voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Container : Add some docs.

Browse source
This commit is contained in:
Dmitry Voronin 2024-06-24 03:32:33 +03:00
parent f07fe401f1
commit d6604dd12b
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
10 changed files with 170 additions and 171 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Readme.md
View file

@ -4,8 +4,8 @@
<details> <details>
<summary>Screenshot 1</summary> <summary>Screenshot 1</summary>
<img src="https://i.imgur.com/aGmmVJa.png" /> <img src="https://i.imgur.com/F7ki7sQ.jpeg" />
<a href="https://r4.wallpaperflare.com/wallpaper/500/198/463/pixel-art-digital-art-pixelated-pixels-wallpaper-b980f83df17add4b2677d8cf6091268d.jpg">Wallpaper link</a> <a href="https://i.imgur.com/0RldJsX.jpeg">Wallpaper link</a>
</details> </details>
<details> <details>
@ -24,6 +24,20 @@
Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/stylix). Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/stylix).
## Discovering my configuration.
Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the [very basics of Nix language](https://nixos.org/guides/nix-pills/). Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
Please tell me if you find any undocumented parts.
## Configuration highlights.
* [Keyd](module/common/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
* NixOS Containers (nspawn). Containers are great. I LOVE containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! [Here](host/home/Container.nix) is how I add containers to the host, [here](container/default.nix) is the global configuration and [here](container) are all the containers.
* NixOnDroid can be used to set up your environment inside the Termux app on Android. It also gives you access to all the Nixpkgs binaries for Arm. Configuration can be found [here](android/), but you also need to add the definition to the root `flake.nix (nixOnDroidConfigurations.default)`. [Here](https://github.com/nix-community/nix-on-droid) are the docs.
* [Stylix](module/common/Stylix.nix) can be used to change colors for the whole system based on current wallpaper. Example usages: [Sway](module/desktop/sway/module/Style.nix), [fuzzel](user/common/fuzzel/default.nix) and [Tmux](module/common/tmux/module/Status.nix).
* [Signed auto-updates](module/common/AutoUpdateSigned.nix). Updates are pulled every hour and require the last commit to be signed with my signature.
## WIP: NixOS learning roadmap. ## WIP: NixOS learning roadmap.
0. [Nix Pills](https://nixos.org/guides/nix-pills/). This is a bit controversial one. Try it, but if it's hard to read for you - just skip it for now. 0. [Nix Pills](https://nixos.org/guides/nix-pills/). This is a bit controversial one. Try it, but if it's hard to read for you - just skip it for now.
@ -39,20 +53,6 @@ Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/sty
??? (Optional) Dev Shells. ??? (Optional) Dev Shells.
??? (Optional) Impermanence. ??? (Optional) Impermanence.
## WIP: Discovering my configuration.
Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the very basics of Nix language. If you can give a basic answer to these questions, you may continue:
1. What a set is?
2. How to define a function?
3. *???*
Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
## WIP: Configuration highlights.
* [Keyd](module/common/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
## Keyboard layouts. ## Keyboard layouts.
Yellow are modifier keys, they enable layers when held. Green ones are just modified keys. Yellow are modifier keys, they enable layers when held. Green ones are just modified keys.

20
android/Environment.nix
View file

@ -1,10 +1,18 @@
{ pkgs, setting, ... }: { { pkgs, ... }: {
variables = { variables = {
EDITOR = "nvim"; # Default text editor.
MANPAGER = "nvim +Man!"; EDITOR = "nvim";
# App to use for man pages.
MANPAGER = "nvim +Man!";
# Allow unfree packages in shell.
NIXPKGS_ALLOW_UNFREE = "1"; NIXPKGS_ALLOW_UNFREE = "1";
NIX_CURRENT_SYSTEM = "${pkgs.stdenv.system}";
TERM = "xterm-256color"; # Current system architecture.
TERMINAL = setting.terminal.bin; NIX_CURRENT_SYSTEM = "${pkgs.stdenv.system}";
# Terminal settings.
TERM = "xterm-256color";
}; };
} }

61
android/Package.nix
View file

@ -1,33 +1,36 @@
{ pkgs, ... }: { { pkgs, ... }: {
list = with pkgs; [ list = with pkgs; [
android-tools android-tools # Android adb tool. Can be used to connect to itself via wireless debugging.
binwalk binwalk # Can analyze files for other files inside them.
coreutils dnsutils diffutils findutils utillinux curl # CLI http client.
curl exiftool # Image info.
ffmpeg ffmpeg # Video/audio converter.
file file # Get general info about a file.
gawk gnused gnugrep gnumake ripgrep gdu # TUI storage analyzer.
gcc git # Version control system.
gdu gnutar gzip xz # Archive and compression tools.
git imagemagick # Image converter and transformation tool.
gnutar gzip xz inetutils # Things like FTP.
hostname jq # Json parser.
imagemagick lsof # Find current file users.
inetutils man # App to read manuals.
jq neovim gcc # CLI text editor.
lsof nmap # Network analyzer.
man openssh # Ssh client.
nmap parallel # Run programs in parallel.
openssh pv # IO progress bar.
parallel ripgrep # Grep for file search.
tmux rsync # File copy tool.
pv sqlite # Serverless file-based database engine.
rsync tmux # Terminal multiplexor.
sqlite tree # Show directory stricture as a tree.
tree wget # CLI http download tool.
wget wireguard-tools # Tools to work with Wireguard.
yt-dlp yazi chafa # CLI file manager.
yazi chafa yt-dlp # Video downloader.
zip unzip zip unzip # Zip archive/unarchive tools.
coreutils dnsutils diffutils findutils utillinux # Common utilities.
gawk gnused gnugrep gnumake ripgrep # Common Gnu utils.
]; ];
} }

12
android/default.nix
View file

@ -24,15 +24,22 @@
tmux = import ../module/common/tmux args; tmux = import ../module/common/tmux args;
yazi = import ../user/common/yazi args; yazi = import ../user/common/yazi args;
in { in {
# Configure system.
time.timeZone = const.timeZone; time.timeZone = const.timeZone;
nix.extraOptions = nix.extraOptions; nix.extraOptions = nix.extraOptions;
# Install packages.
environment.packages = package.list; environment.packages = package.list;
home-manager.config = { home-manager.config = {
home = { home = {
stateVersion = const.droidStateVersion; # Release version.
stateVersion = const.droidStateVersion;
# Environment variables.
sessionVariables = environment.variables; sessionVariables = environment.variables;
# Where to put config files.
file = { file = {
".dotfiles".source = inputs.self; ".dotfiles".source = inputs.self;
".ssh/config".text = ssh.config; ".ssh/config".text = ssh.config;
@ -45,6 +52,7 @@ in {
}; };
}; };
# Special app configuration.
programs = { programs = {
bash = { bash = {
enable = true; enable = true;
@ -68,7 +76,7 @@ in {
gpg = { gpg = {
enable = true; enable = true;
publicKeys = secret.crypto.publicKeys; inherit (secret.crypto) publicKeys;
}; };
}; };
}; };

31
container/default.nix
View file

@ -8,35 +8,57 @@
, ... }: { , ... }: {
inherit host; inherit host;
# Common configuration for all the containers.
mkContainer = config: cfg: lib.recursiveUpdate { mkContainer = config: cfg: lib.recursiveUpdate {
autoStart = true; # Start containers with the system by default.
hostAddress = host; autoStart = true;
localAddress = config.address;
# IP Address of the host. This is required for container to have access to the Internet.
hostAddress = host;
# Container's IP address.
localAddress = config.address;
# Isolate container from other hosts.
privateNetwork = true; privateNetwork = true;
} cfg; } cfg;
# Common configuration for the system inside the container.
mkContainerConfig = config: cfg: lib.recursiveUpdate { mkContainerConfig = config: cfg: lib.recursiveUpdate {
# HACK: Do not evaluate nixpkgs inside the container. Use host's instead.
nixpkgs.pkgs = lib.mkForce pkgs; nixpkgs.pkgs = lib.mkForce pkgs;
# Release version.
system.stateVersion = const.stateVersion; system.stateVersion = const.stateVersion;
# Allow passwordless login as root.
users.users.root.password = ""; users.users.root.password = "";
users.mutableUsers = false; users.mutableUsers = false;
networking = { networking = {
# Default DNS servers.
nameservers = [ nameservers = [
"1.1.1.1" "1.1.1.1"
]; ];
# HACK: Fix for upstream issue: https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false; useHostResolvConf = lib.mkForce false;
# Disable firewall.
firewall.enable = false; firewall.enable = false;
}; };
} cfg; } cfg;
# Create a directory on the host for container use.
mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs; mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs;
# Common configuration for Nginx server.
mkServer = cfg: lib.recursiveUpdate { mkServer = cfg: lib.recursiveUpdate {
forceSSL = false; forceSSL = false;
} cfg; } cfg;
# Attach the host media directory to container.
# They will be added to /type/{0..9}
attachMedia = type: paths: ro: builtins.listToAttrs (lib.imap0 (i: path: attachMedia = type: paths: ro: builtins.listToAttrs (lib.imap0 (i: path:
{ {
name = "/${type}/${toString i}"; name = "/${type}/${toString i}";
@ -47,8 +69,11 @@
} }
) paths); ) paths);
# Range of local addresses who have access to sensitive paths like admin panels.
# Other addresses will get 403.
localAccess = "192.168.1.0/24"; localAccess = "192.168.1.0/24";
# Per-container configurations.
config = { config = {
camera = { camera = {
address = "192.168.2.249"; address = "192.168.2.249";

89
host/home/Container.nix
View file

@ -9,10 +9,19 @@
, pkgsStable , pkgsStable
, ... }: let , ... }: let
args = let args = let
# Path where all the container data will be stored.
storage = "/storage/hot/container"; storage = "/storage/hot/container";
# Domain used to host stuff. All the services will be like `service.${domain}`.
domain = "voronind.com"; domain = "voronind.com";
# External IP address of the host, where all the services will listen to.
host = "192.168.1.2"; host = "192.168.1.2";
# External interface where all the services will listen on.
externalInterface = "enp7s0"; externalInterface = "enp7s0";
# Paths to media content. Later they can be plugged to the containers using the `attachMedia "photo"` function.
media = { media = {
anime = [ "/storage/cold_1/media/anime" "/storage/cold_2/media/anime" ]; anime = [ "/storage/cold_1/media/anime" "/storage/cold_2/media/anime" ];
book = [ "/storage/hot/media/book" ]; book = [ "/storage/hot/media/book" ];
@ -29,13 +38,16 @@
youtube = [ "/storage/cold_1/media/youtube" "/storage/cold_2/media/youtube" ]; youtube = [ "/storage/cold_1/media/youtube" "/storage/cold_2/media/youtube" ];
}; };
in { in {
# Pass all the arguments further.
inherit storage domain host pkgs const lib config util media externalInterface; inherit storage domain host pkgs const lib config util media externalInterface;
inherit poetry2nixJobber pkgsJobber; inherit poetry2nixJobber pkgsJobber;
inherit pkgsMaster pkgsStable; inherit pkgsMaster pkgsStable;
# Pass the global container configuration.
container = import ../../container args; container = import ../../container args;
}; };
in { in {
# List of containers enabled on this host.
imports = [ imports = [
(import ../../container/Change.nix args) (import ../../container/Change.nix args)
(import ../../container/Cloud.nix args) (import ../../container/Cloud.nix args)
@ -66,83 +78,12 @@ in {
(import ../../container/Yt.nix args) (import ../../container/Yt.nix args)
]; ];
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-+" ]; internalInterfaces = [ "ve-+" ];
inherit (args) externalInterface; inherit (args) externalInterface;
# TODO: Do I even need this?
forwardPorts = with args.container.config; [
# Dns Server.
{
destination = "${dns.address}:53";
proto = "udp";
sourcePort = 53;
} {
destination = "${dns.address}:53";
proto = "tcp";
sourcePort = 53;
}
# Reverse proxy.
#{
# destination = "${proxy.address}:80";
# proto = "tcp";
# sourcePort = 80;
#} {
{
destination = "${proxy.address}:443";
proto = "tcp";
sourcePort = 443;
}
# Cups.
{
destination = "${print.address}:${toString print.port}";
proto = "tcp";
sourcePort = 631;
} {
destination = "${print.address}:6566";
proto = "tcp";
sourcePort = 6566;
}
# Wireguard.
{
destination = "${vpn.address}:${toString vpn.port}";
proto = "udp";
sourcePort = 51820;
}
# Deluge.
{
destination = "${download.address}:${toString download.port}";
proto = "tcp";
sourcePort = 8112;
} {
destination = "${download.address}:54630-54631";
proto = "udp";
sourcePort = "54630:54631";
} {
destination = "${download.address}:54630-54631";
proto = "tcp";
sourcePort = "54630:54631";
}
# Mail.
{
destination = "${mail.address}:25";
proto = "tcp";
sourcePort = 25;
} {
destination = "${mail.address}:465";
proto = "tcp";
sourcePort = 465;
} {
destination = "${mail.address}:993";
proto = "tcp";
sourcePort = 993;
}
];
}; };
} }

85
module/common/Package.nix
View file

@ -1,43 +1,49 @@
{ pkgs, ... }: { { pkgs, ... }: {
# List of common packages I use. # List of common packages I use.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
binwalk # Can analyze files for other files inside them. binwalk # Can analyze files for other files inside them.
btop htop # System monitors. btop htop # System monitors.
coreutils # Common utilities. coreutils # Common utilities.
cryptsetup # Filesystem encryption (LUKS). cryptsetup # Filesystem encryption (LUKS).
curl # CLI http client. curl # CLI http client.
ddrescue testdisk # Apps to recover data from drives. ddrescue testdisk # Apps to recover data from drives.
dnsutils # Dns utilities like host. diffutils # Diff tool.
exiftool # Image info. dnsutils # Dns utilities like host.
fastfetch # Systeminfo summary. exiftool # Image info.
ffmpeg # Video/audio converter. fastfetch # Systeminfo summary.
file # Get general info about a file. ffmpeg # Video/audio converter.
gcc # C compiler. file # Get general info about a file.
gdu # TUI storage analyzer. findutils # Find tool.
gnumake gnused # GNU utils. gcc # C compiler.
gparted parted # GUI/CLI disk partition tool. gdu # TUI storage analyzer.
imagemagick # Image converter and transformation tool. git # Version control system.
inetutils # Things like FTP. gnumake gnused # GNU utils.
jq # Json parser. gparted parted # GUI/CLI disk partition tool.
lm_sensors # Hardware sensors, like temperature and fan speeds. imagemagick # Image converter and transformation tool.
lshw # Detailed hardware info tool. inetutils # Things like FTP.
lsof # Find current file users. jq # Json parser.
ltex-ls # Latex LSP for neovim spellcheck. lm_sensors # Hardware sensors, like temperature and fan speeds.
nixd # Nix LSP. lshw # Detailed hardware info tool.
nmap # Network analyzer. lsof # Find current file users.
parallel # Run programs in parallel. ltex-ls # Latex LSP for neovim spellcheck.
pv # IO progress bar. man # App to read manuals.
ripgrep # Grep for file search. nixd # Nix LSP.
scanmem # Memory edit tool. nmap # Network analyzer.
smartmontools # S.M.A.R.T. tools. parallel # Run programs in parallel.
sqlite # Serverless file-based database engine. pv # IO progress bar.
tree # Show directory stricture as a tree. ripgrep # Grep for file search.
usbutils # Usb utilities like udiskctl. rsync # File copy tool.
ventoy # Boot multiple ISO/images from a single USB stick. scanmem # Memory edit tool.
wget # CLI http download tool. smartmontools # S.M.A.R.T. tools.
wireguard-tools # Tools to work with Wireguard. sqlite # Serverless file-based database engine.
yazi chafa # CLI file manager. tree # Show directory stricture as a tree.
zip unzip # Zip archive/unarchive tools. usbutils # Usb utilities like udiskctl.
utillinux # Common Linux utilities.
ventoy # Boot multiple ISO/images from a single USB stick.
wget # CLI http download tool.
wireguard-tools # Tools to work with Wireguard.
yazi chafa # CLI file manager.
zip unzip # Zip archive/unarchive tools.
universal-android-debloater # Debloat Android devices. universal-android-debloater # Debloat Android devices.
]; ];
@ -45,5 +51,8 @@
# Special packages. # Special packages.
programs.adb.enable = true; programs.adb.enable = true;
services.udisks2.enable = true; services.udisks2.enable = true;
programs.java.enable = true; programs.java = {
enable = true;
package = pkgs.corretto21;
};
} }

2
module/common/bash/module/Ssh.nix
View file

@ -9,7 +9,7 @@
# Mount FS over ssh. Just extra config for sshfs. # Mount FS over ssh. Just extra config for sshfs.
# Usage: ssh_mount <REMOTE> <LOCAL> # Usage: ssh_mount <REMOTE> <LOCAL>
function ssh_mount_ro() { function ssh_mount_ro() {
sshfs -o uid=1000,auto_unmount,allow_other,ro "''${@}" sshfs -o uid=''${UID},auto_unmount,ro "''${@}"
} }
# Generate private an public keys on a local host and print a public key. # Generate private an public keys on a local host and print a public key.

7
module/desktop/App.nix
View file

@ -1,4 +1,4 @@
{ pkgs, pkgsStable, pkgsMaster, ... } @args: let { pkgs, pkgsStable, pkgsMaster, setting, ... } @args: let
mangohud = import ./mangohud args; mangohud = import ./mangohud args;
in { in {
imports = [ imports = [
@ -37,6 +37,7 @@ in {
blender-hip # Blender with HiP support. blender-hip # Blender with HiP support.
calibre # Book library manager. calibre # Book library manager.
evince # Document viewer. evince # Document viewer.
foot # Terminal emulator.
gimp # Image manipulation program. gimp # Image manipulation program.
gnome.adwaita-icon-theme # GTK icons. gnome.adwaita-icon-theme # GTK icons.
gnome.gnome-calculator # Calculator. gnome.gnome-calculator # Calculator.
@ -65,6 +66,10 @@ in {
# GTK apps compat. # GTK apps compat.
GTK_CSD = 0; GTK_CSD = 0;
# Terminal settings.
TERM = "xterm-256color";
TERMINAL = setting.terminal.bin;
}; };
}; };

2
user/common/default.nix
View file

@ -67,7 +67,7 @@ in {
home-manager.enable = true; home-manager.enable = true;
gpg = { gpg = {
enable = true; enable = true;
publicKeys = secret.crypto.publicKeys; inherit (secret.crypto) publicKeys;
}; };
}; };
}; };