qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Aaron Bieber 2023-09-01 09:30:03 -06:00
commit 91544b0b5b
No known key found for this signature in database
66 changed files with 2145 additions and 509 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
readme.org → README.md
View File

@ -1,4 +1,7 @@
#+TITLE: xin
xin
===
Ever growing nix configuration. It started as a single host and has eventually
consumed more and more machines in my environment!
![xin](./xintray-logo.png)

19
bin/ci
View File

@ -2,6 +2,11 @@
. ./common.sh
if [ -f ./lock ]; then
msg "${SCRIPT_NAME} locked..."
exit 0
fi
direnv allow
CMD=${1:-""}
@ -49,14 +54,22 @@ if [ "${1}" = "update" ]; then
continue
fi
current_hash="$(git rev-parse HEAD)"
if ! nix flake lock --commit-lock-file --update-input "$inp"; then
handle_update_fail "$inp"
continue
fi
if ! nix flake check --print-build-logs; then
handle_update_check_fail "$inp"
continue
maybe_new_hash="$(git rev-parse HEAD)"
if [ "${current_hash}" != "${maybe_new_hash}" ]; then
if ! nix flake check --print-build-logs; then
handle_update_check_fail "$inp"
continue
fi
else
msg "No change in input, skipping checks."
fi
if ! git checkout "${ci_branch}"; then

2
bin/fmt
View File

@ -2,7 +2,7 @@
set -e
find . -name \*.nix -exec nix fmt {} \+
find . -name \*.nix -exec nix fmt -- -q {} \+
find . -name \*.sh -exec shfmt -w {} \+
deadnix -f .

18
bin/update-openssh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh
ATOM="$(curl -s https://github.com/openssh/openssh-portable/commits/master.atom)"
CURRENT="$(cat pkgs/openssh/version.json)"
COMMIT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].id' | awk -F/ '{print $NF}')"
COMMENT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].title')"
UPDATED="$(echo $ATOM | dasel -rxml 'feed.entry.[0].updated' | awk -FT '{print $1}')"
CURRENT_COMMIT="$(echo $CURRENT | jq -r .rev)"
if [ "${CURRENT_COMMIT}" != "${COMMIT}" ]; then
nix-prefetch-github openssh openssh-portable \
-rev "${COMMIT}" \
--json > pkgs/openssh/version.json
else
echo "No updates."
fi

2
bins/default.nix
View File

@ -18,9 +18,11 @@
inherit gosignify;
inherit (pkgs) curl;
});
genPatches = pkgs.callPackage ./gen-patches.nix {};
in {
environment.systemPackages = with pkgs; [
checkRestart
genPatches
ix
sfetch
tstart

55
bins/gen-patches.nix Normal file
View File

@ -0,0 +1,55 @@
{
writeShellApplication,
diffutils,
findutils,
coreutils,
...
}: let
genPatches = writeShellApplication {
name = "gen-patches";
runtimeInputs = [diffutils findutils coreutils];
text = ''
suffix=".orig"
srcdir=$PWD
output="$PWD/patches"
usage() {
echo "Usage: $0 [-s suffix (default .orig)] [-d source directory (default PWD)] [-o output directory (default PWD/patches)]" 1>&2;
exit 1;
}
while getopts "d:ho:s:" arg; do
case $arg in
d)
srcdir=$OPTARG
;;
h)
usage
;;
s)
suffix=$OPTARG
;;
o)
output=$OPTARG
;;
*)
usage
esac
done
mkdir -p "$output"
# hold my be er!
# shellcheck disable=SC2044
for patch in $(find "$srcdir" -name "*$suffix"); do
fname=$(basename "$patch" "$suffix")
dname=$(dirname "$patch")
file="$dname/$fname"
outfile="$(echo "$dname/$fname" | sed 's;/;_;g').diff"
diff -u "$patch" "$file" > "$output/$outfile" || \
echo "==> Created patch: $output/$outfile"
done
'';
};
in
genPatches

7
bins/xin-status.nix
View File

@ -7,12 +7,17 @@
use strict;
use warnings;
use Data::Dumper;
use MIME::Base64;
use lib "${perlPackages.JSON}/${perl.libPrefix}/${perl.version}/";
use JSON qw{ decode_json encode_json };
my $info = decode_json(`nixos-version --json`);
$info->{needs_restart} = system('check-restart >/dev/null') == 0 ? JSON::false : JSON::true;
my $sys_diff = `nix store diff-closures /run/booted-system /run/current-system`;
$sys_diff =~ s/\e\[[0-9;]*m(?:\e\[K)?//g;
$info->{system_diff} = encode_base64($sys_diff);
print encode_json $info;
''

3
configs/ci.nix
View File

@ -6,6 +6,7 @@
xinlib,
...
}: let
inherit (xinlib) prIsOpen;
jobs = [
{
name = "xin-ci-update";
@ -105,6 +106,6 @@ in
#};
};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
};
}

12
configs/colemak.nix
View File

@ -20,7 +20,17 @@ with lib; {
services.xserver = {
layout = "us";
xkbVariant = "colemak";
xkbOptions = "ctrl:swapcaps";
xkbOptions = "ctrl:swapcaps,compose:ralt";
inputClassSections = [
''
Identifier "precursor"
MatchIsKeyboard "on"
MatchProduct "Precursor"
MatchVendor "Kosagi"
Option "XkbLayout" "us"
Option "XkbVariant" "basic"
''
];
};
};
}

1
configs/default.nix
View File

@ -3,7 +3,6 @@
./ca.nix
./ci.nix
./colemak.nix
./develop.nix
./dns.nix
./doas.nix
./git.nix

20
configs/develop.nix
View File

@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; {
options = {
jetbrains = {enable = mkEnableOption "Install JetBrains editors";};
};
config = mkMerge [
(mkIf config.jetbrains.enable {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) ["idea-ultimate"];
environment.systemPackages = with pkgs; [jetbrains.idea-ultimate sshfs];
})
];
}

4
configs/doom.d/config.el Normal file
View File

@ -0,0 +1,4 @@
(setq
acme-theme-black-fg t)
(load-theme 'acme t)

186
configs/doom.d/init.el Normal file
View File

@ -0,0 +1,186 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
:completion
company ; the ultimate code completion backend
vertico ; the search engine of the future
:ui
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
doom-theme
;;(emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;ligatures ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
treemacs ; a project drawer, like neotree but cooler
unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;;rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
;;ibuffer ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
;;vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
(spell +flyspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;biblio ; Writes a PhD for you (citation needed)
;;debugger ; FIXME stepping through code, to help you add bugs
direnv
;;docker
;;editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
;;lsp ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
;;tmux ; an API for interacting with tmux
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
;;tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
;;cc ; C > C++ == 1
clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
;;elixir ; erlang done right
elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER)
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
(go +lsp) ; the hipster dialect
(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
;;json ; At least it ain't XML
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!"
ocaml ; an objective camel
org ; organize your plain life in plain text
;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
;;python ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
web ; the tubes
;;yaml ; JSON, but readable
zig ; C, but simpler
:email
(mu4e +org)
;;notmuch
;;(wanderlust +gmail)
:app
;;calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))

1
configs/doom.d/packages.el Normal file
View File

@ -0,0 +1 @@
(package! acme-theme)

1
configs/manager.nix
View File

@ -25,6 +25,7 @@ in
};
};
imports = [./tailnet.nix];
config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = {

142
configs/neovim.lua
View File

@ -15,18 +15,18 @@ cmd("hi LineNr none");
cmd("hi Search cterm=none ctermbg=yellow");
require("compe").setup {
enabled = true,
autocomplete = true,
source = {
path = true,
buffer = true,
calc = true,
nvim_lsp = true,
nvim_lua = true,
vsnip = true,
ultisnips = true,
luasnip = true,
},
enabled = true,
autocomplete = true,
source = {
path = true,
buffer = true,
calc = true,
nvim_lsp = true,
nvim_lua = true,
vsnip = true,
ultisnips = true,
luasnip = true
}
}
local telescope = require('telescope')
@ -34,30 +34,26 @@ telescope.load_extension('manix')
telescope.load_extension('fzf')
require("nvim-tree").setup({
renderer = {
icons = {
webdev_colors = false,
show = {
file = false,
folder = false,
folder_arrow = false,
git = true,
},
},
},
renderer = {
icons = {
webdev_colors = false,
show = {
file = false,
folder = false,
folder_arrow = false,
git = true
}
}
}
})
require('obsidian').setup({
dir = "~/Brain",
daily_notes = {
folder = "Daily",
},
completion = {
nvim_cmp = false,
}
dir = "~/Brain",
daily_notes = {folder = "Daily"},
completion = {nvim_cmp = false}
})
require 'nvim-treesitter.configs'.setup({})
require'nvim-treesitter.configs'.setup({})
require('neogen').setup({})
require('todo-comments').setup {};
@ -69,15 +65,7 @@ local lspc = require('lspconfig')
lspc.elmls.setup {};
lspc.gopls.setup {};
lspc.hls.setup {};
lspc.lua_ls.setup {
settings = {
Lua = {
diagnostics = {
globals = {'vim'},
},
},
},
};
lspc.lua_ls.setup {settings = {Lua = {diagnostics = {globals = {'vim'}}}}};
lspc.nil_ls.setup {};
lspc.perlpls.setup {};
lspc.solargraph.setup {};
@ -86,11 +74,11 @@ lspc.zls.setup {};
o.hlsearch = true;
map('n', '<C-n>', ':NvimTreeToggle<CR>', { noremap = true })
map('n', '<C-p>', ':Files<CR>', { noremap = true })
map('n', '<leader>r', ':NvimTreeRefresh<CR>', { noremap = true })
map('n', '<leader>n', ':Neogen<CR>', { noremap = true })
map('n', '<leader>s', ':%s/\\s\\+$//e', { noremap = true })
map('n', '<C-n>', ':NvimTreeToggle<CR>', {noremap = true})
map('n', '<C-p>', ':Files<CR>', {noremap = true})
map('n', '<leader>r', ':NvimTreeRefresh<CR>', {noremap = true})
map('n', '<leader>n', ':Neogen<CR>', {noremap = true})
map('n', '<leader>s', ':%s/\\s\\+$//e', {noremap = true})
map('n', '<leader>fm', ':Telescope manix<CR>', {})
map('n', '<leader>mo', ':MindOpenMain<CR>', {})
map('n', '<leader>mp', ':MindOpenProject<CR>', {})
@ -98,10 +86,10 @@ map('n', '<leader>ot', ':ObsidianToday<CR>', {})
map('n', '<leader>tb', ':TagbarToggle<CR>', {})
map('n', '<leader>t', ':TodoQuickFix<CR>', {})
map('n', '<leader>g', ':GitGutterToggle<CR>', { noremap = true })
map('n', '<leader>2', ':set list!<CR>', { noremap = true })
map('n', '<leader>3', ':set nu!<CR>', { noremap = true })
map('n', '<leader>4', ':set paste!<CR>', { noremap = true })
map('n', '<leader>g', ':GitGutterToggle<CR>', {noremap = true})
map('n', '<leader>2', ':set list!<CR>', {noremap = true})
map('n', '<leader>3', ':set nu!<CR>', {noremap = true})
map('n', '<leader>4', ':set paste!<CR>', {noremap = true})
local builtin = require('telescope.builtin')
vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
@ -116,45 +104,35 @@ vim.keymap.set('n', '<space>e', vim.diagnostic.open_float)
vim.keymap.set('n', '[d', vim.diagnostic.goto_prev)
vim.keymap.set('n', ']d', vim.diagnostic.goto_next)
vim.keymap.set('n', '<space>q', vim.diagnostic.setloclist)
vim.keymap.set('n', '<space>f', ':Neoformat<CR>')
vim.api.nvim_create_autocmd('LspAttach', {
group = vim.api.nvim_create_augroup('UserLspConfig', {}),
callback = function(ev)
local opts = { buffer = ev.buf }
vim.keymap.set('n', 'K', vim.lsp.buf.hover, opts)
vim.keymap.set('n', '<space>D', vim.lsp.buf.type_definition, opts)
vim.keymap.set('n', '<space>rn', vim.lsp.buf.rename, opts)
vim.keymap.set('n', 'gr', vim.lsp.buf.references, opts)
vim.keymap.set('n', '<space>f', function()
vim.lsp.buf.format { async = true }
end, opts)
end,
group = vim.api.nvim_create_augroup('UserLspConfig', {}),
callback = function(ev)
local opts = {buffer = ev.buf}
vim.keymap.set('n', 'K', vim.lsp.buf.hover, opts)
vim.keymap.set('n', '<space>D', vim.lsp.buf.type_definition, opts)
vim.keymap.set('n', '<space>rn', vim.lsp.buf.rename, opts)
vim.keymap.set('n', 'gr', vim.lsp.buf.references, opts)
-- vim.keymap.set('n', '<space>f', function()
-- vim.lsp.buf.format { async = true }
-- end, opts)
end
})
vim.g.tagbar_type_elm = {
ctagstype = 'elm',
kinds = {
'f:function:0:0',
'm:modules:0:0',
'i:imports:1:0',
't:types:1:0',
'a:type aliases:0:0',
'c:type constructors:0:0',
'p:ports:0:0',
's:functions:0:0'
}
ctagstype = 'elm',
kinds = {
'f:function:0:0', 'm:modules:0:0', 'i:imports:1:0', 't:types:1:0',
'a:type aliases:0:0', 'c:type constructors:0:0', 'p:ports:0:0',
's:functions:0:0'
}
}
vim.g.tagbar_type_typescript = {
ctagstype = 'typescript',
kinds = {
'c:classes',
'n:modules',
'f:functions',
'v:variables',
'v:varlambdas',
'm:members',
'i:interfaces',
'e:enums'
}
ctagstype = 'typescript',
kinds = {
'c:classes', 'n:modules', 'f:functions', 'v:variables', 'v:varlambdas',
'm:members', 'i:interfaces', 'e:enums'
}
}

4
configs/neovim.nix
View File

@ -108,10 +108,12 @@ with pkgs; let
};
baseVimPackages = with vimPlugins; [
ale
elm-vim
fugitive
fzf-vim
haskell-vim
neoformat
nvim-compe
nvim-lspconfig
nvim-tree-lua
@ -145,6 +147,7 @@ with pkgs; let
else baseVimPackages ++ [];
in {
environment.systemPackages = with pkgs; [
alejandra
elmPackages.elm
elmPackages.elm-format
elmPackages.elm-language-server
@ -159,6 +162,7 @@ in {
luajitPackages.lua-lsp
manix
nodejs
nodePackages.prettier
nodePackages.typescript-language-server
perl
perlPackages.PerlCritic

104
configs/tailnet.nix Normal file
View File

@ -0,0 +1,104 @@
{
config,
pkgs,
lib,
inputs,
xinlib,
...
}: let
tailnetACLs = let
acls = {
hosts = {
europa = "100.92.31.80";
startpage = "100.120.84.116";
startdev = "100.92.56.119";
go = "100.117.47.51";
nbc = "100.122.61.43"; # nix-binary-cache
console = "100.87.112.70";
box = "100.120.151.126";
};
tagOwners = {
"tag:untrusted" = ["qbit@github"];
"tag:minservice" = ["qbit@github"];
"tag:sshonly" = ["qbit@github"];
"tag:apper" = ["qbit@github"];
"tag:golink" = ["qbit@github"];
"tag:lab" = ["qbit@github"];
};
acls = [
{
action = "accept";
src = ["tag:untrusted"];
dst = [
"europa:22"
"europa:12304"
"startpage:443"
"startdev:443"
"go:80"
"tag:lab:22"
"nbc:443"
];
}
{
action = "accept";
src = ["tag:minservice" "tag:sshonly"];
dst = ["*:22" "box:3030" "nbc:443" "console:2222"];
}
{
action = "accept";
src = ["qbit@github"];
dst = ["*:*"];
}
];
};
in
pkgs.writeTextFile {
name = "tailnet-acls.json";
text = builtins.toJSON acls;
};
aclUpdateScript = pkgs.writeShellScriptBin "tailnet-acl-updater" ''
set -eu
. ${config.sops.secrets.po_env.path}
JQ=${pkgs.jq}/bin/jq
PO=${inputs.po.packages.${pkgs.system}.po}/bin/po
APIURL="https://api.tailscale.com/api/v2/tailnet/-/acl"
TOKEN="$(cat ${config.sops.secrets.tailnet_acl_manager.path}):"
ERROR="$(${pkgs.curl}/bin/curl "$APIURL/validate" -u "$TOKEN" -d @${tailnetACLs} | $JQ -r .message)"
if [ "$ERROR" = "null" ]; then
RESP="$(${pkgs.curl}/bin/curl "$APIURL" -u "$TOKEN" -d @${tailnetACLs} | $JQ -r .message)"
if [ "$RESP" != "null" ]; then
$PO -title "Failed to update TailNet!" -body "$RESP"
fi
fi
'';
jobs = [
{
name = "update-talenet-acls";
script = "${aclUpdateScript}/bin/tailnet-acl-updater";
startAt = "*:30:00";
path = [];
inherit (config.nixManager) user;
}
];
enabled = config.nixManager.enable;
in
with lib; {
sops.secrets = mkIf enabled {
tailnet_acl_manager = {
owner = config.nixManager.user;
sopsFile = config.xin-secrets.manager;
};
po_env = {
owner = config.nixManager.user;
sopsFile = config.xin-secrets.manager;
};
};
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
}

16
default.nix
View File

@ -17,6 +17,7 @@
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
'';
gosignify = pkgs.callPackage ./pkgs/gosignify.nix {inherit isUnstable;};
myOpenSSH = pkgs.callPackage ./pkgs/openssh {};
in {
imports = [
./configs
@ -136,14 +137,14 @@ in {
nix = {
settings =
if config.networking.hostName != "pwntie"
then {
if config.xinCI.enable
then {}
else {
substituters = ["https://nix-binary-cache.humpback-trout.ts.net/"];
trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
];
}
else {};
};
};
environment.systemPackages = with pkgs;
@ -161,8 +162,8 @@ in {
lz4
minisign
mosh
nb
nix-diff
nixfmt
nix-index
nix-top
pass
@ -182,7 +183,6 @@ in {
time.timeZone = "US/Mountain";
documentation.enable = true;
documentation.man.enable = true;
networking.timeServers = options.networking.timeServers.default;
@ -191,6 +191,8 @@ in {
zsh.enable = true;
gnupg.agent.enable = true;
ssh = {
package = myOpenSSH.openssh;
agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
knownHosts = {
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
@ -212,7 +214,7 @@ in {
environment.etc."ssh/ca.pub" = {text = caPubKeys;};
services.logrotate.enable =
services.logrotate.checkConfig =
todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false;
services = {

521
flake.lock generated
View File

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1687385522,
"narHash": "sha256-GR8mqsqYcdZ67dCcII5SWcwHqPAJRWXPmqsuMl7+KA4=",
"lastModified": 1692248770,
"narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "bc346a67d34a336ca3c507570875cc88038e6120",
"rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b",
"type": "github"
},
"original": {
@ -20,29 +20,169 @@
"type": "github"
}
},
"doom-emacs": {
"flake": false,
"locked": {
"lastModified": 1662497747,
"narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=",
"owner": "doomemacs",
"repo": "doomemacs",
"rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
"type": "github"
},
"original": {
"owner": "doomemacs",
"repo": "doomemacs",
"rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
"type": "github"
}
},
"doom-snippets": {
"flake": false,
"locked": {
"lastModified": 1676839496,
"narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=",
"owner": "doomemacs",
"repo": "snippets",
"rev": "fe4003014ae00b866f117cb193f711fd9d72fd11",
"type": "github"
},
"original": {
"owner": "doomemacs",
"repo": "snippets",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"stable"
]
},
"flake": false,
"locked": {
"lastModified": 1669639095,
"narHash": "sha256-yeP89LGRqMbTuEVII4/2BCMEKgEAbEqOMcwEev2S03U=",
"lastModified": 1676366521,
"narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "d54a1521619daa37c9aa8c9e3362abb34e676007",
"rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "d54a1521619daa37c9aa8c9e3362abb34e676007",
"rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501",
"type": "github"
}
},
"emacs-so-long": {
"flake": false,
"locked": {
"lastModified": 1575031854,
"narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=",
"owner": "hlissner",
"repo": "emacs-so-long",
"rev": "ed666b0716f60e8988c455804de24b55919e71ca",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "emacs-so-long",
"type": "github"
}
},
"evil-escape": {
"flake": false,
"locked": {
"lastModified": 1588439096,
"narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=",
"owner": "hlissner",
"repo": "evil-escape",
"rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "evil-escape",
"type": "github"
}
},
"evil-markdown": {
"flake": false,
"locked": {
"lastModified": 1626852210,
"narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=",
"owner": "Somelauw",
"repo": "evil-markdown",
"rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477",
"type": "github"
},
"original": {
"owner": "Somelauw",
"repo": "evil-markdown",
"type": "github"
}
},
"evil-org-mode": {
"flake": false,
"locked": {
"lastModified": 1607203864,
"narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=",
"owner": "hlissner",
"repo": "evil-org-mode",
"rev": "a9706da260c45b98601bcd72b1d2c0a24a017700",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "evil-org-mode",
"type": "github"
}
},
"evil-quick-diff": {
"flake": false,
"locked": {
"lastModified": 1575189609,
"narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=",
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"rev": "69c883720b30a892c63bc89f49d4f0e8b8028908",
"type": "github"
},
"original": {
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"type": "github"
}
},
"explain-pause-mode": {
"flake": false,
"locked": {
"lastModified": 1595842060,
"narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=",
"owner": "lastquestion",
"repo": "explain-pause-mode",
"rev": "2356c8c3639cbeeb9751744dbe737267849b4b51",
"type": "github"
},
"original": {
"owner": "lastquestion",
"repo": "explain-pause-mode",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1627913399,
@ -63,11 +203,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1687171271,
"narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
@ -91,6 +231,23 @@
"type": "github"
}
},
"format-all": {
"flake": false,
"locked": {
"lastModified": 1581716637,
"narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=",
"owner": "lassik",
"repo": "emacs-format-all-the-code",
"rev": "47d862d40a088ca089c92cd393c6dca4628f87d3",
"type": "github"
},
"original": {
"owner": "lassik",
"repo": "emacs-format-all-the-code",
"rev": "47d862d40a088ca089c92cd393c6dca4628f87d3",
"type": "github"
}
},
"gostart": {
"inputs": {
"nixpkgs": [
@ -98,11 +255,11 @@
]
},
"locked": {
"lastModified": 1686584905,
"narHash": "sha256-1Dd1bcp934Bx3Jjl1yg4sSuAhBUHrJz5jVEDxA5GDu8=",
"lastModified": 1690546436,
"narHash": "sha256-6B4i87l+dtGesLvRHuwGEBM8QbQC88iSA+TOB4dQNbs=",
"owner": "qbit",
"repo": "gostart",
"rev": "a4f6edb9f49f2ebb9225da0d54128da0fa2ec45a",
"rev": "a216e85942325efd61febf8641811ae2c0bd9f2f",
"type": "github"
},
"original": {
@ -147,13 +304,71 @@
"type": "github"
}
},
"nix-doom-emacs": {
"inputs": {
"doom-emacs": "doom-emacs",
"doom-snippets": "doom-snippets",
"emacs-overlay": "emacs-overlay",
"emacs-so-long": "emacs-so-long",
"evil-escape": "evil-escape",
"evil-markdown": "evil-markdown",
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"format-all": "format-all",
"nix-straight": "nix-straight",
"nixpkgs": "nixpkgs",
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
"org-contrib": "org-contrib",
"org-yt": "org-yt",
"php-extras": "php-extras",
"revealjs": "revealjs",
"rotate-text": "rotate-text",
"sln-mode": "sln-mode",
"ts-fold": "ts-fold",
"ws-butler": "ws-butler"
},
"locked": {
"lastModified": 1689075996,
"narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=",
"owner": "nix-community",
"repo": "nix-doom-emacs",
"rev": "9a5b34d9ba30842eb8f0d7deb08bf03a75930471",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-doom-emacs",
"type": "github"
}
},
"nix-straight": {
"flake": false,
"locked": {
"lastModified": 1666982610,
"narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=",
"owner": "nix-community",
"repo": "nix-straight.el",
"rev": "ad10364d64f472c904115fd38d194efe1c3f1226",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-straight.el",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1686838567,
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"lastModified": 1692952286,
"narHash": "sha256-TsrtPv3+Q1KR0avZxpiJH+b6fX/R/hEQVHbjl1ebotY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"rev": "817e297fc3352fadc15f2c5306909aa9192d7d97",
"type": "github"
},
"original": {
@ -163,9 +378,104 @@
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1682566018,
"narHash": "sha256-HPzPRFiy2o/7k7mtnwfM1E6NVZHiFbPdmYCMoIpkHO4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8e3b64db39f2aaa14b35ee5376bd6a2e707cadc2",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixpkgs-unstable",
"type": "indirect"
}
},
"nose": {
"flake": false,
"locked": {
"lastModified": 1400604510,
"narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=",
"owner": "emacsattic",
"repo": "nose",
"rev": "f8528297519eba911696c4e68fa88892de9a7b72",
"type": "github"
},
"original": {
"owner": "emacsattic",
"repo": "nose",
"type": "github"
}
},
"ob-racket": {
"flake": false,
"locked": {
"lastModified": 1584656173,
"narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=",
"owner": "xchrishawk",
"repo": "ob-racket",
"rev": "83457ec9e1e96a29fd2086ed19432b9d75787673",
"type": "github"
},
"original": {
"owner": "xchrishawk",
"repo": "ob-racket",
"type": "github"
}
},
"org": {
"flake": false,
"locked": {
"lastModified": 1683136293,
"narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=",
"owner": "emacs-straight",
"repo": "org-mode",
"rev": "080710797ad25e76c4556d2b03cc0aa5313cd187",
"type": "github"
},
"original": {
"owner": "emacs-straight",
"repo": "org-mode",
"type": "github"
}
},
"org-contrib": {
"flake": false,
"locked": {
"lastModified": 1675694242,
"narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=",
"owner": "emacsmirror",
"repo": "org-contrib",
"rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17",
"type": "github"
},
"original": {
"owner": "emacsmirror",
"repo": "org-contrib",
"type": "github"
}
},
"org-yt": {
"flake": false,
"locked": {
"lastModified": 1527381913,
"narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=",
"owner": "TobiasZawada",
"repo": "org-yt",
"rev": "40cc1ac76d741055cbefa13860d9f070a7ade001",
"type": "github"
},
"original": {
"owner": "TobiasZawada",
"repo": "org-yt",
"type": "github"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"stable"
@ -185,6 +495,22 @@
"type": "github"
}
},
"php-extras": {
"flake": false,
"locked": {
"lastModified": 1573312690,
"narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=",
"owner": "arnested",
"repo": "php-extras",
"rev": "d410c5af663c30c01d461ac476d1cbfbacb49367",
"type": "github"
},
"original": {
"owner": "arnested",
"repo": "php-extras",
"type": "github"
}
},
"po": {
"inputs": {
"nixpkgs": [
@ -245,13 +571,29 @@
"type": "github"
}
},
"revealjs": {
"flake": false,
"locked": {
"lastModified": 1681386605,
"narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=",
"owner": "hakimel",
"repo": "reveal.js",
"rev": "0301ce58ab185f7191696e16b1b6389f58df2892",
"type": "github"
},
"original": {
"owner": "hakimel",
"repo": "reveal.js",
"type": "github"
}
},
"root": {
"inputs": {
"darwin": "darwin",
"emacs-overlay": "emacs-overlay",
"gostart": "gostart",
"gqrss": "gqrss",
"microca": "microca",
"nix-doom-emacs": "nix-doom-emacs",
"nixos-hardware": "nixos-hardware",
"peerix": "peerix",
"po": "po",
@ -259,7 +601,6 @@
"pr-status": "pr-status",
"sops-nix": "sops-nix",
"stable": "stable",
"talon": "talon",
"taskobs": "taskobs",
"tsRevProx": "tsRevProx",
"tsvnstat": "tsvnstat",
@ -269,6 +610,38 @@
"xintray": "xintray"
}
},
"rotate-text": {
"flake": false,
"locked": {
"lastModified": 1322962747,
"narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=",
"owner": "debug-ito",
"repo": "rotate-text.el",
"rev": "48f193697db996855aee1ad2bc99b38c6646fe76",
"type": "github"
},
"original": {
"owner": "debug-ito",
"repo": "rotate-text.el",
"type": "github"
}
},
"sln-mode": {
"flake": false,
"locked": {
"lastModified": 1423727528,
"narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=",
"owner": "sensorflo",
"repo": "sln-mode",
"rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c",
"type": "github"
},
"original": {
"owner": "sensorflo",
"repo": "sln-mode",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@ -279,11 +652,11 @@
]
},
"locked": {
"lastModified": 1687398569,
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
"lastModified": 1693404499,
"narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2ff6973350682f8d16371f8c071a304b8067f192",
"rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
"type": "github"
},
"original": {
@ -294,11 +667,11 @@
},
"stable": {
"locked": {
"lastModified": 1687354544,
"narHash": "sha256-1Xu+QzyA10AiY21i27Zu9bqQAaxXBacNKbGUA9OZy7Y=",
"lastModified": 1693428224,
"narHash": "sha256-FWUUlhYqkGEySUD0blTADRiDQ7fw+H1ikivfu88uy+w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "876181e3ae452cc6186486f6f7300a8a6de237cb",
"rev": "841889913dfd06a70ffb39f603e29e46f45f0c1a",
"type": "github"
},
"original": {
@ -339,27 +712,6 @@
"type": "github"
}
},
"talon": {
"inputs": {
"nixpkgs": [
"unstable"
],
"utils": "utils"
},
"locked": {
"lastModified": 1674481533,
"narHash": "sha256-aMrexhFzVJKFB2PKUjjJiJCCNDTyCWFDHlhjFNAuHFg=",
"owner": "qbit",
"repo": "talon-nix",
"rev": "52b4568e186691624db941517418e165b6ff0e9f",
"type": "github"
},
"original": {
"owner": "qbit",
"repo": "talon-nix",
"type": "github"
}
},
"taskobs": {
"inputs": {
"nixpkgs": [
@ -380,6 +732,22 @@
"type": "github"
}
},
"ts-fold": {
"flake": false,
"locked": {
"lastModified": 1681029086,
"narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=",
"owner": "jcs-elpa",
"repo": "ts-fold",
"rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3",
"type": "github"
},
"original": {
"owner": "jcs-elpa",
"repo": "ts-fold",
"type": "github"
}
},
"tsRevProx": {
"inputs": {
"nixpkgs": [
@ -387,11 +755,11 @@
]
},
"locked": {
"lastModified": 1683583841,
"narHash": "sha256-5r2TP7cuEyy/XgSQhfaqLjbgiIbXtlNp9P9OvPjzvTk=",
"lastModified": 1690485919,
"narHash": "sha256-7DxtcPq/QPsdwqUg91vs1mMu21mYn1HCamUkOD0ug2M=",
"owner": "qbit",
"repo": "ts-reverse-proxy",
"rev": "36749e9fbe0f4c04163f9924f8e8be01d0442745",
"rev": "1b7eac645a0c56effc8d637019161febd0015d08",
"type": "github"
},
"original": {
@ -422,11 +790,11 @@
},
"unstable": {
"locked": {
"lastModified": 1687411311,
"narHash": "sha256-JcRFavmdTl6VE52xGREv+qZ8jXNVxZ05Ny93R7a2hb0=",
"lastModified": 1693537891,
"narHash": "sha256-djrWi+Qkj033Py+pWZZriUcWKFtfQJcrO0JZXiFXUTk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5da1a523cbe09f2f7e0f85605f6a54f372469bd0",
"rev": "9d33ec806554aa74a6415a9e1e3b5b78e0af26d1",
"type": "github"
},
"original": {
@ -437,11 +805,11 @@
},
"unstableSmall": {
"locked": {
"lastModified": 1687369486,
"narHash": "sha256-BFXrDo7yuLamfbi53voC2TrHHTKEr/LJ0P+qSP51xkg=",
"lastModified": 1693481239,
"narHash": "sha256-HNEeTL3b0aiwbJh/hFKUMOqRg34e5r+t1X3dFMFUVR4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8b0f22dc5155e8a6d329520c27751dfb0f821d63",
"rev": "72845c89285ca57c1d2bbc33018aca7455cd9c25",
"type": "github"
},
"original": {
@ -451,18 +819,19 @@
"type": "github"
}
},
"utils": {
"ws-butler": {
"flake": false,
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"lastModified": 1634511126,
"narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=",
"owner": "hlissner",
"repo": "ws-butler",
"rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "hlissner",
"repo": "ws-butler",
"type": "github"
}
},
@ -474,11 +843,11 @@
"stable": "stable_2"
},
"locked": {
"lastModified": 1686765987,
"narHash": "sha256-dwT4w+dFG5ovM9ip32fj54I8Bq427SQZ91X/wJ3mhXU=",
"lastModified": 1691077496,
"narHash": "sha256-Ue8ldvIt2gU51MuWAMwcZIME5htEBeG5NDTo/QWw7Qw=",
"ref": "main",
"rev": "4019a419bd9ab0e927d44cb4ff4b84654de90712",
"revCount": 100,
"rev": "10a766cc56235210091913414019d98a9fc6b987",
"revCount": 104,
"type": "git",
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
},
@ -495,11 +864,11 @@
]
},
"locked": {
"lastModified": 1686054616,
"narHash": "sha256-nBvQL3pSFZTBM0kM+/HVNFNbsa/It+OzQSlgKdIkgAY=",
"lastModified": 1688047611,
"narHash": "sha256-pHbxJwZGQjPwpA2gfeUGy9hHu3Dx/J6ZT4DkV2v1RT4=",
"owner": "qbit",
"repo": "xintray",
"rev": "04dfd6b23e165c2e5495eeaf2b5ba2818a683bb2",
"rev": "dff83a5e9b8b84d0f4d29f6e5704dee21b165c75",
"type": "github"
},
"original": {

39
flake.nix
View File

@ -21,10 +21,11 @@
nixos-hardware = {url = "github:NixOS/nixos-hardware/master";};
emacs-overlay = {
url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007";
inputs.nixpkgs.follows = "stable";
};
#emacs-overlay = {
# url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007";
# inputs.nixpkgs.follows = "stable";
#};
nix-doom-emacs.url = "github:nix-community/nix-doom-emacs";
darwin = {
url = "github:lnl7/nix-darwin";
@ -77,11 +78,6 @@
url = "github:cid-chan/peerix";
inputs.nixpkgs.follows = "stable";
};
talon = {
url = "github:qbit/talon-nix";
inputs.nixpkgs.follows = "unstable";
};
};
outputs = {
@ -94,7 +90,6 @@
pots,
pr-status,
stable,
talon,
tsRevProx,
tsvnstat,
unstable,
@ -133,13 +128,12 @@
};
overlays = [
inputs.emacs-overlay.overlay
#inputs.emacs-overlay.overlay
inputs.gostart.overlay
inputs.microca.overlay
inputs.peerix.overlay
inputs.pots.overlay
inputs.pr-status.overlay
inputs.talon.overlays.default
inputs.taskobs.overlay
inputs.tsRevProx.overlay
];
@ -201,8 +195,8 @@
[] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
};
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixfmt;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixfmt;
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra;
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra;
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
@ -210,7 +204,6 @@
nixosConfigurations = {
europa = buildSys "x86_64-linux" unstable [
nixos-hardware.nixosModules.framework
talon.nixosModules.talon
] "europa";
pwntie = buildSys "x86_64-linux" stable [] "pwntie";
stan = buildSys "x86_64-linux" unstable [] "stan";
@ -262,6 +255,8 @@
spkgs.callPackage ./pkgs/ada_language_server.nix {inherit spkgs;};
alire = spkgs.callPackage ./pkgs/alire.nix {inherit spkgs;};
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix {inherit spkgs;};
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix {inherit spkgs;};
clilol = spkgs.callPackage ./pkgs/clilol.nix {inherit spkgs;};
gqrss = spkgs.callPackage ./pkgs/gqrss.nix {
inherit spkgs;
isUnstable = true;
@ -272,11 +267,14 @@
isUnstable = true;
};
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix {};
fyne = upkgs.callPackage ./pkgs/fyne.nix {inherit upkgs;};
flake-warn =
spkgs.callPackage ./pkgs/flake-warn.nix {inherit spkgs;};
kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix {inherit spkgs;};
yaegi = spkgs.callPackage ./pkgs/yaegi.nix {inherit spkgs;};
gen-patches =
spkgs.callPackage ./bins/gen-patches.nix {inherit spkgs;};
yarr = spkgs.callPackage ./pkgs/yarr.nix {
inherit spkgs;
isUnstable = true;
@ -284,6 +282,9 @@
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix {
inherit spkgs;
};
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix {
inherit spkgs;
};
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix {
inherit upkgs;
};
@ -302,11 +303,11 @@
gosignify = spkgs.callPackage ./pkgs/gosignify.nix {inherit spkgs;};
gotosocial =
spkgs.callPackage ./pkgs/gotosocial.nix {inherit spkgs;};
govulncheck =
upkgs.callPackage ./pkgs/govulncheck.nix {inherit upkgs;};
zutty = upkgs.callPackage ./pkgs/zutty.nix {
inherit upkgs;
isUnstable = true;
};
mvoice = upkgs.callPackage ./pkgs/mvoice.nix {
inherit upkgs;
};
inherit (xintray.packages.${system}) xintray;
inherit (tsvnstat.packages.${system}) tsvnstat;

20
gui/arcan.nix
View File

@ -3,15 +3,13 @@
lib,
pkgs,
...
}: let
myArcan = pkgs.arcanPackages or pkgs.arcan;
in
with lib; {
options = {
arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";};
};
}:
with lib; {
options = {
arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";};
};
config = mkIf config.arcan.enable {
environment.systemPackages = with pkgs; [myArcan.all-wrapped];
};
}
config = mkIf config.arcan.enable {
environment.systemPackages = with pkgs; [arcanPackages.all-wrapped];
};
}

8
gui/default.nix
View File

@ -62,21 +62,24 @@ in
pcscd.enable = true;
};
documentation.enable = true;
# TODO: TEMP FIX
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"];
fonts.fonts = with pkgs; [
go-font
(callPackage ../pkgs/kurinto.nix {})
#(callPackage ../pkgs/kurinto.nix {})
];
sound.enable = true;
environment.systemPackages = with pkgs; (xinlib.filterList [
arcanPackages.all-wrapped
bc
black
brave
drawterm
exiftool
go-font
govulncheck
hpi
pcsctools
promnesia
@ -85,7 +88,6 @@ in
vlc
zeal
(callPackage ../pkgs/govulncheck.nix {})
(callPackage ../configs/helix.nix {})
]);

345
hosts/box/default.nix
View File

@ -30,7 +30,7 @@
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://ftp.usa.openbsd.org;
proxy_pass http://cdn.openbsd.org;
'';
};
@ -46,10 +46,21 @@
};
in {
_module.args.isUnstable = false;
imports = [./hardware-configuration.nix];
imports = [
./hardware-configuration.nix
"${inputs.unstable}/nixos/modules/services/home-automation/home-assistant.nix"
];
sops.secrets = {
photoprism_admin_password = {sopsFile = config.xin-secrets.box.services;};
#nextcloud_db_pass = {
# owner = config.users.users.nextcloud.name;
# sopsFile = config.xin-secrets.box.services;
#};
#nextcloud_admin_pass = {
# owner = config.users.users.nextcloud.name;
# sopsFile = config.xin-secrets.box.services;
#};
#photoprism_admin_password = {sopsFile = config.xin-secrets.box.services;};
gitea_db_pass = {
owner = config.users.users.gitea.name;
sopsFile = config.xin-secrets.box.services;
@ -80,6 +91,10 @@ in {
sops.secrets.bw_key = mkNginxSecret;
sops.secrets.invidious_cert = mkNginxSecret;
sops.secrets.invidious_key = mkNginxSecret;
sops.secrets.readarr_cert = mkNginxSecret;
sops.secrets.readarr_key = mkNginxSecret;
sops.secrets.home_cert = mkNginxSecret;
sops.secrets.home_key = mkNginxSecret;
boot.supportedFilesystems = ["zfs"];
boot.loader.grub.copyKernels = true;
@ -97,6 +112,7 @@ in {
hosts = {
"127.0.0.1" = ["git.tapenet.org"];
"10.6.0.15" = ["jelly.bold.daemon"];
"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"];
};
interfaces.enp7s0 = {useDHCP = true;};
@ -114,7 +130,17 @@ in {
};
allowedTCPPorts =
config.services.openssh.ports
++ [80 443 config.services.gitea.settings.server.SSH_PORT];
++ [
80
443
config.services.gitea.settings.server.SSH_PORT
21063 #homekit
21064 #homekit
1883 # mosquitto
];
allowedUDPPorts = [
5353 #homekit
];
allowedUDPPortRanges = [
{
from = 60000;
@ -144,16 +170,27 @@ in {
};
};
nixpkgs.config.allowUnfree = true;
nixpkgs = {
config.allowUnfree = true;
overlays = [
(_: _: {
inherit (inputs.unstable.legacyPackages.${pkgs.system}) home-assistant;
})
];
};
disabledModules = [
"services/home-automation/home-assistant.nix"
];
environment.systemPackages = with pkgs; [
nixfmt
tmux
mosh
apg
git
signify
glowing-bear
rtl_433
(callPackage ../../pkgs/athens.nix {inherit isUnstable;})
];
@ -163,64 +200,174 @@ in {
defaults.email = "aaron@bolddaemon.com";
};
# for photoprism
#users.groups.photoprism = {
# name = "photoprism";
# gid = 986;
#};
#users.users.photoprism = {
# uid = 991;
# name = "photoprism";
# isSystemUser = true;
# hashedPassword = null;
# group = "photoprism";
# shell = "/bin/sh";
# openssh.authorizedKeys.keys = pubKeys;
#};
#virtualisation.podman = {
# enable = false;
# #dockerCompat = true;
#};
#virtualisation.oci-containers.backend = "podman";
#virtualisation.oci-containers.containers = {
# #kativa = {
# # autoStart = true;
# # ports = [ "127.0.0.1:5000:5000" ];
# # image = "kizaing/kavita:0.5.2";
# # volumes = [ "/media/books:/books" "/media/books/config:/kativa/config" ];
# #};
# photoprism = {
# #user = "${toString config.users.users.photoprism.name}:${toString config.users.groups.photoprism.name}";
# autoStart = true;
# ports = [ "127.0.0.1:2343:2343" ];
# image = "photoprism/photoprism:${photoPrismTag}";
# workdir = "/photoprism";
# volumes = [
# "/media/pictures/photoprism/storage:/photoprism/storage"
# "/media/pictures/photoprism/originals:/photoprism/originals"
# "/media/pictures/photoprism/import:/photoprism/import"
# ];
# environment = {
# PHOTOPRISM_HTTP_PORT = "2343";
# PHOTOPRISM_UPLOAD_NSFW = "true";
# PHOTOPRISM_DETECT_NSFW = "false";
# PHOTOPRISM_UID = "${toString config.users.users.photoprism.uid}";
# PHOTOPRISM_GID = "${toString config.users.groups.photoprism.gid}";
# #PHOTOPRISM_SITE_URL = "https://photos.tapenet.org/";
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
# };
# };
#};
users.groups.media = {
name = "media";
members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones"];
members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr"];
};
users.groups.photos = {
name = "photos";
members = ["qbit"];
};
users.groups.photoprism = {
name = "photoprism";
gid = 986;
};
users.users.photoprism = {
uid = 991;
name = "photoprism";
isSystemUser = true;
hashedPassword = null;
group = "photoprism";
shell = "/bin/sh";
openssh.authorizedKeys.keys = pubKeys;
};
systemd.services.photoprism = {
serviceConfig = {
WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
};
preStart = lib.mkForce "";
};
hardware.rtl-sdr.enable = true;
services = {
mosquitto = {
enable = true;
listeners = [
{
acl = ["pattern readwrite #"];
omitPasswordAuth = true;
settings.allow_anonymous = true;
}
];
};
avahi = {
enable = true;
openFirewall = true;
};
home-assistant = {
enable = true;
extraPackages = python3Packages:
with python3Packages; [
pyipp
pymetno
];
extraComponents = [
"airthings"
"airthings_ble"
"airvisual"
"airvisual_pro"
"apple_tv"
#"aprs"
"brother"
"esphome"
"ffmpeg"
"homekit"
"homekit_controller"
"icloud"
"jellyfin"
"logger"
"met"
"mqtt"
"nextdns"
"openevse"
"prometheus"
"pushover"
"rest"
"snmp"
"zeroconf"
];
config = {
mqtt.sensor = [
];
logger = {
default = "warning";
logs = {
#"homeassistant.components.aprs" = "debug";
};
};
"automation manual" = [
];
"automation ui" = "!include automations.yaml";
rest = [
{
resource = "http://127.0.0.1:9001/api/v1/query?query=rtl_433_temperature_celsius";
sensor = {
name = "rtl_433_temperature_celsius";
value_template = "{{value_json.data.result[0].value[1]}}";
};
}
{
resource = "http://127.0.0.1:9001/api/v1/query?query=wstation_temp_c";
sensor = {
name = "wstation_garage_temp_c";
value_template = "{{value_json.data.result[0].value[1]}}";
};
}
];
device_tracker = [
];
default_config = {};
http = {
use_x_forwarded_for = true;
server_host = "127.0.0.1";
trusted_proxies = "127.0.0.1";
};
homeassistant = {
name = "Home";
time_zone = "America/Denver";
temperature_unit = "C";
unit_system = "metric";
longitude = -104.72;
latitude = 38.35;
};
};
};
#photoprism = {
# enable = true;
# port = 2343;
# storagePath = "/media/pictures/photoprism/storage";
# originalsPath = "/media/pictures/photoprism/originals";
# importPath = "/media/pictures/photoprism/import";
# settings = {
# PHOTOPRISM_UPLOAD_NSFW = "true";
# PHOTOPRISM_DETECT_NSFW = "false";
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
# };
#};
#nextcloud = {
# enable = true;
# enableBrokenCiphersForSSE = false;
# hostName = "box.humpback-trout.ts.net";
# home = "/media/nextcloud";
# https = true;
# package = pkgs.nextcloud27;
# extraApps = with config.services.nextcloud.package.packages.apps; {
# inherit bookmarks calendar contacts notes tasks twofactor_webauthn;
# };
# extraAppsEnable = true;
# config = {
# overwriteProtocol = "https";
# dbtype = "pgsql";
# dbuser = "nextcloud";
# dbhost = "/run/postgresql";
# dbname = "nextcloud";
# dbpassFile = "${config.sops.secrets.nextcloud_db_pass.path}";
# adminpassFile = "${config.sops.secrets.nextcloud_admin_pass.path}";
# adminuser = "admin";
# };
#};
invidious = {
enable = true;
settings = {
@ -255,6 +402,19 @@ in {
tor.enable = true;
transmission = {
enable = true;
group = "media";
downloadDirPermissions = "770";
settings = {
download-dir = "/media/downloads/torrents";
};
};
readarr = {
enable = true;
dataDir = "/media/books";
group = "media";
};
sonarr.enable = true;
radarr.enable = true;
lidarr.enable = true;
@ -288,6 +448,7 @@ in {
calibre-web = {
enable = true;
group = "media";
options = {enableBookUploading = true;};
listen.port = 8909;
listen.ip = "127.0.0.1";
@ -446,9 +607,33 @@ in {
};
nginx = {enable = true;};
rtl_433 = {
enable = true;
group = "plugdev";
ids = [
{
id = 55;
name = "LaCrosse-TX141Bv3";
location = "Kitchen";
}
];
};
};
scrapeConfigs = [
{
job_name = "rtl_433";
static_configs = [
{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.rtl_433.port
}"
];
}
];
}
{
job_name = "box";
static_configs = [
@ -483,11 +668,7 @@ in {
}
{
job_name = "namish";
static_configs = [{targets = ["10.6.0.2:9100"];}];
}
{
job_name = "router";
static_configs = [{targets = ["10.6.0.1:9100"];}];
static_configs = [{targets = ["10.200.0.100:9100"];}];
}
{
job_name = "nginx";
@ -522,7 +703,7 @@ in {
stateDir = "/media/git";
appName = "Tape:neT";
package = inputs.unstable.legacyPackages.${pkgs.system}.gitea;
package = inputs.unstable.legacyPackages.${pkgs.system}.forgejo;
lfs.enable = true;
@ -592,6 +773,18 @@ in {
'';
virtualHosts = {
"home.bold.daemon" = {
forceSSL = true;
sslCertificateKey = "${config.sops.secrets.home_key.path}";
sslCertificate = "${config.sops.secrets.home_cert.path}";
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8123";
proxyWebsockets = true;
};
};
"invidious.bold.daemon" = {
forceSSL = true;
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
@ -747,6 +940,19 @@ in {
'';
};
};
"readarr.bold.daemon" = {
sslCertificateKey = "${config.sops.secrets.readarr_key.path}";
sslCertificate = "${config.sops.secrets.readarr_cert.path}";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8787";
proxyWebsockets = true;
extraConfig = ''
${httpAllow}
deny all;
'';
};
};
"graph.bold.daemon" = {
sslCertificateKey = "${config.sops.secrets.graph_key.path}";
@ -818,7 +1024,14 @@ in {
enable = true;
dataDir = "/db/postgres";
ensureDatabases = ["nextcloud" "gitea"];
#enableTCPIP = true;
#authentication = pkgs.lib.mkOverride 14 ''
# local all all trust
# host all all 127.0.0.1/32 trust
# host all all ::1/128 trust
#'';
ensureDatabases = ["nextcloud" "gitea" "invidious"];
ensureUsers = [
{
name = "nextcloud";

66
hosts/europa/default.nix
View File

@ -1,4 +1,5 @@
{
inputs,
config,
pkgs,
lib,
@ -13,9 +14,12 @@ with lib; let
inherit lib;
inherit config;
});
myEmacs = pkgs.callPackage ../../configs/emacs.nix {};
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
doomPrivateDir = ../../configs/doom.d;
};
peerixUser =
if hasAttr "peerix" config.users.users
if builtins.hasAttr "peerix" config.users.users
then config.users.users.peerix.name
else "root";
jobs = [
@ -86,10 +90,13 @@ in {
};
};
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
nixpkgs.config.allowUnsupportedSystem = true;
nixpkgs.config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
boot = {
binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
initrd.systemd.enable = true;
loader = {
systemd-boot.enable = true;
@ -100,24 +107,25 @@ in {
};
kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"];
kernelPackages = pkgs.linuxPackages_latest;
#kernelPackages = pkgs.linuxPackages;
};
sshFidoAgent.enable = true;
sshFidoAgent.enable = lib.mkDefault true;
nixManager = {
enable = true;
enable = lib.mkDefault true;
user = "qbit";
};
kde.enable = true;
jetbrains.enable = true;
kde.enable = lib.mkDefault true;
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.enable = lib.mkDefault true;
networking = {
hostName = "europa";
hostId = "87703c3e";
hosts = {
"192.168.122.6" = ["chubs"];
};
wireless.userControlled.enable = true;
networkmanager.enable = true;
@ -148,6 +156,7 @@ in {
shellAliases = {
"gh" = "op plugin run -- gh";
"nixpkgs-review" = "env GITHUB_TOKEN=$(op item get nixpkgs-review --field token) nixpkgs-review";
"clilol" = "env CLILOL_APIKEY=$(op item get omglol-cli --field credential) clilol";
"godeps" = "go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all";
"mutt" = "neomutt -F /etc/neomuttrc";
"neomutt" = "neomutt -F /etc/neomuttrc";
@ -185,6 +194,11 @@ in {
];
};
};
avahi = {
enable = true;
openFirewall = true;
};
printing.enable = true;
restic = {
backups = {
local = {
@ -202,11 +216,11 @@ in {
pcscd.enable = true;
vnstat.enable = true;
clamav.updater.enable = true;
emacs = {
enable = true;
package = myEmacs;
install = true;
};
#emacs = {
# enable = true;
# package = myEmacs;
# install = true;
#};
tor = {
enable = true;
client.enable = true;
@ -262,11 +276,10 @@ in {
users.users.qbit.extraGroups = [
"dialout"
"libvirtd"
"plugdev"
#"docker"
];
nixpkgs.config.allowUnfree = true;
environment.sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache";
@ -280,10 +293,13 @@ in {
environment.systemPackages = with pkgs; [
opensnitch-ui
doom-emacs
barrier
calibre
chirp
cider
clementine
direwolf
element-desktop
elmPackages.elm
elmPackages.elm-format
@ -293,7 +309,10 @@ in {
entr
exercism
gh
gimp
git-credential-1password
gqrx
hackrf
isync
klavaro
minicom
@ -305,12 +324,15 @@ in {
nmap
nushell
obsidian
pharo
pharo-launcher
picocom
proton-caller
protonup-ng
python3Packages.meshtastic
qdmr
rex
rofi
rtl-sdr
sdrpp
signal-desktop
taskobs
tcpdump
@ -319,13 +341,14 @@ in {
tidal-hifi
tigervnc
unzip
veilid
virt-manager
w3m
yt-dlp
#yubioath-flutter
zig
talon
(callPackage ../../pkgs/clilol.nix {})
(callPackage ../../pkgs/iamb.nix {})
(callPackage ../../pkgs/kobuddy.nix {
inherit pkgs;
@ -341,6 +364,7 @@ in {
;
})
(callPackage ../../pkgs/gokrazy.nix {})
(callPackage ../../pkgs/mvoice.nix {})
(callPackage ../../pkgs/zutty.nix {})
restic

1
hosts/europa/hardware-configuration.nix
View File

@ -39,5 +39,6 @@
cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
bluetooth.enable = true;
rtl-sdr.enable = true;
};
}

2
hosts/faf/default.nix
View File

@ -115,6 +115,8 @@ in {
''"radarr.bold.daemon. IN A 100.120.151.126"''
''"reddit.bold.daemon. IN A 100.120.151.126"''
''"sonarr.bold.daemon. IN A 100.120.151.126"''
''"readarr.bold.daemon. IN A 100.120.151.126"''
''"home.bold.daemon. IN A 100.120.151.126"''
''"graph.bold.daemon. IN A 100.120.151.126"''
''"invidious.bold.daemon. IN A 100.120.151.126"''
''"router.bold.daemon. IN A 10.6.0.1"''

77
hosts/h/default.nix
View File

@ -2,6 +2,7 @@
config,
pkgs,
isUnstable,
inputs,
...
}:
with pkgs; let
@ -35,6 +36,11 @@ with pkgs; let
allow 10.20.30.1/32;
'';
mtxCfg = {
port = 8009;
address = "127.0.0.1";
};
matrixServer = "tapenet.org";
matrixClientConfig = {
"m.homeserver".base_url = "https://${matrixServer}:443";
@ -53,7 +59,7 @@ with pkgs; let
};
mkMatrixLoc = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:8009";
proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}";
};
in {
_module.args.isUnstable = false;
@ -145,6 +151,11 @@ in {
owner = config.services.tsrevprox.user;
sopsFile = config.xin-secrets.h.services;
};
writefreely = {
mode = "400";
owner = config.services.writefreely.user;
sopsFile = config.xin-secrets.h.services;
};
};
networking = {
@ -257,6 +268,21 @@ in {
};
services = {
heisenbridge = {
enable = true;
homeserver = "http://${mtxCfg.address}:${toString mtxCfg.port}";
owner = "@qbit:tapenet.org";
namespaces = {
users = [
{
regex = "@irc_.*";
exclusive = true;
}
];
aliases = [];
rooms = [];
};
};
tsrevprox = {
enable = true;
reverseName = "pr-status";
@ -390,6 +416,8 @@ in {
"/var/lib/gotosocial"
"/var/lib/mcchunkie"
"/var/lib/taskserver"
"/var/lib/heisenbridge"
"/var/lib/writefreely"
];
timerConfig = {OnCalendar = "00:05";};
@ -399,6 +427,26 @@ in {
};
};
writefreely = {
enable = true;
host = "arst.lol";
settings = {
server.port = 3287;
app = {
single_user = true;
min_username_len = 4;
federation = true;
monetization = false;
wf_modesty = true;
};
};
database.migrate = true;
admin = {
name = "qbit";
initialPasswordFile = "${config.sops.secrets.writefreely.path}";
};
};
nginx = {
enable = true;
@ -470,6 +518,22 @@ in {
proxyPass = "http://localhost:9009/weechat";
};
};
"arst.lol" = {
forceSSL = true;
enableACME = true;
root = "/var/www/arst.lol";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${
toString config.services.writefreely.settings.server.port
}";
};
};
#"embracethe.lol" = {
# forceSSL = true;
# enableACME = true;
# root = "/var/www/embracethe.lol";
#};
"notes.suah.dev" = {
forceSSL = true;
enableACME = true;
@ -746,6 +810,10 @@ in {
"https://matrix.to/#/#go-lang:matrix.org"
"https://matrix.to/#/#plan9:matrix.org"
"https://matrix.to/#/#nix-openbsd:tapenet.org"
"https://matrix.to/#/#cobug:tapenet.org"
"https://matrix.to/#/#gosec:tapenet.org"
"https://matrix.to/#/#gophers-offtopic:matrix.org"
"https://matrix.to/#/#devious:tapenet.org"
];
settings = {
verboseLogging = false;
@ -785,6 +853,9 @@ in {
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
url_preview_enabled = false;
plugins = with config.services.matrix-synapse.package.plugins; [matrix-synapse-mjolnir-antispam];
app_service_config_files = [
"/var/lib/heisenbridge/registration.yml"
];
database = {
name = "psycopg2";
args = {
@ -794,8 +865,8 @@ in {
};
listeners = [
{
bind_addresses = ["127.0.0.1"];
port = 8009;
inherit (mtxCfg) port;
bind_addresses = [mtxCfg.address];
resources = [
{
compress = true;

32
hosts/plq/default.nix
View File

@ -1,5 +1,6 @@
{
pkgs,
lib,
isUnstable,
...
}: let
@ -14,6 +15,8 @@ in {
networking.hostName = "plq";
security.pam.enableSudoTouchIdAuth = true;
programs = {
zsh = {
enable = true;
@ -22,10 +25,16 @@ in {
'';
};
};
services.nix-daemon.enable = true;
nix.package = pkgs.nix;
services.emacs.package = pkgs.emacsUnstable;
nix = {
package = pkgs.nix;
settings = {
sandbox = true;
};
};
services = {
nix-daemon.enable = true;
emacs.package = pkgs.emacsUnstable;
};
system = {
keyboard = {
@ -47,23 +56,32 @@ in {
};
};
nixpkgs.config = {
allowUnfree = true;
allowUnfreePredicate = pkg:
builtins.elm (lib.getName pkg) [
"obsidian"
];
};
environment.variables = {
SSH_AUTH_SOCK = "$HOME/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh";
};
environment.systemPackages = with pkgs; [
(callPackage ../../pkgs/nheko.nix {inherit isUnstable;})
(callPackage ../../pkgs/secretive.nix {inherit isUnstable;})
(callPackage ../../pkgs/hammerspoon.nix {inherit isUnstable;})
nixpkgs-review
direnv
exiftool
gh
go
mosh
nb
neovim
nixfmt
nixpkgs-review
nmap
obsidian
rage
statix
];

82
hosts/pwntie/default.nix
View File

@ -1,11 +1,20 @@
{pkgs, ...}: let
myEmacs = pkgs.callPackage ../../configs/emacs.nix {};
{
pkgs,
config,
...
}: let
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
in {
_module.args.isUnstable = false;
imports = [./hardware-configuration.nix];
imports = [
./hardware-configuration.nix
../../modules/rtlamr2mqtt.nix
];
hardware.rtl-sdr.enable = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
@ -38,19 +47,24 @@ in {
PATH = ["\${XDG_BIN_HOME}"];
};
users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker"];
users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"];
nixpkgs.config.allowUnfree = true;
#nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
rtl-sdr
direwolf
(callPackage ../../pkgs/rtlamr.nix {})
];
programs = {
steam.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = ["qbit"];
};
dconf.enable = true;
};
#programs = {
# steam.enable = true;
# _1password.enable = true;
# _1password-gui = {
# enable = true;
# polkitPolicyOwners = [ "qbit" ];
# };
# dconf.enable = true;
#};
xinCI = {
user = "qbit";
@ -58,11 +72,45 @@ in {
};
services = {
emacs = {
rtlamr2mqtt = {
enable = true;
package = myEmacs;
install = true;
configuration = {
general = {
device_ids_path = "${config.services.rtlamr2mqtt.package}/sdl_ids.txt";
sleep_for = 0;
verbosity = "debug";
tickle_rtl_tcp = false;
device_id = "0bda:2838";
};
mqtt = {
host = "10.6.0.15";
port = 1883;
tls_enabled = false;
ha_autodiscovery = true;
base_topec = "rtlamr";
};
custom_parameters = {
rtltcp = "-s 2048000";
rtlamr = "-unique=true -symbollength=32";
};
meters = [
{
id = 48582066;
protocol = "scm";
name = "gas_meter";
unit_of_measurement = "ft³";
icon = "mdi:gas-burner";
device_class = "gas";
state_class = "total_increasing";
}
];
};
};
#emacs = {
# enable = true;
# package = myEmacs;
# install = true;
#};
fwupd = {
enable = true;
enableTestRemote = true;

19
hosts/stan/default.nix
View File

@ -1,5 +1,6 @@
{
config,
inputs,
pkgs,
...
}: let
@ -12,11 +13,13 @@
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
myEmacs = pkgs.callPackage ../../configs/emacs.nix {};
peerixUser =
if builtins.hasAttr "peerix" config.users.users
then config.users.users.peerix.name
else "root";
doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
doomPrivateDir = ../../configs/doom.d;
};
in {
_module.args.isUnstable = true;
imports = [./hardware-configuration.nix];
@ -97,7 +100,7 @@ in {
"172.16.30.253" = ["proxmox-02.vm.calyptix.local"];
"127.0.0.1" = ["borg.calyptix.dev" "localhost"];
"192.168.122.249" = ["arst.arst" "vm"];
"192.168.54.1" = ["router.arst" "router"];
"192.168.8.194" = ["router.arst" "router"];
};
networkmanager.enable = true;
@ -111,7 +114,6 @@ in {
kde.enable = true;
defaultUsers.enable = false;
jetbrains.enable = true;
sshFidoAgent.enable = true;
sops.secrets = {
@ -159,7 +161,7 @@ in {
environment.systemPackages = with pkgs; [
barrier
bitwarden
brave
doom-emacs
fzf
google-chrome-dev
ispell
@ -187,6 +189,8 @@ in {
virtualisation.libvirtd.enable = true;
programs.git.config.safe.directory = "/home/abieber/aef100";
programs = {
dconf.enable = true;
zsh.enable = true;
@ -199,11 +203,6 @@ in {
};
services = {
emacs = {
enable = true;
package = myEmacs;
install = true;
};
printing.enable = true;
fwupd.enable = true;
unifi.enable = false;
@ -215,7 +214,7 @@ in {
};
programs.ssh.knownHosts = {
"[192.168.122.249]:7022".publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJd1dn/0YmUEInXbNTpUFNwzDrP0/FoMEJJc+3yYkZaCMrT0WPS5rFlkWJZ8mQf8udnfUWnTZzpDwIvXpfMQqf0=";
"[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
};
system.autoUpgrade.allowReboot = false;

56
hosts/weatherzero/default.nix Normal file
View File

@ -0,0 +1,56 @@
{
config,
pkgs,
lib,
...
}: let
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
];
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
in {
_module.args.isUnstable = false;
imports = [
./hardware-configuration.nix
];
defaultUsers.enable = false;
boot = {
initrd.availableKernelModules = lib.mkForce [
"mmc_block"
"usbhid"
"hid_generic"
"hid_microsoft"
];
supportedFilesystems = lib.mkForce ["vfat"];
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0;
};
networking = {
hostName = "wzero";
networkmanager = {enable = true;};
wireless.userControlled.enable = true;
hosts."100.120.151.126" = ["graph.tapenet.org"];
};
users.users.weather = {
shell = pkgs.zsh;
isNormalUser = true;
description = "Weather";
extraGroups = ["wheel"];
};
preDNS.enable = false;
users.users.root = userBase;
#environment.systemPackages = with pkgs; [
#];
system.stateVersion = "21.11";
}

14
hosts/weatherzero/hardware-configuration.nix Normal file
View File

@ -0,0 +1,14 @@
{pkgs, ...}: {
hardware = {
deviceTree = {
enable = true;
overlays = ["${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo"];
};
enableRedistributableFirmware = true;
i2c.enable = true;
firmware = with pkgs; [
raspberrypiWirelessFirmware
];
};
}

2
install_template.nix
View File

@ -42,7 +42,7 @@ in {
};
# neovim will overwrite my neovim!!
environment.systemPackages = with pkgs; [neovim nixfmt jq];
environment.systemPackages = with pkgs; [neovim jq];
services.openssh = {
enable = true;

2
installer.nix
View File

@ -102,7 +102,7 @@ in {
'';
boot.tmp.cleanOnBoot = true;
environment.systemPackages = with pkgs; [apg inetutils nixfmt];
environment.systemPackages = with pkgs; [apg inetutils];
environment.interactiveShellInit = ''
alias vi=nvim

8
lib/default.nix
View File

@ -24,6 +24,12 @@
in
prStatus;
prIsOpen = {
option = pr: a: let
prStatus = getPrStatus pr;
in
if prStatus.status == "open"
then a
else {};
pkg = pr: localPkg: upstreamPkg: let
prStatus = getPrStatus pr;
in
@ -128,6 +134,7 @@
'';
nativeBuildInputs = with pkgs; [
curl
dasel
deadnix
git
git-bug
@ -136,6 +143,7 @@
nil
nix-diff
nix-output-monitor
nix-prefetch-github
shfmt
sops
ssh-to-age

81
modules/rtlamr2mqtt.nix Normal file
View File

@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
with pkgs; let
cfg = config.services.rtlamr2mqtt;
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix {};
settingsFormat = pkgs.formats.json {};
settingsType = settingsFormat.type;
prettyJSON = conf:
pkgs.runCommandLocal "rtlamr2mqtt-config.json" {} ''
echo '${
builtins.toJSON conf
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
in {
options = with lib; {
services.rtlamr2mqtt = {
enable = mkEnableOption "Enable rtlamr2mqtt";
user = mkOption {
type = with types; oneOf [str int];
default = "rtlamr2mqtt";
description = ''
The user the service will use.
'';
};
group = mkOption {
type = with types; oneOf [str int];
default = "rtlamr2mqtt";
description = ''
The user the service will use.
'';
};
configuration = mkOption {
type = settingsType;
description = ''
Specify the configuration for rtlamr2mqtt in Nix.
'';
};
package = mkOption {
type = types.package;
default = rtlamr2mqtt;
defaultText = literalExpression "pkgs.rtlamr2mqtt";
description = "The package to use for rtlamr2mqtt";
};
};
};
config = lib.mkIf cfg.enable {
users.groups.rtlamr2mqtt = {};
users.users.rtlamr2mqtt = {
description = "rtlamr2mqtt service user";
isSystemUser = true;
home = "/var/lib/rtlamr2mqtt";
createHome = true;
group = "rtlamr2mqtt";
extraGroups = ["plugdev"];
};
systemd.services.rtlamr2mqtt = {
enable = true;
description = "rtlamr2mqtt server";
wantedBy = ["multi-user.target"];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "/var/lib/rtlamr2mqtt";
ExecStart = "${cfg.package}/bin/rtlamr2mqtt ${prettyJSON cfg.configuration}";
};
};
};
}

9
monitoring/default.nix
View File

@ -15,12 +15,15 @@ with lib; let
;
nginxCfg = config.services.nginx;
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: _: ''
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v:
if v.fsType != "sshfs"
then ''
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
if space usage > 90% then alert
if inode usage > 90% then alert
'')
fsList)));
''
else "")
fsList)));
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: ''
check host ${f} with address ${f}
if failed port 80 protocol http then alert

41
overlays/default.nix
View File

@ -7,22 +7,45 @@
#_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix);
#openssh = import ./openssh.nix;
#obsidian = prIsOpen.overlay 235408 (import ./obsidian.nix);
tailscale = prIsOpen.overlay 239176 import ./tailscale.nix;
#jetbrains = prIsOpen 232308 (import ./jetbrains.nix);
tidal-hifi = prIsOpen.overlay 238572 (import ./tidal-hifi.nix);
matrix-synapse = prIsOpen.overlay 238845 (import ./matrix-synapse.nix);
nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
#tailscale = prIsOpen.overlay 239176 import ./tailscale.nix;
#tidal-hifi = prIsOpen.overlay 239732 (import ./tidal-hifi.nix);
matrix-synapse = prIsOpen.overlay 252544 (import ./matrix-synapse.nix);
#nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
#rex = prIsOpen.overlay 0 (import ./rex.nix);
in {
nixpkgs.overlays =
if isUnstable
then [
tailscale
tidal-hifi
nixd
#rex
heisenbridge
(_: super: {
clementine = super.clementine.overrideAttrs (_: {
patches = [
(super.fetchpatch {
name = "clementine-di-radio-fix.diff";
url = "https://patch-diff.githubusercontent.com/raw/clementine-player/Clementine/pull/7217.diff";
hash = "sha256-kaKc2YFkXJRPibbKbBCHvlm6Y/H9zS83ohMxtUNUFlM=";
})
];
});
})
]
else [
#rex
matrix-synapse
tailscale
heisenbridge
(_: super: {
invidious = super.invidious.overrideAttrs (_: {
patches = [
(super.fetchpatch {
name = "invidious-newpipe.diff";
url = "https://patch-diff.githubusercontent.com/raw/iv-org/invidious/pull/4037.patch";
hash = "sha256-KyqQtmfIPIX48S8SZnSlvCLvdw6Ws1u0oWEk8jLKWlU=";
})
];
});
})
];
}
# Example Python dep overlay

17
overlays/heisenbridge.nix Normal file
View File

@ -0,0 +1,17 @@
let
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
heisenbridge = _: super: {
heisenbridge = super.heisenbridge.overrideAttrs (_: rec {
version = "1.14.5";
pname = "heisenbridge";
src = super.fetchFromGitHub {
owner = "hifi";
repo = pname;
rev = "refs/tags/v${version}";
inherit hash;
};
});
};
in
heisenbridge

17
overlays/jetbrains.nix
View File

@ -1,17 +0,0 @@
let
jetbrains = _: super: {
# Override jetbrains idea-ultimate until the newer version is available
jetbrains =
super.jetbrains
// {
idea-ultimate = super.jetbrains.idea-ultimate.overrideAttrs (_: rec {
version = "2023.1.2";
src = super.fetchurl {
url = "https://download-cdn.jetbrains.com/idea/ideaIU-${version}.tar.gz";
sha256 = "sha256-4aJgcOkb3Gp9JirtoxanKQjR/7uLUA8IZmW/zSneJJo=";
};
});
};
};
in
jetbrains

9
overlays/matrix-synapse.nix
View File

@ -1,20 +1,21 @@
let
hash = "sha256-rLEewCN8OdZ4wIWQRbLkxVF/VOAESTLAVQLfUu/PYsA=";
sha256 = "sha256-aOoSvT6e2x7JcXoQ2sVTCDvkWupixLzpbk3cTHVQs7I=";
matrix-synapse = _: super: {
matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec {
version = "1.86.0";
version = "1.91.0";
pname = "matrix-synapse";
src = super.fetchFromGitHub {
owner = "matrix-org";
repo = "synapse";
rev = "v${version}";
hash = "sha256-vSNAISWTTT3IAeA8hxQhQNp9T3soey4vgh7v+BxI+K0=";
inherit hash;
};
cargoDeps = super.rustPlatform.fetchCargoTarball {
inherit src;
inherit src sha256;
name = "${pname}-${version}";
sha256 = "sha256-lPLhh5FkxpBUQ5UH6eAfUIyGvHIcZHmbYBT5QUW/W4k=";
};
});
};

10
overlays/rex.nix Normal file
View File

@ -0,0 +1,10 @@
let
rex = _: super: {
rex = super.rex.overrideAttrs (_: {
postPatch = ''
patchShebangs bin
'';
});
};
in
rex

30
overlays/tailscale.nix
View File

@ -12,24 +12,20 @@ let
"-X tailscale.com/version.shortStamp=${version}"
];
#tailscale = _: super: {
# tailscale = super.tailscale.overrideAttrs (_: {
# version = "1.44.0";
# src = super.fetchFromGitHub fetchArgs
# inherit vendorHash ldflags version;
# ];
# });
#};
tailscale = _: super: {
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
buildGoModule = args:
super.buildGo120Module (args
// {
src = super.fetchFromGitHub fetchArgs;
inherit vendorHash ldflags version;
});
};
tailscale = super.tailscale.overrideAttrs (_: {
src = super.fetchFromGitHub fetchArgs;
inherit vendorHash ldflags version;
});
};
#tailscale = _: super: {
# tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
# buildGoModule = args:
# super.buildGo120Module (args // {
# src = super.fetchFromGitHub fetchArgs;
# inherit vendorHash ldflags version;
# });
# };
#};
in
tailscale

4
overlays/tidal-hifi.nix
View File

@ -1,11 +1,11 @@
let
tidal-hifi = _: super: {
tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec {
version = "5.2.0";
version = "5.3.0";
src = super.fetchurl {
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
sha256 = "sha256-ZdEbGsGt1Z/vve3W/Z6Pw1+m5xoTY/l7Es03yM4T0tE=";
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
};
});
};

29
pkgs/clilol.nix Normal file
View File

@ -0,0 +1,29 @@
{
lib,
buildGoModule,
fetchgit,
...
}:
buildGoModule rec {
pname = "clilol";
version = "1.0.4";
src = fetchgit {
url = "https://git.mcornick.dev/mcornick/clilol.git";
rev = "v${version}";
hash = "sha256-VlL5prd021JrOf33jUdqORk9MxpyRQHNMpqDoSLLYi8=";
};
vendorHash = "sha256-i4UG52Z1zTM4VHBaNf5IYfQKnpC5iZTkK6L5hyQ6f4s=";
# attempts to make calls to api.omg.lol
doCheck = false;
meta = with lib; {
description = "a CLI for omg.lol";
homepage = "https://mcornick.dev/clilol/";
changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}";
license = licenses.mpl20;
maintainers = [maintainers.qbit];
};
}

31
pkgs/fyne.nix Normal file
View File

@ -0,0 +1,31 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
}:
with lib;
buildGoModule rec {
pname = "fyne";
version = "2.3.5";
src = fetchFromGitHub {
owner = "fyne-io";
repo = pname;
rev = "v${version}";
sha256 = "sha256-iSQ1oqUePxDyjQTKNazX0IZyHAoz50bqukV2CmQjrAk=";
};
vendorHash = null;
proxyVendor = true;
subPackages = ["cmd/fyne"];
meta = {
description = "Fyne command line tool";
homepage = "https://github.com/fyne-io/fyne";
license = licenses.bsd3;
maintainers = with maintainers; [qbit];
};
}

10
pkgs/gotosocial.nix
View File

@ -1,21 +1,21 @@
{
lib,
buildGo119Module,
buildGoModule,
fetchFromGitHub,
go,
ffmpeg,
...
}: let
gotosocialVersion = "0.9.0";
gtswaHash = "sha256:1yxyl8q0dqpv3cqzxj0anh8rskk3rmw9mjnjkm4svc0vgaph1y1s";
gtssHash = "sha256-UZRIQTdVESCYv2KW7HUS2c4bS5qnB7wdwiYAgEJ60fU=";
gotosocialVersion = "0.11.0";
gtswaHash = "sha256:0qbs4a3wblrlcr1l5155p54vdd6hn2szkdns99wxjhjr8kw6dbil";
gtssHash = "sha256-qbq5pDvG2L1s6BG+sh7eagcFNH/DWyANMQaAl2WcQzE=";
gotosocialWebAssets = builtins.fetchurl {
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${gotosocialVersion}/gotosocial_${gotosocialVersion}_web-assets.tar.gz";
sha256 = gtswaHash;
};
in
with lib;
buildGo119Module rec {
buildGoModule rec {
pname = "gotosocial";
version = gotosocialVersion;

31
pkgs/govulncheck.nix
View File

@ -1,31 +0,0 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
}:
with lib;
buildGoModule rec {
name = "vuln";
src = fetchFromGitHub {
owner = "golang";
repo = name;
rev = "03dd099d9b0dd4e0a3ab25b3192b9d95c97252ea";
sha256 = "sha256-UJ2svg/exjwH/T3dqHixRgD6ZqYjbV/MpnEEaFza6Ns=";
};
vendorSha256 = "sha256-tk186BCy8l0o1mxaWXcz0BWVMvvMvhEGcTmDdthJlcc=";
#> github.com/tidwall/pretty@v1.2.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
doCheck = false;
subPackages = ["cmd/govulncheck"];
meta = {
description = "tools for the Go vulnerability database";
homepage = "https://github.com/golang/vuln";
license = licenses.isc;
maintainers = with maintainers; [qbit];
};
}

51
pkgs/mvoice.nix Normal file
View File

@ -0,0 +1,51 @@
{
lib,
stdenv,
fetchFromGitHub,
pkgs,
...
}:
stdenv.mkDerivation {
pname = "mvoice";
version = "unstable-2023-05-30";
src = fetchFromGitHub {
owner = "n7tae";
repo = "mvoice";
rev = "8e0a9fb350f8308d7ee7e07e3cc48e7c33a7be64";
sha256 = "sha256-DNCF/m56owu8DYcv2lLxUZ+mVpmivXbPjBFE2V/23pE=";
};
nativeBuildInputs = with pkgs; [
alsa-lib
curl
fltk
gcc
gettext
gnutls
msgpack
opendht
paprefs
pavucontrol
pulseaudio
];
prePatch = ''
substituteInPlace Makefile \
--replace "/bin/cp" "cp"
substituteInPlace Makefile \
--replace "/bin/rm" "rm"
'';
preBuild = ''
export HOME=$out
'';
meta = with lib; {
description = "A prototype M17 voice application for ham radio";
homepage = "https://github.com/n7tae/mvoice";
license = licenses.gpl3;
platforms = platforms.unix;
maintainers = with maintainers; [qbit];
};
}

165
pkgs/openssh/common.nix Normal file
View File

@ -0,0 +1,165 @@
{ pname
, version
, extraDesc ? ""
, src
, extraPatches ? []
, extraNativeBuildInputs ? []
, extraConfigureFlags ? []
, extraMeta ? {}
}:
{ lib, stdenv
# This *is* correct, though unusual. as a way of getting krb5-config from the
# package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606
, pkgs
, autoreconfHook
, zlib
, libressl
, libedit
, pkg-config
, pam
, libredirect
, etcDir ? "/etc/ssh"
, withKerberos ? true
, libkrb5
, libfido2
, hostname
, nixosTests
, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
, withPAM ? stdenv.hostPlatform.isLinux
, linkOpenssl ? true
}:
stdenv.mkDerivation {
inherit pname version src;
patches = [
./locale_archive.patch
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
./dont_create_privsep_path.patch
] ++ extraPatches;
postPatch =
# On Hydra this makes installation fail (sometimes?),
# and nix store doesn't allow such fancy permission bits anyway.
''
substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
'';
strictDeps = true;
nativeBuildInputs = [ autoreconfHook pkg-config ]
# This is not the same as the libkrb5 from the inputs! pkgs.libkrb5 is
# needed here to access krb5-config in order to cross compile. See:
# https://github.com/NixOS/nixpkgs/pull/107606
++ lib.optional withKerberos pkgs.libkrb5
++ extraNativeBuildInputs;
buildInputs = [ zlib libressl libedit ]
++ lib.optional withFIDO libfido2
++ lib.optional withKerberos libkrb5
++ lib.optional withPAM pam;
preConfigure = ''
# Setting LD causes `configure' and `make' to disagree about which linker
# to use: `configure' wants `gcc', but `make' wants `ld'.
unset LD
'';
# I set --disable-strip because later we strip anyway. And it fails to strip
# properly when cross building.
configureFlags = [
"--sbindir=\${out}/bin"
"--localstatedir=/var"
"--with-pid-dir=/run"
"--with-mantype=man"
"--with-libedit=yes"
"--disable-strip"
(lib.withFeature withPAM "pam")
] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
++ lib.optional withFIDO "--with-security-key-builtin=yes"
++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
++ lib.optional stdenv.isDarwin "--disable-libutil"
++ lib.optional (!linkOpenssl) "--without-openssl"
++ extraConfigureFlags;
${if stdenv.hostPlatform.isStatic then "NIX_LDFLAGS" else null}= [ "-laudit" ] ++ lib.optionals withKerberos [ "-lkeyutils" ];
buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
enableParallelBuilding = true;
hardeningEnable = [ "pie" ];
doCheck = true;
enableParallelChecking = false;
nativeCheckInputs = [ libressl ] ++ lib.optional (!stdenv.isDarwin) hostname;
preCheck = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
# construct a dummy HOME
export HOME=$(realpath ../dummy-home)
mkdir -p ~/.ssh
# construct a dummy /etc/passwd file for the sshd under test
# to use to look up the connecting user
DUMMY_PASSWD=$(realpath ../dummy-passwd)
cat > $DUMMY_PASSWD <<EOF
$(whoami)::$(id -u):$(id -g)::$HOME:$SHELL
EOF
# we need to NIX_REDIRECTS /etc/passwd both for processes
# invoked directly and those invoked by the "remote" session
cat > ~/.ssh/environment.base <<EOF
NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD
LD_PRELOAD=${libredirect}/lib/libredirect.so
EOF
# use an ssh environment file to ensure environment is set
# up appropriately for build environment even when no shell
# is invoked by the ssh session. otherwise the PATH will
# only contain default unix paths like /bin which we don't
# have in our build environment
cat - regress/test-exec.sh > regress/test-exec.sh.new <<EOF
cp $HOME/.ssh/environment.base $HOME/.ssh/environment
echo "PATH=\$PATH" >> $HOME/.ssh/environment
EOF
mv regress/test-exec.sh.new regress/test-exec.sh
# explicitly enable the PermitUserEnvironment feature
substituteInPlace regress/test-exec.sh \
--replace \
'cat << EOF > $OBJ/sshd_config' \
$'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes'
# some tests want to use files under /bin as example files
for f in regress/sftp-cmds.sh regress/forwarding.sh; do
substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))"
done
# set up NIX_REDIRECTS for direct invocations
set -a; source ~/.ssh/environment.base; set +a
'';
# integration tests hard to get working on darwin with its shaky
# sandbox
# t-exec tests fail on musl
checkTarget = lib.optional (!stdenv.isDarwin && !stdenv.hostPlatform.isMusl) "t-exec"
# other tests are less demanding of the environment
++ [ "unit" "file-tests" "interop-tests" ];
installTargets = [ "install-nokeys" ];
installFlags = [
"sysconfdir=\${out}/etc/ssh"
];
passthru.tests = {
borgbackup-integration = nixosTests.borgbackup;
};
meta = with lib; {
description = "An implementation of the SSH protocol${extraDesc}";
homepage = "https://www.openssh.com/";
changelog = "https://www.openssh.com/releasenotes.html";
license = licenses.bsd2;
platforms = platforms.unix ++ platforms.windows;
maintainers = (extraMeta.maintainers or []) ++ (with maintainers; [ eelco aneeshusa ]);
mainProgram = "ssh";
} // extraMeta;
}

23
pkgs/openssh/default.nix Normal file
View File

@ -0,0 +1,23 @@
{
callPackage,
lib,
fetchFromGitHub,
}: let
inherit (builtins) readFile fromJSON;
common = opts: callPackage (import ./common.nix opts) {};
verStr = fromJSON (readFile ./version.json);
in {
openssh = common {
pname = "openssh";
inherit (verStr) version;
src = fetchFromGitHub {
inherit (verStr) rev hash;
owner = "openssh";
repo = "openssh-portable";
};
extraPatches = [./ssh-keysign-8.5.patch];
extraMeta.maintainers = with lib.maintainers; [qbit];
};
}

12
pkgs/openssh/dont_create_privsep_path.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git i/Makefile.in w/Makefile.in
index 04e1c8e5..9bd5d01b 100644
--- i/Makefile.in
+++ w/Makefile.in
@@ -329,7 +329,6 @@ install-files:
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
$(MKDIR_P) $(DESTDIR)$(libexecdir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)

15
pkgs/openssh/locale_archive.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git i/session.c w/session.c
index 58826db1..658dd911 100644
--- i/session.c
+++ w/session.c
@@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ /* NixOS path to the glibc locale archive, to be set in the systemd job */
+ if (getenv("LOCALE_ARCHIVE"))
+ child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE"));
+
/* Set custom environment options from pubkey authentication. */
if (options.permit_user_env) {
for (n = 0 ; n < auth_opts->nenv; n++) {

24
pkgs/openssh/ssh-keysign-8.5.patch Normal file
View File

@ -0,0 +1,24 @@
diff --git a/pathnames.h b/pathnames.h
index cb44caa4..354fdf05 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -124,7 +124,7 @@
/* Location of ssh-keysign for hostbased authentication */
#ifndef _PATH_SSH_KEY_SIGN
-#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign"
+#define _PATH_SSH_KEY_SIGN "ssh-keysign"
#endif
/* Location of ssh-pkcs11-helper to support keys in tokens */
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -2021,7 +2021,7 @@
debug3_f("[child] pid=%ld, exec %s",
(long)getpid(), _PATH_SSH_KEY_SIGN);
- execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
+ execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN,
strerror(errno));
}

1
pkgs/openssh/version.json Normal file
View File

@ -0,0 +1 @@
{"rev":"f98031773db361424d59e3301aa92aacf423d920","hash":"sha256-MxEwe4x/PIjofzGzQC4LhladRQT5AcnDa+BwMm0DQx4=","version":"2023-08-29"}

27
pkgs/rtlamr.nix Normal file
View File

@ -0,0 +1,27 @@
{
lib,
buildGoModule,
fetchFromGitHub,
...
}:
with lib;
buildGoModule rec {
pname = "rtlamr";
version = "0.9.3";
src = fetchFromGitHub {
owner = "bemasher";
repo = pname;
rev = "v${version}";
hash = "sha256-0LufLU/wTmCRqTnQBNJg5UnDv0u1Thec5FSWATWqZsQ=";
};
vendorHash = "sha256-uT6zfsWgIot0EMNqwtwJNFXN/WaAyOGfcYJjuyOXT4g=";
meta = {
description = "rtl-sdr receiver for Itron ETR meters";
homepage = "https://github.com/bemasher/rtlamr";
license = licenses.agpl3;
maintainers = with maintainers; [qbit];
};
}

42
pkgs/rtlamr2mqtt.nix Normal file
View File

@ -0,0 +1,42 @@
{
buildPythonPackage,
callPackage,
fetchFromGitHub,
paho-mqtt,
pyusb,
pyyaml,
requests,
rtl-sdr,
...
}: let
rtlamr = callPackage ./rtlamr.nix {};
in
buildPythonPackage {
pname = "rtlamr2mqtt";
version = "unstable-2023-08-17";
format = "none";
nativeBuildInputs = [];
propagatedBuildInputs = [paho-mqtt pyyaml requests pyusb rtlamr rtl-sdr];
doCheck = false;
doBuild = false;
installPhase = ''
mkdir -p $out/bin
cp rtlamr2mqtt-addon/rtlamr2mqtt.py $out/bin/rtlamr2mqtt
cp rtlamr2mqtt-addon/sdl_ids.txt $out/
'';
src = fetchFromGitHub {
owner = "qbit";
repo = "rtlamr2mqtt";
hash = "sha256-WqW+RZQhwYAIvBAizO3/7SdlhWR9ZIIliEq76XwsUEo=";
rev = "631504e";
};
meta = {
mainProgram = "rtlamr2mqtt";
};
}

4
pkgs/secretive.nix
View File

@ -7,12 +7,12 @@
}:
stdenv.mkDerivation rec {
pname = "secretive";
version = "2.2.0";
version = "2.3.1";
src = fetchurl {
name = "Secretive-${version}.zip";
url = "https://github.com/maxgoedjen/secretive/releases/download/v${version}/Secretive.zip";
hash = "sha256-gjB8bevzbgYZ1GtAVMK+IBp9eP+Y79s8RhK/sdg7AI8=";
hash = "sha256-STpyNiiYtEgLqnDxFdlRW0Gyr0pQPK8AJ34rw4JLC70=";
};
buildInputs = [unzip];

8
pkgs/sliding-sync.nix
View File

@ -7,16 +7,16 @@
with lib;
buildGoModule rec {
pname = "sliding-sync";
version = "0.99.3";
version = "0.99.8";
src = fetchFromGitHub {
owner = "matrix-org";
repo = pname;
rev = "v${version}";
hash = "sha256-lmmOq0gkvrIXQmy3rbTga0cC85t0LWjDOqrH1NWUpdA=";
rev = "8e096656f58ffdc15ac5b08fc088eee1187a4a99";
hash = "sha256-4rYLHUlHbQ6KnxyXCCLqG4/zfXdZm4KZX1cOg5ITQPk=";
};
vendorHash = "sha256-447P2TbBUEHmHubHiiZCrFVCj2/tmEuYFzLo27UyCk4=";
vendorHash = "sha256-JYSpjAgIvQFpYmOTifRXHVB6bSrukqSVhmAAmHylPbQ=";
# Note: tests require a postgres install accessible to the current user
doCheck = false;

7
pkgs/yarr.nix
View File

@ -7,14 +7,13 @@
with lib;
buildGoModule rec {
pname = "yarr";
version = "2023-05-16";
version = "2.4";
src = fetchFromGitHub {
owner = "nkanaev";
repo = pname;
#rev = "v${version}";
rev = "7d99edab8d3c054e75feba183bd76fead15712f1";
sha256 = "sha256-gOydL1SyM1bGbErpefWlwhjLWH6j0GGpI/F0kEBHxic=";
rev = "v${version}";
sha256 = "sha256-ZMQ+IX8dZuxyxQhD/eWAe4bGGCVcaCeVgF+Wqs79G+k=";
};
vendorHash = null;

22
pull_requests/238572.json
View File

@ -1,22 +0,0 @@
{
"branches": [
"master",
"nixos-unstable-small",
"nixpkgs-unstable",
"staging",
"staging-next"
],
"error": "",
"pull_request": 238572,
"release": "unstable",
"status": "open",
"status_info": {
"master": true,
"nixos-unstable": false,
"nixos-unstable-small": true,
"nixpkgs-unstable": true,
"staging": true,
"staging-next": true
},
"title": "tidal-hifi: 5.1.0 -> 5.2.0"
}

22
pull_requests/238779.json
View File

@ -1,22 +0,0 @@
{
"branches": [
"master",
"nixos-unstable-small",
"nixpkgs-unstable",
"staging",
"staging-next"
],
"error": "",
"pull_request": 238779,
"release": "unstable",
"status": "open",
"status_info": {
"master": true,
"nixos-unstable": false,
"nixos-unstable-small": true,
"nixpkgs-unstable": true,
"staging": true,
"staging-next": true
},
"title": "nixd: 1.0.0 -> 1.1.0"
}

9
pull_requests/239176.json
View File

@ -1,9 +0,0 @@
{
"branches": [],
"error": "",
"pull_request": 239176,
"release": "stable",
"status": "open",
"status_info": {},
"title": "tailscale: 1.42.0 -> 1.44.0"
}

7
pull_requests/238845.json → pull_requests/252544.json
View File

@ -1,20 +1,17 @@
{
"branches": [
"nixos-23.05-small",
"nixpkgs-23.05-darwin",
"release-23.05",
"staging-23.05",
"staging-next-23.05"
],
"error": "",
"pull_request": 238845,
"pull_request": 252544,
"release": "stable",
"status": "open",
"status_info": {
"nixos-23.05-small": false,
"release-23.05": true,
"staging-23.05": true,
"staging-next-23.05": true
},
"title": "matrix-synapse: 1.85.2 -> 1.86.0"
"title": "matrix-synapse: 1.90.0 -> 1.91.0"
}

BIN
xintray-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 388 KiB