AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update and fixes

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-03-06 10:24:24 +03:00
parent 7679a8d356
commit 9e530e27e5
11 changed files with 179 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
flake.lock generated
View File

@ -1227,18 +1227,18 @@
"type": "github" "type": "github"
} }
}, },
"prism-launcher": { "prismlauncher": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_6",
"libnbtplusplus": "libnbtplusplus", "libnbtplusplus": "libnbtplusplus",
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1676722869, "lastModified": 1677785163,
"narHash": "sha256-xnq7tlul2mE1TKGjjUp3VX0wLsSyngdo2TWVdeTlqEE=", "narHash": "sha256-dQ2Ds/LW+s02euIdASfIoA/QRLJ+Qs1Rl4kPcFzA5dw=",
"owner": "AtaraxiaSjel", "owner": "AtaraxiaSjel",
"repo": "PrismLauncher", "repo": "PrismLauncher",
"rev": "cde8c63892072d79c63195f10ac7e81f9a21787d", "rev": "6019aaa14f792564ca84e4daded09ca92e56a1cd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1308,7 +1308,7 @@
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nur": "nur", "nur": "nur",
"prism-launcher": "prism-launcher", "prismlauncher": "prismlauncher",
"qbittorrent-ee": "qbittorrent-ee", "qbittorrent-ee": "qbittorrent-ee",
"rnix-lsp": "rnix-lsp", "rnix-lsp": "rnix-lsp",
"rycee": "rycee", "rycee": "rycee",

9
flake.nix
View File

@ -58,7 +58,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
prism-launcher.url = "github:AtaraxiaSjel/PrismLauncher/develop"; prismlauncher.url = "github:AtaraxiaSjel/PrismLauncher/develop";
qbittorrent-ee = { qbittorrent-ee = {
url = "github:c0re100/qBittorrent-Enhanced-Edition"; url = "github:c0re100/qBittorrent-Enhanced-Edition";
flake = false; flake = false;
@ -120,7 +120,12 @@
inherit self inputs; inherit self inputs;
supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
sharedPatches = patchesPath [ "mullvad-exclude-containers.patch" "gitea-208605.patch" ]; sharedPatches = patchesPath [
"mullvad-exclude-containers.patch"
"ydotoold.patch"
"gitea-208605.patch"
"waydroid-1.4.0.patch"
];
channelsConfig = { allowUnfree = true; }; channelsConfig = { allowUnfree = true; };
channels.unstable.input = nixpkgs; channels.unstable.input = nixpkgs;
channels.unstable.patches = patchesPath [ ] ++ sharedPatches; channels.unstable.patches = patchesPath [ ] ++ sharedPatches;

3
machines/AMD-Workstation/default.nix
View File

@ -86,8 +86,9 @@
home-manager.users.${config.mainuser} = { home-manager.users.${config.mainuser} = {
home.packages = lib.mkIf config.deviceSpecific.enableVirtualisation [ home.packages = lib.mkIf config.deviceSpecific.enableVirtualisation [
inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate
inputs.prism-launcher.packages.${pkgs.hostPlatform.system}.default # inputs.prismlauncher.packages.${pkgs.hostPlatform.system}.default
# pkgs.looking-glass-client # pkgs.looking-glass-client
pkgs.prismlauncher
pkgs.piper pkgs.piper
pkgs.osu-lazer-bin pkgs.osu-lazer-bin
pkgs.nixpkgs-review pkgs.nixpkgs-review

69
patches/gitea-forgejo.patch
View File

@ -1,69 +0,0 @@
diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix
index 14bf6aebb68..fa1cb66df19 100644
--- a/nixos/modules/services/misc/gitea.nix
+++ b/nixos/modules/services/misc/gitea.nix
@@ -512,7 +512,7 @@ in
cp -f ${configFile} ${runConfig}
if [ ! -s ${secretKey} ]; then
- ${gitea}/bin/gitea generate secret SECRET_KEY > ${secretKey}
+ ${getExe gitea} generate secret SECRET_KEY > ${secretKey}
fi
# Migrate LFS_JWT_SECRET filename
@@ -521,15 +521,15 @@ in
fi
if [ ! -s ${oauth2JwtSecret} ]; then
- ${gitea}/bin/gitea generate secret JWT_SECRET > ${oauth2JwtSecret}
+ ${getExe gitea} generate secret JWT_SECRET > ${oauth2JwtSecret}
fi
if [ ! -s ${lfsJwtSecret} ]; then
- ${gitea}/bin/gitea generate secret LFS_JWT_SECRET > ${lfsJwtSecret}
+ ${getExe gitea} generate secret LFS_JWT_SECRET > ${lfsJwtSecret}
fi
if [ ! -s ${internalToken} ]; then
- ${gitea}/bin/gitea generate secret INTERNAL_TOKEN > ${internalToken}
+ ${getExe gitea} generate secret INTERNAL_TOKEN > ${internalToken}
fi
chmod u+w '${runConfig}'
@@ -548,15 +548,15 @@ in
''}
# run migrations/init the database
- ${gitea}/bin/gitea migrate
+ ${getExe gitea} migrate
# update all hooks' binary paths
- ${gitea}/bin/gitea admin regenerate hooks
+ ${getExe gitea} admin regenerate hooks
# update command option in authorized_keys
if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
then
- ${gitea}/bin/gitea admin regenerate keys
+ ${getExe gitea} admin regenerate keys
fi
'';
@@ -565,7 +565,7 @@ in
User = cfg.user;
Group = "gitea";
WorkingDirectory = cfg.stateDir;
- ExecStart = "${gitea}/bin/gitea web --pid /run/gitea/gitea.pid";
+ ExecStart = "${getExe gitea} web --pid /run/gitea/gitea.pid";
Restart = "always";
# Runtime directory and mode
RuntimeDirectory = "gitea";
@@ -646,7 +646,7 @@ in
serviceConfig = {
Type = "oneshot";
User = cfg.user;
- ExecStart = "${gitea}/bin/gitea dump --type ${cfg.dump.type}" + optionalString (cfg.dump.file != null) " --file ${cfg.dump.file}";
+ ExecStart = "${getExe gitea} dump --type ${cfg.dump.type}" + optionalString (cfg.dump.file != null) " --file ${cfg.dump.file}";
WorkingDirectory = cfg.dump.backupDir;
};
};

265
patches/postfix-93305.patch
View File

@ -1,265 +0,0 @@
From 769237466abb4614cf203c3d5b9adafe49451a26 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Sat, 28 Dec 2019 12:51:41 +0300
Subject: [PATCH 1/4] nixos/postfix: enable sandboxing
---
nixos/modules/services/mail/postfix.nix | 73 ++++++++++++++++---------
1 file changed, 47 insertions(+), 26 deletions(-)
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index ad10ba1d9090d..a499f83971d8c 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -705,6 +705,34 @@ in
{ ${setgidGroup}.gid = config.ids.gids.postdrop;
};
+ systemd.tmpfiles.rules = [
+ "d '/var/lib/postfix' 0755 postfix postfix - -"
+ "d '/var/lib/postfix/conf' 0755 postfix postfix - -"
+ "d '/var/lib/postfix/data' 0750 postfix postfix - -"
+ "d '/var/lib/postfix/queue' 0755 postfix postfix - -"
+ "d '/var/lib/postfix/queue/active' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/bounce' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/corrupt' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/defer' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/deferred' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/flush' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/hold' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/incoming' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/maildrop' 0730 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/pid' 0755 postfix postfix - -"
+ "d '/var/lib/postfix/queue/private' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/public' 0710 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/saved' 0700 postfix postdrop - -"
+ "d '/var/lib/postfix/queue/trace' 0700 postfix postdrop - -"
+ "d '/var/spool/mail' 1777 root root - -"
+ "Z '/var/lib/postfix' - postfix postfix - -"
+ "Z '/var/lib/postfix/queue/maildrop' - postfix postdrop - -"
+ "Z '/var/lib/postfix/queue/public' - postfix postdrop - -"
+ "L+ '/var/mail' - - - - /var/spool/mail"
+ "L+ '/var/lib/postfix/conf/main.cf' - - - - ${mainCfFile}"
+ "L+ '/var/lib/postfix/conf/master.cf' - - - - ${masterCfFile}"
+ ];
+
systemd.services.postfix =
{ description = "Postfix mail server";
@@ -719,43 +747,36 @@ in
ExecStart = "${pkgs.postfix}/bin/postfix start";
ExecStop = "${pkgs.postfix}/bin/postfix stop";
ExecReload = "${pkgs.postfix}/bin/postfix reload";
+ # Capabilities
+ CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
+ # Security
+ NoNewPrivileges = true;
+ # Sandboxing
+ ProtectSystem = "full";
+ ProtectHome = true;
+ PrivateTmp = true;
+ PrivateDevices = true;
+ ProtectHostname = true;
+ ProtectKernelTunables = true;
+ ProtectKernelModules = true;
+ ProtectControlGroups = true;
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ RestrictRealtime = true;
+ PrivateMounts = true;
};
preStart = ''
- # Backwards compatibility
- if [ ! -d /var/lib/postfix ] && [ -d /var/postfix ]; then
- mkdir -p /var/lib
- mv /var/postfix /var/lib/postfix
- fi
-
- # All permissions set according ${pkgs.postfix}/etc/postfix/postfix-files script
- mkdir -p /var/lib/postfix /var/lib/postfix/queue/{pid,public,maildrop}
- chmod 0755 /var/lib/postfix
- chown root:root /var/lib/postfix
-
- rm -rf /var/lib/postfix/conf
- mkdir -p /var/lib/postfix/conf
- chmod 0755 /var/lib/postfix/conf
- ln -sf ${pkgs.postfix}/etc/postfix/postfix-files /var/lib/postfix/conf/postfix-files
- ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf
- ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf
-
${concatStringsSep "\n" (mapAttrsToList (to: from: ''
+ test -f '/var/lib/postfix/conf/${to}' || rm -f '/var/lib/postfix/conf/${to}'
ln -sf ${from} /var/lib/postfix/conf/${to}
${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to}
'') cfg.aliasFiles)}
${concatStringsSep "\n" (mapAttrsToList (to: from: ''
+ test -f '/var/lib/postfix/conf/${to}' || rm -f '/var/lib/postfix/conf/${to}'
ln -sf ${from} /var/lib/postfix/conf/${to}
${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/${to}
'') cfg.mapFiles)}
-
- mkdir -p /var/spool/mail
- chown root:root /var/spool/mail
- chmod a+rwxt /var/spool/mail
- ln -sf /var/spool/mail /var/
-
- #Finally delegate to postfix checking remain directories in /var/lib/postfix and set permissions on them
- ${pkgs.postfix}/bin/postfix set-permissions config_directory=/var/lib/postfix/conf
'';
};
From a4f4dd228823316959786e7fdaf137f6ca09c4ba Mon Sep 17 00:00:00 2001
From: Philipp Bartsch <phil@grmr.de>
Date: Sat, 18 Jul 2020 01:22:53 +0200
Subject: [PATCH 2/4] nixos/postfix: more sandboxing
---
nixos/modules/services/mail/postfix.nix | 65 +++++++++++++++----------
1 file changed, 40 insertions(+), 25 deletions(-)
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index a499f83971d8c..b9b9836813ddd 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -9,6 +9,25 @@ let
group = cfg.group;
setgidGroup = cfg.setgidGroup;
+ preStartScript = pkgs.writeScript "pre-start-script" ''
+ #!${pkgs.stdenv.shell}
+ set -euo pipefail
+
+ ${concatStringsSep "\n" (mapAttrsToList (to: from: ''
+ test -f '/var/lib/postfix/conf/${to}' || rm -f '/var/lib/postfix/conf/${to}'
+ ln -sf ${from} /var/lib/postfix/conf/${to}
+ ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to}
+ '') cfg.aliasFiles)}
+ ${concatStringsSep "\n" (mapAttrsToList (to: from: ''
+ test -f '/var/lib/postfix/conf/${to}' || rm -f '/var/lib/postfix/conf/${to}'
+ ln -sf ${from} /var/lib/postfix/conf/${to}
+ ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/${to}
+ '') cfg.mapFiles)}
+
+ # Finally delegate to postfix checking remain directories in /var/lib/postfix and set permissions on them
+ ${pkgs.postfix}/bin/postfix set-permissions config_directory=/var/lib/postfix/conf
+ '';
+
haveAliases = cfg.postmasterAlias != "" || cfg.rootAlias != ""
|| cfg.extraAliases != "";
haveTransport = cfg.transport != "";
@@ -747,37 +766,33 @@ in
ExecStart = "${pkgs.postfix}/bin/postfix start";
ExecStop = "${pkgs.postfix}/bin/postfix stop";
ExecReload = "${pkgs.postfix}/bin/postfix reload";
- # Capabilities
- CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
- # Security
+ ExecStartPre = "+${preStartScript}";
+
+ ReadWritePaths = [ "/var/lib/postfix" "/var/spool/mail" ];
+
+ CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID";
+ DevicePolicy = "closed";
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
- # Sandboxing
- ProtectSystem = "full";
- ProtectHome = true;
- PrivateTmp = true;
PrivateDevices = true;
+ PrivateMounts = true;
+ PrivateTmp = true;
+ ProtectClock = true;
+ ProtectControlGroups = true;
ProtectHostname = true;
- ProtectKernelTunables = true;
+ ProtectKernelLogs = true;
ProtectKernelModules = true;
- ProtectControlGroups = true;
- LockPersonality = true;
- MemoryDenyWriteExecute = true;
+ ProtectKernelTunables = true;
+ ProtectSystem = "full";
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK AF_UNIX";
+ RestrictNamespaces = true;
RestrictRealtime = true;
- PrivateMounts = true;
+ RestrictSUIDSGID = true;
+ SystemCallArchitectures = "native";
+ SystemCallFilter = [ "@system-service" "~@resources" ];
+ UMask = "0077";
};
-
- preStart = ''
- ${concatStringsSep "\n" (mapAttrsToList (to: from: ''
- test -f '/var/lib/postfix/conf/${to}' || rm -f '/var/lib/postfix/conf/${to}'
- ln -sf ${from} /var/lib/postfix/conf/${to}
- ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to}
- '') cfg.aliasFiles)}
- ${concatStringsSep "\n" (mapAttrsToList (to: from: ''
- test -f '/var/lib/postfix/conf/${to}' || rm -f '/var/lib/postfix/conf/${to}'
- ln -sf ${from} /var/lib/postfix/conf/${to}
- ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/${to}
- '') cfg.mapFiles)}
- '';
};
services.postfix.config = (mapAttrs (_: v: mkDefault v) {
From 0bf216e6268bccfabda21e9a9444934fe651db6a Mon Sep 17 00:00:00 2001
From: Philipp Bartsch <phil@grmr.de>
Date: Sun, 19 Jul 2020 14:25:24 +0200
Subject: [PATCH 3/4] nixos/postfix: fixup cosmetics
---
nixos/modules/services/mail/postfix.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index b9b9836813ddd..f039b2b6832ff 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -770,7 +770,7 @@ in
ReadWritePaths = [ "/var/lib/postfix" "/var/spool/mail" ];
- CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID";
+ CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
@@ -785,7 +785,7 @@ in
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "full";
- RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK AF_UNIX";
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
From 7b285fb877a7463fb769e8f57d0679eb7f0de8c0 Mon Sep 17 00:00:00 2001
From: Philipp Bartsch <phil@grmr.de>
Date: Tue, 21 Jul 2020 22:31:24 +0200
Subject: [PATCH 4/4] nixos/postfix: fix permission issue
---
nixos/modules/services/mail/postfix.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index f039b2b6832ff..3cd3b170e2f68 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -770,7 +770,7 @@ in
ReadWritePaths = [ "/var/lib/postfix" "/var/spool/mail" ];
- CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
+ CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;

37
patches/waydroid-1.4.0.patch Normal file
View File

@ -0,0 +1,37 @@
diff --git a/pkgs/os-specific/linux/waydroid/default.nix b/pkgs/os-specific/linux/waydroid/default.nix
index d01759e8ed6..8f15f1a2222 100644
--- a/pkgs/os-specific/linux/waydroid/default.nix
+++ b/pkgs/os-specific/linux/waydroid/default.nix
@@ -19,14 +19,14 @@
python3Packages.buildPythonApplication rec {
pname = "waydroid";
- version = "1.3.4";
+ version = "1.4.0";
format = "other";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
- sha256 = "sha256-0GBob9BUwiE5cFGdK8AdwsTjTOdc+AIWqUGN/gFfOqI=";
+ sha256 = "sha256-zm5CIJd4FBWHRVNT4ObuznI6+8+ACqunQ1g35OcESno=";
};
buildInputs = [
@@ -39,6 +39,7 @@ python3Packages.buildPythonApplication rec {
];
propagatedBuildInputs = with python3Packages; [
+ dbus-python
gbinder-python
pyclip
pygobject3
@@ -63,6 +64,7 @@ python3Packages.buildPythonApplication rec {
wrapPythonProgramsIn $out/lib/waydroid/ "${lib.concatStringsSep " " [
"$out"
+ python3Packages.dbus-python
python3Packages.gbinder-python
python3Packages.pygobject3
python3Packages.pyclip

58
patches/ydotoold.patch Normal file
View File

@ -0,0 +1,58 @@
From e0f8aaa755eda1fd65dbe5f330c3cdffacf97cc7 Mon Sep 17 00:00:00 2001
From: kraem <ebrin.ronnie@protonmail.com>
Date: Sun, 18 Sep 2022 22:53:08 +0200
Subject: [PATCH] nixos/ydotool: module init
---
nixos/modules/module-list.nix | 1 +
nixos/modules/programs/ydotool.nix | 29 +++++++++++++++++++
4 files changed, 39 insertions(+)
create mode 100644 nixos/modules/programs/ydotool.nix
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index dce6e878540d5..580d938030685 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -255,6 +255,7 @@
./programs/xss-lock.nix
./programs/xwayland.nix
./programs/yabar.nix
+ ./programs/ydotool.nix
./programs/zmap.nix
./programs/zsh/oh-my-zsh.nix
./programs/zsh/zsh-autoenv.nix
diff --git a/nixos/modules/programs/ydotool.nix b/nixos/modules/programs/ydotool.nix
new file mode 100644
index 0000000000000..f5996059a4c36
--- /dev/null
+++ b/nixos/modules/programs/ydotool.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+let
+ cfg = config.programs.ydotool;
+in
+
+{
+
+ options = {
+ programs.ydotool = {
+ enable = lib.mkEnableOption (lib.mdDoc "ydotool, a generic Linux command-line automation tool");
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+
+ environment.systemPackages = [ pkgs.ydotool ];
+
+ systemd.user.services.ydotoold = {
+ description = "Starts ydotoold service";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.ydotool}/bin/ydotoold -p $XDG_RUNTIME_DIR/ydotoold.sock";
+ Restart = "always";
+ };
+ };
+ };
+}
+

9
profiles/overlay.nix
View File

@ -36,12 +36,10 @@ with lib; {
tidal-dl = pkgs.callPackage ./packages/tidal-dl.nix { }; tidal-dl = pkgs.callPackage ./packages/tidal-dl.nix { };
tokyonight-gtk-theme = pkgs.callPackage ./packages/tokyonight-gtk-theme.nix { }; tokyonight-gtk-theme = pkgs.callPackage ./packages/tokyonight-gtk-theme.nix { };
tokyonight-icon-theme = pkgs.callPackage ./packages/tokyonight-icon-theme.nix { }; tokyonight-icon-theme = pkgs.callPackage ./packages/tokyonight-icon-theme.nix { };
vscode = master.vscode;
vscode-fhs = master.vscode-fhs;
xonar-fp = pkgs.callPackage ./packages/xonar-fp.nix { }; xonar-fp = pkgs.callPackage ./packages/xonar-fp.nix { };
youtube-to-mpv = pkgs.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; }; youtube-to-mpv = pkgs.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
vivaldi = master.vivaldi; vivaldi = master.vivaldi;
steam = prev.steam.override { steam = master.steam.override {
withJava = true; withJava = true;
extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ]; extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ];
}; };
@ -59,6 +57,11 @@ with lib; {
version = "enchanced-edition"; version = "enchanced-edition";
src = inputs.qbittorrent-ee; src = inputs.qbittorrent-ee;
}); });
prismlauncher = prev.prismlauncher.overrideAttrs (old: {
version = "git-master";
src = inputs.prismlauncher;
buildInputs = old.buildInputs ++ [ prev.cmark ];
});
nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: { nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: {
doInstallCheck = false; doInstallCheck = false;

25
profiles/packages/waydroid-script.nix
View File

@ -1,24 +1,33 @@
{ stdenv, lib, fetchFromGitHub, python3, lzip, sqlite, util-linux, makeBinaryWrapper }: { stdenv
let , lib
, fetchFromGitHub
, python3
, lzip
, sqlite
, util-linux
, makeBinaryWrapper
}: let
py = python3.withPackages (pythonPackages: with pythonPackages; [ py = python3.withPackages (pythonPackages: with pythonPackages; [
tqdm tqdm
requests requests
dbus-python
]); ]);
in stdenv.mkDerivation { in stdenv.mkDerivation {
name = "myscript"; name = "waydroid-script";
version = "git"; version = "master";
src = fetchFromGitHub { src = fetchFromGitHub {
repo = "waydroid_script"; repo = "waydroid_script";
owner = "AlukardBF"; owner = "casualsnek";
rev = "d8eaf667220c5ef72519280354d373a149e041a3"; rev = "2f4f056fb143e393756952ea74fe4b6c85a35cc1";
sha256 = "1m15x87c7pc7ag624zccjjb19ixki01c0pfr78myc8nbavi56lfz"; hash = "sha256-dYR22NtqHZ7Px4Q+oVEUw0Ke5+hOJSgwLEuTmpkM9T8=";
}; };
nativeBuildInputs = [ makeBinaryWrapper ]; nativeBuildInputs = [ makeBinaryWrapper ];
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp waydroid_extras.py $out/bin/waydroid-script cp -r {stuffs,tools} $out/bin
cp main.py $out/bin/waydroid-script
chmod +x $out/bin/waydroid-script chmod +x $out/bin/waydroid-script
sed -i '1i #!${py}/bin/python' $out/bin/waydroid-script sed -i '1i #!${py}/bin/python' $out/bin/waydroid-script
wrapProgram $out/bin/waydroid-script --prefix PATH : ${lib.makeBinPath [ lzip sqlite util-linux ]} wrapProgram $out/bin/waydroid-script --prefix PATH : ${lib.makeBinPath [ lzip sqlite util-linux ]}

45
profiles/workspace/hyprland/default.nix
View File

@ -21,6 +21,48 @@ let
${pkgs.grim}/bin/grim -g "$(${pkgs.slurp}/bin/slurp) - | ${pkgs.tesseract5}/bin/tesseract -l eng - - | ${pkgs.wl-clipboard}/bin/wl-copy" ${pkgs.grim}/bin/grim -g "$(${pkgs.slurp}/bin/slurp) - | ${pkgs.tesseract5}/bin/tesseract -l eng - - | ${pkgs.wl-clipboard}/bin/wl-copy"
''; '';
dh-macros = pkgs.writeShellScript "dh-macros" ''
FILE=/tmp/dh-macros-pid
if [[ ! -f "$FILE" ]]; then
YDOTOOL_SOCKET=$XDG_RUNTIME_DIR/.ydotool_socket
echo $$ > $FILE
var=9
while true; do
var=$((var + 1))
if [[ $var -eq 10 ]]; then
ydotool type 1; sleep 0.134;
var=0
fi
ydotool type 2; sleep 0.154;
ydotool type 3; sleep 0.164;
ydotool type 4; sleep 0.134;
done
else
kill -9 $(cat $FILE)
rm -f $FILE
fi
'';
wz-macros = pkgs.writeShellScript "wz-macros" ''
FILE=/tmp/wz-macros-pid
if [[ ! -f "$FILE" ]]; then
YDOTOOL_SOCKET=$XDG_RUNTIME_DIR/.ydotool_socket
echo $$ > $FILE
var=3
while true; do
var=$((var + 1))
if [[ $var -eq 4 ]]; then
ydotool type 2; sleep 0.134;
var=0
fi
ydotool type 1; sleep 0.354;
done
else
kill -9 $(cat $FILE)
rm -f $FILE
fi
'';
hyprpaper-pkg = inputs.hyprpaper.packages.${pkgs.hostPlatform.system}.hyprpaper; hyprpaper-pkg = inputs.hyprpaper.packages.${pkgs.hostPlatform.system}.hyprpaper;
in with config.deviceSpecific; with lib; { in with config.deviceSpecific; with lib; {
imports = [ inputs.hyprland.nixosModules.default ]; imports = [ inputs.hyprland.nixosModules.default ];
@ -257,6 +299,9 @@ in with config.deviceSpecific; with lib; {
bind=${modifier}ALT,b,movetoworkspace,name:Music bind=${modifier}ALT,b,movetoworkspace,name:Music
bind=${modifier}ALT,t,movetoworkspace,name:Messengers bind=${modifier}ALT,t,movetoworkspace,name:Messengers
bind=${modifier}ALT,Cyrillic_E,movetoworkspace,name:Messengers bind=${modifier}ALT,Cyrillic_E,movetoworkspace,name:Messengers
bind=${modifier}CTRL,c,exec,${dh-macros}
bind=${modifier}CTRL,x,exec,${wz-macros}
'' '' '' ''
windowrule=workspace name:Steam silent,Steam windowrule=workspace name:Steam silent,Steam
windowrule=workspace name:Music silent,Spotify windowrule=workspace name:Music silent,Spotify

2
profiles/workspace/misc.nix
View File

@ -12,6 +12,8 @@
services.dbus.packages = [ pkgs.pass-secret-service ]; services.dbus.packages = [ pkgs.pass-secret-service ];
xdg.portal.extraPortals = [ pkgs.pass-secret-service ]; xdg.portal.extraPortals = [ pkgs.pass-secret-service ];
programs.ydotool.enable = true;
home-manager.users.${config.mainuser} = { home-manager.users.${config.mainuser} = {
news.display = "silent"; news.display = "silent";
systemd.user.startServices = true; systemd.user.startServices = true;