voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Container : Add some docs.

Browse source
This commit is contained in:
Dmitry Voronin 2024-06-24 03:32:33 +03:00
parent f07fe401f1
commit d6604dd12b
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
10 changed files with 170 additions and 171 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Readme.md
View file

@ -4,8 +4,8 @@
<details>
<summary>Screenshot 1</summary>
<img src="https://i.imgur.com/aGmmVJa.png" />
<a href="https://r4.wallpaperflare.com/wallpaper/500/198/463/pixel-art-digital-art-pixelated-pixels-wallpaper-b980f83df17add4b2677d8cf6091268d.jpg">Wallpaper link</a>
<img src="https://i.imgur.com/F7ki7sQ.jpeg" />
<a href="https://i.imgur.com/0RldJsX.jpeg">Wallpaper link</a>
</details>
<details>
@ -24,6 +24,20 @@
Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/stylix).
## Discovering my configuration.
Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the [very basics of Nix language](https://nixos.org/guides/nix-pills/). Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
Please tell me if you find any undocumented parts.
## Configuration highlights.
* [Keyd](module/common/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
* NixOS Containers (nspawn). Containers are great. I LOVE containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! Containers! [Here](host/home/Container.nix) is how I add containers to the host, [here](container/default.nix) is the global configuration and [here](container) are all the containers.
* NixOnDroid can be used to set up your environment inside the Termux app on Android. It also gives you access to all the Nixpkgs binaries for Arm. Configuration can be found [here](android/), but you also need to add the definition to the root `flake.nix (nixOnDroidConfigurations.default)`. [Here](https://github.com/nix-community/nix-on-droid) are the docs.
* [Stylix](module/common/Stylix.nix) can be used to change colors for the whole system based on current wallpaper. Example usages: [Sway](module/desktop/sway/module/Style.nix), [fuzzel](user/common/fuzzel/default.nix) and [Tmux](module/common/tmux/module/Status.nix).
* [Signed auto-updates](module/common/AutoUpdateSigned.nix). Updates are pulled every hour and require the last commit to be signed with my signature.
## WIP: NixOS learning roadmap.
0. [Nix Pills](https://nixos.org/guides/nix-pills/). This is a bit controversial one. Try it, but if it's hard to read for you - just skip it for now.
@ -39,20 +53,6 @@ Color theming based on wallpaper thanks to [Stylix](https://github.com/danth/sty
??? (Optional) Dev Shells.
??? (Optional) Impermanence.
## WIP: Discovering my configuration.
Even tho I've tried to document everything I can in a dum-dum way, I still highly recommend you to learn the very basics of Nix language. If you can give a basic answer to these questions, you may continue:
1. What a set is?
2. How to define a function?
3. *???*
Start from the [Flake](flake.nix) file and follow the comments. If you have any questions, get in touch using [Telegram](https://t.me/voronind_com) or [Email](mailto:hi@voronind.com).
## WIP: Configuration highlights.
* [Keyd](module/common/Keyd.nix) allows you to have QMK-like keyboard remaps. Killer-feature is the ability to have remaps per-application. I have pretty common remaps like CapsLock to Ctrl/Esc combo, Right Shift to Backspace, Backspace to Delete and overlays for System/Windows/Media/Application controls as well as Macros.
## Keyboard layouts.
Yellow are modifier keys, they enable layers when held. Green ones are just modified keys.

20
android/Environment.nix
View file

@ -1,10 +1,18 @@
{ pkgs, setting, ... }: {
{ pkgs, ... }: {
variables = {
EDITOR = "nvim";
MANPAGER = "nvim +Man!";
# Default text editor.
EDITOR = "nvim";
# App to use for man pages.
MANPAGER = "nvim +Man!";
# Allow unfree packages in shell.
NIXPKGS_ALLOW_UNFREE = "1";
NIX_CURRENT_SYSTEM = "${pkgs.stdenv.system}";
TERM = "xterm-256color";
TERMINAL = setting.terminal.bin;
# Current system architecture.
NIX_CURRENT_SYSTEM = "${pkgs.stdenv.system}";
# Terminal settings.
TERM = "xterm-256color";
};
}

61
android/Package.nix
View file

@ -1,33 +1,36 @@
{ pkgs, ... }: {
list = with pkgs; [
android-tools
binwalk
coreutils dnsutils diffutils findutils utillinux
curl
ffmpeg
file
gawk gnused gnugrep gnumake ripgrep
gcc
gdu
git
gnutar gzip xz
hostname
imagemagick
inetutils
jq
lsof
man
nmap
openssh
parallel
tmux
pv
rsync
sqlite
tree
wget
yt-dlp
yazi chafa
zip unzip
android-tools # Android adb tool. Can be used to connect to itself via wireless debugging.
binwalk # Can analyze files for other files inside them.
curl # CLI http client.
exiftool # Image info.
ffmpeg # Video/audio converter.
file # Get general info about a file.
gdu # TUI storage analyzer.
git # Version control system.
gnutar gzip xz # Archive and compression tools.
imagemagick # Image converter and transformation tool.
inetutils # Things like FTP.
jq # Json parser.
lsof # Find current file users.
man # App to read manuals.
neovim gcc # CLI text editor.
nmap # Network analyzer.
openssh # Ssh client.
parallel # Run programs in parallel.
pv # IO progress bar.
ripgrep # Grep for file search.
rsync # File copy tool.
sqlite # Serverless file-based database engine.
tmux # Terminal multiplexor.
tree # Show directory stricture as a tree.
wget # CLI http download tool.
wireguard-tools # Tools to work with Wireguard.
yazi chafa # CLI file manager.
yt-dlp # Video downloader.
zip unzip # Zip archive/unarchive tools.
coreutils dnsutils diffutils findutils utillinux # Common utilities.
gawk gnused gnugrep gnumake ripgrep # Common Gnu utils.
];
}

12
android/default.nix
View file

@ -24,15 +24,22 @@
tmux = import ../module/common/tmux args;
yazi = import ../user/common/yazi args;
in {
# Configure system.
time.timeZone = const.timeZone;
nix.extraOptions = nix.extraOptions;
# Install packages.
environment.packages = package.list;
home-manager.config = {
home = {
stateVersion = const.droidStateVersion;
# Release version.
stateVersion = const.droidStateVersion;
# Environment variables.
sessionVariables = environment.variables;
# Where to put config files.
file = {
".dotfiles".source = inputs.self;
".ssh/config".text = ssh.config;
@ -45,6 +52,7 @@ in {
};
};
# Special app configuration.
programs = {
bash = {
enable = true;
@ -68,7 +76,7 @@ in {
gpg = {
enable = true;
publicKeys = secret.crypto.publicKeys;
inherit (secret.crypto) publicKeys;
};
};
};

31
container/default.nix
View file

@ -8,35 +8,57 @@
, ... }: {
inherit host;
# Common configuration for all the containers.
mkContainer = config: cfg: lib.recursiveUpdate {
autoStart = true;
hostAddress = host;
localAddress = config.address;
# Start containers with the system by default.
autoStart = true;
# IP Address of the host. This is required for container to have access to the Internet.
hostAddress = host;
# Container's IP address.
localAddress = config.address;
# Isolate container from other hosts.
privateNetwork = true;
} cfg;
# Common configuration for the system inside the container.
mkContainerConfig = config: cfg: lib.recursiveUpdate {
# HACK: Do not evaluate nixpkgs inside the container. Use host's instead.
nixpkgs.pkgs = lib.mkForce pkgs;
# Release version.
system.stateVersion = const.stateVersion;
# Allow passwordless login as root.
users.users.root.password = "";
users.mutableUsers = false;
networking = {
# Default DNS servers.
nameservers = [
"1.1.1.1"
];
# HACK: Fix for upstream issue: https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
# Disable firewall.
firewall.enable = false;
};
} cfg;
# Create a directory on the host for container use.
mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs;
# Common configuration for Nginx server.
mkServer = cfg: lib.recursiveUpdate {
forceSSL = false;
} cfg;
# Attach the host media directory to container.
# They will be added to /type/{0..9}
attachMedia = type: paths: ro: builtins.listToAttrs (lib.imap0 (i: path:
{
name = "/${type}/${toString i}";
@ -47,8 +69,11 @@
}
) paths);
# Range of local addresses who have access to sensitive paths like admin panels.
# Other addresses will get 403.
localAccess = "192.168.1.0/24";
# Per-container configurations.
config = {
camera = {
address = "192.168.2.249";

89
host/home/Container.nix
View file

@ -9,10 +9,19 @@
, pkgsStable
, ... }: let
args = let
# Path where all the container data will be stored.
storage = "/storage/hot/container";
# Domain used to host stuff. All the services will be like `service.${domain}`.
domain = "voronind.com";
# External IP address of the host, where all the services will listen to.
host = "192.168.1.2";
# External interface where all the services will listen on.
externalInterface = "enp7s0";
# Paths to media content. Later they can be plugged to the containers using the `attachMedia "photo"` function.
media = {
anime = [ "/storage/cold_1/media/anime" "/storage/cold_2/media/anime" ];
book = [ "/storage/hot/media/book" ];
@ -29,13 +38,16 @@
youtube = [ "/storage/cold_1/media/youtube" "/storage/cold_2/media/youtube" ];
};
in {
# Pass all the arguments further.
inherit storage domain host pkgs const lib config util media externalInterface;
inherit poetry2nixJobber pkgsJobber;
inherit pkgsMaster pkgsStable;
# Pass the global container configuration.
container = import ../../container args;
};
in {
# List of containers enabled on this host.
imports = [
(import ../../container/Change.nix args)
(import ../../container/Cloud.nix args)
@ -66,83 +78,12 @@ in {
(import ../../container/Yt.nix args)
];
# This is the network for all the containers.
# They are not available to the external interface by default,
# instead they all expose specific ports in their configuration.
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
inherit (args) externalInterface;
# TODO: Do I even need this?
forwardPorts = with args.container.config; [
# Dns Server.
{
destination = "${dns.address}:53";
proto = "udp";
sourcePort = 53;
} {
destination = "${dns.address}:53";
proto = "tcp";
sourcePort = 53;
}
# Reverse proxy.
#{
# destination = "${proxy.address}:80";
# proto = "tcp";
# sourcePort = 80;
#} {
{
destination = "${proxy.address}:443";
proto = "tcp";
sourcePort = 443;
}
# Cups.
{
destination = "${print.address}:${toString print.port}";
proto = "tcp";
sourcePort = 631;
} {
destination = "${print.address}:6566";
proto = "tcp";
sourcePort = 6566;
}
# Wireguard.
{
destination = "${vpn.address}:${toString vpn.port}";
proto = "udp";
sourcePort = 51820;
}
# Deluge.
{
destination = "${download.address}:${toString download.port}";
proto = "tcp";
sourcePort = 8112;
} {
destination = "${download.address}:54630-54631";
proto = "udp";
sourcePort = "54630:54631";
} {
destination = "${download.address}:54630-54631";
proto = "tcp";
sourcePort = "54630:54631";
}
# Mail.
{
destination = "${mail.address}:25";
proto = "tcp";
sourcePort = 25;
} {
destination = "${mail.address}:465";
proto = "tcp";
sourcePort = 465;
} {
destination = "${mail.address}:993";
proto = "tcp";
sourcePort = 993;
}
];
};
}

85
module/common/Package.nix
View file

@ -1,43 +1,49 @@
{ pkgs, ... }: {
# List of common packages I use.
environment.systemPackages = with pkgs; [
binwalk # Can analyze files for other files inside them.
btop htop # System monitors.
coreutils # Common utilities.
cryptsetup # Filesystem encryption (LUKS).
curl # CLI http client.
ddrescue testdisk # Apps to recover data from drives.
dnsutils # Dns utilities like host.
exiftool # Image info.
fastfetch # Systeminfo summary.
ffmpeg # Video/audio converter.
file # Get general info about a file.
gcc # C compiler.
gdu # TUI storage analyzer.
gnumake gnused # GNU utils.
gparted parted # GUI/CLI disk partition tool.
imagemagick # Image converter and transformation tool.
inetutils # Things like FTP.
jq # Json parser.
lm_sensors # Hardware sensors, like temperature and fan speeds.
lshw # Detailed hardware info tool.
lsof # Find current file users.
ltex-ls # Latex LSP for neovim spellcheck.
nixd # Nix LSP.
nmap # Network analyzer.
parallel # Run programs in parallel.
pv # IO progress bar.
ripgrep # Grep for file search.
scanmem # Memory edit tool.
smartmontools # S.M.A.R.T. tools.
sqlite # Serverless file-based database engine.
tree # Show directory stricture as a tree.
usbutils # Usb utilities like udiskctl.
ventoy # Boot multiple ISO/images from a single USB stick.
wget # CLI http download tool.
wireguard-tools # Tools to work with Wireguard.
yazi chafa # CLI file manager.
zip unzip # Zip archive/unarchive tools.
binwalk # Can analyze files for other files inside them.
btop htop # System monitors.
coreutils # Common utilities.
cryptsetup # Filesystem encryption (LUKS).
curl # CLI http client.
ddrescue testdisk # Apps to recover data from drives.
diffutils # Diff tool.
dnsutils # Dns utilities like host.
exiftool # Image info.
fastfetch # Systeminfo summary.
ffmpeg # Video/audio converter.
file # Get general info about a file.
findutils # Find tool.
gcc # C compiler.
gdu # TUI storage analyzer.
git # Version control system.
gnumake gnused # GNU utils.
gparted parted # GUI/CLI disk partition tool.
imagemagick # Image converter and transformation tool.
inetutils # Things like FTP.
jq # Json parser.
lm_sensors # Hardware sensors, like temperature and fan speeds.
lshw # Detailed hardware info tool.
lsof # Find current file users.
ltex-ls # Latex LSP for neovim spellcheck.
man # App to read manuals.
nixd # Nix LSP.
nmap # Network analyzer.
parallel # Run programs in parallel.
pv # IO progress bar.
ripgrep # Grep for file search.
rsync # File copy tool.
scanmem # Memory edit tool.
smartmontools # S.M.A.R.T. tools.
sqlite # Serverless file-based database engine.
tree # Show directory stricture as a tree.
usbutils # Usb utilities like udiskctl.
utillinux # Common Linux utilities.
ventoy # Boot multiple ISO/images from a single USB stick.
wget # CLI http download tool.
wireguard-tools # Tools to work with Wireguard.
yazi chafa # CLI file manager.
zip unzip # Zip archive/unarchive tools.
universal-android-debloater # Debloat Android devices.
];
@ -45,5 +51,8 @@
# Special packages.
programs.adb.enable = true;
services.udisks2.enable = true;
programs.java.enable = true;
programs.java = {
enable = true;
package = pkgs.corretto21;
};
}

2
module/common/bash/module/Ssh.nix
View file

@ -9,7 +9,7 @@
# Mount FS over ssh. Just extra config for sshfs.
# Usage: ssh_mount <REMOTE> <LOCAL>
function ssh_mount_ro() {
sshfs -o uid=1000,auto_unmount,allow_other,ro "''${@}"
sshfs -o uid=''${UID},auto_unmount,ro "''${@}"
}
# Generate private an public keys on a local host and print a public key.

7
module/desktop/App.nix
View file

@ -1,4 +1,4 @@
{ pkgs, pkgsStable, pkgsMaster, ... } @args: let
{ pkgs, pkgsStable, pkgsMaster, setting, ... } @args: let
mangohud = import ./mangohud args;
in {
imports = [
@ -37,6 +37,7 @@ in {
blender-hip # Blender with HiP support.
calibre # Book library manager.
evince # Document viewer.
foot # Terminal emulator.
gimp # Image manipulation program.
gnome.adwaita-icon-theme # GTK icons.
gnome.gnome-calculator # Calculator.
@ -65,6 +66,10 @@ in {
# GTK apps compat.
GTK_CSD = 0;
# Terminal settings.
TERM = "xterm-256color";
TERMINAL = setting.terminal.bin;
};
};

2
user/common/default.nix
View file

@ -67,7 +67,7 @@ in {
home-manager.enable = true;
gpg = {
enable = true;
publicKeys = secret.crypto.publicKeys;
inherit (secret.crypto) publicKeys;
};
};
};