	} cfg;
 	# Attach the host media directory to container.
 	# They will be added to /type/{0..9}
 	attachMedia = type: paths: ro: builtins.listToAttrs (lib.imap0 (i: path:
 		{
 			name = "/${type}/${toString i}";
@ -47,8 +69,11 @@
 		}
 	) paths);
 	# Range of local addresses who have access to sensitive paths like admin panels.
 	# Other addresses will get 403.
 	localAccess = "192.168.1.0/24";
 	# Per-container configurations.
 	config = {
 		camera = {
 			address = "192.168.2.249";
--- a/host/home/Container.nix
+++ b/host/home/Container.nix
@ -9,10 +9,19 @@
 , pkgsStable
 , ... }: let
 	args = let
 		# Path where all the container data will be stored.
 		storage = "/storage/hot/container";
 		# Domain used to host stuff. All the services will be like `service.${domain}`.
 		domain  = "voronind.com";
 		# External IP address of the host, where all the services will listen to.
 		host    = "192.168.1.2";
 		# External interface where all the services will listen on.
 		externalInterface = "enp7s0";
 		# Paths to media content. Later they can be plugged to the containers using the `attachMedia "photo"` function.
 		media = {
 			anime    = [ "/storage/cold_1/media/anime" "/storage/cold_2/media/anime" ];
 			book     = [ "/storage/hot/media/book" ];
@ -29,13 +38,16 @@
 			youtube  = [ "/storage/cold_1/media/youtube" "/storage/cold_2/media/youtube" ];
 		};
 	in {
 		# Pass all the arguments further.
 		inherit storage domain host pkgs const lib config util media externalInterface;
 		inherit poetry2nixJobber pkgsJobber;
 		inherit pkgsMaster pkgsStable;
 		# Pass the global container configuration.
 		container = import ../../container args;
 	};
 in {
 	# List of containers enabled on this host.
 	imports = [
 		(import ../../container/Change.nix args)
 		(import ../../container/Cloud.nix args)
@ -66,83 +78,12 @@ in {
 		(import ../../container/Yt.nix args)
 	];
 	# This is the network for all the containers.
 	# They are not available to the external interface by default,
 	# instead they all expose specific ports in their configuration.
 	networking.nat = {
 		enable = true;
 		internalInterfaces = [ "ve-+" ];
 		inherit (args) externalInterface;
 		# TODO: Do I even need this?
 		forwardPorts = with args.container.config; [
 			# Dns Server.
 			{
 				destination = "${dns.address}:53";
 				proto       = "udp";
 				sourcePort  = 53;
 			} {
 				destination = "${dns.address}:53";
 				proto       = "tcp";
 				sourcePort  = 53;
 			}
 			# Reverse proxy.
 			#{
 			#	destination = "${proxy.address}:80";
 			#	proto       = "tcp";
 			#	sourcePort  = 80;
 			#} {
 			{
 				destination = "${proxy.address}:443";
 				proto       = "tcp";
 				sourcePort  = 443;
 			}
 			# Cups.
 			{
 				destination = "${print.address}:${toString print.port}";
 				proto       = "tcp";
 				sourcePort  = 631;
 			} {
 				destination = "${print.address}:6566";
 				proto       = "tcp";
 				sourcePort  = 6566;
 			}
 			# Wireguard.
 			{
 				destination = "${vpn.address}:${toString vpn.port}";
 				proto       = "udp";
 				sourcePort  = 51820;
 			}
 			# Deluge.
 			{
 				destination = "${download.address}:${toString download.port}";
 				proto       = "tcp";
 				sourcePort  = 8112;
 			} {
 				destination = "${download.address}:54630-54631";
 				proto       = "udp";
 				sourcePort  = "54630:54631";
 			} {
 				destination = "${download.address}:54630-54631";
 				proto       = "tcp";
 				sourcePort  = "54630:54631";
 			}
 			# Mail.
 			{
 				destination = "${mail.address}:25";
 				proto       = "tcp";
 				sourcePort  = 25;
 			} {
 				destination = "${mail.address}:465";
 				proto       = "tcp";
 				sourcePort  = 465;
 			} {
 				destination = "${mail.address}:993";
 				proto       = "tcp";
 				sourcePort  = 993;
 			}
 		];
 	};
 }
--- a/module/common/Package.nix
+++ b/module/common/Package.nix
@ -7,13 +7,16 @@
 		cryptsetup        # Filesystem encryption (LUKS).
 		curl              # CLI http client.
 		ddrescue testdisk # Apps to recover data from drives.
 		diffutils         # Diff tool.
 		dnsutils          # Dns utilities like host.
 		exiftool          # Image info.
 		fastfetch         # Systeminfo summary.
 		ffmpeg            # Video/audio converter.
 		file              # Get general info about a file.
 		findutils         # Find tool.
 		gcc               # C compiler.
 		gdu               # TUI storage analyzer.
 		git               # Version control system.
 		gnumake gnused    # GNU utils.
 		gparted parted    # GUI/CLI disk partition tool.
 		imagemagick       # Image converter and transformation tool.
@ -23,16 +26,19 @@
 		lshw              # Detailed hardware info tool.
 		lsof              # Find current file users.
 		ltex-ls           # Latex LSP for neovim spellcheck.
 		man               # App to read manuals.
 		nixd              # Nix LSP.
 		nmap              # Network analyzer.
 		parallel          # Run programs in parallel.
 		pv                # IO progress bar.
 		ripgrep           # Grep for file search.
 		rsync             # File copy tool.
 		scanmem           # Memory edit tool.
 		smartmontools     # S.M.A.R.T. tools.
 		sqlite            # Serverless file-based database engine.
 		tree              # Show directory stricture as a tree.
 		usbutils          # Usb utilities like udiskctl.
 		utillinux         # Common Linux utilities.
 		ventoy            # Boot multiple ISO/images from a single USB stick.
 		wget              # CLI http download tool.
 		wireguard-tools   # Tools to work with Wireguard.
@ -45,5 +51,8 @@
 	# Special packages.
 	programs.adb.enable     = true;
 	services.udisks2.enable = true;
-	programs.java.enable    = true;
+	programs.java = {
 		enable  = true;
 		package = pkgs.corretto21;
 	};
 }
--- a/module/common/bash/module/Ssh.nix
+++ b/module/common/bash/module/Ssh.nix
@ -9,7 +9,7 @@
 		# Mount FS over ssh. Just extra config for sshfs.
 		# Usage: ssh_mount <REMOTE> <LOCAL>
 		function ssh_mount_ro() {
-			sshfs -o uid=1000,auto_unmount,allow_other,ro "''${@}"
+			sshfs -o uid=''${UID},auto_unmount,ro "''${@}"
 		}
 		# Generate private an public keys on a local host and print a public key.
--- a/module/desktop/App.nix
+++ b/module/desktop/App.nix
@ -1,4 +1,4 @@
-{ pkgs, pkgsStable, pkgsMaster, ... } @args: let
+{ pkgs, pkgsStable, pkgsMaster, setting, ... } @args: let
 	mangohud = import ./mangohud args;
 in {
 	imports = [
@ -37,6 +37,7 @@ in {
 			blender-hip              # Blender with HiP support.
 			calibre                  # Book library manager.
 			evince                   # Document viewer.
 			foot                     # Terminal emulator.
 			gimp                     # Image manipulation program.
 			gnome.adwaita-icon-theme # GTK icons.
 			gnome.gnome-calculator   # Calculator.
@ -65,6 +66,10 @@ in {
 			# GTK apps compat.
 			GTK_CSD = 0;
 			# Terminal settings.
 			TERM     = "xterm-256color";
 			TERMINAL = setting.terminal.bin;
 		};
 	};
--- a/user/common/default.nix
+++ b/user/common/default.nix
@ -67,7 +67,7 @@ in {
 				home-manager.enable = true;
 				gpg = {
 					enable = true;
-					publicKeys = secret.crypto.publicKeys;
+					inherit (secret.crypto) publicKeys;
 				};
 			};
 		};