voronind/nix
0
0
Fork 0
Code Issues 38 Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: voronind:ef074ee1f31f1db36a117775f152c0d38ec310ae
Branches Tags
voronind:main
..
compare: voronind:ac00537d6e9cfa1c59600f07a995023119e87358
Branches Tags
voronind:main

No commits in common. "ef074ee1f31f1db36a117775f152c0d38ec310ae" and "ac00537d6e9cfa1c59600f07a995023119e87358" have entirely different histories.
ef074ee1f3 ... ac00537d6e

342 changed files with 12792 additions and 14171 deletions
Show stats Expand all files Collapse all files

16
.editorconfig
View file

@ -2,12 +2,22 @@
end_of_line = lf end_of_line = lf
charset = utf-8 charset = utf-8
indent_style = tab indent_style = tab
indent_size = 2
insert_final_newline = true insert_final_newline = true
trim_trailing_whitespace = true trim_trailing_whitespace = true
[*.nix] [*.{nix,js}]
indent_style = space indent_size = 2
indent_size = 2
[*.lua]
indent_size = 4
[*.sh]
indent_size = 8
[Makefile]
indent_size = 2
[*.md] [*.md]
indent_size = 8
trim_trailing_whitespace = false trim_trailing_whitespace = false

1
.gitignore vendored
View file

@ -1,2 +1 @@
/live /live
.NixRoot*

15
.treefmt.toml
View file

@ -1,15 +0,0 @@
# One CLI to format the code tree - https://git.numtide.com/numtide/treefmt
# [formatter.mylanguage]
# Formatter to run
# command = "command-to-run"
# Command-line arguments for the command
# options = []
# Glob pattern of files to include
# includes = [ "*.<language-extension>" ]
# Glob patterns of files to exclude
# excludes = []
[formatter.nixfmt-rfc-style]
command = "nixfmt"
includes = [ "*.nix" ]

6
Makefile
View file

@ -26,9 +26,6 @@ check:
fix-ulimit: fix-ulimit:
ulimit -n 999999999 ulimit -n 999999999
format:
treefmt --no-cache --on-unmatched=info
gc: gc:
nix-collect-garbage -d nix-collect-garbage -d
# nix-store --gc # nix-store --gc
@ -62,6 +59,9 @@ live:
reboot: boot reboot: boot
reboot reboot
shell:
SHELL_NAME="default" nix develop
show: show:
nix flake show nix flake show

123
config/Setting.nix
View file

@ -1,68 +1,67 @@
# Global settings. # Global settings.
# Just like I can configure each package, here I configure my config! :O) # Just like I can configure each package, here I configure my config! :O)
{ lib, ... }: { lib, ... }: {
{ options.setting = with lib; {
options.setting = with lib; { # Ollama settings.
# Ollama settings. # I use the best light model by default.
# I use the best light model by default. ollama = mkOption {
ollama = mkOption { default = { };
default = { }; type = types.submodule {
type = types.submodule { # freeformType = lib.jsonFormat.type;
# freeformType = lib.jsonFormat.type; options = {
options = { primaryModel = mkOption {
primaryModel = mkOption { default = "llama3";
default = "llama3"; type = types.str;
type = types.str; };
}; };
}; };
}; };
};
# Whether to use Dpi-aware setting in supported apps. # Whether to use Dpi-aware setting in supported apps.
dpiAware = mkOption { dpiAware = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
}; };
# Keyboard options. # Keyboard options.
keyboard = mkOption { keyboard = mkOption {
default = { }; default = { };
type = types.submodule { type = types.submodule {
options = { options = {
layouts = mkOption { layouts = mkOption {
default = "us,ru"; default = "us,ru";
type = types.str; type = types.str;
}; };
options = mkOption { options = mkOption {
default = "grp:toggle"; default = "grp:toggle";
type = types.str; type = types.str;
}; };
}; };
}; };
}; };
# CPU configurations. # CPU configurations.
cpu = mkOption { cpu = mkOption {
default = { }; default = {};
type = types.submodule { type = types.submodule {
options = { options = {
hwmon = mkOption { hwmon = mkOption {
default = { }; default = {};
type = types.submodule { type = types.submodule {
options = { options = {
path = mkOption { path = mkOption {
default = ""; default = "";
type = types.str; type = types.str;
}; };
file = mkOption { file = mkOption {
default = ""; default = "";
type = types.str; type = types.str;
}; };
}; };
}; };
}; };
}; };
}; };
}; };
}; };
} }

199
config/Style.nix
View file

@ -1,117 +1,108 @@
{ { lib, config, pkgs, __findFile, ... }: with lib; let
lib, cfg = config.style;
config,
pkgs,
__findFile,
...
}:
with lib;
let
cfg = config.style;
mkTypeOption = default: type: mkOption { inherit default type; }; mkTypeOption = default: type: mkOption { inherit default type; };
mkStrOption = default: mkTypeOption default types.str; mkStrOption = default: mkTypeOption default types.str;
mkIntOption = default: mkTypeOption default types.int; mkIntOption = default: mkTypeOption default types.int;
mkFloatOption = default: mkTypeOption default types.float; mkFloatOption = default: mkTypeOption default types.float;
mkPkgOption = default: mkTypeOption default types.package; mkPkgOption = default: mkTypeOption default types.package;
in in {
{ options.style = {
options.style = { color = {
color = { bg = {
bg = { dark = mkStrOption config.lib.stylix.colors.base00;
dark = mkStrOption config.lib.stylix.colors.base00; light = mkStrOption config.lib.stylix.colors.base07;
light = mkStrOption config.lib.stylix.colors.base07; regular = mkStrOption config.lib.stylix.colors.base01;
regular = mkStrOption config.lib.stylix.colors.base01; };
}; fg = {
fg = { dark = mkStrOption config.lib.stylix.colors.base04;
dark = mkStrOption config.lib.stylix.colors.base04; light = mkStrOption config.lib.stylix.colors.base06;
light = mkStrOption config.lib.stylix.colors.base06; regular = mkStrOption config.lib.stylix.colors.base05;
regular = mkStrOption config.lib.stylix.colors.base05; };
}; accent = mkStrOption config.lib.stylix.colors.base0A;
accent = mkStrOption config.lib.stylix.colors.base0A; heading = mkStrOption config.lib.stylix.colors.base0D;
heading = mkStrOption config.lib.stylix.colors.base0D; hl = mkStrOption config.lib.stylix.colors.base03;
hl = mkStrOption config.lib.stylix.colors.base03; keyword = mkStrOption config.lib.stylix.colors.base0E;
keyword = mkStrOption config.lib.stylix.colors.base0E; link = mkStrOption config.lib.stylix.colors.base09;
link = mkStrOption config.lib.stylix.colors.base09; misc = mkStrOption config.lib.stylix.colors.base0F;
misc = mkStrOption config.lib.stylix.colors.base0F; negative = mkStrOption config.lib.stylix.colors.base08;
negative = mkStrOption config.lib.stylix.colors.base08; neutral = mkStrOption config.lib.stylix.colors.base0C;
neutral = mkStrOption config.lib.stylix.colors.base0C; positive = mkStrOption config.lib.stylix.colors.base0B;
positive = mkStrOption config.lib.stylix.colors.base0B; selection = mkStrOption config.lib.stylix.colors.base02;
selection = mkStrOption config.lib.stylix.colors.base02; transparent = mkStrOption "ffffff00";
transparent = mkStrOption "ffffff00";
accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b; accent-b = mkStrOption config.lib.stylix.colors.base0A-rgb-b;
accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g; accent-g = mkStrOption config.lib.stylix.colors.base0A-rgb-g;
accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r; accent-r = mkStrOption config.lib.stylix.colors.base0A-rgb-r;
negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b; negative-b = mkStrOption config.lib.stylix.colors.base08-rgb-b;
negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g; negative-g = mkStrOption config.lib.stylix.colors.base08-rgb-g;
negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r; negative-r = mkStrOption config.lib.stylix.colors.base08-rgb-r;
neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b; neutral-b = mkStrOption config.lib.stylix.colors.base0C-rgb-b;
neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g; neutral-g = mkStrOption config.lib.stylix.colors.base0C-rgb-g;
neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r; neutral-r = mkStrOption config.lib.stylix.colors.base0C-rgb-r;
positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b; positive-b = mkStrOption config.lib.stylix.colors.base0B-rgb-b;
positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g; positive-g = mkStrOption config.lib.stylix.colors.base0B-rgb-g;
positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r; positive-r = mkStrOption config.lib.stylix.colors.base0B-rgb-r;
bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b; bg-b = mkStrOption config.lib.stylix.colors.base00-rgb-b;
bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g; bg-g = mkStrOption config.lib.stylix.colors.base00-rgb-g;
bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r; bg-r = mkStrOption config.lib.stylix.colors.base00-rgb-r;
fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b; fg-b = mkStrOption config.lib.stylix.colors.base06-rgb-b;
fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g; fg-g = mkStrOption config.lib.stylix.colors.base06-rgb-g;
fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r; fg-r = mkStrOption config.lib.stylix.colors.base06-rgb-r;
border = mkStrOption config.lib.stylix.colors.base01; border = mkStrOption config.lib.stylix.colors.base01;
border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b; border-b = mkStrOption config.lib.stylix.colors.base01-rgb-b;
border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g; border-g = mkStrOption config.lib.stylix.colors.base01-rgb-g;
border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r; border-r = mkStrOption config.lib.stylix.colors.base01-rgb-r;
}; };
font = { font = {
size = { size = {
application = mkIntOption 12; application = mkIntOption 12;
terminal = mkIntOption 14; terminal = mkIntOption 14;
popup = mkIntOption 12; popup = mkIntOption 12;
desktop = mkIntOption 14; desktop = mkIntOption 14;
}; };
serif = { serif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { }); package = mkPkgOption (pkgs.callPackage <package/applefont> {});
name = mkStrOption "SF Pro Display"; name = mkStrOption "SF Pro Display";
}; };
sansSerif = { sansSerif = {
package = mkPkgOption (pkgs.callPackage <package/applefont> { }); package = mkPkgOption (pkgs.callPackage <package/applefont> {});
name = mkStrOption "SF Pro Display"; name = mkStrOption "SF Pro Display";
}; };
monospace = { monospace = {
package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }); package = mkPkgOption (pkgs.nerdfonts.override { fonts = [ "Terminus" ]; });
name = mkStrOption "Terminess Nerd Font Mono"; name = mkStrOption "Terminess Nerd Font Mono";
}; };
emoji = { emoji = {
package = mkPkgOption pkgs.noto-fonts-emoji; package = mkPkgOption pkgs.noto-fonts-emoji;
name = mkStrOption "Noto Color Emoji"; name = mkStrOption "Noto Color Emoji";
}; };
}; };
opacity = { opacity = {
application = mkFloatOption 0.85; application = mkFloatOption 0.85;
desktop = mkFloatOption 0.85; desktop = mkFloatOption 0.85;
popup = mkFloatOption 0.85; popup = mkFloatOption 0.85;
terminal = mkFloatOption 0.85; terminal = mkFloatOption 0.85;
hex = mkStrOption "D9"; hex = mkStrOption "D9";
}; };
cursor = { cursor = {
name = mkStrOption "Adwaita"; name = mkStrOption "Adwaita";
package = mkPkgOption pkgs.adwaita-icon-theme; package = mkPkgOption pkgs.adwaita-icon-theme;
size = mkIntOption 14; size = mkIntOption 14;
}; };
window = { window = {
gap = mkIntOption 8; gap = mkIntOption 8;
border = mkIntOption 4; border = mkIntOption 4;
}; };
}; };
} }

67
config/Stylix.nix
View file

@ -1,42 +1,27 @@
{ { pkgs, config, __findFile, ... }: {
pkgs, stylix = {
config, enable = true;
__findFile, image = config.module.wallpaper.path;
... autoEnable = true;
}: polarity = "dark";
{ fonts = {
stylix = { inherit (config.style.font) serif sansSerif monospace emoji;
enable = true; sizes = {
image = config.module.wallpaper.path; inherit (config.style.font.size) terminal desktop;
autoEnable = true; applications = config.style.font.size.application;
polarity = "dark"; popups = config.style.font.size.popup;
fonts = { };
inherit (config.style.font) };
serif opacity = {
sansSerif inherit (config.style.opacity) desktop terminal;
monospace applications = config.style.opacity.application;
emoji popups = config.style.opacity.popups;
; };
sizes = { inherit (config.style) cursor;
inherit (config.style.font.size) terminal desktop; override = if config.module.wallpaper.forceContrastText then {
applications = config.style.font.size.application; base04 = "000000";
popups = config.style.font.size.popup; base05 = "ffffff";
}; base06 = "ffffff";
}; } else {};
opacity = { };
inherit (config.style.opacity) desktop terminal;
applications = config.style.opacity.application;
popups = config.style.opacity.popups;
};
inherit (config.style) cursor;
override =
if config.module.wallpaper.forceContrastText then
{
base04 = "000000";
base05 = "ffffff";
base06 = "ffffff";
}
else
{ };
};
} }

37
config/Wallpaper.nix
View file

@ -1,21 +1,18 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }: with lib; let
with lib; url = "https://i.imgur.com/gYy0mzG.jpeg";
let sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k";
url = "https://i.imgur.com/gYy0mzG.jpeg"; forceContrastText = true;
sha256 = "0pwnq84mdbv8nrarhnbkq77iabwgh7znr0yig3fnshamxl2a3k7k"; in {
forceContrastText = true; options = {
in module.wallpaper = {
{ forceContrastText = mkOption {
options = { default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText;
module.wallpaper = { type = types.bool;
forceContrastText = mkOption { };
default = warnIf forceContrastText "Style : Forced text contrast." forceContrastText; path = mkOption {
type = types.bool; default = pkgs.fetchurl { inherit url sha256; };
}; type = types.path;
path = mkOption { };
default = pkgs.fetchurl { inherit url sha256; }; };
type = types.path; };
};
};
};
} }

100
container/Change.nix
View file

@ -1,59 +1,49 @@
{ { container, lib, config, ... } @args: with lib; let
container, cfg = config.container.module.change;
lib, in {
config, options = {
... container.module.change = {
}@args: enable = mkEnableOption "Change detection service";
with lib; address = mkOption {
let default = "10.1.0.41";
cfg = config.container.module.change; type = types.str;
in };
{ port = mkOption {
options = { default = 5000;
container.module.change = { type = types.int;
enable = mkEnableOption "Change detection service"; };
address = mkOption { domain = mkOption {
default = "10.1.0.41"; default = "change.${config.container.domain}";
type = types.str; type = types.str;
}; };
port = mkOption { storage = mkOption {
default = 5000; default = "${config.container.storage}/change";
type = types.int; type = types.str;
}; };
domain = mkOption { };
default = "change.${config.container.domain}"; };
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/change";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.change = container.mkContainer cfg { containers.change = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/changedetection-io" = { "/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.changedetection-io = {
container.mkContainerConfig cfg { enable = true;
services.changedetection-io = { baseURL = cfg.domain;
enable = true; behindProxy = true;
baseURL = cfg.domain; listenAddress = cfg.address;
behindProxy = true; };
listenAddress = cfg.address; };
}; };
}; };
};
};
} }

148
container/Cloud.nix
View file

@ -1,87 +1,73 @@
{ { container, pkgs, lib, config, ... } @args: with lib; let
container, cfg = config.container.module.cloud;
pkgs,
lib,
config,
...
}@args:
with lib;
let
cfg = config.container.module.cloud;
postgres = config.container.module.postgres; postgres = config.container.module.postgres;
proxy = config.container.module.proxy; proxy = config.container.module.proxy;
in in {
{ options = {
options = { container.module.cloud = {
container.module.cloud = { enable = mkEnableOption "File cloud service";
enable = mkEnableOption "File cloud service"; address = mkOption {
address = mkOption { default = "10.1.0.13";
default = "10.1.0.13"; type = types.str;
type = types.str; };
}; port = mkOption {
port = mkOption { default = 80;
default = 80; type = types.int;
type = types.int; };
}; domain = mkOption {
domain = mkOption { default = "cloud.${config.container.domain}";
default = "cloud.${config.container.domain}"; type = types.str;
type = types.str; };
}; storage = mkOption {
storage = mkOption { default = "${config.container.storage}/cloud";
default = "${config.container.storage}/cloud"; type = types.str;
type = types.str; };
}; };
}; };
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.cloud = container.mkContainer cfg { containers.cloud = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/nextcloud" = { "/var/lib/nextcloud" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { config, ... }: container.mkContainerConfig cfg {
{ config, ... }: services.nextcloud = {
container.mkContainerConfig cfg { enable = true;
services.nextcloud = { # package = pkgs.nextcloud29;
enable = true; hostName = cfg.domain;
# package = pkgs.nextcloud29; # phpOptions = {
hostName = cfg.domain; # memory_limit = lib.mkForce "20G";
# phpOptions = { # };
# memory_limit = lib.mkForce "20G"; config = {
# }; adminuser = "root";
config = { adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
adminuser = "root";
adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}";
dbhost = postgres.address; dbhost = postgres.address;
dbname = "nextcloud"; dbname = "nextcloud";
dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}"; dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}";
dbtype = "pgsql"; dbtype = "pgsql";
dbuser = "nextcloud"; dbuser = "nextcloud";
}; };
extraApps = { extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice; inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice;
}; };
extraAppsEnable = true; extraAppsEnable = true;
settings = { settings = {
trusted_domains = [ trusted_domains = [ cfg.address cfg.domain ];
cfg.address trusted_proxies = [ proxy.address ];
cfg.domain allow_local_remote_servers = true;
]; };
trusted_proxies = [ proxy.address ]; };
allow_local_remote_servers = true; };
}; };
}; };
};
};
};
} }

113
container/Ddns.nix
View file

@ -1,67 +1,54 @@
{ { container, lib, config, ... } @args: with lib; let
container, cfg = config.container.module.ddns;
lib, in {
config, options = {
... container.module.ddns = {
}@args: enable = mkEnableOption "Dynamic dns client.";
with lib; address = mkOption {
let default = "10.1.0.31";
cfg = config.container.module.ddns; type = types.str;
in };
{ storage = mkOption {
options = { default = "${config.container.storage}/ddns";
container.module.ddns = { type = types.str;
enable = mkEnableOption "Dynamic dns client."; };
address = mkOption { };
default = "10.1.0.31"; };
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/ddns";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.ddns = container.mkContainer cfg { containers.ddns = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/data" = { "/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.cloudflare-dyndns = {
container.mkContainerConfig cfg { enable = true;
services.cloudflare-dyndns = { apiTokenFile = "/data/token";
enable = true; deleteMissing = false;
apiTokenFile = "/data/token"; ipv4 = true;
deleteMissing = false; ipv6 = false;
ipv4 = true; proxied = false;
ipv6 = false; domains = let
proxied = false; domain = config.container.domain;
domains = in [ domain ] ++ map (sub: "${sub}.${domain}") [
let "cloud"
domain = config.container.domain; "git"
in "mail"
[ domain ] "office"
++ map (sub: "${sub}.${domain}") [ "paste"
"cloud" "play"
"git" "vpn"
"mail" ];
"office" };
"paste" };
"play" };
"vpn" };
];
};
};
};
};
} }

259
container/Dns.nix
View file

@ -1,141 +1,128 @@
{ { container, pkgs, lib, config, util, ... } @args: with lib; let
container, cfg = config.container.module.dns;
pkgs, in {
lib, options = {
config, container.module.dns = {
util, enable = mkEnableOption "Dns server.";
... address = mkOption {
}@args: default = "10.1.0.6";
with lib; type = types.str;
let };
cfg = config.container.module.dns; port = mkOption {
in default = 53;
{ type = types.int;
options = { };
container.module.dns = { };
enable = mkEnableOption "Dns server."; };
address = mkOption {
default = "10.1.0.6";
type = types.str;
};
port = mkOption {
default = 53;
type = types.int;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
containers.dns = container.mkContainer cfg { containers.dns = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = [
container.mkContainerConfig cfg { pkgs.cloudflared
environment.systemPackages = [ ];
pkgs.cloudflared
];
systemd.services.cloudflared = { systemd.services.cloudflared = {
description = "Cloudflare DoH server."; description = "Cloudflare DoH server.";
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054"; ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054";
}; };
}; };
services.blocky = { services.blocky = {
enable = true; enable = true;
settings = { settings = {
upstream = { upstream = {
default = [ default = [
"0.0.0.0:5054" "0.0.0.0:5054"
"0.0.0.0:5054" "0.0.0.0:5054"
]; ];
}; };
blocking = { blocking = {
blackLists = { blackLists = {
suspicious = [ suspicious = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts" "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt" "https://v.firebog.net/hosts/static/w3kbl.txt"
]; ];
ads = [ ads = [
"https://easylist-downloads.adblockplus.org/bitblock.txt" "https://easylist-downloads.adblockplus.org/bitblock.txt"
"https://adaway.org/hosts.txt" "https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt" "https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt" "https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt" "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt" "https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts" "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts" "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt" "https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt"
]; ];
tracking = [ tracking = [
"https://v.firebog.net/hosts/Easyprivacy.txt" "https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt" "https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts" "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt" "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt" "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
]; ];
malicious = [ malicious = [
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt" "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt" "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt" "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt" "https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts" "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt" "https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt" "https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt" "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://v.firebog.net/hosts/RPiList-Malware.txt" "https://v.firebog.net/hosts/RPiList-Malware.txt"
"https://v.firebog.net/hosts/RPiList-Phishing.txt" "https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt" "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts" "https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://urlhaus.abuse.ch/downloads/hostfile/" "https://urlhaus.abuse.ch/downloads/hostfile/"
]; ];
other = [ other = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser" "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
]; ];
}; };
# whiteLists = { # whiteLists = {
# other = [ # other = [
# "/.*.vk.com/" # "/.*.vk.com/"
# ]; # ];
# }; # };
clientGroupsBlock = { clientGroupsBlock = {
default = [ default = [
"suspicious" "suspicious"
"ads" "ads"
"tracking" "tracking"
"malicious" "malicious"
"other" "other"
]; ];
}; };
}; };
customDNS = { customDNS = {
mapping = mapping = let
let block = "0.0.0.0";
block = "0.0.0.0"; in {
in # All subdomains to current host.
{ # ${config.container.domain} = config.container.host;
# All subdomains to current host. "voronind.com" = "10.0.0.1";
# ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1";
# Blocklist. # Blocklist.
"gosuslugi.ru" = block; "gosuslugi.ru" = block;
"rutube.ru" = block; "rutube.ru" = block;
"vk.com" = block; "vk.com" = block;
}; };
}; };
port = cfg.port; port = cfg.port;
# httpPort = "80"; # httpPort = "80";
}; };
}; };
}; };
}; };
}; };
} }

118
container/Download.nix
View file

@ -1,70 +1,60 @@
{ { container, lib, config, ... }: with lib; let
container, cfg = config.container.module.download;
lib, in {
config, options = {
... container.module.download = {
}: enable = mkEnableOption "Downloader.";
with lib; address = mkOption {
let default = "10.1.0.12";
cfg = config.container.module.download; type = types.str;
in };
{ port = mkOption {
options = { default = 8112;
container.module.download = { type = types.int;
enable = mkEnableOption "Downloader."; };
address = mkOption { domain = mkOption {
default = "10.1.0.12"; default = "download.${config.container.domain}";
type = types.str; type = types.str;
}; };
port = mkOption { storage = mkOption {
default = 8112; default = "${config.container.storage}/download";
type = types.int; type = types.str;
}; };
domain = mkOption { memLimit = mkOption {
default = "download.${config.container.domain}"; default = "4G";
type = types.str; type = types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/download"; };
type = types.str;
};
memLimit = mkOption {
default = "4G";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.download = container.mkContainer cfg { containers.download = container.mkContainer cfg {
enableTun = true; enableTun = true;
bindMounts = { bindMounts = {
"/var/lib/deluge/.config/deluge" = { "/var/lib/deluge/.config/deluge" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
} // container.attachMedia "download" false; } // container.attachMedia "download" false;
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.deluge = {
container.mkContainerConfig cfg { enable = true;
services.deluge = { dataDir = "/var/lib/deluge";
enable = true; web.enable = true;
dataDir = "/var/lib/deluge"; };
web.enable = true;
};
systemd.services.deluged.serviceConfig = { systemd.services.deluged.serviceConfig = {
MemoryLimit = cfg.memLimit; MemoryLimit = cfg.memLimit;
Restart = lib.mkForce "always"; Restart = lib.mkForce "always";
RuntimeMaxSec = "1d"; RuntimeMaxSec = "1d";
}; };
}; };
}; };
}; };
} }

224
container/Frkn.nix
View file

@ -1,132 +1,118 @@
# TODO: Saved just in case for the dark future. # TODO: Saved just in case for the dark future.
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна" # в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
{ { container, pkgs, lib, config, __findFile, ... }: with lib; let
container, cfg = config.container.module.frkn;
pkgs, in {
lib, options = {
config, container.module.frkn = {
__findFile, enable = mkEnableOption "FRKN";
... address = mkOption {
}: default = "10.1.0.69";
with lib; type = types.str;
let };
cfg = config.container.module.frkn; port = mkOption {
in default = 1080;
{ type = types.int;
options = { };
container.module.frkn = { torport = mkOption {
enable = mkEnableOption "FRKN"; default = 9150;
address = mkOption { type = types.int;
default = "10.1.0.69"; };
type = types.str; xrayport = mkOption {
}; default = 1081;
port = mkOption { type = types.int;
default = 1080; };
type = types.int; storage = mkOption {
}; default = "${config.container.storage}/frkn";
torport = mkOption { type = types.str;
default = 9150; };
type = types.int; };
}; };
xrayport = mkOption {
default = 1081;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/frkn";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.frkn = container.mkContainer cfg { containers.frkn = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/data" = { "/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: boot.kernel.sysctl = {
container.mkContainerConfig cfg { "net.ipv4.conf.all.src_valid_mark" = 1;
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1;
"net.ipv4.conf.all.src_valid_mark" = 1; };
"net.ipv4.ip_forward" = 1;
};
imports = [ <module/Zapret.nix> ]; imports = [ <module/Zapret.nix> ];
module.zapret = { module.zapret = {
enable = true; enable = true;
params = config.module.zapret.params; params = config.module.zapret.params;
}; };
services = { services = {
microsocks = { microsocks = {
enable = true; enable = true;
ip = cfg.address; ip = cfg.address;
port = cfg.port; port = cfg.port;
disableLogging = true; disableLogging = true;
#authUsername #authUsername
#outgoingBindIp #outgoingBindIp
#authOnce #authOnce
}; };
tor = { tor = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = settings = let
let exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}"; in {
in # ExcludeExitNodes = exclude;
{ # ExcludeNodes = exclude;
# ExcludeExitNodes = exclude; #DNSPort = dnsport;
# ExcludeNodes = exclude; UseBridges = true;
#DNSPort = dnsport; ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
UseBridges = true; Bridge = [
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird"; "obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
Bridge = [ "obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0" "obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0" "obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0" ];
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0" };
];
};
client = { client = {
enable = true; enable = true;
#dns.enable = true; #dns.enable = true;
socksListenAddress = { socksListenAddress = {
IsolateDestAddr = true; IsolateDestAddr = true;
addr = cfg.address; addr = cfg.address;
port = cfg.torport; port = cfg.torport;
}; };
}; };
}; };
xray = { xray = {
enable = true; enable = true;
settingsFile = "/data/Client.json"; settingsFile = "/data/Client.json";
}; };
}; };
systemd = { systemd = {
services.tor.wantedBy = lib.mkForce [ ]; services.tor.wantedBy = lib.mkForce [];
timers.tor = { timers.tor = {
timerConfig = { timerConfig = {
OnBootSec = 5; OnBootSec = 5;
Unit = "tor.service"; Unit = "tor.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
}; };
}; };
}; };
}; };
}; };
} }

215
container/Git.nix
View file

@ -1,123 +1,108 @@
{ { container, pkgs, config, lib, ... }: with lib; let
container, cfg = config.container.module.git;
pkgs, in {
config, options = {
lib, container.module.git = {
... enable = mkEnableOption "Git server.";
}: address = mkOption {
with lib; default = "10.1.0.8";
let type = types.str;
cfg = config.container.module.git; };
in port = mkOption {
{ default = 3000;
options = { type = types.int;
container.module.git = { };
enable = mkEnableOption "Git server."; portSsh = mkOption {
address = mkOption { default = 22144;
default = "10.1.0.8"; type = types.int;
type = types.str; };
}; domain = mkOption {
port = mkOption { default = "git.${config.container.domain}";
default = 3000; type = types.str;
type = types.int; };
}; storage = mkOption {
portSsh = mkOption { default = "${config.container.storage}/git";
default = 22144; type = types.str;
type = types.int; };
}; };
domain = mkOption { };
default = "git.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/git";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.git = container.mkContainer cfg { containers.git = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/forgejo" = { "/var/lib/forgejo" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = with pkgs; [ forgejo ];
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ forgejo ];
services.forgejo = { services.forgejo = {
enable = true; enable = true;
stateDir = "/var/lib/forgejo"; stateDir = "/var/lib/forgejo";
database = database = let
let postgre = config.container.module.postgres;
postgre = config.container.module.postgres; in {
in type = "postgres";
{ host = postgre.address;
type = "postgres"; port = postgre.port;
host = postgre.address; user = "forgejo";
port = postgre.port; name = "forgejo";
user = "forgejo"; createDatabase = false;
name = "forgejo"; };
createDatabase = false;
};
settings = settings = let
let gcArgs = "--aggressive --no-cruft --prune=now";
gcArgs = "--aggressive --no-cruft --prune=now"; gcTimeout = 600;
gcTimeout = 600; in {
in "service".DISABLE_REGISTRATION = true;
{ "log".LEVEL = "Error";
"service".DISABLE_REGISTRATION = true; "server" = {
"log".LEVEL = "Error"; DOMAIN = cfg.domain;
"server" = { HTTP_ADDR = cfg.address;
DOMAIN = cfg.domain; ROOT_URL = "https://${cfg.domain}";
HTTP_ADDR = cfg.address;
ROOT_URL = "https://${cfg.domain}";
BUILTIN_SSH_SERVER_USER = "git"; BUILTIN_SSH_SERVER_USER = "git";
DISABLE_SSH = false; DISABLE_SSH = false;
SSH_PORT = cfg.portSsh; SSH_PORT = cfg.portSsh;
START_SSH_SERVER = true; START_SSH_SERVER = true;
}; };
"ui" = { "ui" = {
AMBIGUOUS_UNICODE_DETECTION = false; AMBIGUOUS_UNICODE_DETECTION = false;
}; };
"repository" = { "repository" = {
DEFAULT_PRIVATE = "private"; DEFAULT_PRIVATE = "private";
DEFAULT_PUSH_CREATE_PRIVATE = true; DEFAULT_PUSH_CREATE_PRIVATE = true;
}; };
"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase"; "repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
"repository.issue".MAX_PINNED = 99999; "repository.issue".MAX_PINNED = 99999;
"cron" = { "cron" = {
ENABLED = true; ENABLED = true;
RUN_AT_START = true; RUN_AT_START = true;
}; };
"repo-archive".ENABLED = false; "repo-archive".ENABLED = false;
"cron.update_mirrors".SCHEDULE = "@midnight"; "cron.update_mirrors".SCHEDULE = "@midnight";
"cron.cleanup_actions".ENABLED = true; "cron.cleanup_actions".ENABLED = true;
"cron.git_gc_repos" = { "cron.git_gc_repos" = {
ENABLED = true; ENABLED = true;
SCHEDULE = "@midnight"; SCHEDULE = "@midnight";
TIMEOUT = gcTimeout; TIMEOUT = gcTimeout;
ARGS = gcArgs; ARGS = gcArgs;
}; };
"git" = { "git" = {
GC_ARGS = gcArgs; GC_ARGS = gcArgs;
}; };
"git.timeout".GC = gcTimeout; "git.timeout".GC = gcTimeout;
}; };
}; };
}; };
}; };
}; };
} }

135
container/Hdd.nix
View file

@ -1,81 +1,70 @@
# ISSUE: Broken, can't read/write sda device. # ISSUE: Broken, can't read/write sda device.
{ { container, pkgs, config, lib, ... }: with lib; let
container, cfg = config.container.module.hdd;
pkgs, in {
config, options = {
lib, container.module.hdd = {
... enable = mkEnableOption "Hdd health monitor.";
}: address = mkOption {
with lib; default = "10.1.0.10";
let type = types.str;
cfg = config.container.module.hdd; };
in port = mkOption {
{ default = 8080;
options = { type = types.int;
container.module.hdd = { };
enable = mkEnableOption "Hdd health monitor."; domain = mkOption {
address = mkOption { default = "hdd.${config.container.domain}";
default = "10.1.0.10"; type = types.str;
type = types.str; };
}; storage = mkOption {
port = mkOption { default = "${config.container.storage}/hdd";
default = 8080; type = types.str;
type = types.int; };
}; };
domain = mkOption { };
default = "hdd.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/hdd";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.hdd = container.mkContainer cfg { containers.hdd = container.mkContainer cfg {
# bindMounts = let # bindMounts = let
# attachDrive = hostPath: { # attachDrive = hostPath: {
# inherit hostPath; # inherit hostPath;
# isReadOnly = false; # isReadOnly = false;
# }; # };
# in { # in {
# "/opt/scrutiny" = { # "/opt/scrutiny" = {
# hostPath = "${cfg.storage}/data"; # hostPath = "${cfg.storage}/data";
# isReadOnly = false; # isReadOnly = false;
# }; # };
# "/dev/sda" = attachDrive "/dev/sda"; # "/dev/sda" = attachDrive "/dev/sda";
# }; # };
# allowedDevices = [ # allowedDevices = [
# { # {
# modifier = "rwm"; # modifier = "rwm";
# node = "/dev/sda"; # node = "/dev/sda";
# } # }
# ]; # ];
# additionalCapabilities = [ "CAP_SYS_ADMIN" ]; # additionalCapabilities = [ "CAP_SYS_ADMIN" ];
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = with pkgs; [ smartmontools ];
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ smartmontools ];
services.scrutiny = { services.scrutiny = {
enable = true; enable = true;
settings.web = { settings.web = {
listen = { listen = {
host = cfg.address; host = cfg.address;
port = cfg.port; port = cfg.port;
}; };
}; };
}; };
}; };
}; };
}; };
} }

95
container/Home.nix
View file

@ -1,58 +1,45 @@
{ { container, pkgs, util, lib, config, __findFile, ... } @args: with lib; let
container, cfg = config.container.module.home;
pkgs, package = (pkgs.callPackage <package/homer> args);
util, in {
lib, options = {
config, container.module.home = {
__findFile, enable = mkEnableOption "Dashboard.";
... address = mkOption {
}@args: default = "10.1.0.18";
with lib; type = types.str;
let };
cfg = config.container.module.home; port = mkOption {
package = (pkgs.callPackage <package/homer> args); default = 80;
in type = types.int;
{ };
options = { domain = mkOption {
container.module.home = { default = "home.${config.container.domain}";
enable = mkEnableOption "Dashboard."; type = types.str;
address = mkOption { };
default = "10.1.0.18"; };
type = types.str; };
};
port = mkOption {
default = 80;
type = types.int;
};
domain = mkOption {
default = "home.${config.container.domain}";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
containers.home = container.mkContainer cfg { containers.home = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = [ package ];
container.mkContainerConfig cfg { systemd.packages = [ package ];
environment.systemPackages = [ package ];
systemd.packages = [ package ];
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts.${cfg.domain} = container.mkServer { virtualHosts.${cfg.domain} = container.mkServer {
default = true; default = true;
root = "${package}"; root = "${package}";
locations = { locations = {
"/".extraConfig = '' "/".extraConfig = ''
try_files $uri $uri/index.html; try_files $uri $uri/index.html;
''; '';
}; };
}; };
}; };
}; };
}; };
}; };
} }

221
container/Iot.nix
View file

@ -1,125 +1,110 @@
{ { container, lib, config, pkgsStable, ... }: with lib; let
container, cfg = config.container.module.iot;
lib, in {
config, options = {
pkgsStable, container.module.iot = {
... enable = mkEnableOption "IoT service.";
}: address = mkOption {
with lib; default = "10.1.0.27";
let type = types.str;
cfg = config.container.module.iot; };
in port = mkOption {
{ default = 8123;
options = { type = types.int;
container.module.iot = { };
enable = mkEnableOption "IoT service."; domain = mkOption {
address = mkOption { default = "iot.${config.container.domain}";
default = "10.1.0.27"; type = types.str;
type = types.str; };
}; storage = mkOption {
port = mkOption { default = "${config.container.storage}/iot";
default = 8123; type = types.str;
type = types.int; };
}; };
domain = mkOption { };
default = "iot.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/iot";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.iot = container.mkContainer cfg { containers.iot = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/hass" = { "/var/lib/hass" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
"/dev/ttyACM0" = { "/dev/ttyACM0" = {
hostPath = "/dev/ttyACM0"; hostPath = "/dev/ttyACM0";
isReadOnly = false; isReadOnly = false;
}; };
"/dev/serial/by-id" = { "/dev/serial/by-id" = {
hostPath = "/dev/serial/by-id"; hostPath = "/dev/serial/by-id";
isReadOnly = false; isReadOnly = false;
}; };
} // container.attachMedia "photo" true; } // container.attachMedia "photo" true;
allowedDevices = [ allowedDevices = [
{ {
modifier = "rwm"; modifier = "rwm";
node = "/dev/ttyACM0"; node = "/dev/ttyACM0";
} }
]; ];
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: # Allow Hass to talk to Zigbee dongle.
container.mkContainerConfig cfg { users.users.hass.extraGroups = [ "dialout" "tty" ];
# Allow Hass to talk to Zigbee dongle.
users.users.hass.extraGroups = [
"dialout"
"tty"
];
services.home-assistant = { services.home-assistant = {
# NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`. # NOTE: Missing: hacs. Inside hacs: `card-mod`, `Clock Weather Card`, `WallPanel` and `Yandex.Station`.
enable = true; enable = true;
extraComponents = [ extraComponents = [
"caldav" "caldav"
"met" "met"
"sun" "sun"
"systemmonitor" "systemmonitor"
"zha" "zha"
]; ];
extraPackages = extraPackages = python3Packages: with python3Packages; [
python3Packages: with python3Packages; [ aiodhcpwatcher
aiodhcpwatcher aiodiscover
aiodiscover aiogithubapi
aiogithubapi arrow
arrow async-upnp-client
async-upnp-client av
av gtts
gtts ha-ffmpeg
ha-ffmpeg hassil
hassil home-assistant-intents
home-assistant-intents mutagen
mutagen numpy
numpy pymicro-vad
pymicro-vad pynacl
pynacl python-telegram-bot
python-telegram-bot pyturbojpeg
pyturbojpeg pyspeex-noise
pyspeex-noise zeroconf
zeroconf ];
]; configDir = "/var/lib/hass";
configDir = "/var/lib/hass"; # lovelaceConfig = {
# lovelaceConfig = { # title = "Home IoT control center.";
# title = "Home IoT control center."; # };
# }; # NOTE: Using imperative config because of secrets.
# NOTE: Using imperative config because of secrets. config = null;
config = null; };
};
# HACK: Delay so that nextcloud calendar can reply on reboot. # HACK: Delay so that nextcloud calendar can reply on reboot.
systemd = { systemd = {
services."home-assistant".wantedBy = mkForce [ ]; services."home-assistant".wantedBy = mkForce [];
timers.fixsystemd = { timers.fixsystemd = {
timerConfig = { timerConfig = {
OnBootSec = 15; OnBootSec = 15;
Unit = "home-assistant.service"; Unit = "home-assistant.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
}; };
}; };
}; };
}; };
}; };
} }

139
container/Jobber.nix
View file

@ -1,85 +1,66 @@
{ { container, pkgsJobber, poetry2nixJobber, lib, config, __findFile, ... }: with lib; let
container, cfg = config.container.module.jobber;
pkgsJobber, script = import <package/jobber> { poetry2nix = poetry2nixJobber; pkgs = pkgsJobber; };
poetry2nixJobber, in {
lib, options = {
config, container.module.jobber = {
__findFile, enable = mkEnableOption "Button pusher Stanley.";
... address = mkOption {
}: default = "10.1.0.32";
with lib; type = types.str;
let };
cfg = config.container.module.jobber; storage = mkOption {
script = import <package/jobber> { default = "${config.container.storage}/jobber";
poetry2nix = poetry2nixJobber; type = types.str;
pkgs = pkgsJobber; };
}; };
in };
{
options = {
container.module.jobber = {
enable = mkEnableOption "Button pusher Stanley.";
address = mkOption {
default = "10.1.0.32";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/jobber";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.jobber = container.mkContainer cfg { containers.jobber = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/data" = { "/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = true; isReadOnly = true;
}; };
}; };
enableTun = true; enableTun = true;
config = config = { lib, ... }: let
{ lib, ... }: packages = [ script ] ++ (with pkgsJobber; [
let firefox
packages = geckodriver
[ script ] openvpn
++ (with pkgsJobber; [ python311
firefox ]);
geckodriver in container.mkContainerConfig cfg {
openvpn networking = lib.mkForce {
python311 nameservers = [
]); "10.30.218.2"
in ];
container.mkContainerConfig cfg { };
networking = lib.mkForce {
nameservers = [
"10.30.218.2"
];
};
systemd.services.jobber = { systemd.services.jobber = {
description = "My job is pushing the button."; description = "My job is pushing the button.";
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = packages; path = packages;
environment = { environment = {
PYTHONUNBUFFERED = "1"; PYTHONUNBUFFERED = "1";
PYTHONDONTWRITEBYTECODE = "1"; PYTHONDONTWRITEBYTECODE = "1";
}; };
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${script}/bin/jobber -u"; ExecStart = "${script}/bin/jobber -u";
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };
}; };
}; };
}; };
} }

438
container/Mail.nix
View file

@ -1,246 +1,228 @@
# Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html # Guide: https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
{ { container, pkgs, util, const, lib, config, ... }: with lib; let
container, cfg = config.container.module.mail;
pkgs, domain = config.container.domain;
util, in {
const, options = {
lib, container.module.mail = {
config, enable = mkEnableOption "Email server.";
... address = mkOption {
}: default = "10.1.0.5";
with lib; type = types.str;
let };
cfg = config.container.module.mail; port = mkOption {
domain = config.container.domain; default = 80;
in type = types.int;
{ };
options = { domain = mkOption {
container.module.mail = { default = "mail.${config.container.domain}";
enable = mkEnableOption "Email server."; type = types.str;
address = mkOption { };
default = "10.1.0.5"; storage = mkOption {
type = types.str; default = "${config.container.storage}/mail";
}; type = types.str;
port = mkOption { };
default = 80; };
type = types.int; };
};
domain = mkOption {
default = "mail.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/mail";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
# "data/indices" # "data/indices"
# "data/vmail" # "data/vmail"
# "data/sieve" # "data/sieve"
# "data/dkim" # "data/dkim"
]; ];
containers.mail = container.mkContainer cfg { containers.mail = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/dovecot/indices" = { "/var/lib/dovecot/indices" = {
hostPath = "${cfg.storage}/data/indices"; hostPath = "${cfg.storage}/data/indices";
isReadOnly = false; isReadOnly = false;
}; };
"/var/vmail" = { "/var/vmail" = {
hostPath = "${cfg.storage}/data/vmail"; hostPath = "${cfg.storage}/data/vmail";
isReadOnly = false; isReadOnly = false;
}; };
"/var/sieve" = { "/var/sieve" = {
hostPath = "${cfg.storage}/data/sieve"; hostPath = "${cfg.storage}/data/sieve";
isReadOnly = false; isReadOnly = false;
}; };
"/var/dkim" = { "/var/dkim" = {
hostPath = "${cfg.storage}/data/dkim"; hostPath = "${cfg.storage}/data/dkim";
isReadOnly = false; isReadOnly = false;
}; };
"/acme" = { "/acme" = {
hostPath = "${config.container.module.proxy.storage}/letsencrypt"; hostPath = "${config.container.module.proxy.storage}/letsencrypt";
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = config = { config, ... }: container.mkContainerConfig cfg {
{ config, ... }: imports = [
container.mkContainerConfig cfg { (builtins.fetchTarball {
imports = [ url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz";
(builtins.fetchTarball { sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${const.stateVersion}/nixos-mailserver-nixos-${const.stateVersion}.tar.gz"; })
sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b"; ];
})
];
mailserver = { mailserver = {
enable = true; enable = true;
domains = [ domain ]; domains = [ domain ];
fqdn = cfg.domain; fqdn = cfg.domain;
sendingFqdn = domain; sendingFqdn = domain;
# Use `mkpasswd -sm bcrypt`. # Use `mkpasswd -sm bcrypt`.
loginAccounts = loginAccounts = let
let defaultQuota = "1G";
defaultQuota = "1G"; in {
in "admin@${domain}" = {
{ name = "admin";
"admin@${domain}" = { hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi";
name = "admin"; quota = defaultQuota;
hashedPassword = "$2b$05$1O.dxXxaVshcBNybcqDRYuTlnYt3jDBwfPZWoDtP4BjOLoL0StYsi"; };
quota = defaultQuota; "account@${domain}" = {
}; name = "account";
"account@${domain}" = { hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO";
name = "account"; quota = defaultQuota;
hashedPassword = "$2b$05$sCyZHdk98KqQ1qsTIvbrUeRJlNBOwBqDgpdc1QxiSnONlEkZ8xGNO"; };
quota = defaultQuota; "hi@${domain}" = {
}; name = "hi";
"hi@${domain}" = { hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq";
name = "hi"; quota = defaultQuota;
hashedPassword = "$2b$05$6fT5hIhzIasNfp9IQr/ds.5RuxH95VKU3QJWlX3hmrAzDF3mExanq"; aliases = [ "voronind@${domain}" ];
quota = defaultQuota; };
aliases = [ "voronind@${domain}" ]; "job@${domain}" = {
}; name = "job";
"job@${domain}" = { hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC";
name = "job"; quota = defaultQuota;
hashedPassword = "$2b$05$.sUmv2.9EWPfLwJn/oZw2e1UbR7HrpNQ2THc5jjX3ysy7CY8ZWHUC"; };
quota = defaultQuota; "trash@${domain}" = {
}; name = "trash";
"trash@${domain}" = { hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm";
name = "trash"; catchAll = [ domain ];
hashedPassword = "$2b$05$kn5ygZjN9NR3LXjnKKRw/.DXaZQNW.1XEottlCFIoKiDpIj.JGLJm"; quota = defaultQuota;
catchAll = [ domain ]; };
quota = defaultQuota; "noreply@${domain}" = {
}; name = "noreply";
"noreply@${domain}" = { hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK";
name = "noreply"; sendOnly = true;
hashedPassword = "$2b$05$TaKwoYmcmkAhsRRv6xG5wOkChcz50cB9BP6QPUDKNAcxMbrY6AeMK"; quota = defaultQuota;
sendOnly = true; };
quota = defaultQuota; };
};
};
enableImap = true; enableImap = true;
enableImapSsl = true; enableImapSsl = true;
enableSubmission = true; enableSubmission = true;
enableSubmissionSsl = true; enableSubmissionSsl = true;
enableManageSieve = true; enableManageSieve = true;
virusScanning = false; virusScanning = false;
certificateScheme = "manual"; certificateScheme = "manual";
keyFile = "/acme/live/${domain}/privkey.pem"; keyFile = "/acme/live/${domain}/privkey.pem";
certificateFile = "/acme/live/${domain}/cert.pem"; certificateFile = "/acme/live/${domain}/cert.pem";
indexDir = "/var/lib/dovecot/indices"; indexDir = "/var/lib/dovecot/indices";
mailDirectory = "/var/vmail"; mailDirectory = "/var/vmail";
sieveDirectory = "/var/sieve"; sieveDirectory = "/var/sieve";
dkimKeyDirectory = "/var/dkim"; dkimKeyDirectory = "/var/dkim";
mailboxes = { mailboxes = {
All = { All = {
auto = "subscribe"; auto = "subscribe";
specialUse = "All"; specialUse = "All";
}; };
Archive = { Archive = {
auto = "subscribe"; auto = "subscribe";
specialUse = "Archive"; specialUse = "Archive";
}; };
Drafts = { Drafts = {
auto = "subscribe"; auto = "subscribe";
specialUse = "Drafts"; specialUse = "Drafts";
}; };
Junk = { Junk = {
auto = "subscribe"; auto = "subscribe";
specialUse = "Junk"; specialUse = "Junk";
# autoexpunge = "3d"; # autoexpunge = "3d";
}; };
Sent = { Sent = {
auto = "subscribe"; auto = "subscribe";
specialUse = "Sent"; specialUse = "Sent";
}; };
Trash = { Trash = {
auto = "subscribe"; auto = "subscribe";
specialUse = "Trash"; specialUse = "Trash";
# autoexpunge = "30d"; # autoexpunge = "30d";
}; };
}; };
dmarcReporting = { dmarcReporting = {
inherit domain; inherit domain;
enable = true; enable = true;
organizationName = "voronind"; organizationName = "voronind";
# email = "noreply@${domain}"; # email = "noreply@${domain}";
}; };
# monitoring = { # monitoring = {
# enable = true; # enable = true;
# alertAddress = "admin@${domain}"; # alertAddress = "admin@${domain}";
# }; # };
}; };
services = { services = {
roundcube = { roundcube = {
enable = true; enable = true;
dicts = with pkgs.aspellDicts; [ dicts = with pkgs.aspellDicts; [ en ru ];
en hostName = cfg.domain;
ru plugins = [
]; "managesieve"
hostName = cfg.domain; ];
plugins = [ extraConfig = ''
"managesieve" # starttls needed for authentication, so the fqdn required to match
]; # the certificate
extraConfig = '' # $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
# starttls needed for authentication, so the fqdn required to match # $config['smtp_server'] = "tls://localhost";
# the certificate $config['smtp_server'] = "localhost:25";
# $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_auth_type'] = null;
# $config['smtp_server'] = "tls://localhost"; $config['smtp_user'] = "";
$config['smtp_server'] = "localhost:25"; $config['smtp_pass'] = "";
$config['smtp_auth_type'] = null; # $config['smtp_user'] = "%u";
$config['smtp_user'] = ""; # $config['smtp_pass'] = "%p";
$config['smtp_pass'] = ""; '';
# $config['smtp_user'] = "%u"; };
# $config['smtp_pass'] = "%p";
'';
};
nginx = { nginx = {
virtualHosts.${cfg.domain} = { virtualHosts.${cfg.domain} = {
forceSSL = false; forceSSL = false;
enableACME = false; enableACME = false;
}; };
}; };
}; };
systemd = { systemd = {
services.autoexpunge = { services.autoexpunge = {
description = "Delete old mail"; description = "Delete old mail";
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
path = [ pkgs.dovecot ]; path = [ pkgs.dovecot ];
script = '' script = ''
doveadm expunge -A mailbox Junk SENTBEFORE 7d doveadm expunge -A mailbox Junk SENTBEFORE 7d
doveadm expunge -A mailbox Trash SENTBEFORE 30d doveadm expunge -A mailbox Trash SENTBEFORE 30d
doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d doveadm expunge -u trash@voronind.com mailbox Inbox SENTBEFORE 30d
doveadm purge -A doveadm purge -A
''; '';
}; };
timers.autoexpunge = { timers.autoexpunge = {
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
Persistent = true; Persistent = true;
Unit = "autoexpunge.service"; Unit = "autoexpunge.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
}; };
}; };
}; };
}; };
}; };
} }

174
container/Office.nix
View file

@ -2,107 +2,93 @@
# 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason. # 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason.
# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS # 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
# See https://git.voronind.com/voronind/nixos/issues/74 # See https://git.voronind.com/voronind/nixos/issues/74
{ { container, pkgs, util, lib, config, ... }: with lib; let
container, cfg = config.container.module.office;
pkgs, in {
util, options = {
lib, container.module.office = {
config, enable = mkEnableOption "Office web suite.";
... address = mkOption {
}: default = "10.1.0.21";
with lib; type = types.str;
let };
cfg = config.container.module.office; port = mkOption {
in default = 8000;
{ type = types.int;
options = { };
container.module.office = { domain = mkOption {
enable = mkEnableOption "Office web suite."; default = "office.${config.container.domain}";
address = mkOption { type = types.str;
default = "10.1.0.21"; };
type = types.str; storage = mkOption {
}; default = "${config.container.storage}/office";
port = mkOption { type = types.str;
default = 8000; };
type = types.int; };
}; };
domain = mkOption {
default = "office.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/office";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.office = container.mkContainer cfg { containers.office = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/onlyoffice" = { "/var/lib/onlyoffice" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config =
{ pkgs, ... }:
container.mkContainerConfig cfg {
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.office = {
autoStart = true;
image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
# ports = [ "${toString cfg.port}:8000" ];
extraOptions = [
"--network=host"
"--privileged"
];
environment = {
JWT_ENABLED = "true";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
DB_HOST = config.container.module.postgres.address;
DB_PORT = toString config.container.module.postgres.port;
DB_NAME = "onlyoffice";
DB_USER = "onlyoffice";
DB_PWD = "onlyoffice";
};
};
};
# config = { pkgs, ... }: container.mkContainerConfig cfg { # HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig). config = { pkgs, ... }: container.mkContainerConfig cfg {
# nixpkgs.overlays = [ (final: prev: { virtualisation.oci-containers.backend = "docker";
# corefonts = prev.corefonts.overrideAttrs (old: { virtualisation.oci-containers.containers.office = {
# meta.license = mkForce licenses.mit; autoStart = true;
# }); image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
# })]; # ports = [ "${toString cfg.port}:8000" ];
extraOptions = [ "--network=host" "--privileged" ];
environment = {
JWT_ENABLED = "true";
JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
DB_HOST = config.container.module.postgres.address;
DB_PORT = toString config.container.module.postgres.port;
DB_NAME = "onlyoffice";
DB_USER = "onlyoffice";
DB_PWD = "onlyoffice";
};
};
};
# services.onlyoffice = let # config = { pkgs, ... }: container.mkContainerConfig cfg {
# dbName = "onlyoffice"; # # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# in { # nixpkgs.overlays = [ (final: prev: {
# enable = true; # corefonts = prev.corefonts.overrideAttrs (old: {
# hostname = cfg.domain; # meta.license = mkForce licenses.mit;
# });
# })];
# postgresName = dbName; # services.onlyoffice = let
# postgresHost = config.container.module.postgres.address; # dbName = "onlyoffice";
# postgresUser = dbName; # in {
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}"; # enable = true;
# hostname = cfg.domain;
# jwtSecretFile = "/var/lib/onlyoffice/jwt"; # postgresName = dbName;
# postgresHost = config.container.module.postgres.address;
# postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; # jwtSecretFile = "/var/lib/onlyoffice/jwt";
# examplePort = cfg.port; # rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# enableExampleServer = true;
# }; # examplePort = cfg.port;
# }; # enableExampleServer = true;
}; # };
}; # };
};
};
} }

194
container/Paper.nix
View file

@ -1,108 +1,96 @@
{ { container, pkgs, pkgsStable, lib, config, ... }: with lib; let
container, cfg = config.container.module.paper;
pkgs, in {
pkgsStable, options = {
lib, container.module.paper = {
config, enable = mkEnableOption "Paper scans manager.";
... address = mkOption {
}: default = "10.1.0.40";
with lib; type = types.str;
let };
cfg = config.container.module.paper; port = mkOption {
in default = 28981;
{ type = types.int;
options = { };
container.module.paper = { domain = mkOption {
enable = mkEnableOption "Paper scans manager."; default = "paper.${config.container.domain}";
address = mkOption { type = types.str;
default = "10.1.0.40"; };
type = types.str; storage = mkOption {
}; default = "${config.container.storage}/paper";
port = mkOption { type = types.str;
default = 28981; };
type = types.int; };
}; };
domain = mkOption {
default = "paper.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paper";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.paper = container.mkContainer cfg { containers.paper = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/paperless" = { "/var/lib/paperless" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/paperless/media" = { "/var/lib/paperless/media" = {
hostPath = "${elemAt config.container.media.paper 0}"; hostPath = "${elemAt config.container.media.paper 0}";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { lib, ... }: container.mkContainerConfig cfg {
{ lib, ... }: services.paperless = {
container.mkContainerConfig cfg { enable = true;
services.paperless = { dataDir = "/var/lib/paperless";
enable = true; # address = cfg.domain;
dataDir = "/var/lib/paperless"; address = "0.0.0.0";
# address = cfg.domain; port = cfg.port;
address = "0.0.0.0"; # ISSUE: https://github.com/NixOS/nixpkgs/issues/322596
port = cfg.port; # package = pkgsStable.paperless-ngx;
# ISSUE: https://github.com/NixOS/nixpkgs/issues/322596 passwordFile = pkgs.writeText "PaperlessPassword" "root";
# package = pkgsStable.paperless-ngx; settings = {
passwordFile = pkgs.writeText "PaperlessPassword" "root"; PAPERLESS_URL = "https://${cfg.domain}";
settings = { PAPERLESS_ADMIN_USER = "root";
PAPERLESS_URL = "https://${cfg.domain}"; PAPERLESS_DBHOST = config.container.module.postgres.address;
PAPERLESS_ADMIN_USER = "root"; PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBHOST = config.container.module.postgres.address; PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBPASS = "paperless";
PAPERLESS_DBNAME = "paperless"; PAPERLESS_DBPORT = config.container.module.postgres.port;
PAPERLESS_DBPASS = "paperless"; PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBPORT = config.container.module.postgres.port; PAPERLESS_OCR_LANGUAGE = "rus";
PAPERLESS_DBUSER = "paperless"; PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}";
PAPERLESS_OCR_LANGUAGE = "rus"; };
PAPERLESS_REDIS = "redis://${config.container.module.redis.address}:${toString config.container.module.redis.port}"; };
};
};
# HACK: This is required for TCP postgres connection. # HACK: This is required for TCP postgres connection.
systemd = { systemd = {
services = { services = {
paperless-scheduler = { paperless-scheduler = {
serviceConfig.PrivateNetwork = mkForce false; serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [ ]; wantedBy = mkForce [];
}; };
paperless-consumer = { paperless-consumer = {
serviceConfig.PrivateNetwork = mkForce false; serviceConfig.PrivateNetwork = mkForce false;
wantedBy = mkForce [ ]; wantedBy = mkForce [];
}; };
paperless-web = { paperless-web = {
wantedBy = mkForce [ ]; wantedBy = mkForce [];
}; };
paperless-task-queue = { paperless-task-queue = {
wantedBy = mkForce [ ]; wantedBy = mkForce [];
}; };
}; };
timers.fixsystemd = { timers.fixsystemd = {
timerConfig = { timerConfig = {
OnBootSec = 5; OnBootSec = 5;
Unit = "paperless-web.service"; Unit = "paperless-web.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
}; };
}; };
}; };
}; };
}; };
} }

116
container/Pass.nix
View file

@ -1,67 +1,57 @@
{ { container, lib, config, ... }: with lib; let
container, cfg = config.container.module.pass;
lib, in {
config, options = {
... container.module.pass = {
}: enable = mkEnableOption "Password manager";
with lib; address = mkOption {
let default = "10.1.0.9";
cfg = config.container.module.pass; type = types.str;
in };
{ port = mkOption {
options = { default = 8000;
container.module.pass = { type = types.int;
enable = mkEnableOption "Password manager"; };
address = mkOption { domain = mkOption {
default = "10.1.0.9"; default = "pass.${config.container.domain}";
type = types.str; type = types.str;
}; };
port = mkOption { storage = mkOption {
default = 8000; default = "${config.container.storage}/pass";
type = types.int; type = types.str;
}; };
domain = mkOption { };
default = "pass.${config.container.domain}"; };
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/pass";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.pass = container.mkContainer cfg { containers.pass = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/bitwarden_rs" = { "/var/lib/bitwarden_rs" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.vaultwarden = {
container.mkContainerConfig cfg { enable = true;
services.vaultwarden = { dbBackend = "sqlite";
enable = true; environmentFile = "/var/lib/bitwarden_rs/Env";
dbBackend = "sqlite"; config = {
environmentFile = "/var/lib/bitwarden_rs/Env"; # DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden";
config = { DATA_FOLDER = "/var/lib/bitwarden_rs";
# DATABASE_URL = "postgresql://vaultwarden:vaultwarden@${container.config.postgres.address}:${toString container.config.postgres.port}/vaultwarden"; DOMAIN = "http://${cfg.domain}";
DATA_FOLDER = "/var/lib/bitwarden_rs"; SIGNUPS_ALLOWED = false;
DOMAIN = "http://${cfg.domain}"; WEB_VAULT_ENABLED = true;
SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = cfg.address;
WEB_VAULT_ENABLED = true; ROCKET_PORT = cfg.port;
ROCKET_ADDRESS = cfg.address; };
ROCKET_PORT = cfg.port; };
}; };
}; };
}; };
};
};
} }

236
container/Paste.nix
View file

@ -1,138 +1,126 @@
{ { pkgs, util, container, lib, config, __findFile, ... } @args: with lib; let
pkgs, cfg = config.container.module.paste;
container, package = (pkgs.callPackage <package/privatebin> args);
lib, in {
config, options = {
__findFile, container.module.paste = {
... enable = mkEnableOption "Pastebin.";
}@args: address = mkOption {
with lib; default = "10.1.0.14";
let type = types.str;
cfg = config.container.module.paste; };
package = (pkgs.callPackage <package/privatebin> args); port = mkOption {
in default = 80;
{ type = types.int;
options = { };
container.module.paste = { domain = mkOption {
enable = mkEnableOption "Pastebin."; default = "paste.${config.container.domain}";
address = mkOption { type = types.str;
default = "10.1.0.14"; };
type = types.str; storage = mkOption {
}; default = "${config.container.storage}/paste";
port = mkOption { type = types.str;
default = 80; };
type = types.int; };
}; };
domain = mkOption {
default = "paste.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/paste";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
"tmp" "tmp"
"nginxtmp" "nginxtmp"
"config" "config"
]; ];
containers.paste = container.mkContainer cfg { containers.paste = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/srv/data" = { "/srv/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
"/tmp" = { "/tmp" = {
hostPath = "${cfg.storage}/tmp"; hostPath = "${cfg.storage}/tmp";
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/nginx/tmp" = { "/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp"; hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false; isReadOnly = false;
}; };
"/srv/config" = { "/srv/config" = {
hostPath = "${cfg.storage}/config"; hostPath = "${cfg.storage}/config";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { config, ... }: container.mkContainerConfig cfg {
{ config, ... }: environment.systemPackages = [ package ];
container.mkContainerConfig cfg { systemd.packages = [ package ];
environment.systemPackages = [ package ];
systemd.packages = [ package ];
users.users.paste = { users.users.paste = {
group = "nginx"; group = "nginx";
isSystemUser = true; isSystemUser = true;
}; };
services.phpfpm.pools.paste = { services.phpfpm.pools.paste = {
user = "paste"; user = "paste";
group = "nginx"; group = "nginx";
phpPackage = pkgs.php; phpPackage = pkgs.php;
settings = { settings = {
"pm" = "dynamic"; "pm" = "dynamic";
"php_admin_value[error_log]" = "stderr"; "php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true; "php_admin_flag[log_errors]" = true;
"listen.owner" = "nginx"; "listen.owner" = "nginx";
"catch_workers_output" = true; "catch_workers_output" = true;
"pm.max_children" = "32"; "pm.max_children" = "32";
"pm.start_servers" = "2"; "pm.start_servers" = "2";
"pm.min_spare_servers" = "2"; "pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4"; "pm.max_spare_servers" = "4";
"pm.max_requests" = "500"; "pm.max_requests" = "500";
}; };
phpEnv = { phpEnv = {
# CONFIG_PATH = "${package}/cfg"; # CONFIG_PATH = "${package}/cfg";
}; };
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts.${cfg.domain} = container.mkServer { virtualHosts.${cfg.domain} = container.mkServer {
default = true; default = true;
root = "${package}"; root = "${package}";
locations = { locations = {
"/".extraConfig = '' "/".extraConfig = ''
rewrite ^ /index.php; rewrite ^ /index.php;
''; '';
"~ \\.php$".extraConfig = '' "~ \\.php$".extraConfig = util.trimTabs ''
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket}; fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf; include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params; include ${config.services.nginx.package}/conf/fastcgi_params;
''; '';
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = '' "~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
access_log off; access_log off;
''; '';
}; };
extraConfig = '' extraConfig = util.trimTabs ''
try_files $uri /index.php; try_files $uri /index.php;
''; '';
}; };
}; };
}; };
}; };
}; };
} }

171
container/Postgres.nix
View file

@ -1,105 +1,86 @@
{ { container, lib, pkgs, config, ... }: with lib; let
container, cfg = config.container.module.postgres;
lib, in {
pkgs, options = {
config, container.module.postgres = {
... enable = mkEnableOption "Postgresql server.";
}: address = mkOption {
with lib; default = "10.1.0.3";
let type = types.str;
cfg = config.container.module.postgres; };
in port = mkOption {
{ default = 5432;
options = { type = types.int;
container.module.postgres = { };
enable = mkEnableOption "Postgresql server."; storage = mkOption {
address = mkOption { default = "${config.container.storage}/postgres";
default = "10.1.0.3"; type = types.str;
type = types.str; };
}; };
port = mkOption { };
default = 5432;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/postgres";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.postgres = container.mkContainer cfg { containers.postgres = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/postgresql/data" = { "/var/lib/postgresql/data" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.postgresql = let
container.mkContainerConfig cfg { # Populate with services here.
services.postgresql = configurations = with config.container.module; {
let forgejo = git;
# Populate with services here. invidious = yt;
configurations = with config.container.module; { nextcloud = cloud;
forgejo = git; onlyoffice = office;
invidious = yt; paperless = paper;
nextcloud = cloud; privatebin = paste;
onlyoffice = office; };
paperless = paper;
privatebin = paste;
};
access = configurations // { access = configurations // {
all = { all = { address = config.container.host; };
address = config.container.host; };
};
};
authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" ( authentication = builtins.foldl' (acc: item: acc + "${item}\n") "" (
mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access mapAttrsToList (db: cfg: "host ${db} ${db} ${cfg.address}/32 trust") access
); );
ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations; ensureDatabases = [ "root" ] ++ mapAttrsToList (name: _: name) configurations;
ensureUsers = map (name: { ensureUsers = map (name: {
inherit name; inherit name;
ensureClauses = ensureClauses = if name == "root" then {
if name == "root" then superuser = true;
{ createrole = true;
superuser = true; createdb = true;
createrole = true; } else {};
createdb = true; ensureDBOwnership = true;
} }) ensureDatabases;
else in {
{ }; inherit authentication ensureDatabases ensureUsers;
ensureDBOwnership = true;
}) ensureDatabases;
in
{
inherit authentication ensureDatabases ensureUsers;
enable = true; enable = true;
package = pkgs.postgresql_14; package = pkgs.postgresql_14;
dataDir = "/var/lib/postgresql/data/14"; dataDir = "/var/lib/postgresql/data/14";
enableTCPIP = true; enableTCPIP = true;
# NOTE: Debug mode. # NOTE: Debug mode.
# settings = { # settings = {
# log_connections = true; # log_connections = true;
# log_destination = lib.mkForce "syslog"; # log_destination = lib.mkForce "syslog";
# log_disconnections = true; # log_disconnections = true;
# log_statement = "all"; # log_statement = "all";
# logging_collector = true; # logging_collector = true;
# }; # };
}; };
}; };
}; };
}; };
} }

129
container/Print.nix
View file

@ -2,79 +2,66 @@
# ipp://192.168.2.237 # ipp://192.168.2.237
# Pantum M6500W-Series # Pantum M6500W-Series
{ { container, pkgs, lib, config, __findFile, ... } @args: with lib; let
container, cfg = config.container.module.print;
pkgs, package = pkgs.callPackage <package/print> args;
lib, host = config.container.host;
config, in {
__findFile, options = {
... container.module.print = {
}@args: enable = mkEnableOption "Printing server.";
with lib; address = mkOption {
let default = "10.1.0.46";
cfg = config.container.module.print; type = types.str;
package = pkgs.callPackage <package/print> args; };
host = config.container.host; port = mkOption {
in default = 631;
{ type = types.int;
options = { };
container.module.print = { domain = mkOption {
enable = mkEnableOption "Printing server."; default = "print.${config.container.domain}";
address = mkOption { type = types.str;
default = "10.1.0.46"; };
type = types.str; storage = mkOption {
}; default = "${config.container.storage}/print";
port = mkOption { type = types.str;
default = 631; };
type = types.int; };
}; };
domain = mkOption {
default = "print.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/print";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.print = container.mkContainer cfg { containers.print = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/cups" = { "/var/lib/cups" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: networking.interfaces."eth0".ipv4.routes = [{
container.mkContainerConfig cfg { address = "192.168.2.237";
networking.interfaces."eth0".ipv4.routes = [ prefixLength = 32;
{ via = host;
address = "192.168.2.237"; }];
prefixLength = 32;
via = host;
}
];
services.printing = { services.printing = {
enable = true; enable = true;
allowFrom = [ "all" ]; allowFrom = [ "all" ];
browsing = true; browsing = true;
defaultShared = true; defaultShared = true;
drivers = [ package ]; drivers = [ package ];
listenAddresses = [ "${cfg.address}:${toString cfg.port}" ]; listenAddresses = [ "${cfg.address}:${toString cfg.port}" ];
startWhenNeeded = true; startWhenNeeded = true;
stateless = false; stateless = false;
webInterface = true; webInterface = true;
}; };
}; };
}; };
}; };
} }

190
container/Proxy.nix
View file

@ -9,119 +9,107 @@
# ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; # ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
# ``` # ```
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com` # For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
{ { util, container, pkgs, lib, config, ... } @args: with lib; let
util, cfg = config.container.module.proxy;
container, virtualHosts = util.catSet (util.ls ./proxy/host) args;
pkgs, in {
lib, options = {
config, container.module.proxy = {
... enable = mkEnableOption "Proxy server.";
}@args: address = mkOption {
with lib; default = "10.1.0.2";
let type = types.str;
cfg = config.container.module.proxy; };
virtualHosts = util.catSet (util.ls ./proxy/host) args; port = mkOption {
in default = 443;
{ type = types.int;
options = { };
container.module.proxy = { storage = mkOption {
enable = mkEnableOption "Proxy server."; default = "${config.container.storage}/proxy";
address = mkOption { type = types.str;
default = "10.1.0.2"; };
type = types.str; };
}; };
port = mkOption {
default = 443;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/proxy";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"challenge" "challenge"
"letsencrypt" "letsencrypt"
]; ];
containers.proxy = container.mkContainer cfg { containers.proxy = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/etc/letsencrypt" = { "/etc/letsencrypt" = {
hostPath = "${cfg.storage}/letsencrypt"; hostPath = "${cfg.storage}/letsencrypt";
isReadOnly = false; isReadOnly = false;
}; };
"/var/www/.well-known" = { "/var/www/.well-known" = {
hostPath = "${cfg.storage}/challenge"; hostPath = "${cfg.storage}/challenge";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: environment.systemPackages = with pkgs; [ certbot ];
container.mkContainerConfig cfg {
environment.systemPackages = with pkgs; [ certbot ];
services.nginx = { services.nginx = {
inherit virtualHosts; inherit virtualHosts;
enable = true; enable = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
clientMaxBodySize = "4096m"; clientMaxBodySize = "4096m";
appendConfig = '' appendConfig = util.trimTabs ''
worker_processes 4; worker_processes 4;
''; '';
eventsConfig = '' eventsConfig = util.trimTabs ''
worker_connections 4096; worker_connections 4096;
''; '';
# TODO: Fix 80 redirect and 403 default. # TODO: Fix 80 redirect and 403 default.
appendHttpConfig = '' appendHttpConfig = util.trimTabs ''
proxy_max_temp_file_size 0; proxy_max_temp_file_size 0;
proxy_buffering off; proxy_buffering off;
server { server {
server_name default_server; server_name default_server;
listen 80; listen 80;
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
} }
map $http_accept_language $resume { map $http_accept_language $resume {
default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf; default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
~ru https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf; ~ru https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
} }
server { server {
server_name ${config.container.domain}; server_name ${config.container.domain};
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
return 301 $resume; return 301 $resume;
} }
server { server {
listen 443 ssl default_server; listen 443 ssl default_server;
server_name _; server_name _;
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
return 403; return 403;
} }
''; '';
}; };
}; };
}; };
}; };
} }

100
container/Rabbitmq.nix
View file

@ -1,60 +1,48 @@
{ { container, pkgs, util, lib, config, ... }: with lib; let
container, cfg = config.container.module.rabbitmq;
pkgs, in {
util, options = {
lib, container.module.rabbitmq = {
config, enable = mkEnableOption "Mqtt server.";
... address = mkOption {
}: default = "10.1.0.28";
with lib; type = types.str;
let };
cfg = config.container.module.rabbitmq; port = mkOption {
in default = 5672;
{ type = types.int;
options = { };
container.module.rabbitmq = { storage = mkOption {
enable = mkEnableOption "Mqtt server."; default = "${config.container.storage}/rabbitmq";
address = mkOption { type = types.str;
default = "10.1.0.28"; };
type = types.str; };
}; };
port = mkOption {
default = 5672;
type = types.int;
};
storage = mkOption {
default = "${config.container.storage}/rabbitmq";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.rabbitmq = container.mkContainer cfg { containers.rabbitmq = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/rabbitmq" = { "/var/lib/rabbitmq" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.rabbitmq = {
container.mkContainerConfig cfg { enable = true;
services.rabbitmq = { listenAddress = cfg.address;
enable = true; port = cfg.port;
listenAddress = cfg.address; dataDir = "/var/lib/rabbitmq";
port = cfg.port; configItems = {
dataDir = "/var/lib/rabbitmq"; "loopback_users" = "none";
configItems = { };
"loopback_users" = "none"; };
}; };
}; };
}; };
};
};
} }

110
container/Read.nix
View file

@ -1,63 +1,55 @@
{ { container, lib, pkgs, config, ... }: with lib; let
container, cfg = config.container.module.read;
lib, in {
pkgs, options = {
config, container.module.read = {
... enable = mkEnableOption "Reading server.";
}: address = mkOption {
with lib; default = "10.1.0.39";
let type = types.str;
cfg = config.container.module.read; };
in port = mkOption {
{ default = 5000;
options = { type = types.int;
container.module.read = { };
enable = mkEnableOption "Reading server."; domain = mkOption {
address = mkOption { default = "read.${config.container.domain}";
default = "10.1.0.39"; type = types.str;
type = types.str; };
}; storage = mkOption {
port = mkOption { default = "${config.container.storage}/read";
default = 5000; type = types.str;
type = types.int; };
}; };
domain = mkOption { };
default = "read.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/read";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.read = container.mkContainer cfg { containers.read = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/kavita" = { "/var/lib/kavita" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
} // container.attachMedia "book" true // container.attachMedia "manga" true; }
// container.attachMedia "book" true
// container.attachMedia "manga" true
;
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.kavita = {
container.mkContainerConfig cfg { enable = true;
services.kavita = { dataDir = "/var/lib/kavita";
enable = true; tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q==";
dataDir = "/var/lib/kavita"; settings = {
tokenKeyFile = pkgs.writeText "KavitaToken" "xY19aQOa939/Ie6GCRGbubVK8zRwrgBY/20AuyMpYshUjwK1Uyl7bw1yknVh6jJIFIfwq2vAjeotOUq7NEsf9Q=="; IpAddresses = cfg.address;
settings = { Port = cfg.port;
IpAddresses = cfg.address; };
Port = cfg.port; };
}; };
}; };
}; };
};
};
} }

69
container/Redis.nix
View file

@ -1,42 +1,31 @@
{ { container, pkgs, util, lib, config, ... }: with lib; let
container, cfg = config.container.module.redis;
pkgs, in {
util, options = {
lib, container.module.redis = {
config, enable = mkEnableOption "Redis server.";
... address = mkOption {
}: default = "10.1.0.38";
with lib; type = types.str;
let };
cfg = config.container.module.redis; port = mkOption {
in default = 6379;
{ type = types.int;
options = { };
container.module.redis = { };
enable = mkEnableOption "Redis server."; };
address = mkOption {
default = "10.1.0.38";
type = types.str;
};
port = mkOption {
default = 6379;
type = types.int;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
containers.redis = container.mkContainer cfg { containers.redis = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.redis.servers.main = {
container.mkContainerConfig cfg { enable = true;
services.redis.servers.main = { port = cfg.port;
enable = true; bind = cfg.address;
port = cfg.port; extraParams = [ "--protected-mode no" ];
bind = cfg.address; };
extraParams = [ "--protected-mode no" ]; };
}; };
}; };
};
};
} }

93
container/Search.nix
View file

@ -1,54 +1,43 @@
{ { container, pkgs, lib, config, ... }: with lib; let
container, cfg = config.container.module.search;
pkgs, in {
lib, options = {
config, container.module.search = {
... enable = mkEnableOption "Search frontend.";
}: address = mkOption {
with lib; default = "10.1.0.26";
let type = types.str;
cfg = config.container.module.search; };
in port = mkOption {
{ default = 8080;
options = { type = types.int;
container.module.search = { };
enable = mkEnableOption "Search frontend."; domain = mkOption {
address = mkOption { default = "search.${config.container.domain}";
default = "10.1.0.26"; type = types.str;
type = types.str; };
}; storage = mkOption {
port = mkOption { default = "${config.container.storage}/search";
default = 8080; type = types.str;
type = types.int; };
}; };
domain = mkOption { };
default = "search.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/search";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
containers.search = container.mkContainer cfg { containers.search = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.searx = {
container.mkContainerConfig cfg { enable = true;
services.searx = { package = pkgs.searxng;
enable = true; settings = {
package = pkgs.searxng; server = {
settings = { bind_address = cfg.address;
server = { port = cfg.port;
bind_address = cfg.address; secret_key = "searxxx";
port = cfg.port; };
secret_key = "searxxx"; };
}; };
}; };
}; };
}; };
};
};
} }

121
container/Status.nix
View file

@ -1,71 +1,62 @@
{ { container, lib, config, ... }: with lib; let
container, cfg = config.container.module.status;
lib, in {
config, options = {
... container.module.status = {
}: enable = mkEnableOption "Status monitor.";
with lib; address = mkOption {
let default = "10.1.0.22";
cfg = config.container.module.status; type = types.str;
in };
{ port = mkOption {
options = { default = 3001;
container.module.status = { type = types.int;
enable = mkEnableOption "Status monitor."; };
address = mkOption { domain = mkOption {
default = "10.1.0.22"; default = "status.${config.container.domain}";
type = types.str; type = types.str;
}; };
port = mkOption { storage = mkOption {
default = 3001; default = "${config.container.storage}/status";
type = types.int; type = types.str;
}; };
domain = mkOption { };
default = "status.${config.container.domain}"; };
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/status";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.status = container.mkContainer cfg { containers.status = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/uptime-kuma" = { "/var/lib/uptime-kuma" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { lib, ... }: container.mkContainerConfig cfg {
{ lib, ... }: networking = {
container.mkContainerConfig cfg { nameservers = mkForce [
networking = { config.container.module.dns.address
nameservers = mkForce [ ];
config.container.module.dns.address };
];
};
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
settings = { settings = {
DATA_DIR = "/var/lib/uptime-kuma/"; DATA_DIR = "/var/lib/uptime-kuma/";
HOST = cfg.address; HOST = cfg.address;
PORT = toString cfg.port; PORT = toString cfg.port;
}; };
}; };
systemd.services.uptime-kuma = { systemd.services.uptime-kuma = {
serviceConfig.DynamicUser = mkForce false; serviceConfig.DynamicUser = mkForce false;
}; };
}; };
}; };
}; };
} }

116
container/Stock.nix
View file

@ -1,67 +1,57 @@
{ { container, lib, config, ... }: with lib; let
container, cfg = config.container.module.stock;
lib, in {
config, options = {
... container.module.stock = {
}: enable = mkEnableOption "Stock management.";
with lib; address = mkOption {
let default = "10.1.0.45";
cfg = config.container.module.stock; type = types.str;
in };
{ port = mkOption {
options = { default = 80;
container.module.stock = { type = types.int;
enable = mkEnableOption "Stock management."; };
address = mkOption { domain = mkOption {
default = "10.1.0.45"; default = "stock.${config.container.domain}";
type = types.str; type = types.str;
}; };
port = mkOption { storage = mkOption {
default = 80; default = "${config.container.storage}/stock";
type = types.int; type = types.str;
}; };
domain = mkOption { };
default = "stock.${config.container.domain}"; };
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/stock";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
]; ];
containers.stock = container.mkContainer cfg { containers.stock = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/grocy" = { "/var/lib/grocy" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.grocy = {
container.mkContainerConfig cfg { enable = true;
services.grocy = { dataDir = "/var/lib/grocy";
enable = true; hostName = cfg.domain;
dataDir = "/var/lib/grocy"; nginx.enableSSL = false;
hostName = cfg.domain; settings = {
nginx.enableSSL = false; calendar = {
settings = { firstDayOfWeek = 1;
calendar = { showWeekNumber = true;
firstDayOfWeek = 1; };
showWeekNumber = true; culture = "en";
}; currency = "RUB";
culture = "en"; };
currency = "RUB"; };
}; };
}; };
}; };
};
};
} }

174
container/Vpn.nix
View file

@ -1,100 +1,88 @@
{ { container, pkgs, lib, config, ... }: with lib; let
container, cfg = config.container.module.vpn;
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.container.module.vpn;
wireguardPeers = wireguardPeers = let
let mkPeer = name: ip: PublicKey: {
mkPeer = name: ip: PublicKey: { inherit PublicKey;
inherit PublicKey; PresharedKeyFile = "/var/lib/wireguard/preshared/${name}";
PresharedKeyFile = "/var/lib/wireguard/preshared/${name}"; AllowedIPs = [ "${ip}/32" ];
AllowedIPs = [ "${ip}/32" ]; };
}; in [
in (mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=")
[ (mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=")
(mkPeer "dashaphone" "10.1.1.3" "O/3y8+QKEY8UoLVlmbc8xdhs248L4wtQcl1MsBBfoQo=") (mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=")
(mkPeer "laptop" "10.1.1.9" "xxoCNPSB86zs8L8p+wXhqaIwpNDkiZu1Yjv8sj8XhgY=") (mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=")
(mkPeer "phone" "10.1.1.5" "bFmFisMqbDpIrAg3o/GiRl9XhceZEVnZtkegZDTL4yg=") (mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=")
(mkPeer "tablet" "10.1.1.6" "BdslswVc9OgUpEhJd0sugDBmYw44DiS0FbUPT5EjOG0=") ];
(mkPeer "work" "10.1.1.2" "Pk0AASSInKO9O8RaQEmm1uNrl0cwWTJDcT8rLn7PSA0=") in {
]; options = {
in container.module.vpn = {
{ enable = mkEnableOption "Vpn server.";
options = { address = mkOption {
container.module.vpn = { default = "10.1.0.23";
enable = mkEnableOption "Vpn server."; type = types.str;
address = mkOption { };
default = "10.1.0.23"; port = mkOption {
type = types.str; default = 51820;
}; type = types.int;
port = mkOption { };
default = 51820; storage = mkOption {
type = types.int; default = "${config.container.storage}/vpn";
}; type = types.str;
storage = mkOption { };
default = "${config.container.storage}/vpn"; };
type = types.str; };
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
"data/preshared" "data/preshared"
]; ];
containers.vpn = container.mkContainer cfg { containers.vpn = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/wireguard" = { "/var/lib/wireguard" = {
hostPath = "${cfg.storage}/data"; hostPath = "${cfg.storage}/data";
isReadOnly = false; isReadOnly = false;
}; };
}; };
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: boot.kernel.sysctl = {
container.mkContainerConfig cfg { "net.ipv4.conf.all.src_valid_mark" = 1;
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1;
"net.ipv4.conf.all.src_valid_mark" = 1; };
"net.ipv4.ip_forward" = 1;
};
environment.systemPackages = with pkgs; [ wireguard-tools ]; environment.systemPackages = with pkgs; [ wireguard-tools ];
networking.useNetworkd = true; networking.useNetworkd = true;
systemd.network = { systemd.network = {
enable = true; enable = true;
netdevs = { netdevs = {
"50-wg0" = { "50-wg0" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
MTUBytes = "1300"; MTUBytes = "1300";
Name = "wg0"; Name = "wg0";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = "/var/lib/wireguard/privkey"; PrivateKeyFile = "/var/lib/wireguard/privkey";
ListenPort = cfg.port; ListenPort = cfg.port;
}; };
inherit wireguardPeers; inherit wireguardPeers;
}; };
}; };
networks.wg0 = { networks.wg0 = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
address = [ "10.1.1.0/24" ]; address = ["10.1.1.0/24"];
networkConfig = { networkConfig = {
IPv4Forwarding = "yes"; IPv4Forwarding = "yes";
IPMasquerade = "ipv4"; IPMasquerade = "ipv4";
}; };
}; };
}; };
}; };
}; };
}; };
} }

168
container/Watch.nix
View file

@ -1,96 +1,86 @@
{ { container, lib, config, ... }: with lib; let
container, cfg = config.container.module.watch;
lib, in {
config, options = {
... container.module.watch = {
}: enable = mkEnableOption "Media server.";
with lib; address = mkOption {
let default = "10.1.0.11";
cfg = config.container.module.watch; type = types.str;
in };
{ port = mkOption {
options = { default = 8096;
container.module.watch = { type = types.int;
enable = mkEnableOption "Media server."; };
address = mkOption { domain = mkOption {
default = "10.1.0.11"; default = "watch.${config.container.domain}";
type = types.str; type = types.str;
}; };
port = mkOption { storage = mkOption {
default = 8096; default = "${config.container.storage}/watch";
type = types.int; type = types.str;
}; };
domain = mkOption { memLimit = mkOption {
default = "watch.${config.container.domain}"; default = "8G";
type = types.str; type = types.str;
}; };
storage = mkOption { };
default = "${config.container.storage}/watch"; };
type = types.str;
};
memLimit = mkOption {
default = "8G";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [ systemd.tmpfiles.rules = container.mkContainerDir cfg [
"data" "data"
"cache" "cache"
]; ];
containers.watch = container.mkContainer cfg { containers.watch = container.mkContainer cfg {
bindMounts = bindMounts = {
{ "/var/lib/jellyfin" = {
"/var/lib/jellyfin" = { hostPath = "${cfg.storage}/data";
hostPath = "${cfg.storage}/data"; isReadOnly = false;
isReadOnly = false; };
}; "/var/cache/jellyfin" = {
"/var/cache/jellyfin" = { hostPath = "${cfg.storage}/cache";
hostPath = "${cfg.storage}/cache"; isReadOnly = false;
isReadOnly = false; };
}; "/dev/dri" = {
"/dev/dri" = { hostPath = "/dev/dri";
hostPath = "/dev/dri"; isReadOnly = false;
isReadOnly = false; };
}; }
} // container.attachMedia "anime" true
// container.attachMedia "anime" true // container.attachMedia "download" true
// container.attachMedia "download" true // container.attachMedia "movie" true
// container.attachMedia "movie" true // container.attachMedia "music" true
// container.attachMedia "music" true // container.attachMedia "photo" true
// container.attachMedia "photo" true // container.attachMedia "porn" true
// container.attachMedia "porn" true // container.attachMedia "show" true
// container.attachMedia "show" true // container.attachMedia "study" true
// container.attachMedia "study" true // container.attachMedia "work" true
// container.attachMedia "work" true // container.attachMedia "youtube" true
// container.attachMedia "youtube" true; ;
allowedDevices = [ allowedDevices = [
{ {
modifier = "rwm"; modifier = "rwm";
node = "/dev/dri/renderD128"; node = "/dev/dri/renderD128";
} }
]; ];
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: # users.users.jellyfin.extraGroups = [
container.mkContainerConfig cfg { # "video"
# users.users.jellyfin.extraGroups = [ # "render"
# "video" # ];
# "render"
# ];
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
cacheDir = "/var/cache/jellyfin"; cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin"; dataDir = "/var/lib/jellyfin";
}; };
systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit; systemd.services.jellyfin.serviceConfig.MemoryLimit = cfg.memLimit;
}; };
}; };
}; };
} }

112
container/Yt.nix
View file

@ -1,64 +1,52 @@
{ { container, pkgs, lib, config, __findFile, ... }: with lib; let
container, cfg = config.container.module.yt;
pkgs, in {
lib, options = {
config, container.module.yt = {
__findFile, enable = mkEnableOption "YouTube frontend.";
... address = mkOption {
}: default = "10.1.0.19";
with lib; type = types.str;
let };
cfg = config.container.module.yt; port = mkOption {
in default = 3000;
{ type = types.int;
options = { };
container.module.yt = { domain = mkOption {
enable = mkEnableOption "YouTube frontend."; default = "yt.${config.container.domain}";
address = mkOption { type = types.str;
default = "10.1.0.19"; };
type = types.str; storage = mkOption {
}; default = "${config.container.storage}/yt";
port = mkOption { type = types.str;
default = 3000; };
type = types.int; };
}; };
domain = mkOption {
default = "yt.${config.container.domain}";
type = types.str;
};
storage = mkOption {
default = "${config.container.storage}/yt";
type = types.str;
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
containers.yt = container.mkContainer cfg { containers.yt = container.mkContainer cfg {
config = config = { ... }: container.mkContainerConfig cfg {
{ ... }: services.invidious = {
container.mkContainerConfig cfg { enable = true;
services.invidious = { domain = cfg.domain;
enable = true; port = cfg.port;
domain = cfg.domain; nginx.enable = false;
port = cfg.port; database = {
nginx.enable = false; port = config.container.module.postgres.port;
database = { host = config.container.module.postgres.address;
port = config.container.module.postgres.port; createLocally = false;
host = config.container.module.postgres.address; passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}";
createLocally = false; };
passwordFile = "${pkgs.writeText "InvidiousDbPassword" "invidious"}"; settings = {
}; admins = [ "root" ];
settings = { captcha_enabled = false;
admins = [ "root" ]; check_tables = true;
captcha_enabled = false; registration_enabled = false;
check_tables = true; external_port = 443;
registration_enabled = false; https_only = true;
external_port = 443; };
https_only = true; };
}; };
}; };
}; };
};
};
} }

101
container/default.nix
View file

@ -1,61 +1,58 @@
{ lib, config, ... }: { lib, config, ... }: with lib; let
with lib; cfg = config.container;
let in {
cfg = config.container; options = {
in container = {
{ enable = mkEnableOption "Containers!!";
options = {
container = {
enable = mkEnableOption "Containers!!";
autoStart = mkOption { autoStart = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
}; };
host = mkOption { host = mkOption {
default = "0.0.0.0"; default = "0.0.0.0";
type = types.str; type = types.str;
}; };
localAccess = mkOption { localAccess = mkOption {
default = "0.0.0.0"; default = "0.0.0.0";
type = types.str; type = types.str;
}; };
storage = mkOption { storage = mkOption {
default = "/tmp/container"; default = "/tmp/container";
type = types.str; type = types.str;
}; };
domain = mkOption { domain = mkOption {
default = "local"; default = "local";
type = types.str; type = types.str;
}; };
interface = mkOption { interface = mkOption {
default = "lo"; default = "lo";
type = types.str; type = types.str;
}; };
media = mkOption { media = mkOption {
default = { }; default = {};
type = types.attrs; type = types.attrs;
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# This is the network for all the containers. # This is the network for all the containers.
# They are not available to the external interface by default, # They are not available to the external interface by default,
# instead they all expose specific ports in their configuration. # instead they all expose specific ports in their configuration.
networking = { networking = {
nat = { nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-+" ]; internalInterfaces = [ "ve-+" ];
externalInterface = config.container.interface; externalInterface = config.container.interface;
}; };
networkmanager.unmanaged = [ "interface-name:ve-*" ]; networkmanager.unmanaged = [ "interface-name:ve-*" ];
}; };
}; };
} }

50
container/proxy/host/Camera.nix
View file

@ -1,31 +1,25 @@
{ { util, config, lib, container, ... }: let
config, domain = "camera.${config.container.domain}";
container, address = "192.168.2.249";
... port = 554;
}: in {
let ${domain} = container.mkServer {
domain = "camera.${config.container.domain}"; extraConfig = util.trimTabs ''
address = "192.168.2.249"; listen 443 ssl;
port = 554;
in
{
${domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
return 301 rtsp://${address}:${toString port}/live/main; return 301 rtsp://${address}:${toString port}/live/main;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

48
container/proxy/host/Change.nix
View file

@ -1,30 +1,28 @@
{ config, container, ... }: { util, config, container, ... }: let
let cfg = config.container.module.change;
cfg = config.container.module.change; name = "change";
name = "change"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
add_header Referrer-Policy 'origin'; add_header Referrer-Policy 'origin';
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

53
container/proxy/host/Cloud.nix
View file

@ -1,31 +1,30 @@
{ config, container, ... }: { util, config, container, ... }: let
let cfg = config.container.module.cloud;
cfg = config.container.module.cloud; name = "cloud";
name = "cloud"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(settings/admin|settings/users|settings/apps|login|api) { location ~ ^/(settings/admin|settings/users|settings/apps|login|api) {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
location / { location / {
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Download.nix
View file

@ -1,27 +1,25 @@
{ config, container, ... }: { util, config, container, ... }: let
let cfg = config.container.module.download;
cfg = config.container.module.download; name = "download";
name = "download"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

60
container/proxy/host/Git.nix
View file

@ -1,35 +1,33 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.git;
cfg = config.container.module.git; name = "git";
name = "git"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(admin|api|user) { location ~ ^/(admin|api|user) {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
location / { location / {
# allow ${config.container.localAccess}; # allow ${config.container.localAccess};
# allow ${config.container.module.status.address}; # allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address}; # allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address}; # allow ${config.container.module.frkn.address};
# deny all; # deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

50
container/proxy/host/Hdd.nix
View file

@ -1,31 +1,25 @@
{ { util, container, config, ... }: let
container, cfg = config.container.module.hdd;
config, name = "hdd";
... in {
}: ${cfg.domain} = container.mkServer {
let extraConfig = util.trimTabs ''
cfg = config.container.module.hdd; listen 443 ssl;
name = "hdd"; set ''$${name} ${cfg.address}:${toString cfg.port};
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

50
container/proxy/host/Home.nix
View file

@ -1,31 +1,25 @@
{ { util, config, container, ... }: let
config, cfg = config.container.module.home;
container, name = "home";
... in {
}: ${cfg.domain} = container.mkServer {
let extraConfig = util.trimTabs ''
cfg = config.container.module.home; listen 443 ssl;
name = "home"; set ''$${name} ${cfg.address}:${toString cfg.port};
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

60
container/proxy/host/Iot.nix
View file

@ -1,38 +1,32 @@
{ { util, container, config, ... }: let
container, cfg = config.container.module.iot;
config, name = "iot";
... in {
}: ${cfg.domain} = container.mkServer {
let extraConfig = util.trimTabs ''
cfg = config.container.module.iot; listen 443 ssl;
name = "iot"; set ''$${name} ${cfg.address}:${toString cfg.port};
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Mail.nix
View file

@ -1,27 +1,25 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.mail;
cfg = config.container.module.mail; name = "mail";
name = "mail"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

48
container/proxy/host/Office.nix
View file

@ -1,28 +1,26 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.office;
cfg = config.container.module.office; name = "office";
name = "office"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
# allow ${config.container.localAccess}; # allow ${config.container.localAccess};
# allow ${config.container.module.status.address}; # allow ${config.container.module.status.address};
# allow ${config.container.module.vpn.address}; # allow ${config.container.module.vpn.address};
# allow ${config.container.module.frkn.address}; # allow ${config.container.module.frkn.address};
# deny all; # deny all;
add_header X-Forwarded-Proto https; add_header X-Forwarded-Proto https;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Paper.nix
View file

@ -1,27 +1,25 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.paper;
cfg = config.container.module.paper; name = "paper";
name = "paper"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Pass.nix
View file

@ -1,27 +1,25 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.pass;
cfg = config.container.module.pass; name = "pass";
name = "pass"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

42
container/proxy/host/Paste.nix
View file

@ -1,26 +1,24 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.paste;
cfg = config.container.module.paste; name = "paste";
name = "paste"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location = / { location = / {
return 403; return 403;
} }
location / { location / {
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

52
container/proxy/host/Print.nix
View file

@ -1,32 +1,30 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.print;
cfg = config.container.module.print; name = "print";
name = "print"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
proxy_set_header Host "127.0.0.1"; proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

50
container/proxy/host/Printer.nix
View file

@ -1,29 +1,27 @@
{ container, config, ... }: { util, container, config, ... }: let
let address = "192.168.2.237";
address = "192.168.2.237"; domain = "printer.${config.container.domain}";
domain = "printer.${config.container.domain}"; port = 80;
port = 80; name = "printer";
name = "printer"; in {
in ${domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${address}:${toString port};
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Read.nix
View file

@ -1,27 +1,25 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.read;
cfg = config.container.module.read; name = "read";
name = "read"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

51
container/proxy/host/Router.nix
View file

@ -1,29 +1,28 @@
{ container, config, ... }: { util, container, config, ... }: let
let address = "10.0.0.2";
address = "10.0.0.2"; domain = "router.${config.container.domain}";
domain = "router.${config.container.domain}"; port = 80;
port = 80; name = "router";
name = "router"; in {
in ${domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${address}:${toString port};
listen 443 ssl;
set ''$${name} ${address}:${toString port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

50
container/proxy/host/Search.nix
View file

@ -1,31 +1,25 @@
{ { util, container, config, ... }: let
container, cfg = config.container.module.search;
config, name = "search";
... in {
}: ${cfg.domain} = container.mkServer {
let extraConfig = util.trimTabs ''
cfg = config.container.module.search; listen 443 ssl;
name = "search"; set ''$${name} ${cfg.address}:${toString cfg.port};
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

58
container/proxy/host/Status.nix
View file

@ -1,34 +1,32 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.status;
cfg = config.container.module.status; name = "sstatus";
name = "sstatus"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location ~ ^/(dashboard|settings) { location ~ ^/(dashboard|settings) {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Stock.nix
View file

@ -1,27 +1,25 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.stock;
cfg = config.container.module.stock; name = "stock";
name = "stock"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

46
container/proxy/host/Watch.nix
View file

@ -1,27 +1,25 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.watch;
cfg = config.container.module.watch; name = "watch";
name = "watch"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

60
container/proxy/host/Yt.nix
View file

@ -1,37 +1,35 @@
{ container, config, ... }: { util, container, config, ... }: let
let cfg = config.container.module.yt;
cfg = config.container.module.yt; name = "yt";
name = "yt"; in {
in ${cfg.domain} = container.mkServer {
{ extraConfig = util.trimTabs ''
${cfg.domain} = container.mkServer { listen 443 ssl;
extraConfig = '' set ''$${name} ${cfg.address}:${toString cfg.port};
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / { location / {
allow ${config.container.localAccess}; allow ${config.container.localAccess};
allow ${config.container.module.status.address}; allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address}; allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address}; allow ${config.container.module.frkn.address};
deny all; deny all;
proxy_pass http://''$${name}$request_uri; proxy_pass http://''$${name}$request_uri;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_hide_header Content-Security-Policy; proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options; proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Content-Type-Options;
} }
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';
}; };
} }

623
flake.nix
View file

@ -1,373 +1,328 @@
# This is a configuration entry-point called "Flake". # This is a configuration entry-point called "Flake".
# Here you define your inputs (dependencies) and outputs (hosts). # Here you define your inputs (dependencies) and outputs (hosts).
{ {
# Those are external dependencies. # Those are external dependencies.
inputs = { inputs = {
# Core system. # Core system.
# Homepage: https://github.com/NixOS/nixpkgs # Homepage: https://github.com/NixOS/nixpkgs
# Manual: https://nixos.org/manual/nixos/stable # Manual: https://nixos.org/manual/nixos/stable
# Search: https://search.nixos.org/packages and https://search.nixos.org/options # Search: https://search.nixos.org/packages and https://search.nixos.org/options
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgsStable.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgsMaster.url = "github:nixos/nixpkgs/master"; nixpkgsMaster.url = "github:nixos/nixpkgs/master";
# This thing manages user's /home directroies. Because NixOS only manages system itself. # This thing manages user's /home directroies. Because NixOS only manages system itself.
# Homepage: https://github.com/nix-community/home-manager # Homepage: https://github.com/nix-community/home-manager
# Manual: https://nix-community.github.io/home-manager # Manual: https://nix-community.github.io/home-manager
# Search: https://home-manager-options.extranix.com # Search: https://home-manager-options.extranix.com
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
# This means that home-manager and our Flake both depend on the same nixpkgs version. # This means that home-manager and our Flake both depend on the same nixpkgs version.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# This allows automatic styling based on active Wallpaper. # This allows automatic styling based on active Wallpaper.
# Homepage: https://github.com/danth/stylix # Homepage: https://github.com/danth/stylix
# Manual: https://danth.github.io/stylix # Manual: https://danth.github.io/stylix
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
# I use this for a single container called jobber. WARN: Do not update. # I use this for a single container called jobber. WARN: Do not update.
# You likely won't need this one, so just skip it for now. # You likely won't need this one, so just skip it for now.
poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95"; poetry2nixJobber.url = "github:nix-community/poetry2nix/304f8235fb0729fd48567af34fcd1b58d18f9b95";
nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e"; nixpkgsJobber.url = "github:nixos/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e";
# Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations. # Nix on Android (inside Termux). It has no NixOS modules, but still allows the use of Nixpkgs arm packages with Home-Manager configurations.
# Homepage: https://github.com/nix-community/nix-on-droid # Homepage: https://github.com/nix-community/nix-on-droid
# Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md # Manual: https://github.com/nix-community/nix-on-droid/blob/master/README.md
nix-on-droid = { nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.11"; url = "github:t184256/nix-on-droid/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
# Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix). # Those are Nvim plugins. I do not use package managers like Packer or Lazy, instead I use Nix to download them and later configure in [Neovim module](module/common/Nvim.nix).
nvimAlign = { nvimAlign = {
url = "github:echasnovski/mini.align"; url = "github:echasnovski/mini.align";
flake = false; flake = false;
}; };
nvimAutoclose = { nvimAutoclose = {
url = "github:m4xshen/autoclose.nvim"; url = "github:m4xshen/autoclose.nvim";
flake = false; flake = false;
}; };
nvimBufferline = { nvimBufferline = {
url = "github:akinsho/bufferline.nvim"; url = "github:akinsho/bufferline.nvim";
flake = false; flake = false;
}; };
nvimCloseBuffers = { nvimCloseBuffers = {
url = "github:kazhala/close-buffers.nvim"; url = "github:kazhala/close-buffers.nvim";
flake = false; flake = false;
}; };
nvimColorizer = { nvimColorizer = {
url = "github:brenoprata10/nvim-highlight-colors"; url = "github:brenoprata10/nvim-highlight-colors";
flake = false; flake = false;
}; };
nvimDevicons = { nvimDevicons = {
url = "github:nvim-tree/nvim-web-devicons"; url = "github:nvim-tree/nvim-web-devicons";
flake = false; flake = false;
}; };
nvimGitsigns = { nvimGitsigns = {
url = "github:lewis6991/gitsigns.nvim"; url = "github:lewis6991/gitsigns.nvim";
flake = false; flake = false;
}; };
nvimGruvboxMaterial = { nvimGruvboxMaterial = {
url = "github:sainnhe/gruvbox-material"; url = "github:sainnhe/gruvbox-material";
flake = false; flake = false;
}; };
nvimIndentoMatic = { nvimIndentoMatic = {
url = "github:Darazaki/indent-o-matic"; url = "github:Darazaki/indent-o-matic";
flake = false; flake = false;
}; };
nvimLspconfig = { nvimLspconfig = {
url = "github:neovim/nvim-lspconfig"; url = "github:neovim/nvim-lspconfig";
flake = false; flake = false;
}; };
nvimOllama = { nvimOllama = {
url = "github:nomnivore/ollama.nvim"; url = "github:nomnivore/ollama.nvim";
flake = false; flake = false;
}; };
nvimPlenary = { nvimPlenary = {
url = "github:nvim-lua/plenary.nvim"; url = "github:nvim-lua/plenary.nvim";
flake = false; flake = false;
}; };
nvimTelescope = { nvimTelescope = {
url = "github:nvim-telescope/telescope.nvim"; url = "github:nvim-telescope/telescope.nvim";
flake = false; flake = false;
}; };
nvimTodo = { nvimTodo = {
url = "github:folke/todo-comments.nvim"; url = "github:folke/todo-comments.nvim";
flake = false; flake = false;
}; };
nvimTree = { nvimTree = {
url = "github:nvim-tree/nvim-tree.lua"; url = "github:nvim-tree/nvim-tree.lua";
flake = false; flake = false;
}; };
nvimTreesitter = { nvimTreesitter = {
url = "github:nvim-treesitter/nvim-treesitter"; url = "github:nvim-treesitter/nvim-treesitter";
flake = false; flake = false;
}; };
nvimTrouble = { nvimTrouble = {
url = "github:folke/trouble.nvim"; url = "github:folke/trouble.nvim";
flake = false; flake = false;
}; };
}; };
# Those are outputs (hosts, configurations) that can be produced by this whole config. # Those are outputs (hosts, configurations) that can be produced by this whole config.
# Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on. # Here you see a set of inputs we defined above, like nixpkgs, home-manager and so on.
# `...` at the end of a set means "ignore other arguments provided to this function". # `...` at the end of a set means "ignore other arguments provided to this function".
# @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later. # @inputs means aliasing all the inputs to the `inputs` name, so we can pass them all at once later.
outputs = outputs = { self, nixpkgs, nixpkgsStable, nixpkgsMaster, nix-on-droid, home-manager, stylix, poetry2nixJobber, nixpkgsJobber, ... } @inputs: {
{ # Constant values.
self, const = {
nixpkgs, droidStateVersion = "23.11";
nixpkgsStable, stateVersion = "24.05";
nixpkgsMaster, timeZone = "Europe/Moscow";
nix-on-droid, url = "https://git.voronind.com/voronind/nix.git";
home-manager, };
stylix,
poetry2nixJobber,
nixpkgsJobber,
...
}@inputs:
{
# Constant values.
const = {
droidStateVersion = "23.11";
stateVersion = "24.05";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
# Hack to use <container/Change.nix> in other files. # Hack to use <container/Change.nix> in other files.
# Need to add __findFile to args tho. # Need to add __findFile to args tho.
__findFile = _: p: ./${p}; __findFile = _: p: ./${p};
# List all files in a dir. # List all files in a dir.
findFiles = findFiles = path: map (f: "${path}/${f}") (
path: builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") (
map (f: "${path}/${f}") ( builtins.attrNames (builtins.readDir path)
builtins.filter (i: builtins.readFileType "${path}/${i}" == "regular") ( )
builtins.attrNames (builtins.readDir path) );
)
);
# Dev shell for this repo. # Dev shell for this repo.
devShells = devShells = let
let system = "x86_64-linux";
system = "x86_64-linux"; lib = nixpkgs.lib;
lib = nixpkgs.lib; pkgs = nixpkgs.legacyPackages.${system};
pkgs = nixpkgs.legacyPackages.${system}; in {
in ${system}.default = pkgs.mkShell {
{ nativeBuildInputs = with pkgs; [
${system}.default = pkgs.mkShell { nixd
nativeBuildInputs = with pkgs; [ ];
nixd # buildInputs = with pkgs; [ ];
nixfmt-rfc-style
treefmt
];
# buildInputs = with pkgs; [ ];
# LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}"; # LD_LIBRARY_PATH = "${lib.makeLibraryPath buildInputs}";
# SOURCE_DATE_EPOCH = "${toString self.lastModified}"; # SOURCE_DATE_EPOCH = "${toString self.lastModified}";
}; };
}; };
# Nixos systems. # Nixos systems.
nixosConfigurations = nixosConfigurations = let
let # Function to create a host. It does basic setup, like adding common modules.
# Function to create a host. It does basic setup, like adding common modules. mkHost = { system, hostname }: nixpkgs.lib.nixosSystem {
mkHost = # `Inherit` is just an alias for `system = system;`, which means that
{ system, hostname }: # keep the `system` argument as a property in a resulting set.
nixpkgs.lib.nixosSystem { inherit system;
# `Inherit` is just an alias for `system = system;`, which means that
# keep the `system` argument as a property in a resulting set.
inherit system;
# List of modules to use by defualt for all the hosts. # List of modules to use by defualt for all the hosts.
modules = modules = [
[ # Make a device hostname match the one from this config.
# Make a device hostname match the one from this config. { networking.hostName = hostname; }
{ networking.hostName = hostname; }
# Specify current release version. # Specify current release version.
{ system.stateVersion = self.const.stateVersion; } { system.stateVersion = self.const.stateVersion; }
# Add Home Manager module. # Add Home Manager module.
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
# Add Stylix module. # Add Stylix module.
stylix.nixosModules.stylix stylix.nixosModules.stylix
# HM config. # HM config.
./home/NixOs.nix ./home/NixOs.nix
] ]
++ (self.findFiles ./host/${system}/${hostname}) ++ (self.findFiles ./host/${system}/${hostname})
++ (self.findFiles ./config) ++ (self.findFiles ./config)
++ (self.findFiles ./container) ++ (self.findFiles ./container)
++ (self.findFiles ./module) ++ (self.findFiles ./module)
++ (self.findFiles ./system) ++ (self.findFiles ./system)
++ (self.findFiles ./overlay); ++ (self.findFiles ./overlay);
# SpecialArgs allows you to pass objects down to other NixOS modules. # SpecialArgs allows you to pass objects down to other NixOS modules.
specialArgs = specialArgs = let
let pkgs = nixpkgs.legacyPackages.${system}.pkgs;
pkgs = nixpkgs.legacyPackages.${system}.pkgs; lib = nixpkgs.lib;
lib = nixpkgs.lib; config = self.nixosConfigurations.${hostname}.config;
config = self.nixosConfigurations.${hostname}.config; in {
in inherit inputs self;
{ inherit (self) const __findFile;
inherit inputs self;
inherit (self) const __findFile;
pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs; pkgsJobber = nixpkgsJobber.legacyPackages.${system}.pkgs;
pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs; pkgsStable = nixpkgsStable.legacyPackages.${system}.pkgs;
pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs; pkgsMaster = nixpkgsMaster.legacyPackages.${system}.pkgs;
secret = import ./secret { }; # Secrets (public keys). secret = import ./secret {}; # Secrets (public keys).
container = import ./lib/Container.nix { container = import ./lib/Container.nix { inherit lib pkgs config; inherit (self) const; }; # Container utils.
inherit lib pkgs config; util = import ./lib/Util.nix { inherit lib; }; # Util functions.
inherit (self) const;
}; # Container utils.
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
# Stuff for Jobber container, skip this part. # Stuff for Jobber container, skip this part.
inherit poetry2nixJobber; inherit poetry2nixJobber;
}; };
}; };
mkSystem = system: hostname: { mkSystem = system: hostname: {
"${hostname}" = mkHost { "${hostname}" = mkHost {
inherit system hostname; inherit system hostname;
}; };
}; };
in in nixpkgs.lib.foldl' (acc: h: acc // h) {} (
nixpkgs.lib.foldl' (acc: h: acc // h) { } ( map (system:
map ( nixpkgs.lib.foldl' (acc: h: acc // h) {} (
system: map (host:
nixpkgs.lib.foldl' (acc: h: acc // h) { } ( mkSystem system host
map (host: mkSystem system host) (builtins.attrNames (builtins.readDir ./host/${system})) ) (builtins.attrNames (builtins.readDir ./host/${system}))
) )
) (builtins.attrNames (builtins.readDir ./host)) ) (builtins.attrNames (builtins.readDir ./host))
); );
# Home manager (distro-independent).
# Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
# Or with --daemon for multi-user (as root).
# $ nix run home-manager/master -- init --switch
# $ nix shell '<home-manager>' -A install
# Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
# And then # systemctl restart nix-daemon.service
# $ home-manager switch --flake ~/hmconf
homeConfigurations =
let
lib = nixpkgs.lib;
secret = import ./secret { };
util = import ./lib/Util.nix { inherit lib; };
mkCommonHome = # Home manager (distro-independent).
username: homeDirectory: system: modules: # Install nix: sh <(curl -L https://nixos.org/nix/install) --no-daemon
let # Or with --daemon for multi-user (as root).
pkgs = nixpkgs.legacyPackages.${system}; # $ nix run home-manager/master -- init --switch
pkgsStable = nixpkgsStable.legacyPackages.${system}; # $ nix shell '<home-manager>' -A install
pkgsMaster = nixpkgsMaster.legacyPackages.${system}; # Add to /etc/nix/nix.conf > experimental-features = nix-command flakes
in # And then # systemctl restart nix-daemon.service
{ # $ home-manager switch --flake ~/hmconf
${username} = home-manager.lib.homeManagerConfiguration { homeConfigurations = let
inherit pkgs; lib = nixpkgs.lib;
secret = import ./secret {};
util = import ./lib/Util.nix { inherit lib; };
extraSpecialArgs = { mkCommonHome = username: homeDirectory: system: modules: let
inherit pkgs = nixpkgs.legacyPackages.${system};
self pkgsStable = nixpkgsStable.legacyPackages.${system};
inputs pkgsMaster = nixpkgsMaster.legacyPackages.${system};
secret in {
util ${username} = home-manager.lib.homeManagerConfiguration {
pkgs inherit pkgs;
pkgsStable
pkgsMaster
;
inherit (self) const __findFile;
};
modules = [
./home/HomeManager.nix
{
home.hm = {
inherit username homeDirectory;
enable = true;
package = {
core.enable = true;
};
};
}
{ nixpkgs.config.allowUnfree = true; } extraSpecialArgs = {
{ nixpkgs.config.allowUnfreePredicate = (pkg: true); } inherit self inputs secret util pkgs pkgsStable pkgsMaster;
{ nix.package = pkgs.nix; } inherit (self) const __findFile;
{ };
nix.settings.experimental-features = [ modules = [
"nix-command " ./home/HomeManager.nix
"flakes" {
]; home.hm = {
} inherit username homeDirectory;
enable = true;
package = {
core.enable = true;
};
};
}
inputs.stylix.homeManagerModules.stylix { nixpkgs.config.allowUnfree = true; }
] ++ modules ++ (self.findFiles ./config); { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
}; { nix.package = pkgs.nix; }
}; { nix.settings.experimental-features = [ "nix-command " "flakes" ]; }
x86LinuxHome = username: modules: mkCommonHome username "/home/${username}" "x86_64-linux" modules; inputs.stylix.homeManagerModules.stylix
x86LinuxRoot = mkCommonHome "root" "/root" "x86_64-linux" [ ]; ]
in ++ modules
nixpkgs.lib.foldl' (acc: h: acc // h) { } [ ++ (self.findFiles ./config);
x86LinuxRoot };
(x86LinuxHome "voronind" [ };
{
home.hm.package = {
common.enable = true;
};
}
])
];
# Android. x86LinuxHome = username: modules: mkCommonHome username "/home/${username}" "x86_64-linux" modules;
nixOnDroidConfigurations.default = x86LinuxRoot = mkCommonHome "root" "/root" "x86_64-linux" [];
let in nixpkgs.lib.foldl' (acc: h: acc // h) {} [
config = self.nixOnDroidConfigurations.default.config; x86LinuxRoot
lib = nixpkgs.lib; (x86LinuxHome "voronind" [
pkgs = nixpkgs.legacyPackages."aarch64-linux".pkgs; {
in home.hm.package = {
nix-on-droid.lib.nixOnDroidConfiguration { common.enable = true;
modules = [ };
# Android release version. }
{ system.stateVersion = self.const.droidStateVersion; } ])
];
# I put all my Android configuration there. # Android.
./home/Android.nix nixOnDroidConfigurations.default = let
{ home.android.enable = true; } config = self.nixOnDroidConfigurations.default.config;
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages."aarch64-linux".pkgs;
in nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
# Android release version.
{ system.stateVersion = self.const.droidStateVersion; }
# { nixpkgs.config.allowUnfree = true; } # I put all my Android configuration there.
# { nixpkgs.config.allowUnfreePredicate = (pkg: true); } ./home/Android.nix
{ nix.extraOptions = "experimental-features = nix-command flakes"; } { home.android.enable = true; }
{ home-manager.config.stylix.autoEnable = lib.mkForce false; }
# Some common modules. # { nixpkgs.config.allowUnfree = true; }
./config/Setting.nix # { nixpkgs.config.allowUnfreePredicate = (pkg: true); }
./config/Wallpaper.nix { nix.extraOptions = "experimental-features = nix-command flakes"; }
(import ./config/Style.nix { { home-manager.config.stylix.autoEnable = lib.mkForce false; }
inherit (config.home-manager) config;
inherit (self) __findFile;
inherit lib pkgs;
})
];
# SpecialArgs allows you to pass objects down to other configuration. # Some common modules.
extraSpecialArgs = { ./config/Setting.nix
inherit inputs self; ./config/Wallpaper.nix
inherit (self) const __findFile; (import ./config/Style.nix {
inherit (config.home-manager) config;
inherit (self) __findFile;
inherit lib pkgs;
})
];
secret = import ./secret { }; # Secrets (public keys). # SpecialArgs allows you to pass objects down to other configuration.
util = import ./lib/Util.nix { inherit lib; }; # Util functions. extraSpecialArgs = {
}; inherit inputs self;
}; inherit (self) const __findFile;
};
secret = import ./secret {}; # Secrets (public keys).
util = import ./lib/Util.nix { inherit lib; }; # Util functions.
};
};
};
} }
# That's it! # That's it!

79
home/Android.nix
View file

@ -1,45 +1,40 @@
# This is a common user configuration. # This is a common user configuration.
{ { const
const, , pkgs
pkgs, , self
self, , config
config, , lib
lib, , inputs
inputs, , pkgsStable
pkgsStable, , pkgsMaster
pkgsMaster, , __findFile
__findFile, , ... } @args: with lib; let
... cfg = config.home.android;
}@args: stylix = import <config/Stylix.nix> args;
with lib; android = import ./android args;
let package = import <package> args;
cfg = config.home.android; # homePath = "/data/data/com.termux.nix/files/home";
stylix = import <config/Stylix.nix> args; in {
android = import ./android args; options = {
package = import <package> args; home.android = {
in enable = mkEnableOption "Android HM config.";
# homePath = "/data/data/com.termux.nix/files/home"; };
{ };
options = {
home.android = {
enable = mkEnableOption "Android HM config.";
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
time.timeZone = const.timeZone; time.timeZone = const.timeZone;
environment.packages = package.core; environment.packages = package.core;
home-manager.config = stylix // { home-manager.config = stylix // {
imports = [ inputs.stylix.homeManagerModules.stylix ]; imports = [ inputs.stylix.homeManagerModules.stylix ];
home = { home = {
stateVersion = const.droidStateVersion; stateVersion = const.droidStateVersion;
sessionVariables = import ./variable args; sessionVariables = import ./variable args;
file = (import ./config args) // { file = (import ./config args) // {
".termux/_font.ttf".source = android.font; ".termux/_font.ttf".source = android.font;
".termux/_colors.properties".text = android.colors; ".termux/_colors.properties".text = android.colors;
}; };
}; };
programs = import ./program args; programs = import ./program args;
}; };
}; };
} }

117
home/HomeManager.nix
View file

@ -1,64 +1,59 @@
# This is a common user configuration. # This is a common user configuration.
{ { const
const, , util
util, , config
config, , lib
lib, , __findFile
__findFile, , ... } @args: with lib; let
... cfg = config.home.hm;
}@args: package = import <package> args;
with lib; in {
let options = {
cfg = config.home.hm; home.hm = {
package = import <package> args; enable = mkEnableOption "Home-Manager standalone config.";
in username = mkOption {
{ default = null;
options = { type = types.str;
home.hm = { };
enable = mkEnableOption "Home-Manager standalone config."; homeDirectory = mkOption {
username = mkOption { default = "/home/${cfg.username}";
default = null; type = types.str;
type = types.str; };
}; package = mkOption {
homeDirectory = mkOption { default = {};
default = "/home/${cfg.username}"; type = types.submodule {
type = types.str; options = {
}; common.enable = mkEnableOption "Common apps.";
package = mkOption { core.enable = mkEnableOption "Core apps.";
default = { }; creative.enable = mkEnableOption "Creative apps.";
type = types.submodule { desktop.enable = mkEnableOption "Desktop apps.";
options = { dev.enable = mkEnableOption "Dev apps.";
common.enable = mkEnableOption "Common apps."; extra.enable = mkEnableOption "Extra apps.";
core.enable = mkEnableOption "Core apps."; gaming.enable = mkEnableOption "Gaming apps.";
creative.enable = mkEnableOption "Creative apps."; };
desktop.enable = mkEnableOption "Desktop apps."; };
dev.enable = mkEnableOption "Dev apps."; };
extra.enable = mkEnableOption "Extra apps."; };
gaming.enable = mkEnableOption "Gaming apps."; };
};
};
};
};
};
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
home = { home = {
inherit (cfg) username homeDirectory; inherit (cfg) username homeDirectory;
inherit (const) stateVersion; inherit (const) stateVersion;
file = import ./config args; file = import ./config args;
sessionVariables = import ./variable args; sessionVariables = import ./variable args;
}; };
xdg = import ./xdg { inherit (cfg) homeDirectory; }; xdg = import ./xdg { inherit (cfg) homeDirectory; };
programs = import ./program args; programs = import ./program args;
dconf.settings = util.catSet (util.ls ./config/dconf) args; dconf.settings = util.catSet (util.ls ./config/dconf) args;
} }
(mkIf cfg.package.common.enable { home.packages = package.common; }) (mkIf cfg.package.common.enable { home.packages = package.common; })
(mkIf cfg.package.core.enable { home.packages = package.core; }) (mkIf cfg.package.core.enable { home.packages = package.core; })
(mkIf cfg.package.creative.enable { home.packages = package.creative; }) (mkIf cfg.package.creative.enable { home.packages = package.creative; })
(mkIf cfg.package.desktop.enable { home.packages = package.desktop; }) (mkIf cfg.package.desktop.enable { home.packages = package.desktop; })
(mkIf cfg.package.dev.enable { home.packages = package.dev; }) (mkIf cfg.package.dev.enable { home.packages = package.dev; })
(mkIf cfg.package.extra.enable { home.packages = package.extra; }) (mkIf cfg.package.extra.enable { home.packages = package.extra; })
(mkIf cfg.package.gaming.enable { home.packages = package.gaming; }) (mkIf cfg.package.gaming.enable { home.packages = package.gaming; })
]); ]);
} }

85
home/NixOs.nix
View file

@ -1,53 +1,44 @@
# This is a common user configuration. # This is a common user configuration.
{ { const
const, , config
config, , util
util, , lib
lib, , pkgs
pkgs, , ... } @args: with lib; let
... cfg = config.home.nixos;
}@args: in {
with lib; imports = (util.ls ./user);
let
cfg = config.home.nixos;
in
{
imports = (util.ls ./user);
options = { options = {
home.nixos = { home.nixos = {
enable = mkEnableOption "NixOS user setup."; enable = mkEnableOption "NixOS user setup.";
users = mkOption { users = mkOption {
default = [ ]; default = [];
type = types.listOf types.attrs; type = types.listOf types.attrs;
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home-manager = { home-manager = {
users = builtins.foldl' ( users = builtins.foldl' (acc: user: acc // {
acc: user: ${user.username} = {
acc home = {
// { inherit (const) stateVersion;
${user.username} = { inherit (user) username homeDirectory;
home = { file = import ./config args;
inherit (const) stateVersion; sessionVariables = import ./variable args;
inherit (user) username homeDirectory;
file = import ./config args;
sessionVariables = import ./variable args;
# ISSUE: https://github.com/nix-community/home-manager/issues/5589 # ISSUE: https://github.com/nix-community/home-manager/issues/5589
extraActivationPath = with pkgs; [ openssh ]; extraActivationPath = with pkgs; [ openssh ];
}; };
xdg = import ./xdg { inherit (user) homeDirectory; }; xdg = import ./xdg { inherit (user) homeDirectory; };
programs = import ./program args; programs = import ./program args;
dconf.settings = util.catSet (util.ls ./config/dconf) args; dconf.settings = util.catSet (util.ls ./config/dconf) args;
}; };
} }) {} cfg.users;
) { } cfg.users;
backupFileExtension = "old"; backupFileExtension = "old";
}; };
}; };
} }

19
home/android/default.nix
View file

@ -1,13 +1,10 @@
{ pkgs, config, ... }: { pkgs, util, config, ... }: {
{ font = pkgs.runCommandNoCC "font" {} ''
font = pkgs.runCommandNoCC "font" { } '' cp ${pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
cp ${ '';
pkgs.nerdfonts.override { fonts = [ "Terminus" ]; }
}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
'';
colors = '' colors = util.trimTabs ''
background=#${config.style.color.bg.dark} background=#${config.style.color.bg.dark}
foreground=#${config.style.color.fg.light} foreground=#${config.style.color.fg.light}
''; '';
} }

347
home/config/btop/default.nix
View file

@ -1,250 +1,249 @@
{ ... }: { config, util, ... }: {
{ text = util.trimTabs ''
text = '' #? Config file for btop v. 1.3.0
#? Config file for btop v. 1.3.0
#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes. #* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes" #* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme" color_theme = "/usr/share/btop/themes/gruvbox_material_dark.theme"
#* If the theme set background should be shown, set to False if you want terminal background transparency. #* If the theme set background should be shown, set to False if you want terminal background transparency.
theme_background = False theme_background = False
#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false. #* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
truecolor = True truecolor = True
#* Set to true to force tty mode regardless if a real tty has been detected or not. #* Set to true to force tty mode regardless if a real tty has been detected or not.
#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols. #* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
force_tty = False force_tty = False
#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets. #* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box. #* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
#* Use whitespace " " as separator between different presets. #* Use whitespace " " as separator between different presets.
#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty" #* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
presets = "" presets = ""
#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists. #* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift. #* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
vim_keys = True vim_keys = True
#* Rounded corners on boxes, is ignored if TTY mode is ON. #* Rounded corners on boxes, is ignored if TTY mode is ON.
rounded_corners = True rounded_corners = True
#* Default symbols to use for graph creation, "braille", "block" or "tty". #* Default symbols to use for graph creation, "braille", "block" or "tty".
#* "braille" offers the highest resolution but might not be included in all fonts. #* "braille" offers the highest resolution but might not be included in all fonts.
#* "block" has half the resolution of braille but uses more common characters. #* "block" has half the resolution of braille but uses more common characters.
#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY. #* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view. #* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
graph_symbol = "braille" graph_symbol = "braille"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". # Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_cpu = "default" graph_symbol_cpu = "default"
# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty". # Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
graph_symbol_gpu = "default" graph_symbol_gpu = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". # Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_mem = "default" graph_symbol_mem = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". # Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_net = "default" graph_symbol_net = "default"
# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". # Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
graph_symbol_proc = "default" graph_symbol_proc = "default"
#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace. #* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
shown_boxes = "cpu mem net proc" shown_boxes = "cpu mem net proc"
#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs. #* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
update_ms = 2000 update_ms = 2000
#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct", #* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly. #* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
proc_sorting = "memory" proc_sorting = "memory"
#* Reverse sorting order, True or False. #* Reverse sorting order, True or False.
proc_reversed = False proc_reversed = False
#* Show processes as a tree. #* Show processes as a tree.
proc_tree = False proc_tree = False
#* Use the cpu graph colors in the process list. #* Use the cpu graph colors in the process list.
proc_colors = True proc_colors = True
#* Use a darkening gradient in the process list. #* Use a darkening gradient in the process list.
proc_gradient = True proc_gradient = True
#* If process cpu usage should be of the core it's running on or usage of the total available cpu power. #* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
proc_per_core = False proc_per_core = False
#* Show process memory as bytes instead of percent. #* Show process memory as bytes instead of percent.
proc_mem_bytes = True proc_mem_bytes = True
#* Show cpu graph for each process. #* Show cpu graph for each process.
proc_cpu_graphs = True proc_cpu_graphs = True
#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate) #* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
proc_info_smaps = False proc_info_smaps = False
#* Show proc box on left side of screen instead of right. #* Show proc box on left side of screen instead of right.
proc_left = True proc_left = True
#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop). #* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
proc_filter_kernel = True proc_filter_kernel = True
#* In tree-view, always accumulate child process resources in the parent process. #* In tree-view, always accumulate child process resources in the parent process.
proc_aggregate = False proc_aggregate = False
#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available. #* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu. #* Select from a list of detected attributes from the options menu.
cpu_graph_upper = "total" cpu_graph_upper = "total"
#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available. #* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
#* Select from a list of detected attributes from the options menu. #* Select from a list of detected attributes from the options menu.
cpu_graph_lower = "total" cpu_graph_lower = "total"
#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off". #* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
show_gpu_info = "Auto" show_gpu_info = "Auto"
#* Toggles if the lower CPU graph should be inverted. #* Toggles if the lower CPU graph should be inverted.
cpu_invert_lower = True cpu_invert_lower = True
#* Set to True to completely disable the lower CPU graph. #* Set to True to completely disable the lower CPU graph.
cpu_single_graph = False cpu_single_graph = False
#* Show cpu box at bottom of screen instead of top. #* Show cpu box at bottom of screen instead of top.
cpu_bottom = False cpu_bottom = False
#* Shows the system uptime in the CPU box. #* Shows the system uptime in the CPU box.
show_uptime = True show_uptime = True
#* Show cpu temperature. #* Show cpu temperature.
check_temp = True check_temp = True
#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors. #* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
cpu_sensor = "Auto" cpu_sensor = "Auto"
#* Show temperatures for cpu cores also if check_temp is True and sensors has been found. #* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
show_coretemp = True show_coretemp = True
#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core. #* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine. #* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries. #* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
#* Example: "4:0 5:1 6:3" #* Example: "4:0 5:1 6:3"
cpu_core_map = "" cpu_core_map = ""
#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine". #* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
temp_scale = "celsius" temp_scale = "celsius"
#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024. #* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
base_10_sizes = True base_10_sizes = True
#* Show CPU frequency. #* Show CPU frequency.
show_cpu_freq = True show_cpu_freq = True
#* Draw a clock at top of screen, formatting according to strftime, empty string to disable. #* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
#* Special formatting: /host = hostname | /user = username | /uptime = system uptime #* Special formatting: /host = hostname | /user = username | /uptime = system uptime
clock_format = "%X" clock_format = "%X"
#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort. #* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
background_update = True background_update = True
#* Custom cpu model name, empty string to disable. #* Custom cpu model name, empty string to disable.
custom_cpu_name = "" custom_cpu_name = ""
#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ". #* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user". #* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
disks_filter = "exclude=/boot /boot/efi" disks_filter = "exclude=/boot /boot/efi"
#* Show graphs instead of meters for memory values. #* Show graphs instead of meters for memory values.
mem_graphs = True mem_graphs = True
#* Show mem box below net box instead of above. #* Show mem box below net box instead of above.
mem_below_net = False mem_below_net = False
#* Count ZFS ARC in cached and available memory. #* Count ZFS ARC in cached and available memory.
zfs_arc_cached = True zfs_arc_cached = True
#* If swap memory should be shown in memory box. #* If swap memory should be shown in memory box.
show_swap = True show_swap = True
#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk. #* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
swap_disk = False swap_disk = False
#* If mem box should be split to also show disks info. #* If mem box should be split to also show disks info.
show_disks = True show_disks = True
#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar. #* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
only_physical = True only_physical = True
#* Read disks list from /etc/fstab. This also disables only_physical. #* Read disks list from /etc/fstab. This also disables only_physical.
use_fstab = True use_fstab = True
#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool) #* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
zfs_hide_datasets = False zfs_hide_datasets = False
#* Set to true to show available disk space for privileged users. #* Set to true to show available disk space for privileged users.
disk_free_priv = False disk_free_priv = False
#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view. #* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
show_io_stat = True show_io_stat = True
#* Toggles io mode for disks, showing big graphs for disk read/write speeds. #* Toggles io mode for disks, showing big graphs for disk read/write speeds.
io_mode = False io_mode = False
#* Set to True to show combined read/write io graphs in io mode. #* Set to True to show combined read/write io graphs in io mode.
io_graph_combined = False io_graph_combined = False
#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ". #* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
#* Example: "/mnt/media:100 /:20 /boot:1". #* Example: "/mnt/media:100 /:20 /boot:1".
io_graph_speeds = "" io_graph_speeds = ""
#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False. #* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
net_download = 100 net_download = 100
net_upload = 100 net_upload = 100
#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest. #* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
net_auto = True net_auto = True
#* Sync the auto scaling for download and upload to whichever currently has the highest scale. #* Sync the auto scaling for download and upload to whichever currently has the highest scale.
net_sync = True net_sync = True
#* Starts with the Network Interface specified here. #* Starts with the Network Interface specified here.
net_iface = "" net_iface = ""
#* Show battery stats in top right if battery is present. #* Show battery stats in top right if battery is present.
show_battery = True show_battery = True
#* Which battery to use if multiple are present. "Auto" for auto detection. #* Which battery to use if multiple are present. "Auto" for auto detection.
selected_battery = "Auto" selected_battery = "Auto"
#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG". #* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info. #* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
log_level = "WARNING" log_level = "WARNING"
#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards. #* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
nvml_measure_pcie_speeds = True nvml_measure_pcie_speeds = True
#* Horizontally mirror the GPU graph. #* Horizontally mirror the GPU graph.
gpu_mirror_graph = True gpu_mirror_graph = True
#* Custom gpu0 model name, empty string to disable. #* Custom gpu0 model name, empty string to disable.
custom_gpu_name0 = "" custom_gpu_name0 = ""
#* Custom gpu1 model name, empty string to disable. #* Custom gpu1 model name, empty string to disable.
custom_gpu_name1 = "" custom_gpu_name1 = ""
#* Custom gpu2 model name, empty string to disable. #* Custom gpu2 model name, empty string to disable.
custom_gpu_name2 = "" custom_gpu_name2 = ""
#* Custom gpu3 model name, empty string to disable. #* Custom gpu3 model name, empty string to disable.
custom_gpu_name3 = "" custom_gpu_name3 = ""
#* Custom gpu4 model name, empty string to disable. #* Custom gpu4 model name, empty string to disable.
custom_gpu_name4 = "" custom_gpu_name4 = ""
#* Custom gpu5 model name, empty string to disable. #* Custom gpu5 model name, empty string to disable.
custom_gpu_name5 = "" custom_gpu_name5 = ""
''; '';
} }

9
home/config/dconf/Accessibility.nix
View file

@ -1,6 +1,5 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/a11y" = {
"org/gnome/desktop/a11y" = { always-show-universal-access-status = true;
always-show-universal-access-status = true; };
};
} }

51
home/config/dconf/Gtk.nix
View file

@ -1,28 +1,27 @@
{ ... }: { ... }: {
{ "org/gtk/gtk4/settings/file-chooser" = {
"org/gtk/gtk4/settings/file-chooser" = { date-format = "regular";
date-format = "regular"; location-mode = "path-bar";
location-mode = "path-bar"; show-hidden = false;
show-hidden = false; show-size-column = true;
show-size-column = true; show-type-column = true;
show-type-column = true; sidebar-width = "166";
sidebar-width = "166"; sort-column = "modified";
sort-column = "modified"; sort-directories-first = true;
sort-directories-first = true; sort-order = "descending";
sort-order = "descending"; type-format = "category";
type-format = "category"; view-type = "list";
view-type = "list"; };
};
"org/gtk/settings/file-chooser" = { "org/gtk/settings/file-chooser" = {
date-format = "regular"; date-format = "regular";
location-mode = "path-bar"; location-mode = "path-bar";
show-hidden = false; show-hidden = false;
show-size-column = true; show-size-column = true;
show-type-column = true; show-type-column = true;
sort-column = "modified"; sort-column = "modified";
sort-directories-first = true; sort-directories-first = true;
sort-order = "descending"; sort-order = "descending";
type-format = "category"; type-format = "category";
}; };
} }

55
home/config/dconf/Input.nix
View file

@ -1,40 +1,21 @@
{ lib, config, ... }: { lib, config, ... }: {
{ "org/gnome/desktop/input-sources" = with lib.gvariant; {
"org/gnome/desktop/input-sources" = with lib.gvariant; { current = mkUint32 0;
current = mkUint32 0; mru-sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
mru-sources = [ per-window = false;
(mkTuple [ show-all-sources = true;
"xkb" sources = [ (mkTuple [ "xkb" "us" ]) (mkTuple [ "xkb" "ru" ]) ];
"us" xkb-options = [ config.setting.keyboard.options ];
]) };
(mkTuple [
"xkb"
"ru"
])
];
per-window = false;
show-all-sources = true;
sources = [
(mkTuple [
"xkb"
"us"
])
(mkTuple [
"xkb"
"ru"
])
];
xkb-options = [ config.setting.keyboard.options ];
};
"org/gnome/desktop/peripherals/mouse" = { "org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat"; accel-profile = "flat";
natural-scroll = true; natural-scroll = true;
speed = "0.0"; speed = "0.0";
}; };
"org/gnome/desktop/peripherals/touchpad" = { "org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true; tap-to-click = true;
two-finger-scrolling-enabled = true; two-finger-scrolling-enabled = true;
}; };
} }

21
home/config/dconf/Interface.nix
View file

@ -1,12 +1,11 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/interface" = {
"org/gnome/desktop/interface" = { clock-show-date = true;
clock-show-date = true; clock-show-weekday = true;
clock-show-weekday = true; color-scheme = "prefer-dark";
color-scheme = "prefer-dark"; enable-animations = false;
enable-animations = false; enable-hot-corners = false;
enable-hot-corners = false; gtk-enable-primary-paste = false;
gtk-enable-primary-paste = false; show-battery-percentage = false;
show-battery-percentage = false; };
};
} }

244
home/config/dconf/Key.nix
View file

@ -1,134 +1,132 @@
{ config, ... }: { config, ... }: let
let mod = "<Super>";
mod = "<Super>"; in {
in "org/gnome/desktop/wm/keybindings" = {
{ activate-window-menu = [ "" ];
"org/gnome/desktop/wm/keybindings" = { begin-move = [ "" ];
activate-window-menu = [ "" ]; begin-resize = [ "${mod}r" ];
begin-move = [ "" ]; close = [ "${mod}x" ];
begin-resize = [ "${mod}r" ]; cycle-group = [ "" ];
close = [ "${mod}x" ]; cycle-group-backward = [ "" ];
cycle-group = [ "" ]; cycle-panels = [ "" ];
cycle-group-backward = [ "" ]; cycle-panels-backward = [ "" ];
cycle-panels = [ "" ]; cycle-windows = [ "" ];
cycle-panels-backward = [ "" ]; cycle-windows-backward = [ "" ];
cycle-windows = [ "" ]; maximize = [ "" ];
cycle-windows-backward = [ "" ]; maximize-horizontally = [ "" ];
maximize = [ "" ]; minimize = [ "${mod}s" ];
maximize-horizontally = [ "" ]; move-to-monitor-down = [ "" ];
minimize = [ "${mod}s" ]; move-to-monitor-left = [ "" ];
move-to-monitor-down = [ "" ]; move-to-monitor-right = [ "" ];
move-to-monitor-left = [ "" ]; move-to-monitor-up = [ "" ];
move-to-monitor-right = [ "" ]; move-to-workspace-1 = [ "" ];
move-to-monitor-up = [ "" ]; move-to-workspace-2 = [ "" ];
move-to-workspace-1 = [ "" ]; move-to-workspace-3 = [ "" ];
move-to-workspace-2 = [ "" ]; move-to-workspace-4 = [ "" ];
move-to-workspace-3 = [ "" ]; move-to-workspace-last = [ "" ];
move-to-workspace-4 = [ "" ]; move-to-workspace-left = [ "<Shift>${mod}q" ];
move-to-workspace-last = [ "" ]; move-to-workspace-right = [ "<Shift>${mod}e" ];
move-to-workspace-left = [ "<Shift>${mod}q" ]; panel-run-dialog = [ "${mod}space" ];
move-to-workspace-right = [ "<Shift>${mod}e" ]; show-desktop = [ "${mod}c" ];
panel-run-dialog = [ "${mod}space" ]; switch-applications = [ "${mod}Tab" ];
show-desktop = [ "${mod}c" ]; switch-applications-backward = [ "<Shift>${mod}Tab" ];
switch-applications = [ "${mod}Tab" ]; switch-group = [ "<Alt>Tab" ];
switch-applications-backward = [ "<Shift>${mod}Tab" ]; switch-group-backward = [ "<Shift><Alt>Tab" ];
switch-group = [ "<Alt>Tab" ]; switch-input-source = [ "" ];
switch-group-backward = [ "<Shift><Alt>Tab" ]; switch-input-source-backward = [ "" ];
switch-input-source = [ "" ]; switch-panels = [ "" ];
switch-input-source-backward = [ "" ]; switch-panels-backward = [ "" ];
switch-panels = [ "" ]; switch-to-workspace-1 = [ "" ];
switch-panels-backward = [ "" ]; switch-to-workspace-2 = [ "" ];
switch-to-workspace-1 = [ "" ]; switch-to-workspace-3 = [ "" ];
switch-to-workspace-2 = [ "" ]; switch-to-workspace-4 = [ "" ];
switch-to-workspace-3 = [ "" ]; switch-to-workspace-last = [ "" ];
switch-to-workspace-4 = [ "" ]; switch-to-workspace-left = [ "${mod}q" ];
switch-to-workspace-last = [ "" ]; switch-to-workspace-right = [ "${mod}e" ];
switch-to-workspace-left = [ "${mod}q" ]; switch-windows = [ "" ];
switch-to-workspace-right = [ "${mod}e" ]; switch-windows-backward = [ "" ];
switch-windows = [ "" ]; toggle-fullscreen = [ "${mod}f" ];
switch-windows-backward = [ "" ]; toggle-maximized = [ "${mod}w" ];
toggle-fullscreen = [ "${mod}f" ]; unmaximize = [ "" ];
toggle-maximized = [ "${mod}w" ]; };
unmaximize = [ "" ];
};
"org/gnome/mutter/keybindings" = { "org/gnome/mutter/keybindings" = {
toggle-tiled-left = [ "${mod}a" ]; toggle-tiled-left = [ "${mod}a" ];
toggle-tiled-right = [ "${mod}d" ]; toggle-tiled-right = [ "${mod}d" ];
}; };
"org/gnome/mutter/wayland/keybindings" = { "org/gnome/mutter/wayland/keybindings" = {
restore-shortcuts = [ "" ]; restore-shortcuts = [ "" ];
}; };
"org/gnome/settings-daemon/plugins/media-keys" = { "org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [ custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5/"
]; ];
magnifier = [ "" ]; magnifier = [ "" ];
magnifier-zoom-in = [ "" ]; magnifier-zoom-in = [ "" ];
magnifier-zoom-out = [ "" ]; magnifier-zoom-out = [ "" ];
screenreader = [ "" ]; screenreader = [ "" ];
screensaver = [ "${mod}z" ]; screensaver = [ "${mod}z" ];
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "${mod}Escape"; binding = "${mod}Escape";
command = "kgx -e bash -c 'tmux new-session -A -s main; bash'"; command = "kgx -e bash -c 'tmux new-session -A -s main; bash'";
name = "gnome-terminal"; name = "gnome-terminal";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "printz"; binding = "printz";
command = "systemctl suspend -i"; command = "systemctl suspend -i";
name = "System Sleep"; name = "System Sleep";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" = {
binding = "printx"; binding = "printx";
command = "systemctl poweroff -i"; command = "systemctl poweroff -i";
name = "System Poweroff"; name = "System Poweroff";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" = {
binding = "printc"; binding = "printc";
command = "systemctl reboot -i"; command = "systemctl reboot -i";
name = "System Reboot"; name = "System Reboot";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom4" = {
binding = "printp"; binding = "printp";
command = "powersave toggle"; command = "powersave toggle";
name = "Toggle Powersave"; name = "Toggle Powersave";
}; };
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = { "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom5" = {
binding = "printl"; binding = "printl";
command = "powerlimit toggle"; command = "powerlimit toggle";
name = "Toggle Powerlimit"; name = "Toggle Powerlimit";
}; };
"org/gnome/shell/keybindings" = { "org/gnome/shell/keybindings" = {
focus-active-notification = [ "" ]; focus-active-notification = [ "" ];
open-application-menu = [ "" ]; open-application-menu = [ "" ];
show-screenshot-ui = [ "${mod}v" ]; show-screenshot-ui = [ "${mod}v" ];
switch-to-application-1 = [ "" ]; switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ]; switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ]; switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ]; switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ]; switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ]; switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ]; switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ]; switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ]; switch-to-application-9 = [ "" ];
toggle-application-view = [ "" ]; toggle-application-view = [ "" ];
toggle-message-tray = [ "" ]; toggle-message-tray = [ "" ];
toggle-overview = [ "" ]; toggle-overview = [ "" ];
toggle-quick-settings = [ "" ]; toggle-quick-settings = [ "" ];
}; };
} }

13
home/config/dconf/Media.nix
View file

@ -1,8 +1,7 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/media-handling" = {
"org/gnome/desktop/media-handling" = { automount = false;
automount = false; automount-open = false;
automount-open = false; autorun-never = true;
autorun-never = true; };
};
} }

37
home/config/dconf/Nautilus.nix
View file

@ -1,22 +1,21 @@
{ ... }: { ... }: {
{ "org/gnome/nautilus/icon-view" = {
"org/gnome/nautilus/icon-view" = { default-zoom-level = "larger";
default-zoom-level = "larger"; };
};
"org/gnome/nautilus/list-view" = { "org/gnome/nautilus/list-view" = {
default-zoom-level = "small"; default-zoom-level = "small";
use-tree-view = false; use-tree-view = false;
}; };
"org/gnome/nautilus/preferences" = { "org/gnome/nautilus/preferences" = {
click-policy = "single"; click-policy = "single";
default-folder-viewer = "list-view"; default-folder-viewer = "list-view";
default-sort-in-reverse-order = false; default-sort-in-reverse-order = false;
default-sort-order = "name"; default-sort-order = "name";
migrated-gtk-settings = true; migrated-gtk-settings = true;
search-filter-time-type = "last_modified"; search-filter-time-type = "last_modified";
search-view = "list-view"; search-view = "list-view";
show-image-thumbnails = "local-only"; show-image-thumbnails = "local-only";
}; };
} }

19
home/config/dconf/Power.nix
View file

@ -1,11 +1,10 @@
{ ... }: { ... }: {
{ "org/gnome/settings-daemon/plugins/power" = {
"org/gnome/settings-daemon/plugins/power" = { ambient-enabled = false;
ambient-enabled = false; idle-dim = false;
idle-dim = false; power-button-action = "nothing";
power-button-action = "nothing"; sleep-inactive-ac-timeout = "0";
sleep-inactive-ac-timeout = "0"; sleep-inactive-ac-type = "nothing";
sleep-inactive-ac-type = "nothing"; sleep-inactive-battery-type = "nothing";
sleep-inactive-battery-type = "nothing"; };
};
} }

27
home/config/dconf/Privacy.nix
View file

@ -1,16 +1,15 @@
{ lib, ... }: { lib, ... }: {
{ "org/gnome/desktop/privacy" = with lib.gvariant; {
"org/gnome/desktop/privacy" = with lib.gvariant; { disable-camera = false;
disable-camera = false; disable-microphone = false;
disable-microphone = false; old-files-age = mkUint32 30;
old-files-age = mkUint32 30; recent-files-max-age = mkUint32 30;
recent-files-max-age = mkUint32 30; remove-old-temp-files = true;
remove-old-temp-files = true; remove-old-trash-files = true;
remove-old-trash-files = true; report-technical-problems = true;
report-technical-problems = true; };
};
"org/gnome/system/location" = { "org/gnome/system/location" = {
enabled = false; enabled = false;
}; };
} }

9
home/config/dconf/Session.nix
View file

@ -1,6 +1,5 @@
{ lib, ... }: { lib, ... }: {
{ "org/gnome/desktop/session" = with lib.gvariant; {
"org/gnome/desktop/session" = with lib.gvariant; { idle-delay = mkUint32 0;
idle-delay = mkUint32 0; };
};
} }

25
home/config/dconf/Shell.nix
View file

@ -1,15 +1,14 @@
{ ... }: { ... }: {
{ "org/gnome/shell" = {
"org/gnome/shell" = { disable-extension-version-validation = true;
disable-extension-version-validation = true; disable-user-extensions = false;
disable-user-extensions = false; favorite-apps = [ "" ];
favorite-apps = [ "" ]; had-bluetooth-devices-setup = true;
had-bluetooth-devices-setup = true; last-selected-power-profile = "power-saver";
last-selected-power-profile = "power-saver"; remember-mount-password = false;
remember-mount-password = false; };
};
"system/proxy" = { "system/proxy" = {
mode = "none"; mode = "none";
}; };
} }

15
home/config/dconf/Software.nix
View file

@ -1,9 +1,8 @@
{ ... }: { ... }: {
{ "org/gnome/software" = {
"org/gnome/software" = { download-updates = false;
download-updates = false; download-updates-notify = false;
download-updates-notify = false; first-run = false;
first-run = false; show-nonfree-prompt = false;
show-nonfree-prompt = false; };
};
} }

13
home/config/dconf/Sound.nix
View file

@ -1,8 +1,7 @@
{ ... }: { ... }: {
{ "org/gnome/desktop/sound" = {
"org/gnome/desktop/sound" = { allow-volume-above-100-percent = false;
allow-volume-above-100-percent = false; event-sounds = false;
event-sounds = false; theme-name = "freedesktop";
theme-name = "freedesktop"; };
};
} }

55
home/config/dconf/Wm.nix
View file

@ -1,33 +1,32 @@
{ lib, ... }: { lib, ... }: {
{ "org/gnome/desktop/wm/preferences" = {
"org/gnome/desktop/wm/preferences" = { action-middle-click-titlebar = "minimize";
action-middle-click-titlebar = "minimize"; action-right-click-titlebar = "menu";
action-right-click-titlebar = "menu"; focus-mode = "click"; # `click` or `sloppy`.
focus-mode = "click"; # `click` or `sloppy`. button-layout = "appmenu:close";
button-layout = "appmenu:close"; };
};
"org/gnome/mutter" = { "org/gnome/mutter" = {
attach-modal-dialogs = true; attach-modal-dialogs = true;
center-new-windows = true; center-new-windows = true;
dynamic-workspaces = true; dynamic-workspaces = true;
edge-tiling = true; edge-tiling = true;
workspaces-only-on-primary = true; workspaces-only-on-primary = true;
}; };
"org/gnome/settings-daemon/plugins/color" = with lib.gvariant; { "org/gnome/settings-daemon/plugins/color" = with lib.gvariant; {
night-light-enabled = false; night-light-enabled = false;
night-light-schedule-automatic = false; night-light-schedule-automatic = false;
night-light-schedule-from = "0.0"; night-light-schedule-from = "0.0";
night-light-schedule-to = "0.0"; night-light-schedule-to = "0.0";
night-light-temperature = mkUint32 3700; night-light-temperature = mkUint32 3700;
}; };
"org/gnome/shell/app-switcher" = { "org/gnome/shell/app-switcher" = {
current-workspace-only = true; current-workspace-only = true;
}; };
"org/gnome/shell/overrides" = { "org/gnome/shell/overrides" = {
edge-tiling = false; edge-tiling = false;
}; };
} }

105
home/config/default.nix
View file

@ -1,57 +1,50 @@
{ { self, inputs, config, ... } @args: let
self, btop = import ./btop args;
inputs, editor = import ./editorconfig args;
config, foot = import ./foot args;
... fuzzel = import ./fuzzel args;
}@args: git = import ./git args;
let gtk3 = import ./gtk/3 args;
btop = import ./btop args; jetbrains = import ./jetbrains args;
editor = import ./editorconfig args; keyd = import ./keyd args;
foot = import ./foot args; mako = import ./mako args;
fuzzel = import ./fuzzel args; mangohud = import ./mangohud args;
git = import ./git args; nvim = import ./nvim args;
gtk3 = import ./gtk/3 args; ssh = import ./ssh args;
jetbrains = import ./jetbrains args; swappy = import ./swappy args;
keyd = import ./keyd args; sway = import ./sway args;
mako = import ./mako args; tmux = import ./tmux args;
mangohud = import ./mangohud args; waybar = import ./waybar args;
nvim = import ./nvim args; yazi = import ./yazi args;
ssh = import ./ssh args; in {
swappy = import ./swappy args; ".Wallpaper".source = config.module.wallpaper.path;
sway = import ./sway args; ".config/MangoHud/MangoHud.conf".source = mangohud.config;
tmux = import ./tmux args; ".config/MangoHud/presets.conf".source = mangohud.presets;
waybar = import ./waybar args; ".config/btop/btop.conf".text = btop.text;
yazi = import ./yazi args; ".config/foot/foot.ini".source = foot.file;
in ".config/fuzzel/fuzzel.ini".source = fuzzel.file;
{ ".config/gtk-3.0/bookmarks".text = gtk3.bookmarks;
".Wallpaper".source = config.module.wallpaper.path; ".config/keyd/app.conf".text = keyd.text;
".config/MangoHud/MangoHud.conf".source = mangohud.config; ".config/mako/config".source = mako.file;
".config/MangoHud/presets.conf".source = mangohud.presets; ".config/nvim/init.vim".text = nvim.text;
".config/btop/btop.conf".text = btop.text; ".config/swappy/config".source = swappy.config;
".config/foot/foot.ini".source = foot.file; ".config/sway/config".text = sway.text;
".config/fuzzel/fuzzel.ini".source = fuzzel.file; ".config/tmux/tmux.conf".text = tmux.text;
".config/gtk-3.0/bookmarks".text = gtk3.bookmarks; ".config/waybar/config".source = waybar.config;
".config/keyd/app.conf".text = keyd.text; ".config/waybar/style.css".source = waybar.style;
".config/mako/config".source = mako.file; ".config/yazi/init.lua".source = yazi.init;
".config/nvim/init.vim".text = nvim.text; ".config/yazi/keymap.toml".source = yazi.keymap;
".config/swappy/config".source = swappy.config; ".config/yazi/theme.toml".source = yazi.theme;
".config/sway/config".text = sway.text; ".config/yazi/yazi.toml".source = yazi.yazi;
".config/tmux/tmux.conf".text = tmux.text; ".editorconfig".source = editor.file;
".config/waybar/config".source = waybar.config; ".gitconfig".source = git.file;
".config/waybar/style.css".source = waybar.style; ".ideavimrc".text = jetbrains.ideavimrc;
".config/yazi/init.lua".source = yazi.init; ".nix".source = self;
".config/yazi/keymap.toml".source = yazi.keymap; ".nixpkgs".source = inputs.nixpkgs;
".config/yazi/theme.toml".source = yazi.theme; # TODO: Add after migrating to stable.
".config/yazi/yazi.toml".source = yazi.yazi; # ".nixpkgs_unstable".source = inputs.nixpkgs;
".editorconfig".source = editor.file; # ".nixpkgs_master".source = inputs.nixpkgs;
".gitconfig".source = git.file; ".parallel/will-cite".text = "";
".ideavimrc".text = jetbrains.ideavimrc; ".ssh/config".text = ssh.text;
".nix".source = self; ".template".source = ./template;
".nixpkgs".source = inputs.nixpkgs;
# TODO: Add after migrating to stable.
# ".nixpkgs_unstable".source = inputs.nixpkgs;
# ".nixpkgs_master".source = inputs.nixpkgs;
".parallel/will-cite".text = "";
".ssh/config".text = ssh.text;
".template".source = ./template;
} }

54
home/config/editorconfig/default.nix
View file

@ -1,34 +1,32 @@
{ pkgs, ... }: { pkgs, ... }: {
{ file = (pkgs.formats.iniWithGlobalSection {}).generate "EditorconfigConfig" {
file = (pkgs.formats.iniWithGlobalSection { }).generate "EditorconfigConfig" { globalSection.root = true;
globalSection.root = true;
sections = { sections = {
"*" = { "*" = {
end_of_line = "lf"; end_of_line = "lf";
charset = "utf-8"; charset = "utf-8";
indent_style = "tab"; indent_style = "tab";
indent_size = 2; indent_size = "2";
insert_final_newline = "true"; insert_final_newline = "true";
trim_trailing_whitespace = "true"; trim_trailing_whitespace = "true";
}; };
"Makefile" = { Makefile = {
indent_size = 4; indent_size = 2;
}; };
"*.nix" = { "*.{nix,js}" = {
indent_style = "space"; indent_size = 2;
indent_size = 2; };
};
"*.{lua,kt,kts,rs,py}" = { "*.{lua,kt,kts,rs,py}" = {
indent_size = 4; indent_size = 4;
}; };
"*.{sh,md}" = { "*.{sh,md}" = {
indent_size = 8; indent_size = 8;
}; };
}; };
}; };
} }

54
home/config/foot/default.nix
View file

@ -1,30 +1,28 @@
{ config, pkgs, ... }: { config, pkgs, ... }: let
let dpiAware = if config.setting.dpiAware then "yes" else "no";
dpiAware = if config.setting.dpiAware then "yes" else "no"; borderSize = toString config.style.window.border;
borderSize = toString config.style.window.border; fontStep = 1;
fontStep = 1; in {
in file = (pkgs.formats.iniWithGlobalSection {}).generate "FootConfig" {
{ globalSection = {
file = (pkgs.formats.iniWithGlobalSection { }).generate "FootConfig" { font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
globalSection = { # font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
# font-bold = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}";
font-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; dpi-aware = dpiAware;
font-bold-italic = "${config.style.font.monospace.name}:size=${toString config.style.font.size.terminal}"; font-size-adjustment = fontStep;
dpi-aware = dpiAware; pad = "${borderSize}x${borderSize} center";
font-size-adjustment = fontStep; };
pad = "${borderSize}x${borderSize} center";
};
sections = { sections = {
colors = { colors = {
alpha = config.style.opacity.terminal; alpha = config.style.opacity.terminal;
background = config.style.color.bg.dark; background = config.style.color.bg.dark;
foreground = config.style.color.fg.light; foreground = config.style.color.fg.light;
}; };
key-bindings = { key-bindings = {
show-urls-launch = "Mod1+o"; show-urls-launch = "Mod1+o";
}; };
}; };
}; };
} }

74
home/config/fuzzel/default.nix
View file

@ -1,40 +1,36 @@
{ pkgs, config, ... }: { pkgs, config, ... }: let
let dpiAware = if config.setting.dpiAware then "yes" else "no";
dpiAware = if config.setting.dpiAware then "yes" else "no"; in {
in file = (pkgs.formats.ini {}).generate "FuzzelConfig" {
{ main = {
file = (pkgs.formats.ini { }).generate "FuzzelConfig" { dpi-aware = dpiAware;
main = { # font = "${style.font.serif.name}:size=${toString style.font.size.popup}";
dpi-aware = dpiAware; font = "Minecraftia:size=${toString config.style.font.size.popup}";
# font = "${style.font.serif.name}:size=${toString style.font.size.popup}"; lines = 20;
font = "Minecraftia:size=${toString config.style.font.size.popup}"; prompt = "\"\"";
lines = 20; show-actions = "yes";
prompt = "\"\""; terminal = "foot";
show-actions = "yes"; width = 40;
terminal = "foot"; # list-executables-in-path = "no";
width = 40; };
# list-executables-in-path = "no"; border = {
}; radius = 0;
border = { width = 1;
radius = 0; };
width = 1; colors = let
}; defaultOpacity = "ff";
colors = in {
let background = config.style.color.bg.dark + config.style.opacity.hex;
defaultOpacity = "ff"; border = config.style.color.border + config.style.opacity.hex;
in counter = config.style.color.bg.regular + defaultOpacity;
{ input = config.style.color.fg.light + defaultOpacity;
background = config.style.color.bg.dark + config.style.opacity.hex; match = config.style.color.fg.light + defaultOpacity;
border = config.style.color.border + config.style.opacity.hex; placeholder = config.style.color.bg.regular + defaultOpacity;
counter = config.style.color.bg.regular + defaultOpacity; prompt = config.style.color.fg.light + defaultOpacity;
input = config.style.color.fg.light + defaultOpacity; selection = config.style.color.bg.regular + defaultOpacity;
match = config.style.color.fg.light + defaultOpacity; selection-match = config.style.color.accent + defaultOpacity;
placeholder = config.style.color.bg.regular + defaultOpacity; selection-text = config.style.color.fg.light + defaultOpacity;
prompt = config.style.color.fg.light + defaultOpacity; text = config.style.color.fg.light + defaultOpacity;
selection = config.style.color.bg.regular + defaultOpacity; };
selection-match = config.style.color.accent + defaultOpacity; };
selection-text = config.style.color.fg.light + defaultOpacity;
text = config.style.color.fg.light + defaultOpacity;
};
};
} }

25
home/config/git/default.nix
View file

@ -1,14 +1,13 @@
{ secret, pkgs, ... }: { secret, pkgs, ... }: {
{ file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" { # credential.helper = "store";
# credential.helper = "store"; gpg.format = secret.crypto.sign.git.format;
gpg.format = secret.crypto.sign.git.format; gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed; init.defaultBranch = "main";
init.defaultBranch = "main"; pull.rebase = true;
pull.rebase = true; push.autoSetupRemote = true;
push.autoSetupRemote = true; rebase.autoStash = true;
rebase.autoStash = true; safe.directory = "*";
safe.directory = "*"; user.signingkey = builtins.readFile secret.crypto.sign.git.key;
user.signingkey = builtins.readFile secret.crypto.sign.git.key; };
};
} }

17
home/config/gtk/3/default.nix
View file

@ -1,10 +1,9 @@
{ ... }: { util, ... }:{
{ bookmarks = util.trimTabs ''
bookmarks = '' file:///storage
file:///storage file:///home/voronind/tmp
file:///home/voronind/tmp sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud
sftp://10.0.0.1:22143/storage/hot/docker/cloud/data/data/cakee/files/ home cloud sftp://10.0.0.1:22143/ home sftp
sftp://10.0.0.1:22143/ home sftp ftp://10.0.0.1/ home ftp
ftp://10.0.0.1/ home ftp '';
'';
} }

43
home/config/jetbrains/default.nix
View file

@ -1,27 +1,26 @@
{ ... }: { util, ... }: {
{ ideavimrc = util.trimTabs ''
ideavimrc = '' " Plugins.
" Plugins. Plug 'tpope/vim-commentary'
Plug 'tpope/vim-commentary' Plug 'machakann/vim-highlightedyank'
Plug 'machakann/vim-highlightedyank' " Plug 'junegunn/vim-easy-align'
" Plug 'junegunn/vim-easy-align'
" General config. " General config.
set scrolloff=4 set scrolloff=4
set incsearch set incsearch
set hlsearch set hlsearch
set clipboard=unnamedplus set clipboard=unnamedplus
set relativenumber set relativenumber
set number set number
" Space as a leader. " Space as a leader.
nnoremap <SPACE> <Nop> nnoremap <SPACE> <Nop>
let mapleader=" " let mapleader=" "
" Align. ISSUE: Broken. " Align. ISSUE: Broken.
" vmap <Leader>a <Plug>(EasyAlign) " vmap <Leader>a <Plug>(EasyAlign)
" Sort. " Sort.
vmap <Leader>A :sort<cr> vmap <Leader>A :sort<cr>
''; '';
} }

5
home/config/keyd/default.nix
View file

@ -1,4 +1,3 @@
{ util, ... }@args: { util, ... } @args: {
{ text = util.catFile (util.ls ./module) args;
text = util.catFile (util.ls ./module) args;
} }

63
home/config/keyd/module/DRG.nix
View file

@ -1,33 +1,32 @@
{ pkgs, ... }: { pkgs, ... }: {
{ file = (pkgs.formats.ini {}).generate "KeydDrgConfig" {
file = (pkgs.formats.ini { }).generate "KeydDrgConfig" { steam-app-548430 = {
steam-app-548430 = { "alt.1" = "macro(enter 10ms L e t ' s 10ms space d o 10ms space t h i s 10ms space T e x a s 10ms space s t y l e ! 10ms enter)";
"alt.1" = "macro(enter 10ms L e t ' s 10ms space d o 10ms space t h i s 10ms space T e x a s 10ms space s t y l e ! 10ms enter)"; "alt.2" = "macro(enter 10ms H e c k space y e s ! enter)";
"alt.2" = "macro(enter 10ms H e c k space y e s ! enter)"; "alt.3" = "macro(enter 10ms J u s t space a space s i d e - j o b space w h i l e 10ms space w a i t i n g space f o r space a space s e x space u p d a t e . enter)";
"alt.3" = "macro(enter 10ms J u s t space a space s i d e - j o b space w h i l e 10ms space w a i t i n g space f o r space a space s e x space u p d a t e . enter)"; "alt.4" = "macro(enter 10ms < 3 enter)";
"alt.4" = "macro(enter 10ms < 3 enter)"; "alt.[" = "macro(enter 10ms W h a t space i s space c r u n c h y 10ms space o n space t h e space o u t s i d e , 10ms space g o o e y space o n space 10ms t h e space i n s i d e ? enter)";
"alt.[" = "macro(enter 10ms W h a t space i s space c r u n c h y 10ms space o n space t h e space o u t s i d e , 10ms space g o o e y space o n space 10ms t h e space i n s i d e ? enter)"; "alt.]" = "macro(enter 10ms Q ' r o n a r space S h e l l b a c k ! enter)";
"alt.]" = "macro(enter 10ms Q ' r o n a r space S h e l l b a c k ! enter)"; "alt.a" = "macro(enter 10ms N o enter)";
"alt.a" = "macro(enter 10ms N o enter)"; "alt.b" = "macro(enter 10ms I ' m space b a c k enter)";
"alt.b" = "macro(enter 10ms I ' m space b a c k enter)"; "alt.c" = "macro(enter 10ms > space R i g h t enter)";
"alt.c" = "macro(enter 10ms > space R i g h t enter)"; "alt.d" = "macro(enter 10ms Y e s enter)";
"alt.d" = "macro(enter 10ms Y e s enter)"; "alt.e" = "macro(enter 10ms T h a n k s ! enter)";
"alt.e" = "macro(enter 10ms T h a n k s ! enter)"; "alt.f" = "macro(enter 10ms I space n e e d space h e l p ! enter)";
"alt.f" = "macro(enter 10ms I space n e e d space h e l p ! enter)"; "alt.g" = "macro(enter 10ms g g enter)";
"alt.g" = "macro(enter 10ms g g enter)"; "alt.j" = "macro(enter 10ms G o o d space j o b enter)";
"alt.j" = "macro(enter 10ms G o o d space j o b enter)"; "alt.k" = "macro(enter 10ms O k a y enter)";
"alt.k" = "macro(enter 10ms O k a y enter)"; "alt.l" = "macro(enter 10ms L e a f space l o v e r enter)";
"alt.l" = "macro(enter 10ms L e a f space l o v e r enter)"; "alt.m" = "macro(enter 10ms I space r e p l y space u s i n g space m a c r o s . 10ms space U s e space s o f t w a r e space l i k e space k e y d , 10ms space o r space b u y space a space Q M K space k e y b o a r d . enter)";
"alt.m" = "macro(enter 10ms I space r e p l y space u s i n g space m a c r o s . 10ms space U s e space s o f t w a r e space l i k e space k e y d , 10ms space o r space b u y space a space Q M K space k e y b o a r d . enter)"; "alt.q" = "macro(enter 10ms S o r r y ! enter)";
"alt.q" = "macro(enter 10ms S o r r y ! enter)"; "alt.r" = "macro(enter 10ms N e e d space m o r e space a m m o enter)";
"alt.r" = "macro(enter 10ms N e e d space m o r e space a m m o enter)"; "alt.s" = "macro(enter 10ms W a i t enter)";
"alt.s" = "macro(enter 10ms W a i t enter)"; "alt.t" = "macro(enter 10ms M a y space I space t a k e space e x t r a ? enter)";
"alt.t" = "macro(enter 10ms M a y space I space t a k e space e x t r a ? enter)"; "alt.v" = "macro(enter 10ms A F K enter)";
"alt.v" = "macro(enter 10ms A F K enter)"; "alt.w" = "macro(enter 10ms r enter)";
"alt.w" = "macro(enter 10ms r enter)"; "alt.x" = "macro(enter 10ms > space H e r e space < enter)";
"alt.x" = "macro(enter 10ms > space H e r e space < enter)"; "alt.z" = "macro(enter 10ms < space L e f t enter)";
"alt.z" = "macro(enter 10ms < space L e f t enter)"; leftshift = "timeout(leftcontrol, 150, leftshift)";
leftshift = "timeout(leftcontrol, 150, leftshift)"; };
}; };
};
} }

47
home/config/keyd/module/Firefox.nix
View file

@ -1,25 +1,24 @@
{ pkgs, ... }: { pkgs, ... }: {
{ file = (pkgs.formats.ini {}).generate "KeydFirefoxConfig" {
file = (pkgs.formats.ini { }).generate "KeydFirefoxConfig" { "firefox-esr" = {
"firefox-esr" = { "alt.capslock" = "C-t"; # New tab.
"alt.capslock" = "C-t"; # New tab. "alt.x" = "C-w"; # Close tab.
"alt.x" = "C-w"; # Close tab. "alt.u" = "C-S-t"; # Restore closed tab.
"alt.u" = "C-S-t"; # Restore closed tab. "alt.q" = "C-pageup"; # Prev tab.
"alt.q" = "C-pageup"; # Prev tab. "alt.e" = "C-pagedown"; # Next tab.
"alt.e" = "C-pagedown"; # Next tab. "alt.Q" = "C-S-pageup"; # Move tab left.
"alt.Q" = "C-S-pageup"; # Move tab left. "alt.E" = "C-S-pagedown"; # Move tab right.
"alt.E" = "C-S-pagedown"; # Move tab right. "alt.a" = "A-left"; # Go back.
"alt.a" = "A-left"; # Go back. "alt.d" = "A-right"; # Go forward.
"alt.d" = "A-right"; # Go forward. "alt.s" = "down"; # Scroll down.
"alt.s" = "down"; # Scroll down. "alt.w" = "up"; # Scroll up.
"alt.w" = "up"; # Scroll up. "alt.f" = "C-f"; # Find text.
"alt.f" = "C-f"; # Find text. "alt.N" = "S-f3"; # Find prev.
"alt.N" = "S-f3"; # Find prev. "alt.n" = "f3"; # Find next.
"alt.n" = "f3"; # Find next. "alt.space" = "f6"; # Focus address bar.
"alt.space" = "f6"; # Focus address bar. "alt.r" = "C-f5"; # Full refresh.
"alt.r" = "C-f5"; # Full refresh. "alt.l" = "A-S-a"; # Toggle dark mode.
"alt.l" = "A-S-a"; # Toggle dark mode. "alt.p" = "C-S-l"; # Fill password.
"alt.p" = "C-S-l"; # Fill password. };
}; };
};
} }

53
home/config/keyd/module/Jetbrains.nix
View file

@ -1,29 +1,28 @@
{ pkgs, ... }: { pkgs, ... }: {
{ file = (pkgs.formats.ini {}).generate "KeydJetbrainsConfig" {
file = (pkgs.formats.ini { }).generate "KeydJetbrainsConfig" { "jetbrains-*" = {
"jetbrains-*" = { "alt./" = "C-/"; # Toggle comment.
"alt./" = "C-/"; # Toggle comment. "alt.." = "C-f8"; # Toggle line breakpoint.
"alt.." = "C-f8"; # Toggle line breakpoint. "alt.=" = "C-A-l"; # Reformat.
"alt.=" = "C-A-l"; # Reformat. "alt.c" = "S-escape"; # Close panel.
"alt.c" = "S-escape"; # Close panel. "alt.capslock" = "C-A-S-insert"; # New scratch file.
"alt.capslock" = "C-A-S-insert"; # New scratch file. "alt.q" = "A-left"; # Prev tab.
"alt.q" = "A-left"; # Prev tab. "alt.e" = "A-right"; # Next tab.
"alt.e" = "A-right"; # Next tab. "alt.x" = "C-f4"; # Close tab.
"alt.x" = "C-f4"; # Close tab. "alt.f" = "C-S-f"; # Find text.
"alt.f" = "C-S-f"; # Find text. "alt.n" = "C-A-n"; # Find next.
"alt.n" = "C-A-n"; # Find next. "alt.g" = "macro(gd)"; # Go to definition.
"alt.g" = "macro(gd)"; # Go to definition. "alt.i" = "C-i"; # Implement.
"alt.i" = "C-i"; # Implement. "alt.o" = "C-o"; # Override.
"alt.o" = "C-o"; # Override. "alt.r" = "S-f10"; # Run.
"alt.r" = "S-f10"; # Run. "alt.z" = "C-f2"; # Stop app.
"alt.z" = "C-f2"; # Stop app. "alt.d" = "S-f9"; # Run debugger.
"alt.d" = "S-f9"; # Run debugger. "alt.a" = "C-A-5"; # Attach debugger.
"alt.a" = "C-A-5"; # Attach debugger. "alt.m" = "C-A-s"; # Settings.
"alt.m" = "C-A-s"; # Settings. "alt.v" = "C-q"; # Show doc under cursor.
"alt.v" = "C-q"; # Show doc under cursor. "alt.s" = "C-S-A-t"; # Refactor selection.
"alt.s" = "C-S-A-t"; # Refactor selection.
"alt.tab" = "timeout(f8, 150, macro2(0, 0, f7))"; # Tap to step over, hold to step into. "alt.tab" = "timeout(f8, 150, macro2(0, 0, f7))"; # Tap to step over, hold to step into.
}; };
}; };
} }

51
home/config/keyd/module/Nautilus.nix
View file

@ -1,27 +1,26 @@
{ pkgs, ... }: { pkgs, ... }: {
{ file = (pkgs.formats.ini {}).generate "KeydNautilusConfig" {
file = (pkgs.formats.ini { }).generate "KeydNautilusConfig" { "org-gnome-nautilus" = {
"org-gnome-nautilus" = { "alt.capslock" = "C-t"; # New tab.
"alt.capslock" = "C-t"; # New tab. "alt.t" = "C-n"; # New window.
"alt.t" = "C-n"; # New window. "alt.x" = "C-w"; # Close tab.
"alt.x" = "C-w"; # Close tab. "alt.u" = "C-S-t"; # Restore tab.
"alt.u" = "C-S-t"; # Restore tab. "alt.e" = "C-pagedown"; # Next tab.
"alt.e" = "C-pagedown"; # Next tab. "alt.q" = "C-pageup"; # Prev tab.
"alt.q" = "C-pageup"; # Prev tab. "alt.E" = "C-S-pagedown"; # Move tab next.
"alt.E" = "C-S-pagedown"; # Move tab next. "alt.Q" = "C-S-pageup"; # Move tab prev.
"alt.Q" = "C-S-pageup"; # Move tab prev. "alt.h" = "C-h"; # Toggle hidden files.
"alt.h" = "C-h"; # Toggle hidden files. "alt.1" = "C-1"; # List view.
"alt.1" = "C-1"; # List view. "alt.2" = "C-2"; # Grid view.
"alt.2" = "C-2"; # Grid view. "alt.b" = "A-up"; # Go back.
"alt.b" = "A-up"; # Go back. "alt.space" = "C-l"; # Focus location bar.
"alt.space" = "C-l"; # Focus location bar. "alt.i" = "C-S-i"; # Invert selection.
"alt.i" = "C-S-i"; # Invert selection. "alt.v" = "C-i"; # File info.
"alt.v" = "C-i"; # File info. "alt.d" = "C-S-delete"; # Delete file.
"alt.d" = "C-S-delete"; # Delete file. "alt.s" = "f2"; # Rename.
"alt.s" = "f2"; # Rename. "alt.a" = "C-S-n"; # Create dir.
"alt.a" = "C-S-n"; # Create dir. "alt.f" = "C-f"; # Search dir.
"alt.f" = "C-f"; # Search dir. "alt.r" = "f5"; # Refresh dir.
"alt.r" = "f5"; # Refresh dir. };
}; };
};
} }

46
home/config/mako/default.nix
View file

@ -1,26 +1,24 @@
{ pkgs, config, ... }: { pkgs, config, ... }: let
let alpha = config.style.opacity.hex;
alpha = config.style.opacity.hex; in {
in file = (pkgs.formats.iniWithGlobalSection {}).generate "MakoConfig" {
{ globalSection = {
file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" { anchor = "top-center";
globalSection = { background-color = "#${config.style.color.bg.dark}${alpha}";
anchor = "top-center"; border-color = "#${config.style.color.border}${alpha}";
background-color = "#${config.style.color.bg.dark}${alpha}"; default-timeout = 10000;
border-color = "#${config.style.color.border}${alpha}"; font = "${config.style.font.serif.name} ${toString config.style.font.size.popup}";
default-timeout = 10000; height = 120;
font = "${config.style.font.serif.name} ${toString config.style.font.size.popup}"; icons = 0;
height = 120; margin = 32;
icons = 0; text-color = "#${config.style.color.fg.light}";
margin = 32; width = 480;
text-color = "#${config.style.color.fg.light}"; };
width = 480;
};
sections = { sections = {
"mode=dnd" = { "mode=dnd" = {
invisible = 1; invisible = 1;
}; };
}; };
}; };
} }

81
home/config/mangohud/default.nix
View file

@ -1,45 +1,44 @@
{ pkgs, ... }: { pkgs, ... }: {
{ config = (pkgs.formats.iniWithGlobalSection {}).generate "MangoConfig" {
config = (pkgs.formats.iniWithGlobalSection { }).generate "MangoConfig" { globalSection = {
globalSection = { blacklist = "example";
blacklist = "example"; fps_sampling_period = 1000;
fps_sampling_period = 1000; frame_timing = 0;
frame_timing = 0; preset = "0,1,2";
preset = "0,1,2"; toggle_logging = "F2";
toggle_logging = "F2"; toggle_preset = "F1";
toggle_preset = "F1"; };
}; };
};
presets = (pkgs.formats.ini { }).generate "MangoPresets" { presets = (pkgs.formats.ini {}).generate "MangoPresets" {
"preset 0" = { "preset 0" = {
no_display = 1; no_display = 1;
}; };
"preset 1" = { "preset 1" = {
alpha = 1.0; alpha = 1.0;
arch = 0; arch = 0;
background_alpha = 0.5; background_alpha = 0.5;
battery = 1; battery = 1;
battery_time = 1; battery_time = 1;
benchmark_percentiles = 0; benchmark_percentiles = 0;
cpu_temp = 1; cpu_temp = 1;
device_battery = "gamepad,mouse"; device_battery = "gamepad,mouse";
font_size = 12; font_size = 12;
fps_sampling_period = 1000; fps_sampling_period = 1000;
gpu_junction_temp = 0; gpu_junction_temp = 0;
gpu_mem_temp = 1; gpu_mem_temp = 1;
gpu_temp = 1; gpu_temp = 1;
hud_no_margin = 1; hud_no_margin = 1;
ram = 1; ram = 1;
swap = 1; swap = 1;
throttling_status = 1; throttling_status = 1;
time = 1; time = 1;
vram = 1; vram = 1;
}; };
"preset 2" = { "preset 2" = {
full = 1; full = 1;
}; };
}; };
} }

166
home/config/nvim/default.nix
View file

@ -1,91 +1,83 @@
{ { inputs, pkgs, util, ... } @args: let
inputs, # Create Neovim configuration.
pkgs, nvimRc = { runtimes, configs }: let
util, # Plugin paths to install.
... runtimeRc = util.trimTabs (builtins.foldl' (acc: r:
}@args: acc + "set runtimepath+=${r}\n"
let ) "" runtimes);
# Create Neovim configuration.
nvimRc =
{ runtimes, configs }:
let
# Plugin paths to install.
runtimeRc = builtins.foldl' (acc: r: acc + "set runtimepath+=${r}\n") "" runtimes;
# My configuration files combined into one big file. # My configuration files combined into one big file.
config = pkgs.writeText "nvimRc" (util.catText configs args); config = pkgs.writeText "nvimRc" (util.catText configs args);
# Tell Neovim to load this file. # Tell Neovim to load this file.
configRc = "lua dofile(\"${config}\")"; configRc = "lua dofile(\"${config}\")";
in in runtimeRc + configRc;
runtimeRc + configRc; in {
in text = nvimRc {
{ runtimes = [
text = nvimRc { "~/.cache/nvim"
runtimes = [ "~/.cache/nvim/treesitter"
"~/.cache/nvim" "${inputs.nvimAlign}"
"~/.cache/nvim/treesitter" "${inputs.nvimAutoclose}"
"${inputs.nvimAlign}" "${inputs.nvimBufferline}"
"${inputs.nvimAutoclose}" "${inputs.nvimCloseBuffers}"
"${inputs.nvimBufferline}" "${inputs.nvimColorizer}"
"${inputs.nvimCloseBuffers}" "${inputs.nvimDevicons}"
"${inputs.nvimColorizer}" "${inputs.nvimGitsigns}"
"${inputs.nvimDevicons}" "${inputs.nvimGruvboxMaterial}"
"${inputs.nvimGitsigns}" "${inputs.nvimIndentoMatic}"
"${inputs.nvimGruvboxMaterial}" "${inputs.nvimLspconfig}"
"${inputs.nvimIndentoMatic}" "${inputs.nvimOllama}"
"${inputs.nvimLspconfig}" "${inputs.nvimPlenary}"
"${inputs.nvimOllama}" "${inputs.nvimTelescope}"
"${inputs.nvimPlenary}" "${inputs.nvimTodo}"
"${inputs.nvimTelescope}" "${inputs.nvimTreesitter}"
"${inputs.nvimTodo}" "${inputs.nvimTree}"
"${inputs.nvimTreesitter}" "${inputs.nvimTrouble}"
"${inputs.nvimTree}" ];
"${inputs.nvimTrouble}"
];
configs = [ configs = [
./module/key/Rekey.nix ./module/key/Rekey.nix
./module/key/Leader.nix ./module/key/Leader.nix
./module/config/Autoread.nix ./module/config/Autoread.nix
./module/config/Etc.nix ./module/config/Etc.nix
./module/config/Search.nix ./module/config/Search.nix
./module/config/Tab.nix ./module/config/Tab.nix
./module/config/Highlight.nix ./module/config/Highlight.nix
./module/plugin/Filetree.nix ./module/plugin/Filetree.nix
./module/plugin/Gruvbox.nix ./module/plugin/Gruvbox.nix
./module/plugin/Bufferline.nix ./module/plugin/Bufferline.nix
./module/plugin/Autoclose.nix ./module/plugin/Autoclose.nix
./module/plugin/Gitsigns.nix ./module/plugin/Gitsigns.nix
./module/plugin/Trouble.nix ./module/plugin/Trouble.nix
./module/plugin/Closebuffers.nix ./module/plugin/Closebuffers.nix
./module/plugin/Telescope.nix ./module/plugin/Telescope.nix
./module/plugin/Todo.nix ./module/plugin/Todo.nix
./module/plugin/Indent.nix ./module/plugin/Indent.nix
./module/plugin/Align.nix ./module/plugin/Align.nix
./module/plugin/Treesitter.nix ./module/plugin/Treesitter.nix
./module/plugin/Fold.nix ./module/plugin/Fold.nix
./module/plugin/Ollama.nix ./module/plugin/Ollama.nix
./module/plugin/Colorizer.nix ./module/plugin/Colorizer.nix
./module/plugin/lsp/Haskell.nix ./module/plugin/lsp/Haskell.nix
./module/plugin/lsp/Rust.nix ./module/plugin/lsp/Rust.nix
./module/plugin/lsp/Tex.nix ./module/plugin/lsp/Tex.nix
./module/plugin/lsp/Nix.nix ./module/plugin/lsp/Nix.nix
./module/key/Autocomplete.nix ./module/key/Autocomplete.nix
./module/key/Buffer.nix ./module/key/Buffer.nix
./module/key/Cmd.nix ./module/key/Cmd.nix
./module/key/Colorscheme.nix ./module/key/Colorscheme.nix
./module/key/Comment.nix ./module/key/Comment.nix
./module/key/Filetree.nix ./module/key/Filetree.nix
./module/key/Gitsigns.nix ./module/key/Gitsigns.nix
./module/key/Navigation.nix ./module/key/Navigation.nix
./module/key/Ollama.nix ./module/key/Ollama.nix
./module/key/Save.nix ./module/key/Save.nix
./module/key/Sort.nix ./module/key/Sort.nix
./module/key/TabWidth.nix ./module/key/TabWidth.nix
./module/key/Telescope.nix ./module/key/Telescope.nix
./module/key/Terminal.nix ./module/key/Terminal.nix
./module/key/Trouble.nix ./module/key/Trouble.nix
]; ];
}; };
} }

17
home/config/nvim/module/config/Autoread.nix
View file

@ -1,10 +1,9 @@
{ ... }: { ... }: {
{ text = ''
text = '' vim.o.autoread = true
vim.o.autoread = true vim.api.nvim_create_autocmd({ "BufEnter", "CursorHold", "CursorHoldI", "FocusGained" }, {
vim.api.nvim_create_autocmd({ "BufEnter", "CursorHold", "CursorHoldI", "FocusGained" }, { command = "if mode() != 'c' | checktime | endif",
command = "if mode() != 'c' | checktime | endif", pattern = { "*" },
pattern = { "*" }, })
}) '';
'';
} }

59
home/config/nvim/module/config/Etc.nix
View file

@ -1,37 +1,36 @@
{ ... }: { ... }: {
{ text = ''
text = '' -- TODO: Add comments and separate files.
-- TODO: Add comments and separate files. vim.opt.clipboard = "unnamedplus"
vim.opt.clipboard = "unnamedplus" vim.opt.cursorline = false
vim.opt.cursorline = false vim.opt.fixeol = false
vim.opt.fixeol = false vim.opt.incsearch = true
vim.opt.incsearch = true vim.opt.number = true
vim.opt.number = true vim.opt.scrolloff = 4
vim.opt.scrolloff = 4 vim.opt.splitbelow = true
vim.opt.splitbelow = true vim.opt.splitright = true
vim.opt.splitright = true vim.opt.termguicolors = true
vim.opt.termguicolors = true vim.opt.ttyfast = true
vim.opt.ttyfast = true vim.opt.wildmode = "longest,list"
vim.opt.wildmode = "longest,list" -- vim.opt.completeopt = "menuone,noselect"
-- vim.opt.completeopt = "menuone,noselect"
-- Disable continuing comments on newline. -- Disable continuing comments on newline.
vim.cmd("autocmd BufEnter * set fo-=c fo-=r fo-=o") vim.cmd("autocmd BufEnter * set fo-=c fo-=r fo-=o")
-- Disable mouse. -- Disable mouse.
vim.cmd("set mouse=") vim.cmd("set mouse=")
-- Disable signs for diagnostics. -- Disable signs for diagnostics.
vim.diagnostic.config({ signs = false }) vim.diagnostic.config({ signs = false })
-- Display invisible characters. -- Display invisible characters.
-- vim.cmd("set list listchars=tab:>\\ ,trail:-,eol:,lead:.") -- vim.cmd("set list listchars=tab:>\\ ,trail:-,eol:,lead:.")
vim.cmd("set list listchars=tab:>\\ ,trail:-,lead:.") vim.cmd("set list listchars=tab:>\\ ,trail:-,lead:.")
-- Relative line numbers. -- Relative line numbers.
vim.wo.relativenumber = true vim.wo.relativenumber = true
-- Disable swap files. -- Disable swap files.
vim.opt.swapfile = false vim.opt.swapfile = false
''; '';
} }

61
home/config/nvim/module/config/Highlight.nix
View file

@ -1,44 +1,27 @@
{ config, lib, ... }: { config, lib, ... }: let
let color = config.style.color;
color = config.style.color;
mkHighlight = mkHighlight = name: value: ''vim.api.nvim_set_hl(0, "${name}", ${lib.generators.toLua { multiline = false; asBindings = false; } value})'';
name: value:
''vim.api.nvim_set_hl(0, "${name}", ${
lib.generators.toLua {
multiline = false;
asBindings = false;
} value
})'';
bg = { bg = { bg = "#${color.bg.regular}"; };
bg = "#${color.bg.regular}"; selection = { bg = "#${color.selection}"; fg = "#${color.fg.dark}"; bold = true; };
}; transparent = { bg = lib.generators.mkLuaInline "clear"; };
selection = { in {
bg = "#${color.selection}"; text = ''
fg = "#${color.fg.dark}"; vim.api.nvim_create_autocmd({"ColorScheme", "VimEnter"}, {
bold = true; group = vim.api.nvim_create_augroup('Color', {}),
}; pattern = "*",
transparent = { callback = function ()
bg = lib.generators.mkLuaInline "clear"; -- Backgrounds.
}; ${mkHighlight "CursorLine" bg}
in ${mkHighlight "TelescopeSelection" bg}
{
text = ''
vim.api.nvim_create_autocmd({"ColorScheme", "VimEnter"}, {
group = vim.api.nvim_create_augroup('Color', {}),
pattern = "*",
callback = function ()
-- Backgrounds.
${mkHighlight "CursorLine" bg}
${mkHighlight "TelescopeSelection" bg}
-- Selection. -- Selection.
${mkHighlight "Visual" selection} ${mkHighlight "Visual" selection}
-- Transparent. -- Transparent.
${mkHighlight "NormalFloat" transparent} ${mkHighlight "NormalFloat" transparent}
end end
}) })
''; '';
} }

17
home/config/nvim/module/config/Search.nix
View file

@ -1,10 +1,9 @@
{ ... }: { ... }: {
{ text = ''
text = '' vim.opt.hlsearch = true
vim.opt.hlsearch = true vim.opt.ignorecase = true
vim.opt.ignorecase = true vim.opt.incsearch = true
vim.opt.incsearch = true vim.opt.showmatch = true
vim.opt.showmatch = true vim.opt.smartcase = true
vim.opt.smartcase = true '';
'';
} }

28
home/config/nvim/module/config/Tab.nix
View file

@ -1,17 +1,15 @@
{ ... }: { ... }: let
let indentDefault = 2;
indentDefault = 2; in {
in text = ''
{ vim.opt.autoindent = true
text = '' vim.opt.expandtab = false
vim.opt.autoindent = true -- vim.opt.smartindent = true
vim.opt.expandtab = false vim.opt.shiftwidth = ${toString indentDefault}
-- vim.opt.smartindent = true vim.opt.softtabstop = ${toString indentDefault}
vim.opt.shiftwidth = ${toString indentDefault} vim.opt.tabstop = ${toString indentDefault}
vim.opt.softtabstop = ${toString indentDefault}
vim.opt.tabstop = ${toString indentDefault}
-- Disable Markdown forced formatting. -- Disable Markdown forced formatting.
vim.g.markdown_recommended_style = 0 vim.g.markdown_recommended_style = 0
''; '';
} }

15
home/config/nvim/module/key/Autocomplete.nix
View file

@ -1,10 +1,9 @@
{ ... }: { ... }: {
{ text = ''
text = '' -- Autocomplete.
-- Autocomplete. rekey_input("<C-space>", "<C-n>")
rekey_input("<C-space>", "<C-n>")
-- LSP autocomplete. -- LSP autocomplete.
rekey_normal("<C-space>", "<cmd>lua vim.lsp.buf.code_action()<cr>") rekey_normal("<C-space>", "<cmd>lua vim.lsp.buf.code_action()<cr>")
''; '';
} }

Some files were not shown because too many files have changed in this diff Show more