killme

Neovim: Also print errors to display.
Neovim : Redirect errors to /tmp logfile.
2024-10-15 21:58:59 +03:00 · 2024-10-15 04:23:18 +03:00 · 2024-10-15 03:40:04 +03:00 · 2024-10-15 03:08:33 +03:00 · 2024-10-15 02:43:42 +03:00 · 2024-10-14 18:06:47 +03:00
91 changed files with 275 additions and 988 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 /live
 .NixRoot*
--- a/.treefmt.toml
+++ b/.treefmt.toml
@ -12,4 +12,5 @@
 [formatter.nixfmt-rfc-style]
 command  = "nixfmt"
 options  = [ "-s" ]
 includes = [ "*.nix" ]
--- a/12
+++ b/12
@ -12,10 +12,10 @@ android:
 	cp ~/.Wallpaper /sdcard/Download/Wallpaper.jpg
 	cp ~/.Wallpaper /sdcard/Download/Wallpaper.png
-boot: fix-ulimit
+boot: fix-ulimit fix-unlock
 	nixos-rebuild boot $(options) --flake $(flake)
-boot-no-nixconf: fix-ulimit
+boot-no-nixconf: fix-ulimit fix-unlock
 	mv /etc/nix/nix.conf /etc/nix/nix.conf_; \
 	nixos-rebuild boot $(options) --flake $(flake); \
 	mv /etc/nix/nix.conf_ /etc/nix/nix.conf
@ -23,9 +23,15 @@ boot-no-nixconf: fix-ulimit
 check:
 	nix flake check --show-trace
 # HACK: Fix ulimit switch issue. Test sometime in the future again.
 fix-ulimit:
 	ulimit -n 999999999
 # HACK: They broke switching in systemd service ffs.
 # https://github.com/NixOS/nixpkgs/issues/347315
 fix-unlock:
 	pkill nixos-rebuild || true
 format:
 	treefmt --no-cache --on-unmatched=info
@ -65,7 +71,7 @@ reboot: boot
 show:
 	nix flake show
-switch: fix-ulimit
+switch: fix-ulimit fix-unlock
 	nixos-rebuild switch $(options) --flake $(flake)
 update:
--- a/Readme.md
+++ b/Readme.md
@ -1,5 +1,9 @@
 # Dmitry 🌊 NixOS, Home Manager and Nix-on-Droid configurations.
 ## Please, support tabs in Nix!
 [Discussion](https://github.com/NixOS/nix/pull/2911) and [Open issue](https://github.com/NixOS/nix/issues/7834).
 ## Screenshots.
 Newest first.
--- a/config/Wallpaper.nix
+++ b/config/Wallpaper.nix
@ -1,9 +1,9 @@
 { pkgs, lib, ... }:
 with lib;
 let
-  url = "https://i.imgur.com/gYy0mzG.jpeg";
+  url = "https://i.imgur.com/7PoLqMb.jpeg";
-  sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k";
+  sha256 = "1vwhgdxsfn33pcyw06b2f5xikz6iwp4h54lr8515fqnnzbl06vjm";
-  forceContrastText = true;
+  forceContrastText = false;
 in
 {
  options = {
--- a/container/Change.nix
+++ b/container/Change.nix
@ -32,9 +32,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.change = container.mkContainer cfg {
      bindMounts = {
--- a/container/Cloud.nix
+++ b/container/Cloud.nix
@ -36,9 +36,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.cloud = container.mkContainer cfg {
      bindMounts = {
--- a/container/Ddns.nix
+++ b/container/Ddns.nix
@ -24,9 +24,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.ddns = container.mkContainer cfg {
      bindMounts = {
--- a/container/Dns.nix
+++ b/container/Dns.nix
@ -30,9 +30,7 @@ in
      config =
        { ... }:
        container.mkContainerConfig cfg {
-          environment.systemPackages = [
+          environment.systemPackages = [ pkgs.cloudflared ];
            pkgs.cloudflared
          ];
          systemd.services.cloudflared = {
            description = "Cloudflare DoH server.";
@ -96,9 +94,7 @@ in
                    "https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
                    "https://urlhaus.abuse.ch/downloads/hostfile/"
                  ];
-                  other = [
+                  other = [ "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser" ];
                    "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
                  ];
                };
                # whiteLists = {
                #   other = [
--- a/container/Download.nix
+++ b/container/Download.nix
@ -36,9 +36,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.download = container.mkContainer cfg {
      enableTun = true;
--- a/container/Frkn.nix
+++ b/container/Frkn.nix
@ -40,9 +40,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.frkn = container.mkContainer cfg {
      bindMounts = {
--- a/container/Git.nix
+++ b/container/Git.nix
@ -37,9 +37,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.git = container.mkContainer cfg {
      bindMounts = {
--- a/container/Hdd.nix
+++ b/container/Hdd.nix
@ -34,9 +34,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.hdd = container.mkContainer cfg {
      # bindMounts = let
--- a/container/Iot.nix
+++ b/container/Iot.nix
@ -33,9 +33,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.iot = container.mkContainer cfg {
      bindMounts = {
--- a/container/Jobber.nix
+++ b/container/Jobber.nix
@ -31,9 +31,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.jobber = container.mkContainer cfg {
      bindMounts = {
@ -58,11 +56,7 @@ in
            ]);
        in
        container.mkContainerConfig cfg {
-          networking = lib.mkForce {
+          networking = lib.mkForce { nameservers = [ "10.30.218.2" ]; };
            nameservers = [
              "10.30.218.2"
            ];
          };
          systemd.services.jobber = {
            description = "My job is pushing the button.";
--- a/container/Mail.nix
+++ b/container/Mail.nix
@ -193,9 +193,7 @@ in
                ru
              ];
              hostName = cfg.domain;
-              plugins = [
+              plugins = [ "managesieve" ];
                "managesieve"
              ];
              extraConfig = ''
                # starttls needed for authentication, so the fqdn required to match
                # the certificate
--- a/container/Office.nix
+++ b/container/Office.nix
@ -38,9 +38,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.office = container.mkContainer cfg {
      bindMounts = {
--- a/container/Paper.nix
+++ b/container/Paper.nix
@ -34,9 +34,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.paper = container.mkContainer cfg {
      bindMounts = {
--- a/container/Pass.nix
+++ b/container/Pass.nix
@ -32,9 +32,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.pass = container.mkContainer cfg {
      bindMounts = {
--- a/container/Postgres.nix
+++ b/container/Postgres.nix
@ -29,9 +29,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.postgres = container.mkContainer cfg {
      bindMounts = {
--- a/container/Print.nix
+++ b/container/Print.nix
@ -40,9 +40,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.print = container.mkContainer cfg {
      bindMounts = {
--- a/container/Proxy.nix
+++ b/container/Proxy.nix
@ -77,37 +77,10 @@ in
            eventsConfig = ''
              worker_connections 4096;
            '';
            # TODO: Fix 80 redirect and 403 default.
            appendHttpConfig = ''
              proxy_max_temp_file_size 0;
              proxy_buffering off;
              server {
                server_name default_server;
                listen 80;
                location / {
                  return 301 https://$host$request_uri;
                }
              }
              map $http_accept_language $resume {
                default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
                ~ru     https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
              }
              server {
                server_name ${config.container.domain};
                listen 443 ssl;
                ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
                include /etc/letsencrypt/conf/options-ssl-nginx.conf;
                ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
                return 301 $resume;
              }
              server {
                listen 443 ssl default_server;
                server_name _;
--- a/container/Rabbitmq.nix
+++ b/container/Rabbitmq.nix
@ -30,9 +30,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.rabbitmq = container.mkContainer cfg {
      bindMounts = {
--- a/container/Read.nix
+++ b/container/Read.nix
@ -33,9 +33,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.read = container.mkContainer cfg {
      bindMounts = {
--- a/container/Status.nix
+++ b/container/Status.nix
@ -32,9 +32,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.status = container.mkContainer cfg {
      bindMounts = {
@ -48,9 +46,7 @@ in
        { lib, ... }:
        container.mkContainerConfig cfg {
          networking = {
-            nameservers = mkForce [
+            nameservers = mkForce [ config.container.module.dns.address ];
              config.container.module.dns.address
            ];
          };
          services.uptime-kuma = {
--- a/container/Stock.nix
+++ b/container/Stock.nix
@ -32,9 +32,7 @@ in
  };
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = container.mkContainerDir cfg [
+    systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ];
      "data"
    ];
    containers.stock = container.mkContainer cfg {
      bindMounts = {
--- a/container/proxy/host/Camera.nix
+++ b/container/proxy/host/Camera.nix
@ -1,8 +1,4 @@
-{
+{ config, container, ... }:
  config,
  container,
  ...
 }:
 let
  domain = "camera.${config.container.domain}";
  address = "192.168.2.249";
--- a/container/proxy/host/Git.nix
+++ b/container/proxy/host/Git.nix
@ -18,11 +18,6 @@ in
      }
      location / {
        # allow ${config.container.localAccess};
        # allow ${config.container.module.status.address};
        # allow ${config.container.module.vpn.address};
        # allow ${config.container.module.frkn.address};
        # deny all;
        proxy_pass http://''$${name}$request_uri;
      }
--- a/container/proxy/host/Hdd.nix
+++ b/container/proxy/host/Hdd.nix
@ -1,8 +1,4 @@
-{
+{ container, config, ... }:
  container,
  config,
  ...
 }:
 let
  cfg = config.container.module.hdd;
  name = "hdd";
--- a/container/proxy/host/Home.nix
+++ b/container/proxy/host/Home.nix
@ -1,8 +1,4 @@
-{
+{ config, container, ... }:
  config,
  container,
  ...
 }:
 let
  cfg = config.container.module.home;
  name = "home";
--- a/container/proxy/host/Iot.nix
+++ b/container/proxy/host/Iot.nix
@ -1,8 +1,4 @@
-{
+{ container, config, ... }:
  container,
  config,
  ...
 }:
 let
  cfg = config.container.module.iot;
  name = "iot";
--- a/container/proxy/host/Resume.nix
+++ b/container/proxy/host/Resume.nix
@ -0,0 +1,24 @@
 { container, config, ... }:
 let
  domain = "resume.${config.container.domain}";
  name = "resume";
 in
 {
  ${domain} = container.mkServer {
    extraConfig = ''
      server_name ${domain};
      listen 443 ssl;
      ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
      include /etc/letsencrypt/conf/options-ssl-nginx.conf;
      ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
      if ($http_accept_language ~ ru) {
        return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
      }
      return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
    '';
  };
 }
--- a/container/proxy/host/Search.nix
+++ b/container/proxy/host/Search.nix
@ -1,8 +1,4 @@
-{
+{ container, config, ... }:
  container,
  config,
  ...
 }:
 let
  cfg = config.container.module.search;
  name = "search";
--- a/flake.lock
+++ b/flake.lock
@ -609,22 +609,6 @@
        "type": "github"
      }
    },
    "nvimOllama": {
      "flake": false,
      "locked": {
        "lastModified": 1717906114,
        "narHash": "sha256-8tW5tp2GiYw+PnR7rqiKfykLW/yqvGOtqauZCgEeQCg=",
        "owner": "nomnivore",
        "repo": "ollama.nvim",
        "rev": "45e58779fecde7ac5b8f62800bbe7180d4b48507",
        "type": "github"
      },
      "original": {
        "owner": "nomnivore",
        "repo": "ollama.nvim",
        "type": "github"
      }
    },
    "nvimPlenary": {
      "flake": false,
      "locked": {
@ -762,7 +746,6 @@
        "nvimGruvboxMaterial": "nvimGruvboxMaterial",
        "nvimIndentoMatic": "nvimIndentoMatic",
        "nvimLspconfig": "nvimLspconfig",
        "nvimOllama": "nvimOllama",
        "nvimPlenary": "nvimPlenary",
        "nvimTelescope": "nvimTelescope",
        "nvimTodo": "nvimTodo",
--- a/flake.nix
+++ b/flake.nix
@ -82,10 +82,6 @@
      url = "github:neovim/nvim-lspconfig";
      flake = false;
    };
    nvimOllama = {
      url = "github:nomnivore/ollama.nvim";
      flake = false;
    };
    nvimPlenary = {
      url = "github:nvim-lua/plenary.nvim";
      flake = false;
@ -235,11 +231,7 @@
                };
            };
-          mkSystem = system: hostname: {
+          mkSystem = system: hostname: { "${hostname}" = mkHost { inherit system hostname; }; };
            "${hostname}" = mkHost {
              inherit system hostname;
            };
          };
        in
        nixpkgs.lib.foldl' (acc: h: acc // h) { } (
          map (
--- a/home/NixOs.nix
+++ b/home/NixOs.nix
@ -47,7 +47,9 @@ in
        }
      ) { } cfg.users;
-      backupFileExtension = "old";
+      backupFileExtension =
        "backup-"
        + pkgs.lib.readFile "${pkgs.runCommand "timestamp" { } "echo -n date '+%Y%m%d%H%M%S' > $out"}";
    };
  };
 }
--- a/home/config/keyd/module/Disable.nix
+++ b/home/config/keyd/module/Disable.nix
@ -0,0 +1,27 @@
 { pkgs, ... }:
 let
  apps = [
    "gimp-*"
    "steam-proton"
  ];
  keys = [
    "escape"
    "leftcontrol"
  ];
 in
 {
  file = (pkgs.formats.ini { }).generate "KeydDisableConfig" (
    builtins.listToAttrs (
      builtins.map (app: {
        name = app;
        value = builtins.listToAttrs (
          builtins.map (key: {
            name = key;
            value = key;
          }) keys
        );
      }) apps
    )
  );
 }
--- a/home/config/nvim/default.nix
+++ b/home/config/nvim/default.nix
@ -35,7 +35,6 @@ in
      "${inputs.nvimGruvboxMaterial}"
      "${inputs.nvimIndentoMatic}"
      "${inputs.nvimLspconfig}"
      "${inputs.nvimOllama}"
      "${inputs.nvimPlenary}"
      "${inputs.nvimTelescope}"
      "${inputs.nvimTodo}"
@ -52,6 +51,7 @@ in
      ./module/config/Search.nix
      ./module/config/Tab.nix
      ./module/config/Highlight.nix
      ./module/config/Notify.nix
      ./module/plugin/Filetree.nix
      ./module/plugin/Gruvbox.nix
      ./module/plugin/Bufferline.nix
@ -65,12 +65,13 @@ in
      ./module/plugin/Align.nix
      ./module/plugin/Treesitter.nix
      ./module/plugin/Fold.nix
      ./module/plugin/Ollama.nix
      ./module/plugin/Colorizer.nix
      ./module/plugin/lsp/Go.nix
      ./module/plugin/lsp/Haskell.nix
      ./module/plugin/lsp/Lua.nix
      ./module/plugin/lsp/Nix.nix
      ./module/plugin/lsp/Rust.nix
      ./module/plugin/lsp/Tex.nix
      ./module/plugin/lsp/Nix.nix
      ./module/key/Autocomplete.nix
      ./module/key/Buffer.nix
      ./module/key/Cmd.nix
@ -79,7 +80,6 @@ in
      ./module/key/Filetree.nix
      ./module/key/Gitsigns.nix
      ./module/key/Navigation.nix
      ./module/key/Ollama.nix
      ./module/key/Save.nix
      ./module/key/Sort.nix
      ./module/key/TabWidth.nix
--- a/home/config/nvim/module/config/Notify.nix
+++ b/home/config/nvim/module/config/Notify.nix
@ -0,0 +1,16 @@
 { ... }:
 {
  text = ''
    pid = vim.fn.getpid()
    -- Disable error messages popup.
    -- Instead print them and write to /tmp/NeovimError<PID>.txt
    vim.notify = function(msg, log_level, opts)
      print(string.sub(msg, 1, vim.v.echospace))
      local file = io.open("/tmp/NeovimError"..tostring(pid)..".txt", "a")
      file:write(msg.."\n")
      file:close()
    end
  '';
 }
--- a/home/config/nvim/module/key/Ollama.nix
+++ b/home/config/nvim/module/key/Ollama.nix
@ -1,7 +0,0 @@
 { ... }:
 {
  text = ''
    rekey_normal("<Leader>p", ":<c-u>lua require('ollama').prompt()<cr>")
    rekey_visual("<Leader>p", ":<c-u>lua require('ollama').prompt()<cr>")
  '';
 }
--- a/home/config/nvim/module/plugin/Gruvbox.nix
+++ b/home/config/nvim/module/plugin/Gruvbox.nix
@ -8,7 +8,7 @@
    ]])
    vim.o.background = "dark"
-    vim.g.gruvbox_material_background = "hard"
+    vim.g.gruvbox_material_background = "medium"
    vim.g.gruvbox_material_foreground = "original"
    vim.g.gruvbox_material_transparent_background = 2
    -- vim.g.gruvbox_material_better_performance = 1 -- NOTE: Broken on NixOS.
--- a/home/config/nvim/module/plugin/Ollama.nix
+++ b/home/config/nvim/module/plugin/Ollama.nix
@ -1,18 +0,0 @@
 { config, ... }:
 {
  text = ''
    require("ollama").setup {
      model = "${config.setting.ollama.primaryModel}",
      url   = "http://127.0.0.1:11434",
      -- View the actual default prompts in ./lua/ollama/prompts.lua
      prompts = {
        -- Sample_Prompt = {
        --   prompt = "This is a sample prompt that receives $input and $sel(ection), among others.",
        --   input_label = "> ",
        --   model = "mistral",
        --   action = "display",
        -- }
      }
    }
  '';
 }
--- a/home/config/nvim/module/plugin/lsp/Go.nix
+++ b/home/config/nvim/module/plugin/lsp/Go.nix
@ -0,0 +1,8 @@
 { ... }:
 {
  text = ''
    local lspconfig = require("lspconfig")
    lspconfig.gopls.setup {}
  '';
 }
--- a/home/config/nvim/module/plugin/lsp/Lua.nix
+++ b/home/config/nvim/module/plugin/lsp/Lua.nix
@ -0,0 +1,8 @@
 { ... }:
 {
  text = ''
    local lspconfig = require("lspconfig")
    lspconfig.lua_ls.setup {}
  '';
 }
--- a/home/config/sway/module/Launcher.nix
+++ b/home/config/sway/module/Launcher.nix
@ -1,18 +1,9 @@
-{ config, ... }:
+{ ... }:
 let
  fontName = config.style.font.serif.name;
  fontSize = toString config.style.font.size.desktop;
  accent = config.style.color.accent;
  bg = config.style.color.bg.dark;
  fg = config.style.color.fg.light;
 in
 {
  text = ''
    # Application launcher.
    # Note: pass the final command to swaymsg so that the resulting window can be opened
    # on the original workspace that the command was run on.
    # set $menu _dmenu_path_wrapped | wmenu -b -p 'Run:' -i -f "${fontName} ${fontSize}" -M ${bg}D9 -S ${bg}D9 -N ${bg}D9 -m ${accent} -s ${accent} -n ${fg} | xargs swaymsg exec --
    set $menu fuzzel
    bindsym $mod+space exec $menu
--- a/home/config/template/Latex.nix
+++ b/home/config/template/Latex.nix
@ -50,9 +50,7 @@
    {
      devShells.${system} = {
        default = pkgs.mkShell rec {
-          nativeBuildInputs = with pkgs; [
+          nativeBuildInputs = with pkgs; [ tex ];
            tex
          ];
          buildInputs = with pkgs; [ ];
          SOURCE_DATE_EPOCH = "${toString self.lastModified}";
        };
--- a/home/config/waybar/config/default.nix
+++ b/home/config/waybar/config/default.nix
@ -24,9 +24,7 @@ in
      "sway/scratchpad"
      "mpris"
    ];
-    modules-center = [
+    modules-center = [ "sway/workspaces" ];
      "sway/workspaces"
    ];
    modules-right = [
      "sway/language"
      "pulseaudio"
@ -176,7 +174,7 @@ in
      exec = "swayscript displaywidget";
      on-click = "sleep 0.1 && swayscript dnd"; # HACK: https://github.com/Alexays/Waybar/issues/2166 & https://github.com/Alexays/Waybar/issues/1968
      on-click-right = "sleep 0.1 && swayscript monitor";
-      on-click-middle = "sleep 0.1 && swayscript gaming";
+      on-click-middle = "sleep 0.1 && swayscript displayreset";
      return-type = "json";
      signal = 4;
    };
--- a/home/program/bash/module/Android.nix
+++ b/home/program/bash/module/Android.nix
@ -1,21 +0,0 @@
 { ... }:
 {
  text = ''
    # Start an Android emulator.
    # Default name is `main`.
    # Usage: emulator [NAME]
    function emulator() {
      local name="$1"
      [[ "$name" = "" ]] && name="main"
      steam-run ~/.android/sdk/emulator/emulator -avd "$name" &> /dev/null & disown
    }
    function _android_emulators() {
      _autocomplete_first $(ls --classify ~/.android/avd/ | grep \/$ | sed -e "s/.avd\/$//")
    }
    complete -F _android_emulators emulator
  '';
 }
--- a/home/program/bash/module/Ask.nix
+++ b/home/program/bash/module/Ask.nix
@ -1,27 +0,0 @@
 { ... }:
 {
  text = ''
    # Ask general AI.
    # Usage: ask <QUERY>
    function ask() {
      curl http://localhost:11434/api/generate -d "{
        \"model\": \"''${OLLAMA_MODEL}\",
        \"prompt\":\"''${*}\"
      }" 2> /dev/null | parallel -j1 -- "echo {} | jq -r .response | tr -d '\n'"
      echo
    }
    # Specify ask model.
    function ask_model() {
      export OLLAMA_MODEL="''${1}"
    }
    function _complete_ask_model() {
      local IFS=$'\n'
      local models=($(ollama list | sed -e "1d" | cut -f1))
      _autocomplete_first ''${models[@]}
    }
    complete -F _complete_ask_model ask_model
  '';
 }
--- a/home/program/bash/module/Calc.nix
+++ b/home/program/bash/module/Calc.nix
@ -1,9 +0,0 @@
 { ... }:
 {
  text = ''
    # Launch calculator app.
    function calc() {
      gnome-calculator
    }
  '';
 }
--- a/home/program/bash/module/Checksum.nix
+++ b/home/program/bash/module/Checksum.nix
@ -1,88 +0,0 @@
 { ... }:
 {
  text = ''
    # Save file checksums.
    # For file with a name `file` it will create a new file called `.file.sha1` with hash in it.
    # All files by default.
    # Usage: checksum_create [FILES]
    function checksum_create() {
      local IFS=$'\n'
      local targets=(''${@})
      [[ "''${targets}" = "" ]] && targets=($(_ls_file))
      process() {
        local hashfile=".''${target#./}.sha1"
        # Skip if hash exists.
        [[ -f "''${hashfile}" ]] && return 0
        # Calculate hash.
        pv ''${target} | sha1sum > ''${hashfile}
      }
      _iterate_targets process ''${targets[@]}
    }
    # Check stored values against actual files.
    # All files by default.
    # Usage: checksum_check [FILES]
    function checksum_check() {
      local IFS=$'\n'
      local targets=(''${@})
      [[ "''${targets}" = "" ]] && targets=($(_ls_file))
      process() {
        local hashfile=".''${target#./}.sha1"
        # Skip if hash doesn't exist.
        [[ -f "''${hashfile}" ]] || { _iterate_skip "No hash found."; return 0; }
        # Calculate hash.
        local stored=$(cat "''${hashfile}" | cut -d\  -f1)
        local actual=$(pv "''${target}" | sha1sum | cut -d\  -f1)
        if [[ "''${stored}" != "''${actual}" ]]; then
          _error "Failed."
          return 1
        fi
      }
      _iterate_targets process ''${targets[@]}
    }
    # Calculate hashes for all files recursively and store in a file called `checksum.sha1`.
    function checksum() {
      find -type f | parallel -j $(_core_count) -- sha1sum {} >> checksum.sha1
    }
    # Create checksum for a file.
    # Usage: _checksum_create <FILE>
    function _checksum_create() {
      local path="''${1%/*}"
      local name="''${1##*/}"
      sha1sum "''${path}/''${name}" > "''${path}/.''${name}.sha1"
    }
    # Check checksum for a file.
    # Usage: _checksum_check <FILE>
    function _checksum_check() {
      local file="''${1##*\ \ }"
      local stored="''${1%%\ \ *}"
      # Skip if no file.
      [[ -f "''${file}" ]] || return 0
      # Check file hash.
      local actual=$(sha1sum "''${file}")
      actual="''${actual%%\ \ *}"
      # Compare values.
      if [[ "''${stored}" != "''${actual}" ]]; then
        _error "''${file}: Failed."
        return 1
      fi
      return 0
    }
  '';
 }
--- a/home/program/bash/module/Chmod.nix
+++ b/home/program/bash/module/Chmod.nix
@ -1,10 +0,0 @@
 { ... }:
 {
  text = ''
    # Add executable flag to file.
    # Usage: x <FILES>
    function x() {
      chmod +x -- "''${@}"
    }
  '';
 }
--- a/home/program/bash/module/Container.nix
+++ b/home/program/bash/module/Container.nix
@ -1,85 +0,0 @@
 { ... }:
 {
  text = ''
    # Attach/create container box in current directory with specified name.
    # By default uses current dir name.
    # Usage: ca [NAME]
    function ca() {
      local name="''${1}"
      # Set default name.
      # [[ "''${name}" = "" ]] && name="main"
      [[ "''${name}" = "" ]] && name=$(parse_alnum "''${PWD##*/}")
      # Append box prefix.
      name="box-''${name}"
      # Create container.
      docker run \
        --privileged \
        -d -it \
        -h "''${HOSTNAME}''${name#box}" --name "''${name}" \
        --workdir /data \
        -e XDG_RUNTIME_DIR=/tmp \
        -e WAYLAND_DISPLAY=''${WAYLAND_DISPLAY} \
        -v ''${XDG_RUNTIME_DIR}/''${WAYLAND_DISPLAY}:/tmp/''${WAYLAND_DISPLAY} \
        -v ''${PWD}:/data \
        -v ''${HOME}:/root \
        debian:latest bash -c bash &> /dev/null
      # Attempt to start container.
      docker start "''${name}" &> /dev/null
      # Attach to running container.
      docker attach "''${name}"
    }
    # Remove container box with specified name.
    # By default uses current dir name.
    # Usage: ck [NAME]
    function ck() {
      local name="''${1}"
      # Set default name.
      [[ "''${name}" = "" ]] && name=$(parse_alnum "''${PWD##*/}")
      # Append box prefix.
      name="box-''${name}"
      # Kill container.
      docker kill "''${name}" &> /dev/null
      docker rm   "''${name}" &> /dev/null
    }
    # Remove all container boxes.
    function cka() {
      local IFS=$'\n'
      local boxes=$(_get_boxes)
      for box in ''${boxes[@]}; do
        ck "''${box}"
      done
    }
    # List all container boxes.
    function cl() {
      _get_boxes
    }
    # Print all boxes.
    function _get_boxes() {
      local IFS=$'\n'
      local boxes=$(docker ps -a | grep "box-" | sed -e "s/.*box-//")
      [[ "''${boxes[@]}" != "" ]] && echo "''${boxes[@]}" || true
    }
    # Autocomplete with boxes.
    function _comp_get_boxes() {
      local IFS=$'\n'
      _autocomplete_first $(_get_boxes)
    }
    complete -F _comp_get_boxes ca ck
  '';
 }
--- a/home/program/bash/module/Dconf.nix
+++ b/home/program/bash/module/Dconf.nix
@ -1,21 +0,0 @@
 { ... }:
 {
  text = ''
    export _gdconf_path="''${HOME}/.config/linux/Gnome.dconf"
    # Load Gnome settings.
    function dconf_load() {
      sed -i -e s/voronind/$(whoami)/g ''${_gdconf_path} ; dconf load / < ''${_gdconf_path}
    }
    # Dump Gnome settings into the file.
    # Default name is `gnome.dconf`.
    # Do this before changing settings and after, an then run `diff` to find out what to add to the main `gnome.dconf`.
    # Usage: dconf_save [FILE]
    function dconf_save() {
      local name="''${1}"
      [[ "''${name}" = "" ]] && name="gnome.dconf"
      dconf dump / > "''${name}"
    }
  '';
 }
--- a/home/program/bash/module/Distrobox.nix
+++ b/home/program/bash/module/Distrobox.nix
@ -1,20 +0,0 @@
 { ... }:
 {
  text = ''
    # Create/Attach to the box.
    # Uses name `main` by default.
    # Usage: da [BOX]
    function da() {
      local name="''${1}"
      [[ "''${name}" = "" ]] && name="main"
      # if [[ "''${name}" = "" ]]; then
      #   help da
      #   return 2
      # fi
      # --user 0 is required for rootless docker.
      distrobox enter -a '--user=0' "''${name}"
    }
  '';
 }
--- a/home/program/bash/module/Dmenu.nix
+++ b/home/program/bash/module/Dmenu.nix
@ -1,16 +0,0 @@
 { ... }:
 {
  text = ''
    # Wrapped dmenu_path to include my functions.
    function _dmenu_path_wrapped() {
      c=0
      while [ ''${c} -lt 1000 ]; do
        echo
        ((c++))
      done
      find_function | grep -v ^_
      dmenu_path
    }
  '';
 }
--- a/home/program/bash/module/File.nix
+++ b/home/program/bash/module/File.nix
@ -6,28 +6,5 @@
    function o() {
      xdg-open "''${@}"
    }
    # Play media file from CLI. All files by default.
    # Usage: play [FILE]
    function play() {
      local targets=''${*}
      [[ "''${targets}" = "" ]] && targets=$(_ls_file)
      mpv --no-video ''${targets}
    }
    # Play media files shuffled from CLI. All files by default.
    # Usage: play_shuffle [FILE]
    function play_shuffle() {
      local targets=''${*}
      [[ "''${targets}" = "" ]] && targets=$(_ls_file)
      mpv --no-video --shuffle ''${targets}
    }
    # Open files app.
    function files() {
      nautilus
    }
  '';
 }
--- a/home/program/bash/module/Fix.nix
+++ b/home/program/bash/module/Fix.nix
@ -16,56 +16,10 @@
      ethtool -s "''${device}" speed "''${speed}"
    }
    # Fix nautilus after typing wrong sftp password.
    function fix_files_sftp() {
      secret-tool clear protocol sftp
    }
    # Delete lost Gradle lock files.
    function fix_gradle_lock() {
      cd "''${HOME}/.gradle" && find -type f | grep \\.lock$ | xargs -- rm
      cd -
    }
    # Fix Gnome's broken RDP ffs.
    # Usage: fix_gnome_rdp <PASSWORD>
    function fix_gnome_rdp() {
      local user="''${USERNAME}"
      local password="''${1}"
      # Check params.
      if [[ "''${password}" = "" ]]; then
        help fix_gnome_rdp
        return 2
      fi
      # Unlock keyring. PROTIP: Disable password for it in password manager.
      pkill -9 -f gnome-keyring-daemon
      echo -n "''${user}" | gnome-keyring-daemon --unlock
      # Generate keys.
      cd /tmp
      openssl genrsa -out rdp-tls.key 4096
      openssl req -new -key rdp-tls.key -subj "/C=US" | openssl x509 -req -days 730 -signkey rdp-tls.key -out rdp-tls.crt
      mkdir -p "''${HOME}/.local/share/gnome-remote-desktop/"
      mv rdp-tls.key rdp-tls.crt "''${HOME}/.local/share/gnome-remote-desktop/"
      # Configure RDP.
      grdctl rdp set-tls-cert "''${HOME}/.local/share/gnome-remote-desktop/rdp-tls.crt"
      grdctl rdp set-tls-key "''${HOME}/.local/share/gnome-remote-desktop/rdp-tls.key"
      grdctl rdp set-credentials "''${user}" "''${password}"
      grdctl rdp disable-view-only
      # Start service.
      grdctl rdp enable
      systemctl --user start gnome-remote-desktop.service
      # Show status.
      grdctl status --show-credentials
      systemctl --user status gnome-remote-desktop.service
      # Show extra info.
      _warn "You may need to manually restart Desktop sharing via Gnome Settings."
    }
  '';
 }
--- a/home/program/bash/module/Markdown.nix
+++ b/home/program/bash/module/Markdown.nix
@ -1,20 +0,0 @@
 { ... }:
 {
  text = ''
    # Render markdown in browser using Gitea API. Because I want consistency with Gitea web render.
    # Works only inside LAN.
    # Usage: markdown_render <FILE.md>
    function markdown_render() {
      local IFS=$'\n'
      local file="''${1}"
      local render="markdown_render.html"
      if [[ "''${file}" = "" ]]; then
        help markdown_render
        return 2
      fi
      curl -X POST https://git.voronind.com/markdown -d "$(cat ''${file})" > "''${render}" && o "''${render}" && sleep 2 && rm "''${render}"
    }
  '';
 }
--- a/home/program/bash/module/Network.nix
+++ b/home/program/bash/module/Network.nix
@ -1,37 +0,0 @@
 { ... }:
 {
  text = ''
    # Open bluetooth control panel.
    function bluetooth() {
      blueman-manager
    }
    # Open network control panel.
    function network() {
      nm-connection-editor
    }
    # Show active connections.
    function nms() {
      nmcli connection show
    }
    # Start the connection.
    # Usage: nu <CONNECTION>
    function nmu() {
      nmcli connection up "''${@}"
    }
    # Stop the connection.
    # Usage: nd <CONNECTION>
    function nmd() {
      nmcli connection down "''${@}"
    }
    function _complete_connections() {
      _autocomplete $(nmcli connection show | sed "1d" | cut -d\  -f1)
    }
    complete -F _complete_connections nmd nmu
  '';
 }
--- a/home/program/bash/module/Nix.nix
+++ b/home/program/bash/module/Nix.nix
@ -1,28 +1,6 @@
-{ const, ... }:
+{ ... }:
 {
  text = ''
    export _nix_system_config="git+${const.url}"
    # Rebuild system.
    # Optionally force the hostname.
    # Usage: nixos_rebuild [HOSTNAME]
    function nixos_rebuild() {
      local target="''${1}"
      [[ "''${target}" = "" ]] && target="''${HOSTNAME}"
      nixos-rebuild boot --refresh --option eval-cache false --flake "''${_nix_system_config}#''${target}"
    }
    # Rebuild and switch system.
    # Optionally force the hostname.
    # Usage: nixos_switch [HOSTNAME]
    function nixos_switch() {
      local target="''${1}"
      [[ "''${target}" = "" ]] && target="''${HOSTNAME}"
      nixos-rebuild switch --refresh --option eval-cache false --flake "''${_nix_system_config}#''${target}"
    }
    # Spawn shell with specified nix environment.
    # Uses flake.nix in current dir by default.
    # Usage: shell [NAME]
@ -30,10 +8,7 @@
      local target="''${1}"
      [[ "''${target}" = "" ]] && target="default"
-      # Create Nix GC root in .NixRoot{NAME}.
+      SHELL_NAME="''${target}" nix develop ".#''${target}"
      nix build ".#devShells.''${NIX_CURRENT_SYSTEM}.''${target}" -o ".NixRoot''${target^}"
      SHELL_NAME="''${target}" nix develop ".#devShells.''${NIX_CURRENT_SYSTEM}.''${target}"
    }
    # Spawn temporary nix-shell with specified packages.
@ -42,15 +17,13 @@
      local IFS=$'\n'
      local input=("''${@}")
      local pkgs=()
-      local tag="''${SHELL_NAME}"
+      local tag="''${1}"
      if [[ "''${input}" = "" ]]; then
        help tmpshell
        return 2
      fi
      [[ "''${tag}" = "" ]] && tag="''${1}"
      for pkg in ''${input[@]}; do
        pkgs+=("nixpkgs#''${pkg}")
      done
@ -58,35 +31,21 @@
      SHELL_NAME="''${tag}" NIXPKGS_ALLOW_UNFREE=1 nix shell --impure ''${pkgs[@]}
    }
-    # Build live image.
+    # Run stuff directrly from Nixpks.
-    function nixos_live() {
+    # Usage: nixpkgs_run <REV> <PACKAGE> [COMMAND]
-      nix build "''${_nix_system_config}#nixosConfigurations.live.config.system.build.isoImage" --refresh ''${@}
+    function nixpkgs_run() {
      local rev="''${1}"
      local pkg="''${2}"
      local cmd="''${@:3}"
      if [[ "''${pkg}" = "" ]]; then
        help nixpkgs_run
        return 2
      fi
      [[ "''${cmd}" = "" ]] && cmd="''${pkg}"
      SHELL_NAME="''${pkg}" NIXPKGS_ALLOW_UNFREE=1 nix shell --impure github:NixOS/nixpkgs/''${rev}#''${pkg} -c ''${cmd}
    }
    # List nixos generations.
    function nixos_generations() {
      nix-env -p /nix/var/nix/profiles/system --list-generations
    }
    # Switch nix-on-droid.
    function nixdroid_switch() {
      nix-on-droid switch --flake "''${_nix_system_config}" ''${@}
    }
    # Nix auto-run wrapper.
    # Usage: , <COMMAND>
    function ,() {
      NIX_AUTO_RUN=1 ''${@}
    }
    # Autocomplete with available hosts.
    function _comp_hosts() {
      local IFS=$'\n'
      local targets=($(ls ~/.config/linux/system/host/))
      _autocomplete_first ''${targets[@]}
    }
    complete -F _comp_hosts nix_switch nix_rebuild
  '';
 }
--- a/home/program/bash/module/Notify.nix
+++ b/home/program/bash/module/Notify.nix
@ -1,16 +1,16 @@
-{ ... }:
+{ secret, ... }:
 {
  text = ''
    # Send Telegram notification.
    # Usage: notify <MESSAGE>
    function notify() {
-      curl -X POST -H 'Content-Type: Application/json' -d "{\"chat_id\":\"155897358\",\"text\":\"$1\"}" https://api.telegram.org/bot2046849441:AAHQpjRK4xpL8tEUyN4JTSDUUze4J0wSIy4/sendMessage &> /dev/null
+      curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "false"}" ${secret.tg.bt} &> /dev/null
    }
    # Send silent Telegram notification.
    # Usage: notify_silent <MESSAGE>
    function notify_silent() {
-      curl -X POST -H 'Content-Type: Application/json' -d "{\"chat_id\":\"155897358\",\"text\":\"$1\",\"disable_notification\":\"true\"}" https://api.telegram.org/bot2046849441:AAHQpjRK4xpL8tEUyN4JTSDUUze4J0wSIy4/sendMessage &> /dev/null
+      curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "true"}" ${secret.tg.bt} &> /dev/null
    }
  '';
 }
--- a/home/program/bash/module/Power.nix
+++ b/home/program/bash/module/Power.nix
@ -1,14 +0,0 @@
 { ... }:
 {
  text = ''
    # Suspend system.
    function slp() {
      systemctl suspend -i
    }
    # Poweroff.
    function bye() {
      systemctl poweroff -i
    }
  '';
 }
--- a/home/program/bash/module/Prune.nix
+++ b/home/program/bash/module/Prune.nix
@ -1,29 +0,0 @@
 { ... }:
 {
  text = ''
    export _flatpakcfg_path="''${HOME}/.config/linux/Flatpak.txt"
    # Prune everything unused in docker.
    function prune_docker() {
      docker system prune --volumes --all
    }
    # Prune Nix Store.
    function prune_nix() {
      nix-store --gc
    }
    # Uninstall flatpaks not listed in the config.
    function prune_flatpak() {
      local IFS=$'\n'
      local config=($(cat ''${_flatpakcfg_path} | cut -f2))
      local installed=($(flatpak list --app | cut -f2))
      process() {
        _contains ''${target} ''${config[@]} || flatpak uninstall ''${target}
      }
      _iterate_targets process ''${installed[@]}
    }
  '';
 }
--- a/home/program/bash/module/Ssh.nix
+++ b/home/program/bash/module/Ssh.nix
@ -1,23 +0,0 @@
 { ... }:
 {
  text = ''
    # Mount FS over ssh. Just extra config for sshfs.
    # Usage: ssh_mount <REMOTE> <LOCAL>
    function ssh_mount() {
      sshfs -o uid=''${UID},auto_unmount "''${@}"
    }
    # Mount FS over ssh. Just extra config for sshfs.
    # Usage: ssh_mount <REMOTE> <LOCAL>
    function ssh_mount_ro() {
      sshfs -o uid=''${UID},auto_unmount,ro "''${@}"
    }
    # Generate private an public keys on a local host and print a public key.
    function ssh_keygen() {
      ssh-keygen && cat ~/.ssh/*.pub
    }
    complete -o nospace -F _sshfs sshmount
  '';
 }
--- a/home/program/bash/module/Steam.nix
+++ b/home/program/bash/module/Steam.nix
@ -1,9 +0,0 @@
 { ... }:
 {
  text = ''
    # Start Steam with Wayland screen share for Link to work.
    function steam_link() {
      steam -pipewire -pipewire-dmabuf
    }
  '';
 }
--- a/home/program/bash/module/Terminal.nix
+++ b/home/program/bash/module/Terminal.nix
@ -1,11 +0,0 @@
 { ... }:
 {
  text = ''
    # Get terminal size.
    function tsize() {
      local width=$(tput cols)
      local height=$(tput lines)
      echo "''${width}x''${height}"
    }
  '';
 }
--- a/home/program/bash/module/Tmp.nix
+++ b/home/program/bash/module/Tmp.nix
@ -1,21 +0,0 @@
 { ... }:
 {
  text = ''
    # CD into host's primary tmp dir.
    function tmp() {
      local host="''${HOSTNAME}"
      local tmp_path
      case "''${host}" in
        "desktop"|"home")
          tmp_path="/storage/hot/tmp"
          ;;
        *)
          tmp_path="''${HOME}/tmp"
          ;;
      esac
      cd "''${tmp_path}"
    }
  '';
 }
--- a/home/program/bash/module/Todo.nix
+++ b/home/program/bash/module/Todo.nix
@ -1,9 +0,0 @@
 { ... }:
 {
  text = ''
    # Open `~/.todo.md` file.
    function todo() {
      vi ~/.todo.md
    }
  '';
 }
--- a/home/program/bash/module/Util.nix
+++ b/home/program/bash/module/Util.nix
@ -155,22 +155,5 @@
      local users=("voronind" "dasha")
      echo ''${users[@]}
    }
    # Force the command to be called twice within the specified period in seconds. Used primarily in important keyboard shortcuts like poweroff.
    # Usage: _twice <PERIOD> <COMMAND>
    function _twice() {
      local IFS=$'\n'
      local file="/tmp/.twice"
      local period=''${1}
      local command="''${@:2}"
      if [[ "$(cat ''${file} 2> /dev/null)" = "''${command}" ]]; then
        ''${command}
        return 0
      fi
      echo "''${command}" > "''${file}"
      sleep ''${period}
      rm "''${file}" 2> /dev/null
    }
  '';
 }
--- a/home/program/bash/module/Zapret.nix
+++ b/home/program/bash/module/Zapret.nix
@ -1,11 +0,0 @@
 { ... }:
 {
  text = ''
    # FRKN.
    # SOURCE: https://github.com/bol-van/zapret
    function zapret() {
      iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
      nfqws --pidfile=/run/nfqws.pid --qnum=201 ''${@}
    }
  '';
 }
--- a/home/user/Dasha.nix
+++ b/home/user/Dasha.nix
@ -1,8 +1,4 @@
-{
+{ lib, config, ... }:
  lib,
  config,
  ...
 }:
 with lib;
 let
  cfg = config.user.dasha;
--- a/host/x86_64-linux/home/Photoprocess.nix
+++ b/host/x86_64-linux/home/Photoprocess.nix
@ -3,6 +3,7 @@
  util,
  pkgs,
  lib,
  secret,
  ...
 }@args:
 let
@ -14,7 +15,7 @@ in
    let
      script = pkgs.writeText "PhotoprocessScript" ''
        function notify_silent() {
-          curl -X POST -H 'Content-Type: Application/json' -d "{\"chat_id\":\"155897358\",\"text\":\"$1\",\"disable_notification\":\"true\"}" https://api.telegram.org/bot2046849441:AAHQpjRK4xpL8tEUyN4JTSDUUze4J0wSIy4/sendMessage &> /dev/null
+          curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "true"}" ${secret.tg.bt} &> /dev/null
        }
        cd ${imgInput}
--- a/host/x86_64-linux/work/Fprint.nix
+++ b/host/x86_64-linux/work/Fprint.nix
@ -1,8 +1,6 @@
 { pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [ fprintd ];
    fprintd
  ];
  services.fprintd = {
    enable = true;
--- a/lib/Container.nix
+++ b/lib/Container.nix
@ -10,9 +10,7 @@
    cfg: extra:
    lib.recursiveUpdate {
      # Allow nested containers.
-      additionalCapabilities = [
+      additionalCapabilities = [ ''all" --system-call-filter="add_key keyctl bpf" --capability="all'' ];
        ''all" --system-call-filter="add_key keyctl bpf" --capability="all''
      ];
      enableTun = true;
      # Start containers with the system by default.
@ -71,11 +69,7 @@
  mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs;
  # Common configuration for Nginx server.
-  mkServer =
+  mkServer = cfg: lib.recursiveUpdate { forceSSL = false; } cfg;
    cfg:
    lib.recursiveUpdate {
      forceSSL = false;
    } cfg;
  # Attach the host media directory to container.
  # They will be added to /type/{0..9}
--- a/module/AmdCompute.nix
+++ b/module/AmdCompute.nix
@ -15,11 +15,7 @@ in
  config = mkIf cfg.enable {
    nixpkgs.config.rocmSupport = true;
-    systemd.tmpfiles.rules = [
+    systemd.tmpfiles.rules = [ "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}" ];
-      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
+    hardware.graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
    ];
    hardware.graphics.extraPackages = with pkgs; [
      rocmPackages.clr.icd
    ];
  };
 }
--- a/module/AutoUpdateSigned.nix
+++ b/module/AutoUpdateSigned.nix
@ -34,11 +34,12 @@ in
      enable = true;
      description = "Signed system auto-update.";
      serviceConfig = {
-        RuntimeMaxSec = "55m";
+        # RuntimeMaxSec = "55m"; # Doesn't work with oneshot, using timeout bellow.
        Type = "oneshot";
      };
      path = with pkgs; [
        bash
        coreutils
        git
        gnumake
        nixos-rebuild
@ -53,7 +54,7 @@ in
          echo "Verification failed."
          exit 1
        };
-        make switch
+        timeout 55m make switch
      '';
      after = [ "network-online.target" ];
      wants = [ "network-online.target" ];
--- a/module/Brightness.nix
+++ b/module/Brightness.nix
@ -8,7 +8,5 @@ in
    module.desktop.brightness.enable = mkEnableOption "Brightness.";
  };
-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable { programs.light.enable = true; };
    programs.light.enable = true;
  };
 }
--- a/module/IntelCpu.nix
+++ b/module/IntelCpu.nix
@ -22,9 +22,7 @@ in
  };
  config = mkIf cfg.enable (mkMerge [
-    {
+    { boot.kernelModules = [ "kvm-intel" ]; }
      boot.kernelModules = [ "kvm-intel" ];
    }
    (mkIf cfg.powersave {
      module.powersave = {
        enable = true;
--- a/module/Kernel.nix
+++ b/module/Kernel.nix
@ -85,12 +85,8 @@ in
      };
    })
-    (mkIf cfg.hotspotTtlBypass {
+    (mkIf cfg.hotspotTtlBypass { boot.kernel.sysctl."net.ipv4.ip_default_ttl" = 65; })
      boot.kernel.sysctl."net.ipv4.ip_default_ttl" = 65;
    })
-    (mkIf cfg.latest {
+    (mkIf cfg.latest { boot.kernelPackages = pkgs.linuxPackages_latest; })
      boot.kernelPackages = pkgs.linuxPackages_latest;
    })
  ]);
 }
--- a/module/Ollama.nix
+++ b/module/Ollama.nix
@ -1,61 +0,0 @@
 # https://github.com/ollama/ollama
 {
  pkgsStable,
  lib,
  config,
  ...
 }:
 with lib;
 let
  pkgs = pkgsStable;
  cfg = config.module.ollama;
 in
 {
  options = {
    module.ollama = {
      enable = mkEnableOption "Local LLM server";
      primaryModel = mkOption {
        default = "llama3";
        type = types.str;
      };
      models = mkOption {
        default = [ cfg.primaryModel ];
        type = types.listOf types.str;
      };
    };
  };
  config = mkIf cfg.enable {
    environment = {
      # Specify default model.
      variables.OLLAMA_MODEL = cfg.primaryModel;
    };
    systemd.services = {
      # Enable Ollama server.
      ollama = {
        description = "Ollama LLM server.";
        wantedBy = [ "multi-user.target" ];
        wants = [ "NetworkManager-wait-online.service" ];
        after = [ "NetworkManager-wait-online.service" ];
        serviceConfig.Type = "simple";
        script = ''
          HOME=/root ${getExe pkgs.ollama} serve
        '';
      };
      # Download Ollama models.
      ollamamodel = {
        description = "Ollama LLM model.";
        wantedBy = [ "multi-user.target" ];
        wants = [ "ollama.service" ];
        after = [ "ollama.service" ];
        serviceConfig.Type = "simple";
        script = ''
          sleep 5
          ${getExe pkgs.ollama} pull ${concatStringsSep " " cfg.models}
        '';
      };
    };
  };
 }
--- a/module/Package.nix
+++ b/module/Package.nix
@ -60,9 +60,7 @@ in
    })
    # Desktop apps.
-    (mkIf cfg.desktop.enable {
+    (mkIf cfg.desktop.enable { environment.systemPackages = package.desktop; })
      environment.systemPackages = package.desktop;
    })
    # Gaming.
    (mkIf cfg.gaming.enable {
@ -86,18 +84,12 @@ in
    })
    # Creative.
-    (mkIf cfg.creative.enable {
+    (mkIf cfg.creative.enable { environment.systemPackages = package.creative; })
      environment.systemPackages = package.creative;
    })
    # Development.
-    (mkIf cfg.dev.enable {
+    (mkIf cfg.dev.enable { environment.systemPackages = package.dev; })
      environment.systemPackages = package.dev;
    })
    # Extras.
-    (mkIf cfg.extra.enable {
+    (mkIf cfg.extra.enable { environment.systemPackages = package.extra; })
      environment.systemPackages = package.extra;
    })
  ];
 }
--- a/module/Polkit.nix
+++ b/module/Polkit.nix
@ -17,9 +17,7 @@ in
  config = mkIf cfg.enable {
    security.polkit.enable = true;
    systemd = {
-      packages = with pkgs; [
+      packages = with pkgs; [ polkit-kde-agent ];
        polkit-kde-agent
      ];
      user = {
        services.plasma-polkit-agent = {
          serviceConfig = {
--- a/module/Portal.nix
+++ b/module/Portal.nix
@ -17,9 +17,7 @@ in
  config = mkIf cfg.enable {
    xdg.portal = {
      enable = true;
-      extraPortals = with pkgs; [
+      extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
        xdg-desktop-portal-gtk
      ];
      config = {
        common = {
          default = [
--- a/module/Sway.nix
+++ b/module/Sway.nix
@ -41,9 +41,7 @@ in
        base = true;
        gtk = true;
      };
-      extraPackages = with pkgs; [
+      extraPackages = with pkgs; [ swaykbdd ];
        swaykbdd
      ];
    };
  };
 }
--- a/module/Waybar.nix
+++ b/module/Waybar.nix
@ -15,7 +15,5 @@ in
    };
  };
-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ waybar ]; };
    environment.systemPackages = with pkgs; [ waybar ];
  };
 }
--- a/module/Zapret.nix
+++ b/module/Zapret.nix
@ -7,26 +7,22 @@
 let
  cfg = config.module.zapret;
-  whitelist =
+  whitelist = lib.optionalString (
-    if cfg.whitelist != null then
+    cfg.whitelist != null
-      "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}"
+  ) "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}";
    else
      "";
  blacklist =
-    if cfg.blacklist != null then
+    lib.optionalString (cfg.blacklist != null)
-      "--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}"
+      "--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}";
    else
      "";
  ports = if cfg.httpSupport then "80,443" else "443";
 in
 {
  options.module.zapret = {
-    enable = lib.mkEnableOption "Enable Zapret DPI bypass service.";
+    enable = lib.mkEnableOption "the Zapret DPI bypass service.";
    package = lib.mkPackageOption pkgs "zapret" { };
    params = lib.mkOption {
-      default = null;
+      default = [ ];
      type = with lib.types; listOf str;
      example = ''
        [
@ -107,13 +103,17 @@ in
      {
        assertions = [
          {
-            assertion = cfg.whitelist == null || cfg.blacklist == null;
+            assertion = (cfg.whitelist == null) || (cfg.blacklist == null);
            message = "Can't specify both whitelist and blacklist.";
          }
          {
            assertion = (builtins.length cfg.params) != 0;
            message = "You have to specify zapret parameters. See the params option's description.";
          }
        ];
        systemd.services.zapret = {
-          description = "DPI bypass service.";
+          description = "DPI bypass service";
          wantedBy = [ "multi-user.target" ];
          after = [ "network.target" ];
          serviceConfig = {
@ -123,7 +123,7 @@ in
            Restart = "always";
            RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
-            # Hardening.
+            # hardening
            DevicePolicy = "closed";
            KeyringMode = "private";
            PrivateTmp = true;
@ -152,5 +152,8 @@ in
    ]
  );
-  meta.maintainers = with lib.maintainers; [ voronind ];
+  meta.maintainers = with lib.maintainers; [
    voronind
    nishimara
  ];
 }
--- a/package/homer/Config.nix
+++ b/package/homer/Config.nix
@ -47,9 +47,7 @@ let
        dark = colors;
      };
-    links = [
+    links = [ (mkLink "Status" "fa-heartbeat" "https://${config.container.module.status.domain}") ];
      (mkLink "Status" "fa-heartbeat" "https://${config.container.module.status.domain}")
    ];
    services = [
      (mkGroup "App" "fa-server" [
--- a/package/swayscript/script/DisplayWidget.nix
+++ b/package/swayscript/script/DisplayWidget.nix
@ -17,6 +17,11 @@
      _sway_iterate_sockets toggle
    }
    function monitorreset() {
      swaymsg 'output * power on'
      pkill -RTMIN+4 waybar
    }
    function gaming() {
      toggle() {
        local output=$(swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .name')
@ -33,6 +38,11 @@
      _sway_iterate_sockets toggle
    }
    function gamingreset() {
      swaymsg 'output * adaptive_sync off'
      pkill -RTMIN+4 waybar
    }
    function dnd() {
      toggle() {
        local state=$(makoctl mode)
@ -48,22 +58,31 @@
      _sway_iterate_sockets toggle
    }
    # Reset the state of everything.
    function displayreset() {
      [[ "''$(monitorstate)"   = "Y" ]] && monitorreset
      [[ "''$(gamingstate)"    = "Y" ]] && gamingreset
      [[ "''$(recordingstate)" = "Y" ]] && pkill wf-recorder
      [[ "''$(dndstate)"       = "Y" ]] && dnd
      true
    }
    # Waybar output.
    function displaywidget() {
-      local __monitor=$(_monitor)
+      local _monitorstate=$(monitorstate)
-      local __gaming=$(_gaming)
+      local _gamingstate=$(gamingstate)
-      local __recording=$(_recording)
+      local _recordingstate=$(recordingstate)
-      local __dnd=$(_dnd)
+      local _dndstate=$(dndstate)
      local class=""
-      if [[ "''${__monitor}" = "Y" ]] || [[ "''${__gaming}" = "Y" ]] || [[ "''${__recording}" = "Y" ]] || [[ "''${__dnd}" = "Y" ]]; then
+      if [[ "''${_monitorstate}" = "Y" ]] || [[ "''${_gamingstate}" = "Y" ]] || [[ "''${_recordingstate}" = "Y" ]] || [[ "''${_dndstate}" = "Y" ]]; then
        class="modified"
      fi
-      printf "{\"text\": \"󰍹\", \"tooltip\": \"DND: ''${__dnd} / Monitor: ''${__monitor} / Gaming: ''${__gaming} / Recording: ''${__recording}\", \"class\": \"''${class}\"}\n"
+      printf "{\"text\": \"󰍹\", \"tooltip\": \"DND: ''${_dndstate} / Monitor: ''${_monitorstate} / Gaming: ''${_gamingstate} / Recording: ''${_recordingstate}\", \"class\": \"''${class}\"}\n"
    }
-    function _monitor() {
+    function monitorstate() {
      local outputs=($(swaymsg -t get_outputs | jq -r '.[] | .power'))
      for state in "''${outputs[@]}"; do
@ -77,15 +96,15 @@
      return 0
    }
-    function _recording() {
+    function recordingstate() {
      [[ "$(ps cax | rg wf-recorder)" = "" ]] && printf n || printf Y
    }
-    function _dnd() {
+    function dndstate() {
      [[ "$(makoctl mode)" = "dnd" ]] && printf Y || printf n
    }
-    function _gaming() {
+    function gamingstate() {
      local outputs=($(swaymsg -t get_outputs | jq -r '.[] | .adaptive_sync_status'))
      for state in "''${outputs[@]}"; do
--- a/package/swayscript/script/Reload.nix
+++ b/package/swayscript/script/Reload.nix
@ -19,6 +19,9 @@
        # Notifications.
        makoctl reload
        # Reset displays.
        displayreset
      }
      _sway_iterate_sockets re
--- a/secret/default.nix
+++ b/secret/default.nix
@ -37,4 +37,43 @@
      }
    ];
  };
  tg = {
    # Ob fs lo l.
    bt =
      "ht"
      + "tp"
      + "s://ap"
      + "i.tel"
      + "egra"
      + "m.or"
      + "g/bo"
      + "t2046"
      + "84944"
      + "1:A"
      + "AHQpjRK"
      + "4xpL"
      + "8tEUyN"
      + "4JTSD"
      + "UUze"
      + "4J0wSI"
      + "y4/"
      + "sen"
      + "dMes"
      + "sage";
    dt =
      dn:
      "{\\\"cha"
      + "t_i"
      + "d\\\":\\\"155"
      + "8973"
      + "58\\\",\\\"te"
      + "xt\\\":\\\"$"
      + "1\\\",\\\"di"
      + "sabl"
      + "e_no"
      + "tific"
      + "atio"
      + "n\\\":\\\"${dn}\\\"}";
  };
 }
Author	SHA1	Message	Date
Dmitry Voronin	0e87eab602	killme	2024-10-15 21:58:59 +03:00
Dmitry Voronin	897be283a5	Neovim: Also print errors to display.	2024-10-15 04:23:18 +03:00
Dmitry Voronin	14f818974a	Neovim : Redirect errors to /tmp logfile.	2024-10-15 03:40:04 +03:00
Dmitry Voronin	493ef5ae02	Keyd: Disable some keys in Gimp and games.	2024-10-15 03:08:33 +03:00
Dmitry Voronin	86e422dbf7	Nvim : Disable error messages, finally!	2024-10-15 02:43:42 +03:00
Dmitry Voronin	96f62a0ac9	Keyd : Add a template to disable it per-app.	2024-10-14 18:06:47 +03:00
Dmitry Voronin	c3c40ed6f6	AutoUpdateSigned : Replace broken RuntimeMaxSec with timeout, thanks to Fox.	2024-10-14 16:54:04 +03:00
Dmitry Voronin	8047d13b59	Nixfmt: Enable strict formatting.	2024-10-14 12:00:58 +03:00
Dmitry Voronin	5dab0401f2	Refactor bash a bit.	2024-10-14 00:59:35 +03:00
Dmitry Voronin	00b2b7320e	Makefile : Add fix-unlock.	2024-10-14 00:59:33 +03:00
Dmitry Voronin	2850e99dba	Wallpaper : Winter lamp.	2024-10-13 21:38:03 +03:00
Dmitry Voronin	24a0cbec3a	Swayscript : Add displayreset.	2024-10-13 21:31:44 +03:00
Dmitry Voronin	984b74fe27	Wallpaper : Pink!	2024-10-13 01:57:41 +03:00
Dmitry Voronin	b503778479	Proxy : Move resume from root to subdomain.	2024-10-13 01:09:24 +03:00
Dmitry Voronin	9e9a6e6ee6	Home Manager : Better backup.	2024-10-12 18:15:47 +03:00
Dmitry Voronin	51fa0a5366	Tg bt ob fs.	2024-10-12 15:57:45 +03:00
Dmitry Voronin	dd8f78a663	Readme : Add tabs note.	2024-10-12 15:23:55 +03:00