voronind/nix
0
0
Fork 0
Code Issues 39 Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: voronind:main
Branches Tags
voronind:main
voronind:HEAD
voronind:dev
..
compare: voronind:dev
Branches Tags
voronind:main
voronind:HEAD
voronind:dev

1 commit
main ... dev

Author SHA1 Message Date
Dmitry Voronin 540aae3e58 WIP Chat: Add Mattermost container. 2024-10-21 14:32:24 +03:00
14 changed files with 87 additions and 231 deletions
Show stats Expand all files Collapse all files

2
Makefile
View file

@ -7,6 +7,8 @@ help:
android: android:
nix-on-droid switch --flake $(flake) nix-on-droid switch --flake $(flake)
cp ~/.termux/_font.ttf ~/.termux/font.ttf
cp ~/.termux/_colors.properties ~/.termux/colors.properties
cp ~/.Wallpaper /sdcard/Download/Wallpaper.jpg cp ~/.Wallpaper /sdcard/Download/Wallpaper.jpg
cp ~/.Wallpaper /sdcard/Download/Wallpaper.png cp ~/.Wallpaper /sdcard/Download/Wallpaper.png

4
config/Wallpaper.nix
View file

@ -1,8 +1,8 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
with lib; with lib;
let let
url = "https://i.imgur.com/UpyYtT3.jpeg"; url = "https://i.imgur.com/9l6Ywcm.jpeg";
sha256 = "1dilvn5ls34d5855d1h6k12x9mbdhawd91dl9z5v91ndpbjhip5r"; sha256 = "1fncihr63niq6l2llgbhhid24a11vr3q091yya497xld3mldfdan";
forceContrastText = false; forceContrastText = false;
in in
{ {

46
container/Chat.nix
View file

@ -2,12 +2,10 @@
container, container,
lib, lib,
config, config,
pkgs,
... ...
}: }:
let let
cfg = config.container.module.chat; cfg = config.container.module.chat;
db = config.container.module.postgres;
in in
{ {
options = { options = {
@ -18,7 +16,7 @@ in
type = lib.types.str; type = lib.types.str;
}; };
port = lib.mkOption { port = lib.mkOption {
default = 8065; default = 80;
type = lib.types.int; type = lib.types.int;
}; };
domain = lib.mkOption { domain = lib.mkOption {
@ -38,43 +36,21 @@ in
containers.chat = container.mkContainer cfg { containers.chat = container.mkContainer cfg {
bindMounts = { bindMounts = {
"/var/lib/mattermost" = { # "/var/lib/changedetection-io" = {
hostPath = "${cfg.storage}/data"; # hostPath = "${cfg.storage}/data";
isReadOnly = false; # isReadOnly = false;
}; # };
}; };
config = config =
{ ... }: { ... }:
container.mkContainerConfig cfg { container.mkContainerConfig cfg {
services.mattermost = { # services.changedetection-io = {
enable = true; # enable = true;
listenAddress = ":${toString cfg.port}"; # baseURL = cfg.domain;
localDatabaseCreate = false; # behindProxy = true;
mutableConfig = false; # listenAddress = cfg.address;
package = pkgs.mattermost; # };
siteName = "Chat";
siteUrl = "https://${cfg.domain}";
statePath = "/var/lib/mattermost";
plugins =
let
calls =
let
version = "1.2.0";
in
pkgs.fetchurl {
url = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz";
hash = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA=";
};
in
[ calls ];
extraConfig = {
SqlSettings = {
DataSource = "postgres://mattermost:any@${db.address}:${toString db.port}/mattermost?sslmode=disable&connect_timeout=10";
DriverName = "postgres";
};
};
};
}; };
}; };
}; };

123
container/Dns.nix
View file

@ -3,109 +3,100 @@
pkgs, pkgs,
lib, lib,
config, config,
util,
... ...
}: }@args:
with lib;
let let
cfg = config.container.module.dns; cfg = config.container.module.dns;
in in
{ {
options = { options = {
container.module.dns = { container.module.dns = {
enable = lib.mkEnableOption "the DNS server."; enable = mkEnableOption "Dns server.";
address = lib.mkOption { address = mkOption {
default = "10.1.0.6"; default = "10.1.0.6";
type = lib.types.str; type = types.str;
}; };
port = lib.mkOption { port = mkOption {
default = 53; default = 53;
type = lib.types.int; type = types.int;
}; };
}; };
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
containers.dns = container.mkContainer cfg { containers.dns = container.mkContainer cfg {
config = config =
{ ... }: { ... }:
container.mkContainerConfig cfg { container.mkContainerConfig cfg {
environment.systemPackages = [ pkgs.cloudflared ]; environment.systemPackages = [ pkgs.cloudflared ];
# systemd.services.cloudflared = { systemd.services.cloudflared = {
# description = "Cloudflare DoH server."; description = "Cloudflare DoH server.";
# enable = true; enable = true;
# wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# serviceConfig = { serviceConfig = {
# Type = "simple"; Type = "simple";
# ExecStart = "${lib.getExe pkgs.cloudflared} proxy-dns --port 5054"; ExecStart = "${getExe pkgs.cloudflared} proxy-dns --port 5054";
# }; };
# }; };
services.blocky = { services.blocky = {
enable = true; enable = true;
# SRC: https://0xerr0r.github.io/blocky/main/configuration/
settings = { settings = {
bootstrapDns = "tcp+udp:1.1.1.1"; upstream = {
connectIPVersion = "v4"; default = [
upstreams.groups = { "0.0.0.0:5054"
default = [ "https://dns.quad9.net/dns-query" ]; "0.0.0.0:5054"
}; ];
caching = {
maxItemsCount = 100000;
maxTime = "30m";
minTime = "5m";
prefetchExpires = "2h";
prefetchMaxItemsCount = 100000;
prefetchThreshold = 5;
prefetching = true;
}; };
blocking = { blocking = {
blockTTL = "1m"; blackLists = {
blockType = "zeroIP";
loading = {
refreshPeriod = "1h";
strategy = "blocking";
downloads = {
timeout = "5m";
attempts = 3;
cooldown = "10s";
};
};
# SRC: https://oisd.nl
# SRC: https://v.firebog.net
denylists = {
suspicious = [ suspicious = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt" "https://v.firebog.net/hosts/static/w3kbl.txt"
]; ];
ads = [ ads = [
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" "https://easylist-downloads.adblockplus.org/bitblock.txt"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts" "https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt" "https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt" "https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt" "https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://github.com/easylist/ruadlist/blob/master/advblock/adservers.txt"
]; ];
tracking = [ tracking = [
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
"https://v.firebog.net/hosts/Easyprivacy.txt" "https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt" "https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
]; ];
malicious = [ malicious = [
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt" "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt" "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://phishing.army/download/phishing_army_blocklist_extended.txt" "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://urlhaus.abuse.ch/downloads/hostfile/"
"https://v.firebog.net/hosts/Prigent-Crypto.txt" "https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://v.firebog.net/hosts/Prigent-Malware.txt" "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
]; "https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
other = [ "https://phishing.army/download/phishing_army_blocklist_extended.txt"
"https://big.oisd.nl/domainswild" "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser" "https://v.firebog.net/hosts/RPiList-Malware.txt"
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
"https://urlhaus.abuse.ch/downloads/hostfile/"
]; ];
other = [ "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser" ];
}; };
# allowlists = { # whiteLists = {
# other = [ # other = [
# "/.*.vk.com/" # "/.*.vk.com/"
# ]; # ];
@ -123,18 +114,20 @@ in
customDNS = { customDNS = {
mapping = mapping =
let let
block = host: { ${host} = "0.0.0.0"; }; block = "0.0.0.0";
in in
{ {
# All subdomains to current host. # All subdomains to current host.
# ${config.container.domain} = config.container.host; # ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1"; "voronind.com" = "10.0.0.1";
}
// block "gosuslugi.ru" # Blocklist.
// block "rutube.ru" "gosuslugi.ru" = block;
// block "vk.com"; "rutube.ru" = block;
"vk.com" = block;
};
}; };
ports.dns = cfg.port; port = cfg.port;
# httpPort = "80"; # httpPort = "80";
}; };
}; };

1
container/Postgres.nix
View file

@ -48,7 +48,6 @@ in
configurations = with config.container.module; { configurations = with config.container.module; {
forgejo = git; forgejo = git;
invidious = yt; invidious = yt;
mattermost = chat;
nextcloud = cloud; nextcloud = cloud;
onlyoffice = office; onlyoffice = office;
paperless = paper; paperless = paper;

28
container/proxy/host/Chat.nix
View file

@ -1,28 +0,0 @@
{ config, container, ... }:
let
cfg = config.container.module.chat;
name = "chat";
in
{
${cfg.domain} = container.mkServer {
extraConfig = ''
listen 443 ssl;
set ''$${name} ${cfg.address}:${toString cfg.port};
location / {
allow ${config.container.localAccess};
allow ${config.container.module.status.address};
allow ${config.container.module.vpn.address};
allow ${config.container.module.frkn.address};
deny all;
proxy_pass http://''$${name}$request_uri;
}
ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

14
home/Android.nix
View file

@ -27,19 +27,17 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.packages = package.core;
time.timeZone = const.timeZone; time.timeZone = const.timeZone;
environment.packages = package.core;
terminal = {
inherit (android) font colors;
};
home-manager.config = stylix // { home-manager.config = stylix // {
imports = [ inputs.stylix.homeManagerModules.stylix ]; imports = [ inputs.stylix.homeManagerModules.stylix ];
home = { home = {
file = import ./config args;
sessionVariables = import ./variable args;
stateVersion = const.droidStateVersion; stateVersion = const.droidStateVersion;
sessionVariables = import ./variable args;
file = (import ./config args) // {
".termux/_font.ttf".source = android.font;
".termux/_colors.properties".text = android.colors;
};
}; };
programs = import ./program args; programs = import ./program args;
}; };

9
home/android/default.nix
View file

@ -6,9 +6,8 @@
}/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out }/share/fonts/truetype/NerdFonts/TerminessNerdFontMono-Regular.ttf $out
''; '';
colors = with config.style.color; { colors = ''
background = "#${bg.dark}"; background=#${config.style.color.bg.dark}
cursor = "#${fg.light}"; foreground=#${config.style.color.fg.light}
foreground = "#${fg.light}"; '';
};
} }

3
home/config/keyd/module/Disable.nix
View file

@ -1,8 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
let let
apps = [ apps = [
"gimp" "*|gnu-image-manipulation-program"
"gimp-*"
"steam-proton" "steam-proton"
]; ];

6
home/config/sway/module/ScratchPad.nix
View file

@ -45,11 +45,5 @@
move scratchpad move scratchpad
scratchpad show scratchpad show
} }
# JamesDsp.
for_window [title="JamesDSP for Linux"] {
move scratchpad
scratchpad show
}
''; '';
} }

19
home/program/bash/module/Gpg.nix
View file

@ -73,24 +73,5 @@
_iterate_targets process ''${targets[@]} _iterate_targets process ''${targets[@]}
} }
# Find user keys using keyservers.
# Usage: gpg_find <EMAIL>
function gpg_find() {
local email="''${1}"
if [[ "''${email}" = "" ]]; then
help gpg_find
return 2
fi
gpg --locate-keys "''${email}" \
|| gpg --locate-keys --auto-key-locate hkps://keys.openpgp.org "''${email}"
}
# Update keys.
function gpg_refresh() {
gpg --refresh-keys
}
''; '';
} }

13
home/program/bash/module/Nix.nix
View file

@ -47,18 +47,5 @@
SHELL_NAME="''${pkg}" NIXPKGS_ALLOW_UNFREE=1 nix shell --impure github:NixOS/nixpkgs/''${rev}#''${pkg} -c ''${cmd} SHELL_NAME="''${pkg}" NIXPKGS_ALLOW_UNFREE=1 nix shell --impure github:NixOS/nixpkgs/''${rev}#''${pkg} -c ''${cmd}
} }
# Prefetch to nix store.
# Usage: prefetch <URL>
function prefetch() {
local url="''${1}"
if [[ "''${url}" = "" ]]; then
help prefetch
return 2
fi
nix hash to-sri --type sha256 $(nix-prefetch-url "''${url}")
}
''; '';
} }

5
home/program/default.nix
View file

@ -8,11 +8,6 @@ in
gpg = { gpg = {
enable = true; enable = true;
inherit (secret.crypto) publicKeys; inherit (secret.crypto) publicKeys;
mutableKeys = true;
mutableTrust = true;
settings = {
keyserver = "hkps://keys.openpgp.org";
};
}; };
firefox = import ./firefox args; firefox = import ./firefox args;

45
home/program/firefox/default.nix
View file

@ -150,59 +150,20 @@ in
installation_mode = "blocked"; installation_mode = "blocked";
}; };
} // extensions; } // extensions;
# NOTE: `firefox-esr` edition is required to change search engines. # NOTE: `firefox-esr` edition is required to change default search engine.
SearchEngines = { SearchEngines = {
Default = "Searx"; Default = "Searx";
PreventInstalls = true;
Add = [ Add = [
{ {
Alias = "s"; Alias = "s";
Description = "SearX"; Description = "Searx Search";
IconURL = "https://search.voronind.com/favicon.ico"; IconURL = "https://search.voronind.com/favicon.ico";
Method = "POST"; Method = "POST";
Name = "Searx"; Name = "Searx";
PostData = "q={searchTerms}"; PostData = "q={searchTerms}";
# SuggestURLTemplate = "https://search.voronind.com/autocomplete?q={searchTerms}"; # SuggestURLTemplate = "https://search.voronind.com/autocomplete?q={searchTerms}";
URLTemplate = "https://search.voronind.com/search?q={searchTerms}"; URLTemplate = "https://search.voronind.com/search?q=%{searchTerms}";
} }
{
Alias = "ru";
Description = "RuTracker";
IconURL = "https://rutracker.org/favicon.ico";
Method = "GET";
Name = "RuTracker";
URLTemplate = "https://rutracker.org/forum/tracker.php?nm={searchTerms}";
}
{
Alias = "re";
Description = "Reddit";
IconURL = "https://www.reddit.com/favicon.ico";
Method = "GET";
Name = "Reddit";
URLTemplate = "https://www.reddit.com/search/?q={searchTerms}";
}
{
Alias = "no";
Description = "NixOS Option";
IconURL = "https://search.nixos.org/favicon.ico";
Method = "GET";
Name = "NixOS Option";
URLTemplate = "https://search.nixos.org/options?query={searchTerms}";
}
{
Alias = "np";
Description = "NixOS Package";
IconURL = "https://search.nixos.org/favicon.ico";
Method = "GET";
Name = "NixOS Package";
URLTemplate = "https://search.nixos.org/packages?query={searchTerms}";
}
];
Remove = [
"Bing"
"DuckDuckGo"
"Google"
"Wikipedia (en)"
]; ];
}; };
}; };