AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

large cleanup and some fixes

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-03-27 20:57:06 +03:00
parent 9fa46edbb1
commit 64fc29f902
57 changed files with 237 additions and 3267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
compat/default.nix
View File

@ -1 +0,0 @@
{ ... }: (builtins.getFlake (toString ../.)).legacyPackages.${builtins.currentSystem}

9
default.nix
View File

@ -1,9 +0,0 @@
{ ... }:
let
self = (import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in fetchTarball {
url =
"https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}) { src = ./.; }).defaultNix;
in self // self.legacyPackages.${builtins.currentSystem}

693
flake.lock generated
View File

@ -1,46 +1,5 @@
{
"nodes": {
"alejandra": {
"inputs": {
"fenix": "fenix",
"flakeCompat": "flakeCompat",
"nixpkgs": [
"webcord",
"dream2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1658427149,
"narHash": "sha256-ToD/1z/q5VHsLMrS2h96vjJoLho59eNRtknOUd19ey8=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "f5a22afd2adfb249b4e68e0b33aa1f0fb73fb1be",
"type": "github"
},
"original": {
"owner": "kamadorueda",
"repo": "alejandra",
"type": "github"
}
},
"all-cabal-json": {
"flake": false,
"locked": {
"lastModified": 1665552503,
"narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=",
"owner": "nix-community",
"repo": "all-cabal-json",
"rev": "d7c0434eebffb305071404edcf9d5cd99703878e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "hackage",
"repo": "all-cabal-json",
"type": "github"
}
},
"arkenfox-userjs": {
"flake": false,
"locked": {
@ -108,125 +67,14 @@
"type": "gitlab"
}
},
"crane": {
"flake": false,
"locked": {
"lastModified": 1670284777,
"narHash": "sha256-JF0pc0s4z/X+Iy+lNHOwUQ8I5bz+q7uX4HrKTNIEj24=",
"owner": "ipetkov",
"repo": "crane",
"rev": "2243fb9c872de25cb564a02d324ea6a5b9853052",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1674127017,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"devshell": {
"flake": false,
"locked": {
"lastModified": 1663445644,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=",
"owner": "numtide",
"repo": "devshell",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"dream2nix": {
"inputs": {
"alejandra": "alejandra",
"all-cabal-json": "all-cabal-json",
"crane": "crane",
"devshell": "devshell",
"flake-parts": "flake-parts_2",
"flake-utils-pre-commit": "flake-utils-pre-commit",
"ghc-utils": "ghc-utils",
"gomod2nix": "gomod2nix",
"mach-nix": "mach-nix",
"nix-pypi-fetcher": "nix-pypi-fetcher",
"nixpkgs": [
"webcord",
"nixpkgs"
],
"poetry2nix": "poetry2nix",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1670715183,
"narHash": "sha256-l3OhVCCimrN1HFPfqfKAyzuMuPxNXZYLsI9w7AaQXv8=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "3d6f13ef9d4cb8c41bc83383bbec3e74865ef90d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"webcord",
"dream2nix",
"alejandra",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1657607339,
"narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=",
"owner": "nix-community",
"repo": "fenix",
"rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -300,54 +148,6 @@
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_9": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -363,46 +163,6 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1678379998,
"narHash": "sha256-TZdfNqftHhDuIFwBcN9MUThx5sQXCTeZk9je5byPKRw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c13d60b89adea3dc20704c045ec4d50dd964d447",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1668450977,
"narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-registry": {
"flake": false,
"locked": {
@ -470,21 +230,6 @@
"type": "github"
}
},
"flake-utils-pre-commit": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1644229661,
@ -546,21 +291,6 @@
}
},
"flake-utils_6": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
@ -575,38 +305,6 @@
"type": "github"
}
},
"flakeCompat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"ghc-utils": {
"flake": false,
"locked": {
"lastModified": 1662774800,
"narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=",
"ref": "refs/heads/master",
"rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea",
"revCount": 1072,
"type": "git",
"url": "https://gitlab.haskell.org/bgamari/ghc-utils"
},
"original": {
"type": "git",
"url": "https://gitlab.haskell.org/bgamari/ghc-utils"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -629,28 +327,12 @@
"type": "github"
}
},
"gomod2nix": {
"flake": false,
"locked": {
"lastModified": 1627572165,
"narHash": "sha256-MFpwnkvQpauj799b4QTBJQFEddbD02+Ln5k92QyHOSk=",
"owner": "tweag",
"repo": "gomod2nix",
"rev": "67f22dd738d092c6ba88e420350ada0ed4992ae8",
"type": "github"
},
"original": {
"owner": "tweag",
"repo": "gomod2nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
"utils": "utils"
},
"locked": {
"lastModified": 1679786039,
@ -743,25 +425,6 @@
"type": "github"
}
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1679832509,
"narHash": "sha256-LZecjt8KSlAEVJgaVPcXX6XBTsf/hyYB4AWThsA6f2M=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "7068824f9ec4364c9375605f5af43793dd2eebee",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lib-aggregate",
"type": "github"
}
},
"libnbtplusplus": {
"flake": false,
"locked": {
@ -794,21 +457,6 @@
"type": "github"
}
},
"mach-nix": {
"flake": false,
"locked": {
"lastModified": 1634711045,
"narHash": "sha256-m5A2Ty88NChLyFhXucECj6+AuiMZPHXNbw+9Kcs7F6Y=",
"owner": "DavHau",
"repo": "mach-nix",
"rev": "4433f74a97b94b596fa6cd9b9c0402104aceef5d",
"type": "github"
},
"original": {
"id": "mach-nix",
"type": "indirect"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
@ -832,7 +480,7 @@
},
"nix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat",
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression"
@ -853,7 +501,7 @@
},
"nix-alien": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3",
"nix-index-database": "nix-index-database",
"nixpkgs": [
@ -893,25 +541,6 @@
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1679275630,
"narHash": "sha256-2KyRlBpeUpQzgC+2K73NWriiS9rUsdF8bo9uf5qwWco=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "5286437bac7f1cb6d96c05879215ed8cb51e9873",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@ -933,25 +562,9 @@
"type": "github"
}
},
"nix-pypi-fetcher": {
"flake": false,
"locked": {
"lastModified": 1669065297,
"narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=",
"owner": "DavHau",
"repo": "nix-pypi-fetcher",
"rev": "a9885ac6a091576b5195d547ac743d45a2a615ac",
"type": "github"
},
"original": {
"owner": "DavHau",
"repo": "nix-pypi-fetcher",
"type": "github"
}
},
"nix-vscode-marketplace": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs"
@ -1038,39 +651,6 @@
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1679791877,
"narHash": "sha256-tTV1Mf0hPWIMtqyU16Kd2JUBDWvfHlDC9pF57vcbgpQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "cc060ddbf652a532b54057081d5abd6144d01971",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"dir": "lib",
"lastModified": 1665349835,
"narHash": "sha256-UK4urM3iN80UXQ7EaOappDzcisYIuEURFRoGQ/yPkug=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "34c5293a71ffdb2fe054eb5288adc1882c1eb0b1",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1679866589,
@ -1119,29 +699,6 @@
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_6",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1679865057,
"narHash": "sha256-67JQKnO7ixAxBWpL5h3HMDWWSz06eqwlzbFmFdSSxEc=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "9b7ecd63e27a56a3e434dcea01b8e62bd5792774",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1679172431,
@ -1207,22 +764,6 @@
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1679271670,
"narHash": "sha256-QKC6m81hD6JcBzGhRvI+HDEktEzf78vr5bhM3WCIeQU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "18b17c58dc248a66469df89e3d334b305d8235ec",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1678693419,
"narHash": "sha256-bbSv5yqZAW6dz+3f3f3pOUZbxpPN+3OgCljgn7P+nnQ=",
@ -1238,22 +779,6 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1670507980,
"narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2787fc7d1e51404678614bf0fe92fc296746eec0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1679863610,
@ -1269,26 +794,9 @@
"type": "github"
}
},
"poetry2nix": {
"flake": false,
"locked": {
"lastModified": 1666918719,
"narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "289efb187123656a116b915206e66852f038720e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "1.36.0",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_8",
"flake-compat": "flake-compat_5",
"flake-utils": [
"prismlauncher",
"flake-utils"
@ -1314,39 +822,12 @@
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-utils": [
"webcord",
"dream2nix",
"flake-utils-pre-commit"
],
"nixpkgs": [
"webcord",
"dream2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1646153636,
"narHash": "sha256-AlWHMzK+xJ1mG267FdT8dCq/HvLCA6jwmx2ZUy5O8tY=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "b6bc0b21e1617e2b07d8205e7fae7224036dfa4b",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"prismlauncher": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_7",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_6",
"libnbtplusplus": "libnbtplusplus",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@ -1364,29 +845,13 @@
"type": "github"
}
},
"qbittorrent-ee": {
"flake": false,
"locked": {
"lastModified": 1679297058,
"narHash": "sha256-hCjpQtVNZuxM18mMvKUjHdVZZ5lMwQp5rml8E062l10=",
"owner": "c0re100",
"repo": "qBittorrent-Enhanced-Edition",
"rev": "6c683009891892c1fc28c8539ef29886a04550f0",
"type": "github"
},
"original": {
"owner": "c0re100",
"repo": "qBittorrent-Enhanced-Edition",
"type": "github"
}
},
"rnix-lsp": {
"inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_3"
"utils": "utils_2"
},
"locked": {
"lastModified": 1669555118,
@ -1407,8 +872,6 @@
"arkenfox-userjs": "arkenfox-userjs",
"base16": "base16",
"base16-tokyonight-scheme": "base16-tokyonight-scheme",
"deploy-rs": "deploy-rs",
"flake-compat": "flake-compat_2",
"flake-registry": "flake-registry",
"flake-utils-plus": "flake-utils-plus_2",
"home-manager": "home-manager",
@ -1422,35 +885,12 @@
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_5",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-wayland": "nixpkgs-wayland",
"nur": "nur",
"prismlauncher": "prismlauncher",
"qbittorrent-ee": "qbittorrent-ee",
"rnix-lsp": "rnix-lsp",
"rycee": "rycee",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"vscode-server": "vscode-server",
"webcord": "webcord",
"zsh-autosuggestions": "zsh-autosuggestions",
"zsh-nix-shell": "zsh-nix-shell",
"zsh-you-should-use": "zsh-you-should-use"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1657557289,
"narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "caf23f29144b371035b864a1017dbc32573ad56d",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
"vscode-server": "vscode-server"
}
},
"rycee": {
@ -1472,12 +912,12 @@
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_9",
"flake-compat": "flake-compat_6",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": "nixpkgs-22_11",
"utils": "utils_4"
"utils": "utils_3"
},
"locked": {
"lastModified": 1671738303,
@ -1494,21 +934,6 @@
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
@ -1523,7 +948,7 @@
"type": "github"
}
},
"utils_3": {
"utils_2": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
@ -1538,7 +963,7 @@
"type": "github"
}
},
"utils_4": {
"utils_3": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
@ -1573,42 +998,6 @@
"type": "github"
}
},
"webcord": {
"inputs": {
"dream2nix": "dream2nix",
"nixpkgs": "nixpkgs_8",
"webcord": "webcord_2"
},
"locked": {
"lastModified": 1670874335,
"narHash": "sha256-nJ1LUVj3dIHP5B+XkZXUvY39OqaZn/MMHSFwsOSPnwI=",
"owner": "fufexan",
"repo": "webcord-flake",
"rev": "b462d57c36d664b48f047c96b2f9de091bff6e8b",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "webcord-flake",
"type": "github"
}
},
"webcord_2": {
"flake": false,
"locked": {
"lastModified": 1670713990,
"narHash": "sha256-e+y/M+/gjezHoNrdXeFhqtvxbPdhRSDOQlwK1nUhNfo=",
"owner": "SpacingBat3",
"repo": "WebCord",
"rev": "80ba858c025e0bb59510f7136211948d8ae10ece",
"type": "github"
},
"original": {
"owner": "SpacingBat3",
"repo": "WebCord",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
@ -1651,54 +1040,6 @@
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
},
"zsh-autosuggestions": {
"flake": false,
"locked": {
"lastModified": 1622844304,
"narHash": "sha256-KLUYpUu4DHRumQZ3w59m9aTW6TBKMCXl2UcKi4uMd7w=",
"owner": "zsh-users",
"repo": "zsh-autosuggestions",
"rev": "a411ef3e0992d4839f0732ebeb9823024afaaaa8",
"type": "github"
},
"original": {
"owner": "zsh-users",
"repo": "zsh-autosuggestions",
"type": "github"
}
},
"zsh-nix-shell": {
"flake": false,
"locked": {
"lastModified": 1648749800,
"narHash": "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ=",
"owner": "chisui",
"repo": "zsh-nix-shell",
"rev": "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08",
"type": "github"
},
"original": {
"owner": "chisui",
"repo": "zsh-nix-shell",
"type": "github"
}
},
"zsh-you-should-use": {
"flake": false,
"locked": {
"lastModified": 1674730812,
"narHash": "sha256-uUQ8E7CcjgBMPhdP6iA/PI5X+4SUr+/FpTrxckiob9Q=",
"owner": "MichaelAquilina",
"repo": "zsh-you-should-use",
"rev": "c062be916d0307fd851023c7afdbf7894b6667b6",
"type": "github"
},
"original": {
"owner": "MichaelAquilina",
"repo": "zsh-you-should-use",
"type": "github"
}
}
},
"root": "root",

77
flake.nix
View File

@ -5,15 +5,7 @@
flake-utils-plus.url = "github:alukardbf/flake-utils-plus";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
};
nix.url = "github:nixos/nix";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
flake-registry = {
url = "github:nixos/flake-registry";
flake = false;
@ -32,14 +24,7 @@
url = "github:alukardbf/base16-tokyonight-scheme";
flake = false;
};
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "github:hyprwm/Hyprland";
# inputs.nixpkgs.follows = "nixpkgs";
};
hyprland.url = "github:hyprwm/Hyprland";
hyprpaper = {
url = "github:hyprwm/hyprpaper";
inputs.nixpkgs.follows = "nixpkgs";
@ -59,10 +44,6 @@
};
nur.url = "github:nix-community/NUR";
prismlauncher.url = "github:AtaraxiaSjel/PrismLauncher/develop";
qbittorrent-ee = {
url = "github:c0re100/qBittorrent-Enhanced-Edition";
flake = false;
};
rnix-lsp = {
url = "github:nix-community/rnix-lsp";
inputs.nixpkgs.follows = "nixpkgs";
@ -77,28 +58,11 @@
};
vscode-server = {
url = "github:msteen/nixos-vscode-server";
# url = "github:MatthewCash/nixos-vscode-server";
inputs.nixpkgs.follows = "nixpkgs";
};
webcord = {
url = "github:fufexan/webcord-flake";
# inputs.nixpkgs.follows = "nixpkgs";
};
zsh-autosuggestions = {
url = "github:zsh-users/zsh-autosuggestions";
flake = false;
};
zsh-nix-shell = {
url = "github:chisui/zsh-nix-shell";
flake = false;
};
zsh-you-should-use = {
url = "github:MichaelAquilina/zsh-you-should-use";
flake = false;
};
};
outputs = { self, nixpkgs, nixos-generators, flake-utils-plus, deploy-rs, ... }@inputs:
outputs = { self, nixpkgs, nixos-generators, flake-utils-plus, ... }@inputs:
let
findModules = dir:
builtins.concatLists (builtins.attrValues (builtins.mapAttrs
@ -264,42 +228,5 @@
customModules = builtins.listToAttrs (findModules ./modules);
nixosProfiles = builtins.listToAttrs (findModules ./profiles);
nixosRoles = import ./roles;
# deploy = {
# user = "root";
# sudo = "doas -u";
# fastConnection = true;
# sshOpts = [ "-A" ];
# # nodes.Hypervisor-VM = {
# # hostname = "192.168.122.63";
# # profiles = {
# # system = {
# # user = "root";
# # sshUser = "ataraxia";
# # path =
# # deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.Hypervisor-VM;
# # };
# # };
# # };
# };
# deploy = {
# user = "root";
# nodes = (builtins.mapAttrs (name: machine:
# let activateable = name == "T420-Laptop" || name == "RasPi-Server";
# in {
# hostname = machine.config.networking.hostName;
# profiles.system = {
# user = if activateable then "root" else "ataraxia";
# path = with deploy-rs.lib.${machine.pkgs.system}.activate;
# if activateable then
# nixos machine
# else
# noop machine.config.system.build.toplevel;
# };
# }) self.nixosConfigurations);
# };
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

237
install/install-btrfs.sh
View File

@ -1,237 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p perl -p gptfdisk -p parted -p git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
DEVICE_NAME=Packard-Server
MAX_JOBS=4
SWAP_SIZE=12GiB
#NIXOS_COMMIT="364b5555ee04bf61ee0075a3adab4c9351a8d38c"
USE_ECNRYPTION=true
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls /dev/disk/by-id/);
do
DISK="/dev/disk/by-id/$ENTRY"
echo "Installing system on $ENTRY"
break
done
read -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
wipefs -af "$DISK"
sgdisk -Zo "$DISK"
fi
pprint "Creating boot (EFI) partition"
sgdisk -n 1:1MiB:+256MiB -t 1:EF00 "$DISK"
BOOT="$DISK-part1"
pprint "Creating SWAP partition"
sgdisk -n 2::+$SWAP_SIZE -t 2:8200 "$DISK"
SWAP="$DISK-part2"
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS partition"
sgdisk -n 3 -t 3:8309 "$DISK"
else
pprint "Creating ROOT partition"
sgdisk -n 3 -t 3:8300 "$DISK"
fi
LINUX="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format BOOT partition $BOOT"
mkfs.vfat "$BOOT"
}
# Using existed partitions
use_old_part_table() {
lsblk -o name,type,size,mountpoint | grep part
pprint "Select BOOT partition (must already be formatted in vfat!)"
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}');
do
BOOT="$ENTRY"
echo "You select $BOOT as BOOT"
break
done
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Select the partition on which LUKS will be created"
else
pprint "Select the partition on which ROOT will be created"
fi
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}');
do
LINUX="$ENTRY"
echo "Installing system on $LINUX"
break
done
pprint "Select the partition on which SWAP will be created"
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}' && echo NONE);
do
SWAP="$ENTRY"
echo "You select $SWAP as SWAP"
break
done
clean_stdin
read -p "> Do you want to format BOOT partition in $BOOT?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
mkfs.vfat "$BOOT"
fi
}
### INSTALLATION BEGIN ###
read -p "> Do you want to encrypt your disk with LUKS?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
USE_ECNRYPTION=true
else
USE_ECNRYPTION=false
fi
read -p "> Do you want to partition the disk (new gpt table)?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
create_new_part_table
else
use_old_part_table
fi
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS container on $LINUX"
clean_stdin
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat "$LINUX"
pprint "Open LUKS container on $LINUX"
LUKS_DEVICE_NAME=cryptroot
clean_stdin
cryptsetup luksOpen "$LINUX" "$LUKS_DEVICE_NAME"
LUKS_DISK="/dev/mapper/$LUKS_DEVICE_NAME"
pprint "Create BTRFS partition on $LUKS_DISK"
BTRFS="${LUKS_DISK}"
else
LINUX_PARTUUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
BTRFS="/dev/disk/by-partuuid/$LINUX_PARTUUID"
fi
if [[ "$SWAP" != "NONE" ]]; then
pprint "Create SWAP partition on $SWAP"
mkswap $SWAP
fi
pprint "Create BTRFS partition on $BTRFS"
mkfs.btrfs -L root -f "$BTRFS"
pprint "Mount BTRFS partition"
mkdir -p /mnt
mount -t btrfs "$BTRFS" /mnt
pprint "Create and mount BTRFS subvolumes"is forbidden in restricted mode
btrfs subvolume create /mnt/nixos
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/var
btrfs subvolume create /mnt/bittorrent
btrfs subvolume create /mnt/libvirt
umount /mnt
mount -t btrfs -o subvol=nixos,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt
mkdir -p /mnt/nix
mount -t btrfs -o subvol=nix,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt/nix
mkdir -p /mnt/home
mount -t btrfs -o subvol=home,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt/home
mkdir -p /mnt/var
mount -t btrfs -o subvol=var,compress-force=zstd,noatime,autodefrag,ssd "$BTRFS" /mnt/var
mkdir -p /mnt/media/bittorrent
chown 1000:100 /mnt/media/bittorrent
mount -t btrfs -o subvol=bittorrent,nodatacow,ssd,uid=1000,gid=100 "$BTRFS" /mnt/media/bittorrent
mkdir -p /mnt/media/libvirt
chown 1000:100 /mnt/media/libvirt
mount -t btrfs -o subvol=libvirt,nodatacow,ssd,uid=1000,gid=100 "$BTRFS" /mnt/media/libvirt
mkdir /mnt/boot
mount "$BOOT" /mnt/boot
pprint "Generate NixOS configuration"
nixos-generate-config --root /mnt
HOSTID=$(head -c8 /etc/machine-id)
LINUX_DISK_UUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
if [[ "$SWAP" != "NONE" ]]; then
SWAP_UUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
fi
HARDWARE_CONFIG=$(mktemp)
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.initrd.supportedFilesystems = [ "btrfs" ];
boot.supportedFilesystems = [ "btrfs" ];
CONFIG
pprint "Append BTRFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" /mnt/etc/nixos/hardware-configuration.nix
if [[ "$SWAP" != "NONE" ]]; then
perl -0777 -pi -e "s#swapDevices.+#swapDevices = [\n {\n device = \"/dev/disk/by-partuuid/$SWAP_UUID\";\n randomEncryption.enable = true;\n }\n ];#" /mnt/etc/nixos/hardware-configuration.nix
fi
sed -i "s#\"subvol=nixos\"#\"subvol=nixos\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
sed -i "s#\"subvol=home\"#\"subvol=home\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
sed -i "s#\"subvol=nix\"#\"subvol=nix\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
sed -i "s#\"subvol=var\"#\"subvol=var\" \"compress-force=zstd\" \"noatime\" \"autodefrag\"#" /mnt/etc/nixos/hardware-configuration.nix
sed -i "s# \"subvol=bittorrent\" #\n \"subvol=bittorrent\" \"nodatacow\"\n \"uid=\${toString config.users.users.alukard.uid}\"\n \"gid=\${toString config.users.groups.users.gid}\"\n #" /mnt/etc/nixos/hardware-configuration.nix
sed -i "s# \"subvol=libvirt\" #\n \"subvol=libvirt\" \"nodatacow\"\n \"uid=\${toString config.users.users.alukard.uid}\"\n \"gid=\${toString config.users.groups.users.gid}\"\n #" /mnt/etc/nixos/hardware-configuration.nix
cp /mnt/etc/nixos/hardware-configuration.nix $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
chown 1000:users ../machines/$DEVICE_NAME/hardware-configuration.nix
# Change <not-detected> for flakes
sed -i "s#<nixpkgs/nixos/modules/installer/scan/not-detected.nix>#\"\${inputs.nixpkgs}/nixos/modules/installer/scan/not-detected.nix\"#" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
clean_stdin
read -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --max-jobs $MAX_JOBS --no-root-passwd --impure
fi
pprint "Copy config to destination system"
mkdir -p /mnt/home/alukard/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config

114
install/install-xfs-vm.sh
View File

@ -1,114 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p perl -p gptfdisk -p parted -p git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
DEVICE_NAME=Wayland-VM
MAX_JOBS=4
SWAP_SIZE=2GiB
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls /dev/disk/by-id/);
do
DISK="/dev/disk/by-id/$ENTRY"
echo "Installing system on $ENTRY"
break
done
wipefs -af "$DISK"
sgdisk -Zo "$DISK"
pprint "Creating boot (EFI) partition"
sgdisk -n 1:1MiB:+128MiB -t 1:EF00 "$DISK"
BOOT="$DISK-part1"
pprint "Creating SWAP partition"
sgdisk -n 2::+$SWAP_SIZE -t 2:8200 "$DISK"
SWAP="$DISK-part2"
pprint "Creating ROOT partition"
sgdisk -n 3 -t 3:8300 "$DISK"
LINUX="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format BOOT partition $BOOT"
mkfs.vfat "$BOOT"
}
### INSTALLATION BEGIN ###
create_new_part_table
LINUX_PARTUUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
XFS="/dev/disk/by-partuuid/$LINUX_PARTUUID"
if [[ "$SWAP" != "NONE" ]]; then
pprint "Create SWAP partition on $SWAP"
mkswap $SWAP
fi
pprint "Create XFS partition on $XFS"
mkfs.xfs -L root -f "$XFS"
pprint "Mount XFS partition"
mkdir -p /mnt
mount -t xfs "$XFS" /mnt
mkdir /mnt/boot
mount "$BOOT" /mnt/boot
pprint "Generate NixOS configuration"
nixos-generate-config --root /mnt
HOSTID=$(head -c8 /etc/machine-id)
LINUX_DISK_UUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
if [[ "$SWAP" != "NONE" ]]; then
SWAP_UUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
fi
HARDWARE_CONFIG=$(mktemp)
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.initrd.supportedFilesystems = [ "xfs" ];
boot.supportedFilesystems = [ "xfs" ];
CONFIG
pprint "Append XFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" /mnt/etc/nixos/hardware-configuration.nix
if [[ "$SWAP" != "NONE" ]]; then
perl -0777 -pi -e "s#swapDevices.+#swapDevices = [\n {\n device = \"/dev/disk/by-partuuid/$SWAP_UUID\";\n randomEncryption.enable = true;\n }\n ];#" /mnt/etc/nixos/hardware-configuration.nix
fi
cp /mnt/etc/nixos/hardware-configuration.nix $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
chown 1000:users ../machines/$DEVICE_NAME/hardware-configuration.nix
# Change <not-detected> for flakes
sed -i "s#<nixpkgs/nixos/modules/installer/scan/not-detected.nix>#\"\${inputs.nixpkgs}/nixos/modules/installer/scan/not-detected.nix\"#" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
clean_stdin
read -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --max-jobs $MAX_JOBS --no-root-passwd --impure
fi
pprint "Copy config to destination system"
mkdir -p /mnt/home/alukard/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config

308
install/install-zfs-enc-boot.sh
View File

@ -1,308 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p gptfdisk parted git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
LUKS_DEVICE_NAME=cryptroot
BOOT_DEVICE_NAME=cryptboot
DEVICE_NAME=Hypervisor-VM
# IS_VM=true
MAX_JOBS=2
USE_SWAP=true
BOOT_POOL_SIZE=4GiB
SWAP_SIZE=1GiB
BOOT_RESERVATION=128M
ROOT_RESERVATION=1G
USE_ECNRYPTION=true
ITER_TIME=2000
PERSIST_MODULE=true
PERSIST_ROOT=/persistent
MAINUSER_NAME=alukard
ASHIFT=13
if [[ "$IS_VM" = true ]]; then
DISK_DEV_NODES="/dev/disk/by-path"
else
DISK_DEV_NODES="/dev/disk/by-id"
fi
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls $DISK_DEV_NODES);
do
DISK="$DISK_DEV_NODES/$ENTRY"
echo "Installing system on $ENTRY"
break
done
read -s -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
sgdisk --zap-all "$DISK"
fi
pprint "Creating boot (EFI) partition"
sgdisk -n1:1MiB:+512MiB -t1:EF00 "$DISK"
EFI="$DISK-part1"
pprint "Creating boot (ZFS) partition"
if [[ "$USE_ECNRYPTION" = true ]]
then
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:8309 "$DISK"
else
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:BF00 "$DISK"
fi
BOOT="$DISK-part2"
if [[ "$USE_SWAP" = true ]]
then
pprint "Creating SWAP partition"
sgdisk -n4:0:+$SWAP_SIZE -t4:8200 "$DISK"
fi
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS partition"
sgdisk -n3:0:0 -t3:8309 "$DISK"
else
pprint "Creating ROOT partition"
sgdisk -n3:0:0 -t3:BF00 "$DISK"
fi
ROOT="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format EFI partition $EFI"
mkfs.vfat -n EFI "$EFI"
}
### INSTALLATION BEGIN ###
create_new_part_table
if [[ "$USE_ECNRYPTION" = true ]]
then
dd if=/dev/urandom of=./keyfile0.bin bs=1024 count=4
pprint "Creating LUKS container on $BOOT"
clean_stdin
cryptsetup --type luks2 --pbkdf argon2id --iter-time $ITER_TIME -c aes-xts-plain64 -s 512 -h sha256 luksFormat "$BOOT"
clean_stdin
pprint "Add keyfile to LUKS container on $BOOT"
cryptsetup luksAddKey $BOOT keyfile0.bin
pprint "Open LUKS container on $BOOT"
cryptsetup luksOpen --allow-discards "$BOOT" "$BOOT_DEVICE_NAME" -d keyfile0.bin
pprint "Creating LUKS container on $ROOT"
clean_stdin
cryptsetup --type luks2 --pbkdf argon2id --iter-time $ITER_TIME -c aes-xts-plain64 -s 512 -h sha256 luksFormat "$ROOT"
clean_stdin
pprint "Add keyfile to LUKS container on $ROOT"
cryptsetup luksAddKey $ROOT keyfile0.bin
pprint "Open LUKS container on $ROOT"
cryptsetup luksOpen --allow-discards "$ROOT" "$LUKS_DEVICE_NAME" -d keyfile0.bin
BOOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$BOOT_DEVICE_NAME)"
# BOOT_POOL="$BOOT"
ROOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$LUKS_DEVICE_NAME)"
else
BOOT_POOL="$BOOT"
ROOT_POOL="$ROOT"
fi
pprint "Create ZFS root pool on $ROOT_POOL"
zpool create \
-f \
-o ashift=$ASHIFT \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=zstd \
-O dnodesize=auto \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/ \
-R /mnt \
rpool "$ROOT_POOL"
pprint "Create ZFS root datasets"
zfs create -o refreservation=$ROOT_RESERVATION -o canmount=off -o mountpoint=none rpool/reserved
# top level datasets
zfs create -o canmount=off -o mountpoint=none rpool/nixos
zfs create -o canmount=off -o mountpoint=none rpool/user
zfs create -o canmount=off -o mountpoint=none rpool/persistent
# empty root
zfs create -o canmount=noauto -o mountpoint=/ rpool/nixos/root
zfs mount rpool/nixos/root
zfs create -o canmount=on -o mountpoint=/home rpool/user/home
# persistent across boots
zfs create -o canmount=on -o mountpoint=$PERSIST_ROOT rpool/persistent/impermanence
if [[ "$PERSIST_MODULE" = true ]]; then
mkdir -p /mnt$PERSIST_ROOT/home/$MAINUSER_NAME
chown 1000:100 /mnt$PERSIST_ROOT/home/$MAINUSER_NAME
chmod 755 /mnt$PERSIST_ROOT/home/$MAINUSER_NAME
fi
zfs create -o canmount=on -o mountpoint=/srv rpool/persistent/servers
zfs create -o canmount=on -o mountpoint=/etc/secrets rpool/persistent/secrets
zfs create -o canmount=on -o mountpoint=/nix rpool/persistent/nix
zfs create -o canmount=on -o mountpoint=/var/log rpool/persistent/log
zfs create -o canmount=noauto -o atime=off rpool/persistent/lxd
zfs create -o canmount=on -o mountpoint=/var/lib/docker -o atime=off rpool/persistent/docker
zfs create -o canmount=on -o mountpoint=/var/lib/podman -o atime=off rpool/persistent/podman
zfs create -o canmount=on -o mountpoint=/var/lib/nixos-containers -o atime=off rpool/persistent/nixos-containers
zfs create -o canmount=on -o mountpoint=/media/bittorrent -o atime=off -o recordsize=256K rpool/persistent/bittorrent
zfs create -o canmount=on -o mountpoint=/media/libvirt -o atime=off -o recordsize=64K rpool/persistent/libvirt
# Create empty zfs snapshots
zfs snapshot rpool/nixos@empty
zfs snapshot rpool/nixos/root@empty
zfs snapshot rpool/user@empty
zfs snapshot rpool/user/home@empty
zfs snapshot rpool/persistent@empty
zfs snapshot rpool/persistent/impermanence@empty
zfs snapshot rpool/persistent/servers@empty
zfs snapshot rpool/persistent/secrets@empty
zfs snapshot rpool/persistent/nix@empty
zfs snapshot rpool/persistent/log@empty
zfs snapshot rpool/persistent/lxd@empty
zfs snapshot rpool/persistent/docker@empty
zfs snapshot rpool/persistent/bittorrent@empty
zfs snapshot rpool/persistent/libvirt@empty
pprint "Create ZFS boot pool on $BOOT_POOL"
zpool create \
-f \
-o compatibility=grub2 \
-o ashift=$ASHIFT \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=lz4 \
-O devices=off \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/boot \
-R /mnt \
bpool "$BOOT_POOL"
pprint "Create ZFS boot datasets"
zfs create -o refreservation=$BOOT_RESERVATION -o canmount=off -o mountpoint=none bpool/reserved
zfs create -o canmount=off -o mountpoint=none bpool/nixos
zfs create -o canmount=on -o mountpoint=/boot bpool/nixos/boot
zfs snapshot bpool/nixos@empty
zfs snapshot bpool/nixos/boot@empty
# Disable cache, stale cache will prevent system from booting
if [[ "$PERSIST_MODULE" = true ]]; then
mkdir -p /mnt"$PERSIST_ROOT"/etc/zfs/
rm -f /mnt"$PERSIST_ROOT"/etc/zfs/zpool.cache
touch /mnt"$PERSIST_ROOT"/etc/zfs/zpool.cache
chmod a-w /mnt"$PERSIST_ROOT"/etc/zfs/zpool.cache
chattr +i /mnt"$PERSIST_ROOT"/etc/zfs/zpool.cache
else
mkdir -p /mnt/etc/zfs/
rm -f /mnt/etc/zfs/zpool.cache
touch /mnt/etc/zfs/zpool.cache
chmod a-w /mnt/etc/zfs/zpool.cache
chattr +i /mnt/etc/zfs/zpool.cache
fi
mkdir -p /mnt/boot/efi
mount -t vfat "$EFI" /mnt/boot/efi
if [[ "$USE_SWAP" = true ]]; then
SWAP="$DISK-part4"
mkswap -L swap -f "$SWAP"
fi
pprint "Generate NixOS configuration"
[[ -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix ]] && CONFIG_EXISTS=true
nixos-generate-config --root /mnt --dir $CONFIG_FOLDER/machines/$DEVICE_NAME
[[ -z "$CONFIG_EXISTS" ]] && rm -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix
HOSTID=$(head -c8 /etc/machine-id)
BOOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$BOOT")
ROOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$ROOT")
[[ ! -z "$SWAP" ]] && SWAP_PARTUUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
HARDWARE_CONFIG=$(mktemp)
if [[ "$USE_ECNRYPTION" = true ]]
then
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices."$BOOT_DEVICE_NAME".device = "/dev/disk/by-partuuid/$BOOT_PARTUUID";
boot.initrd.luks.devices."$LUKS_DEVICE_NAME".device = "/dev/disk/by-partuuid/$ROOT_PARTUUID";
CONFIG
else
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
CONFIG
fi
pprint "Append ZFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
if [[ ! -z "$SWAP" ]]; then
sed -i "s|swapDevices = \[ \];|swapDevices = \[\n {\n device = \"/dev/disk/by-partuuid/$SWAP_PARTUUID\";\n randomEncryption.enable = true;\n randomEncryption.allowDiscards = true;\n }\n \];|" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
fi
chown 1000:100 $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
pprint "Copy config to destination system"
mkdir -p /mnt/home/"$MAINUSER_NAME"/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/"$MAINUSER_NAME"/nixos-config
pprint "Gen ssh host key for initrd"
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/ssh_host_key
chown root:root /mnt/etc/secrets/ssh_host_key
chmod 600 /mnt/etc/secrets/ssh_host_key
if [[ "$USE_ECNRYPTION" = true ]]
then
cp keyfile0.bin /mnt/etc/secrets/keyfile0.bin
chmod 000 /mnt/etc/secrets/keyfile*.bin
fi
clean_stdin
read -s -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --root /mnt --no-root-passwd --max-jobs $MAX_JOBS
fi
umount -Rl /mnt && \
zpool export -a && \
cryptsetup luksClose $BOOT_DEVICE_NAME && \
cryptsetup luksClose $LUKS_DEVICE_NAME

275
install/install-zfs-nonenc-boot.sh
View File

@ -1,275 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p gptfdisk parted git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
LUKS_DEVICE_NAME=cryptroot
DEVICE_NAME=Hypervisor-VM
# IS_VM=true
MAX_JOBS=2
USE_SWAP=true
BOOT_POOL_SIZE=4GiB
SWAP_SIZE=1GiB
BOOT_RESERVATION=128M
ROOT_RESERVATION=1G
USE_ECNRYPTION=true
if [[ "$IS_VM" = true ]]; then
DISK_DEV_NODES="/dev/disk/by-path"
else
DISK_DEV_NODES="/dev/disk/by-id"
fi
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls $DISK_DEV_NODES);
do
DISK="$DISK_DEV_NODES/$ENTRY"
echo "Installing system on $ENTRY"
break
done
read -s -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
sgdisk --zap-all "$DISK"
fi
pprint "Creating boot (EFI) partition"
sgdisk -n1:1MiB:+512MiB -t1:EF00 "$DISK"
EFI="$DISK-part1"
pprint "Creating boot (ZFS) partition"
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:BF00 "$DISK"
BOOT="$DISK-part2"
if [[ "$USE_SWAP" = true ]]
then
pprint "Creating SWAP partition"
sgdisk -n4:0:+$SWAP_SIZE -t4:8200 "$DISK"
fi
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS partition"
sgdisk -n3:0:0 -t3:8309 "$DISK"
else
pprint "Creating ROOT partition"
sgdisk -n3:0:0 -t3:BF00 "$DISK"
fi
ROOT="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format EFI partition $EFI"
mkfs.vfat -n EFI "$EFI"
}
### INSTALLATION BEGIN ###
create_new_part_table
if [[ "$USE_ECNRYPTION" = true ]]
then
dd if=/dev/urandom of=./keyfile0.bin bs=4096 count=4
pprint "Creating LUKS container on $ROOT"
clean_stdin
cryptsetup --type luks2 --pbkdf argon2id -i 20 -c aes-xts-plain64 -s 512 -h sha256 luksFormat "$ROOT"
clean_stdin
pprint "Add keyfile to LUKS container on $ROOT"
cryptsetup luksAddKey $ROOT keyfile0.bin
pprint "Open LUKS container on $ROOT"
cryptsetup luksOpen --allow-discards "$ROOT" "$LUKS_DEVICE_NAME" -d keyfile0.bin
BOOT_POOL="$BOOT"
ROOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$LUKS_DEVICE_NAME)"
else
BOOT_POOL="$BOOT"
ROOT_POOL="$ROOT"
fi
pprint "Create ZFS root pool on $ROOT_POOL"
zpool create \
-f \
-o ashift=12 \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=zstd \
-O dnodesize=auto \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/ \
-R /mnt \
rpool "$ROOT_POOL"
pprint "Create ZFS root datasets"
zfs create -o refreservation=$ROOT_RESERVATION -o canmount=off -o mountpoint=none rpool/reserved
# top level datasets
zfs create -o canmount=off -o mountpoint=none rpool/nixos
zfs create -o canmount=off -o mountpoint=none rpool/user
zfs create -o canmount=off -o mountpoint=none rpool/persistent
# empty root
zfs create -o canmount=noauto -o mountpoint=/ rpool/nixos/root
zfs mount rpool/nixos/root
zfs create -o canmount=on -o mountpoint=/home rpool/user/home
# persistent across boots
zfs create -o canmount=on -o mountpoint=/persistent rpool/persistent/impermanence
zfs create -o canmount=on -o mountpoint=/etc/secrets rpool/persistent/secrets
zfs create -o canmount=on -o mountpoint=/nix rpool/persistent/nix
# zfs create -o canmount=on -o mountpoint=/boot rpool/persistent/boot
zfs create -o canmount=on -o mountpoint=/var/log rpool/persistent/log
zfs create -o canmount=noauto -o atime=off rpool/persistent/lxd
zfs create -o canmount=on -o mountpoint=/var/lib/docker -o atime=off rpool/persistent/docker
zfs create -o canmount=on -o mountpoint=/media/bittorrent -o atime=off -o recordsize=256K rpool/persistent/bittorrent
zfs create -o canmount=on -o mountpoint=/media/libvirt -o atime=off -o recordsize=64K rpool/persistent/libvirt
# Create empty zfs snapshots
zfs snapshot rpool/nixos@empty
zfs snapshot rpool/nixos/root@empty
zfs snapshot rpool/user@empty
zfs snapshot rpool/user/home@empty
pprint "Create ZFS boot pool on $BOOT_POOL"
zpool create \
-f \
-o compatibility=grub2 \
-o ashift=12 \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=lz4 \
-O devices=off \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/boot \
-R /mnt \
bpool "$BOOT_POOL"
# zpool create \
# -f \
# -o ashift=12 \
# -o autotrim=on \
# -O acltype=posixacl \
# -O atime=on \
# -O canmount=off \
# -O compression=zstd \
# -O dnodesize=auto \
# -O normalization=formD \
# -O relatime=on \
# -O xattr=sa \
# -O dedup=off \
# -O mountpoint=/boot \
# -R /mnt \
# bpool "$BOOT_POOL"
pprint "Create ZFS boot datasets"
zfs create -o refreservation=$BOOT_RESERVATION -o canmount=off -o mountpoint=none bpool/reserved
zfs create -o canmount=off -o mountpoint=none bpool/nixos
zfs create -o canmount=on -o mountpoint=/boot bpool/nixos/boot
zfs snapshot bpool/nixos@empty
zfs snapshot bpool/nixos/boot@empty
# Disable cache, stale cache will prevent system from booting
mkdir -p /mnt/etc/zfs/
rm -f /mnt/etc/zfs/zpool.cache
touch /mnt/etc/zfs/zpool.cache
chmod a-w /mnt/etc/zfs/zpool.cache
chattr +i /mnt/etc/zfs/zpool.cache
mkdir -p /mnt/boot/efi
mount -t vfat "$EFI" /mnt/boot/efi
if [[ "$USE_SWAP" = true ]]; then
SWAP="$DISK-part4"
mkswap -L swap -f "$SWAP"
fi
pprint "Generate NixOS configuration"
[[ -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix ]] && CONFIG_EXISTS=true
nixos-generate-config --root /mnt --dir $CONFIG_FOLDER/machines/$DEVICE_NAME
[[ -z "$CONFIG_EXISTS" ]] && rm -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix
HOSTID=$(head -c8 /etc/machine-id)
ROOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$ROOT")
[[ ! -z "$SWAP" ]] && SWAP_PARTUUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
HARDWARE_CONFIG=$(mktemp)
if [[ "$USE_ECNRYPTION" = true ]]
then
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices."$LUKS_DEVICE_NAME".device = "/dev/disk/by-partuuid/$ROOT_PARTUUID";
CONFIG
else
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
CONFIG
fi
pprint "Append ZFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
if [[ ! -z "$SWAP" ]]; then
sed -i "s|swapDevices = \[ \];|swapDevices = \[\n {\n device = \"/dev/disk/by-partuuid/$SWAP_PARTUUID\";\n randomEncryption.enable = true;\n randomEncryption.allowDiscards = true;\n }\n \];|" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
fi
chown 1000:100 $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
pprint "Copy config to destination system"
mkdir -p /mnt/home/alukard/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config
pprint "Gen ssh host key for initrd"
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/ssh_host_key
chown root:root /mnt/etc/secrets/ssh_host_key
chmod 600 /mnt/etc/secrets/ssh_host_key
if [[ "$USE_ECNRYPTION" = true ]]
then
cp keyfile0.bin /mnt/etc/secrets/keyfile0.bin
chmod 000 /mnt/etc/secrets/keyfile*.bin
fi
clean_stdin
read -s -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --root /mnt --max-jobs $MAX_JOBS --no-root-passwd
fi
umount -Rl /mnt && \
zpool export -a && \
cryptsetup luksClose $LUKS_DEVICE_NAME

262
install/install-zfs.sh
View File

@ -1,262 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p perl -p gptfdisk -p parted -p git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
DEVICE_NAME=AMD-Workstation
MAX_JOBS=12
SWAP_SIZE=48GiB
USE_ECNRYPTION=false
ZFS_ARC_MAX=12884901888
# ZFS_ARC_MAX=8589934592 # 8GiB
# ZFS_ARC_MAX=4294967296 # Max ARC cache size. default = 4GiB
ZFS_ASHIFT=12 # recommended=12 which 1<<12 (4096)
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls /dev/disk/by-id/);
do
DISK="/dev/disk/by-id/$ENTRY"
echo "Installing system on $ENTRY"
break
done
read -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
wipefs -af "$DISK"
sgdisk -Zo "$DISK"
fi
pprint "Creating boot (EFI) partition"
sgdisk -n 1:1MiB:+256MiB -t 1:EF00 "$DISK"
BOOT="$DISK-part1"
pprint "Creating SWAP partition"
sgdisk -n 2::+$SWAP_SIZE -t 2:8200 "$DISK"
SWAP="$DISK-part2"
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS partition"
sgdisk -n 3 -t 3:8309 "$DISK"
else
pprint "Creating ROOT partition"
sgdisk -n 3 -t 3:BF00 "$DISK"
fi
LINUX="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format BOOT partition $BOOT"
mkfs.vfat "$BOOT"
}
# Using existed partitions
use_old_part_table() {
lsblk -o name,type,size,mountpoint | grep part
pprint "Select BOOT partition (must already be formatted in vfat!)"
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}');
do
BOOT="$ENTRY"
echo "You select $BOOT as BOOT"
break
done
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Select the partition on which LUKS will be created"
else
pprint "Select the partition on which ROOT will be created"
fi
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}');
do
LINUX="$ENTRY"
echo "Installing system on $LINUX"
break
done
pprint "Select the partition on which SWAP will be created"
select ENTRY in $(lsblk -o path,size,type | grep part | awk '{print $1}' && echo NONE);
do
SWAP="$ENTRY"
echo "You select $SWAP as SWAP"
break
done
clean_stdin
read -p "> Do you want to format BOOT partition in $BOOT?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
mkfs.vfat "$BOOT"
fi
}
### INSTALLATION BEGIN ###
read -p "> Do you want to encrypt your disk with LUKS?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
USE_ECNRYPTION=true
else
USE_ECNRYPTION=false
fi
read -p "> Do you want to partition the disk (new gpt table)?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
create_new_part_table
else
use_old_part_table
fi
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS container on $LINUX"
clean_stdin
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat "$LINUX"
pprint "Open LUKS container on $LINUX"
LUKS_DEVICE_NAME=cryptroot
clean_stdin
cryptsetup luksOpen "$LINUX" "$LUKS_DEVICE_NAME"
LUKS_DISK="/dev/mapper/$LUKS_DEVICE_NAME"
pprint "Create ZFS partition on $LUKS_DISK"
ZFS="${LUKS_DISK}"
else
LINUX_PARTUUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
ZFS="/dev/disk/by-partuuid/$LINUX_PARTUUID"
fi
if [[ "$SWAP" != "NONE" ]]; then
pprint "Create SWAP partition on $SWAP"
mkswap $SWAP
fi
pprint "Create ZFS pool on $ZFS"
zpool create \
-f \
-o ashift=$ZFS_ASHIFT \
-o autotrim=on \
-R /mnt \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=zstd \
-O dnodesize=auto \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/ \
rpool "$ZFS"
pprint "Create ZFS datasets"
zfs create -o canmount=off -o mountpoint=none rpool/nixos
zfs create -o canmount=off -o mountpoint=none rpool/user
zfs create -o canmount=on -o mountpoint=/ rpool/nixos/root
zfs create -o canmount=noauto -o mountpoint=/ rpool/nixos/empty
zfs create -o canmount=on -o mountpoint=/nix rpool/nixos/nix
zfs create -o canmount=on -o mountpoint=/home rpool/user/home
zfs create -o canmount=off -o mountpoint=/var rpool/nixos/var
zfs create -o canmount=on rpool/nixos/var/lib
zfs create -o canmount=on rpool/nixos/var/log
zfs create -o canmount=noauto -o atime=off rpool/nixos/lxd
zfs create -o canmount=on -o mountpoint=/var/lib/docker -o atime=off rpool/nixos/docker
zfs create -o canmount=on -o mountpoint=/media/bittorrent -o atime=off -o recordsize=256K rpool/nixos/bittorrent
zfs create -o canmount=on -o mountpoint=/media/libvirt -o atime=off -o recordsize=64K rpool/nixos/libvirt
# Create blank zfs snapshot
zfs snapshot rpool/nixos@blank
zfs snapshot rpool/user@blank
zfs snapshot rpool/nixos/empty@start
# Disable cache, stale cache will prevent system from booting
mkdir -p /mnt/etc/zfs/
rm -f /mnt/etc/zfs/zpool.cache
touch /mnt/etc/zfs/zpool.cache
chmod a-w /mnt/etc/zfs/zpool.cache
chattr +i /mnt/etc/zfs/zpool.cache
mkdir /mnt/boot
mount "$BOOT" /mnt/boot
pprint "Generate NixOS configuration"
nixos-generate-config --root /mnt
HOSTID=$(head -c8 /etc/machine-id)
LINUX_DISK_UUID=$(blkid --match-tag PARTUUID --output value "$LINUX")
if [[ "$SWAP" != "NONE" ]]; then
SWAP_UUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
fi
HARDWARE_CONFIG=$(mktemp)
if [[ "$USE_ECNRYPTION" = true ]]
then
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.initrd.luks.devices."$LUKS_DEVICE_NAME".device = "/dev/disk/by-partuuid/$LINUX_DISK_UUID";
boot.zfs.devNodes = "$ZFS";
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "zfs.zfs_arc_max=$ZFS_ARC_MAX" "nohibernate" ];
CONFIG
else
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$ZFS";
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "zfs.zfs_arc_max=$ZFS_ARC_MAX" "nohibernate" ];
CONFIG
fi
pprint "Append ZFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" /mnt/etc/nixos/hardware-configuration.nix
sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' /mnt/etc/nixos/hardware-configuration.nix
if [[ "$SWAP" != "NONE" ]]; then
perl -0777 -pi -e "s#swapDevices.+#swapDevices = [\n {\n device = \"/dev/disk/by-partuuid/$SWAP_UUID\";\n randomEncryption.enable = true;\n }\n ];#" /mnt/etc/nixos/hardware-configuration.nix
fi
pprint "Copy hardware config to machines folder"
cp /mnt/etc/nixos/hardware-configuration.nix $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
chown 1000:users ../machines/$DEVICE_NAME/hardware-configuration.nix
# Change <not-detected> for flakes
sed -i "s#<nixpkgs/nixos/modules/installer/scan/not-detected.nix>#\"\${inputs.nixpkgs}/nixos/modules/installer/scan/not-detected.nix\"#" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
clean_stdin
read -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --max-jobs $MAX_JOBS --no-root-passwd --impure
fi
pprint "Copy config to destination system"
mkdir -p /mnt/home/alukard/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config

5
machines/AMD-Workstation/boot.nix
View File

@ -39,14 +39,15 @@ in {
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
kernelPackages = lib.mkForce pkgs.linuxPackages_lqx;
# kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelPackages = pkgs.linuxPackages_lqx;
kernelParams = [
"zfs.metaslab_lba_weighting_enabled=0"
"zfs.zfs_arc_max=${zfs_arc_max}"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "32G";
supportedFilesystems = [ "ntfs" ];
};
persist = {

6
machines/AMD-Workstation/default.nix
View File

@ -36,7 +36,7 @@
deviceSpecific.vpn.mullvad.enable = true;
# hardware.firmware = [ pkgs.rtl8761b-firmware ];
# networking.firewall.allowedTCPPorts = [ 52736 ];
programs.nix-ld.enable = true;
secrets.files-veracrypt = {};
environment.etc.crypttab = {
@ -75,11 +75,11 @@
home-manager.users.${config.mainuser} = {
home.packages = lib.mkIf config.deviceSpecific.enableVirtualisation [
inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate
# inputs.prismlauncher.packages.${pkgs.hostPlatform.system}.default
# pkgs.looking-glass-client
# pkgs.prismlauncher
# pkgs.prismlauncher
pkgs.piper
pkgs.osu-lazer-bin
pkgs.nix-alien
pkgs.nixpkgs-review
pkgs.anydesk
pkgs.winbox

63
machines/NixOS-CT/default.nix
View File

@ -1,63 +0,0 @@
{ inputs, lib, config, ... }: {
imports = with inputs.self.customModules; with inputs.self.nixosProfiles; [
./hardware-configuration.nix
inputs.self.nixosRoles.container
direnv
virtualisation
fail2ban
gitea
joplin-server
mailserver
microbin
nginx
roundcube
# seafile
vaultwarden
battery-historian
# media-stack
duplicacy
];
deviceSpecific.devInfo = {
cpu = {
vendor = "intel";
clock = 2300;
cores = 2;
};
drive = {
type = "hdd";
speed = 100;
size = 10;
};
gpu = {
vendor = "other";
};
bigScreen = false;
ram = 1;
};
deviceSpecific.enableVirtualisation = true;
deviceSpecific.vpn.mullvad.enable = false;
deviceSpecific.isServer = lib.mkForce true;
systemd.suppressedSystemUnits = [
"sys-kernel-debug.mount"
];
environment.noXlibs = lib.mkForce false;
networking = {
enableIPv6 = false;
defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" ];
interfaces.eth0.ipv4.addresses = [{
address = "192.168.0.12";
prefixLength = 24;
}];
};
home-manager.users.${config.mainuser}.home.stateVersion = "21.11";
system.stateVersion = "21.11";
}

3
machines/NixOS-CT/hardware-configuration.nix
View File

@ -1,3 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ "${toString modulesPath}/virtualisation/lxc-container.nix" ];
}

1
machines/NixOS-CT/system
View File

@ -1 +0,0 @@
x86_64-linux

405
machines/Wayland-VM/default.nix
View File

@ -1,405 +0,0 @@
{ modulesPath, inputs, lib, pkgs, config, ... }: {
imports = [
# ./hardware-configuration.nix
"${toString modulesPath}/profiles/qemu-guest.nix"
"${toString modulesPath}/profiles/minimal.nix"
./imports/system-path.nix
./imports/qemu-vm.nix
];
disabledModules = [ "config/system-path.nix" ];
options = {
device = lib.mkOption { type = lib.types.str; };
mainuser = lib.mkOption { type = lib.types.str; };
};
config = {
# system.nssModules = lib.mkForce [ ];
# services.udisks2.enable = false;
# services.nscd.enable = false;
boot = {
loader.systemd-boot.enable = true;
kernelPackages = pkgs.linuxPackages_lqx;
kernelParams = [
"zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb"
"pti=off"
"spectre_v2=off"
"kvm.ignore_msrs=1"
];
};
services.pipewire = {
enable = true;
alsa.enable = false;
alsa.support32Bit = false;
pulse.enable = true;
};
# security.rtkit.enable = true;
hardware.pulseaudio.enable = lib.mkForce false;
services.jack.jackd.enable = lib.mkForce false;
hardware.opengl.enable = true;
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 60;
};
networking.firewall.enable = false;
networking.wireless.enable = false;
networking.networkmanager.enable = false;
networking.hostName = "Wayland-VM";
users.mutableUsers = false;
users.users.${config.mainuser} = {
isNormalUser = true;
extraGroups = [ "wheel" "video" "input" ];
uid = 1000;
hashedPassword = "$6$6n2Grnv11bvhOj8S$cFkS4P/8K5qOgjDRfhvwbWLogcCg0AAQRA4FjzmgthIeKohORtQYif5XvprE7mJfbApo6fbMr0o3ld8pViWx3.";
};
nix = {
nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
registry.self.flake = inputs.self;
registry.nixpkgs.flake = inputs.nixpkgs;
optimise.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes
'';
settings.auto-optimise-store = false;
};
environment.etc.nixpkgs.source = inputs.nixpkgs;
environment.etc.self.source = inputs.self;
nixpkgs.overlays = [
(self: super: {
labwc = super.labwc.overrideAttrs (old: {
mesonFlags = [ "-Dxwayland=disabled" ];
});
waydroid-script = let
py = super.python3.withPackages (pythonPackages: with pythonPackages; [
tqdm
requests
]);
in super.stdenv.mkDerivation {
name = "myscript";
version = "git";
src = super.fetchFromGitHub {
repo = "waydroid_script";
owner = "AlukardBF";
rev = "3e7e97f162f5f3fa21b4ca9673c4e3ebc66fae89";
sha256 = "0w2g5gbffppsygan4pryffczr2cbw3kn8n0zrqw5y3mr2ilf1mq0";
};
nativeBuildInputs = [ super.makeBinaryWrapper ];
installPhase = ''
mkdir -p $out/bin
cp waydroid_extras.py $out/bin/waydroid-script
chmod +x $out/bin/waydroid-script
sed -i '1i #!${py}/bin/python' $out/bin/waydroid-script
wrapProgram $out/bin/waydroid-script --prefix PATH : ${with super; lib.makeBinPath [ lzip sqlite util-linux ]}
'';
};
})
];
environment.systemPackages = [
# pkgs.util-linux
pkgs.labwc
pkgs.weston
pkgs.sway
pkgs.foot
pkgs.nano
pkgs.havoc
pkgs.procps
pkgs.waydroid-script
pkgs.wl-clipboard
pkgs.gnused
];
environment.sessionVariables = {
LIBSEAT_BACKEND = "logind";
};
i18n.defaultLocale = "en_GB.UTF-8";
console.font = "cyr-sun16";
console.keyMap = "ruwin_cplk-UTF-8";
fonts.enableDefaultFonts = lib.mkForce false;
environment.noXlibs = lib.mkForce false;
security.polkit.enable = true;
services.getty.autologinUser = config.mainuser;
environment.shellAliases = {
ws = "waydroid show-full-ui";
wl = "doas waydroid logcat";
};
environment.etc."gbinder.d/waydroid.conf".source = let
waydroidGbinderConf = pkgs.writeText "waydroid.conf" ''
[General]
ApiLevel = 30
'';
in lib.mkForce waydroidGbinderConf;
virtualisation.waydroid.enable = true;
environment.loginShellInit = lib.mkAfter ''
[[ "$(tty)" == /dev/tty1 ]] && {
sway
}
'';
# environment.loginShellInit = lib.mkAfter ''
# [[ "$(tty)" == /dev/tty1 ]] && {
# labwc -s havoc
# }
# '';
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
system.userActivationScripts.linktosharedfolder.text = let
havoc = pkgs.writeText "havoc.cfg" ''
[child]
program=bash
[font]
size=18
path=${pkgs.ibm-plex}/share/fonts/truetype/VictorMono-Regular.ttf
'';
sway = pkgs.writeText "config" ''
set $mod Alt
set $foreground #c0caf5
set $highlight #bb9af7
set $term havoc
client.focused $highlight $highlight $foreground
seat * hide_cursor 8000
bindsym $mod+Return exec $term
# Kill focused window
bindsym $mod+q kill
# Reload the configuration file
bindsym $mod+Shift+c reload
# Move focus around
bindsym $mod+h focus left
bindsym $mod+j focus down
bindsym $mod+k focus up
bindsym $mod+l focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+h move left
bindsym $mod+Shift+j move down
bindsym $mod+Shift+k move up
bindsym $mod+Shift+l move right
# Switch to workspace
bindsym $mod+1 workspace number 1
bindsym $mod+2 workspace number 2
bindsym $mod+3 workspace number 3
bindsym $mod+4 workspace number 4
bindsym $mod+5 workspace number 5
bindsym $mod+6 workspace number 6
bindsym $mod+7 workspace number 7
bindsym $mod+8 workspace number 8
bindsym $mod+9 workspace number 9
bindsym $mod+0 workspace number 10
bindsym $mod+tab workspace back_and_forth
# Move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number 1; workspace number 1
bindsym $mod+Shift+2 move container to workspace number 2; workspace number 2
bindsym $mod+Shift+3 move container to workspace number 3; workspace number 3
bindsym $mod+Shift+4 move container to workspace number 4; workspace number 4
bindsym $mod+Shift+5 move container to workspace number 5; workspace number 5
bindsym $mod+Shift+6 move container to workspace number 6; workspace number 6
bindsym $mod+Shift+7 move container to workspace number 7; workspace number 7
bindsym $mod+Shift+8 move container to workspace number 8; workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9; workspace number 9
bindsym $mod+Shift+0 move container to workspace number 10
# Splitting direction
bindsym $mod+b split toggle
# Make current focus fullscreen
bindsym $mod+f fullscreen
# Resizing containers
bindsym $mod+r mode 'resize'
mode 'resize' {
# Resizing keys
bindsym h resize shrink width 10px
bindsym j resize grow height 10px
bindsym k resize shrink height 10px
bindsym l resize grow width 10px
# Return to default mode
bindsym Escape mode 'default'
}
# Hide window title bars and borders
default_border pixel
hide_edge_borders smart
exec havoc
include /etc/sway/config.d/*
'';
in ''
if [[ ! -d "$HOME/.config" ]]; then
mkdir -p $HOME/.config
fi
if [[ -h "$HOME/.config/havoc.cfg" ]]; then
rm -f "$HOME/.config/havoc.cfg"
fi
if [[ ! -d "$HOME/.config/sway" ]]; then
mkdir -p $HOME/.config/sway
fi
if [[ -h "$HOME/.config/sway/config" ]]; then
rm -f "$HOME/.config/sway/config"
fi
ln -s "${havoc}" "$HOME/.config/havoc.cfg"
ln -s "${sway}" "$HOME/.config/sway/config"
'';
environment.etc."xdg/labwc/environment".text = ''
XDG_CURRENT_DESKTOP=wlroots
XKB_DEFAULT_LAYOUT=us,ru
XKB_DEFAULT_OPTIONS=grp:win_space_toggle
'';
environment.etc."xdg/labwc/menu.xml".text = ''
<?xml version="1.0" encoding="UTF-8"?>
<openbox_menu>
<menu id="client-menu" label="">
<item label="Minimize">
<action name="Iconify" />
</item>
<item label="Maximize">
<action name="ToggleMaximize" />
</item>
<item label="Fullscreen">
<action name="ToggleFullscreen" />
</item>
<item label="Decorations">
<action name="ToggleDecorations" />
</item>
<item label="AlwaysOnTop">
<action name="ToggleAlwaysOnTop" />
</item>
<item label="Close">
<action name="Close" />
</item>
</menu>
<menu id="root-menu" label="">
<item label="Terminal">
<action name="Execute"><command>havoc</command></action>
</item>
<item label="Reconfigure">
<action name="Reconfigure"></action>
</item>
<item label="Exit">
<action name="Exit"></action>
</item>
<item label="Poweroff">
<action name="Execute"><command>systemctl -i poweroff</command></action>
</item>
</menu>
</openbox_menu>
'';
environment.etc."xdg/labwc/rc.xml".text = ''
<?xml version="1.0"?>
<labwc_config>
<core>
<gap>10</gap>
</core>
<theme>
<name></name>
<cornerRadius>2</cornerRadius>
<font><name>IBM Plex Sans</name><size>10</size></font>
</theme>
<keyboard>
<default />
<keybind key="A-Tab">
<action name="NextWindow" />
</keybind>
<keybind key="A-w">
<action name="Execute"><command>havoc</command></action>
</keybind>
<keybind key="A-q">
<action name="Close" />
</keybind>
<keybind key="A-a">
<action name="ToggleMaximize" />
</keybind>
</keyboard>
</labwc_config>
'';
environment.etc."xdg/labwc/themerc".text = ''
# Decorator
window.active.title.bg.color: #2f343f
window.inactive.title.bg.color: #2f343f
window.*.label.text.color: #d8dee8
window.*.button.*.image.color: #d8dee8
# Borders
window.handle.width: 0
window.client.padding.width: 0
border.width: 0
# Title
padding.width: 10
padding.height: 8
window.*.title.bg: Solid Flat
window.*.*.bg: Parentrelative
window.label.text.justify: center
# Menu
menu.border.width: 6
menu.separator.width: 2
menu.separator.padding.width: 10
menu.separator.padding.height: 2
menu.overlap.x: -8
menu.*.bg: flat solid
menu.*.bg.color: #2f343f
menu.*.color: #2f343f
menu.title.text.color: #ffffff
menu.items.text.color: #d8dee8
menu.items.active.disabled.text.color: #707070
menu.items.active.text.color: #d8dee8
menu.title.text.justify: center
menu.items.active.bg.color: #5294e2
# OSD
osd.border.width: 1
osd.border.color: #2f343f
osd.bg: flat solid
osd.bg.color: #2f343f
osd.label.bg: flat solid
osd.label.bg.color: #2f343f
osd.hilight.bg: flat solid
osd.hilight.bg.color: #ef6b7b
# Colour Trick
window.active.button.close.unpressed.image.color: #ef6b7b
window.inactive.button.close.unpressed.image.color: #bf616a
'';
system.stateVersion = "22.11";
};
}

17
machines/Wayland-VM/imports/qemu-vm.nix
View File

@ -1,17 +0,0 @@
{ modulesPath, config, ... }: {
imports = [
"${toString modulesPath}/virtualisation/qemu-vm.nix"
];
virtualisation = {
qemu.options = [ "-vga none" "-device virtio-vga-gl" "-display gtk,gl=on" ];
cores = 2;
memorySize = 4096;
msize = 65536;
diskSize = 20480;
diskImage = "/media/libvirt/vm-images/${config.device}.qcow2";
# resolution = { x = 1920; y = 1080; };
#useNixStoreImage = true;
writableStore = false;
};
}

189
machines/Wayland-VM/imports/system-path.nix
View File

@ -1,189 +0,0 @@
# This module defines the packages that appear in
# /run/current-system/sw.
{ config, lib, pkgs, ... }:
with lib;
let
requiredPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg) [
# pkgs.acl
# pkgs.attr
pkgs.bashInteractive # bash with ncurses support
# pkgs.bzip2
pkgs.coreutils-full
# pkgs.cpio
# pkgs.curl
# pkgs.diffutils
# pkgs.findutils
# pkgs.gawk
pkgs.stdenv.cc.libc
# pkgs.getent
# pkgs.getconf
# pkgs.gnugrep
# pkgs.gnupatch
# pkgs.gnused
# pkgs.gnutar
# pkgs.gzip
# pkgs.xz
# pkgs.less
# pkgs.libcap
pkgs.ncurses
# pkgs.netcat
# config.programs.ssh.package
# pkgs.mkpasswd
# pkgs.procps
pkgs.su
# pkgs.time
# pkgs.util-linux
# pkgs.which
# pkgs.zstd
];
defaultPackageNames =
[
"perl"
"rsync"
"strace"
];
defaultPackages =
map
(n: let pkg = pkgs.${n}; in setPrio ((pkg.meta.priority or 5) + 3) pkg)
defaultPackageNames;
defaultPackagesText = "[ ${concatMapStringsSep " " (n: "pkgs.${n}") defaultPackageNames } ]";
in
{
options = {
environment = {
systemPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]";
description = lib.mdDoc ''
The set of packages that appear in
/run/current-system/sw. These packages are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration. (The latter is the main difference with
installing them in the default profile,
{file}`/nix/var/nix/profiles/default`.
'';
};
defaultPackages = mkOption {
type = types.listOf types.package;
default = defaultPackages;
defaultText = literalDocBook ''
these packages, with their <literal>meta.priority</literal> numerically increased
(thus lowering their installation priority):
<programlisting>${defaultPackagesText}</programlisting>
'';
example = [];
description = lib.mdDoc ''
Set of default packages that aren't strictly necessary
for a running system, entries can be removed for a more
minimal NixOS installation.
Note: If `pkgs.nano` is removed from this list,
make sure another editor is installed and the
`EDITOR` environment variable is set to it.
Environment variables can be set using
{option}`environment.variables`.
Like with systemPackages, packages are installed to
{file}`/run/current-system/sw`. They are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration.
'';
};
pathsToLink = mkOption {
type = types.listOf types.str;
# Note: We need `/lib' to be among `pathsToLink' for NSS modules
# to work.
default = [];
example = ["/"];
description = lib.mdDoc "List of directories to be symlinked in {file}`/run/current-system/sw`.";
};
extraOutputsToInstall = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "doc" "info" "devdoc" ];
description = lib.mdDoc "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`.";
};
extraSetup = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.";
};
};
system = {
path = mkOption {
internal = true;
description = ''
The packages you want in the boot environment.
'';
};
};
};
config = {
environment.systemPackages = requiredPackages ++ config.environment.defaultPackages;
environment.pathsToLink =
[ "/bin"
"/etc/xdg"
"/etc/gtk-2.0"
"/etc/gtk-3.0"
"/lib" # FIXME: remove and update debug-info.nix
"/sbin"
"/share/emacs"
"/share/hunspell"
"/share/nano"
"/share/org"
"/share/themes"
"/share/vim-plugins"
"/share/vulkan"
"/share/kservices5"
"/share/kservicetypes5"
"/share/kxmlgui5"
"/share/systemd"
"/share/thumbnailers"
];
system.path = pkgs.buildEnv {
name = "system-path";
paths = config.environment.systemPackages;
inherit (config.environment) pathsToLink extraOutputsToInstall;
ignoreCollisions = true;
# !!! Hacky, should modularise.
# outputs TODO: note that the tools will often not be linked by default
postBuild =
''
# Remove wrapped binaries, they shouldn't be accessible via PATH.
find $out/bin -maxdepth 1 -name ".*-wrapped" -type l -delete
if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
$out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
fi
${config.environment.extraSetup}
'';
};
};
}

1
machines/Wayland-VM/system
View File

@ -1 +0,0 @@
x86_64-linux

11
modules/seadrive.nix
View File

@ -107,6 +107,17 @@ in {
config = mkIf cfg.enable {
systemd.user.services.seadrive = rec {
serviceConfig.ExecStart = startScript;
after = [ "seadrive-mkdir.service" ];
wants = after;
wantedBy = [ "default.target" ];
};
systemd.services.seadrive-mkdir = rec {
serviceConfig.Type = "oneshot";
script = ''
mkdir -p ${cfg.mountPoint} > /dev/null 2>&1
chown ${config.mainuser}:users ${cfg.mountPoint} > /dev/null 2>&1
'';
after = [ "network-online.target" ];
wants = after;
wantedBy = [ "default.target" ];

28
profiles/applications/firefox.nix
View File

@ -43,10 +43,6 @@ in {
"allowed_extensions": ["jid1-AQqSMBYb0a8ADg@jetpack"]
}
'';
# programs.browserpass = {
# enable = true;
# browsers = [ "firefox" ];
# };
programs.firefox = {
enable = true;
@ -89,11 +85,10 @@ in {
"font.name.serif.x-western" = "${fonts.serif.family}";
"browser.display.background_color" = thm.base00-hex;
"browser.display.foreground_color" = thm.base05-hex;
# "browser.display.document_color_use" = 2;
"browser.anchor_color" = thm.base0D-hex;
"browser.visited_color" = thm.base0C-hex;
"browser.display.use_document_fonts" = true;
# "pdfjs.disabled" = true;
"pdfjs.disabled" = false;
"media.eme.enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
@ -154,27 +149,6 @@ in {
};
};
};
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# # add-custom-search-engine
# adsum-notabs
# # auto-tab-discard
# bitwarden
# # browserpass
# darkreader
# gesturefy
# libredirect
# markdownload
# refined-github
# # rust-search-extension
# search-by-image
# # search-engines-helper
# skip-redirect
# stylus
# tab-session-manager
# # tampermonkey
# terms-of-service-didnt-read
# ublock-origin
# ];
};
};

16
profiles/applications/google-drive.nix
View File

@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
home.packages = [ pkgs.google-drive-ocamlfuse ];
# systemd.user.services.google-drive-ocamlfuse = {
# Service = {
# ExecStart = "${pkgs.google-drive-ocamlfuse}/bin/google-drive-ocamlfuse";
# Type = "simple";
# };
# Unit = rec {
# After = [ "network-online.target" ];
# Wants = After;
# };
# Install.WantedBy = [ "multi-user.target" ];
# };
};
}

20
profiles/applications/himalaya.nix
View File

@ -39,6 +39,26 @@
'';
};
systemd.user.services.himalaya-notify = {
description = "Himalaya new messages notifier";
after = [ "network.target" ];
wantedBy = [ "default.target" ];
script = "himalaya notify";
environment = {
PASSWORD_STORE_DIR = config.secretsConfig.password-store;
GNUPGHOME = config.secretsConfig.gnupgHome;
};
# script = "echo $(pass show email/ataraxiadev@ataraxiadev.com) || echo lol";
path = with pkgs; [ himalaya libnotify pass gnupg ];
serviceConfig = {
Restart = lib.mkForce "no";
# Restart = "always";
RestartSec = 10;
# Type = "oneshot";
};
};
persist.state.homeDirectories = [
".config/himalaya"
];

2
profiles/applications/mpv.nix
View File

@ -18,7 +18,7 @@
};
};
home.file.".config/yt-dlp/config".text = ''
--cookies-from-browser firefox
--cookies-from-browser "firefox:$HOME/.mozilla/firefox/${config.mainuser}"
--mark-watched
'';
};

78
profiles/applications/packages.nix
View File

@ -4,28 +4,20 @@ with config.deviceSpecific; {
home-manager.users.${config.mainuser} = {
home.packages = with pkgs; [
# cli
a2ln
# --- cli ---
bat
comma
curl
exa
fd
ffmpeg.bin
# git-filter-repo
glib.out
# gptfdisk
jq
libqalculate
lm_sensors
lnav
# nix-alien
nix-prefetch-git
nix-index-update
p7zip
# (p7zip.override { enableUnfree = true; })
pciutils
# pinfo
ripgrep
ripgrep-all
sd
@ -35,58 +27,55 @@ with config.deviceSpecific; {
unzip
usbutils
wget
yt-dlp
zip
# tui
# --- tui ---
bottom
micro
ncdu
nix-tree
procs
# gui
bitwarden
ungoogled-chromium
# --- gui ---
deadbeef
discord
feh
foliate
pinta
qbittorrent
qimgv
system-config-printer
tdesktop
xarchiver
youtube-to-mpv
zathura
xdg-utils
# awesome-shell
curlie
duf
zsh-z
# --- awesome-shell ---
# curlie
# duf
# zsh-z
] ++ lib.optionals (!(isVM || isISO)) [
audacity
blueman
a2ln
# audacity
# blueman
cachix
ffmpeg.bin
monero-gui
nodePackages.peerflix
nix-tree
# samba
yt-dlp
# ---- gui ----
bitwarden
discord
# foliate
jellyfin-media-player
joplin-desktop
libreoffice
monero-gui
nodePackages.peerflix
samba
obs-studio
pinta
qbittorrent
schildichat-desktop-wayland
# scrcpy
sonixd
tdesktop
ungoogled-chromium
youtube-to-mpv
] ++ lib.optionals isGaming [
ceserver
gamescope
# goverlay
lutris
moonlight-qt
obs-studio
# moonlight-qt
# reshade-shaders
# (retroarch.override { cores = [ libretro.genesis-plus-gx libretro.dosbox ]; })
# parsec
@ -95,10 +84,16 @@ with config.deviceSpecific; {
vkBasalt
wine
winetricks
] ++ lib.optionals isLaptop [
acpi
# seadrive-fuse
];
systemd.user.services.tealdeer-update = {
Service = {
ExecStart = "${pkgs.tealdeer}/bin/tldr --update";
Type = "oneshot";
};
Unit.After = [ "network.target" ];
Install.WantedBy = [ "default.target" ];
};
};
persist.state.homeDirectories = [
@ -113,6 +108,7 @@ with config.deviceSpecific; {
".config/libreoffice"
# ".config/looking-glass"
".config/lutris"
# ".config/Moonlight Game Streaming Project"
# ".config/monero-project"
".config/obs-studio"
".config/pcmanfm"

2
profiles/applications/sunshine.nix
View File

@ -16,4 +16,6 @@
47998 47999 48000 48002 48010
];
};
persist.state.homeDirectories = [ ".config/sunshine "];
}

2
profiles/applications/vscode/default.nix
View File

@ -4,7 +4,7 @@ let
thm = config.lib.base16.theme;
EDITOR = pkgs.writeShellScript "code-editor" ''
source "/etc/profiles/per-user/${config.mainuser}/etc/profile.d/hm-session-vars.sh"
NIX_OZONE_WL=1 \
NIXOS_OZONE_WL=1 \
exec \
${config.home-manager.users.${config.mainuser}.programs.vscode.package}/bin/code \
-w -n \

12
profiles/applications/waydroid.nix
View File

@ -4,22 +4,10 @@ let
[General]
ApiLevel = 30
'';
# anboxGbinderConf = pkgs.writeText "anbox.conf" ''
# [Protocol]
# /dev/anbox-binder = aidl2
# /dev/anbox-vndbinder = aidl2
# /dev/anbox-hwbinder = hidl
# [ServiceManager]
# /dev/anbox-binder = aidl2
# /dev/anbox-vndbinder = aidl2
# /dev/anbox-hwbinder = hidl
# '';
in {
config = lib.mkIf config.deviceSpecific.isGaming {
environment.etc."gbinder.d/waydroid.conf".source = lib.mkForce waydroidGbinderConf;
# environment.etc."gbinder.d/anbox.conf".source = lib.mkForce anboxGbinderConf;
virtualisation.waydroid.enable = true;
# virtualisation.lxd.enable = true;
home-manager.users.${config.mainuser}.home.packages = [ pkgs.waydroid-script ];
persist.state.directories = [ "/var/lib/waydroid" ];

31
profiles/bluetooth.nix
View File

@ -1,20 +1,23 @@
{ config, pkgs, lib, ... }: {
hardware.bluetooth = {
enable = !isServer;
# package = pkgs.bluez;
};
config = lib.mkIf (!config.deviceSpecific.isServer) {
services.blueman.enable = !isServer;
hardware.bluetooth = {
enable = true;
# package = pkgs.bluez;
};
# systemd.services.bluetooth.serviceConfig.ExecStart = lib.mkForce [
# ""
# "${pkgs.bluez}/libexec/bluetooth/bluetoothd -f /etc/bluetooth/main.conf -E"
# ];
# systemd.services.bluetooth.serviceConfig.ExecStart = lib.mkForce [
# ""
# "${pkgs.bluez}/libexec/bluetooth/bluetoothd -f /etc/bluetooth/main.conf -E"
# ];
persist.state.directories = [ "/var/lib/bluetooth" ];
persist.state.directories = [ "/var/lib/bluetooth" ];
home-manager.users.${config.mainuser}.programs.zsh.shellAliases = let
headphones = "D8:37:3B:60:5D:55";
in {
"hpc" = "bluetoothctl connect ${headphones}";
"hpd" = "bluetoothctl disconnect ${headphones}";
home-manager.users.${config.mainuser}.programs.zsh.shellAliases = let
headphones = "D8:37:3B:60:5D:55";
in {
"hpc" = "bluetoothctl connect ${headphones}";
"hpd" = "bluetoothctl disconnect ${headphones}";
};
};
}

69
profiles/boot.nix
View File

@ -3,18 +3,39 @@ with config.deviceSpecific; {
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 60;
priority = 100;
memoryPercent = 100; # around 25% of memory
};
persist.state.files = [ "/etc/machine-id" ];
boot = if !isServer && !isISO then {
services.earlyoom = {
enable = devInfo.ram < 16;
freeMemThreshold = 5;
freeSwapThreshold = 100;
};
services.fstrim = lib.mkIf (devInfo.fileSystem != "zfs") {
enable = isSSD;
interval = "weekly";
};
services.zfs = lib.mkIf (devInfo.fileSystem == "zfs") {
autoScrub.enable = true;
autoScrub.interval = "weekly";
trim.enable = isSSD;
trim.interval = "weekly";
};
boot = {
loader = {
timeout = lib.mkForce 4;
systemd-boot.enable = pkgs.hostPlatform.system == "x86_64-linux";
systemd-boot.enable = lib.mkDefault
pkgs.hostPlatform.system == "x86_64-linux";
};
kernelParams = [ "zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ]
kernelParams =
[ "zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ]
++ lib.optionals (pkgs.hostPlatform.system == "x86_64-linux") [
"rd.systemd.show_status=auto"
"rd.udev.log_priority=3"
@ -23,9 +44,7 @@ with config.deviceSpecific; {
"kvm.ignore_msrs=1"
];
kernelPackages = pkgs.linuxPackages_lqx;
supportedFilesystems = [ "ntfs" ];
kernelPackages = lib.mkDefault pkgs.linuxPackages_lqx;
consoleLogLevel = 3;
kernel.sysctl = {
@ -33,40 +52,6 @@ with config.deviceSpecific; {
};
cleanTmpDir = !config.boot.tmpOnTmpfs;
zfs.forceImportAll = lib.mkForce false;
} else if isServer then {
kernelPackages = pkgs.linuxPackages_hardened;
kernelModules = [ "tcp_bbr" ];
kernelParams = [
"zswap.enabled=0"
"quiet"
"scsi_mod.use_blk_mq=1"
"modeset"
"nofb"
"pti=off"
"spectre_v2=off"
"kvm.ignore_msrs=1"
];
kernel.sysctl = {
"kernel.sysrq" = false;
"net.core.default_qdisc" = "cake";
"net.ipv4.conf.all.accept_source_route" = false;
"net.ipv4.icmp_ignore_bogus_error_responses" = true;
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_fastopen" = 3;
"net.ipv4.tcp_rfc1337" = true;
"net.ipv4.tcp_syncookies" = true;
"net.ipv6.conf.all.accept_source_route" = false;
};
kernel.sysctl = {
"vm.swappiness" = if config.deviceSpecific.isSSD then 1 else 10;
};
cleanTmpDir = true;
zfs.forceImportAll = lib.mkForce false;
} else {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
kernelParams = lib.mkForce [ "zswap.enabled=0" ];
supportedFilesystems = lib.mkForce [ "ext4" "vfat" "btrfs" "ntfs" ];
zfs.forceImportAll = lib.mkForce false;
zfs.forceImportAll = lib.mkDefault false;
};
}

2
profiles/hardware.nix
View File

@ -15,8 +15,6 @@ with config.deviceSpecific; {
extraPackages = if devInfo.gpu.vendor == "intel" then [
pkgs.intel-media-driver
] else if devInfo.gpu.vendor == "amd" then [
# pkgs.rocm-opencl-icd
# pkgs.rocm-opencl-runtime
# pkgs.amdvlk
] else [ ];
extraPackages32 = lib.mkIf (devInfo.gpu.vendor == "amd") [

55
profiles/network.nix
View File

@ -3,47 +3,40 @@ with config.deviceSpecific;
{
networking = {
networkmanager.enable = true;
wireless = {
# enable = isLaptop;
enable = false;
interfaces = lib.mkIf (config.device == "Dell-Laptop") [
"wlo1"
];
networks.Alukard_5GHz = {
pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
priority = 1;
};
networks.Alukard.pskRaw =
"5ef5fe07c1f062e4653fce9fe138cc952c20e284ae1ca50babf9089b5cba3a5a";
networks.AlukardAP = {
pskRaw = "b8adc07cf1a9c7a7a5946c2645283b27ab91a8af4c065e5f9cde03ed1815811c";
priority = 2;
};
networks.SladkiySon.pskRaw =
"86b1c8c60d3e99145bfe90e0af9bf552540d34606bb0d00b314f5b5960e46496";
networks.AlukardAP_5GHz = {
pskRaw = "d1733d7648467a8a9cae9880ef10a2ca934498514b4da13b53f236d7c68b8317";
priority = 1;
};
networks.POAS = {
pskRaw = "6cfdb04f3e2d4279a4651608c9c73277708c67f7f1435b61228ecf00841e5155";
priority = 3;
};
userControlled.enable = true;
};
# wireless = {
# # enable = isLaptop;
# interfaces = lib.mkIf (config.device == "Dell-Laptop") [
# "wlo1"
# ];
# networks.Alukard_5GHz = {
# pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
# priority = 1;
# };
# networks.Alukard.pskRaw =
# "5ef5fe07c1f062e4653fce9fe138cc952c20e284ae1ca50babf9089b5cba3a5a";
# networks.AlukardAP_5GHz = {
# pskRaw = "d1733d7648467a8a9cae9880ef10a2ca934498514b4da13b53f236d7c68b8317";
# priority = 1;
# };
# networks.AlukardAP.pskRaw = "b8adc07cf1a9c7a7a5946c2645283b27ab91a8af4c065e5f9cde03ed1815811c";
# };
# networks.SladkiySon.pskRaw =
# "86b1c8c60d3e99145bfe90e0af9bf552540d34606bb0d00b314f5b5960e46496";
# userControlled.enable = true;
# };
firewall = {
enable = true;
allowPing = true;
# allowedTCPPorts = lib.mkIf isGaming [ 25565 ];
allowedTCPPorts = [ 80 443 9443 8080 8081 ];
allowedUDPPorts = [ 80 443 9443 8080 8081 ];
# allowedTCPPorts = [ 80 443 9443 8080 8081 ];
# allowedUDPPorts = [ 80 443 9443 8080 8081 ];
};
usePredictableInterfaceNames = true;
hostName = config.device;
extraHosts = ''
extraHosts = lib.mkIf isGaming ''
0.0.0.0 log-upload-os.mihoyo.com
0.0.0.0 overseauspider.yuanshen.com
0.0.0.0 prd-lender.cdp.internal.unity3d.com

6
profiles/nix/default.nix
View File

@ -24,8 +24,6 @@ with config.deviceSpecific; {
"https://nixpkgs-wayland.cachix.org"
"https://hyprland.cachix.org"
"https://ataraxiadev-foss.cachix.org"
# "https://nixos-rocm.cachix.org"
# "https://webcord.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@ -33,8 +31,6 @@ with config.deviceSpecific; {
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058="
# "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
# "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
];
trusted-users = [ "root" config.mainuser "@wheel" ];
use-xdg-base-directories = true;
@ -46,7 +42,7 @@ with config.deviceSpecific; {
maxJobs = 8;
sshUser = "ataraxia";
sshKey = config.secrets.ssh-builder.decrypted;
systems = [ "x86_64-linux" "i686-linux" ];
systems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];

28
profiles/overlay.nix
View File

@ -9,21 +9,16 @@ let
in
with lib; {
nixpkgs.overlays = [
# inputs.nixpkgs-wayland.overlay
inputs.nix-alien.overlay
inputs.nur.overlay
roundcube-plugins
(final: prev:
rec {
inherit inputs;
android-emulator = final.callPackage ./packages/android-emulator.nix { };
arkenfox-userjs = pkgs.callPackage ./packages/arkenfox-userjs.nix { arkenfox-repo = inputs.arkenfox-userjs; };
a2ln = pkgs.callPackage ./packages/a2ln.nix { };
bibata-cursors-tokyonight = pkgs.callPackage ./packages/bibata-cursors-tokyonight.nix { };
ceserver = pkgs.callPackage ./packages/ceserver.nix { };
hyprpaper = pkgs.callPackage ./packages/hyprpaper.nix { src = inputs.hyprpaper; };
kitti3 = pkgs.python3Packages.callPackage ./packages/kitti3.nix { };
microbin = pkgs.callPackage ./packages/microbin-pkg { };
mpris-ctl = pkgs.callPackage ./packages/mpris-ctl.nix { };
parsec = pkgs.callPackage ./packages/parsec.nix { };
@ -32,34 +27,19 @@ with lib; {
reshade-shaders = pkgs.callPackage ./packages/reshade-shaders.nix { };
rosepine-gtk-theme = pkgs.callPackage ./packages/rosepine-gtk-theme.nix { };
rosepine-icon-theme = pkgs.callPackage ./packages/rosepine-icon-theme.nix { };
tidal-dl = pkgs.callPackage ./packages/tidal-dl.nix { };
tokyonight-gtk-theme = pkgs.callPackage ./packages/tokyonight-gtk-theme.nix { };
tokyonight-icon-theme = pkgs.callPackage ./packages/tokyonight-icon-theme.nix { };
xonar-fp = pkgs.callPackage ./packages/xonar-fp.nix { };
youtube-to-mpv = pkgs.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
seadrive-fuse = pkgs.callPackage ./packages/seadrive-fuse.nix { };
steam = master.steam.override {
extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ];
};
waybar = inputs.nixpkgs-wayland.packages.${system}.waybar.overrideAttrs (old: {
preBuildPhase = ''
sed -i 's/zext_workspace_handle_v1_activate(workspace_handle_);/const std::string command = "hyprctl dispatch workspace " + name_;\n\tsystem(command.c_str());/g' src/modules/wlr/workspace_manager.cpp
'';
mesonFlags = old.mesonFlags ++ [
"-Dexperimental=true"
];
});
waybar = inputs.hyprland.packages.${system}.waybar-hyprland;
waydroid-script = pkgs.callPackage ./packages/waydroid-script.nix { };
wine = prev.wineWowPackages.staging;
qbittorrent = prev.qbittorrent.overrideAttrs (old: rec {
version = "enchanced-edition";
src = inputs.qbittorrent-ee;
});
prismlauncher = prev.prismlauncher.overrideAttrs (old: {
version = "git-master";
src = inputs.prismlauncher;
buildInputs = old.buildInputs ++ [ prev.cmark ];
});
prismlauncher = inputs.prismlauncher.packages.${system}.default;
nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: {
doInstallCheck = false;

26
profiles/packages/kitti3.nix
View File

@ -1,26 +0,0 @@
{ lib, buildPythonPackage, fetchPypi, i3ipc }:
buildPythonPackage rec {
pname = "kitti3";
version = "0.4.1";
format = "wheel";
src = fetchPypi {
inherit pname version format;
# format = "wheel";
dist = "py3";
python = "py3";
sha256 = "0sf9h0cfs24hgln25z2j4jib530mq931h8xjgxkfr79qrqr3k6dm";
};
doCheck = false;
propagatedBuildInputs = [ i3ipc ];
meta = with lib; {
homepage = "https://github.com/LandingEllipse/kitti3";
description = "Kitty drop-down service for sway & i3wm";
license = licenses.bsd3;
maintainers = with maintainers; [ ataraxiadev ];
};
}

44
profiles/packages/multimc.nix
View File

@ -1,44 +0,0 @@
{ multimc-repo, lib, xorg, mkDerivation, jdk, jdk8, libpulseaudio, libGL, cmake, file, makeWrapper, zlib, qtbase, xrandr }:
let
libpath = with xorg; lib.makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm libpulseaudio libGL ];
in mkDerivation rec {
pname = "multimc";
version = "cracked";
src = multimc-repo;
nativeBuildInputs = [ cmake file makeWrapper ];
buildInputs = [ qtbase jdk8 jdk zlib ];
# patches = [ ./0001-pick-latest-java-first.patch ];
postPatch = ''
# hardcode jdk paths
substituteInPlace api/logic/java/JavaUtils.cpp \
--replace 'scanJavaDir("/usr/lib/jvm")' 'javas.append("${jdk}/lib/openjdk/bin/java")' \
--replace 'scanJavaDir("/usr/lib32/jvm")' 'javas.append("${jdk8}/lib/openjdk/bin/java")'
'';
cmakeFlags = [ "-DMultiMC_LAYOUT=lin-system" ];
postInstall = ''
install -Dm644 ../application/resources/multimc/scalable/multimc.svg $out/share/pixmaps/multimc.svg
install -Dm755 ../application/package/linux/multimc.desktop $out/share/applications/multimc.desktop
# xorg.xrandr needed for LWJGL [2.9.2, 3) https://github.com/LWJGL/lwjgl/issues/128
wrapProgram $out/bin/multimc \
--set GAME_LIBRARY_PATH /run/opengl-driver/lib:${libpath} \
--prefix PATH : ${lib.makeBinPath [ xrandr ]}
'';
meta = with lib; {
homepage = "https://multimc.org/";
description = "A free, open source launcher for Minecraft";
longDescription = ''
Allows you to have multiple, separate instances of Minecraft (each with their own mods, texture packs, saves, etc) and helps you manage them and their associated options with a simple interface.
'';
platforms = platforms.linux;
license = licenses.asl20;
hydraPlatforms = [];
maintainers = with maintainers; [ ];
};
}

68
profiles/packages/tidal-dl.nix
View File

@ -1,68 +0,0 @@
{ python39Packages, fetchurl }:
with python39Packages; let
aigpy = buildPythonPackage rec {
pname = "aigpy";
version = "2021.9.10.3";
src = fetchurl {
url = "https://files.pythonhosted.org/packages/77/4d/e39028ff5c4428c332b2ff5c6c660834134f15181296132c5604116a43c6/aigpy-2021.9.10.3-py3-none-any.whl";
sha256 = "sha256-XRXwLyV5WVOTU1JQ0vEbI6CJ0VfA2S6X5WESvlRV8sk=";
};
format = "wheel";
doCheck = false;
buildInputs = [];
checkInputs = [];
nativeBuildInputs = [];
propagatedBuildInputs = [
colorama
mutagen
requests
];
};
lyricsgenius = buildPythonPackage rec {
pname = "lyricsgenius";
version = "3.0.1";
src = fetchurl {
url = "https://files.pythonhosted.org/packages/0d/32/be32f6922f70fd1b9900b50b228f6585cd60a96bdf03589df738f627d388/lyricsgenius-3.0.1-py3-none-any.whl";
sha256 = "01cv77wf682b48wr71cgp0djafxl1j6d17nsyrzvwvkbkvbzfp8l";
};
format = "wheel";
doCheck = false;
buildInputs = [];
checkInputs = [];
nativeBuildInputs = [];
propagatedBuildInputs = [
beautifulsoup4
requests
];
};
in buildPythonPackage rec {
pname = "tidal-dl";
version = "2021.9.23.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-eMVfc+bdj2Hr6gMCbcXoEVbmSQkyyK1PSxKNgD2++Vw=";
};
preBuild = ''
export HOME=$TMPDIR
'';
propagatedBuildInputs = [
beautifulsoup4
certifi
chardet
colorama
idna
mutagen
prettytable
psutil
pycryptodome
pydub
requests
soupsieve
urllib3
aigpy
lyricsgenius
];
}

19
profiles/packages/xonar-fp.nix
View File

@ -1,19 +0,0 @@
{ stdenv, pkgs }:
let
xonar-fp = pkgs.writeShellScriptBin "xonar-fp" ''
CURRENT_STATE=`amixer -c 0 sget "Front Panel" | egrep -o '\[o.+\]'`
if [[ $CURRENT_STATE == '[on]' ]]; then
amixer -c 0 sset "Front Panel" mute
else
amixer -c 0 sset "Front Panel" unmute
fi
'';
in
stdenv.mkDerivation rec {
name = "xonar-fp";
src = xonar-fp;
installPhase = ''
mkdir -p $out/bin
mv ./bin/xonar-fp $out/bin/xonar-fp
'';
}

78
profiles/packages/xray-core.nix
View File

@ -1,78 +0,0 @@
{ lib, fetchFromGitHub, fetchurl, linkFarm, buildGoModule, runCommand, makeWrapper, nixosTests
, assetOverrides ? {}
}:
let
version = "1.6.1";
src = fetchFromGitHub {
owner = "XTLS";
repo = "Xray-core";
rev = "v${version}";
sha256 = "0g2bmy522lhip0rgb3hqyi3bidf4ljyjvvv3n1kb6lvm0p3br51b";
};
vendorSha256 = "sha256-QAF/05/5toP31a/l7mTIetFhXuAKsT69OI1K/gMXei0=";
assets = {
# MIT licensed
"geoip.dat" = let
geoipRev = "202210270100";
geoipSha256 = "13qsgka98c8dwm1ykk59w76llv9lpbgqnhxrm3ndkdfkazacm85r";
in fetchurl {
url = "https://github.com/v2fly/geoip/releases/download/${geoipRev}/geoip.dat";
sha256 = geoipSha256;
};
} // assetOverrides;
assetsDrv = linkFarm "Xray-assets" (lib.mapAttrsToList (name: path: {
inherit name path;
}) assets);
core = buildGoModule rec {
pname = "Xray-core";
inherit version src;
inherit vendorSha256;
doCheck = false;
buildPhase = ''
buildFlagsArray=(-v -p $NIX_BUILD_CORES -ldflags="-s -w")
runHook preBuild
go build "''${buildFlagsArray[@]}" -o xray ./main
runHook postBuild
'';
installPhase = ''
install -Dm755 xray -t $out/bin
'';
meta = {
homepage = "https://github.com/XTLS/Xray-core";
description = "Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.";
license = with lib.licenses; [ mpl20 ];
# maintainers = with lib.maintainers; [ servalcatty ];
};
};
in runCommand "Xray-${version}" {
inherit src version;
inherit (core) meta;
nativeBuildInputs = [ makeWrapper ];
passthru = {
inherit core;
# updateScript = ./update.sh;
tests = {
simple-vmess-proxy-test = nixosTests.Xray;
};
};
} ''
for file in ${core}/bin/*; do
makeWrapper "$file" "$out/bin/$(basename "$file")" \
--set-default XRAY_LOCATION_ASSET ${assetsDrv}
done
''

9
profiles/security/vlock.nix
View File

@ -20,10 +20,6 @@
command = "/run/current-system/sw/bin/chown ${config.mainuser} /tmp/.X11-unix";
options = [ "SETENV" "NOPASSWD" ];
}
# {
# command = "/run/current-system/sw/bin/deploy";
# options = [ "SETENV" "NOPASSWD" ];
# }
];
}];
};
@ -49,11 +45,6 @@
noPass = true;
keepEnv = true;
cmd = "/run/current-system/sw/bin/tlp-stat";
} {
users = [ config.mainuser ];
keepEnv = false;
cmd = "/run/current-system/sw/bin/podman";
args = [ "build" ];
}];
};
}

111
profiles/services.nix
View File

@ -1,111 +0,0 @@
{ config, lib, pkgs, ... }:
with config.deviceSpecific; {
services.acpid.enable = !isServer;
services.acpid.logEvents = false;
services.blueman.enable = !isServer;
services.btrbk.instances = lib.mkIf (devInfo.fileSystem == "btrfs") {
home = {
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "7d";
snapshot_dir = "/.snapshots";
subvolume = "/home";
};
onCalendar = "daily";
};
nix = {
settings = {
snapshot_preserve_min = "2d";
snapshot_preserve = "4d";
snapshot_dir = "/.snapshots";
subvolume = "/nix";
};
onCalendar = "daily";
};
};
services.earlyoom = {
enable = devInfo.ram < 16;
freeMemThreshold = 5;
freeSwapThreshold = 100;
};
services.fstrim = lib.mkIf (devInfo.fileSystem != "zfs") {
enable = isSSD;
interval = "weekly";
};
services.zfs = lib.mkIf (devInfo.fileSystem == "zfs") {
autoScrub.enable = true;
autoScrub.interval = "daily";
trim.enable = isSSD;
trim.interval = "weekly";
};
services.gvfs.enable = !isServer;
services.nscd.enableNsncd = true;
# FIX!
#services.thermald.enable = isLaptop;
services.tlp = {
enable = isLaptop;
settings = {
TLP_DEFAULT_MODE = "BAT";
TLP_PERSISTENT_DEFAULT = 1;
CPU_SCALING_GOVERNOR_ON_AC = "powersave";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_HWP_ON_AC = "balance_performance";
CPU_HWP_ON_BAT = "balance_power";
CPU_BOOST_ON_AC = 1;
CPU_BOOST_ON_BAT = 0;
SCHED_POWERSAVE_ON_AC = 0;
SCHED_POWERSAVE_ON_BAT = 1;
CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
DISK_DEVICES = "\"nvme0n1 sda\"";
DISK_APM_LEVEL_ON_AC = "\"255 254\"";
DISK_APM_LEVEL_ON_BAT = "\"255 254\"";
SATA_LINKPWR_ON_BAT = "\"med_power_with_dipm max_performance\"";
SATA_LINKPWR_ON_AC = "\"med_power_with_dipm max_performance\"";
};
};
services.undervolt = lib.mkIf (config.device == "Dell-Laptop") {
enable = true;
coreOffset = -108; # -120
gpuOffset = -48; # -54
};
services.udev.packages = lib.mkIf (config.device == "AMD-Workstation") [
pkgs.stlink
];
home-manager.users.${config.mainuser}.services = {
udiskie.enable = !isServer;
gammastep = {
enable = !isServer;
latitude = 48.79;
longitude = 44.78;
temperature.day = 6500;
temperature.night = 3000;
};
};
# secrets.seadrive = {
# owner = config.mainuser;
# };
# services.seadrive = {
# enable = !isServer;
# settingsFile = config.secrets.seadrive.decrypted;
# mountPoint = "/media/seadrive";
# };
services.upower.enable = true;
}

35
profiles/virtualisation.nix
View File

@ -12,8 +12,6 @@ with config.deviceSpecific; {
};
podman = {
enable = true;
# extraPackages = [ pkgs.zfs ];
# dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
containers.registries.search = [
@ -40,11 +38,11 @@ with config.deviceSpecific; {
lxc.bdev.zfs.root = rpool/persistent/lxd
'' else ""}
'';
# defaultConfig = ''
# lxc.idmap = u 0 100000 65535
# lxc.idmap = g 0 100000 65535
# lxc.include = ${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf
# '';
# defaultConfig = ''
# lxc.idmap = u 0 100000 65535
# lxc.idmap = g 0 100000 65535
# lxc.include = ${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf
# '';
};
libvirtd = {
enable = true;
@ -70,21 +68,18 @@ with config.deviceSpecific; {
[storage]
driver = "overlay2"
'';
# home.file.".config/libvirt/libvirt.conf".text = ''
# uri_default = "qemu:///system"
# '';
};
# users.users.${config.mainuser} = {
# subUidRanges = [{
# count = 1000;
# startUid = 10000;
# }];
# subGidRanges = [{
# count = 1000;
# startGid = 10000;
# }];
# };
# users.users.${config.mainuser} = {
# subUidRanges = [{
# count = 1000;
# startUid = 10000;
# }];
# subGidRanges = [{
# count = 1000;
# startGid = 10000;
# }];
# };
programs.extra-container.enable = true;

2
profiles/vpn.nix
View File

@ -11,7 +11,7 @@ in {
package = pkgs.mullvad-vpn;
};
startupApplications = [ "${pkgs.mullvad-vpn}/bin/mullvad-gui" ];
persist.state.homeDirectories = [ ".config/Mullvad VPN" ];
persist.state.homeDirectories = [ ".config/Mullvad\ VPN" ];
persist.state.directories = [ "/etc/mullvad-vpn" ];
persist.cache.directories = [ "/var/cache/mullvad-vpn" ];
})

2
profiles/workspace/aria2.nix
View File

@ -14,5 +14,5 @@ in {
openPorts = false;
};
# networking.firewall.allowedTCPPorts = [ config.services.aria2.rpcListenPort ];
persist.state.directories = [ "/media/ari2" ];
persist.state.directories = [ "/media/aria2" ];
}

1
profiles/workspace/copyq.nix
View File

@ -4,7 +4,6 @@
wayland.windowManager.hyprland.extraConfig = ''
windowrule=float,title=(.*CopyQ)
'';
# command = "move position mouse";
};
startupApplications = [ "${pkgs.copyq}/bin/copyq" ];
persist.state.homeDirectories = [ ".config/copyq" ];

3
profiles/workspace/cursor.nix
View File

@ -14,8 +14,5 @@ in {
gtk.enable = true;
x11.enable = true;
};
# home.file.".icons/default" = {
# source = "${thm.cursorPackage}/share/icons/Bibata-Modern-TokyoNight";
# };
};
}

2
profiles/workspace/fonts.nix
View File

@ -7,8 +7,6 @@ in
fonts = with pkgs; [
ibm-plex
(nerdfonts.override { fonts = [ "FiraCode" "VictorMono" ]; })
fira-code
victor-mono
# Icons
font-awesome
material-icons

7
profiles/workspace/hyprland/default.nix
View File

@ -69,10 +69,6 @@ in with config.deviceSpecific; with lib; {
programs.hyprland.enable = true;
environment.sessionVariables = {
NIX_OZONE_WL = "1";
};
home-manager.users.${config.mainuser} = {
imports = [
inputs.hyprland.homeManagerModules.default
@ -107,7 +103,8 @@ in with config.deviceSpecific; with lib; {
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
# xwayland.hidpi = false;
xwayland.hidpi = false;
disableAutoreload = false;
nvidiaPatches = false;
systemdIntegration = true;
recommendedEnvironment = true;

3
profiles/workspace/locale.nix
View File

@ -10,9 +10,6 @@ with config.deviceSpecific; {
LC_PAPER = "ru_RU.UTF-8";
};
console.font = "cyr-sun16";
# console.keyMap = "ruwin_cplk-UTF-8";
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";

4
profiles/workspace/mako.nix
View File

@ -6,9 +6,9 @@
Environment =
[ "PATH=${pkgs.lib.makeBinPath [ pkgs.bash pkgs.mpv ]}" ];
};
Install = {
Install = rec {
After = [ "hyprland-session.target" ];
WantedBy = [ "hyprland-session.target" ];
WantedBy = After;
};
};
services.mako = with config.lib.base16; {

17
profiles/workspace/misc.nix
View File

@ -1,4 +1,5 @@
{ pkgs, lib, config, ... }: {
{ pkgs, lib, config, ... }:
with config.deviceSpecific; {
environment.sessionVariables =
builtins.mapAttrs (_: toString)
@ -12,17 +13,27 @@
programs.ydotool.enable = true;
services.journald.extraConfig = "Compress=false";
services.gvfs.enable = !isServer;
services.upower.enable = isLaptop;
home-manager.users.${config.mainuser} = {
news.display = "silent";
systemd.user.startServices = true;
nixpkgs.config.allowUnfree = true;
services.udiskie.enable = !isServer;
services.gammastep = {
enable = !isServer;
latitude = config.location.latitude;
longitude = config.location.longitude;
temperature.day = 6500;
temperature.night = 3000;
};
};
systemd.services.systemd-timesyncd.wantedBy = [ "multi-user.target" ];
systemd.timers.systemd-timesyncd = { timerConfig.OnCalendar = "hourly"; };
persist.state.files = lib.mkIf (config.deviceSpecific.devInfo.fileSystem == "zfs") [
persist.state.files = lib.mkIf (devInfo.fileSystem == "zfs") [
"/etc/zfs/zpool.cache"
];
persist.cache.homeDirectories = [
@ -43,7 +54,7 @@
persist.state.homeDirectories = [
"projects"
"nixos-config"
] ++ lib.optionals (!config.deviceSpecific.isServer) [
] ++ lib.optionals (!isServer) [
"games"
# "persist"
];

15
profiles/workspace/nix-index.nix
View File

@ -1,9 +1,22 @@
{ config, lib, ... }: {
{ config, lib, pkgs, ... }: {
home-manager.users.${config.mainuser} = {
programs.nix-index = {
enable = true;
enableZshIntegration = true;
};
home.packages = [
pkgs.nix-index-update
];
systemd.user.services.nix-index-update = {
Service = {
ExecStart = lib.getExe pkgs.nix-index-update;
Type = "oneshot";
};
Unit.After = [ "network.target" ];
Install.WantedBy = [ "default.target" ];
};
};
programs.command-not-found.enable = lib.mkForce false;

4
profiles/workspace/print-scan.nix
View File

@ -8,5 +8,9 @@
hardware.sane.enable = true;
services.saned.enable = true;
home-manager.users.${config.mainuser}.home.packages = [
pkgs.system-config-printer
];
environment.systemPackages = [ pkgs.gnome.simple-scan ];
}

3
profiles/workspace/proxy.nix
View File

@ -40,13 +40,13 @@
};
networking = {
enableIPv6 = false;
# nameservers = [ "9.9.9.9" ];
nameservers = [ "127.0.0.1" ];
firewall = {
enable = true;
allowedTCPPorts = [ 9050 ];
rejectPackets = false;
};
useHostResolvConf = false;
};
services.dnscrypt-proxy2 = {
enable = true;
@ -72,7 +72,6 @@
proxy = "socks5://127.0.0.1:9050";
};
};
# environment.etc."resolv.conf".text = "nameserver 192.168.0.1";
system.stateVersion = "22.11";
};
};

4
profiles/workspace/xdg.nix
View File

@ -2,10 +2,6 @@
home-manager.users.${config.mainuser} = {
xdg.enable = true;
xdg.userDirs.enable = true;
# xdg.systemDirs.data = [
# "${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}"
# "${pkgs.gtk3}/share/gsettings-schemas/${pkgs.gtk3.name}"
# ];
};
environment.sessionVariables = {

10
profiles/workspace/zsh/default.nix
View File

@ -17,16 +17,18 @@
plugins = [
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = inputs.zsh-nix-shell;
file = "share/zsh-nix-shell/nix-shell.plugin.zsh";
src = pkgs.zsh-nix-shell;
}
{
name = "zsh-autosuggestions";
src = inputs.zsh-autosuggestions;
file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
src = pkgs.zsh-autosuggestions;
}
{
name = "you-should-use";
src = inputs.zsh-you-should-use;
file = "share/zsh/plugins/you-should-use/you-should-use.plugin.zsh";
src = pkgs.zsh-you-should-use;
}
{
name = "powerlevel10k-config";

1
roles/desktop.nix
View File

@ -6,7 +6,6 @@
applications-setup
hardware
services
sound
themes
virtualisation

8
todo.md
View File

@ -4,15 +4,19 @@
* telegram theme
* use theme engine from https://github.com/SenchoPens/senixos
* update waybar
* FIX Seadrive
* Firejail all the things
* change writeShellScript and writeShellScriptBin to writeShellApplication
* add asserts to autoinstall module
* fix mime, fix xray (update on vps), fix aria2
* add updateScript to my packages
* move overlay and packages to root folder
## Tips:
* Copy sparse files
```bash
dd if=srcFile of=dstFile iflag=direct oflag=direct bs=64K conv=sparse
dd if=$1 of=$2 iflag=direct oflag=direct bs=64K conv=sparse
```
* swap on zfs zvol (on encrypted dataset only!)