Compare commits
2 commits
ac00537d6e
...
ef074ee1f3
Author | SHA1 | Date | |
---|---|---|---|
Dmitry Voronin | ef074ee1f3 | ||
Dmitry Voronin | bdcb0caf7b |
|
@ -2,22 +2,12 @@
|
||||||
end_of_line = lf
|
end_of_line = lf
|
||||||
charset = utf-8
|
charset = utf-8
|
||||||
indent_style = tab
|
indent_style = tab
|
||||||
indent_size = 2
|
|
||||||
insert_final_newline = true
|
insert_final_newline = true
|
||||||
trim_trailing_whitespace = true
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
[*.{nix,js}]
|
[*.nix]
|
||||||
indent_size = 2
|
indent_style = space
|
||||||
|
indent_size = 2
|
||||||
[*.lua]
|
|
||||||
indent_size = 4
|
|
||||||
|
|
||||||
[*.sh]
|
|
||||||
indent_size = 8
|
|
||||||
|
|
||||||
[Makefile]
|
|
||||||
indent_size = 2
|
|
||||||
|
|
||||||
[*.md]
|
[*.md]
|
||||||
indent_size = 8
|
|
||||||
trim_trailing_whitespace = false
|
trim_trailing_whitespace = false
|
||||||
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
||||||
/live
|
/live
|
||||||
|
.NixRoot*
|
||||||
|
|
15
.treefmt.toml
Normal file
15
.treefmt.toml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# One CLI to format the code tree - https://git.numtide.com/numtide/treefmt
|
||||||
|
|
||||||
|
# [formatter.mylanguage]
|
||||||
|
# Formatter to run
|
||||||
|
# command = "command-to-run"
|
||||||
|
# Command-line arguments for the command
|
||||||
|
# options = []
|
||||||
|
# Glob pattern of files to include
|
||||||
|
# includes = [ "*.<language-extension>" ]
|
||||||
|
# Glob patterns of files to exclude
|
||||||
|
# excludes = []
|
||||||
|
|
||||||
|
[formatter.nixfmt-rfc-style]
|
||||||
|
command = "nixfmt"
|
||||||
|
includes = [ "*.nix" ]
|
6
Makefile
6
Makefile
|
@ -26,6 +26,9 @@ check:
|
||||||
fix-ulimit:
|
fix-ulimit:
|
||||||
ulimit -n 999999999
|
ulimit -n 999999999
|
||||||
|
|
||||||
|
format:
|
||||||
|
treefmt --no-cache --on-unmatched=info
|
||||||
|
|
||||||
gc:
|
gc:
|
||||||
nix-collect-garbage -d
|
nix-collect-garbage -d
|
||||||
# nix-store --gc
|
# nix-store --gc
|
||||||
|
@ -59,9 +62,6 @@ live:
|
||||||
reboot: boot
|
reboot: boot
|
||||||
reboot
|
reboot
|
||||||
|
|
||||||
shell:
|
|
||||||
SHELL_NAME="default" nix develop
|
|
||||||
|
|
||||||
show:
|
show:
|
||||||
nix flake show
|
nix flake show
|
||||||
|
|
||||||
|
|
|
@ -1,67 +1,68 @@
|
||||||
# Global settings.
|
# Global settings.
|
||||||
# Just like I can configure each package, here I configure my config! :O)
|
# Just like I can configure each package, here I configure my config! :O)
|
||||||
{ lib, ... }: {
|
{ lib, ... }:
|
||||||
options.setting = with lib; {
|
{
|
||||||
# Ollama settings.
|
options.setting = with lib; {
|
||||||
# I use the best light model by default.
|
# Ollama settings.
|
||||||
ollama = mkOption {
|
# I use the best light model by default.
|
||||||
default = { };
|
ollama = mkOption {
|
||||||
type = types.submodule {
|
default = { };
|
||||||
# freeformType = lib.jsonFormat.type;
|
type = types.submodule {
|
||||||
options = {
|
# freeformType = lib.jsonFormat.type;
|
||||||
primaryModel = mkOption {
|
options = {
|
||||||
default = "llama3";
|
primaryModel = mkOption {
|
||||||
type = types.str;
|
default = "llama3";
|
||||||
};
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Whether to use Dpi-aware setting in supported apps.
|
# Whether to use Dpi-aware setting in supported apps.
|
||||||
dpiAware = mkOption {
|
dpiAware = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Keyboard options.
|
# Keyboard options.
|
||||||
keyboard = mkOption {
|
keyboard = mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
options = {
|
options = {
|
||||||
layouts = mkOption {
|
layouts = mkOption {
|
||||||
default = "us,ru";
|
default = "us,ru";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
options = mkOption {
|
options = mkOption {
|
||||||
default = "grp:toggle";
|
default = "grp:toggle";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# CPU configurations.
|
# CPU configurations.
|
||||||
cpu = mkOption {
|
cpu = mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
options = {
|
options = {
|
||||||
hwmon = mkOption {
|
hwmon = mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
options = {
|
options = {
|
||||||
path = mkOption {
|
path = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
file = mkOption {
|
file = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
199
config/Style.nix
199
config/Style.nix
|
@ -1,108 +1,117 @@
|
||||||
{ lib, config, pkgs, __findFile, ... }: with lib; let
|
{
|
||||||
cfg = config.style;
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
__findFile,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.style;
|
||||||
|
|
||||||
mkTypeOption = default: type: mkOption { inherit default type; };
|
mkTypeOption = default: type: mkOption { inherit default type; };
|
||||||
mkStrOption = default: mkTypeOption default types.str;
|
mkStrOption = default: mkTypeOption default types.str;
|
||||||
mkIntOption = default: mkTypeOption default types.int;
|
mkIntOption = default: mkTypeOption default types.int;
|
||||||
mkFloatOption = default: mkTypeOption default types.float;
|
mkFloatOption = default: mkTypeOption default types.float;
|
||||||
mkPkgOption = default: mkTypeOption default types.package;
|
mkPkgOption = default: mkTypeOption default types.package;
|
||||||
in {
|
in
|
||||||
options.style = {
|
{
|
||||||
color = {
|
options.style = {
|
||||||
bg = {
|
color = {
|
||||||
dark = mkStrOption config.lib.stylix.colors.base00;
|
bg = {
|
||||||
light = mkStrOption config.lib.stylix.colors.base07;
|
dark = mkStrOption config.lib.stylix.colors.base00;
|
||||||
regular = mkStrOption config.lib.stylix.colors.base01;
|
light = mkStrOption config.lib.stylix.colors.base07;
|
||||||
};
|
regular = mkStrOption config.lib.stylix.colors.base01;
|
||||||
fg = {
|
};
|
||||||
dark = mkStrOption config.lib.stylix.colors.base04;
|
fg = {
|
||||||
light = mkStrOption config.lib.stylix.colors.base06;
|
dark = mkStrOption config.lib.stylix.colors.base04;
|
||||||
regular = mkStrOption config.lib.stylix.colors.base05;
|
light = mkStrOption config.lib.stylix.colors.base06;
|
||||||
};
|
regular = mkStrOption config.lib.stylix.colors.base05;
|
||||||
accent = mkStrOption config.lib.stylix.colors.base0A;
|
};
|
||||||
heading = mkStrOption config.lib.stylix.colors.base0D;
|
accent = mkStrOption config.lib.stylix.colors.base0A;
|
||||||
hl = mkStrOption config.lib.stylix.colors.base03;
|
heading = mkStrOption config.lib.stylix.colors.base0D;
|
||||||
keyword = mkStrOption config.lib.stylix.colors.base0E;
|
hl = mkStrOption config.lib.stylix.colors.base03;
|
||||||
link = mkStrOption config.lib.stylix.colors.base09;
|
keyword = mkStrOption config.lib.stylix.colors.base0E;
|
||||||
misc = mkStrOption config.lib.stylix.colors.base0F;
|
link = mkStrOption config.lib.stylix.colors.base09;
|
||||||
negative = mkStrOption config.lib.stylix.colors.base08;
|
misc = mkStrOption config.lib.stylix.colors.base0F;
|
||||||
neutral = mkStrOption config.lib.stylix.colors.base0C;
|
negative = mkStrOption config.lib.stylix.colors.base08;
|
||||||
positive = mkStrOption config.lib.stylix.colors.base0B;
|
neutral = mkStrOption config.lib.stylix.colors.base0C;
|
||||||
selection = mkStrOption config.lib.stylix.colors.base02;
|
positive = mkStrOption config.lib.stylix.colors.base0B;
|
||||||
transparent = mkStrOption "ffffff00";
|
selection = mkStrOption config.lib.stylix.colors.base02;
|
||||||
|
transparent = mkStrOption "ffffff00";
|
||||||
|
|
||||||
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
|
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
|
||||||
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
|
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
|
||||||
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
|
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
|
||||||
|
|
||||||
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
|
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
|
||||||
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
|
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
|
||||||
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
|
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
|
||||||
|
|
||||||
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
|
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
|
||||||
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
|
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
|
||||||
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
|
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
|
||||||
|
|
||||||
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
|
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
|
||||||
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
|
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
|
||||||
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
|
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
|
||||||
|
|
||||||
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
|
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
|
||||||
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
|
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
|
||||||
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
|
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
|
||||||
|
|
||||||
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
|
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
|
||||||
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
|
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
|
||||||
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
|
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
|
||||||
|
|
||||||
border = mkStrOption config.lib.stylix.colors.base01;
|
border = mkStrOption config.lib.stylix.colors.base01;
|
||||||
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
|
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
|
||||||
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
|
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
|
||||||
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
|
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
|
||||||
};
|
};
|
||||||
|
|
||||||
font = {
|
font = {
|
||||||
size = {
|
size = {
|
||||||
application = mkIntOption 12;
|
application = mkIntOption 12;
|
||||||
terminal = mkIntOption 14;
|
terminal = mkIntOption 14;
|
||||||
popup = mkIntOption 12;
|
popup = mkIntOption 12;
|
||||||
desktop = mkIntOption 14;
|
desktop = mkIntOption 14;
|
||||||
};
|
};
|
||||||
serif = {
|
serif = {
|
||||||
package = mkPkgOption (pkgs.callPackage <package/applefont> {});
|
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
|
||||||
name = mkStrOption "SF Pro Display";
|
name = mkStrOption "SF Pro Display";
|
||||||
};
|
};
|
||||||
sansSerif = {
|
sansSerif = {
|
||||||
package = mkPkgOption (pkgs.callPackage <package/applefont> {});
|
package = mkPkgOption (pkgs.callPackage <package/applefont> { });
|
||||||
name = mkStrOption "SF Pro Display";
|
name = mkStrOption "SF Pro Display";
|
||||||
};
|
};
|
||||||
monospace = {
|
monospace = {
|
||||||
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
|
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
|
||||||
name = mkStrOption "Terminess Nerd Font Mono";
|
name = mkStrOption "Terminess Nerd Font Mono";
|
||||||
};
|
};
|
||||||
emoji = {
|
emoji = {
|
||||||
package = mkPkgOption pkgs.noto-fonts-emoji;
|
package = mkPkgOption pkgs.noto-fonts-emoji;
|
||||||
name = mkStrOption "Noto Color Emoji";
|
name = mkStrOption "Noto Color Emoji";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
opacity = {
|
opacity = {
|
||||||
application = mkFloatOption 0.85;
|
application = mkFloatOption 0.85;
|
||||||
desktop = mkFloatOption 0.85;
|
desktop = mkFloatOption 0.85;
|
||||||
popup = mkFloatOption 0.85;
|
popup = mkFloatOption 0.85;
|
||||||
terminal = mkFloatOption 0.85;
|
terminal = mkFloatOption 0.85;
|
||||||
hex = mkStrOption "D9";
|
hex = mkStrOption "D9";
|
||||||
};
|
};
|
||||||
|
|
||||||
cursor = {
|
cursor = {
|
||||||
name = mkStrOption "Adwaita";
|
name = mkStrOption "Adwaita";
|
||||||
package = mkPkgOption pkgs.adwaita-icon-theme;
|
package = mkPkgOption pkgs.adwaita-icon-theme;
|
||||||
size = mkIntOption 14;
|
size = mkIntOption 14;
|
||||||
};
|
};
|
||||||
|
|
||||||
window = {
|
window = {
|
||||||
gap = mkIntOption 8;
|
gap = mkIntOption 8;
|
||||||
border = mkIntOption 4;
|
border = mkIntOption 4;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +1,42 @@
|
||||||
{ pkgs, config, __findFile, ... }: {
|
{
|
||||||
stylix = {
|
pkgs,
|
||||||
enable = true;
|
config,
|
||||||
image = config.module.wallpaper.path;
|
__findFile,
|
||||||
autoEnable = true;
|
...
|
||||||
polarity = "dark";
|
}:
|
||||||
fonts = {
|
{
|
||||||
inherit (config.style.font) serif sansSerif monospace emoji;
|
stylix = {
|
||||||
sizes = {
|
enable = true;
|
||||||
inherit (config.style.font.size) terminal desktop;
|
image = config.module.wallpaper.path;
|
||||||
applications = config.style.font.size.application;
|
autoEnable = true;
|
||||||
popups = config.style.font.size.popup;
|
polarity = "dark";
|
||||||
};
|
fonts = {
|
||||||
};
|
inherit (config.style.font)
|
||||||
opacity = {
|
serif
|
||||||
inherit (config.style.opacity) desktop terminal;
|
sansSerif
|
||||||
applications = config.style.opacity.application;
|
monospace
|
||||||
popups = config.style.opacity.popups;
|
emoji
|
||||||
};
|
;
|
||||||
inherit (config.style) cursor;
|
sizes = {
|
||||||
override = if config.module.wallpaper.forceContrastText then {
|
inherit (config.style.font.size) terminal desktop;
|
||||||
base04 = "000000";
|
applications = config.style.font.size.application;
|
||||||
base05 = "ffffff";
|
popups = config.style.font.size.popup;
|
||||||
base06 = "ffffff";
|
};
|
||||||
} else {};
|
};
|
||||||
};
|
opacity = {
|
||||||
|
inherit (config.style.opacity) desktop terminal;
|
||||||
|
applications = config.style.opacity.application;
|
||||||
|
popups = config.style.opacity.popups;
|
||||||
|
};
|
||||||
|
inherit (config.style) cursor;
|
||||||
|
override =
|
||||||
|
if config.module.wallpaper.forceContrastText then
|
||||||
|
{
|
||||||
|
base04 = "000000";
|
||||||
|
base05 = "ffffff";
|
||||||
|
base06 = "ffffff";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{ };
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,18 +1,21 @@
|
||||||
{ pkgs, lib, ... }: with lib; let
|
{ pkgs, lib, ... }:
|
||||||
url = "https://i.imgur.com/gYy0mzG.jpeg";
|
with lib;
|
||||||
sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k";
|
let
|
||||||
forceContrastText = true;
|
url = "https://i.imgur.com/gYy0mzG.jpeg";
|
||||||
in {
|
sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k";
|
||||||
options = {
|
forceContrastText = true;
|
||||||
module.wallpaper = {
|
in
|
||||||
forceContrastText = mkOption {
|
{
|
||||||
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
|
options = {
|
||||||
type = types.bool;
|
module.wallpaper = {
|
||||||
};
|
forceContrastText = mkOption {
|
||||||
path = mkOption {
|
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
|
||||||
default = pkgs.fetchurl { inherit url sha256; };
|
type = types.bool;
|
||||||
type = types.path;
|
};
|
||||||
};
|
path = mkOption {
|
||||||
};
|
default = pkgs.fetchurl { inherit url sha256; };
|
||||||
};
|
type = types.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,49 +1,59 @@
|
||||||
{ container, lib, config, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.change;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.change = {
|
...
|
||||||
enable = mkEnableOption "Change detection service";
|
}@args:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.41";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.change;
|
||||||
};
|
in
|
||||||
port = mkOption {
|
{
|
||||||
default = 5000;
|
options = {
|
||||||
type = types.int;
|
container.module.change = {
|
||||||
};
|
enable = mkEnableOption "Change detection service";
|
||||||
domain = mkOption {
|
address = mkOption {
|
||||||
default = "change.${config.container.domain}";
|
default = "10.1.0.41";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
port = mkOption {
|
||||||
default = "${config.container.storage}/change";
|
default = 5000;
|
||||||
type = types.str;
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
};
|
default = "change.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/change";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.change = container.mkContainer cfg {
|
containers.change = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/changedetection-io" = {
|
"/var/lib/changedetection-io" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.changedetection-io = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
baseURL = cfg.domain;
|
services.changedetection-io = {
|
||||||
behindProxy = true;
|
enable = true;
|
||||||
listenAddress = cfg.address;
|
baseURL = cfg.domain;
|
||||||
};
|
behindProxy = true;
|
||||||
};
|
listenAddress = cfg.address;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,73 +1,87 @@
|
||||||
{ container, pkgs, lib, config, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.cloud;
|
container,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}@args:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.container.module.cloud;
|
||||||
|
|
||||||
postgres = config.container.module.postgres;
|
postgres = config.container.module.postgres;
|
||||||
proxy = config.container.module.proxy;
|
proxy = config.container.module.proxy;
|
||||||
in {
|
in
|
||||||
options = {
|
{
|
||||||
container.module.cloud = {
|
options = {
|
||||||
enable = mkEnableOption "File cloud service";
|
container.module.cloud = {
|
||||||
address = mkOption {
|
enable = mkEnableOption "File cloud service";
|
||||||
default = "10.1.0.13";
|
address = mkOption {
|
||||||
type = types.str;
|
default = "10.1.0.13";
|
||||||
};
|
type = types.str;
|
||||||
port = mkOption {
|
};
|
||||||
default = 80;
|
port = mkOption {
|
||||||
type = types.int;
|
default = 80;
|
||||||
};
|
type = types.int;
|
||||||
domain = mkOption {
|
};
|
||||||
default = "cloud.${config.container.domain}";
|
domain = mkOption {
|
||||||
type = types.str;
|
default = "cloud.${config.container.domain}";
|
||||||
};
|
type = types.str;
|
||||||
storage = mkOption {
|
};
|
||||||
default = "${config.container.storage}/cloud";
|
storage = mkOption {
|
||||||
type = types.str;
|
default = "${config.container.storage}/cloud";
|
||||||
};
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.cloud = container.mkContainer cfg {
|
containers.cloud = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/nextcloud" = {
|
"/var/lib/nextcloud" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { config, ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.nextcloud = {
|
{ config, ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
# package = pkgs.nextcloud29;
|
services.nextcloud = {
|
||||||
hostName = cfg.domain;
|
enable = true;
|
||||||
# phpOptions = {
|
# package = pkgs.nextcloud29;
|
||||||
# memory_limit = lib.mkForce "20G";
|
hostName = cfg.domain;
|
||||||
# };
|
# phpOptions = {
|
||||||
config = {
|
# memory_limit = lib.mkForce "20G";
|
||||||
adminuser = "root";
|
# };
|
||||||
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
|
config = {
|
||||||
|
adminuser = "root";
|
||||||
|
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
|
||||||
|
|
||||||
dbhost = postgres.address;
|
dbhost = postgres.address;
|
||||||
dbname = "nextcloud";
|
dbname = "nextcloud";
|
||||||
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
|
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
dbuser = "nextcloud";
|
dbuser = "nextcloud";
|
||||||
};
|
};
|
||||||
extraApps = {
|
extraApps = {
|
||||||
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice;
|
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice;
|
||||||
};
|
};
|
||||||
extraAppsEnable = true;
|
extraAppsEnable = true;
|
||||||
settings = {
|
settings = {
|
||||||
trusted_domains = [ cfg.address cfg.domain ];
|
trusted_domains = [
|
||||||
trusted_proxies = [ proxy.address ];
|
cfg.address
|
||||||
allow_local_remote_servers = true;
|
cfg.domain
|
||||||
};
|
];
|
||||||
};
|
trusted_proxies = [ proxy.address ];
|
||||||
};
|
allow_local_remote_servers = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,54 +1,67 @@
|
||||||
{ container, lib, config, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.ddns;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.ddns = {
|
...
|
||||||
enable = mkEnableOption "Dynamic dns client.";
|
}@args:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.31";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.ddns;
|
||||||
};
|
in
|
||||||
storage = mkOption {
|
{
|
||||||
default = "${config.container.storage}/ddns";
|
options = {
|
||||||
type = types.str;
|
container.module.ddns = {
|
||||||
};
|
enable = mkEnableOption "Dynamic dns client.";
|
||||||
};
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.31";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/ddns";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.ddns = container.mkContainer cfg {
|
containers.ddns = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/data" = {
|
"/data" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.cloudflare-dyndns = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
apiTokenFile = "/data/token";
|
services.cloudflare-dyndns = {
|
||||||
deleteMissing = false;
|
enable = true;
|
||||||
ipv4 = true;
|
apiTokenFile = "/data/token";
|
||||||
ipv6 = false;
|
deleteMissing = false;
|
||||||
proxied = false;
|
ipv4 = true;
|
||||||
domains = let
|
ipv6 = false;
|
||||||
domain = config.container.domain;
|
proxied = false;
|
||||||
in [ domain ] ++ map (sub: "${sub}.${domain}") [
|
domains =
|
||||||
"cloud"
|
let
|
||||||
"git"
|
domain = config.container.domain;
|
||||||
"mail"
|
in
|
||||||
"office"
|
[ domain ]
|
||||||
"paste"
|
++ map (sub: "${sub}.${domain}") [
|
||||||
"play"
|
"cloud"
|
||||||
"vpn"
|
"git"
|
||||||
];
|
"mail"
|
||||||
};
|
"office"
|
||||||
};
|
"paste"
|
||||||
};
|
"play"
|
||||||
};
|
"vpn"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,128 +1,141 @@
|
||||||
{ container, pkgs, lib, config, util, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.dns;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
lib,
|
||||||
container.module.dns = {
|
config,
|
||||||
enable = mkEnableOption "Dns server.";
|
util,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.6";
|
}@args:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.dns;
|
||||||
default = 53;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
};
|
container.module.dns = {
|
||||||
};
|
enable = mkEnableOption "Dns server.";
|
||||||
|
address = mkOption {
|
||||||
|
default = "10.1.0.6";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
default = 53;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
containers.dns = container.mkContainer cfg {
|
containers.dns = container.mkContainer cfg {
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
environment.systemPackages = [
|
{ ... }:
|
||||||
pkgs.cloudflared
|
container.mkContainerConfig cfg {
|
||||||
];
|
environment.systemPackages = [
|
||||||
|
pkgs.cloudflared
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.cloudflared = {
|
systemd.services.cloudflared = {
|
||||||
description = "Cloudflare DoH server.";
|
description = "Cloudflare DoH server.";
|
||||||
enable = true;
|
enable = true;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054";
|
ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.blocky = {
|
services.blocky = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
upstream = {
|
upstream = {
|
||||||
default = [
|
default = [
|
||||||
"0.0.0.0:5054"
|
"0.0.0.0:5054"
|
||||||
"0.0.0.0:5054"
|
"0.0.0.0:5054"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
blocking = {
|
blocking = {
|
||||||
blackLists = {
|
blackLists = {
|
||||||
suspicious = [
|
suspicious = [
|
||||||
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
||||||
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
|
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
|
||||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
|
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
|
||||||
"https://v.firebog.net/hosts/static/w3kbl.txt"
|
"https://v.firebog.net/hosts/static/w3kbl.txt"
|
||||||
];
|
];
|
||||||
ads = [
|
ads = [
|
||||||
"https://easylist-downloads.adblockplus.org/bitblock.txt"
|
"https://easylist-downloads.adblockplus.org/bitblock.txt"
|
||||||
"https://adaway.org/hosts.txt"
|
"https://adaway.org/hosts.txt"
|
||||||
"https://v.firebog.net/hosts/AdguardDNS.txt"
|
"https://v.firebog.net/hosts/AdguardDNS.txt"
|
||||||
"https://v.firebog.net/hosts/Admiral.txt"
|
"https://v.firebog.net/hosts/Admiral.txt"
|
||||||
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
|
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
|
||||||
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
|
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
|
||||||
"https://v.firebog.net/hosts/Easylist.txt"
|
"https://v.firebog.net/hosts/Easylist.txt"
|
||||||
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
|
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
|
||||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
|
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
|
||||||
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
|
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
|
||||||
"https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt"
|
"https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt"
|
||||||
];
|
];
|
||||||
tracking = [
|
tracking = [
|
||||||
"https://v.firebog.net/hosts/Easyprivacy.txt"
|
"https://v.firebog.net/hosts/Easyprivacy.txt"
|
||||||
"https://v.firebog.net/hosts/Prigent-Ads.txt"
|
"https://v.firebog.net/hosts/Prigent-Ads.txt"
|
||||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
|
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
|
||||||
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
|
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
|
||||||
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
|
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
|
||||||
];
|
];
|
||||||
malicious = [
|
malicious = [
|
||||||
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
|
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
|
||||||
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
|
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
|
||||||
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
|
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
|
||||||
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
|
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
|
||||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
|
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
|
||||||
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
|
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
|
||||||
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
|
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
|
||||||
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
|
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
|
||||||
"https://v.firebog.net/hosts/RPiList-Malware.txt"
|
"https://v.firebog.net/hosts/RPiList-Malware.txt"
|
||||||
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
|
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
|
||||||
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
|
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
|
||||||
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
|
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
|
||||||
"https://urlhaus.abuse.ch/downloads/hostfile/"
|
"https://urlhaus.abuse.ch/downloads/hostfile/"
|
||||||
];
|
];
|
||||||
other = [
|
other = [
|
||||||
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
|
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
# whiteLists = {
|
# whiteLists = {
|
||||||
# other = [
|
# other = [
|
||||||
# "/.*.vk.com/"
|
# "/.*.vk.com/"
|
||||||
# ];
|
# ];
|
||||||
# };
|
# };
|
||||||
clientGroupsBlock = {
|
clientGroupsBlock = {
|
||||||
default = [
|
default = [
|
||||||
"suspicious"
|
"suspicious"
|
||||||
"ads"
|
"ads"
|
||||||
"tracking"
|
"tracking"
|
||||||
"malicious"
|
"malicious"
|
||||||
"other"
|
"other"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
customDNS = {
|
customDNS = {
|
||||||
mapping = let
|
mapping =
|
||||||
block = "0.0.0.0";
|
let
|
||||||
in {
|
block = "0.0.0.0";
|
||||||
# All subdomains to current host.
|
in
|
||||||
# ${config.container.domain} = config.container.host;
|
{
|
||||||
"voronind.com" = "10.0.0.1";
|
# All subdomains to current host.
|
||||||
|
# ${config.container.domain} = config.container.host;
|
||||||
|
"voronind.com" = "10.0.0.1";
|
||||||
|
|
||||||
# Blocklist.
|
# Blocklist.
|
||||||
"gosuslugi.ru" = block;
|
"gosuslugi.ru" = block;
|
||||||
"rutube.ru" = block;
|
"rutube.ru" = block;
|
||||||
"vk.com" = block;
|
"vk.com" = block;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
port = cfg.port;
|
port = cfg.port;
|
||||||
# httpPort = "80";
|
# httpPort = "80";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,60 +1,70 @@
|
||||||
{ container, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.download;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.download = {
|
...
|
||||||
enable = mkEnableOption "Downloader.";
|
}:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.12";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.download;
|
||||||
};
|
in
|
||||||
port = mkOption {
|
{
|
||||||
default = 8112;
|
options = {
|
||||||
type = types.int;
|
container.module.download = {
|
||||||
};
|
enable = mkEnableOption "Downloader.";
|
||||||
domain = mkOption {
|
address = mkOption {
|
||||||
default = "download.${config.container.domain}";
|
default = "10.1.0.12";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
port = mkOption {
|
||||||
default = "${config.container.storage}/download";
|
default = 8112;
|
||||||
type = types.str;
|
type = types.int;
|
||||||
};
|
};
|
||||||
memLimit = mkOption {
|
domain = mkOption {
|
||||||
default = "4G";
|
default = "download.${config.container.domain}";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
storage = mkOption {
|
||||||
};
|
default = "${config.container.storage}/download";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
memLimit = mkOption {
|
||||||
|
default = "4G";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.download = container.mkContainer cfg {
|
containers.download = container.mkContainer cfg {
|
||||||
enableTun = true;
|
enableTun = true;
|
||||||
|
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/deluge/.config/deluge" = {
|
"/var/lib/deluge/.config/deluge" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
} // container.attachMedia "download" false;
|
} // container.attachMedia "download" false;
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.deluge = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
dataDir = "/var/lib/deluge";
|
services.deluge = {
|
||||||
web.enable = true;
|
enable = true;
|
||||||
};
|
dataDir = "/var/lib/deluge";
|
||||||
|
web.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.deluged.serviceConfig = {
|
systemd.services.deluged.serviceConfig = {
|
||||||
MemoryLimit = cfg.memLimit;
|
MemoryLimit = cfg.memLimit;
|
||||||
Restart = lib.mkForce "always";
|
Restart = lib.mkForce "always";
|
||||||
RuntimeMaxSec = "1d";
|
RuntimeMaxSec = "1d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,118 +1,132 @@
|
||||||
# TODO: Saved just in case for the dark future.
|
# TODO: Saved just in case for the dark future.
|
||||||
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
|
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
|
||||||
{ container, pkgs, lib, config, __findFile, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.frkn;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
lib,
|
||||||
container.module.frkn = {
|
config,
|
||||||
enable = mkEnableOption "FRKN";
|
__findFile,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.69";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.frkn;
|
||||||
default = 1080;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
torport = mkOption {
|
container.module.frkn = {
|
||||||
default = 9150;
|
enable = mkEnableOption "FRKN";
|
||||||
type = types.int;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.69";
|
||||||
xrayport = mkOption {
|
type = types.str;
|
||||||
default = 1081;
|
};
|
||||||
type = types.int;
|
port = mkOption {
|
||||||
};
|
default = 1080;
|
||||||
storage = mkOption {
|
type = types.int;
|
||||||
default = "${config.container.storage}/frkn";
|
};
|
||||||
type = types.str;
|
torport = mkOption {
|
||||||
};
|
default = 9150;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
xrayport = mkOption {
|
||||||
|
default = 1081;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/frkn";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.frkn = container.mkContainer cfg {
|
containers.frkn = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/data" = {
|
"/data" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
boot.kernel.sysctl = {
|
{ ... }:
|
||||||
"net.ipv4.conf.all.src_valid_mark" = 1;
|
container.mkContainerConfig cfg {
|
||||||
"net.ipv4.ip_forward" = 1;
|
boot.kernel.sysctl = {
|
||||||
};
|
"net.ipv4.conf.all.src_valid_mark" = 1;
|
||||||
|
"net.ipv4.ip_forward" = 1;
|
||||||
|
};
|
||||||
|
|
||||||
imports = [ <module/Zapret.nix> ];
|
imports = [ <module/Zapret.nix> ];
|
||||||
module.zapret = {
|
module.zapret = {
|
||||||
enable = true;
|
enable = true;
|
||||||
params = config.module.zapret.params;
|
params = config.module.zapret.params;
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
microsocks = {
|
microsocks = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ip = cfg.address;
|
ip = cfg.address;
|
||||||
port = cfg.port;
|
port = cfg.port;
|
||||||
disableLogging = true;
|
disableLogging = true;
|
||||||
#authUsername
|
#authUsername
|
||||||
#outgoingBindIp
|
#outgoingBindIp
|
||||||
#authOnce
|
#authOnce
|
||||||
};
|
};
|
||||||
|
|
||||||
tor = {
|
tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
settings = let
|
settings =
|
||||||
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
|
let
|
||||||
in {
|
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
|
||||||
# ExcludeExitNodes = exclude;
|
in
|
||||||
# ExcludeNodes = exclude;
|
{
|
||||||
#DNSPort = dnsport;
|
# ExcludeExitNodes = exclude;
|
||||||
UseBridges = true;
|
# ExcludeNodes = exclude;
|
||||||
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
|
#DNSPort = dnsport;
|
||||||
Bridge = [
|
UseBridges = true;
|
||||||
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
|
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
|
||||||
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
|
Bridge = [
|
||||||
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
|
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
|
||||||
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
|
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
|
||||||
];
|
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
|
||||||
};
|
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
client = {
|
client = {
|
||||||
enable = true;
|
enable = true;
|
||||||
#dns.enable = true;
|
#dns.enable = true;
|
||||||
socksListenAddress = {
|
socksListenAddress = {
|
||||||
IsolateDestAddr = true;
|
IsolateDestAddr = true;
|
||||||
addr = cfg.address;
|
addr = cfg.address;
|
||||||
port = cfg.torport;
|
port = cfg.torport;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
xray = {
|
xray = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settingsFile = "/data/Client.json";
|
settingsFile = "/data/Client.json";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
services.tor.wantedBy = lib.mkForce [];
|
services.tor.wantedBy = lib.mkForce [ ];
|
||||||
|
|
||||||
timers.tor = {
|
timers.tor = {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnBootSec = 5;
|
OnBootSec = 5;
|
||||||
Unit = "tor.service";
|
Unit = "tor.service";
|
||||||
};
|
};
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,108 +1,123 @@
|
||||||
{ container, pkgs, config, lib, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.git;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
config,
|
||||||
container.module.git = {
|
lib,
|
||||||
enable = mkEnableOption "Git server.";
|
...
|
||||||
address = mkOption {
|
}:
|
||||||
default = "10.1.0.8";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.git;
|
||||||
port = mkOption {
|
in
|
||||||
default = 3000;
|
{
|
||||||
type = types.int;
|
options = {
|
||||||
};
|
container.module.git = {
|
||||||
portSsh = mkOption {
|
enable = mkEnableOption "Git server.";
|
||||||
default = 22144;
|
address = mkOption {
|
||||||
type = types.int;
|
default = "10.1.0.8";
|
||||||
};
|
type = types.str;
|
||||||
domain = mkOption {
|
};
|
||||||
default = "git.${config.container.domain}";
|
port = mkOption {
|
||||||
type = types.str;
|
default = 3000;
|
||||||
};
|
type = types.int;
|
||||||
storage = mkOption {
|
};
|
||||||
default = "${config.container.storage}/git";
|
portSsh = mkOption {
|
||||||
type = types.str;
|
default = 22144;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
|
default = "git.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/git";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.git = container.mkContainer cfg {
|
containers.git = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/forgejo" = {
|
"/var/lib/forgejo" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
environment.systemPackages = with pkgs; [ forgejo ];
|
{ ... }:
|
||||||
|
container.mkContainerConfig cfg {
|
||||||
|
environment.systemPackages = with pkgs; [ forgejo ];
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
stateDir = "/var/lib/forgejo";
|
stateDir = "/var/lib/forgejo";
|
||||||
|
|
||||||
database = let
|
database =
|
||||||
postgre = config.container.module.postgres;
|
let
|
||||||
in {
|
postgre = config.container.module.postgres;
|
||||||
type = "postgres";
|
in
|
||||||
host = postgre.address;
|
{
|
||||||
port = postgre.port;
|
type = "postgres";
|
||||||
user = "forgejo";
|
host = postgre.address;
|
||||||
name = "forgejo";
|
port = postgre.port;
|
||||||
createDatabase = false;
|
user = "forgejo";
|
||||||
};
|
name = "forgejo";
|
||||||
|
createDatabase = false;
|
||||||
|
};
|
||||||
|
|
||||||
settings = let
|
settings =
|
||||||
gcArgs = "--aggressive --no-cruft --prune=now";
|
let
|
||||||
gcTimeout = 600;
|
gcArgs = "--aggressive --no-cruft --prune=now";
|
||||||
in {
|
gcTimeout = 600;
|
||||||
"service".DISABLE_REGISTRATION = true;
|
in
|
||||||
"log".LEVEL = "Error";
|
{
|
||||||
"server" = {
|
"service".DISABLE_REGISTRATION = true;
|
||||||
DOMAIN = cfg.domain;
|
"log".LEVEL = "Error";
|
||||||
HTTP_ADDR = cfg.address;
|
"server" = {
|
||||||
ROOT_URL = "https://${cfg.domain}";
|
DOMAIN = cfg.domain;
|
||||||
|
HTTP_ADDR = cfg.address;
|
||||||
|
ROOT_URL = "https://${cfg.domain}";
|
||||||
|
|
||||||
BUILTIN_SSH_SERVER_USER = "git";
|
BUILTIN_SSH_SERVER_USER = "git";
|
||||||
DISABLE_SSH = false;
|
DISABLE_SSH = false;
|
||||||
SSH_PORT = cfg.portSsh;
|
SSH_PORT = cfg.portSsh;
|
||||||
START_SSH_SERVER = true;
|
START_SSH_SERVER = true;
|
||||||
};
|
};
|
||||||
"ui" = {
|
"ui" = {
|
||||||
AMBIGUOUS_UNICODE_DETECTION = false;
|
AMBIGUOUS_UNICODE_DETECTION = false;
|
||||||
};
|
};
|
||||||
"repository" = {
|
"repository" = {
|
||||||
DEFAULT_PRIVATE = "private";
|
DEFAULT_PRIVATE = "private";
|
||||||
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
||||||
};
|
};
|
||||||
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
|
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
|
||||||
"repository.issue".MAX_PINNED = 99999;
|
"repository.issue".MAX_PINNED = 99999;
|
||||||
"cron" = {
|
"cron" = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
RUN_AT_START = true;
|
RUN_AT_START = true;
|
||||||
};
|
};
|
||||||
"repo-archive".ENABLED = false;
|
"repo-archive".ENABLED = false;
|
||||||
"cron.update_mirrors".SCHEDULE = "@midnight";
|
"cron.update_mirrors".SCHEDULE = "@midnight";
|
||||||
"cron.cleanup_actions".ENABLED = true;
|
"cron.cleanup_actions".ENABLED = true;
|
||||||
"cron.git_gc_repos" = {
|
"cron.git_gc_repos" = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
SCHEDULE = "@midnight";
|
SCHEDULE = "@midnight";
|
||||||
TIMEOUT = gcTimeout;
|
TIMEOUT = gcTimeout;
|
||||||
ARGS = gcArgs;
|
ARGS = gcArgs;
|
||||||
};
|
};
|
||||||
"git" = {
|
"git" = {
|
||||||
GC_ARGS = gcArgs;
|
GC_ARGS = gcArgs;
|
||||||
};
|
};
|
||||||
"git.timeout".GC = gcTimeout;
|
"git.timeout".GC = gcTimeout;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,70 +1,81 @@
|
||||||
# ISSUE: Broken, can't read/write sda device.
|
# ISSUE: Broken, can't read/write sda device.
|
||||||
{ container, pkgs, config, lib, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.hdd;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
config,
|
||||||
container.module.hdd = {
|
lib,
|
||||||
enable = mkEnableOption "Hdd health monitor.";
|
...
|
||||||
address = mkOption {
|
}:
|
||||||
default = "10.1.0.10";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.hdd;
|
||||||
port = mkOption {
|
in
|
||||||
default = 8080;
|
{
|
||||||
type = types.int;
|
options = {
|
||||||
};
|
container.module.hdd = {
|
||||||
domain = mkOption {
|
enable = mkEnableOption "Hdd health monitor.";
|
||||||
default = "hdd.${config.container.domain}";
|
address = mkOption {
|
||||||
type = types.str;
|
default = "10.1.0.10";
|
||||||
};
|
type = types.str;
|
||||||
storage = mkOption {
|
};
|
||||||
default = "${config.container.storage}/hdd";
|
port = mkOption {
|
||||||
type = types.str;
|
default = 8080;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
|
default = "hdd.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/hdd";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.hdd = container.mkContainer cfg {
|
containers.hdd = container.mkContainer cfg {
|
||||||
# bindMounts = let
|
# bindMounts = let
|
||||||
# attachDrive = hostPath: {
|
# attachDrive = hostPath: {
|
||||||
# inherit hostPath;
|
# inherit hostPath;
|
||||||
# isReadOnly = false;
|
# isReadOnly = false;
|
||||||
# };
|
# };
|
||||||
# in {
|
# in {
|
||||||
# "/opt/scrutiny" = {
|
# "/opt/scrutiny" = {
|
||||||
# hostPath = "${cfg.storage}/data";
|
# hostPath = "${cfg.storage}/data";
|
||||||
# isReadOnly = false;
|
# isReadOnly = false;
|
||||||
# };
|
# };
|
||||||
# "/dev/sda" = attachDrive "/dev/sda";
|
# "/dev/sda" = attachDrive "/dev/sda";
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# allowedDevices = [
|
# allowedDevices = [
|
||||||
# {
|
# {
|
||||||
# modifier = "rwm";
|
# modifier = "rwm";
|
||||||
# node = "/dev/sda";
|
# node = "/dev/sda";
|
||||||
# }
|
# }
|
||||||
# ];
|
# ];
|
||||||
|
|
||||||
# additionalCapabilities = [ "CAP_SYS_ADMIN" ];
|
# additionalCapabilities = [ "CAP_SYS_ADMIN" ];
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
environment.systemPackages = with pkgs; [ smartmontools ];
|
{ ... }:
|
||||||
|
container.mkContainerConfig cfg {
|
||||||
|
environment.systemPackages = with pkgs; [ smartmontools ];
|
||||||
|
|
||||||
services.scrutiny = {
|
services.scrutiny = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.web = {
|
settings.web = {
|
||||||
listen = {
|
listen = {
|
||||||
host = cfg.address;
|
host = cfg.address;
|
||||||
port = cfg.port;
|
port = cfg.port;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,45 +1,58 @@
|
||||||
{ container, pkgs, util, lib, config, __findFile, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.home;
|
container,
|
||||||
package = (pkgs.callPackage <package/homer> args);
|
pkgs,
|
||||||
in {
|
util,
|
||||||
options = {
|
lib,
|
||||||
container.module.home = {
|
config,
|
||||||
enable = mkEnableOption "Dashboard.";
|
__findFile,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.18";
|
}@args:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.home;
|
||||||
default = 80;
|
package = (pkgs.callPackage <package/homer> args);
|
||||||
type = types.int;
|
in
|
||||||
};
|
{
|
||||||
domain = mkOption {
|
options = {
|
||||||
default = "home.${config.container.domain}";
|
container.module.home = {
|
||||||
type = types.str;
|
enable = mkEnableOption "Dashboard.";
|
||||||
};
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.18";
|
||||||
};
|
type = types.str;
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
default = 80;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "home.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
containers.home = container.mkContainer cfg {
|
containers.home = container.mkContainer cfg {
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
environment.systemPackages = [ package ];
|
{ ... }:
|
||||||
systemd.packages = [ package ];
|
container.mkContainerConfig cfg {
|
||||||
|
environment.systemPackages = [ package ];
|
||||||
|
systemd.packages = [ package ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts.${cfg.domain} = container.mkServer {
|
virtualHosts.${cfg.domain} = container.mkServer {
|
||||||
default = true;
|
default = true;
|
||||||
root = "${package}";
|
root = "${package}";
|
||||||
|
|
||||||
locations = {
|
locations = {
|
||||||
"/".extraConfig = ''
|
"/".extraConfig = ''
|
||||||
try_files $uri $uri/index.html;
|
try_files $uri $uri/index.html;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,110 +1,125 @@
|
||||||
{ container, lib, config, pkgsStable, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.iot;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.iot = {
|
pkgsStable,
|
||||||
enable = mkEnableOption "IoT service.";
|
...
|
||||||
address = mkOption {
|
}:
|
||||||
default = "10.1.0.27";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.iot;
|
||||||
port = mkOption {
|
in
|
||||||
default = 8123;
|
{
|
||||||
type = types.int;
|
options = {
|
||||||
};
|
container.module.iot = {
|
||||||
domain = mkOption {
|
enable = mkEnableOption "IoT service.";
|
||||||
default = "iot.${config.container.domain}";
|
address = mkOption {
|
||||||
type = types.str;
|
default = "10.1.0.27";
|
||||||
};
|
type = types.str;
|
||||||
storage = mkOption {
|
};
|
||||||
default = "${config.container.storage}/iot";
|
port = mkOption {
|
||||||
type = types.str;
|
default = 8123;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
|
default = "iot.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/iot";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.iot = container.mkContainer cfg {
|
containers.iot = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/hass" = {
|
"/var/lib/hass" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/dev/ttyACM0" = {
|
"/dev/ttyACM0" = {
|
||||||
hostPath = "/dev/ttyACM0";
|
hostPath = "/dev/ttyACM0";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/dev/serial/by-id" = {
|
"/dev/serial/by-id" = {
|
||||||
hostPath = "/dev/serial/by-id";
|
hostPath = "/dev/serial/by-id";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
} // container.attachMedia "photo" true;
|
} // container.attachMedia "photo" true;
|
||||||
|
|
||||||
allowedDevices = [
|
allowedDevices = [
|
||||||
{
|
{
|
||||||
modifier = "rwm";
|
modifier = "rwm";
|
||||||
node = "/dev/ttyACM0";
|
node = "/dev/ttyACM0";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
# Allow Hass to talk to Zigbee dongle.
|
{ ... }:
|
||||||
users.users.hass.extraGroups = [ "dialout" "tty" ];
|
container.mkContainerConfig cfg {
|
||||||
|
# Allow Hass to talk to Zigbee dongle.
|
||||||
|
users.users.hass.extraGroups = [
|
||||||
|
"dialout"
|
||||||
|
"tty"
|
||||||
|
];
|
||||||
|
|
||||||
services.home-assistant = {
|
services.home-assistant = {
|
||||||
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
|
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
|
||||||
enable = true;
|
enable = true;
|
||||||
extraComponents = [
|
extraComponents = [
|
||||||
"caldav"
|
"caldav"
|
||||||
"met"
|
"met"
|
||||||
"sun"
|
"sun"
|
||||||
"systemmonitor"
|
"systemmonitor"
|
||||||
"zha"
|
"zha"
|
||||||
];
|
];
|
||||||
extraPackages = python3Packages: with python3Packages; [
|
extraPackages =
|
||||||
aiodhcpwatcher
|
python3Packages: with python3Packages; [
|
||||||
aiodiscover
|
aiodhcpwatcher
|
||||||
aiogithubapi
|
aiodiscover
|
||||||
arrow
|
aiogithubapi
|
||||||
async-upnp-client
|
arrow
|
||||||
av
|
async-upnp-client
|
||||||
gtts
|
av
|
||||||
ha-ffmpeg
|
gtts
|
||||||
hassil
|
ha-ffmpeg
|
||||||
home-assistant-intents
|
hassil
|
||||||
mutagen
|
home-assistant-intents
|
||||||
numpy
|
mutagen
|
||||||
pymicro-vad
|
numpy
|
||||||
pynacl
|
pymicro-vad
|
||||||
python-telegram-bot
|
pynacl
|
||||||
pyturbojpeg
|
python-telegram-bot
|
||||||
pyspeex-noise
|
pyturbojpeg
|
||||||
zeroconf
|
pyspeex-noise
|
||||||
];
|
zeroconf
|
||||||
configDir = "/var/lib/hass";
|
];
|
||||||
# lovelaceConfig = {
|
configDir = "/var/lib/hass";
|
||||||
# title = "Home IoT control center.";
|
# lovelaceConfig = {
|
||||||
# };
|
# title = "Home IoT control center.";
|
||||||
# NOTE: Using imperative config because of secrets.
|
# };
|
||||||
config = null;
|
# NOTE: Using imperative config because of secrets.
|
||||||
};
|
config = null;
|
||||||
|
};
|
||||||
|
|
||||||
# HACK: Delay so that nextcloud calendar can reply on reboot.
|
# HACK: Delay so that nextcloud calendar can reply on reboot.
|
||||||
systemd = {
|
systemd = {
|
||||||
services."home-assistant".wantedBy = mkForce [];
|
services."home-assistant".wantedBy = mkForce [ ];
|
||||||
timers.fixsystemd = {
|
timers.fixsystemd = {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnBootSec = 15;
|
OnBootSec = 15;
|
||||||
Unit = "home-assistant.service";
|
Unit = "home-assistant.service";
|
||||||
};
|
};
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,66 +1,85 @@
|
||||||
{ container, pkgsJobber, poetry2nixJobber, lib, config, __findFile, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.jobber;
|
container,
|
||||||
script = import <package/jobber> { poetry2nix = poetry2nixJobber; pkgs = pkgsJobber; };
|
pkgsJobber,
|
||||||
in {
|
poetry2nixJobber,
|
||||||
options = {
|
lib,
|
||||||
container.module.jobber = {
|
config,
|
||||||
enable = mkEnableOption "Button pusher Stanley.";
|
__findFile,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.32";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
storage = mkOption {
|
cfg = config.container.module.jobber;
|
||||||
default = "${config.container.storage}/jobber";
|
script = import <package/jobber> {
|
||||||
type = types.str;
|
poetry2nix = poetry2nixJobber;
|
||||||
};
|
pkgs = pkgsJobber;
|
||||||
};
|
};
|
||||||
};
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
container.module.jobber = {
|
||||||
|
enable = mkEnableOption "Button pusher Stanley.";
|
||||||
|
address = mkOption {
|
||||||
|
default = "10.1.0.32";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/jobber";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.jobber = container.mkContainer cfg {
|
containers.jobber = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/data" = {
|
"/data" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
enableTun = true;
|
enableTun = true;
|
||||||
|
|
||||||
config = { lib, ... }: let
|
config =
|
||||||
packages = [ script ] ++ (with pkgsJobber; [
|
{ lib, ... }:
|
||||||
firefox
|
let
|
||||||
geckodriver
|
packages =
|
||||||
openvpn
|
[ script ]
|
||||||
python311
|
++ (with pkgsJobber; [
|
||||||
]);
|
firefox
|
||||||
in container.mkContainerConfig cfg {
|
geckodriver
|
||||||
networking = lib.mkForce {
|
openvpn
|
||||||
nameservers = [
|
python311
|
||||||
"10.30.218.2"
|
]);
|
||||||
];
|
in
|
||||||
};
|
container.mkContainerConfig cfg {
|
||||||
|
networking = lib.mkForce {
|
||||||
|
nameservers = [
|
||||||
|
"10.30.218.2"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.jobber = {
|
systemd.services.jobber = {
|
||||||
description = "My job is pushing the button.";
|
description = "My job is pushing the button.";
|
||||||
enable = true;
|
enable = true;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = packages;
|
path = packages;
|
||||||
environment = {
|
environment = {
|
||||||
PYTHONUNBUFFERED = "1";
|
PYTHONUNBUFFERED = "1";
|
||||||
PYTHONDONTWRITEBYTECODE = "1";
|
PYTHONDONTWRITEBYTECODE = "1";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${script}/bin/jobber -u";
|
ExecStart = "${script}/bin/jobber -u";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,228 +1,246 @@
|
||||||
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
|
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
|
||||||
{ container, pkgs, util, const, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.mail;
|
container,
|
||||||
domain = config.container.domain;
|
pkgs,
|
||||||
in {
|
util,
|
||||||
options = {
|
const,
|
||||||
container.module.mail = {
|
lib,
|
||||||
enable = mkEnableOption "Email server.";
|
config,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.5";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.mail;
|
||||||
default = 80;
|
domain = config.container.domain;
|
||||||
type = types.int;
|
in
|
||||||
};
|
{
|
||||||
domain = mkOption {
|
options = {
|
||||||
default = "mail.${config.container.domain}";
|
container.module.mail = {
|
||||||
type = types.str;
|
enable = mkEnableOption "Email server.";
|
||||||
};
|
address = mkOption {
|
||||||
storage = mkOption {
|
default = "10.1.0.5";
|
||||||
default = "${config.container.storage}/mail";
|
type = types.str;
|
||||||
type = types.str;
|
};
|
||||||
};
|
port = mkOption {
|
||||||
};
|
default = 80;
|
||||||
};
|
type = types.int;
|
||||||
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "mail.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/mail";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
# "data/indices"
|
# "data/indices"
|
||||||
# "data/vmail"
|
# "data/vmail"
|
||||||
# "data/sieve"
|
# "data/sieve"
|
||||||
# "data/dkim"
|
# "data/dkim"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.mail = container.mkContainer cfg {
|
containers.mail = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/dovecot/indices" = {
|
"/var/lib/dovecot/indices" = {
|
||||||
hostPath = "${cfg.storage}/data/indices";
|
hostPath = "${cfg.storage}/data/indices";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/var/vmail" = {
|
"/var/vmail" = {
|
||||||
hostPath = "${cfg.storage}/data/vmail";
|
hostPath = "${cfg.storage}/data/vmail";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/var/sieve" = {
|
"/var/sieve" = {
|
||||||
hostPath = "${cfg.storage}/data/sieve";
|
hostPath = "${cfg.storage}/data/sieve";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/var/dkim" = {
|
"/var/dkim" = {
|
||||||
hostPath = "${cfg.storage}/data/dkim";
|
hostPath = "${cfg.storage}/data/dkim";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/acme" = {
|
"/acme" = {
|
||||||
hostPath = "${config.container.module.proxy.storage}/letsencrypt";
|
hostPath = "${config.container.module.proxy.storage}/letsencrypt";
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { config, ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
imports = [
|
{ config, ... }:
|
||||||
(builtins.fetchTarball {
|
container.mkContainerConfig cfg {
|
||||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
|
imports = [
|
||||||
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
|
(builtins.fetchTarball {
|
||||||
})
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
|
||||||
];
|
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domains = [ domain ];
|
domains = [ domain ];
|
||||||
fqdn = cfg.domain;
|
fqdn = cfg.domain;
|
||||||
sendingFqdn = domain;
|
sendingFqdn = domain;
|
||||||
|
|
||||||
# Use `mkpasswd -sm bcrypt`.
|
# Use `mkpasswd -sm bcrypt`.
|
||||||
loginAccounts = let
|
loginAccounts =
|
||||||
defaultQuota = "1G";
|
let
|
||||||
in {
|
defaultQuota = "1G";
|
||||||
"admin@${domain}" = {
|
in
|
||||||
name = "admin";
|
{
|
||||||
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
|
"admin@${domain}" = {
|
||||||
quota = defaultQuota;
|
name = "admin";
|
||||||
};
|
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
|
||||||
"account@${domain}" = {
|
quota = defaultQuota;
|
||||||
name = "account";
|
};
|
||||||
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
|
"account@${domain}" = {
|
||||||
quota = defaultQuota;
|
name = "account";
|
||||||
};
|
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
|
||||||
"hi@${domain}" = {
|
quota = defaultQuota;
|
||||||
name = "hi";
|
};
|
||||||
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
|
"hi@${domain}" = {
|
||||||
quota = defaultQuota;
|
name = "hi";
|
||||||
aliases = [ "voronind@${domain}" ];
|
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
|
||||||
};
|
quota = defaultQuota;
|
||||||
"job@${domain}" = {
|
aliases = [ "voronind@${domain}" ];
|
||||||
name = "job";
|
};
|
||||||
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
|
"job@${domain}" = {
|
||||||
quota = defaultQuota;
|
name = "job";
|
||||||
};
|
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
|
||||||
"trash@${domain}" = {
|
quota = defaultQuota;
|
||||||
name = "trash";
|
};
|
||||||
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
|
"trash@${domain}" = {
|
||||||
catchAll = [ domain ];
|
name = "trash";
|
||||||
quota = defaultQuota;
|
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
|
||||||
};
|
catchAll = [ domain ];
|
||||||
"noreply@${domain}" = {
|
quota = defaultQuota;
|
||||||
name = "noreply";
|
};
|
||||||
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
|
"noreply@${domain}" = {
|
||||||
sendOnly = true;
|
name = "noreply";
|
||||||
quota = defaultQuota;
|
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
|
||||||
};
|
sendOnly = true;
|
||||||
};
|
quota = defaultQuota;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
enableImap = true;
|
enableImap = true;
|
||||||
enableImapSsl = true;
|
enableImapSsl = true;
|
||||||
enableSubmission = true;
|
enableSubmission = true;
|
||||||
enableSubmissionSsl = true;
|
enableSubmissionSsl = true;
|
||||||
|
|
||||||
enableManageSieve = true;
|
enableManageSieve = true;
|
||||||
virusScanning = false;
|
virusScanning = false;
|
||||||
|
|
||||||
certificateScheme = "manual";
|
certificateScheme = "manual";
|
||||||
keyFile = "/acme/live/${domain}/privkey.pem";
|
keyFile = "/acme/live/${domain}/privkey.pem";
|
||||||
certificateFile = "/acme/live/${domain}/cert.pem";
|
certificateFile = "/acme/live/${domain}/cert.pem";
|
||||||
|
|
||||||
indexDir = "/var/lib/dovecot/indices";
|
indexDir = "/var/lib/dovecot/indices";
|
||||||
mailDirectory = "/var/vmail";
|
mailDirectory = "/var/vmail";
|
||||||
sieveDirectory = "/var/sieve";
|
sieveDirectory = "/var/sieve";
|
||||||
dkimKeyDirectory = "/var/dkim";
|
dkimKeyDirectory = "/var/dkim";
|
||||||
|
|
||||||
mailboxes = {
|
mailboxes = {
|
||||||
All = {
|
All = {
|
||||||
auto = "subscribe";
|
auto = "subscribe";
|
||||||
specialUse = "All";
|
specialUse = "All";
|
||||||
};
|
};
|
||||||
Archive = {
|
Archive = {
|
||||||
auto = "subscribe";
|
auto = "subscribe";
|
||||||
specialUse = "Archive";
|
specialUse = "Archive";
|
||||||
};
|
};
|
||||||
Drafts = {
|
Drafts = {
|
||||||
auto = "subscribe";
|
auto = "subscribe";
|
||||||
specialUse = "Drafts";
|
specialUse = "Drafts";
|
||||||
};
|
};
|
||||||
Junk = {
|
Junk = {
|
||||||
auto = "subscribe";
|
auto = "subscribe";
|
||||||
specialUse = "Junk";
|
specialUse = "Junk";
|
||||||
# autoexpunge = "3d";
|
# autoexpunge = "3d";
|
||||||
};
|
};
|
||||||
Sent = {
|
Sent = {
|
||||||
auto = "subscribe";
|
auto = "subscribe";
|
||||||
specialUse = "Sent";
|
specialUse = "Sent";
|
||||||
};
|
};
|
||||||
Trash = {
|
Trash = {
|
||||||
auto = "subscribe";
|
auto = "subscribe";
|
||||||
specialUse = "Trash";
|
specialUse = "Trash";
|
||||||
# autoexpunge = "30d";
|
# autoexpunge = "30d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
dmarcReporting = {
|
dmarcReporting = {
|
||||||
inherit domain;
|
inherit domain;
|
||||||
enable = true;
|
enable = true;
|
||||||
organizationName = "voronind";
|
organizationName = "voronind";
|
||||||
# email = "noreply@${domain}";
|
# email = "noreply@${domain}";
|
||||||
};
|
};
|
||||||
|
|
||||||
# monitoring = {
|
# monitoring = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# alertAddress = "admin@${domain}";
|
# alertAddress = "admin@${domain}";
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
roundcube = {
|
roundcube = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dicts = with pkgs.aspellDicts; [ en ru ];
|
dicts = with pkgs.aspellDicts; [
|
||||||
hostName = cfg.domain;
|
en
|
||||||
plugins = [
|
ru
|
||||||
"managesieve"
|
];
|
||||||
];
|
hostName = cfg.domain;
|
||||||
extraConfig = ''
|
plugins = [
|
||||||
# starttls needed for authentication, so the fqdn required to match
|
"managesieve"
|
||||||
# the certificate
|
];
|
||||||
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
|
extraConfig = ''
|
||||||
# $config['smtp_server'] = "tls://localhost";
|
# starttls needed for authentication, so the fqdn required to match
|
||||||
$config['smtp_server'] = "localhost:25";
|
# the certificate
|
||||||
$config['smtp_auth_type'] = null;
|
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
|
||||||
$config['smtp_user'] = "";
|
# $config['smtp_server'] = "tls://localhost";
|
||||||
$config['smtp_pass'] = "";
|
$config['smtp_server'] = "localhost:25";
|
||||||
# $config['smtp_user'] = "%u";
|
$config['smtp_auth_type'] = null;
|
||||||
# $config['smtp_pass'] = "%p";
|
$config['smtp_user'] = "";
|
||||||
'';
|
$config['smtp_pass'] = "";
|
||||||
};
|
# $config['smtp_user'] = "%u";
|
||||||
|
# $config['smtp_pass'] = "%p";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
virtualHosts.${cfg.domain} = {
|
virtualHosts.${cfg.domain} = {
|
||||||
forceSSL = false;
|
forceSSL = false;
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
services.autoexpunge = {
|
services.autoexpunge = {
|
||||||
description = "Delete old mail";
|
description = "Delete old mail";
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
path = [ pkgs.dovecot ];
|
path = [ pkgs.dovecot ];
|
||||||
script = ''
|
script = ''
|
||||||
doveadm expunge -A mailbox Junk SENTBEFORE 7d
|
doveadm expunge -A mailbox Junk SENTBEFORE 7d
|
||||||
doveadm expunge -A mailbox Trash SENTBEFORE 30d
|
doveadm expunge -A mailbox Trash SENTBEFORE 30d
|
||||||
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
|
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
|
||||||
doveadm purge -A
|
doveadm purge -A
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
timers.autoexpunge = {
|
timers.autoexpunge = {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "daily";
|
OnCalendar = "daily";
|
||||||
Persistent = true;
|
Persistent = true;
|
||||||
Unit = "autoexpunge.service";
|
Unit = "autoexpunge.service";
|
||||||
};
|
};
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,93 +2,107 @@
|
||||||
# 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason.
|
# 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason.
|
||||||
# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
|
# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
|
||||||
# See https://git.voronind.com/voronind/nixos/issues/74
|
# See https://git.voronind.com/voronind/nixos/issues/74
|
||||||
{ container, pkgs, util, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.office;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
util,
|
||||||
container.module.office = {
|
lib,
|
||||||
enable = mkEnableOption "Office web suite.";
|
config,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.21";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.office;
|
||||||
default = 8000;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
domain = mkOption {
|
container.module.office = {
|
||||||
default = "office.${config.container.domain}";
|
enable = mkEnableOption "Office web suite.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.21";
|
||||||
storage = mkOption {
|
type = types.str;
|
||||||
default = "${config.container.storage}/office";
|
};
|
||||||
type = types.str;
|
port = mkOption {
|
||||||
};
|
default = 8000;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "office.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/office";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.office = container.mkContainer cfg {
|
containers.office = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/onlyoffice" = {
|
"/var/lib/onlyoffice" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
|
||||||
|
config =
|
||||||
|
{ pkgs, ... }:
|
||||||
|
container.mkContainerConfig cfg {
|
||||||
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
virtualisation.oci-containers.containers.office = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
|
||||||
|
# ports = [ "${toString cfg.port}:8000" ];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=host"
|
||||||
|
"--privileged"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
JWT_ENABLED = "true";
|
||||||
|
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
|
||||||
|
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
|
||||||
|
DB_HOST = config.container.module.postgres.address;
|
||||||
|
DB_PORT = toString config.container.module.postgres.port;
|
||||||
|
DB_NAME = "onlyoffice";
|
||||||
|
DB_USER = "onlyoffice";
|
||||||
|
DB_PWD = "onlyoffice";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
|
# config = { pkgs, ... }: container.mkContainerConfig cfg {
|
||||||
config = { pkgs, ... }: container.mkContainerConfig cfg {
|
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
|
||||||
virtualisation.oci-containers.backend = "docker";
|
# nixpkgs.overlays = [ (final: prev: {
|
||||||
virtualisation.oci-containers.containers.office = {
|
# corefonts = prev.corefonts.overrideAttrs (old: {
|
||||||
autoStart = true;
|
# meta.license = mkForce licenses.mit;
|
||||||
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
|
# });
|
||||||
# ports = [ "${toString cfg.port}:8000" ];
|
# })];
|
||||||
extraOptions = [ "--network=host" "--privileged" ];
|
|
||||||
environment = {
|
|
||||||
JWT_ENABLED = "true";
|
|
||||||
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
|
|
||||||
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
|
|
||||||
DB_HOST = config.container.module.postgres.address;
|
|
||||||
DB_PORT = toString config.container.module.postgres.port;
|
|
||||||
DB_NAME = "onlyoffice";
|
|
||||||
DB_USER = "onlyoffice";
|
|
||||||
DB_PWD = "onlyoffice";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# config = { pkgs, ... }: container.mkContainerConfig cfg {
|
# services.onlyoffice = let
|
||||||
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
|
# dbName = "onlyoffice";
|
||||||
# nixpkgs.overlays = [ (final: prev: {
|
# in {
|
||||||
# corefonts = prev.corefonts.overrideAttrs (old: {
|
# enable = true;
|
||||||
# meta.license = mkForce licenses.mit;
|
# hostname = cfg.domain;
|
||||||
# });
|
|
||||||
# })];
|
|
||||||
|
|
||||||
# services.onlyoffice = let
|
# postgresName = dbName;
|
||||||
# dbName = "onlyoffice";
|
# postgresHost = config.container.module.postgres.address;
|
||||||
# in {
|
# postgresUser = dbName;
|
||||||
# enable = true;
|
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
|
||||||
# hostname = cfg.domain;
|
|
||||||
|
|
||||||
# postgresName = dbName;
|
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
|
||||||
# postgresHost = config.container.module.postgres.address;
|
|
||||||
# postgresUser = dbName;
|
|
||||||
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
|
|
||||||
|
|
||||||
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
|
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
|
||||||
|
|
||||||
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
|
# examplePort = cfg.port;
|
||||||
|
# enableExampleServer = true;
|
||||||
# examplePort = cfg.port;
|
# };
|
||||||
# enableExampleServer = true;
|
# };
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,96 +1,108 @@
|
||||||
{ container, pkgs, pkgsStable, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.paper;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
pkgsStable,
|
||||||
container.module.paper = {
|
lib,
|
||||||
enable = mkEnableOption "Paper scans manager.";
|
config,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.40";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.paper;
|
||||||
default = 28981;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
domain = mkOption {
|
container.module.paper = {
|
||||||
default = "paper.${config.container.domain}";
|
enable = mkEnableOption "Paper scans manager.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.40";
|
||||||
storage = mkOption {
|
type = types.str;
|
||||||
default = "${config.container.storage}/paper";
|
};
|
||||||
type = types.str;
|
port = mkOption {
|
||||||
};
|
default = 28981;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "paper.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/paper";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.paper = container.mkContainer cfg {
|
containers.paper = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/paperless" = {
|
"/var/lib/paperless" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/var/lib/paperless/media" = {
|
"/var/lib/paperless/media" = {
|
||||||
hostPath = "${elemAt config.container.media.paper 0}";
|
hostPath = "${elemAt config.container.media.paper 0}";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { lib, ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.paperless = {
|
{ lib, ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
dataDir = "/var/lib/paperless";
|
services.paperless = {
|
||||||
# address = cfg.domain;
|
enable = true;
|
||||||
address = "0.0.0.0";
|
dataDir = "/var/lib/paperless";
|
||||||
port = cfg.port;
|
# address = cfg.domain;
|
||||||
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596
|
address = "0.0.0.0";
|
||||||
# package = pkgsStable.paperless-ngx;
|
port = cfg.port;
|
||||||
passwordFile = pkgs.writeText "PaperlessPassword" "root";
|
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596
|
||||||
settings = {
|
# package = pkgsStable.paperless-ngx;
|
||||||
PAPERLESS_URL = "https://${cfg.domain}";
|
passwordFile = pkgs.writeText "PaperlessPassword" "root";
|
||||||
PAPERLESS_ADMIN_USER = "root";
|
settings = {
|
||||||
PAPERLESS_DBHOST = config.container.module.postgres.address;
|
PAPERLESS_URL = "https://${cfg.domain}";
|
||||||
PAPERLESS_DBENGINE = "postgresql";
|
PAPERLESS_ADMIN_USER = "root";
|
||||||
PAPERLESS_DBNAME = "paperless";
|
PAPERLESS_DBHOST = config.container.module.postgres.address;
|
||||||
PAPERLESS_DBPASS = "paperless";
|
PAPERLESS_DBENGINE = "postgresql";
|
||||||
PAPERLESS_DBPORT = config.container.module.postgres.port;
|
PAPERLESS_DBNAME = "paperless";
|
||||||
PAPERLESS_DBUSER = "paperless";
|
PAPERLESS_DBPASS = "paperless";
|
||||||
PAPERLESS_OCR_LANGUAGE = "rus";
|
PAPERLESS_DBPORT = config.container.module.postgres.port;
|
||||||
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
|
PAPERLESS_DBUSER = "paperless";
|
||||||
};
|
PAPERLESS_OCR_LANGUAGE = "rus";
|
||||||
};
|
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# HACK: This is required for TCP postgres connection.
|
# HACK: This is required for TCP postgres connection.
|
||||||
systemd = {
|
systemd = {
|
||||||
services = {
|
services = {
|
||||||
paperless-scheduler = {
|
paperless-scheduler = {
|
||||||
serviceConfig.PrivateNetwork = mkForce false;
|
serviceConfig.PrivateNetwork = mkForce false;
|
||||||
wantedBy = mkForce [];
|
wantedBy = mkForce [ ];
|
||||||
};
|
};
|
||||||
paperless-consumer = {
|
paperless-consumer = {
|
||||||
serviceConfig.PrivateNetwork = mkForce false;
|
serviceConfig.PrivateNetwork = mkForce false;
|
||||||
wantedBy = mkForce [];
|
wantedBy = mkForce [ ];
|
||||||
};
|
};
|
||||||
paperless-web = {
|
paperless-web = {
|
||||||
wantedBy = mkForce [];
|
wantedBy = mkForce [ ];
|
||||||
};
|
};
|
||||||
paperless-task-queue = {
|
paperless-task-queue = {
|
||||||
wantedBy = mkForce [];
|
wantedBy = mkForce [ ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
timers.fixsystemd = {
|
timers.fixsystemd = {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnBootSec = 5;
|
OnBootSec = 5;
|
||||||
Unit = "paperless-web.service";
|
Unit = "paperless-web.service";
|
||||||
};
|
};
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,57 +1,67 @@
|
||||||
{ container, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.pass;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.pass = {
|
...
|
||||||
enable = mkEnableOption "Password manager";
|
}:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.9";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.pass;
|
||||||
};
|
in
|
||||||
port = mkOption {
|
{
|
||||||
default = 8000;
|
options = {
|
||||||
type = types.int;
|
container.module.pass = {
|
||||||
};
|
enable = mkEnableOption "Password manager";
|
||||||
domain = mkOption {
|
address = mkOption {
|
||||||
default = "pass.${config.container.domain}";
|
default = "10.1.0.9";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
port = mkOption {
|
||||||
default = "${config.container.storage}/pass";
|
default = 8000;
|
||||||
type = types.str;
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
};
|
default = "pass.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/pass";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.pass = container.mkContainer cfg {
|
containers.pass = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/bitwarden_rs" = {
|
"/var/lib/bitwarden_rs" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.vaultwarden = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
dbBackend = "sqlite";
|
services.vaultwarden = {
|
||||||
environmentFile = "/var/lib/bitwarden_rs/Env";
|
enable = true;
|
||||||
config = {
|
dbBackend = "sqlite";
|
||||||
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden";
|
environmentFile = "/var/lib/bitwarden_rs/Env";
|
||||||
DATA_FOLDER = "/var/lib/bitwarden_rs";
|
config = {
|
||||||
DOMAIN = "http://${cfg.domain}";
|
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden";
|
||||||
SIGNUPS_ALLOWED = false;
|
DATA_FOLDER = "/var/lib/bitwarden_rs";
|
||||||
WEB_VAULT_ENABLED = true;
|
DOMAIN = "http://${cfg.domain}";
|
||||||
ROCKET_ADDRESS = cfg.address;
|
SIGNUPS_ALLOWED = false;
|
||||||
ROCKET_PORT = cfg.port;
|
WEB_VAULT_ENABLED = true;
|
||||||
};
|
ROCKET_ADDRESS = cfg.address;
|
||||||
};
|
ROCKET_PORT = cfg.port;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,126 +1,138 @@
|
||||||
{ pkgs, util, container, lib, config, __findFile, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.paste;
|
pkgs,
|
||||||
package = (pkgs.callPackage <package/privatebin> args);
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.paste = {
|
__findFile,
|
||||||
enable = mkEnableOption "Pastebin.";
|
...
|
||||||
address = mkOption {
|
}@args:
|
||||||
default = "10.1.0.14";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.paste;
|
||||||
port = mkOption {
|
package = (pkgs.callPackage <package/privatebin> args);
|
||||||
default = 80;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
domain = mkOption {
|
container.module.paste = {
|
||||||
default = "paste.${config.container.domain}";
|
enable = mkEnableOption "Pastebin.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.14";
|
||||||
storage = mkOption {
|
type = types.str;
|
||||||
default = "${config.container.storage}/paste";
|
};
|
||||||
type = types.str;
|
port = mkOption {
|
||||||
};
|
default = 80;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "paste.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/paste";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
"tmp"
|
"tmp"
|
||||||
"nginxtmp"
|
"nginxtmp"
|
||||||
"config"
|
"config"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.paste = container.mkContainer cfg {
|
containers.paste = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/srv/data" = {
|
"/srv/data" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/tmp" = {
|
"/tmp" = {
|
||||||
hostPath = "${cfg.storage}/tmp";
|
hostPath = "${cfg.storage}/tmp";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/var/lib/nginx/tmp" = {
|
"/var/lib/nginx/tmp" = {
|
||||||
hostPath = "${cfg.storage}/nginxtmp";
|
hostPath = "${cfg.storage}/nginxtmp";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/srv/config" = {
|
"/srv/config" = {
|
||||||
hostPath = "${cfg.storage}/config";
|
hostPath = "${cfg.storage}/config";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { config, ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
environment.systemPackages = [ package ];
|
{ config, ... }:
|
||||||
systemd.packages = [ package ];
|
container.mkContainerConfig cfg {
|
||||||
|
environment.systemPackages = [ package ];
|
||||||
|
systemd.packages = [ package ];
|
||||||
|
|
||||||
users.users.paste = {
|
users.users.paste = {
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.phpfpm.pools.paste = {
|
services.phpfpm.pools.paste = {
|
||||||
user = "paste";
|
user = "paste";
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
|
|
||||||
phpPackage = pkgs.php;
|
phpPackage = pkgs.php;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
"pm" = "dynamic";
|
"pm" = "dynamic";
|
||||||
"php_admin_value[error_log]" = "stderr";
|
"php_admin_value[error_log]" = "stderr";
|
||||||
"php_admin_flag[log_errors]" = true;
|
"php_admin_flag[log_errors]" = true;
|
||||||
"listen.owner" = "nginx";
|
"listen.owner" = "nginx";
|
||||||
"catch_workers_output" = true;
|
"catch_workers_output" = true;
|
||||||
"pm.max_children" = "32";
|
"pm.max_children" = "32";
|
||||||
"pm.start_servers" = "2";
|
"pm.start_servers" = "2";
|
||||||
"pm.min_spare_servers" = "2";
|
"pm.min_spare_servers" = "2";
|
||||||
"pm.max_spare_servers" = "4";
|
"pm.max_spare_servers" = "4";
|
||||||
"pm.max_requests" = "500";
|
"pm.max_requests" = "500";
|
||||||
};
|
};
|
||||||
|
|
||||||
phpEnv = {
|
phpEnv = {
|
||||||
# CONFIG_PATH = "${package}/cfg";
|
# CONFIG_PATH = "${package}/cfg";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts.${cfg.domain} = container.mkServer {
|
virtualHosts.${cfg.domain} = container.mkServer {
|
||||||
default = true;
|
default = true;
|
||||||
root = "${package}";
|
root = "${package}";
|
||||||
|
|
||||||
locations = {
|
locations = {
|
||||||
"/".extraConfig = ''
|
"/".extraConfig = ''
|
||||||
rewrite ^ /index.php;
|
rewrite ^ /index.php;
|
||||||
'';
|
'';
|
||||||
|
|
||||||
"~ \\.php$".extraConfig = util.trimTabs ''
|
"~ \\.php$".extraConfig = ''
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
|
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
|
||||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||||
include ${config.services.nginx.package}/conf/fastcgi_params;
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||||
'';
|
'';
|
||||||
|
|
||||||
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
|
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = ''
|
||||||
add_header Cache-Control "public, max-age=15778463";
|
add_header Cache-Control "public, max-age=15778463";
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
add_header X-Robots-Tag none;
|
add_header X-Robots-Tag none;
|
||||||
add_header X-Download-Options noopen;
|
add_header X-Download-Options noopen;
|
||||||
add_header X-Permitted-Cross-Domain-Policies none;
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
add_header Referrer-Policy no-referrer;
|
add_header Referrer-Policy no-referrer;
|
||||||
access_log off;
|
access_log off;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = util.trimTabs ''
|
extraConfig = ''
|
||||||
try_files $uri /index.php;
|
try_files $uri /index.php;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,86 +1,105 @@
|
||||||
{ container, lib, pkgs, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.postgres;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
pkgs,
|
||||||
container.module.postgres = {
|
config,
|
||||||
enable = mkEnableOption "Postgresql server.";
|
...
|
||||||
address = mkOption {
|
}:
|
||||||
default = "10.1.0.3";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.postgres;
|
||||||
port = mkOption {
|
in
|
||||||
default = 5432;
|
{
|
||||||
type = types.int;
|
options = {
|
||||||
};
|
container.module.postgres = {
|
||||||
storage = mkOption {
|
enable = mkEnableOption "Postgresql server.";
|
||||||
default = "${config.container.storage}/postgres";
|
address = mkOption {
|
||||||
type = types.str;
|
default = "10.1.0.3";
|
||||||
};
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
port = mkOption {
|
||||||
|
default = 5432;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/postgres";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.postgres = container.mkContainer cfg {
|
containers.postgres = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/postgresql/data" = {
|
"/var/lib/postgresql/data" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.postgresql = let
|
{ ... }:
|
||||||
# Populate with services here.
|
container.mkContainerConfig cfg {
|
||||||
configurations = with config.container.module; {
|
services.postgresql =
|
||||||
forgejo = git;
|
let
|
||||||
invidious = yt;
|
# Populate with services here.
|
||||||
nextcloud = cloud;
|
configurations = with config.container.module; {
|
||||||
onlyoffice = office;
|
forgejo = git;
|
||||||
paperless = paper;
|
invidious = yt;
|
||||||
privatebin = paste;
|
nextcloud = cloud;
|
||||||
};
|
onlyoffice = office;
|
||||||
|
paperless = paper;
|
||||||
|
privatebin = paste;
|
||||||
|
};
|
||||||
|
|
||||||
access = configurations // {
|
access = configurations // {
|
||||||
all = { address = config.container.host; };
|
all = {
|
||||||
};
|
address = config.container.host;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
|
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
|
||||||
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
|
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
|
||||||
);
|
);
|
||||||
|
|
||||||
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;
|
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;
|
||||||
|
|
||||||
ensureUsers = map (name: {
|
ensureUsers = map (name: {
|
||||||
inherit name;
|
inherit name;
|
||||||
ensureClauses = if name == "root" then {
|
ensureClauses =
|
||||||
superuser = true;
|
if name == "root" then
|
||||||
createrole = true;
|
{
|
||||||
createdb = true;
|
superuser = true;
|
||||||
} else {};
|
createrole = true;
|
||||||
ensureDBOwnership = true;
|
createdb = true;
|
||||||
}) ensureDatabases;
|
}
|
||||||
in {
|
else
|
||||||
inherit authentication ensureDatabases ensureUsers;
|
{ };
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}) ensureDatabases;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit authentication ensureDatabases ensureUsers;
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.postgresql_14;
|
package = pkgs.postgresql_14;
|
||||||
dataDir = "/var/lib/postgresql/data/14";
|
dataDir = "/var/lib/postgresql/data/14";
|
||||||
enableTCPIP = true;
|
enableTCPIP = true;
|
||||||
|
|
||||||
# NOTE: Debug mode.
|
# NOTE: Debug mode.
|
||||||
# settings = {
|
# settings = {
|
||||||
# log_connections = true;
|
# log_connections = true;
|
||||||
# log_destination = lib.mkForce "syslog";
|
# log_destination = lib.mkForce "syslog";
|
||||||
# log_disconnections = true;
|
# log_disconnections = true;
|
||||||
# log_statement = "all";
|
# log_statement = "all";
|
||||||
# logging_collector = true;
|
# logging_collector = true;
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,66 +2,79 @@
|
||||||
|
|
||||||
# ipp://192.168.2.237
|
# ipp://192.168.2.237
|
||||||
# Pantum M6500W-Series
|
# Pantum M6500W-Series
|
||||||
{ container, pkgs, lib, config, __findFile, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.print;
|
container,
|
||||||
package = pkgs.callPackage <package/print> args;
|
pkgs,
|
||||||
host = config.container.host;
|
lib,
|
||||||
in {
|
config,
|
||||||
options = {
|
__findFile,
|
||||||
container.module.print = {
|
...
|
||||||
enable = mkEnableOption "Printing server.";
|
}@args:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.46";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.print;
|
||||||
};
|
package = pkgs.callPackage <package/print> args;
|
||||||
port = mkOption {
|
host = config.container.host;
|
||||||
default = 631;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
domain = mkOption {
|
container.module.print = {
|
||||||
default = "print.${config.container.domain}";
|
enable = mkEnableOption "Printing server.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.46";
|
||||||
storage = mkOption {
|
type = types.str;
|
||||||
default = "${config.container.storage}/print";
|
};
|
||||||
type = types.str;
|
port = mkOption {
|
||||||
};
|
default = 631;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "print.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/print";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.print = container.mkContainer cfg {
|
containers.print = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/cups" = {
|
"/var/lib/cups" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
networking.interfaces."eth0".ipv4.routes = [{
|
{ ... }:
|
||||||
address = "192.168.2.237";
|
container.mkContainerConfig cfg {
|
||||||
prefixLength = 32;
|
networking.interfaces."eth0".ipv4.routes = [
|
||||||
via = host;
|
{
|
||||||
}];
|
address = "192.168.2.237";
|
||||||
|
prefixLength = 32;
|
||||||
|
via = host;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
services.printing = {
|
services.printing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowFrom = [ "all" ];
|
allowFrom = [ "all" ];
|
||||||
browsing = true;
|
browsing = true;
|
||||||
defaultShared = true;
|
defaultShared = true;
|
||||||
drivers = [ package ];
|
drivers = [ package ];
|
||||||
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
|
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
|
||||||
startWhenNeeded = true;
|
startWhenNeeded = true;
|
||||||
stateless = false;
|
stateless = false;
|
||||||
webInterface = true;
|
webInterface = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,107 +9,119 @@
|
||||||
# ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
# ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||||
# ```
|
# ```
|
||||||
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
|
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
|
||||||
{ util, container, pkgs, lib, config, ... } @args: with lib; let
|
{
|
||||||
cfg = config.container.module.proxy;
|
util,
|
||||||
virtualHosts = util.catSet (util.ls ./proxy/host) args;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
lib,
|
||||||
container.module.proxy = {
|
config,
|
||||||
enable = mkEnableOption "Proxy server.";
|
...
|
||||||
address = mkOption {
|
}@args:
|
||||||
default = "10.1.0.2";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.proxy;
|
||||||
port = mkOption {
|
virtualHosts = util.catSet (util.ls ./proxy/host) args;
|
||||||
default = 443;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
storage = mkOption {
|
container.module.proxy = {
|
||||||
default = "${config.container.storage}/proxy";
|
enable = mkEnableOption "Proxy server.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.2";
|
||||||
};
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
port = mkOption {
|
||||||
|
default = 443;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/proxy";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"challenge"
|
"challenge"
|
||||||
"letsencrypt"
|
"letsencrypt"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.proxy = container.mkContainer cfg {
|
containers.proxy = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/etc/letsencrypt" = {
|
"/etc/letsencrypt" = {
|
||||||
hostPath = "${cfg.storage}/letsencrypt";
|
hostPath = "${cfg.storage}/letsencrypt";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
"/var/www/.well-known" = {
|
"/var/www/.well-known" = {
|
||||||
hostPath = "${cfg.storage}/challenge";
|
hostPath = "${cfg.storage}/challenge";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
environment.systemPackages = with pkgs; [ certbot ];
|
{ ... }:
|
||||||
|
container.mkContainerConfig cfg {
|
||||||
|
environment.systemPackages = with pkgs; [ certbot ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
inherit virtualHosts;
|
inherit virtualHosts;
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
clientMaxBodySize = "4096m";
|
clientMaxBodySize = "4096m";
|
||||||
appendConfig = util.trimTabs ''
|
appendConfig = ''
|
||||||
worker_processes 4;
|
worker_processes 4;
|
||||||
'';
|
'';
|
||||||
eventsConfig = util.trimTabs ''
|
eventsConfig = ''
|
||||||
worker_connections 4096;
|
worker_connections 4096;
|
||||||
'';
|
'';
|
||||||
# TODO: Fix 80 redirect and 403 default.
|
# TODO: Fix 80 redirect and 403 default.
|
||||||
appendHttpConfig = util.trimTabs ''
|
appendHttpConfig = ''
|
||||||
proxy_max_temp_file_size 0;
|
proxy_max_temp_file_size 0;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name default_server;
|
server_name default_server;
|
||||||
listen 80;
|
listen 80;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
map $http_accept_language $resume {
|
map $http_accept_language $resume {
|
||||||
default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
|
default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
|
||||||
~ru https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
|
~ru https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name ${config.container.domain};
|
server_name ${config.container.domain};
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
|
|
||||||
return 301 $resume;
|
return 301 $resume;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl default_server;
|
listen 443 ssl default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
|
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,48 +1,60 @@
|
||||||
{ container, pkgs, util, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.rabbitmq;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
util,
|
||||||
container.module.rabbitmq = {
|
lib,
|
||||||
enable = mkEnableOption "Mqtt server.";
|
config,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.28";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.rabbitmq;
|
||||||
default = 5672;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
storage = mkOption {
|
container.module.rabbitmq = {
|
||||||
default = "${config.container.storage}/rabbitmq";
|
enable = mkEnableOption "Mqtt server.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.28";
|
||||||
};
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
port = mkOption {
|
||||||
|
default = 5672;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/rabbitmq";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.rabbitmq = container.mkContainer cfg {
|
containers.rabbitmq = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/rabbitmq" = {
|
"/var/lib/rabbitmq" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.rabbitmq = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
listenAddress = cfg.address;
|
services.rabbitmq = {
|
||||||
port = cfg.port;
|
enable = true;
|
||||||
dataDir = "/var/lib/rabbitmq";
|
listenAddress = cfg.address;
|
||||||
configItems = {
|
port = cfg.port;
|
||||||
"loopback_users" = "none";
|
dataDir = "/var/lib/rabbitmq";
|
||||||
};
|
configItems = {
|
||||||
};
|
"loopback_users" = "none";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,55 +1,63 @@
|
||||||
{ container, lib, pkgs, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.read;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
pkgs,
|
||||||
container.module.read = {
|
config,
|
||||||
enable = mkEnableOption "Reading server.";
|
...
|
||||||
address = mkOption {
|
}:
|
||||||
default = "10.1.0.39";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.read;
|
||||||
port = mkOption {
|
in
|
||||||
default = 5000;
|
{
|
||||||
type = types.int;
|
options = {
|
||||||
};
|
container.module.read = {
|
||||||
domain = mkOption {
|
enable = mkEnableOption "Reading server.";
|
||||||
default = "read.${config.container.domain}";
|
address = mkOption {
|
||||||
type = types.str;
|
default = "10.1.0.39";
|
||||||
};
|
type = types.str;
|
||||||
storage = mkOption {
|
};
|
||||||
default = "${config.container.storage}/read";
|
port = mkOption {
|
||||||
type = types.str;
|
default = 5000;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
|
default = "read.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/read";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.read = container.mkContainer cfg {
|
containers.read = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/kavita" = {
|
"/var/lib/kavita" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
}
|
} // container.attachMedia "book" true // container.attachMedia "manga" true;
|
||||||
// container.attachMedia "book" true
|
|
||||||
// container.attachMedia "manga" true
|
|
||||||
;
|
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.kavita = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
dataDir = "/var/lib/kavita";
|
services.kavita = {
|
||||||
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
|
enable = true;
|
||||||
settings = {
|
dataDir = "/var/lib/kavita";
|
||||||
IpAddresses = cfg.address;
|
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
|
||||||
Port = cfg.port;
|
settings = {
|
||||||
};
|
IpAddresses = cfg.address;
|
||||||
};
|
Port = cfg.port;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,31 +1,42 @@
|
||||||
{ container, pkgs, util, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.redis;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
util,
|
||||||
container.module.redis = {
|
lib,
|
||||||
enable = mkEnableOption "Redis server.";
|
config,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.38";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.redis;
|
||||||
default = 6379;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
};
|
container.module.redis = {
|
||||||
};
|
enable = mkEnableOption "Redis server.";
|
||||||
|
address = mkOption {
|
||||||
|
default = "10.1.0.38";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
default = 6379;
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
containers.redis = container.mkContainer cfg {
|
containers.redis = container.mkContainer cfg {
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.redis.servers.main = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
port = cfg.port;
|
services.redis.servers.main = {
|
||||||
bind = cfg.address;
|
enable = true;
|
||||||
extraParams = [ "--protected-mode no" ];
|
port = cfg.port;
|
||||||
};
|
bind = cfg.address;
|
||||||
};
|
extraParams = [ "--protected-mode no" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,43 +1,54 @@
|
||||||
{ container, pkgs, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.search;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
lib,
|
||||||
container.module.search = {
|
config,
|
||||||
enable = mkEnableOption "Search frontend.";
|
...
|
||||||
address = mkOption {
|
}:
|
||||||
default = "10.1.0.26";
|
with lib;
|
||||||
type = types.str;
|
let
|
||||||
};
|
cfg = config.container.module.search;
|
||||||
port = mkOption {
|
in
|
||||||
default = 8080;
|
{
|
||||||
type = types.int;
|
options = {
|
||||||
};
|
container.module.search = {
|
||||||
domain = mkOption {
|
enable = mkEnableOption "Search frontend.";
|
||||||
default = "search.${config.container.domain}";
|
address = mkOption {
|
||||||
type = types.str;
|
default = "10.1.0.26";
|
||||||
};
|
type = types.str;
|
||||||
storage = mkOption {
|
};
|
||||||
default = "${config.container.storage}/search";
|
port = mkOption {
|
||||||
type = types.str;
|
default = 8080;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
|
default = "search.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/search";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
containers.search = container.mkContainer cfg {
|
containers.search = container.mkContainer cfg {
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.searx = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
package = pkgs.searxng;
|
services.searx = {
|
||||||
settings = {
|
enable = true;
|
||||||
server = {
|
package = pkgs.searxng;
|
||||||
bind_address = cfg.address;
|
settings = {
|
||||||
port = cfg.port;
|
server = {
|
||||||
secret_key = "searxxx";
|
bind_address = cfg.address;
|
||||||
};
|
port = cfg.port;
|
||||||
};
|
secret_key = "searxxx";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,62 +1,71 @@
|
||||||
{ container, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.status;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.status = {
|
...
|
||||||
enable = mkEnableOption "Status monitor.";
|
}:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.22";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.status;
|
||||||
};
|
in
|
||||||
port = mkOption {
|
{
|
||||||
default = 3001;
|
options = {
|
||||||
type = types.int;
|
container.module.status = {
|
||||||
};
|
enable = mkEnableOption "Status monitor.";
|
||||||
domain = mkOption {
|
address = mkOption {
|
||||||
default = "status.${config.container.domain}";
|
default = "10.1.0.22";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
port = mkOption {
|
||||||
default = "${config.container.storage}/status";
|
default = 3001;
|
||||||
type = types.str;
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
};
|
default = "status.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/status";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.status = container.mkContainer cfg {
|
containers.status = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/uptime-kuma" = {
|
"/var/lib/uptime-kuma" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { lib, ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
networking = {
|
{ lib, ... }:
|
||||||
nameservers = mkForce [
|
container.mkContainerConfig cfg {
|
||||||
config.container.module.dns.address
|
networking = {
|
||||||
];
|
nameservers = mkForce [
|
||||||
};
|
config.container.module.dns.address
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.uptime-kuma = {
|
services.uptime-kuma = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
DATA_DIR = "/var/lib/uptime-kuma/";
|
DATA_DIR = "/var/lib/uptime-kuma/";
|
||||||
HOST = cfg.address;
|
HOST = cfg.address;
|
||||||
PORT = toString cfg.port;
|
PORT = toString cfg.port;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.uptime-kuma = {
|
systemd.services.uptime-kuma = {
|
||||||
serviceConfig.DynamicUser = mkForce false;
|
serviceConfig.DynamicUser = mkForce false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,57 +1,67 @@
|
||||||
{ container, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.stock;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.stock = {
|
...
|
||||||
enable = mkEnableOption "Stock management.";
|
}:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.45";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.stock;
|
||||||
};
|
in
|
||||||
port = mkOption {
|
{
|
||||||
default = 80;
|
options = {
|
||||||
type = types.int;
|
container.module.stock = {
|
||||||
};
|
enable = mkEnableOption "Stock management.";
|
||||||
domain = mkOption {
|
address = mkOption {
|
||||||
default = "stock.${config.container.domain}";
|
default = "10.1.0.45";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
port = mkOption {
|
||||||
default = "${config.container.storage}/stock";
|
default = 80;
|
||||||
type = types.str;
|
type = types.int;
|
||||||
};
|
};
|
||||||
};
|
domain = mkOption {
|
||||||
};
|
default = "stock.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/stock";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.stock = container.mkContainer cfg {
|
containers.stock = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/grocy" = {
|
"/var/lib/grocy" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.grocy = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
dataDir = "/var/lib/grocy";
|
services.grocy = {
|
||||||
hostName = cfg.domain;
|
enable = true;
|
||||||
nginx.enableSSL = false;
|
dataDir = "/var/lib/grocy";
|
||||||
settings = {
|
hostName = cfg.domain;
|
||||||
calendar = {
|
nginx.enableSSL = false;
|
||||||
firstDayOfWeek = 1;
|
settings = {
|
||||||
showWeekNumber = true;
|
calendar = {
|
||||||
};
|
firstDayOfWeek = 1;
|
||||||
culture = "en";
|
showWeekNumber = true;
|
||||||
currency = "RUB";
|
};
|
||||||
};
|
culture = "en";
|
||||||
};
|
currency = "RUB";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,88 +1,100 @@
|
||||||
{ container, pkgs, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.vpn;
|
container,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.container.module.vpn;
|
||||||
|
|
||||||
wireguardPeers = let
|
wireguardPeers =
|
||||||
mkPeer = name: ip: PublicKey: {
|
let
|
||||||
inherit PublicKey;
|
mkPeer = name: ip: PublicKey: {
|
||||||
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
|
inherit PublicKey;
|
||||||
AllowedIPs = [ "${ip}/32" ];
|
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
|
||||||
};
|
AllowedIPs = [ "${ip}/32" ];
|
||||||
in [
|
};
|
||||||
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
|
in
|
||||||
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
|
[
|
||||||
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
|
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
|
||||||
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
|
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
|
||||||
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
|
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
|
||||||
];
|
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
|
||||||
in {
|
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
|
||||||
options = {
|
];
|
||||||
container.module.vpn = {
|
in
|
||||||
enable = mkEnableOption "Vpn server.";
|
{
|
||||||
address = mkOption {
|
options = {
|
||||||
default = "10.1.0.23";
|
container.module.vpn = {
|
||||||
type = types.str;
|
enable = mkEnableOption "Vpn server.";
|
||||||
};
|
address = mkOption {
|
||||||
port = mkOption {
|
default = "10.1.0.23";
|
||||||
default = 51820;
|
type = types.str;
|
||||||
type = types.int;
|
};
|
||||||
};
|
port = mkOption {
|
||||||
storage = mkOption {
|
default = 51820;
|
||||||
default = "${config.container.storage}/vpn";
|
type = types.int;
|
||||||
type = types.str;
|
};
|
||||||
};
|
storage = mkOption {
|
||||||
};
|
default = "${config.container.storage}/vpn";
|
||||||
};
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
"data/preshared"
|
"data/preshared"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.vpn = container.mkContainer cfg {
|
containers.vpn = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/lib/wireguard" = {
|
"/var/lib/wireguard" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
boot.kernel.sysctl = {
|
{ ... }:
|
||||||
"net.ipv4.conf.all.src_valid_mark" = 1;
|
container.mkContainerConfig cfg {
|
||||||
"net.ipv4.ip_forward" = 1;
|
boot.kernel.sysctl = {
|
||||||
};
|
"net.ipv4.conf.all.src_valid_mark" = 1;
|
||||||
|
"net.ipv4.ip_forward" = 1;
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ wireguard-tools ];
|
environment.systemPackages = with pkgs; [ wireguard-tools ];
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
netdevs = {
|
netdevs = {
|
||||||
"50-wg0" = {
|
"50-wg0" = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
MTUBytes = "1300";
|
MTUBytes = "1300";
|
||||||
Name = "wg0";
|
Name = "wg0";
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = "/var/lib/wireguard/privkey";
|
PrivateKeyFile = "/var/lib/wireguard/privkey";
|
||||||
ListenPort = cfg.port;
|
ListenPort = cfg.port;
|
||||||
};
|
};
|
||||||
inherit wireguardPeers;
|
inherit wireguardPeers;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networks.wg0 = {
|
networks.wg0 = {
|
||||||
matchConfig.Name = "wg0";
|
matchConfig.Name = "wg0";
|
||||||
address = ["10.1.1.0/24"];
|
address = [ "10.1.1.0/24" ];
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
IPv4Forwarding = "yes";
|
IPv4Forwarding = "yes";
|
||||||
IPMasquerade = "ipv4";
|
IPMasquerade = "ipv4";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,86 +1,96 @@
|
||||||
{ container, lib, config, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.watch;
|
container,
|
||||||
in {
|
lib,
|
||||||
options = {
|
config,
|
||||||
container.module.watch = {
|
...
|
||||||
enable = mkEnableOption "Media server.";
|
}:
|
||||||
address = mkOption {
|
with lib;
|
||||||
default = "10.1.0.11";
|
let
|
||||||
type = types.str;
|
cfg = config.container.module.watch;
|
||||||
};
|
in
|
||||||
port = mkOption {
|
{
|
||||||
default = 8096;
|
options = {
|
||||||
type = types.int;
|
container.module.watch = {
|
||||||
};
|
enable = mkEnableOption "Media server.";
|
||||||
domain = mkOption {
|
address = mkOption {
|
||||||
default = "watch.${config.container.domain}";
|
default = "10.1.0.11";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
port = mkOption {
|
||||||
default = "${config.container.storage}/watch";
|
default = 8096;
|
||||||
type = types.str;
|
type = types.int;
|
||||||
};
|
};
|
||||||
memLimit = mkOption {
|
domain = mkOption {
|
||||||
default = "8G";
|
default = "watch.${config.container.domain}";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
storage = mkOption {
|
||||||
};
|
default = "${config.container.storage}/watch";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
memLimit = mkOption {
|
||||||
|
default = "8G";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
||||||
"data"
|
"data"
|
||||||
"cache"
|
"cache"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.watch = container.mkContainer cfg {
|
containers.watch = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts =
|
||||||
"/var/lib/jellyfin" = {
|
{
|
||||||
hostPath = "${cfg.storage}/data";
|
"/var/lib/jellyfin" = {
|
||||||
isReadOnly = false;
|
hostPath = "${cfg.storage}/data";
|
||||||
};
|
isReadOnly = false;
|
||||||
"/var/cache/jellyfin" = {
|
};
|
||||||
hostPath = "${cfg.storage}/cache";
|
"/var/cache/jellyfin" = {
|
||||||
isReadOnly = false;
|
hostPath = "${cfg.storage}/cache";
|
||||||
};
|
isReadOnly = false;
|
||||||
"/dev/dri" = {
|
};
|
||||||
hostPath = "/dev/dri";
|
"/dev/dri" = {
|
||||||
isReadOnly = false;
|
hostPath = "/dev/dri";
|
||||||
};
|
isReadOnly = false;
|
||||||
}
|
};
|
||||||
// container.attachMedia "anime" true
|
}
|
||||||
// container.attachMedia "download" true
|
// container.attachMedia "anime" true
|
||||||
// container.attachMedia "movie" true
|
// container.attachMedia "download" true
|
||||||
// container.attachMedia "music" true
|
// container.attachMedia "movie" true
|
||||||
// container.attachMedia "photo" true
|
// container.attachMedia "music" true
|
||||||
// container.attachMedia "porn" true
|
// container.attachMedia "photo" true
|
||||||
// container.attachMedia "show" true
|
// container.attachMedia "porn" true
|
||||||
// container.attachMedia "study" true
|
// container.attachMedia "show" true
|
||||||
// container.attachMedia "work" true
|
// container.attachMedia "study" true
|
||||||
// container.attachMedia "youtube" true
|
// container.attachMedia "work" true
|
||||||
;
|
// container.attachMedia "youtube" true;
|
||||||
|
|
||||||
allowedDevices = [
|
allowedDevices = [
|
||||||
{
|
{
|
||||||
modifier = "rwm";
|
modifier = "rwm";
|
||||||
node = "/dev/dri/renderD128";
|
node = "/dev/dri/renderD128";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
# users.users.jellyfin.extraGroups = [
|
{ ... }:
|
||||||
# "video"
|
container.mkContainerConfig cfg {
|
||||||
# "render"
|
# users.users.jellyfin.extraGroups = [
|
||||||
# ];
|
# "video"
|
||||||
|
# "render"
|
||||||
|
# ];
|
||||||
|
|
||||||
services.jellyfin = {
|
services.jellyfin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
cacheDir = "/var/cache/jellyfin";
|
cacheDir = "/var/cache/jellyfin";
|
||||||
dataDir = "/var/lib/jellyfin";
|
dataDir = "/var/lib/jellyfin";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
|
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
112
container/Yt.nix
112
container/Yt.nix
|
@ -1,52 +1,64 @@
|
||||||
{ container, pkgs, lib, config, __findFile, ... }: with lib; let
|
{
|
||||||
cfg = config.container.module.yt;
|
container,
|
||||||
in {
|
pkgs,
|
||||||
options = {
|
lib,
|
||||||
container.module.yt = {
|
config,
|
||||||
enable = mkEnableOption "YouTube frontend.";
|
__findFile,
|
||||||
address = mkOption {
|
...
|
||||||
default = "10.1.0.19";
|
}:
|
||||||
type = types.str;
|
with lib;
|
||||||
};
|
let
|
||||||
port = mkOption {
|
cfg = config.container.module.yt;
|
||||||
default = 3000;
|
in
|
||||||
type = types.int;
|
{
|
||||||
};
|
options = {
|
||||||
domain = mkOption {
|
container.module.yt = {
|
||||||
default = "yt.${config.container.domain}";
|
enable = mkEnableOption "YouTube frontend.";
|
||||||
type = types.str;
|
address = mkOption {
|
||||||
};
|
default = "10.1.0.19";
|
||||||
storage = mkOption {
|
type = types.str;
|
||||||
default = "${config.container.storage}/yt";
|
};
|
||||||
type = types.str;
|
port = mkOption {
|
||||||
};
|
default = 3000;
|
||||||
};
|
type = types.int;
|
||||||
};
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
default = "yt.${config.container.domain}";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
default = "${config.container.storage}/yt";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
containers.yt = container.mkContainer cfg {
|
containers.yt = container.mkContainer cfg {
|
||||||
config = { ... }: container.mkContainerConfig cfg {
|
config =
|
||||||
services.invidious = {
|
{ ... }:
|
||||||
enable = true;
|
container.mkContainerConfig cfg {
|
||||||
domain = cfg.domain;
|
services.invidious = {
|
||||||
port = cfg.port;
|
enable = true;
|
||||||
nginx.enable = false;
|
domain = cfg.domain;
|
||||||
database = {
|
port = cfg.port;
|
||||||
port = config.container.module.postgres.port;
|
nginx.enable = false;
|
||||||
host = config.container.module.postgres.address;
|
database = {
|
||||||
createLocally = false;
|
port = config.container.module.postgres.port;
|
||||||
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
|
host = config.container.module.postgres.address;
|
||||||
};
|
createLocally = false;
|
||||||
settings = {
|
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
|
||||||
admins = [ "root" ];
|
};
|
||||||
captcha_enabled = false;
|
settings = {
|
||||||
check_tables = true;
|
admins = [ "root" ];
|
||||||
registration_enabled = false;
|
captcha_enabled = false;
|
||||||
external_port = 443;
|
check_tables = true;
|
||||||
https_only = true;
|
registration_enabled = false;
|
||||||
};
|
external_port = 443;
|
||||||
};
|
https_only = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,58 +1,61 @@
|
||||||
{ lib, config, ... }: with lib; let
|
{ lib, config, ... }:
|
||||||
cfg = config.container;
|
with lib;
|
||||||
in {
|
let
|
||||||
options = {
|
cfg = config.container;
|
||||||
container = {
|
in
|
||||||
enable = mkEnableOption "Containers!!";
|
{
|
||||||
|
options = {
|
||||||
|
container = {
|
||||||
|
enable = mkEnableOption "Containers!!";
|
||||||
|
|
||||||
autoStart = mkOption {
|
autoStart = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
host = mkOption {
|
host = mkOption {
|
||||||
default = "0.0.0.0";
|
default = "0.0.0.0";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
localAccess = mkOption {
|
localAccess = mkOption {
|
||||||
default = "0.0.0.0";
|
default = "0.0.0.0";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
storage = mkOption {
|
storage = mkOption {
|
||||||
default = "/tmp/container";
|
default = "/tmp/container";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
domain = mkOption {
|
domain = mkOption {
|
||||||
default = "local";
|
default = "local";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
interface = mkOption {
|
interface = mkOption {
|
||||||
default = "lo";
|
default = "lo";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
media = mkOption {
|
media = mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
type = types.attrs;
|
type = types.attrs;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# This is the network for all the containers.
|
# This is the network for all the containers.
|
||||||
# They are not available to the external interface by default,
|
# They are not available to the external interface by default,
|
||||||
# instead they all expose specific ports in their configuration.
|
# instead they all expose specific ports in their configuration.
|
||||||
networking = {
|
networking = {
|
||||||
nat = {
|
nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
internalInterfaces = [ "ve-+" ];
|
internalInterfaces = [ "ve-+" ];
|
||||||
externalInterface = config.container.interface;
|
externalInterface = config.container.interface;
|
||||||
};
|
};
|
||||||
networkmanager.unmanaged = [ "interface-name:ve-*" ];
|
networkmanager.unmanaged = [ "interface-name:ve-*" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,31 @@
|
||||||
{ util, config, lib, container, ... }: let
|
{
|
||||||
domain = "camera.${config.container.domain}";
|
config,
|
||||||
address = "192.168.2.249";
|
container,
|
||||||
port = 554;
|
...
|
||||||
in {
|
}:
|
||||||
${domain} = container.mkServer {
|
let
|
||||||
extraConfig = util.trimTabs ''
|
domain = "camera.${config.container.domain}";
|
||||||
listen 443 ssl;
|
address = "192.168.2.249";
|
||||||
|
port = 554;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${domain} = container.mkServer {
|
||||||
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
return 301 rtsp://${address}:${toString port}/live/main;
|
return 301 rtsp://${address}:${toString port}/live/main;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,28 +1,30 @@
|
||||||
{ util, config, container, ... }: let
|
{ config, container, ... }:
|
||||||
cfg = config.container.module.change;
|
let
|
||||||
name = "change";
|
cfg = config.container.module.change;
|
||||||
in {
|
name = "change";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
||||||
add_header Referrer-Policy 'origin';
|
add_header Referrer-Policy 'origin';
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,30 +1,31 @@
|
||||||
{ util, config, container, ... }: let
|
{ config, container, ... }:
|
||||||
cfg = config.container.module.cloud;
|
let
|
||||||
name = "cloud";
|
cfg = config.container.module.cloud;
|
||||||
in {
|
name = "cloud";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
|
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, config, container, ... }: let
|
{ config, container, ... }:
|
||||||
cfg = config.container.module.download;
|
let
|
||||||
name = "download";
|
cfg = config.container.module.download;
|
||||||
in {
|
name = "download";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,33 +1,35 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.git;
|
let
|
||||||
name = "git";
|
cfg = config.container.module.git;
|
||||||
in {
|
name = "git";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location ~ ^/(admin|api|user) {
|
location ~ ^/(admin|api|user) {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# allow ${config.container.localAccess};
|
# allow ${config.container.localAccess};
|
||||||
# allow ${config.container.module.status.address};
|
# allow ${config.container.module.status.address};
|
||||||
# allow ${config.container.module.vpn.address};
|
# allow ${config.container.module.vpn.address};
|
||||||
# allow ${config.container.module.frkn.address};
|
# allow ${config.container.module.frkn.address};
|
||||||
# deny all;
|
# deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,31 @@
|
||||||
{ util, container, config, ... }: let
|
{
|
||||||
cfg = config.container.module.hdd;
|
container,
|
||||||
name = "hdd";
|
config,
|
||||||
in {
|
...
|
||||||
${cfg.domain} = container.mkServer {
|
}:
|
||||||
extraConfig = util.trimTabs ''
|
let
|
||||||
listen 443 ssl;
|
cfg = config.container.module.hdd;
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
name = "hdd";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${cfg.domain} = container.mkServer {
|
||||||
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,31 @@
|
||||||
{ util, config, container, ... }: let
|
{
|
||||||
cfg = config.container.module.home;
|
config,
|
||||||
name = "home";
|
container,
|
||||||
in {
|
...
|
||||||
${cfg.domain} = container.mkServer {
|
}:
|
||||||
extraConfig = util.trimTabs ''
|
let
|
||||||
listen 443 ssl;
|
cfg = config.container.module.home;
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
name = "home";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${cfg.domain} = container.mkServer {
|
||||||
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +1,38 @@
|
||||||
{ util, container, config, ... }: let
|
{
|
||||||
cfg = config.container.module.iot;
|
container,
|
||||||
name = "iot";
|
config,
|
||||||
in {
|
...
|
||||||
${cfg.domain} = container.mkServer {
|
}:
|
||||||
extraConfig = util.trimTabs ''
|
let
|
||||||
listen 443 ssl;
|
cfg = config.container.module.iot;
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
name = "iot";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${cfg.domain} = container.mkServer {
|
||||||
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.mail;
|
let
|
||||||
name = "mail";
|
cfg = config.container.module.mail;
|
||||||
in {
|
name = "mail";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,26 +1,28 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.office;
|
let
|
||||||
name = "office";
|
cfg = config.container.module.office;
|
||||||
in {
|
name = "office";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# allow ${config.container.localAccess};
|
# allow ${config.container.localAccess};
|
||||||
# allow ${config.container.module.status.address};
|
# allow ${config.container.module.status.address};
|
||||||
# allow ${config.container.module.vpn.address};
|
# allow ${config.container.module.vpn.address};
|
||||||
# allow ${config.container.module.frkn.address};
|
# allow ${config.container.module.frkn.address};
|
||||||
# deny all;
|
# deny all;
|
||||||
add_header X-Forwarded-Proto https;
|
add_header X-Forwarded-Proto https;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.paper;
|
let
|
||||||
name = "paper";
|
cfg = config.container.module.paper;
|
||||||
in {
|
name = "paper";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.pass;
|
let
|
||||||
name = "pass";
|
cfg = config.container.module.pass;
|
||||||
in {
|
name = "pass";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,26 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.paste;
|
let
|
||||||
name = "paste";
|
cfg = config.container.module.paste;
|
||||||
in {
|
name = "paste";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location = / {
|
location = / {
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,30 +1,32 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.print;
|
let
|
||||||
name = "print";
|
cfg = config.container.module.print;
|
||||||
in {
|
name = "print";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
||||||
proxy_set_header Host "127.0.0.1";
|
proxy_set_header Host "127.0.0.1";
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +1,29 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
address = "192.168.2.237";
|
let
|
||||||
domain = "printer.${config.container.domain}";
|
address = "192.168.2.237";
|
||||||
port = 80;
|
domain = "printer.${config.container.domain}";
|
||||||
name = "printer";
|
port = 80;
|
||||||
in {
|
name = "printer";
|
||||||
${domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${domain} = container.mkServer {
|
||||||
set ''$${name} ${address}:${toString port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${address}:${toString port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.read;
|
let
|
||||||
name = "read";
|
cfg = config.container.module.read;
|
||||||
in {
|
name = "read";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,28 +1,29 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
address = "10.0.0.2";
|
let
|
||||||
domain = "router.${config.container.domain}";
|
address = "10.0.0.2";
|
||||||
port = 80;
|
domain = "router.${config.container.domain}";
|
||||||
name = "router";
|
port = 80;
|
||||||
in {
|
name = "router";
|
||||||
${domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${domain} = container.mkServer {
|
||||||
set ''$${name} ${address}:${toString port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${address}:${toString port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,31 @@
|
||||||
{ util, container, config, ... }: let
|
{
|
||||||
cfg = config.container.module.search;
|
container,
|
||||||
name = "search";
|
config,
|
||||||
in {
|
...
|
||||||
${cfg.domain} = container.mkServer {
|
}:
|
||||||
extraConfig = util.trimTabs ''
|
let
|
||||||
listen 443 ssl;
|
cfg = config.container.module.search;
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
name = "search";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${cfg.domain} = container.mkServer {
|
||||||
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +1,34 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.status;
|
let
|
||||||
name = "sstatus";
|
cfg = config.container.module.status;
|
||||||
in {
|
name = "sstatus";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location ~ ^/(dashboard|settings) {
|
location ~ ^/(dashboard|settings) {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.stock;
|
let
|
||||||
name = "stock";
|
cfg = config.container.module.stock;
|
||||||
in {
|
name = "stock";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.watch;
|
let
|
||||||
name = "watch";
|
cfg = config.container.module.watch;
|
||||||
in {
|
name = "watch";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,35 +1,37 @@
|
||||||
{ util, container, config, ... }: let
|
{ container, config, ... }:
|
||||||
cfg = config.container.module.yt;
|
let
|
||||||
name = "yt";
|
cfg = config.container.module.yt;
|
||||||
in {
|
name = "yt";
|
||||||
${cfg.domain} = container.mkServer {
|
in
|
||||||
extraConfig = util.trimTabs ''
|
{
|
||||||
listen 443 ssl;
|
${cfg.domain} = container.mkServer {
|
||||||
set ''$${name} ${cfg.address}:${toString cfg.port};
|
extraConfig = ''
|
||||||
|
listen 443 ssl;
|
||||||
|
set ''$${name} ${cfg.address}:${toString cfg.port};
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.frkn.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Connection "";
|
proxy_set_header Connection "";
|
||||||
|
|
||||||
proxy_hide_header Content-Security-Policy;
|
proxy_hide_header Content-Security-Policy;
|
||||||
proxy_hide_header X-Frame-Options;
|
proxy_hide_header X-Frame-Options;
|
||||||
proxy_hide_header X-Content-Type-Options;
|
proxy_hide_header X-Content-Type-Options;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
|
||||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
623
flake.nix
623
flake.nix
|
@ -1,328 +1,373 @@
|
||||||
# This is a configuration entry-point called "Flake".
|
# This is a configuration entry-point called "Flake".
|
||||||
# Here you define your inputs (dependencies) and outputs (hosts).
|
# Here you define your inputs (dependencies) and outputs (hosts).
|
||||||
{
|
{
|
||||||
# Those are external dependencies.
|
# Those are external dependencies.
|
||||||
inputs = {
|
inputs = {
|
||||||
# Core system.
|
# Core system.
|
||||||
# Homepage: https://github.com/NixOS/nixpkgs
|
# Homepage: https://github.com/NixOS/nixpkgs
|
||||||
# Manual: https://nixos.org/manual/nixos/stable
|
# Manual: https://nixos.org/manual/nixos/stable
|
||||||
# Search: https://search.nixos.org/packages and https://search.nixos.org/options
|
# Search: https://search.nixos.org/packages and https://search.nixos.org/options
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
|
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||||
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
|
nixpkgsMaster.url = "github:nixos/nixpkgs/master";
|
||||||
|
|
||||||
# This thing manages user's /home directroies. Because NixOS only manages system itself.
|
# This thing manages user's /home directroies. Because NixOS only manages system itself.
|
||||||
# Homepage: https://github.com/nix-community/home-manager
|
# Homepage: https://github.com/nix-community/home-manager
|
||||||
# Manual: https://nix-community.github.io/home-manager
|
# Manual: https://nix-community.github.io/home-manager
|
||||||
# Search: https://home-manager-options.extranix.com
|
# Search: https://home-manager-options.extranix.com
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
|
|
||||||
# This means that home-manager and our Flake both depend on the same nixpkgs version.
|
# This means that home-manager and our Flake both depend on the same nixpkgs version.
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
# This allows automatic styling based on active Wallpaper.
|
# This allows automatic styling based on active Wallpaper.
|
||||||
# Homepage: https://github.com/danth/stylix
|
# Homepage: https://github.com/danth/stylix
|
||||||
# Manual: https://danth.github.io/stylix
|
# Manual: https://danth.github.io/stylix
|
||||||
stylix.url = "github:danth/stylix";
|
stylix.url = "github:danth/stylix";
|
||||||
|
|
||||||
# I use this for a single container called jobber. WARN: Do not update.
|
# I use this for a single container called jobber. WARN: Do not update.
|
||||||
# You likely won't need this one, so just skip it for now.
|
# You likely won't need this one, so just skip it for now.
|
||||||
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
|
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
|
||||||
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
|
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
|
||||||
|
|
||||||
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations.
|
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations.
|
||||||
# Homepage: https://github.com/nix-community/nix-on-droid
|
# Homepage: https://github.com/nix-community/nix-on-droid
|
||||||
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md
|
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md
|
||||||
nix-on-droid = {
|
nix-on-droid = {
|
||||||
url = "github:t184256/nix-on-droid/release-23.11";
|
url = "github:t184256/nix-on-droid/release-23.11";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.home-manager.follows = "home-manager";
|
inputs.home-manager.follows = "home-manager";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix).
|
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix).
|
||||||
nvimAlign = {
|
nvimAlign = {
|
||||||
url = "github:echasnovski/mini.align";
|
url = "github:echasnovski/mini.align";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimAutoclose = {
|
nvimAutoclose = {
|
||||||
url = "github:m4xshen/autoclose.nvim";
|
url = "github:m4xshen/autoclose.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimBufferline = {
|
nvimBufferline = {
|
||||||
url = "github:akinsho/bufferline.nvim";
|
url = "github:akinsho/bufferline.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimCloseBuffers = {
|
nvimCloseBuffers = {
|
||||||
url = "github:kazhala/close-buffers.nvim";
|
url = "github:kazhala/close-buffers.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimColorizer = {
|
nvimColorizer = {
|
||||||
url = "github:brenoprata10/nvim-highlight-colors";
|
url = "github:brenoprata10/nvim-highlight-colors";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimDevicons = {
|
nvimDevicons = {
|
||||||
url = "github:nvim-tree/nvim-web-devicons";
|
url = "github:nvim-tree/nvim-web-devicons";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimGitsigns = {
|
nvimGitsigns = {
|
||||||
url = "github:lewis6991/gitsigns.nvim";
|
url = "github:lewis6991/gitsigns.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimGruvboxMaterial = {
|
nvimGruvboxMaterial = {
|
||||||
url = "github:sainnhe/gruvbox-material";
|
url = "github:sainnhe/gruvbox-material";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimIndentoMatic = {
|
nvimIndentoMatic = {
|
||||||
url = "github:Darazaki/indent-o-matic";
|
url = "github:Darazaki/indent-o-matic";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimLspconfig = {
|
nvimLspconfig = {
|
||||||
url = "github:neovim/nvim-lspconfig";
|
url = "github:neovim/nvim-lspconfig";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimOllama = {
|
nvimOllama = {
|
||||||
url = "github:nomnivore/ollama.nvim";
|
url = "github:nomnivore/ollama.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimPlenary = {
|
nvimPlenary = {
|
||||||
url = "github:nvim-lua/plenary.nvim";
|
url = "github:nvim-lua/plenary.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimTelescope = {
|
nvimTelescope = {
|
||||||
url = "github:nvim-telescope/telescope.nvim";
|
url = "github:nvim-telescope/telescope.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimTodo = {
|
nvimTodo = {
|
||||||
url = "github:folke/todo-comments.nvim";
|
url = "github:folke/todo-comments.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimTree = {
|
nvimTree = {
|
||||||
url = "github:nvim-tree/nvim-tree.lua";
|
url = "github:nvim-tree/nvim-tree.lua";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimTreesitter = {
|
nvimTreesitter = {
|
||||||
url = "github:nvim-treesitter/nvim-treesitter";
|
url = "github:nvim-treesitter/nvim-treesitter";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
nvimTrouble = {
|
nvimTrouble = {
|
||||||
url = "github:folke/trouble.nvim";
|
url = "github:folke/trouble.nvim";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Those are outputs (hosts, configurations) that can be produced by this whole config.
|
# Those are outputs (hosts, configurations) that can be produced by this whole config.
|
||||||
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
|
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
|
||||||
# `...` at the end of a set means "ignore other arguments provided to this function".
|
# `...` at the end of a set means "ignore other arguments provided to this function".
|
||||||
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
|
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
|
||||||
outputs = { self, nixpkgs, nixpkgsStable, nixpkgsMaster, nix-on-droid, home-manager, stylix, poetry2nixJobber, nixpkgsJobber, ... } @inputs: {
|
outputs =
|
||||||
# Constant values.
|
{
|
||||||
const = {
|
self,
|
||||||
droidStateVersion = "23.11";
|
nixpkgs,
|
||||||
stateVersion = "24.05";
|
nixpkgsStable,
|
||||||
timeZone = "Europe/Moscow";
|
nixpkgsMaster,
|
||||||
url = "https://git.voronind.com/voronind/nix.git";
|
nix-on-droid,
|
||||||
};
|
home-manager,
|
||||||
|
stylix,
|
||||||
|
poetry2nixJobber,
|
||||||
|
nixpkgsJobber,
|
||||||
|
...
|
||||||
|
}@inputs:
|
||||||
|
{
|
||||||
|
# Constant values.
|
||||||
|
const = {
|
||||||
|
droidStateVersion = "23.11";
|
||||||
|
stateVersion = "24.05";
|
||||||
|
timeZone = "Europe/Moscow";
|
||||||
|
url = "https://git.voronind.com/voronind/nix.git";
|
||||||
|
};
|
||||||
|
|
||||||
# Hack to use <container/Change.nix> in other files.
|
# Hack to use <container/Change.nix> in other files.
|
||||||
# Need to add __findFile to args tho.
|
# Need to add __findFile to args tho.
|
||||||
__findFile = _: p: ./${p};
|
__findFile = _: p: ./${p};
|
||||||
|
|
||||||
# List all files in a dir.
|
# List all files in a dir.
|
||||||
findFiles = path: map (f: "${path}/${f}") (
|
findFiles =
|
||||||
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
|
path:
|
||||||
builtins.attrNames (builtins.readDir path)
|
map (f: "${path}/${f}") (
|
||||||
)
|
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
|
||||||
);
|
builtins.attrNames (builtins.readDir path)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
# Dev shell for this repo.
|
# Dev shell for this repo.
|
||||||
devShells = let
|
devShells =
|
||||||
system = "x86_64-linux";
|
let
|
||||||
lib = nixpkgs.lib;
|
system = "x86_64-linux";
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
lib = nixpkgs.lib;
|
||||||
in {
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
${system}.default = pkgs.mkShell {
|
in
|
||||||
nativeBuildInputs = with pkgs; [
|
{
|
||||||
nixd
|
${system}.default = pkgs.mkShell {
|
||||||
];
|
nativeBuildInputs = with pkgs; [
|
||||||
# buildInputs = with pkgs; [ ];
|
nixd
|
||||||
|
nixfmt-rfc-style
|
||||||
|
treefmt
|
||||||
|
];
|
||||||
|
# buildInputs = with pkgs; [ ];
|
||||||
|
|
||||||
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
|
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
|
||||||
# SOURCE_DATE_EPOCH = "${toString self.lastModified}";
|
# SOURCE_DATE_EPOCH = "${toString self.lastModified}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Nixos systems.
|
# Nixos systems.
|
||||||
nixosConfigurations = let
|
nixosConfigurations =
|
||||||
# Function to create a host. It does basic setup, like adding common modules.
|
let
|
||||||
mkHost = { system, hostname }: nixpkgs.lib.nixosSystem {
|
# Function to create a host. It does basic setup, like adding common modules.
|
||||||
# `Inherit` is just an alias for `system = system;`, which means that
|
mkHost =
|
||||||
# keep the `system` argument as a property in a resulting set.
|
{ system, hostname }:
|
||||||
inherit system;
|
nixpkgs.lib.nixosSystem {
|
||||||
|
# `Inherit` is just an alias for `system = system;`, which means that
|
||||||
|
# keep the `system` argument as a property in a resulting set.
|
||||||
|
inherit system;
|
||||||
|
|
||||||
# List of modules to use by defualt for all the hosts.
|
# List of modules to use by defualt for all the hosts.
|
||||||
modules = [
|
modules =
|
||||||
# Make a device hostname match the one from this config.
|
[
|
||||||
{ networking.hostName = hostname; }
|
# Make a device hostname match the one from this config.
|
||||||
|
{ networking.hostName = hostname; }
|
||||||
|
|
||||||
# Specify current release version.
|
# Specify current release version.
|
||||||
{ system.stateVersion = self.const.stateVersion; }
|
{ system.stateVersion = self.const.stateVersion; }
|
||||||
|
|
||||||
# Add Home Manager module.
|
# Add Home Manager module.
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
|
|
||||||
# Add Stylix module.
|
# Add Stylix module.
|
||||||
stylix.nixosModules.stylix
|
stylix.nixosModules.stylix
|
||||||
|
|
||||||
# HM config.
|
# HM config.
|
||||||
./home/NixOs.nix
|
./home/NixOs.nix
|
||||||
]
|
]
|
||||||
++ (self.findFiles ./host/${system}/${hostname})
|
++ (self.findFiles ./host/${system}/${hostname})
|
||||||
++ (self.findFiles ./config)
|
++ (self.findFiles ./config)
|
||||||
++ (self.findFiles ./container)
|
++ (self.findFiles ./container)
|
||||||
++ (self.findFiles ./module)
|
++ (self.findFiles ./module)
|
||||||
++ (self.findFiles ./system)
|
++ (self.findFiles ./system)
|
||||||
++ (self.findFiles ./overlay);
|
++ (self.findFiles ./overlay);
|
||||||
|
|
||||||
# SpecialArgs allows you to pass objects down to other NixOS modules.
|
# SpecialArgs allows you to pass objects down to other NixOS modules.
|
||||||
specialArgs = let
|
specialArgs =
|
||||||
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
|
let
|
||||||
lib = nixpkgs.lib;
|
pkgs = nixpkgs.legacyPackages.${system}.pkgs;
|
||||||
config = self.nixosConfigurations.${hostname}.config;
|
lib = nixpkgs.lib;
|
||||||
in {
|
config = self.nixosConfigurations.${hostname}.config;
|
||||||
inherit inputs self;
|
in
|
||||||
inherit (self) const __findFile;
|
{
|
||||||
|
inherit inputs self;
|
||||||
|
inherit (self) const __findFile;
|
||||||
|
|
||||||
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
|
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
|
||||||
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
|
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
|
||||||
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
|
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
|
||||||
|
|
||||||
secret = import ./secret {}; # Secrets (public keys).
|
secret = import ./secret { }; # Secrets (public keys).
|
||||||
container = import ./lib/Container.nix { inherit lib pkgs config; inherit (self) const; }; # Container utils.
|
container = import ./lib/Container.nix {
|
||||||
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
|
inherit lib pkgs config;
|
||||||
|
inherit (self) const;
|
||||||
|
}; # Container utils.
|
||||||
|
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
|
||||||
|
|
||||||
# Stuff for Jobber container, skip this part.
|
# Stuff for Jobber container, skip this part.
|
||||||
inherit poetry2nixJobber;
|
inherit poetry2nixJobber;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mkSystem = system: hostname: {
|
mkSystem = system: hostname: {
|
||||||
"${hostname}" = mkHost {
|
"${hostname}" = mkHost {
|
||||||
inherit system hostname;
|
inherit system hostname;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in nixpkgs.lib.foldl' (acc: h: acc // h) {} (
|
in
|
||||||
map (system:
|
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
|
||||||
nixpkgs.lib.foldl' (acc: h: acc // h) {} (
|
map (
|
||||||
map (host:
|
system:
|
||||||
mkSystem system host
|
nixpkgs.lib.foldl' (acc: h: acc // h) { } (
|
||||||
) (builtins.attrNames (builtins.readDir ./host/${system}))
|
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system}))
|
||||||
)
|
)
|
||||||
) (builtins.attrNames (builtins.readDir ./host))
|
) (builtins.attrNames (builtins.readDir ./host))
|
||||||
);
|
);
|
||||||
|
|
||||||
|
# Home manager (distro-independent).
|
||||||
|
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
|
||||||
|
# Or with --daemon for multi-user (as root).
|
||||||
|
# $ nix run home-manager/master -- init --switch
|
||||||
|
# $ nix shell '<home-manager>' -A install
|
||||||
|
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
|
||||||
|
# And then # systemctl restart nix-daemon.service
|
||||||
|
# $ home-manager switch --flake ~/hmconf
|
||||||
|
homeConfigurations =
|
||||||
|
let
|
||||||
|
lib = nixpkgs.lib;
|
||||||
|
secret = import ./secret { };
|
||||||
|
util = import ./lib/Util.nix { inherit lib; };
|
||||||
|
|
||||||
# Home manager (distro-independent).
|
mkCommonHome =
|
||||||
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
|
username: homeDirectory: system: modules:
|
||||||
# Or with --daemon for multi-user (as root).
|
let
|
||||||
# $ nix run home-manager/master -- init --switch
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
# $ nix shell '<home-manager>' -A install
|
pkgsStable = nixpkgsStable.legacyPackages.${system};
|
||||||
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
|
pkgsMaster = nixpkgsMaster.legacyPackages.${system};
|
||||||
# And then # systemctl restart nix-daemon.service
|
in
|
||||||
# $ home-manager switch --flake ~/hmconf
|
{
|
||||||
homeConfigurations = let
|
${username} = home-manager.lib.homeManagerConfiguration {
|
||||||
lib = nixpkgs.lib;
|
inherit pkgs;
|
||||||
secret = import ./secret {};
|
|
||||||
util = import ./lib/Util.nix { inherit lib; };
|
|
||||||
|
|
||||||
mkCommonHome = username: homeDirectory: system: modules: let
|
extraSpecialArgs = {
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
inherit
|
||||||
pkgsStable = nixpkgsStable.legacyPackages.${system};
|
self
|
||||||
pkgsMaster = nixpkgsMaster.legacyPackages.${system};
|
inputs
|
||||||
in {
|
secret
|
||||||
${username} = home-manager.lib.homeManagerConfiguration {
|
util
|
||||||
inherit pkgs;
|
pkgs
|
||||||
|
pkgsStable
|
||||||
|
pkgsMaster
|
||||||
|
;
|
||||||
|
inherit (self) const __findFile;
|
||||||
|
};
|
||||||
|
modules = [
|
||||||
|
./home/HomeManager.nix
|
||||||
|
{
|
||||||
|
home.hm = {
|
||||||
|
inherit username homeDirectory;
|
||||||
|
enable = true;
|
||||||
|
package = {
|
||||||
|
core.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
extraSpecialArgs = {
|
{ nixpkgs.config.allowUnfree = true; }
|
||||||
inherit self inputs secret util pkgs pkgsStable pkgsMaster;
|
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); }
|
||||||
inherit (self) const __findFile;
|
{ nix.package = pkgs.nix; }
|
||||||
};
|
{
|
||||||
modules = [
|
nix.settings.experimental-features = [
|
||||||
./home/HomeManager.nix
|
"nix-command "
|
||||||
{
|
"flakes"
|
||||||
home.hm = {
|
];
|
||||||
inherit username homeDirectory;
|
}
|
||||||
enable = true;
|
|
||||||
package = {
|
|
||||||
core.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
{ nixpkgs.config.allowUnfree = true; }
|
inputs.stylix.homeManagerModules.stylix
|
||||||
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); }
|
] ++ modules ++ (self.findFiles ./config);
|
||||||
{ nix.package = pkgs.nix; }
|
};
|
||||||
{ nix.settings.experimental-features = [ "nix-command " "flakes" ]; }
|
};
|
||||||
|
|
||||||
inputs.stylix.homeManagerModules.stylix
|
x86LinuxHome = username: modules: mkCommonHome username "/home/${username}" "x86_64-linux" modules;
|
||||||
]
|
x86LinuxRoot = mkCommonHome "root" "/root" "x86_64-linux" [ ];
|
||||||
++ modules
|
in
|
||||||
++ (self.findFiles ./config);
|
nixpkgs.lib.foldl' (acc: h: acc // h) { } [
|
||||||
};
|
x86LinuxRoot
|
||||||
};
|
(x86LinuxHome "voronind" [
|
||||||
|
{
|
||||||
|
home.hm.package = {
|
||||||
|
common.enable = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
])
|
||||||
|
];
|
||||||
|
|
||||||
x86LinuxHome = username: modules: mkCommonHome username "/home/${username}" "x86_64-linux" modules;
|
# Android.
|
||||||
x86LinuxRoot = mkCommonHome "root" "/root" "x86_64-linux" [];
|
nixOnDroidConfigurations.default =
|
||||||
in nixpkgs.lib.foldl' (acc: h: acc // h) {} [
|
let
|
||||||
x86LinuxRoot
|
config = self.nixOnDroidConfigurations.default.config;
|
||||||
(x86LinuxHome "voronind" [
|
lib = nixpkgs.lib;
|
||||||
{
|
pkgs = nixpkgs.legacyPackages."aarch64-linux".pkgs;
|
||||||
home.hm.package = {
|
in
|
||||||
common.enable = true;
|
nix-on-droid.lib.nixOnDroidConfiguration {
|
||||||
};
|
modules = [
|
||||||
}
|
# Android release version.
|
||||||
])
|
{ system.stateVersion = self.const.droidStateVersion; }
|
||||||
];
|
|
||||||
|
|
||||||
# Android.
|
# I put all my Android configuration there.
|
||||||
nixOnDroidConfigurations.default = let
|
./home/Android.nix
|
||||||
config = self.nixOnDroidConfigurations.default.config;
|
{ home.android.enable = true; }
|
||||||
lib = nixpkgs.lib;
|
|
||||||
pkgs = nixpkgs.legacyPackages."aarch64-linux".pkgs;
|
|
||||||
in nix-on-droid.lib.nixOnDroidConfiguration {
|
|
||||||
modules = [
|
|
||||||
# Android release version.
|
|
||||||
{ system.stateVersion = self.const.droidStateVersion; }
|
|
||||||
|
|
||||||
# I put all my Android configuration there.
|
# { nixpkgs.config.allowUnfree = true; }
|
||||||
./home/Android.nix
|
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
|
||||||
{ home.android.enable = true; }
|
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
|
||||||
|
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
|
||||||
|
|
||||||
# { nixpkgs.config.allowUnfree = true; }
|
# Some common modules.
|
||||||
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
|
./config/Setting.nix
|
||||||
{ nix.extraOptions = "experimental-features = nix-command flakes"; }
|
./config/Wallpaper.nix
|
||||||
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
|
(import ./config/Style.nix {
|
||||||
|
inherit (config.home-manager) config;
|
||||||
|
inherit (self) __findFile;
|
||||||
|
inherit lib pkgs;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
# Some common modules.
|
# SpecialArgs allows you to pass objects down to other configuration.
|
||||||
./config/Setting.nix
|
extraSpecialArgs = {
|
||||||
./config/Wallpaper.nix
|
inherit inputs self;
|
||||||
(import ./config/Style.nix {
|
inherit (self) const __findFile;
|
||||||
inherit (config.home-manager) config;
|
|
||||||
inherit (self) __findFile;
|
|
||||||
inherit lib pkgs;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
# SpecialArgs allows you to pass objects down to other configuration.
|
secret = import ./secret { }; # Secrets (public keys).
|
||||||
extraSpecialArgs = {
|
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
|
||||||
inherit inputs self;
|
};
|
||||||
inherit (self) const __findFile;
|
};
|
||||||
|
};
|
||||||
secret = import ./secret {}; # Secrets (public keys).
|
|
||||||
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
# That's it!
|
# That's it!
|
||||||
|
|
|
@ -1,40 +1,45 @@
|
||||||
# This is a common user configuration.
|
# This is a common user configuration.
|
||||||
{ const
|
{
|
||||||
, pkgs
|
const,
|
||||||
, self
|
pkgs,
|
||||||
, config
|
self,
|
||||||
, lib
|
config,
|
||||||
, inputs
|
lib,
|
||||||
, pkgsStable
|
inputs,
|
||||||
, pkgsMaster
|
pkgsStable,
|
||||||
, __findFile
|
pkgsMaster,
|
||||||
, ... } @args: with lib; let
|
__findFile,
|
||||||
cfg = config.home.android;
|
...
|
||||||
stylix = import <config/Stylix.nix> args;
|
}@args:
|
||||||
android = import ./android args;
|
with lib;
|
||||||
package = import <package> args;
|
let
|
||||||
# homePath = "/data/data/com.termux.nix/files/home";
|
cfg = config.home.android;
|
||||||
in {
|
stylix = import <config/Stylix.nix> args;
|
||||||
options = {
|
android = import ./android args;
|
||||||
home.android = {
|
package = import <package> args;
|
||||||
enable = mkEnableOption "Android HM config.";
|
in
|
||||||
};
|
# homePath = "/data/data/com.termux.nix/files/home";
|
||||||
};
|
{
|
||||||
|
options = {
|
||||||
|
home.android = {
|
||||||
|
enable = mkEnableOption "Android HM config.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
time.timeZone = const.timeZone;
|
time.timeZone = const.timeZone;
|
||||||
environment.packages = package.core;
|
environment.packages = package.core;
|
||||||
home-manager.config = stylix // {
|
home-manager.config = stylix // {
|
||||||
imports = [ inputs.stylix.homeManagerModules.stylix ];
|
imports = [ inputs.stylix.homeManagerModules.stylix ];
|
||||||
home = {
|
home = {
|
||||||
stateVersion = const.droidStateVersion;
|
stateVersion = const.droidStateVersion;
|
||||||
sessionVariables = import ./variable args;
|
sessionVariables = import ./variable args;
|
||||||
file = (import ./config args) // {
|
file = (import ./config args) // {
|
||||||
".termux/_font.ttf".source = android.font;
|
".termux/_font.ttf".source = android.font;
|
||||||
".termux/_colors.properties".text = android.colors;
|
".termux/_colors.properties".text = android.colors;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
programs = import ./program args;
|
programs = import ./program args;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,59 +1,64 @@
|
||||||
# This is a common user configuration.
|
# This is a common user configuration.
|
||||||
{ const
|
{
|
||||||
, util
|
const,
|
||||||
, config
|
util,
|
||||||
, lib
|
config,
|
||||||
, __findFile
|
lib,
|
||||||
, ... } @args: with lib; let
|
__findFile,
|
||||||
cfg = config.home.hm;
|
...
|
||||||
package = import <package> args;
|
}@args:
|
||||||
in {
|
with lib;
|
||||||
options = {
|
let
|
||||||
home.hm = {
|
cfg = config.home.hm;
|
||||||
enable = mkEnableOption "Home-Manager standalone config.";
|
package = import <package> args;
|
||||||
username = mkOption {
|
in
|
||||||
default = null;
|
{
|
||||||
type = types.str;
|
options = {
|
||||||
};
|
home.hm = {
|
||||||
homeDirectory = mkOption {
|
enable = mkEnableOption "Home-Manager standalone config.";
|
||||||
default = "/home/${cfg.username}";
|
username = mkOption {
|
||||||
type = types.str;
|
default = null;
|
||||||
};
|
type = types.str;
|
||||||
package = mkOption {
|
};
|
||||||
default = {};
|
homeDirectory = mkOption {
|
||||||
type = types.submodule {
|
default = "/home/${cfg.username}";
|
||||||
options = {
|
type = types.str;
|
||||||
common.enable = mkEnableOption "Common apps.";
|
};
|
||||||
core.enable = mkEnableOption "Core apps.";
|
package = mkOption {
|
||||||
creative.enable = mkEnableOption "Creative apps.";
|
default = { };
|
||||||
desktop.enable = mkEnableOption "Desktop apps.";
|
type = types.submodule {
|
||||||
dev.enable = mkEnableOption "Dev apps.";
|
options = {
|
||||||
extra.enable = mkEnableOption "Extra apps.";
|
common.enable = mkEnableOption "Common apps.";
|
||||||
gaming.enable = mkEnableOption "Gaming apps.";
|
core.enable = mkEnableOption "Core apps.";
|
||||||
};
|
creative.enable = mkEnableOption "Creative apps.";
|
||||||
};
|
desktop.enable = mkEnableOption "Desktop apps.";
|
||||||
};
|
dev.enable = mkEnableOption "Dev apps.";
|
||||||
};
|
extra.enable = mkEnableOption "Extra apps.";
|
||||||
};
|
gaming.enable = mkEnableOption "Gaming apps.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable (mkMerge [
|
config = mkIf cfg.enable (mkMerge [
|
||||||
{
|
{
|
||||||
home = {
|
home = {
|
||||||
inherit (cfg) username homeDirectory;
|
inherit (cfg) username homeDirectory;
|
||||||
inherit (const) stateVersion;
|
inherit (const) stateVersion;
|
||||||
file = import ./config args;
|
file = import ./config args;
|
||||||
sessionVariables = import ./variable args;
|
sessionVariables = import ./variable args;
|
||||||
};
|
};
|
||||||
xdg = import ./xdg { inherit (cfg) homeDirectory; };
|
xdg = import ./xdg { inherit (cfg) homeDirectory; };
|
||||||
programs = import ./program args;
|
programs = import ./program args;
|
||||||
dconf.settings = util.catSet (util.ls ./config/dconf) args;
|
dconf.settings = util.catSet (util.ls ./config/dconf) args;
|
||||||
}
|
}
|
||||||
(mkIf cfg.package.common.enable { home.packages = package.common; })
|
(mkIf cfg.package.common.enable { home.packages = package.common; })
|
||||||
(mkIf cfg.package.core.enable { home.packages = package.core; })
|
(mkIf cfg.package.core.enable { home.packages = package.core; })
|
||||||
(mkIf cfg.package.creative.enable { home.packages = package.creative; })
|
(mkIf cfg.package.creative.enable { home.packages = package.creative; })
|
||||||
(mkIf cfg.package.desktop.enable { home.packages = package.desktop; })
|
(mkIf cfg.package.desktop.enable { home.packages = package.desktop; })
|
||||||
(mkIf cfg.package.dev.enable { home.packages = package.dev; })
|
(mkIf cfg.package.dev.enable { home.packages = package.dev; })
|
||||||
(mkIf cfg.package.extra.enable { home.packages = package.extra; })
|
(mkIf cfg.package.extra.enable { home.packages = package.extra; })
|
||||||
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
|
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,44 +1,53 @@
|
||||||
# This is a common user configuration.
|
# This is a common user configuration.
|
||||||
{ const
|
{
|
||||||
, config
|
const,
|
||||||
, util
|
config,
|
||||||
, lib
|
util,
|
||||||
, pkgs
|
lib,
|
||||||
, ... } @args: with lib; let
|
pkgs,
|
||||||
cfg = config.home.nixos;
|
...
|
||||||
in {
|
}@args:
|
||||||
imports = (util.ls ./user);
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.home.nixos;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = (util.ls ./user);
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
home.nixos = {
|
home.nixos = {
|
||||||
enable = mkEnableOption "NixOS user setup.";
|
enable = mkEnableOption "NixOS user setup.";
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
default = [];
|
default = [ ];
|
||||||
type = types.listOf types.attrs;
|
type = types.listOf types.attrs;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
home-manager = {
|
home-manager = {
|
||||||
users = builtins.foldl' (acc: user: acc // {
|
users = builtins.foldl' (
|
||||||
${user.username} = {
|
acc: user:
|
||||||
home = {
|
acc
|
||||||
inherit (const) stateVersion;
|
// {
|
||||||
inherit (user) username homeDirectory;
|
${user.username} = {
|
||||||
file = import ./config args;
|
home = {
|
||||||
sessionVariables = import ./variable args;
|
inherit (const) stateVersion;
|
||||||
|
inherit (user) username homeDirectory;
|
||||||
|
file = import ./config args;
|
||||||
|
sessionVariables = import ./variable args;
|
||||||
|
|
||||||
# ISSUE: https://github.com/nix-community/home-manager/issues/5589
|
# ISSUE: https://github.com/nix-community/home-manager/issues/5589
|
||||||
extraActivationPath = with pkgs; [ openssh ];
|
extraActivationPath = with pkgs; [ openssh ];
|
||||||
};
|
};
|
||||||
xdg = import ./xdg { inherit (user) homeDirectory; };
|
xdg = import ./xdg { inherit (user) homeDirectory; };
|
||||||
programs = import ./program args;
|
programs = import ./program args;
|
||||||
dconf.settings = util.catSet (util.ls ./config/dconf) args;
|
dconf.settings = util.catSet (util.ls ./config/dconf) args;
|
||||||
};
|
};
|
||||||
}) {} cfg.users;
|
}
|
||||||
|
) { } cfg.users;
|
||||||
|
|
||||||
backupFileExtension = "old";
|
backupFileExtension = "old";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
{ pkgs, util, config, ... }: {
|
{ pkgs, config, ... }:
|
||||||
font = pkgs.runCommandNoCC "font" {} ''
|
{
|
||||||
cp ${pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
|
font = pkgs.runCommandNoCC "font" { } ''
|
||||||
'';
|
cp ${
|
||||||
|
pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }
|
||||||
|
}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
|
||||||
|
'';
|
||||||
|
|
||||||
colors = util.trimTabs ''
|
colors = ''
|
||||||
background=#${config.style.color.bg.dark}
|
background=#${config.style.color.bg.dark}
|
||||||
foreground=#${config.style.color.fg.light}
|
foreground=#${config.style.color.fg.light}
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,249 +1,250 @@
|
||||||
{ config, util, ... }: {
|
{ ... }:
|
||||||
text = util.trimTabs ''
|
{
|
||||||
#? Config file for btop v. 1.3.0
|
text = ''
|
||||||
|
#? Config file for btop v. 1.3.0
|
||||||
|
|
||||||
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
|
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
|
||||||
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
|
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
|
||||||
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme"
|
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme"
|
||||||
|
|
||||||
#* If the theme set background should be shown, set to False if you want terminal background transparency.
|
#* If the theme set background should be shown, set to False if you want terminal background transparency.
|
||||||
theme_background = False
|
theme_background = False
|
||||||
|
|
||||||
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
|
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
|
||||||
truecolor = True
|
truecolor = True
|
||||||
|
|
||||||
#* Set to true to force tty mode regardless if a real tty has been detected or not.
|
#* Set to true to force tty mode regardless if a real tty has been detected or not.
|
||||||
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
|
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
|
||||||
force_tty = False
|
force_tty = False
|
||||||
|
|
||||||
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
|
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
|
||||||
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
|
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
|
||||||
#* Use whitespace " " as separator between different presets.
|
#* Use whitespace " " as separator between different presets.
|
||||||
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
|
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
|
||||||
presets = ""
|
presets = ""
|
||||||
|
|
||||||
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
|
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
|
||||||
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
|
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
|
||||||
vim_keys = True
|
vim_keys = True
|
||||||
|
|
||||||
#* Rounded corners on boxes, is ignored if TTY mode is ON.
|
#* Rounded corners on boxes, is ignored if TTY mode is ON.
|
||||||
rounded_corners = True
|
rounded_corners = True
|
||||||
|
|
||||||
#* Default symbols to use for graph creation, "braille", "block" or "tty".
|
#* Default symbols to use for graph creation, "braille", "block" or "tty".
|
||||||
#* "braille" offers the highest resolution but might not be included in all fonts.
|
#* "braille" offers the highest resolution but might not be included in all fonts.
|
||||||
#* "block" has half the resolution of braille but uses more common characters.
|
#* "block" has half the resolution of braille but uses more common characters.
|
||||||
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
|
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
|
||||||
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
|
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
|
||||||
graph_symbol = "braille"
|
graph_symbol = "braille"
|
||||||
|
|
||||||
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
||||||
graph_symbol_cpu = "default"
|
graph_symbol_cpu = "default"
|
||||||
|
|
||||||
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
|
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
|
||||||
graph_symbol_gpu = "default"
|
graph_symbol_gpu = "default"
|
||||||
|
|
||||||
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
||||||
graph_symbol_mem = "default"
|
graph_symbol_mem = "default"
|
||||||
|
|
||||||
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
||||||
graph_symbol_net = "default"
|
graph_symbol_net = "default"
|
||||||
|
|
||||||
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
|
||||||
graph_symbol_proc = "default"
|
graph_symbol_proc = "default"
|
||||||
|
|
||||||
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
|
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
|
||||||
shown_boxes = "cpu mem net proc"
|
shown_boxes = "cpu mem net proc"
|
||||||
|
|
||||||
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
|
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
|
||||||
update_ms = 2000
|
update_ms = 2000
|
||||||
|
|
||||||
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
|
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
|
||||||
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
|
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
|
||||||
proc_sorting = "memory"
|
proc_sorting = "memory"
|
||||||
|
|
||||||
#* Reverse sorting order, True or False.
|
#* Reverse sorting order, True or False.
|
||||||
proc_reversed = False
|
proc_reversed = False
|
||||||
|
|
||||||
#* Show processes as a tree.
|
#* Show processes as a tree.
|
||||||
proc_tree = False
|
proc_tree = False
|
||||||
|
|
||||||
#* Use the cpu graph colors in the process list.
|
#* Use the cpu graph colors in the process list.
|
||||||
proc_colors = True
|
proc_colors = True
|
||||||
|
|
||||||
#* Use a darkening gradient in the process list.
|
#* Use a darkening gradient in the process list.
|
||||||
proc_gradient = True
|
proc_gradient = True
|
||||||
|
|
||||||
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
|
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
|
||||||
proc_per_core = False
|
proc_per_core = False
|
||||||
|
|
||||||
#* Show process memory as bytes instead of percent.
|
#* Show process memory as bytes instead of percent.
|
||||||
proc_mem_bytes = True
|
proc_mem_bytes = True
|
||||||
|
|
||||||
#* Show cpu graph for each process.
|
#* Show cpu graph for each process.
|
||||||
proc_cpu_graphs = True
|
proc_cpu_graphs = True
|
||||||
|
|
||||||
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
|
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
|
||||||
proc_info_smaps = False
|
proc_info_smaps = False
|
||||||
|
|
||||||
#* Show proc box on left side of screen instead of right.
|
#* Show proc box on left side of screen instead of right.
|
||||||
proc_left = True
|
proc_left = True
|
||||||
|
|
||||||
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
|
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
|
||||||
proc_filter_kernel = True
|
proc_filter_kernel = True
|
||||||
|
|
||||||
#* In tree-view, always accumulate child process resources in the parent process.
|
#* In tree-view, always accumulate child process resources in the parent process.
|
||||||
proc_aggregate = False
|
proc_aggregate = False
|
||||||
|
|
||||||
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
|
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
|
||||||
#* Select from a list of detected attributes from the options menu.
|
#* Select from a list of detected attributes from the options menu.
|
||||||
cpu_graph_upper = "total"
|
cpu_graph_upper = "total"
|
||||||
|
|
||||||
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
|
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
|
||||||
#* Select from a list of detected attributes from the options menu.
|
#* Select from a list of detected attributes from the options menu.
|
||||||
cpu_graph_lower = "total"
|
cpu_graph_lower = "total"
|
||||||
|
|
||||||
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
|
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
|
||||||
show_gpu_info = "Auto"
|
show_gpu_info = "Auto"
|
||||||
|
|
||||||
#* Toggles if the lower CPU graph should be inverted.
|
#* Toggles if the lower CPU graph should be inverted.
|
||||||
cpu_invert_lower = True
|
cpu_invert_lower = True
|
||||||
|
|
||||||
#* Set to True to completely disable the lower CPU graph.
|
#* Set to True to completely disable the lower CPU graph.
|
||||||
cpu_single_graph = False
|
cpu_single_graph = False
|
||||||
|
|
||||||
#* Show cpu box at bottom of screen instead of top.
|
#* Show cpu box at bottom of screen instead of top.
|
||||||
cpu_bottom = False
|
cpu_bottom = False
|
||||||
|
|
||||||
#* Shows the system uptime in the CPU box.
|
#* Shows the system uptime in the CPU box.
|
||||||
show_uptime = True
|
show_uptime = True
|
||||||
|
|
||||||
#* Show cpu temperature.
|
#* Show cpu temperature.
|
||||||
check_temp = True
|
check_temp = True
|
||||||
|
|
||||||
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
|
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
|
||||||
cpu_sensor = "Auto"
|
cpu_sensor = "Auto"
|
||||||
|
|
||||||
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
|
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
|
||||||
show_coretemp = True
|
show_coretemp = True
|
||||||
|
|
||||||
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
|
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
|
||||||
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
|
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
|
||||||
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
|
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
|
||||||
#* Example: "4:0 5:1 6:3"
|
#* Example: "4:0 5:1 6:3"
|
||||||
cpu_core_map = ""
|
cpu_core_map = ""
|
||||||
|
|
||||||
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
|
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
|
||||||
temp_scale = "celsius"
|
temp_scale = "celsius"
|
||||||
|
|
||||||
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
|
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
|
||||||
base_10_sizes = True
|
base_10_sizes = True
|
||||||
|
|
||||||
#* Show CPU frequency.
|
#* Show CPU frequency.
|
||||||
show_cpu_freq = True
|
show_cpu_freq = True
|
||||||
|
|
||||||
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
|
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
|
||||||
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
|
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
|
||||||
clock_format = "%X"
|
clock_format = "%X"
|
||||||
|
|
||||||
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
|
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
|
||||||
background_update = True
|
background_update = True
|
||||||
|
|
||||||
#* Custom cpu model name, empty string to disable.
|
#* Custom cpu model name, empty string to disable.
|
||||||
custom_cpu_name = ""
|
custom_cpu_name = ""
|
||||||
|
|
||||||
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
|
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
|
||||||
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
|
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
|
||||||
disks_filter = "exclude=/boot /boot/efi"
|
disks_filter = "exclude=/boot /boot/efi"
|
||||||
|
|
||||||
#* Show graphs instead of meters for memory values.
|
#* Show graphs instead of meters for memory values.
|
||||||
mem_graphs = True
|
mem_graphs = True
|
||||||
|
|
||||||
#* Show mem box below net box instead of above.
|
#* Show mem box below net box instead of above.
|
||||||
mem_below_net = False
|
mem_below_net = False
|
||||||
|
|
||||||
#* Count ZFS ARC in cached and available memory.
|
#* Count ZFS ARC in cached and available memory.
|
||||||
zfs_arc_cached = True
|
zfs_arc_cached = True
|
||||||
|
|
||||||
#* If swap memory should be shown in memory box.
|
#* If swap memory should be shown in memory box.
|
||||||
show_swap = True
|
show_swap = True
|
||||||
|
|
||||||
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
|
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
|
||||||
swap_disk = False
|
swap_disk = False
|
||||||
|
|
||||||
#* If mem box should be split to also show disks info.
|
#* If mem box should be split to also show disks info.
|
||||||
show_disks = True
|
show_disks = True
|
||||||
|
|
||||||
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
|
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
|
||||||
only_physical = True
|
only_physical = True
|
||||||
|
|
||||||
#* Read disks list from /etc/fstab. This also disables only_physical.
|
#* Read disks list from /etc/fstab. This also disables only_physical.
|
||||||
use_fstab = True
|
use_fstab = True
|
||||||
|
|
||||||
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
|
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
|
||||||
zfs_hide_datasets = False
|
zfs_hide_datasets = False
|
||||||
|
|
||||||
#* Set to true to show available disk space for privileged users.
|
#* Set to true to show available disk space for privileged users.
|
||||||
disk_free_priv = False
|
disk_free_priv = False
|
||||||
|
|
||||||
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
|
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
|
||||||
show_io_stat = True
|
show_io_stat = True
|
||||||
|
|
||||||
#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
|
#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
|
||||||
io_mode = False
|
io_mode = False
|
||||||
|
|
||||||
#* Set to True to show combined read/write io graphs in io mode.
|
#* Set to True to show combined read/write io graphs in io mode.
|
||||||
io_graph_combined = False
|
io_graph_combined = False
|
||||||
|
|
||||||
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
|
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
|
||||||
#* Example: "/mnt/media:100 /:20 /boot:1".
|
#* Example: "/mnt/media:100 /:20 /boot:1".
|
||||||
io_graph_speeds = ""
|
io_graph_speeds = ""
|
||||||
|
|
||||||
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
|
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
|
||||||
net_download = 100
|
net_download = 100
|
||||||
|
|
||||||
net_upload = 100
|
net_upload = 100
|
||||||
|
|
||||||
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
|
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
|
||||||
net_auto = True
|
net_auto = True
|
||||||
|
|
||||||
#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
|
#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
|
||||||
net_sync = True
|
net_sync = True
|
||||||
|
|
||||||
#* Starts with the Network Interface specified here.
|
#* Starts with the Network Interface specified here.
|
||||||
net_iface = ""
|
net_iface = ""
|
||||||
|
|
||||||
#* Show battery stats in top right if battery is present.
|
#* Show battery stats in top right if battery is present.
|
||||||
show_battery = True
|
show_battery = True
|
||||||
|
|
||||||
#* Which battery to use if multiple are present. "Auto" for auto detection.
|
#* Which battery to use if multiple are present. "Auto" for auto detection.
|
||||||
selected_battery = "Auto"
|
selected_battery = "Auto"
|
||||||
|
|
||||||
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
|
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
|
||||||
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
|
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
|
||||||
log_level = "WARNING"
|
log_level = "WARNING"
|
||||||
|
|
||||||
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
|
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
|
||||||
nvml_measure_pcie_speeds = True
|
nvml_measure_pcie_speeds = True
|
||||||
|
|
||||||
#* Horizontally mirror the GPU graph.
|
#* Horizontally mirror the GPU graph.
|
||||||
gpu_mirror_graph = True
|
gpu_mirror_graph = True
|
||||||
|
|
||||||
#* Custom gpu0 model name, empty string to disable.
|
#* Custom gpu0 model name, empty string to disable.
|
||||||
custom_gpu_name0 = ""
|
custom_gpu_name0 = ""
|
||||||
|
|
||||||
#* Custom gpu1 model name, empty string to disable.
|
#* Custom gpu1 model name, empty string to disable.
|
||||||
custom_gpu_name1 = ""
|
custom_gpu_name1 = ""
|
||||||
|
|
||||||
#* Custom gpu2 model name, empty string to disable.
|
#* Custom gpu2 model name, empty string to disable.
|
||||||
custom_gpu_name2 = ""
|
custom_gpu_name2 = ""
|
||||||
|
|
||||||
#* Custom gpu3 model name, empty string to disable.
|
#* Custom gpu3 model name, empty string to disable.
|
||||||
custom_gpu_name3 = ""
|
custom_gpu_name3 = ""
|
||||||
|
|
||||||
#* Custom gpu4 model name, empty string to disable.
|
#* Custom gpu4 model name, empty string to disable.
|
||||||
custom_gpu_name4 = ""
|
custom_gpu_name4 = ""
|
||||||
|
|
||||||
#* Custom gpu5 model name, empty string to disable.
|
#* Custom gpu5 model name, empty string to disable.
|
||||||
custom_gpu_name5 = ""
|
custom_gpu_name5 = ""
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/desktop/a11y" = {
|
{
|
||||||
always-show-universal-access-status = true;
|
"org/gnome/desktop/a11y" = {
|
||||||
};
|
always-show-universal-access-status = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +1,28 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gtk/gtk4/settings/file-chooser" = {
|
{
|
||||||
date-format = "regular";
|
"org/gtk/gtk4/settings/file-chooser" = {
|
||||||
location-mode = "path-bar";
|
date-format = "regular";
|
||||||
show-hidden = false;
|
location-mode = "path-bar";
|
||||||
show-size-column = true;
|
show-hidden = false;
|
||||||
show-type-column = true;
|
show-size-column = true;
|
||||||
sidebar-width = "166";
|
show-type-column = true;
|
||||||
sort-column = "modified";
|
sidebar-width = "166";
|
||||||
sort-directories-first = true;
|
sort-column = "modified";
|
||||||
sort-order = "descending";
|
sort-directories-first = true;
|
||||||
type-format = "category";
|
sort-order = "descending";
|
||||||
view-type = "list";
|
type-format = "category";
|
||||||
};
|
view-type = "list";
|
||||||
|
};
|
||||||
|
|
||||||
"org/gtk/settings/file-chooser" = {
|
"org/gtk/settings/file-chooser" = {
|
||||||
date-format = "regular";
|
date-format = "regular";
|
||||||
location-mode = "path-bar";
|
location-mode = "path-bar";
|
||||||
show-hidden = false;
|
show-hidden = false;
|
||||||
show-size-column = true;
|
show-size-column = true;
|
||||||
show-type-column = true;
|
show-type-column = true;
|
||||||
sort-column = "modified";
|
sort-column = "modified";
|
||||||
sort-directories-first = true;
|
sort-directories-first = true;
|
||||||
sort-order = "descending";
|
sort-order = "descending";
|
||||||
type-format = "category";
|
type-format = "category";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,21 +1,40 @@
|
||||||
{ lib, config, ... }: {
|
{ lib, config, ... }:
|
||||||
"org/gnome/desktop/input-sources" = with lib.gvariant; {
|
{
|
||||||
current = mkUint32 0;
|
"org/gnome/desktop/input-sources" = with lib.gvariant; {
|
||||||
mru-sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
|
current = mkUint32 0;
|
||||||
per-window = false;
|
mru-sources = [
|
||||||
show-all-sources = true;
|
(mkTuple [
|
||||||
sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
|
"xkb"
|
||||||
xkb-options = [ config.setting.keyboard.options ];
|
"us"
|
||||||
};
|
])
|
||||||
|
(mkTuple [
|
||||||
|
"xkb"
|
||||||
|
"ru"
|
||||||
|
])
|
||||||
|
];
|
||||||
|
per-window = false;
|
||||||
|
show-all-sources = true;
|
||||||
|
sources = [
|
||||||
|
(mkTuple [
|
||||||
|
"xkb"
|
||||||
|
"us"
|
||||||
|
])
|
||||||
|
(mkTuple [
|
||||||
|
"xkb"
|
||||||
|
"ru"
|
||||||
|
])
|
||||||
|
];
|
||||||
|
xkb-options = [ config.setting.keyboard.options ];
|
||||||
|
};
|
||||||
|
|
||||||
"org/gnome/desktop/peripherals/mouse" = {
|
"org/gnome/desktop/peripherals/mouse" = {
|
||||||
accel-profile = "flat";
|
accel-profile = "flat";
|
||||||
natural-scroll = true;
|
natural-scroll = true;
|
||||||
speed = "0.0";
|
speed = "0.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/desktop/peripherals/touchpad" = {
|
"org/gnome/desktop/peripherals/touchpad" = {
|
||||||
tap-to-click = true;
|
tap-to-click = true;
|
||||||
two-finger-scrolling-enabled = true;
|
two-finger-scrolling-enabled = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/desktop/interface" = {
|
{
|
||||||
clock-show-date = true;
|
"org/gnome/desktop/interface" = {
|
||||||
clock-show-weekday = true;
|
clock-show-date = true;
|
||||||
color-scheme = "prefer-dark";
|
clock-show-weekday = true;
|
||||||
enable-animations = false;
|
color-scheme = "prefer-dark";
|
||||||
enable-hot-corners = false;
|
enable-animations = false;
|
||||||
gtk-enable-primary-paste = false;
|
enable-hot-corners = false;
|
||||||
show-battery-percentage = false;
|
gtk-enable-primary-paste = false;
|
||||||
};
|
show-battery-percentage = false;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,132 +1,134 @@
|
||||||
{ config, ... }: let
|
{ config, ... }:
|
||||||
mod = "<Super>";
|
let
|
||||||
in {
|
mod = "<Super>";
|
||||||
"org/gnome/desktop/wm/keybindings" = {
|
in
|
||||||
activate-window-menu = [ "" ];
|
{
|
||||||
begin-move = [ "" ];
|
"org/gnome/desktop/wm/keybindings" = {
|
||||||
begin-resize = [ "${mod}r" ];
|
activate-window-menu = [ "" ];
|
||||||
close = [ "${mod}x" ];
|
begin-move = [ "" ];
|
||||||
cycle-group = [ "" ];
|
begin-resize = [ "${mod}r" ];
|
||||||
cycle-group-backward = [ "" ];
|
close = [ "${mod}x" ];
|
||||||
cycle-panels = [ "" ];
|
cycle-group = [ "" ];
|
||||||
cycle-panels-backward = [ "" ];
|
cycle-group-backward = [ "" ];
|
||||||
cycle-windows = [ "" ];
|
cycle-panels = [ "" ];
|
||||||
cycle-windows-backward = [ "" ];
|
cycle-panels-backward = [ "" ];
|
||||||
maximize = [ "" ];
|
cycle-windows = [ "" ];
|
||||||
maximize-horizontally = [ "" ];
|
cycle-windows-backward = [ "" ];
|
||||||
minimize = [ "${mod}s" ];
|
maximize = [ "" ];
|
||||||
move-to-monitor-down = [ "" ];
|
maximize-horizontally = [ "" ];
|
||||||
move-to-monitor-left = [ "" ];
|
minimize = [ "${mod}s" ];
|
||||||
move-to-monitor-right = [ "" ];
|
move-to-monitor-down = [ "" ];
|
||||||
move-to-monitor-up = [ "" ];
|
move-to-monitor-left = [ "" ];
|
||||||
move-to-workspace-1 = [ "" ];
|
move-to-monitor-right = [ "" ];
|
||||||
move-to-workspace-2 = [ "" ];
|
move-to-monitor-up = [ "" ];
|
||||||
move-to-workspace-3 = [ "" ];
|
move-to-workspace-1 = [ "" ];
|
||||||
move-to-workspace-4 = [ "" ];
|
move-to-workspace-2 = [ "" ];
|
||||||
move-to-workspace-last = [ "" ];
|
move-to-workspace-3 = [ "" ];
|
||||||
move-to-workspace-left = [ "<Shift>${mod}q" ];
|
move-to-workspace-4 = [ "" ];
|
||||||
move-to-workspace-right = [ "<Shift>${mod}e" ];
|
move-to-workspace-last = [ "" ];
|
||||||
panel-run-dialog = [ "${mod}space" ];
|
move-to-workspace-left = [ "<Shift>${mod}q" ];
|
||||||
show-desktop = [ "${mod}c" ];
|
move-to-workspace-right = [ "<Shift>${mod}e" ];
|
||||||
switch-applications = [ "${mod}Tab" ];
|
panel-run-dialog = [ "${mod}space" ];
|
||||||
switch-applications-backward = [ "<Shift>${mod}Tab" ];
|
show-desktop = [ "${mod}c" ];
|
||||||
switch-group = [ "<Alt>Tab" ];
|
switch-applications = [ "${mod}Tab" ];
|
||||||
switch-group-backward = [ "<Shift><Alt>Tab" ];
|
switch-applications-backward = [ "<Shift>${mod}Tab" ];
|
||||||
switch-input-source = [ "" ];
|
switch-group = [ "<Alt>Tab" ];
|
||||||
switch-input-source-backward = [ "" ];
|
switch-group-backward = [ "<Shift><Alt>Tab" ];
|
||||||
switch-panels = [ "" ];
|
switch-input-source = [ "" ];
|
||||||
switch-panels-backward = [ "" ];
|
switch-input-source-backward = [ "" ];
|
||||||
switch-to-workspace-1 = [ "" ];
|
switch-panels = [ "" ];
|
||||||
switch-to-workspace-2 = [ "" ];
|
switch-panels-backward = [ "" ];
|
||||||
switch-to-workspace-3 = [ "" ];
|
switch-to-workspace-1 = [ "" ];
|
||||||
switch-to-workspace-4 = [ "" ];
|
switch-to-workspace-2 = [ "" ];
|
||||||
switch-to-workspace-last = [ "" ];
|
switch-to-workspace-3 = [ "" ];
|
||||||
switch-to-workspace-left = [ "${mod}q" ];
|
switch-to-workspace-4 = [ "" ];
|
||||||
switch-to-workspace-right = [ "${mod}e" ];
|
switch-to-workspace-last = [ "" ];
|
||||||
switch-windows = [ "" ];
|
switch-to-workspace-left = [ "${mod}q" ];
|
||||||
switch-windows-backward = [ "" ];
|
switch-to-workspace-right = [ "${mod}e" ];
|
||||||
toggle-fullscreen = [ "${mod}f" ];
|
switch-windows = [ "" ];
|
||||||
toggle-maximized = [ "${mod}w" ];
|
switch-windows-backward = [ "" ];
|
||||||
unmaximize = [ "" ];
|
toggle-fullscreen = [ "${mod}f" ];
|
||||||
};
|
toggle-maximized = [ "${mod}w" ];
|
||||||
|
unmaximize = [ "" ];
|
||||||
|
};
|
||||||
|
|
||||||
"org/gnome/mutter/keybindings" = {
|
"org/gnome/mutter/keybindings" = {
|
||||||
toggle-tiled-left = [ "${mod}a" ];
|
toggle-tiled-left = [ "${mod}a" ];
|
||||||
toggle-tiled-right = [ "${mod}d" ];
|
toggle-tiled-right = [ "${mod}d" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/mutter/wayland/keybindings" = {
|
"org/gnome/mutter/wayland/keybindings" = {
|
||||||
restore-shortcuts = [ "" ];
|
restore-shortcuts = [ "" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys" = {
|
"org/gnome/settings-daemon/plugins/media-keys" = {
|
||||||
custom-keybindings = [
|
custom-keybindings = [
|
||||||
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
|
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
|
||||||
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
|
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
|
||||||
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
|
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
|
||||||
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
|
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
|
||||||
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
|
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
|
||||||
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
|
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
|
||||||
];
|
];
|
||||||
magnifier = [ "" ];
|
magnifier = [ "" ];
|
||||||
magnifier-zoom-in = [ "" ];
|
magnifier-zoom-in = [ "" ];
|
||||||
magnifier-zoom-out = [ "" ];
|
magnifier-zoom-out = [ "" ];
|
||||||
screenreader = [ "" ];
|
screenreader = [ "" ];
|
||||||
screensaver = [ "${mod}z" ];
|
screensaver = [ "${mod}z" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
|
||||||
binding = "${mod}Escape";
|
binding = "${mod}Escape";
|
||||||
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
|
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
|
||||||
name = "gnome-terminal";
|
name = "gnome-terminal";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
|
||||||
binding = "printz";
|
binding = "printz";
|
||||||
command = "systemctl suspend -i";
|
command = "systemctl suspend -i";
|
||||||
name = "System Sleep";
|
name = "System Sleep";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
|
||||||
binding = "printx";
|
binding = "printx";
|
||||||
command = "systemctl poweroff -i";
|
command = "systemctl poweroff -i";
|
||||||
name = "System Poweroff";
|
name = "System Poweroff";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
|
||||||
binding = "printc";
|
binding = "printc";
|
||||||
command = "systemctl reboot -i";
|
command = "systemctl reboot -i";
|
||||||
name = "System Reboot";
|
name = "System Reboot";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
|
||||||
binding = "printp";
|
binding = "printp";
|
||||||
command = "powersave toggle";
|
command = "powersave toggle";
|
||||||
name = "Toggle Powersave";
|
name = "Toggle Powersave";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
|
||||||
binding = "printl";
|
binding = "printl";
|
||||||
command = "powerlimit toggle";
|
command = "powerlimit toggle";
|
||||||
name = "Toggle Powerlimit";
|
name = "Toggle Powerlimit";
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/shell/keybindings" = {
|
"org/gnome/shell/keybindings" = {
|
||||||
focus-active-notification = [ "" ];
|
focus-active-notification = [ "" ];
|
||||||
open-application-menu = [ "" ];
|
open-application-menu = [ "" ];
|
||||||
show-screenshot-ui = [ "${mod}v" ];
|
show-screenshot-ui = [ "${mod}v" ];
|
||||||
switch-to-application-1 = [ "" ];
|
switch-to-application-1 = [ "" ];
|
||||||
switch-to-application-2 = [ "" ];
|
switch-to-application-2 = [ "" ];
|
||||||
switch-to-application-3 = [ "" ];
|
switch-to-application-3 = [ "" ];
|
||||||
switch-to-application-4 = [ "" ];
|
switch-to-application-4 = [ "" ];
|
||||||
switch-to-application-5 = [ "" ];
|
switch-to-application-5 = [ "" ];
|
||||||
switch-to-application-6 = [ "" ];
|
switch-to-application-6 = [ "" ];
|
||||||
switch-to-application-7 = [ "" ];
|
switch-to-application-7 = [ "" ];
|
||||||
switch-to-application-8 = [ "" ];
|
switch-to-application-8 = [ "" ];
|
||||||
switch-to-application-9 = [ "" ];
|
switch-to-application-9 = [ "" ];
|
||||||
toggle-application-view = [ "" ];
|
toggle-application-view = [ "" ];
|
||||||
toggle-message-tray = [ "" ];
|
toggle-message-tray = [ "" ];
|
||||||
toggle-overview = [ "" ];
|
toggle-overview = [ "" ];
|
||||||
toggle-quick-settings = [ "" ];
|
toggle-quick-settings = [ "" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/desktop/media-handling" = {
|
{
|
||||||
automount = false;
|
"org/gnome/desktop/media-handling" = {
|
||||||
automount-open = false;
|
automount = false;
|
||||||
autorun-never = true;
|
automount-open = false;
|
||||||
};
|
autorun-never = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,21 +1,22 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/nautilus/icon-view" = {
|
{
|
||||||
default-zoom-level = "larger";
|
"org/gnome/nautilus/icon-view" = {
|
||||||
};
|
default-zoom-level = "larger";
|
||||||
|
};
|
||||||
|
|
||||||
"org/gnome/nautilus/list-view" = {
|
"org/gnome/nautilus/list-view" = {
|
||||||
default-zoom-level = "small";
|
default-zoom-level = "small";
|
||||||
use-tree-view = false;
|
use-tree-view = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/nautilus/preferences" = {
|
"org/gnome/nautilus/preferences" = {
|
||||||
click-policy = "single";
|
click-policy = "single";
|
||||||
default-folder-viewer = "list-view";
|
default-folder-viewer = "list-view";
|
||||||
default-sort-in-reverse-order = false;
|
default-sort-in-reverse-order = false;
|
||||||
default-sort-order = "name";
|
default-sort-order = "name";
|
||||||
migrated-gtk-settings = true;
|
migrated-gtk-settings = true;
|
||||||
search-filter-time-type = "last_modified";
|
search-filter-time-type = "last_modified";
|
||||||
search-view = "list-view";
|
search-view = "list-view";
|
||||||
show-image-thumbnails = "local-only";
|
show-image-thumbnails = "local-only";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/settings-daemon/plugins/power" = {
|
{
|
||||||
ambient-enabled = false;
|
"org/gnome/settings-daemon/plugins/power" = {
|
||||||
idle-dim = false;
|
ambient-enabled = false;
|
||||||
power-button-action = "nothing";
|
idle-dim = false;
|
||||||
sleep-inactive-ac-timeout = "0";
|
power-button-action = "nothing";
|
||||||
sleep-inactive-ac-type = "nothing";
|
sleep-inactive-ac-timeout = "0";
|
||||||
sleep-inactive-battery-type = "nothing";
|
sleep-inactive-ac-type = "nothing";
|
||||||
};
|
sleep-inactive-battery-type = "nothing";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,16 @@
|
||||||
{ lib, ... }: {
|
{ lib, ... }:
|
||||||
"org/gnome/desktop/privacy" = with lib.gvariant; {
|
{
|
||||||
disable-camera = false;
|
"org/gnome/desktop/privacy" = with lib.gvariant; {
|
||||||
disable-microphone = false;
|
disable-camera = false;
|
||||||
old-files-age = mkUint32 30;
|
disable-microphone = false;
|
||||||
recent-files-max-age = mkUint32 30;
|
old-files-age = mkUint32 30;
|
||||||
remove-old-temp-files = true;
|
recent-files-max-age = mkUint32 30;
|
||||||
remove-old-trash-files = true;
|
remove-old-temp-files = true;
|
||||||
report-technical-problems = true;
|
remove-old-trash-files = true;
|
||||||
};
|
report-technical-problems = true;
|
||||||
|
};
|
||||||
|
|
||||||
"org/gnome/system/location" = {
|
"org/gnome/system/location" = {
|
||||||
enabled = false;
|
enabled = false;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ lib, ... }: {
|
{ lib, ... }:
|
||||||
"org/gnome/desktop/session" = with lib.gvariant; {
|
{
|
||||||
idle-delay = mkUint32 0;
|
"org/gnome/desktop/session" = with lib.gvariant; {
|
||||||
};
|
idle-delay = mkUint32 0;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,15 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/shell" = {
|
{
|
||||||
disable-extension-version-validation = true;
|
"org/gnome/shell" = {
|
||||||
disable-user-extensions = false;
|
disable-extension-version-validation = true;
|
||||||
favorite-apps = [ "" ];
|
disable-user-extensions = false;
|
||||||
had-bluetooth-devices-setup = true;
|
favorite-apps = [ "" ];
|
||||||
last-selected-power-profile = "power-saver";
|
had-bluetooth-devices-setup = true;
|
||||||
remember-mount-password = false;
|
last-selected-power-profile = "power-saver";
|
||||||
};
|
remember-mount-password = false;
|
||||||
|
};
|
||||||
|
|
||||||
"system/proxy" = {
|
"system/proxy" = {
|
||||||
mode = "none";
|
mode = "none";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/software" = {
|
{
|
||||||
download-updates = false;
|
"org/gnome/software" = {
|
||||||
download-updates-notify = false;
|
download-updates = false;
|
||||||
first-run = false;
|
download-updates-notify = false;
|
||||||
show-nonfree-prompt = false;
|
first-run = false;
|
||||||
};
|
show-nonfree-prompt = false;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
"org/gnome/desktop/sound" = {
|
{
|
||||||
allow-volume-above-100-percent = false;
|
"org/gnome/desktop/sound" = {
|
||||||
event-sounds = false;
|
allow-volume-above-100-percent = false;
|
||||||
theme-name = "freedesktop";
|
event-sounds = false;
|
||||||
};
|
theme-name = "freedesktop";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +1,33 @@
|
||||||
{ lib, ... }: {
|
{ lib, ... }:
|
||||||
"org/gnome/desktop/wm/preferences" = {
|
{
|
||||||
action-middle-click-titlebar = "minimize";
|
"org/gnome/desktop/wm/preferences" = {
|
||||||
action-right-click-titlebar = "menu";
|
action-middle-click-titlebar = "minimize";
|
||||||
focus-mode = "click"; # `click` or `sloppy`.
|
action-right-click-titlebar = "menu";
|
||||||
button-layout = "appmenu:close";
|
focus-mode = "click"; # `click` or `sloppy`.
|
||||||
};
|
button-layout = "appmenu:close";
|
||||||
|
};
|
||||||
|
|
||||||
"org/gnome/mutter" = {
|
"org/gnome/mutter" = {
|
||||||
attach-modal-dialogs = true;
|
attach-modal-dialogs = true;
|
||||||
center-new-windows = true;
|
center-new-windows = true;
|
||||||
dynamic-workspaces = true;
|
dynamic-workspaces = true;
|
||||||
edge-tiling = true;
|
edge-tiling = true;
|
||||||
workspaces-only-on-primary = true;
|
workspaces-only-on-primary = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
|
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
|
||||||
night-light-enabled = false;
|
night-light-enabled = false;
|
||||||
night-light-schedule-automatic = false;
|
night-light-schedule-automatic = false;
|
||||||
night-light-schedule-from = "0.0";
|
night-light-schedule-from = "0.0";
|
||||||
night-light-schedule-to = "0.0";
|
night-light-schedule-to = "0.0";
|
||||||
night-light-temperature = mkUint32 3700;
|
night-light-temperature = mkUint32 3700;
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/shell/app-switcher" = {
|
"org/gnome/shell/app-switcher" = {
|
||||||
current-workspace-only = true;
|
current-workspace-only = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/shell/overrides" = {
|
"org/gnome/shell/overrides" = {
|
||||||
edge-tiling = false;
|
edge-tiling = false;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,50 +1,57 @@
|
||||||
{ self, inputs, config, ... } @args: let
|
{
|
||||||
btop = import ./btop args;
|
self,
|
||||||
editor = import ./editorconfig args;
|
inputs,
|
||||||
foot = import ./foot args;
|
config,
|
||||||
fuzzel = import ./fuzzel args;
|
...
|
||||||
git = import ./git args;
|
}@args:
|
||||||
gtk3 = import ./gtk/3 args;
|
let
|
||||||
jetbrains = import ./jetbrains args;
|
btop = import ./btop args;
|
||||||
keyd = import ./keyd args;
|
editor = import ./editorconfig args;
|
||||||
mako = import ./mako args;
|
foot = import ./foot args;
|
||||||
mangohud = import ./mangohud args;
|
fuzzel = import ./fuzzel args;
|
||||||
nvim = import ./nvim args;
|
git = import ./git args;
|
||||||
ssh = import ./ssh args;
|
gtk3 = import ./gtk/3 args;
|
||||||
swappy = import ./swappy args;
|
jetbrains = import ./jetbrains args;
|
||||||
sway = import ./sway args;
|
keyd = import ./keyd args;
|
||||||
tmux = import ./tmux args;
|
mako = import ./mako args;
|
||||||
waybar = import ./waybar args;
|
mangohud = import ./mangohud args;
|
||||||
yazi = import ./yazi args;
|
nvim = import ./nvim args;
|
||||||
in {
|
ssh = import ./ssh args;
|
||||||
".Wallpaper".source = config.module.wallpaper.path;
|
swappy = import ./swappy args;
|
||||||
".config/MangoHud/MangoHud.conf".source = mangohud.config;
|
sway = import ./sway args;
|
||||||
".config/MangoHud/presets.conf".source = mangohud.presets;
|
tmux = import ./tmux args;
|
||||||
".config/btop/btop.conf".text = btop.text;
|
waybar = import ./waybar args;
|
||||||
".config/foot/foot.ini".source = foot.file;
|
yazi = import ./yazi args;
|
||||||
".config/fuzzel/fuzzel.ini".source = fuzzel.file;
|
in
|
||||||
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks;
|
{
|
||||||
".config/keyd/app.conf".text = keyd.text;
|
".Wallpaper".source = config.module.wallpaper.path;
|
||||||
".config/mako/config".source = mako.file;
|
".config/MangoHud/MangoHud.conf".source = mangohud.config;
|
||||||
".config/nvim/init.vim".text = nvim.text;
|
".config/MangoHud/presets.conf".source = mangohud.presets;
|
||||||
".config/swappy/config".source = swappy.config;
|
".config/btop/btop.conf".text = btop.text;
|
||||||
".config/sway/config".text = sway.text;
|
".config/foot/foot.ini".source = foot.file;
|
||||||
".config/tmux/tmux.conf".text = tmux.text;
|
".config/fuzzel/fuzzel.ini".source = fuzzel.file;
|
||||||
".config/waybar/config".source = waybar.config;
|
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks;
|
||||||
".config/waybar/style.css".source = waybar.style;
|
".config/keyd/app.conf".text = keyd.text;
|
||||||
".config/yazi/init.lua".source = yazi.init;
|
".config/mako/config".source = mako.file;
|
||||||
".config/yazi/keymap.toml".source = yazi.keymap;
|
".config/nvim/init.vim".text = nvim.text;
|
||||||
".config/yazi/theme.toml".source = yazi.theme;
|
".config/swappy/config".source = swappy.config;
|
||||||
".config/yazi/yazi.toml".source = yazi.yazi;
|
".config/sway/config".text = sway.text;
|
||||||
".editorconfig".source = editor.file;
|
".config/tmux/tmux.conf".text = tmux.text;
|
||||||
".gitconfig".source = git.file;
|
".config/waybar/config".source = waybar.config;
|
||||||
".ideavimrc".text = jetbrains.ideavimrc;
|
".config/waybar/style.css".source = waybar.style;
|
||||||
".nix".source = self;
|
".config/yazi/init.lua".source = yazi.init;
|
||||||
".nixpkgs".source = inputs.nixpkgs;
|
".config/yazi/keymap.toml".source = yazi.keymap;
|
||||||
# TODO: Add after migrating to stable.
|
".config/yazi/theme.toml".source = yazi.theme;
|
||||||
# ".nixpkgs_unstable".source = inputs.nixpkgs;
|
".config/yazi/yazi.toml".source = yazi.yazi;
|
||||||
# ".nixpkgs_master".source = inputs.nixpkgs;
|
".editorconfig".source = editor.file;
|
||||||
".parallel/will-cite".text = "";
|
".gitconfig".source = git.file;
|
||||||
".ssh/config".text = ssh.text;
|
".ideavimrc".text = jetbrains.ideavimrc;
|
||||||
".template".source = ./template;
|
".nix".source = self;
|
||||||
|
".nixpkgs".source = inputs.nixpkgs;
|
||||||
|
# TODO: Add after migrating to stable.
|
||||||
|
# ".nixpkgs_unstable".source = inputs.nixpkgs;
|
||||||
|
# ".nixpkgs_master".source = inputs.nixpkgs;
|
||||||
|
".parallel/will-cite".text = "";
|
||||||
|
".ssh/config".text = ssh.text;
|
||||||
|
".template".source = ./template;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +1,34 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
file = (pkgs.formats.iniWithGlobalSection {}).generate "EditorconfigConfig" {
|
{
|
||||||
globalSection.root = true;
|
file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" {
|
||||||
|
globalSection.root = true;
|
||||||
|
|
||||||
sections = {
|
sections = {
|
||||||
"*" = {
|
"*" = {
|
||||||
end_of_line = "lf";
|
end_of_line = "lf";
|
||||||
charset = "utf-8";
|
charset = "utf-8";
|
||||||
indent_style = "tab";
|
indent_style = "tab";
|
||||||
indent_size = "2";
|
indent_size = 2;
|
||||||
insert_final_newline = "true";
|
insert_final_newline = "true";
|
||||||
trim_trailing_whitespace = "true";
|
trim_trailing_whitespace = "true";
|
||||||
};
|
};
|
||||||
|
|
||||||
Makefile = {
|
"Makefile" = {
|
||||||
indent_size = 2;
|
indent_size = 4;
|
||||||
};
|
};
|
||||||
|
|
||||||
"*.{nix,js}" = {
|
"*.nix" = {
|
||||||
indent_size = 2;
|
indent_style = "space";
|
||||||
};
|
indent_size = 2;
|
||||||
|
};
|
||||||
|
|
||||||
"*.{lua,kt,kts,rs,py}" = {
|
"*.{lua,kt,kts,rs,py}" = {
|
||||||
indent_size = 4;
|
indent_size = 4;
|
||||||
};
|
};
|
||||||
|
|
||||||
"*.{sh,md}" = {
|
"*.{sh,md}" = {
|
||||||
indent_size = 8;
|
indent_size = 8;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,28 +1,30 @@
|
||||||
{ config, pkgs, ... }: let
|
{ config, pkgs, ... }:
|
||||||
dpiAware = if config.setting.dpiAware then "yes" else "no";
|
let
|
||||||
borderSize = toString config.style.window.border;
|
dpiAware = if config.setting.dpiAware then "yes" else "no";
|
||||||
fontStep = 1;
|
borderSize = toString config.style.window.border;
|
||||||
in {
|
fontStep = 1;
|
||||||
file = (pkgs.formats.iniWithGlobalSection {}).generate "FootConfig" {
|
in
|
||||||
globalSection = {
|
{
|
||||||
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" {
|
||||||
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
globalSection = {
|
||||||
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
||||||
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
||||||
dpi-aware = dpiAware;
|
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
||||||
font-size-adjustment = fontStep;
|
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
|
||||||
pad = "${borderSize}x${borderSize} center";
|
dpi-aware = dpiAware;
|
||||||
};
|
font-size-adjustment = fontStep;
|
||||||
|
pad = "${borderSize}x${borderSize} center";
|
||||||
|
};
|
||||||
|
|
||||||
sections = {
|
sections = {
|
||||||
colors = {
|
colors = {
|
||||||
alpha = config.style.opacity.terminal;
|
alpha = config.style.opacity.terminal;
|
||||||
background = config.style.color.bg.dark;
|
background = config.style.color.bg.dark;
|
||||||
foreground = config.style.color.fg.light;
|
foreground = config.style.color.fg.light;
|
||||||
};
|
};
|
||||||
key-bindings = {
|
key-bindings = {
|
||||||
show-urls-launch = "Mod1+o";
|
show-urls-launch = "Mod1+o";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,36 +1,40 @@
|
||||||
{ pkgs, config, ... }: let
|
{ pkgs, config, ... }:
|
||||||
dpiAware = if config.setting.dpiAware then "yes" else "no";
|
let
|
||||||
in {
|
dpiAware = if config.setting.dpiAware then "yes" else "no";
|
||||||
file = (pkgs.formats.ini {}).generate "FuzzelConfig" {
|
in
|
||||||
main = {
|
{
|
||||||
dpi-aware = dpiAware;
|
file = (pkgs.formats.ini { }).generate "FuzzelConfig" {
|
||||||
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}";
|
main = {
|
||||||
font = "Minecraftia:size=${toString config.style.font.size.popup}";
|
dpi-aware = dpiAware;
|
||||||
lines = 20;
|
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}";
|
||||||
prompt = "\"\"";
|
font = "Minecraftia:size=${toString config.style.font.size.popup}";
|
||||||
show-actions = "yes";
|
lines = 20;
|
||||||
terminal = "foot";
|
prompt = "\"\"";
|
||||||
width = 40;
|
show-actions = "yes";
|
||||||
# list-executables-in-path = "no";
|
terminal = "foot";
|
||||||
};
|
width = 40;
|
||||||
border = {
|
# list-executables-in-path = "no";
|
||||||
radius = 0;
|
};
|
||||||
width = 1;
|
border = {
|
||||||
};
|
radius = 0;
|
||||||
colors = let
|
width = 1;
|
||||||
defaultOpacity = "ff";
|
};
|
||||||
in {
|
colors =
|
||||||
background = config.style.color.bg.dark + config.style.opacity.hex;
|
let
|
||||||
border = config.style.color.border + config.style.opacity.hex;
|
defaultOpacity = "ff";
|
||||||
counter = config.style.color.bg.regular + defaultOpacity;
|
in
|
||||||
input = config.style.color.fg.light + defaultOpacity;
|
{
|
||||||
match = config.style.color.fg.light + defaultOpacity;
|
background = config.style.color.bg.dark + config.style.opacity.hex;
|
||||||
placeholder = config.style.color.bg.regular + defaultOpacity;
|
border = config.style.color.border + config.style.opacity.hex;
|
||||||
prompt = config.style.color.fg.light + defaultOpacity;
|
counter = config.style.color.bg.regular + defaultOpacity;
|
||||||
selection = config.style.color.bg.regular + defaultOpacity;
|
input = config.style.color.fg.light + defaultOpacity;
|
||||||
selection-match = config.style.color.accent + defaultOpacity;
|
match = config.style.color.fg.light + defaultOpacity;
|
||||||
selection-text = config.style.color.fg.light + defaultOpacity;
|
placeholder = config.style.color.bg.regular + defaultOpacity;
|
||||||
text = config.style.color.fg.light + defaultOpacity;
|
prompt = config.style.color.fg.light + defaultOpacity;
|
||||||
};
|
selection = config.style.color.bg.regular + defaultOpacity;
|
||||||
};
|
selection-match = config.style.color.accent + defaultOpacity;
|
||||||
|
selection-text = config.style.color.fg.light + defaultOpacity;
|
||||||
|
text = config.style.color.fg.light + defaultOpacity;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
{ secret, pkgs, ... }: {
|
{ secret, pkgs, ... }:
|
||||||
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
|
{
|
||||||
# credential.helper = "store";
|
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
|
||||||
gpg.format = secret.crypto.sign.git.format;
|
# credential.helper = "store";
|
||||||
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
|
gpg.format = secret.crypto.sign.git.format;
|
||||||
init.defaultBranch = "main";
|
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
|
||||||
pull.rebase = true;
|
init.defaultBranch = "main";
|
||||||
push.autoSetupRemote = true;
|
pull.rebase = true;
|
||||||
rebase.autoStash = true;
|
push.autoSetupRemote = true;
|
||||||
safe.directory = "*";
|
rebase.autoStash = true;
|
||||||
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
|
safe.directory = "*";
|
||||||
};
|
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{ util, ... }:{
|
{ ... }:
|
||||||
bookmarks = util.trimTabs ''
|
{
|
||||||
file:///storage
|
bookmarks = ''
|
||||||
file:///home/voronind/tmp
|
file:///storage
|
||||||
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
|
file:///home/voronind/tmp
|
||||||
sftp://10.0.0.1:22143/ home sftp
|
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
|
||||||
ftp://10.0.0.1/ home ftp
|
sftp://10.0.0.1:22143/ home sftp
|
||||||
'';
|
ftp://10.0.0.1/ home ftp
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,26 +1,27 @@
|
||||||
{ util, ... }: {
|
{ ... }:
|
||||||
ideavimrc = util.trimTabs ''
|
{
|
||||||
" Plugins.
|
ideavimrc = ''
|
||||||
Plug 'tpope/vim-commentary'
|
" Plugins.
|
||||||
Plug 'machakann/vim-highlightedyank'
|
Plug 'tpope/vim-commentary'
|
||||||
" Plug 'junegunn/vim-easy-align'
|
Plug 'machakann/vim-highlightedyank'
|
||||||
|
" Plug 'junegunn/vim-easy-align'
|
||||||
|
|
||||||
" General config.
|
" General config.
|
||||||
set scrolloff=4
|
set scrolloff=4
|
||||||
set incsearch
|
set incsearch
|
||||||
set hlsearch
|
set hlsearch
|
||||||
set clipboard=unnamedplus
|
set clipboard=unnamedplus
|
||||||
set relativenumber
|
set relativenumber
|
||||||
set number
|
set number
|
||||||
|
|
||||||
" Space as a leader.
|
" Space as a leader.
|
||||||
nnoremap <SPACE> <Nop>
|
nnoremap <SPACE> <Nop>
|
||||||
let mapleader=" "
|
let mapleader=" "
|
||||||
|
|
||||||
" Align. ISSUE: Broken.
|
" Align. ISSUE: Broken.
|
||||||
" vmap <Leader>a <Plug>(EasyAlign)
|
" vmap <Leader>a <Plug>(EasyAlign)
|
||||||
|
|
||||||
" Sort.
|
" Sort.
|
||||||
vmap <Leader>A :sort<cr>
|
vmap <Leader>A :sort<cr>
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
{ util, ... } @args: {
|
{ util, ... }@args:
|
||||||
text = util.catFile (util.ls ./module) args;
|
{
|
||||||
|
text = util.catFile (util.ls ./module) args;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +1,33 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
file = (pkgs.formats.ini {}).generate "KeydDrgConfig" {
|
{
|
||||||
steam-app-548430 = {
|
file = (pkgs.formats.ini { }).generate "KeydDrgConfig" {
|
||||||
"alt.1" = "macro(enter 10ms L e t ' s 10ms space d o 10ms space t h i s 10ms space T e x a s 10ms space s t y l e ! 10ms enter)";
|
steam-app-548430 = {
|
||||||
"alt.2" = "macro(enter 10ms H e c k space y e s ! enter)";
|
"alt.1" = "macro(enter 10ms L e t ' s 10ms space d o 10ms space t h i s 10ms space T e x a s 10ms space s t y l e ! 10ms enter)";
|
||||||
"alt.3" = "macro(enter 10ms J u s t space a space s i d e - j o b space w h i l e 10ms space w a i t i n g space f o r space a space s e x space u p d a t e . enter)";
|
"alt.2" = "macro(enter 10ms H e c k space y e s ! enter)";
|
||||||
"alt.4" = "macro(enter 10ms < 3 enter)";
|
"alt.3" = "macro(enter 10ms J u s t space a space s i d e - j o b space w h i l e 10ms space w a i t i n g space f o r space a space s e x space u p d a t e . enter)";
|
||||||
"alt.[" = "macro(enter 10ms W h a t space i s space c r u n c h y 10ms space o n space t h e space o u t s i d e , 10ms space g o o e y space o n space 10ms t h e space i n s i d e ? enter)";
|
"alt.4" = "macro(enter 10ms < 3 enter)";
|
||||||
"alt.]" = "macro(enter 10ms Q ' r o n a r space S h e l l b a c k ! enter)";
|
"alt.[" = "macro(enter 10ms W h a t space i s space c r u n c h y 10ms space o n space t h e space o u t s i d e , 10ms space g o o e y space o n space 10ms t h e space i n s i d e ? enter)";
|
||||||
"alt.a" = "macro(enter 10ms N o enter)";
|
"alt.]" = "macro(enter 10ms Q ' r o n a r space S h e l l b a c k ! enter)";
|
||||||
"alt.b" = "macro(enter 10ms I ' m space b a c k enter)";
|
"alt.a" = "macro(enter 10ms N o enter)";
|
||||||
"alt.c" = "macro(enter 10ms > space R i g h t enter)";
|
"alt.b" = "macro(enter 10ms I ' m space b a c k enter)";
|
||||||
"alt.d" = "macro(enter 10ms Y e s enter)";
|
"alt.c" = "macro(enter 10ms > space R i g h t enter)";
|
||||||
"alt.e" = "macro(enter 10ms T h a n k s ! enter)";
|
"alt.d" = "macro(enter 10ms Y e s enter)";
|
||||||
"alt.f" = "macro(enter 10ms I space n e e d space h e l p ! enter)";
|
"alt.e" = "macro(enter 10ms T h a n k s ! enter)";
|
||||||
"alt.g" = "macro(enter 10ms g g enter)";
|
"alt.f" = "macro(enter 10ms I space n e e d space h e l p ! enter)";
|
||||||
"alt.j" = "macro(enter 10ms G o o d space j o b enter)";
|
"alt.g" = "macro(enter 10ms g g enter)";
|
||||||
"alt.k" = "macro(enter 10ms O k a y enter)";
|
"alt.j" = "macro(enter 10ms G o o d space j o b enter)";
|
||||||
"alt.l" = "macro(enter 10ms L e a f space l o v e r enter)";
|
"alt.k" = "macro(enter 10ms O k a y enter)";
|
||||||
"alt.m" = "macro(enter 10ms I space r e p l y space u s i n g space m a c r o s . 10ms space U s e space s o f t w a r e space l i k e space k e y d , 10ms space o r space b u y space a space Q M K space k e y b o a r d . enter)";
|
"alt.l" = "macro(enter 10ms L e a f space l o v e r enter)";
|
||||||
"alt.q" = "macro(enter 10ms S o r r y ! enter)";
|
"alt.m" = "macro(enter 10ms I space r e p l y space u s i n g space m a c r o s . 10ms space U s e space s o f t w a r e space l i k e space k e y d , 10ms space o r space b u y space a space Q M K space k e y b o a r d . enter)";
|
||||||
"alt.r" = "macro(enter 10ms N e e d space m o r e space a m m o enter)";
|
"alt.q" = "macro(enter 10ms S o r r y ! enter)";
|
||||||
"alt.s" = "macro(enter 10ms W a i t enter)";
|
"alt.r" = "macro(enter 10ms N e e d space m o r e space a m m o enter)";
|
||||||
"alt.t" = "macro(enter 10ms M a y space I space t a k e space e x t r a ? enter)";
|
"alt.s" = "macro(enter 10ms W a i t enter)";
|
||||||
"alt.v" = "macro(enter 10ms A F K enter)";
|
"alt.t" = "macro(enter 10ms M a y space I space t a k e space e x t r a ? enter)";
|
||||||
"alt.w" = "macro(enter 10ms r enter)";
|
"alt.v" = "macro(enter 10ms A F K enter)";
|
||||||
"alt.x" = "macro(enter 10ms > space H e r e space < enter)";
|
"alt.w" = "macro(enter 10ms r enter)";
|
||||||
"alt.z" = "macro(enter 10ms < space L e f t enter)";
|
"alt.x" = "macro(enter 10ms > space H e r e space < enter)";
|
||||||
leftshift = "timeout(leftcontrol, 150, leftshift)";
|
"alt.z" = "macro(enter 10ms < space L e f t enter)";
|
||||||
};
|
leftshift = "timeout(leftcontrol, 150, leftshift)";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,25 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
file = (pkgs.formats.ini {}).generate "KeydFirefoxConfig" {
|
{
|
||||||
"firefox-esr" = {
|
file = (pkgs.formats.ini { }).generate "KeydFirefoxConfig" {
|
||||||
"alt.capslock" = "C-t"; # New tab.
|
"firefox-esr" = {
|
||||||
"alt.x" = "C-w"; # Close tab.
|
"alt.capslock" = "C-t"; # New tab.
|
||||||
"alt.u" = "C-S-t"; # Restore closed tab.
|
"alt.x" = "C-w"; # Close tab.
|
||||||
"alt.q" = "C-pageup"; # Prev tab.
|
"alt.u" = "C-S-t"; # Restore closed tab.
|
||||||
"alt.e" = "C-pagedown"; # Next tab.
|
"alt.q" = "C-pageup"; # Prev tab.
|
||||||
"alt.Q" = "C-S-pageup"; # Move tab left.
|
"alt.e" = "C-pagedown"; # Next tab.
|
||||||
"alt.E" = "C-S-pagedown"; # Move tab right.
|
"alt.Q" = "C-S-pageup"; # Move tab left.
|
||||||
"alt.a" = "A-left"; # Go back.
|
"alt.E" = "C-S-pagedown"; # Move tab right.
|
||||||
"alt.d" = "A-right"; # Go forward.
|
"alt.a" = "A-left"; # Go back.
|
||||||
"alt.s" = "down"; # Scroll down.
|
"alt.d" = "A-right"; # Go forward.
|
||||||
"alt.w" = "up"; # Scroll up.
|
"alt.s" = "down"; # Scroll down.
|
||||||
"alt.f" = "C-f"; # Find text.
|
"alt.w" = "up"; # Scroll up.
|
||||||
"alt.N" = "S-f3"; # Find prev.
|
"alt.f" = "C-f"; # Find text.
|
||||||
"alt.n" = "f3"; # Find next.
|
"alt.N" = "S-f3"; # Find prev.
|
||||||
"alt.space" = "f6"; # Focus address bar.
|
"alt.n" = "f3"; # Find next.
|
||||||
"alt.r" = "C-f5"; # Full refresh.
|
"alt.space" = "f6"; # Focus address bar.
|
||||||
"alt.l" = "A-S-a"; # Toggle dark mode.
|
"alt.r" = "C-f5"; # Full refresh.
|
||||||
"alt.p" = "C-S-l"; # Fill password.
|
"alt.l" = "A-S-a"; # Toggle dark mode.
|
||||||
};
|
"alt.p" = "C-S-l"; # Fill password.
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,28 +1,29 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
file = (pkgs.formats.ini {}).generate "KeydJetbrainsConfig" {
|
{
|
||||||
"jetbrains-*" = {
|
file = (pkgs.formats.ini { }).generate "KeydJetbrainsConfig" {
|
||||||
"alt./" = "C-/"; # Toggle comment.
|
"jetbrains-*" = {
|
||||||
"alt.." = "C-f8"; # Toggle line breakpoint.
|
"alt./" = "C-/"; # Toggle comment.
|
||||||
"alt.=" = "C-A-l"; # Reformat.
|
"alt.." = "C-f8"; # Toggle line breakpoint.
|
||||||
"alt.c" = "S-escape"; # Close panel.
|
"alt.=" = "C-A-l"; # Reformat.
|
||||||
"alt.capslock" = "C-A-S-insert"; # New scratch file.
|
"alt.c" = "S-escape"; # Close panel.
|
||||||
"alt.q" = "A-left"; # Prev tab.
|
"alt.capslock" = "C-A-S-insert"; # New scratch file.
|
||||||
"alt.e" = "A-right"; # Next tab.
|
"alt.q" = "A-left"; # Prev tab.
|
||||||
"alt.x" = "C-f4"; # Close tab.
|
"alt.e" = "A-right"; # Next tab.
|
||||||
"alt.f" = "C-S-f"; # Find text.
|
"alt.x" = "C-f4"; # Close tab.
|
||||||
"alt.n" = "C-A-n"; # Find next.
|
"alt.f" = "C-S-f"; # Find text.
|
||||||
"alt.g" = "macro(gd)"; # Go to definition.
|
"alt.n" = "C-A-n"; # Find next.
|
||||||
"alt.i" = "C-i"; # Implement.
|
"alt.g" = "macro(gd)"; # Go to definition.
|
||||||
"alt.o" = "C-o"; # Override.
|
"alt.i" = "C-i"; # Implement.
|
||||||
"alt.r" = "S-f10"; # Run.
|
"alt.o" = "C-o"; # Override.
|
||||||
"alt.z" = "C-f2"; # Stop app.
|
"alt.r" = "S-f10"; # Run.
|
||||||
"alt.d" = "S-f9"; # Run debugger.
|
"alt.z" = "C-f2"; # Stop app.
|
||||||
"alt.a" = "C-A-5"; # Attach debugger.
|
"alt.d" = "S-f9"; # Run debugger.
|
||||||
"alt.m" = "C-A-s"; # Settings.
|
"alt.a" = "C-A-5"; # Attach debugger.
|
||||||
"alt.v" = "C-q"; # Show doc under cursor.
|
"alt.m" = "C-A-s"; # Settings.
|
||||||
"alt.s" = "C-S-A-t"; # Refactor selection.
|
"alt.v" = "C-q"; # Show doc under cursor.
|
||||||
|
"alt.s" = "C-S-A-t"; # Refactor selection.
|
||||||
|
|
||||||
"alt.tab" = "timeout(f8, 150, macro2(0, 0, f7))"; # Tap to step over, hold to step into.
|
"alt.tab" = "timeout(f8, 150, macro2(0, 0, f7))"; # Tap to step over, hold to step into.
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,26 +1,27 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
file = (pkgs.formats.ini {}).generate "KeydNautilusConfig" {
|
{
|
||||||
"org-gnome-nautilus" = {
|
file = (pkgs.formats.ini { }).generate "KeydNautilusConfig" {
|
||||||
"alt.capslock" = "C-t"; # New tab.
|
"org-gnome-nautilus" = {
|
||||||
"alt.t" = "C-n"; # New window.
|
"alt.capslock" = "C-t"; # New tab.
|
||||||
"alt.x" = "C-w"; # Close tab.
|
"alt.t" = "C-n"; # New window.
|
||||||
"alt.u" = "C-S-t"; # Restore tab.
|
"alt.x" = "C-w"; # Close tab.
|
||||||
"alt.e" = "C-pagedown"; # Next tab.
|
"alt.u" = "C-S-t"; # Restore tab.
|
||||||
"alt.q" = "C-pageup"; # Prev tab.
|
"alt.e" = "C-pagedown"; # Next tab.
|
||||||
"alt.E" = "C-S-pagedown"; # Move tab next.
|
"alt.q" = "C-pageup"; # Prev tab.
|
||||||
"alt.Q" = "C-S-pageup"; # Move tab prev.
|
"alt.E" = "C-S-pagedown"; # Move tab next.
|
||||||
"alt.h" = "C-h"; # Toggle hidden files.
|
"alt.Q" = "C-S-pageup"; # Move tab prev.
|
||||||
"alt.1" = "C-1"; # List view.
|
"alt.h" = "C-h"; # Toggle hidden files.
|
||||||
"alt.2" = "C-2"; # Grid view.
|
"alt.1" = "C-1"; # List view.
|
||||||
"alt.b" = "A-up"; # Go back.
|
"alt.2" = "C-2"; # Grid view.
|
||||||
"alt.space" = "C-l"; # Focus location bar.
|
"alt.b" = "A-up"; # Go back.
|
||||||
"alt.i" = "C-S-i"; # Invert selection.
|
"alt.space" = "C-l"; # Focus location bar.
|
||||||
"alt.v" = "C-i"; # File info.
|
"alt.i" = "C-S-i"; # Invert selection.
|
||||||
"alt.d" = "C-S-delete"; # Delete file.
|
"alt.v" = "C-i"; # File info.
|
||||||
"alt.s" = "f2"; # Rename.
|
"alt.d" = "C-S-delete"; # Delete file.
|
||||||
"alt.a" = "C-S-n"; # Create dir.
|
"alt.s" = "f2"; # Rename.
|
||||||
"alt.f" = "C-f"; # Search dir.
|
"alt.a" = "C-S-n"; # Create dir.
|
||||||
"alt.r" = "f5"; # Refresh dir.
|
"alt.f" = "C-f"; # Search dir.
|
||||||
};
|
"alt.r" = "f5"; # Refresh dir.
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,26 @@
|
||||||
{ pkgs, config, ... }: let
|
{ pkgs, config, ... }:
|
||||||
alpha = config.style.opacity.hex;
|
let
|
||||||
in {
|
alpha = config.style.opacity.hex;
|
||||||
file = (pkgs.formats.iniWithGlobalSection {}).generate "MakoConfig" {
|
in
|
||||||
globalSection = {
|
{
|
||||||
anchor = "top-center";
|
file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" {
|
||||||
background-color = "#${config.style.color.bg.dark}${alpha}";
|
globalSection = {
|
||||||
border-color = "#${config.style.color.border}${alpha}";
|
anchor = "top-center";
|
||||||
default-timeout = 10000;
|
background-color = "#${config.style.color.bg.dark}${alpha}";
|
||||||
font = "${config.style.font.serif.name} ${toString config.style.font.size.popup}";
|
border-color = "#${config.style.color.border}${alpha}";
|
||||||
height = 120;
|
default-timeout = 10000;
|
||||||
icons = 0;
|
font = "${config.style.font.serif.name} ${toString config.style.font.size.popup}";
|
||||||
margin = 32;
|
height = 120;
|
||||||
text-color = "#${config.style.color.fg.light}";
|
icons = 0;
|
||||||
width = 480;
|
margin = 32;
|
||||||
};
|
text-color = "#${config.style.color.fg.light}";
|
||||||
|
width = 480;
|
||||||
|
};
|
||||||
|
|
||||||
sections = {
|
sections = {
|
||||||
"mode=dnd" = {
|
"mode=dnd" = {
|
||||||
invisible = 1;
|
invisible = 1;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,44 +1,45 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
config = (pkgs.formats.iniWithGlobalSection {}).generate "MangoConfig" {
|
{
|
||||||
globalSection = {
|
config = (pkgs.formats.iniWithGlobalSection { }).generate "MangoConfig" {
|
||||||
blacklist = "example";
|
globalSection = {
|
||||||
fps_sampling_period = 1000;
|
blacklist = "example";
|
||||||
frame_timing = 0;
|
fps_sampling_period = 1000;
|
||||||
preset = "0,1,2";
|
frame_timing = 0;
|
||||||
toggle_logging = "F2";
|
preset = "0,1,2";
|
||||||
toggle_preset = "F1";
|
toggle_logging = "F2";
|
||||||
};
|
toggle_preset = "F1";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
presets = (pkgs.formats.ini {}).generate "MangoPresets" {
|
presets = (pkgs.formats.ini { }).generate "MangoPresets" {
|
||||||
"preset 0" = {
|
"preset 0" = {
|
||||||
no_display = 1;
|
no_display = 1;
|
||||||
};
|
};
|
||||||
|
|
||||||
"preset 1" = {
|
"preset 1" = {
|
||||||
alpha = 1.0;
|
alpha = 1.0;
|
||||||
arch = 0;
|
arch = 0;
|
||||||
background_alpha = 0.5;
|
background_alpha = 0.5;
|
||||||
battery = 1;
|
battery = 1;
|
||||||
battery_time = 1;
|
battery_time = 1;
|
||||||
benchmark_percentiles = 0;
|
benchmark_percentiles = 0;
|
||||||
cpu_temp = 1;
|
cpu_temp = 1;
|
||||||
device_battery = "gamepad,mouse";
|
device_battery = "gamepad,mouse";
|
||||||
font_size = 12;
|
font_size = 12;
|
||||||
fps_sampling_period = 1000;
|
fps_sampling_period = 1000;
|
||||||
gpu_junction_temp = 0;
|
gpu_junction_temp = 0;
|
||||||
gpu_mem_temp = 1;
|
gpu_mem_temp = 1;
|
||||||
gpu_temp = 1;
|
gpu_temp = 1;
|
||||||
hud_no_margin = 1;
|
hud_no_margin = 1;
|
||||||
ram = 1;
|
ram = 1;
|
||||||
swap = 1;
|
swap = 1;
|
||||||
throttling_status = 1;
|
throttling_status = 1;
|
||||||
time = 1;
|
time = 1;
|
||||||
vram = 1;
|
vram = 1;
|
||||||
};
|
};
|
||||||
|
|
||||||
"preset 2" = {
|
"preset 2" = {
|
||||||
full = 1;
|
full = 1;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,83 +1,91 @@
|
||||||
{ inputs, pkgs, util, ... } @args: let
|
{
|
||||||
# Create Neovim configuration.
|
inputs,
|
||||||
nvimRc = { runtimes, configs }: let
|
pkgs,
|
||||||
# Plugin paths to install.
|
util,
|
||||||
runtimeRc = util.trimTabs (builtins.foldl' (acc: r:
|
...
|
||||||
acc + "set runtimepath+=${r}\n"
|
}@args:
|
||||||
) "" runtimes);
|
let
|
||||||
|
# Create Neovim configuration.
|
||||||
|
nvimRc =
|
||||||
|
{ runtimes, configs }:
|
||||||
|
let
|
||||||
|
# Plugin paths to install.
|
||||||
|
runtimeRc = builtins.foldl' (acc: r: acc + "set runtimepath+=${r}\n") "" runtimes;
|
||||||
|
|
||||||
# My configuration files combined into one big file.
|
# My configuration files combined into one big file.
|
||||||
config = pkgs.writeText "nvimRc" (util.catText configs args);
|
config = pkgs.writeText "nvimRc" (util.catText configs args);
|
||||||
|
|
||||||
# Tell Neovim to load this file.
|
# Tell Neovim to load this file.
|
||||||
configRc = "lua dofile(\"${config}\")";
|
configRc = "lua dofile(\"${config}\")";
|
||||||
in runtimeRc + configRc;
|
in
|
||||||
in {
|
runtimeRc + configRc;
|
||||||
text = nvimRc {
|
in
|
||||||
runtimes = [
|
{
|
||||||
"~/.cache/nvim"
|
text = nvimRc {
|
||||||
"~/.cache/nvim/treesitter"
|
runtimes = [
|
||||||
"${inputs.nvimAlign}"
|
"~/.cache/nvim"
|
||||||
"${inputs.nvimAutoclose}"
|
"~/.cache/nvim/treesitter"
|
||||||
"${inputs.nvimBufferline}"
|
"${inputs.nvimAlign}"
|
||||||
"${inputs.nvimCloseBuffers}"
|
"${inputs.nvimAutoclose}"
|
||||||
"${inputs.nvimColorizer}"
|
"${inputs.nvimBufferline}"
|
||||||
"${inputs.nvimDevicons}"
|
"${inputs.nvimCloseBuffers}"
|
||||||
"${inputs.nvimGitsigns}"
|
"${inputs.nvimColorizer}"
|
||||||
"${inputs.nvimGruvboxMaterial}"
|
"${inputs.nvimDevicons}"
|
||||||
"${inputs.nvimIndentoMatic}"
|
"${inputs.nvimGitsigns}"
|
||||||
"${inputs.nvimLspconfig}"
|
"${inputs.nvimGruvboxMaterial}"
|
||||||
"${inputs.nvimOllama}"
|
"${inputs.nvimIndentoMatic}"
|
||||||
"${inputs.nvimPlenary}"
|
"${inputs.nvimLspconfig}"
|
||||||
"${inputs.nvimTelescope}"
|
"${inputs.nvimOllama}"
|
||||||
"${inputs.nvimTodo}"
|
"${inputs.nvimPlenary}"
|
||||||
"${inputs.nvimTreesitter}"
|
"${inputs.nvimTelescope}"
|
||||||
"${inputs.nvimTree}"
|
"${inputs.nvimTodo}"
|
||||||
"${inputs.nvimTrouble}"
|
"${inputs.nvimTreesitter}"
|
||||||
];
|
"${inputs.nvimTree}"
|
||||||
|
"${inputs.nvimTrouble}"
|
||||||
|
];
|
||||||
|
|
||||||
configs = [
|
configs = [
|
||||||
./module/key/Rekey.nix
|
./module/key/Rekey.nix
|
||||||
./module/key/Leader.nix
|
./module/key/Leader.nix
|
||||||
./module/config/Autoread.nix
|
./module/config/Autoread.nix
|
||||||
./module/config/Etc.nix
|
./module/config/Etc.nix
|
||||||
./module/config/Search.nix
|
./module/config/Search.nix
|
||||||
./module/config/Tab.nix
|
./module/config/Tab.nix
|
||||||
./module/config/Highlight.nix
|
./module/config/Highlight.nix
|
||||||
./module/plugin/Filetree.nix
|
./module/plugin/Filetree.nix
|
||||||
./module/plugin/Gruvbox.nix
|
./module/plugin/Gruvbox.nix
|
||||||
./module/plugin/Bufferline.nix
|
./module/plugin/Bufferline.nix
|
||||||
./module/plugin/Autoclose.nix
|
./module/plugin/Autoclose.nix
|
||||||
./module/plugin/Gitsigns.nix
|
./module/plugin/Gitsigns.nix
|
||||||
./module/plugin/Trouble.nix
|
./module/plugin/Trouble.nix
|
||||||
./module/plugin/Closebuffers.nix
|
./module/plugin/Closebuffers.nix
|
||||||
./module/plugin/Telescope.nix
|
./module/plugin/Telescope.nix
|
||||||
./module/plugin/Todo.nix
|
./module/plugin/Todo.nix
|
||||||
./module/plugin/Indent.nix
|
./module/plugin/Indent.nix
|
||||||
./module/plugin/Align.nix
|
./module/plugin/Align.nix
|
||||||
./module/plugin/Treesitter.nix
|
./module/plugin/Treesitter.nix
|
||||||
./module/plugin/Fold.nix
|
./module/plugin/Fold.nix
|
||||||
./module/plugin/Ollama.nix
|
./module/plugin/Ollama.nix
|
||||||
./module/plugin/Colorizer.nix
|
./module/plugin/Colorizer.nix
|
||||||
./module/plugin/lsp/Haskell.nix
|
./module/plugin/lsp/Haskell.nix
|
||||||
./module/plugin/lsp/Rust.nix
|
./module/plugin/lsp/Rust.nix
|
||||||
./module/plugin/lsp/Tex.nix
|
./module/plugin/lsp/Tex.nix
|
||||||
./module/plugin/lsp/Nix.nix
|
./module/plugin/lsp/Nix.nix
|
||||||
./module/key/Autocomplete.nix
|
./module/key/Autocomplete.nix
|
||||||
./module/key/Buffer.nix
|
./module/key/Buffer.nix
|
||||||
./module/key/Cmd.nix
|
./module/key/Cmd.nix
|
||||||
./module/key/Colorscheme.nix
|
./module/key/Colorscheme.nix
|
||||||
./module/key/Comment.nix
|
./module/key/Comment.nix
|
||||||
./module/key/Filetree.nix
|
./module/key/Filetree.nix
|
||||||
./module/key/Gitsigns.nix
|
./module/key/Gitsigns.nix
|
||||||
./module/key/Navigation.nix
|
./module/key/Navigation.nix
|
||||||
./module/key/Ollama.nix
|
./module/key/Ollama.nix
|
||||||
./module/key/Save.nix
|
./module/key/Save.nix
|
||||||
./module/key/Sort.nix
|
./module/key/Sort.nix
|
||||||
./module/key/TabWidth.nix
|
./module/key/TabWidth.nix
|
||||||
./module/key/Telescope.nix
|
./module/key/Telescope.nix
|
||||||
./module/key/Terminal.nix
|
./module/key/Terminal.nix
|
||||||
./module/key/Trouble.nix
|
./module/key/Trouble.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
text = ''
|
{
|
||||||
vim.o.autoread = true
|
text = ''
|
||||||
vim.api.nvim_create_autocmd({ "BufEnter", "CursorHold", "CursorHoldI", "FocusGained" }, {
|
vim.o.autoread = true
|
||||||
command = "if mode() != 'c' | checktime | endif",
|
vim.api.nvim_create_autocmd({ "BufEnter", "CursorHold", "CursorHoldI", "FocusGained" }, {
|
||||||
pattern = { "*" },
|
command = "if mode() != 'c' | checktime | endif",
|
||||||
})
|
pattern = { "*" },
|
||||||
'';
|
})
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,36 +1,37 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
text = ''
|
{
|
||||||
-- TODO: Add comments and separate files.
|
text = ''
|
||||||
vim.opt.clipboard = "unnamedplus"
|
-- TODO: Add comments and separate files.
|
||||||
vim.opt.cursorline = false
|
vim.opt.clipboard = "unnamedplus"
|
||||||
vim.opt.fixeol = false
|
vim.opt.cursorline = false
|
||||||
vim.opt.incsearch = true
|
vim.opt.fixeol = false
|
||||||
vim.opt.number = true
|
vim.opt.incsearch = true
|
||||||
vim.opt.scrolloff = 4
|
vim.opt.number = true
|
||||||
vim.opt.splitbelow = true
|
vim.opt.scrolloff = 4
|
||||||
vim.opt.splitright = true
|
vim.opt.splitbelow = true
|
||||||
vim.opt.termguicolors = true
|
vim.opt.splitright = true
|
||||||
vim.opt.ttyfast = true
|
vim.opt.termguicolors = true
|
||||||
vim.opt.wildmode = "longest,list"
|
vim.opt.ttyfast = true
|
||||||
-- vim.opt.completeopt = "menuone,noselect"
|
vim.opt.wildmode = "longest,list"
|
||||||
|
-- vim.opt.completeopt = "menuone,noselect"
|
||||||
|
|
||||||
-- Disable continuing comments on newline.
|
-- Disable continuing comments on newline.
|
||||||
vim.cmd("autocmd BufEnter * set fo-=c fo-=r fo-=o")
|
vim.cmd("autocmd BufEnter * set fo-=c fo-=r fo-=o")
|
||||||
|
|
||||||
-- Disable mouse.
|
-- Disable mouse.
|
||||||
vim.cmd("set mouse=")
|
vim.cmd("set mouse=")
|
||||||
|
|
||||||
-- Disable signs for diagnostics.
|
-- Disable signs for diagnostics.
|
||||||
vim.diagnostic.config({ signs = false })
|
vim.diagnostic.config({ signs = false })
|
||||||
|
|
||||||
-- Display invisible characters.
|
-- Display invisible characters.
|
||||||
-- vim.cmd("set list listchars=tab:>\\ ,trail:-,eol:,lead:.")
|
-- vim.cmd("set list listchars=tab:>\\ ,trail:-,eol:,lead:.")
|
||||||
vim.cmd("set list listchars=tab:>\\ ,trail:-,lead:.")
|
vim.cmd("set list listchars=tab:>\\ ,trail:-,lead:.")
|
||||||
|
|
||||||
-- Relative line numbers.
|
-- Relative line numbers.
|
||||||
vim.wo.relativenumber = true
|
vim.wo.relativenumber = true
|
||||||
|
|
||||||
-- Disable swap files.
|
-- Disable swap files.
|
||||||
vim.opt.swapfile = false
|
vim.opt.swapfile = false
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +1,44 @@
|
||||||
{ config, lib, ... }: let
|
{ config, lib, ... }:
|
||||||
color = config.style.color;
|
let
|
||||||
|
color = config.style.color;
|
||||||
|
|
||||||
mkHighlight = name: value: ''vim.api.nvim_set_hl(0, "${name}", ${lib.generators.toLua { multiline = false; asBindings = false; } value})'';
|
mkHighlight =
|
||||||
|
name: value:
|
||||||
|
''vim.api.nvim_set_hl(0, "${name}", ${
|
||||||
|
lib.generators.toLua {
|
||||||
|
multiline = false;
|
||||||
|
asBindings = false;
|
||||||
|
} value
|
||||||
|
})'';
|
||||||
|
|
||||||
bg = { bg = "#${color.bg.regular}"; };
|
bg = {
|
||||||
selection = { bg = "#${color.selection}"; fg = "#${color.fg.dark}"; bold = true; };
|
bg = "#${color.bg.regular}";
|
||||||
transparent = { bg = lib.generators.mkLuaInline "clear"; };
|
};
|
||||||
in {
|
selection = {
|
||||||
text = ''
|
bg = "#${color.selection}";
|
||||||
vim.api.nvim_create_autocmd({"ColorScheme", "VimEnter"}, {
|
fg = "#${color.fg.dark}";
|
||||||
group = vim.api.nvim_create_augroup('Color', {}),
|
bold = true;
|
||||||
pattern = "*",
|
};
|
||||||
callback = function ()
|
transparent = {
|
||||||
-- Backgrounds.
|
bg = lib.generators.mkLuaInline "clear";
|
||||||
${mkHighlight "CursorLine" bg}
|
};
|
||||||
${mkHighlight "TelescopeSelection" bg}
|
in
|
||||||
|
{
|
||||||
|
text = ''
|
||||||
|
vim.api.nvim_create_autocmd({"ColorScheme", "VimEnter"}, {
|
||||||
|
group = vim.api.nvim_create_augroup('Color', {}),
|
||||||
|
pattern = "*",
|
||||||
|
callback = function ()
|
||||||
|
-- Backgrounds.
|
||||||
|
${mkHighlight "CursorLine" bg}
|
||||||
|
${mkHighlight "TelescopeSelection" bg}
|
||||||
|
|
||||||
-- Selection.
|
-- Selection.
|
||||||
${mkHighlight "Visual" selection}
|
${mkHighlight "Visual" selection}
|
||||||
|
|
||||||
-- Transparent.
|
-- Transparent.
|
||||||
${mkHighlight "NormalFloat" transparent}
|
${mkHighlight "NormalFloat" transparent}
|
||||||
end
|
end
|
||||||
})
|
})
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
text = ''
|
{
|
||||||
vim.opt.hlsearch = true
|
text = ''
|
||||||
vim.opt.ignorecase = true
|
vim.opt.hlsearch = true
|
||||||
vim.opt.incsearch = true
|
vim.opt.ignorecase = true
|
||||||
vim.opt.showmatch = true
|
vim.opt.incsearch = true
|
||||||
vim.opt.smartcase = true
|
vim.opt.showmatch = true
|
||||||
'';
|
vim.opt.smartcase = true
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,17 @@
|
||||||
{ ... }: let
|
{ ... }:
|
||||||
indentDefault = 2;
|
let
|
||||||
in {
|
indentDefault = 2;
|
||||||
text = ''
|
in
|
||||||
vim.opt.autoindent = true
|
{
|
||||||
vim.opt.expandtab = false
|
text = ''
|
||||||
-- vim.opt.smartindent = true
|
vim.opt.autoindent = true
|
||||||
vim.opt.shiftwidth = ${toString indentDefault}
|
vim.opt.expandtab = false
|
||||||
vim.opt.softtabstop = ${toString indentDefault}
|
-- vim.opt.smartindent = true
|
||||||
vim.opt.tabstop = ${toString indentDefault}
|
vim.opt.shiftwidth = ${toString indentDefault}
|
||||||
|
vim.opt.softtabstop = ${toString indentDefault}
|
||||||
|
vim.opt.tabstop = ${toString indentDefault}
|
||||||
|
|
||||||
-- Disable Markdown forced formatting.
|
-- Disable Markdown forced formatting.
|
||||||
vim.g.markdown_recommended_style = 0
|
vim.g.markdown_recommended_style = 0
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
text = ''
|
{
|
||||||
-- Autocomplete.
|
text = ''
|
||||||
rekey_input("<C-space>", "<C-n>")
|
-- Autocomplete.
|
||||||
|
rekey_input("<C-space>", "<C-n>")
|
||||||
|
|
||||||
-- LSP autocomplete.
|
-- LSP autocomplete.
|
||||||
rekey_normal("<C-space>", "<cmd>lua vim.lsp.buf.code_action()<cr>")
|
rekey_normal("<C-space>", "<cmd>lua vim.lsp.buf.code_action()<cr>")
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue