diff --git a/.github/workflows/buildiso.yaml b/.github/workflows/buildiso.yaml index 67ac87d..2e86622 100644 --- a/.github/workflows/buildiso.yaml +++ b/.github/workflows/buildiso.yaml @@ -82,10 +82,11 @@ jobs: name: dcompass skipPush: true - - name: Update flake.lock, show drv, and calculate the hashes - id: update - run: | - nix flake update + # NOTE: Don't update automatically, it breaks build + # - name: Update flake.lock, show drv, and calculate the hashes + # id: update + # run: | + # nix flake update - name: Build LiveCD ISO image id: iso diff --git a/cfgs/deck/boot.nix b/cfgs/deck/boot.nix index 8784849..1bcba80 100644 --- a/cfgs/deck/boot.nix +++ b/cfgs/deck/boot.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ my.lanzaboote.enable = true; # Clean tmp folder which is a btrfs subvol @@ -7,7 +13,11 @@ # Create root on tmpfs fileSystems."/" = { fsType = "tmpfs"; - options = [ "defaults" "size=2G" "mode=755" ]; + options = [ + "defaults" + "size=2G" + "mode=755" + ]; }; fileSystems."/persist".neededForBoot = true; diff --git a/cfgs/deck/default.nix b/cfgs/deck/default.nix index 12446d9..a3a9330 100644 --- a/cfgs/deck/default.nix +++ b/cfgs/deck/default.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ imports = [ ./boot.nix ./networking.nix @@ -67,19 +73,27 @@ }; # Allow users in wheel to control sing-box without passwords. - security.sudo.extraRules = [{ - groups = [ "whell" ]; - commands = [ - { - command = "${startSingBox}"; - options = [ "NOPASSWD" "SETENV" ]; - } - { - command = "${stopSingBox}"; - options = [ "NOPASSWD" "SETENV" ]; - } - ]; - }]; + security.sudo.extraRules = [ + { + groups = [ "whell" ]; + commands = [ + { + command = "${startSingBox}"; + options = [ + "NOPASSWD" + "SETENV" + ]; + } + { + command = "${stopSingBox}"; + options = [ + "NOPASSWD" + "SETENV" + ]; + } + ]; + } + ]; my.home.ash = { extraPackages = with pkgs; [ @@ -123,7 +137,8 @@ # Extra files extraFiles = { - ".config/steam-rom-manager/userData/userConfigurations.json".source = ../../misc/blobs/steam-rom-manager/userConfigurations.json; + ".config/steam-rom-manager/userData/userConfigurations.json".source = + ../../misc/blobs/steam-rom-manager/userConfigurations.json; ".config/yuzu/qt-config.ini".source = ../../misc/blobs/yuzu/qt-config.ini; }; }; @@ -138,11 +153,11 @@ # Fonts fonts.packages = with pkgs; [ noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji fira-code fira-code-symbols - fira-code-nerdfont + nerd-fonts.fira-code # needed by steam to display CJK fonts wqy_zenhei ]; @@ -184,7 +199,10 @@ # Both git-credentials and zsh_hist_dir doesn't seem to play well with impermanence # NO sensitive task shall be carried out! # { directory = ".git_creds_dir"; mode = "0700"; } - { directory = ".zsh_hist_dir"; mode = "0700"; } + { + directory = ".zsh_hist_dir"; + mode = "0700"; + } # { directory = ".gnupg"; mode = "0700"; } # { directory = ".ssh"; mode = "0700"; } # { directory = ".local/share/keyrings"; mode = "0700"; } @@ -196,11 +214,9 @@ users = { mutableUsers = false; users = { - root.hashedPassword = - "$6$oNsoXzCopc6uxli4$vthBqdTNXtq8MWlWRHRGe6QZUMb7CtPWaTdXSOKszeTAtmjG5zE/JPd7F668VTiuOUtpiy1oy061N0LlxjtHD1"; + root.hashedPassword = "$6$oNsoXzCopc6uxli4$vthBqdTNXtq8MWlWRHRGe6QZUMb7CtPWaTdXSOKszeTAtmjG5zE/JPd7F668VTiuOUtpiy1oy061N0LlxjtHD1"; ash = { - hashedPassword = - "$y$j9T$yLdLVVEQoolJR9LNMYGl30$dNnh67D78jLz/YR9YXSR3i8efYd0QmI2ezo2h5v2W78"; + hashedPassword = "$y$j9T$yLdLVVEQoolJR9LNMYGl30$dNnh67D78jLz/YR9YXSR3i8efYd0QmI2ezo2h5v2W78"; shell = pkgs.zsh; isNormalUser = true; # wheel - sudo @@ -208,7 +224,10 @@ # video - light control # libvirtd - virtual manager controls. # docker - Docker control - extraGroups = [ "wheel" "networkmanager" ]; + extraGroups = [ + "wheel" + "networkmanager" + ]; }; }; }; diff --git a/cfgs/deck/i18n.nix b/cfgs/deck/i18n.nix index d5401ff..ff49ecf 100644 --- a/cfgs/deck/i18n.nix +++ b/cfgs/deck/i18n.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, config, ... }: { +{ + pkgs, + lib, + config, + ... +}: +{ my.timezone = { enable = true; path = "/etc/persisted-timezone"; diff --git a/cfgs/deck/networking.nix b/cfgs/deck/networking.nix index a973ac4..a321c74 100644 --- a/cfgs/deck/networking.nix +++ b/cfgs/deck/networking.nix @@ -1,4 +1,5 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ networking.resolvconf.useLocalResolver = true; networking.networkmanager = { @@ -17,24 +18,29 @@ level = "info"; }; - inbounds = [{ - type = "tun"; - # sing-box version is too old to support this - # address = [ - # "172.18.0.1/30" - # "fdfe:dcba:9876::1/126" - # ]; - inet4_address = "172.19.0.1/30"; - inet6_address = "fdfe:dcba:9876::1/126"; - auto_route = true; - strict_route = true; - # sniff = true; - # # Override IP addr with sniffed domain - # sniff_override_destination = true; - }]; + inbounds = [ + { + type = "tun"; + # sing-box version is too old to support this + # address = [ + # "172.18.0.1/30" + # "fdfe:dcba:9876::1/126" + # ]; + inet4_address = "172.19.0.1/30"; + inet6_address = "fdfe:dcba:9876::1/126"; + auto_route = true; + strict_route = true; + # sniff = true; + # # Override IP addr with sniffed domain + # sniff_override_destination = true; + } + ]; outbounds = [ - { type = "direct"; tag = "direct"; } + { + type = "direct"; + tag = "direct"; + } { _secret = config.age.secrets.sing-box.path; quote = false; diff --git a/cfgs/deck/security.nix b/cfgs/deck/security.nix index b0d2f99..835cc41 100644 --- a/cfgs/deck/security.nix +++ b/cfgs/deck/security.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, config, ... }: { +{ + pkgs, + lib, + config, + ... +}: +{ # sbctl database files age.secrets = { secureboot_guid = { diff --git a/cfgs/deck/services.nix b/cfgs/deck/services.nix index 7447a20..3af6591 100644 --- a/cfgs/deck/services.nix +++ b/cfgs/deck/services.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ # Enable SSH for remote access services.openssh = { enable = true; @@ -7,9 +13,11 @@ }; # Also the pub key used for age encryption - users.users.ash.openssh.authorizedKeys.keys = let keys = import ../../secrets/keys.nix; in [ keys.ash_pubkey ]; - - + users.users.ash.openssh.authorizedKeys.keys = + let + keys = import ../../secrets/keys.nix; + in + [ keys.ash_pubkey ]; ### Power and hardware # Enable fwupd service for firmware updates diff --git a/cfgs/img-deck/default.nix b/cfgs/img-deck/default.nix index b5a870d..501fe07 100644 --- a/cfgs/img-deck/default.nix +++ b/cfgs/img-deck/default.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: with lib; +{ + config, + lib, + pkgs, + ... +}: +with lib; { imports = [ ./networking.nix @@ -11,13 +17,23 @@ # This is a dummy key in ISO image, we shall not worry about its security. # Agenix breaks in LiveCD due to https://github.com/ryantm/agenix/issues/165. - age.identityPaths = [ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) ]; + age.identityPaths = [ + (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) + ]; # GPG agent that makes GPG work in LiveCD. programs.gnupg.agent.enable = true; # ZFS is currently broken on the latest kernel. Since we don't use it, it's fine to disable it. - boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + boot.supportedFilesystems = lib.mkForce [ + "btrfs" + "reiserfs" + "vfat" + "f2fs" + "xfs" + "ntfs" + "cifs" + ]; # Needed for boot! Otherwise the initrd couldn't mount the root on hub. boot.initrd.availableKernelModules = [ "hub" ]; @@ -32,18 +48,21 @@ inputMethod = { enable = true; type = "ibus"; - ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ]; + ibus.engines = with pkgs.ibus-engines; [ + libpinyin + typing-booster + ]; }; }; # Fonts fonts.packages = with pkgs; [ noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji fira-code fira-code-symbols - fira-code-nerdfont + nerd-fonts.fira-code ]; isoImage.edition = "gnome"; @@ -108,20 +127,23 @@ # This is a LiveCD, please don't enable disk config in NixOS. disko.enableConfig = false; - environment.systemPackages = with pkgs; let - create-disko-pkg = name: path: (runCommandLocal "disko-${name}" { } '' - mkdir -p $out/bin - install ${path} $out/bin/disko-${name} - ''); - in - [ - (writeShellScriptBin "install-script" - (builtins.readFile ./install.sh)) - - (create-disko-pkg "main" config.system.build.diskoScript) - (create-disko-pkg "format" config.system.build.formatScript) - (create-disko-pkg "mount" config.system.build.mountScript) - ]; + environment.systemPackages = + with pkgs; + let + create-disko-pkg = + name: path: + (runCommandLocal "disko-${name}" { } '' + mkdir -p $out/bin + install ${path} $out/bin/disko-${name} + ''); + in + [ + (writeShellScriptBin "install-script" (builtins.readFile ./install.sh)) + + (create-disko-pkg "main" config.system.build.diskoScript) + (create-disko-pkg "format" config.system.build.formatScript) + (create-disko-pkg "mount" config.system.build.mountScript) + ]; users.users.nixos = { shell = pkgs.zsh; diff --git a/cfgs/img-deck/networking.nix b/cfgs/img-deck/networking.nix index 3aa2cc2..3ffc33d 100644 --- a/cfgs/img-deck/networking.nix +++ b/cfgs/img-deck/networking.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ # Use local DNS server all the time networking.resolvconf.useLocalResolver = true; diff --git a/cfgs/img-x1c7/default.nix b/cfgs/img-x1c7/default.nix index f3a5742..fc18599 100644 --- a/cfgs/img-x1c7/default.nix +++ b/cfgs/img-x1c7/default.nix @@ -1,4 +1,11 @@ -{ inputs, config, lib, pkgs, ... }: with lib; +{ + inputs, + config, + lib, + pkgs, + ... +}: +with lib; { imports = [ ./networking.nix @@ -13,13 +20,23 @@ # This is a dummy key in ISO image, we shall not worry about its security. # Agenix breaks in LiveCD due to https://github.com/ryantm/agenix/issues/165. - age.identityPaths = [ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) ]; + age.identityPaths = [ + (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) + ]; # GPG agent that makes GPG work in LiveCD. programs.gnupg.agent.enable = true; # ZFS is currently broken on the latest kernel. Since we don't use it, it's fine to disable it. - boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + boot.supportedFilesystems = lib.mkForce [ + "btrfs" + "reiserfs" + "vfat" + "f2fs" + "xfs" + "ntfs" + "cifs" + ]; # Set internationalisation properties. console = { @@ -31,18 +48,21 @@ inputMethod = { enable = true; type = "ibus"; - ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ]; + ibus.engines = with pkgs.ibus-engines; [ + libpinyin + typing-booster + ]; }; }; # Fonts fonts.packages = with pkgs; [ noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji fira-code fira-code-symbols - fira-code-nerdfont + nerd-fonts.fira-code ]; isoImage.edition = "gnome"; @@ -94,29 +114,36 @@ dnsutils smartmontools ]; - extraDconf = let hm = inputs.home-manager.lib.hm; in { - "org/gnome/desktop/interface"."scaling-factor" = hm.gvariant.mkUint32 2; - }; + extraDconf = + let + hm = inputs.home-manager.lib.hm; + in + { + "org/gnome/desktop/interface"."scaling-factor" = hm.gvariant.mkUint32 2; + }; }; disko.devices = (import ./../../modules/disko/disk.nix { }); # This is a LiveCD, please don't enable disk config in NixOS. disko.enableConfig = false; - environment.systemPackages = with pkgs; let - create-disko-pkg = name: path: (runCommandLocal "disko-${name}" { } '' - mkdir -p $out/bin - install ${path} $out/bin/disko-${name} - ''); - in - [ - (writeShellScriptBin "install-script" - (builtins.readFile ./install.sh)) - - (create-disko-pkg "main" config.system.build.diskoScript) - (create-disko-pkg "format" config.system.build.formatScript) - (create-disko-pkg "mount" config.system.build.mountScript) - ]; + environment.systemPackages = + with pkgs; + let + create-disko-pkg = + name: path: + (runCommandLocal "disko-${name}" { } '' + mkdir -p $out/bin + install ${path} $out/bin/disko-${name} + ''); + in + [ + (writeShellScriptBin "install-script" (builtins.readFile ./install.sh)) + + (create-disko-pkg "main" config.system.build.diskoScript) + (create-disko-pkg "format" config.system.build.formatScript) + (create-disko-pkg "mount" config.system.build.mountScript) + ]; users.users.nixos.shell = pkgs.zsh; programs.zsh.enable = true; diff --git a/cfgs/img-x1c7/networking.nix b/cfgs/img-x1c7/networking.nix index e717acd..fbc548f 100644 --- a/cfgs/img-x1c7/networking.nix +++ b/cfgs/img-x1c7/networking.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ # Use local DNS server all the time networking.resolvconf.useLocalResolver = true; diff --git a/cfgs/shards/default.nix b/cfgs/shards/default.nix index b97fcf7..074b0b1 100644 --- a/cfgs/shards/default.nix +++ b/cfgs/shards/default.nix @@ -5,7 +5,13 @@ # # HOW TO DEPLOY # `deploy .#shards --ssh-opts="-i ~/ash_ed25519"` -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ imports = [ ./secrets.nix ./hardware.nix @@ -20,7 +26,10 @@ time.timeZone = "Europe/London"; # Firewall options - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # This is required to push "unsigned" nix store paths. We only allow wheel group to do so to limit the attack surface. nix.settings.trusted-users = [ "@wheel" ]; @@ -41,7 +50,11 @@ fileSystems."/" = { fsType = "tmpfs"; - options = [ "defaults" "size=1G" "mode=755" ]; + options = [ + "defaults" + "size=1G" + "mode=755" + ]; }; fileSystems."/persist".neededForBoot = true; @@ -65,7 +78,11 @@ }; }; - environment.systemPackages = with pkgs; [ coreutils-full gitMinimal curl ]; + environment.systemPackages = with pkgs; [ + coreutils-full + gitMinimal + curl + ]; users = { # Let users be immutable/declarative @@ -73,11 +90,9 @@ # Note: these are only basic users, users for specific profiles/services, e.g. networking services' pseudo users are declared seperately # Note: for portable usages, passwords should be changed here. users = { - root.hashedPassword = - "$6$EKVU.ASDFD1ehd$HhL4g2ZSAKy7w5hOZPcrzxcd3R3axmx6Ku/xL6lvoGy1kJ1flTpxXEPNO/wxCYaxGQHt2Nt5VsY5VBmWU1dAV/"; + root.hashedPassword = "$6$EKVU.ASDFD1ehd$HhL4g2ZSAKy7w5hOZPcrzxcd3R3axmx6Ku/xL6lvoGy1kJ1flTpxXEPNO/wxCYaxGQHt2Nt5VsY5VBmWU1dAV/"; ash = { - hashedPassword = - "$6$/DrCzjENUCPZ$3YWcERAWSkLiZYG8YMeyDDo6j8mJ517MZ3GmEplLeF4HVw8125.k2qEsLgNmS1IyHK7VhyaRv7Rd4azsT.nEy."; + hashedPassword = "$6$/DrCzjENUCPZ$3YWcERAWSkLiZYG8YMeyDDo6j8mJ517MZ3GmEplLeF4HVw8125.k2qEsLgNmS1IyHK7VhyaRv7Rd4azsT.nEy."; isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. }; diff --git a/cfgs/shards/disk-config.nix b/cfgs/shards/disk-config.nix index d7b53e7..90a1a3d 100644 --- a/cfgs/shards/disk-config.nix +++ b/cfgs/shards/disk-config.nix @@ -38,19 +38,31 @@ # Mountpoints now must be explicitly stated "/persist" = { mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/persist/home" = { mountpoint = "/persist/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/tmp" = { mountpoint = "/tmp"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; }; }; diff --git a/cfgs/shards/hardware.nix b/cfgs/shards/hardware.nix index 3cb4bc5..f544331 100644 --- a/cfgs/shards/hardware.nix +++ b/cfgs/shards/hardware.nix @@ -1,12 +1,22 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/cfgs/shards/secrets.nix b/cfgs/shards/secrets.nix index 14fcef1..e384e70 100644 --- a/cfgs/shards/secrets.nix +++ b/cfgs/shards/secrets.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, config, ... }: { +{ + pkgs, + lib, + config, + ... +}: +{ # v2ray config age.secrets.v2ray_config = { file = ../../secrets/v2ray_shards.age; diff --git a/cfgs/shards/services.nix b/cfgs/shards/services.nix index 85150c4..9071813 100644 --- a/cfgs/shards/services.nix +++ b/cfgs/shards/services.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ # Enable SSH for remote access services.openssh = { enable = true; @@ -7,7 +8,11 @@ }; # Also the pub key used for age encryption - users.users.ash.openssh.authorizedKeys.keys = let keys = import ../../secrets/keys.nix; in [ keys.ash_pubkey ]; + users.users.ash.openssh.authorizedKeys.keys = + let + keys = import ../../secrets/keys.nix; + in + [ keys.ash_pubkey ]; services.tor = { enable = true; @@ -19,10 +24,12 @@ settings = { ContactInfo = "dontcontact@cia.gov"; # Nickname = "toradmin"; - ORPort = [{ - port = 8002; - flags = [ "IPv4Only" ]; - }]; + ORPort = [ + { + port = 8002; + flags = [ "IPv4Only" ]; + } + ]; # ServerTransportPlugins are automatically set by nixpkgs ServerTransportListenAddr = "obfs4 0.0.0.0:8003"; AccountingStart = "week 1 10:00"; diff --git a/cfgs/x1c7/boot.nix b/cfgs/x1c7/boot.nix index 49a117f..64950b5 100644 --- a/cfgs/x1c7/boot.nix +++ b/cfgs/x1c7/boot.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ my.lanzaboote.enable = true; # Clean tmp folder which is a btrfs subvol @@ -7,7 +13,11 @@ # Create root on tmpfs fileSystems."/" = { fsType = "tmpfs"; - options = [ "defaults" "size=2G" "mode=755" ]; + options = [ + "defaults" + "size=2G" + "mode=755" + ]; }; fileSystems."/persist".neededForBoot = true; diff --git a/cfgs/x1c7/default.nix b/cfgs/x1c7/default.nix index cf776c8..e829e4d 100644 --- a/cfgs/x1c7/default.nix +++ b/cfgs/x1c7/default.nix @@ -1,4 +1,11 @@ -{ inputs, lib, config, pkgs, ... }: { +{ + inputs, + lib, + config, + pkgs, + ... +}: +{ imports = [ ./boot.nix ./hardware.nix @@ -24,7 +31,7 @@ # Not very useful as SecureBoot already ensures that we are booting trustworthy kernels. # WARN: Still could be dangerous as Microsoft key is present and someone could boot Ubuntu and decrypt the disk. - # 9 # Hash of the initrd and EFI Load Options + # 9 # Hash of the initrd and EFI Load Options # 11 # Hash of the unified kernel image ]; @@ -68,7 +75,7 @@ tdesktop htop qbittorrent - # zoom-us + zoom-us thunderbird-bin pavucontrol dnsperf @@ -94,14 +101,21 @@ (final: prev: { # Patch mathematica to solve "libdbus not found" error. # Also pin it to a specific commit to prevent from rebuilding. - mathematica_13_3_1 = (prev.mathematica.overrideAttrs (_: prevAttrs: { - wrapProgramFlags = prevAttrs.wrapProgramFlags ++ [ "--prefix LD_LIBRARY_PATH : ${prev.lib.makeLibraryPath [ prev.dbus.lib ]}" ]; - })).override { - version = "13.3.1"; - }; + mathematica_13_3_1 = + (prev.mathematica.overrideAttrs ( + _: prevAttrs: { + wrapProgramFlags = prevAttrs.wrapProgramFlags ++ [ + "--prefix LD_LIBRARY_PATH : ${prev.lib.makeLibraryPath [ prev.dbus.lib ]}" + ]; + } + )).override + { + version = "13.3.1"; + }; }) ]; }).mathematica_13_3_1 + coyim uxplay zotero ]; @@ -113,11 +127,11 @@ # Fonts fonts.packages = with pkgs; [ noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji fira-code fira-code-symbols - fira-code-nerdfont + nerd-fonts.fira-code ]; environment.persistence."/persist" = { @@ -152,16 +166,32 @@ ".mozilla" ".thunderbird" ".config/qBittorrent" + ".config/coyim" ".config/Zulip" ".julia" ".Mathematica" "org-files" # Both git-credentials and zsh_hist_dir doesn't seem to play well with impermanence - { directory = ".git_creds_dir"; mode = "0700"; } - { directory = ".zsh_hist_dir"; mode = "0700"; } - { directory = ".gnupg"; mode = "0700"; } - { directory = ".ssh"; mode = "0700"; } - { directory = ".local/share/keyrings"; mode = "0700"; } + { + directory = ".git_creds_dir"; + mode = "0700"; + } + { + directory = ".zsh_hist_dir"; + mode = "0700"; + } + { + directory = ".gnupg"; + mode = "0700"; + } + { + directory = ".ssh"; + mode = "0700"; + } + { + directory = ".local/share/keyrings"; + mode = "0700"; + } ]; }; }; @@ -169,11 +199,9 @@ users = { mutableUsers = false; users = { - root.hashedPassword = - "$6$TqNkihvO4K$x.qSUVbLQ9.IfAc9tOQawDzVdHJtQIcKrJpBCBR.wMuQ8qfbbbm9bN7JNMgneYnNPzAi2k9qXk0klhTlRgGnk0"; + root.hashedPassword = "$6$TqNkihvO4K$x.qSUVbLQ9.IfAc9tOQawDzVdHJtQIcKrJpBCBR.wMuQ8qfbbbm9bN7JNMgneYnNPzAi2k9qXk0klhTlRgGnk0"; ash = { - hashedPassword = - "$6$FAs.ZfxAkhAK0ted$/aHwa39iJ6wsZDCxoJVjedhfPZ0XlmgKcxkgxGDE.hw3JlCjPHmauXmQAZUlF8TTUGgxiOJZcbYSPsW.QBH5F."; + hashedPassword = "$6$FAs.ZfxAkhAK0ted$/aHwa39iJ6wsZDCxoJVjedhfPZ0XlmgKcxkgxGDE.hw3JlCjPHmauXmQAZUlF8TTUGgxiOJZcbYSPsW.QBH5F."; shell = pkgs.zsh; isNormalUser = true; # wheel - sudo @@ -182,7 +210,12 @@ # libvirtd - virtual manager controls. # docker - Docker control # tss - TPM2 control - extraGroups = [ "wheel" "networkmanager" "wireshark" "tss" ]; + extraGroups = [ + "wheel" + "networkmanager" + "wireshark" + "tss" + ]; }; }; }; diff --git a/cfgs/x1c7/hardware.nix b/cfgs/x1c7/hardware.nix index 33d4d13..a152e7c 100644 --- a/cfgs/x1c7/hardware.nix +++ b/cfgs/x1c7/hardware.nix @@ -3,8 +3,12 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; # Needed for boot! we didn't include these for steamdeck as Jovian did these for us. - boot.initrd.availableKernelModules = - [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/cfgs/x1c7/i18n.nix b/cfgs/x1c7/i18n.nix index 29a2fdc..da41316 100644 --- a/cfgs/x1c7/i18n.nix +++ b/cfgs/x1c7/i18n.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, config, ... }: { +{ + pkgs, + lib, + config, + ... +}: +{ my.timezone = { enable = true; path = "/etc/persisted-timezone"; @@ -14,7 +20,10 @@ inputMethod = { enable = true; type = "ibus"; - ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ]; + ibus.engines = with pkgs.ibus-engines; [ + libpinyin + typing-booster + ]; }; }; } diff --git a/cfgs/x1c7/networking.nix b/cfgs/x1c7/networking.nix index 1bc3ad8..22e8c71 100644 --- a/cfgs/x1c7/networking.nix +++ b/cfgs/x1c7/networking.nix @@ -1,4 +1,5 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ networking.resolvconf.useLocalResolver = true; networking.networkmanager = { @@ -20,24 +21,29 @@ level = "info"; }; - inbounds = [{ - type = "tun"; - # sing-box version is too old to support this - # address = [ - # "172.18.0.1/30" - # "fdfe:dcba:9876::1/126" - # ]; - inet4_address = "172.19.0.1/30"; - inet6_address = "fdfe:dcba:9876::1/126"; - auto_route = true; - strict_route = true; - # sniff = true; - # # Override IP addr with sniffed domain - # sniff_override_destination = true; - }]; + inbounds = [ + { + type = "tun"; + # sing-box version is too old to support this + # address = [ + # "172.18.0.1/30" + # "fdfe:dcba:9876::1/126" + # ]; + inet4_address = "172.19.0.1/30"; + inet6_address = "fdfe:dcba:9876::1/126"; + auto_route = true; + strict_route = true; + # sniff = true; + # # Override IP addr with sniffed domain + # sniff_override_destination = true; + } + ]; outbounds = [ - { type = "direct"; tag = "direct"; } + { + type = "direct"; + tag = "direct"; + } { _secret = config.age.secrets.sing-box.path; quote = false; @@ -54,7 +60,7 @@ { process_name = "dcompass"; } { process_name = "NetworkManager"; } { process_name = "steam"; } - { process_name = "qbittorrent"; } + # { process_name = "qbittorrent"; } ]; outbound = "direct"; } diff --git a/cfgs/x1c7/security.nix b/cfgs/x1c7/security.nix index b0d2f99..835cc41 100644 --- a/cfgs/x1c7/security.nix +++ b/cfgs/x1c7/security.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, config, ... }: { +{ + pkgs, + lib, + config, + ... +}: +{ # sbctl database files age.secrets = { secureboot_guid = { diff --git a/cfgs/x1c7/services.nix b/cfgs/x1c7/services.nix index 98ab891..f6ef028 100644 --- a/cfgs/x1c7/services.nix +++ b/cfgs/x1c7/services.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ ### Power and hardware # Enable fwupd service for firmware updates services.fwupd.enable = true; @@ -16,18 +22,18 @@ ### Sound and graphics # This uses pipewire and conflicts with pulseaudio - services.gnome.gnome-remote-desktop.enable = false; - # Have to additionally disable pipewire: https://github.com/NixOS/nixpkgs/commit/438fd16359cf30090c66d3748727829afa90e814 - services.pipewire.enable = false; - # Configuration of pulseaudio to facilitate bluetooth headphones and Steam. - hardware.pulseaudio = { - enable = true; - # 32 bit support for steam. - support32Bit = true; - # NixOS allows either a lightweight build (default) or full build of PulseAudio to be installed. - # Only the full build has Bluetooth support, so it must be selected here. - package = pkgs.pulseaudioFull; - }; + # services.gnome.gnome-remote-desktop.enable = false; + # # Have to additionally disable pipewire: https://github.com/NixOS/nixpkgs/commit/438fd16359cf30090c66d3748727829afa90e814 + # services.pipewire.enable = false; + # # Configuration of pulseaudio to facilitate bluetooth headphones and Steam. + # hardware.pulseaudio = { + # enable = true; + # # 32 bit support for steam. + # support32Bit = true; + # # NixOS allows either a lightweight build (default) or full build of PulseAudio to be installed. + # # Only the full build has Bluetooth support, so it must be selected here. + # package = pkgs.pulseaudioFull; + # }; # OpenGL 32 bit support for steam hardware.graphics.enable32Bit = true; diff --git a/flake.lock b/flake.lock index 37d44d4..8a866b5 100644 --- a/flake.lock +++ b/flake.lock @@ -99,11 +99,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1687138261, - "narHash": "sha256-wFM3GV41P0fCAJ9lkhcZYolPfOYpbIVK5gZS3k3hA8s=", + "lastModified": 1730570373, + "narHash": "sha256-A0x3M4b3FrK4HJHNKyTIkN8+So2pOTYGo/gkOTcxz2s=", "owner": "compassd", "repo": "dcompass", - "rev": "6b645d6c2fc7b08872dd823d2a25eb8ceb0c37de", + "rev": "68315d0052aa2887c6d6d995b46dd316cf49d571", "type": "github" }, "original": { @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1722113426, - "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1726524467, - "narHash": "sha256-xkPPPvfHhHK7BNX5ZrQ9N6AIEixCmFzRZHduDf0zv30=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "22ee467a54a3ab7fa9d637ccad5330c6c087e9dc", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -310,11 +310,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -401,25 +401,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_7" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_9" + "systems": "systems_8" }, "locked": { "lastModified": 1710146030, @@ -435,16 +417,16 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_5": { "inputs": { - "systems": "systems_10" + "systems": "systems_9" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -453,16 +435,16 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_6": { "inputs": { - "systems": "systems_12" + "systems": "systems_11" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -479,11 +461,11 @@ "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1734425854, + "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d", "type": "github" }, "original": { @@ -512,11 +494,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -686,11 +668,11 @@ ] }, "locked": { - "lastModified": 1726440980, - "narHash": "sha256-ChhIrjtdu5d83W+YDRH+Ec5g1MmM0xk6hJnkz15Ot7M=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -708,11 +690,11 @@ ] }, "locked": { - "lastModified": 1726357542, - "narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=", + "lastModified": 1734093295, + "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", "owner": "nix-community", "repo": "home-manager", - "rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f", + "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", "type": "github" }, "original": { @@ -723,11 +705,11 @@ }, "impermanence": { "locked": { - "lastModified": 1725690722, - "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -736,6 +718,36 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "vimrc", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "vimrc", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "jovian": { "inputs": { "nix-github-actions": "nix-github-actions", @@ -744,11 +756,11 @@ ] }, "locked": { - "lastModified": 1726115155, - "narHash": "sha256-VDylz5VX4JD4/TZv6xUJDwuvNdgLRGoOpue1dlZGdIQ=", + "lastModified": 1734162608, + "narHash": "sha256-m2AX+3eiVqIK6uO7GbGY7SFnkkYOlR5fQiNI0eRvWOQ=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "02cf60ce20b6034fc0459e5116cec7016aaff6e4", + "rev": "31bdf4c7c91204d65afbde01146deee0259a8fb7", "type": "github" }, "original": { @@ -762,7 +774,7 @@ "crane": "crane", "flake-compat": "flake-compat_3", "flake-parts": "flake-parts", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], @@ -793,11 +805,11 @@ ] }, "locked": { - "lastModified": 1726188813, - "narHash": "sha256-Vop/VRi6uCiScg/Ic+YlwsdIrLabWUJc57dNczp0eBc=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "21fe31f26473c180390cfa81e3ea81aca0204c80", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -814,11 +826,11 @@ ] }, "locked": { - "lastModified": 1690328911, - "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=", + "lastModified": 1729697500, + "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", "owner": "zhaofengli", "repo": "nix-github-actions", - "rev": "96df4a39c52f53cb7098b923224d8ce941b64747", + "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", "type": "github" }, "original": { @@ -846,14 +858,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1725233747, - "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-mathematica": { @@ -938,11 +950,11 @@ }, "nixpkgs-stable_5": { "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { @@ -954,11 +966,11 @@ }, "nixpkgs-stable_6": { "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { @@ -970,11 +982,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681358109, - "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", + "lastModified": 1728538411, + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", "type": "github" }, "original": { @@ -986,11 +998,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1726463316, - "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -1002,11 +1014,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1719082008, - "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=", + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9693852a2070b398ee123a329e68f0dab5526681", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", "type": "github" }, "original": { @@ -1032,11 +1044,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1726502324, - "narHash": "sha256-I/WFSIBeIjlY3CgSJ6IRYxP2aEJ6b42Y1HAeATlBh48=", + "lastModified": 1734446876, + "narHash": "sha256-cGZBeTh+9pChvz0phepOzM+NK7QVl0Cp5EPBlh1l5xc=", "owner": "nix-community", "repo": "nixvim", - "rev": "2e3083e42509c399b224239f6d7fa17976b18536", + "rev": "f4b7fd46f6caf984fdfc41281792eac7b7ab8f24", "type": "github" }, "original": { @@ -1047,7 +1059,8 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_6", + "ixx": "ixx", "nixpkgs": [ "vimrc", "nixvim", @@ -1055,11 +1068,11 @@ ] }, "locked": { - "lastModified": 1726392886, - "narHash": "sha256-9RtOuG7V8KG8IU8nZje5EQ1WSM/inr7+zb3tAgTiHDM=", + "lastModified": 1733773348, + "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", "owner": "NuschtOS", "repo": "search", - "rev": "97d34b70deed4878fcb2449ac89dab717d72efa1", + "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", "type": "github" }, "original": { @@ -1071,17 +1084,17 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1718252448, - "narHash": "sha256-xZZBdKqe1ByITzvx65pVgGQ5jeb73MybjgrcfI84lEo=", + "lastModified": 1732501185, + "narHash": "sha256-Z0BpHelaGQsE5VD9hBsBHsvMU9h+Xt0kfkDJyFivZOU=", "owner": "berberman", "repo": "nvfetcher", - "rev": "fa7609950023462c6f91c425de7610c0bb6b86ba", + "rev": "bdb14eab6fe9cefc29efe01e60c3a3f616d6b62a", "type": "github" }, "original": { @@ -1194,11 +1207,11 @@ "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1734425854, + "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d", "type": "github" }, "original": { @@ -1227,15 +1240,14 @@ }, "rust-overlay": { "inputs": { - "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1687055571, - "narHash": "sha256-UvLoO6u5n9TzY80BpM4DaacxvyJl7u9mm9CA72d309g=", + "lastModified": 1730514457, + "narHash": "sha256-cjFX208s9pyaOfMvF9xI6WyafyXINqdhMF7b1bMQpLI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2de557c780dcb127128ae987fca9d6c2b0d7dc0f", + "rev": "1ff38ca26eb31858e4dfe7fe738b6b3ce5d74922", "type": "github" }, "original": { @@ -1314,21 +1326,6 @@ "type": "github" } }, - "systems_12": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1458,11 +1455,11 @@ ] }, "locked": { - "lastModified": 1725271838, - "narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { @@ -1550,14 +1547,14 @@ }, "utils_3": { "inputs": { - "systems": "systems_8" + "systems": "systems_7" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -1568,14 +1565,14 @@ }, "utils_4": { "inputs": { - "systems": "systems_11" + "systems": "systems_10" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -1594,11 +1591,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1726543792, - "narHash": "sha256-M/3Rr8WODiDxZsm/o+HbDBPNoEmweApAjHnRtwrNCbE=", + "lastModified": 1734454113, + "narHash": "sha256-+F9kb5zh40gcZ8qxydUAFHipYwK9kw6ZUqelyREgedA=", "owner": "LEXUGE", "repo": "vimrc", - "rev": "5e85162e963d5d16a6b88cc1382d5f050adf93ec", + "rev": "430b0d84c6c7c4230f0e2fdcc1acd4b83438cf1c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e97b4db..c16190a 100644 --- a/flake.nix +++ b/flake.nix @@ -59,215 +59,273 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-mathematica, utils, nvfetcher, dcompass, impermanence, vimrc, ash-emacs, home-manager, agenix, disko, jovian, lanzaboote, pre-commit-hooks }@inputs: with utils.lib; let - lib = nixpkgs.lib; + outputs = + { + self, + nixpkgs, + nixpkgs-mathematica, + utils, + nvfetcher, + dcompass, + impermanence, + vimrc, + ash-emacs, + home-manager, + agenix, + disko, + jovian, + lanzaboote, + pre-commit-hooks, + }@inputs: + with utils.lib; + let + lib = nixpkgs.lib; - mkSystem = { name, extraMods ? [ ], extraOverlays ? [ ], extraSubstituters ? [ ], extraPublicKeys ? [ ], system }: (lib.nixosSystem { - inherit system; - modules = [ - ./cfgs/${name} - ({ pkgs, config, ... }: { - config = { - nixpkgs.overlays = [ self.overlays.default ] ++ extraOverlays; - nix.settings = { - substituters = [ "https://dcompass.cachix.org" "https://nix-community.cachix.org" "https://lexuge.cachix.org" ] ++ extraSubstituters; - trusted-public-keys = [ dcompass.publicKey "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" self.publicKey ] ++ extraPublicKeys; - trusted-users = [ "@wheel" ]; + mkSystem = + { + name, + extraMods ? [ ], + extraOverlays ? [ ], + extraSubstituters ? [ ], + extraPublicKeys ? [ ], + system, + }: + (lib.nixosSystem { + inherit system; + modules = [ + ./cfgs/${name} + ( + { pkgs, config, ... }: + { + config = { + nixpkgs.overlays = [ self.overlays.default ] ++ extraOverlays; + nix.settings = { + substituters = [ + "https://dcompass.cachix.org" + "https://nix-community.cachix.org" + "https://lexuge.cachix.org" + ] ++ extraSubstituters; + trusted-public-keys = [ + dcompass.publicKey + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + self.publicKey + ] ++ extraPublicKeys; + trusted-users = [ "@wheel" ]; + }; + nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; + nix.package = pkgs.nixVersions.latest; + }; + } + ) + ] ++ extraMods; + specialArgs = { inherit inputs; }; + }); + in + nixpkgs.lib.recursiveUpdate + rec { + # Use the default overlay to export all packages under ./pkgs + overlays = { + default = + final: prev: + (import ./pkgs { + inherit (prev) lib; + pkgs = prev; + overlay = true; + }); + # NOTE: Currently not used, but put here as an example + pidgin = final: prev: { + pidgin-with-plugins = prev.pidgin.override { + plugins = [ prev.pidgin-otr ]; }; - nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; - nix.package = pkgs.nixVersions.latest; }; - }) - ] ++ extraMods; - specialArgs = { inherit inputs; }; - }); - in - nixpkgs.lib.recursiveUpdate - rec { - # Use the default overlay to export all packages under ./pkgs - overlays = { - default = final: prev: - (import ./pkgs { - inherit (prev) lib; - pkgs = prev; - overlay = true; - }); - }; + }; - # Export modules under ./modules as NixOS modules - nixosModules = (import ./modules { inherit lib; }); + # Export modules under ./modules as NixOS modules + nixosModules = (import ./modules { inherit lib; }); - # Export system cfgs - nixosConfigurations.x1c7 = mkSystem { - name = "x1c7"; - # extraSubstituters = [ "https://nixbld.m-labs.hk" ]; - # extraPublicKeys = [ "nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc=" ]; - extraMods = [ - nixosModules.clash - nixosModules.base - nixosModules.disko - nixosModules.lanzaboote - nixosModules.uxplay - nixosModules.home - nixosModules.gnome-desktop - nixosModules.dcompass - nixosModules.sing-box - nixosModules.timezone - impermanence.nixosModules.impermanence - disko.nixosModules.disko - home-manager.nixosModules.home-manager - lanzaboote.nixosModules.lanzaboote - agenix.nixosModules.age - ]; - extraOverlays = [ - dcompass.overlays.default - ash-emacs.overlays.emacs-overlay - ash-emacs.overlays.default - vimrc.overlays.default - ]; - system = system.x86_64-linux; - }; + # Export system cfgs + nixosConfigurations.x1c7 = mkSystem { + name = "x1c7"; + # extraSubstituters = [ "https://nixbld.m-labs.hk" ]; + # extraPublicKeys = [ "nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc=" ]; + extraMods = [ + nixosModules.clash + nixosModules.base + nixosModules.disko + nixosModules.lanzaboote + nixosModules.uxplay + nixosModules.home + nixosModules.gnome-desktop + nixosModules.dcompass + nixosModules.sing-box + nixosModules.timezone + impermanence.nixosModules.impermanence + disko.nixosModules.disko + home-manager.nixosModules.home-manager + lanzaboote.nixosModules.lanzaboote + agenix.nixosModules.age + ]; + extraOverlays = [ + dcompass.overlays.default + ash-emacs.overlays.emacs-overlay + ash-emacs.overlays.default + vimrc.overlays.default + ]; + system = system.x86_64-linux; + }; - diskoConfigurations = { - deck = (import ./modules/disko/disk.nix { }); - x1c7 = (import ./modules/disko/disk.nix { }); - shards = (import ./cfgs/shards/disk-config.nix { }); - }; + diskoConfigurations = { + deck = (import ./modules/disko/disk.nix { }); + x1c7 = (import ./modules/disko/disk.nix { }); + shards = (import ./cfgs/shards/disk-config.nix { }); + }; - # Deploy using nixos-rebuild directly - # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild - nixosConfigurations.shards = mkSystem { - name = "shards"; - extraMods = [ - disko.nixosModules.disko - impermanence.nixosModules.impermanence - agenix.nixosModules.age - ]; - system = system.x86_64-linux; - }; + # Deploy using nixos-rebuild directly + # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild + nixosConfigurations.shards = mkSystem { + name = "shards"; + extraMods = [ + disko.nixosModules.disko + impermanence.nixosModules.impermanence + agenix.nixosModules.age + ]; + system = system.x86_64-linux; + }; - # Deploy using nixos-rebuild directly - # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild - nixosConfigurations.deck = mkSystem { - name = "deck"; - extraMods = [ - nixosModules.clash - nixosModules.base - nixosModules.disko - nixosModules.lanzaboote - nixosModules.home - nixosModules.gnome-desktop - nixosModules.dcompass - nixosModules.sing-box - nixosModules.timezone - disko.nixosModules.disko - nixosModules.steamdeck - impermanence.nixosModules.impermanence - home-manager.nixosModules.home-manager - agenix.nixosModules.age - lanzaboote.nixosModules.lanzaboote - jovian.nixosModules.default - ]; - extraOverlays = [ - dcompass.overlays.default - ash-emacs.overlays.emacs-overlay - ash-emacs.overlays.default - vimrc.overlays.default - ]; - system = system.x86_64-linux; - }; + # Deploy using nixos-rebuild directly + # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild + nixosConfigurations.deck = mkSystem { + name = "deck"; + extraMods = [ + nixosModules.clash + nixosModules.base + nixosModules.disko + nixosModules.lanzaboote + nixosModules.home + nixosModules.gnome-desktop + nixosModules.dcompass + nixosModules.sing-box + nixosModules.timezone + disko.nixosModules.disko + nixosModules.steamdeck + impermanence.nixosModules.impermanence + home-manager.nixosModules.home-manager + agenix.nixosModules.age + lanzaboote.nixosModules.lanzaboote + jovian.nixosModules.default + ]; + extraOverlays = [ + dcompass.overlays.default + ash-emacs.overlays.emacs-overlay + ash-emacs.overlays.default + vimrc.overlays.default + ]; + system = system.x86_64-linux; + }; - nixosConfigurations.img-x1c7 = mkSystem { - name = "img-x1c7"; - extraMods = [ - nixosModules.clash - nixosModules.home - nixosModules.base - nixosModules.gnome-desktop - nixosModules.dcompass - disko.nixosModules.disko - home-manager.nixosModules.home-manager - agenix.nixosModules.age - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" - ]; - extraOverlays = [ - dcompass.overlays.default - ash-emacs.overlays.emacs-overlay - ash-emacs.overlays.default - vimrc.overlays.default - ]; - system = system.x86_64-linux; - }; + nixosConfigurations.img-x1c7 = mkSystem { + name = "img-x1c7"; + extraMods = [ + nixosModules.clash + nixosModules.home + nixosModules.base + nixosModules.gnome-desktop + nixosModules.dcompass + disko.nixosModules.disko + home-manager.nixosModules.home-manager + agenix.nixosModules.age + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" + ]; + extraOverlays = [ + dcompass.overlays.default + ash-emacs.overlays.emacs-overlay + ash-emacs.overlays.default + vimrc.overlays.default + ]; + system = system.x86_64-linux; + }; - nixosConfigurations.img-deck = mkSystem { - name = "img-deck"; - extraMods = [ - nixosModules.clash - nixosModules.home - nixosModules.base - nixosModules.gnome-desktop - nixosModules.dcompass - nixosModules.steamdeck - disko.nixosModules.disko - home-manager.nixosModules.home-manager - agenix.nixosModules.age - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" - jovian.nixosModules.default - ]; - extraOverlays = [ - dcompass.overlays.default - ash-emacs.overlays.emacs-overlay - ash-emacs.overlays.default - vimrc.overlays.default - ]; - system = system.x86_64-linux; - }; + nixosConfigurations.img-deck = mkSystem { + name = "img-deck"; + extraMods = [ + nixosModules.clash + nixosModules.home + nixosModules.base + nixosModules.gnome-desktop + nixosModules.dcompass + nixosModules.steamdeck + disko.nixosModules.disko + home-manager.nixosModules.home-manager + agenix.nixosModules.age + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" + jovian.nixosModules.default + ]; + extraOverlays = [ + dcompass.overlays.default + ash-emacs.overlays.emacs-overlay + ash-emacs.overlays.default + vimrc.overlays.default + ]; + system = system.x86_64-linux; + }; - # ISO image entry point - imgs.x1c7 = nixosConfigurations.img-x1c7.config.system.build.isoImage; - imgs.deck = nixosConfigurations.img-deck.config.system.build.isoImage; + # ISO image entry point + imgs.x1c7 = nixosConfigurations.img-x1c7.config.system.build.isoImage; + imgs.deck = nixosConfigurations.img-deck.config.system.build.isoImage; - publicKey = "lexuge.cachix.org-1:RRFg8AxcexeBd33smnmcayMLU6r2wbVKbZHWtg2dKnY="; - } - (eachSystem [ system.x86_64-linux ] (system: - let pkgs = nixpkgs.legacyPackages.${system}; in - { - # Other than overlay, we have packages independently declared in flake. - packages = (import ./pkgs { - inherit lib; - pkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.default ]; - }; - }); + publicKey = "lexuge.cachix.org-1:RRFg8AxcexeBd33smnmcayMLU6r2wbVKbZHWtg2dKnY="; + } + ( + eachSystem [ system.x86_64-linux ] ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + # Other than overlay, we have packages independently declared in flake. + packages = ( + import ./pkgs { + inherit lib; + pkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + }; + } + ); - # devShell used to launch agenix env. - devShells.default = with import nixpkgs { inherit system; }; - mkShell { - inherit (self.checks.${system}.pre-commit-check) shellHook; - nativeBuildInputs = [ openssl agenix.packages.${system}.default nvfetcher.packages.${system}.default ]; - }; + # devShell used to launch agenix env. + devShells.default = + with import nixpkgs { inherit system; }; + mkShell { + inherit (self.checks.${system}.pre-commit-check) shellHook; + nativeBuildInputs = [ + openssl + agenix.packages.${system}.default + nvfetcher.packages.${system}.default + ]; + }; - checks = { - pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixpkgs-fmt.enable = true; + checks = { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixfmt-rfc-style.enable = true; - shellcheck.enable = true; - shfmt.enable = true; + shellcheck.enable = true; + shfmt.enable = true; + }; + }; }; - }; - }; - apps = rec { - update = utils.lib.mkApp { - drv = - pkgs.writeShellScriptBin "flake-update-nv" '' - ${nvfetcher.packages.${system}.default}/bin/nvfetcher -c ./pkgs/nvfetcher.toml -o ./pkgs/_sources - ''; - }; - default = update; - }; - })); + apps = rec { + update = utils.lib.mkApp { + drv = pkgs.writeShellScriptBin "flake-update-nv" '' + ${nvfetcher.packages.${system}.default}/bin/nvfetcher -c ./pkgs/nvfetcher.toml -o ./pkgs/_sources + ''; + }; + default = update; + }; + } + ) + ); } diff --git a/misc/dcompass_settings.nix b/misc/dcompass_settings.nix index 660283e..8cb2215 100644 --- a/misc/dcompass_settings.nix +++ b/misc/dcompass_settings.nix @@ -1,15 +1,44 @@ -{ pkgs }: { +{ pkgs }: +{ cache_size = 1024; upstreams = { - domestic = { hybrid = [ "feic" "ali" "aliudp" ]; }; + domestic = { + hybrid = [ + "feic" + "ali" + "aliudp" + ]; + }; - secure = { hybrid = [ "cloudflare" "google" "switch" "a-and-a" ]; }; + secure = { + hybrid = [ + "cloudflare" + "google" + "switch" + "a-and-a" + ]; + }; - feic = { udp = { addr = "[240C::6666]:53"; }; }; + feic = { + udp = { + addr = "[240C::6666]:53"; + }; + }; - aliudp = { udp = { addr = "223.5.5.6:53"; }; }; + aliudp = { + udp = { + addr = "223.5.5.6:53"; + }; + }; - ali = { tls = { domain = "dns.alidns.com"; max_reuse = 100; reuse_timeout = 5000; addr = "223.6.6.6:853"; }; }; + ali = { + tls = { + domain = "dns.alidns.com"; + max_reuse = 100; + reuse_timeout = 5000; + addr = "223.6.6.6:853"; + }; + }; cloudflare = { https = { @@ -44,28 +73,29 @@ }; }; }; - script = ''pub async fn init() { - let domain = Domain::new() - // .add_file("${pkgs.chinalist}/google.china.raw.txt")? - // .add_file("${pkgs.chinalist}/apple.china.raw.txt")? - .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")? - .add_qname("flibrary.info")? - .seal(); + script = '' + pub async fn init() { + let domain = Domain::new() + // .add_file("${pkgs.chinalist}/google.china.raw.txt")? + // .add_file("${pkgs.chinalist}/apple.china.raw.txt")? + .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")? + .add_qname("flibrary.info")? + .seal(); - Ok(#{"domain": Utils::Domain(domain)}) - } + Ok(#{"domain": Utils::Domain(domain)}) + } - pub async fn route(upstreams, inited, ctx, query) { - if query.first_question?.qtype == "AAAA" { return blackhole(query); } + pub async fn route(upstreams, inited, ctx, query) { + if query.first_question?.qtype == "AAAA" { return blackhole(query); } - if inited.domain.0.contains(query.first_question?.qname) { - // query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?; - upstreams.send_default("domestic", query).await - } else { - upstreams.send("secure", CacheMode::Standard, query).await - } - } - ''; + if inited.domain.0.contains(query.first_question?.qname) { + // query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?; + upstreams.send_default("domestic", query).await + } else { + upstreams.send("secure", CacheMode::Disabled, query).await + } + } + ''; address = "127.0.0.1:53"; verbosity = "warn"; } diff --git a/modules/base/default.nix b/modules/base/default.nix index d6504e9..1858a6a 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.my.base; @@ -16,34 +21,35 @@ in }; }; - config = mkIf cfg.enable - ( - { - networking.hostName = cfg.hostname; + config = mkIf cfg.enable ({ + networking.hostName = cfg.hostname; - # Support NTFS - boot.supportedFilesystems = [ "ntfs" ]; + # Support NTFS + boot.supportedFilesystems = [ "ntfs" ]; - # Auto upgrade - # system.autoUpgrade.enable = true; + # Auto upgrade + # system.autoUpgrade.enable = true; - # deploy-rs doesn't play well with wheel passwords when deploying, better to disable it. - security.sudo.wheelNeedsPassword = false; + # deploy-rs doesn't play well with wheel passwords when deploying, better to disable it. + security.sudo.wheelNeedsPassword = false; - # Enable flake - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; + # Enable flake + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; - # Auto gc and optimise - nix.optimise.automatic = true; - nix.gc.automatic = false; - nix.gc.options = "--delete-older-than 7d"; + # Auto gc and optimise + nix.optimise.automatic = true; + nix.gc.automatic = false; + nix.gc.options = "--delete-older-than 7d"; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; + # Allow unfree packages + nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ wget coreutils-full git ]; - } - ); + environment.systemPackages = with pkgs; [ + wget + coreutils-full + git + ]; + }); } diff --git a/modules/clash/default.nix b/modules/clash/default.nix index 6fbab73..168ea62 100644 --- a/modules/clash/default.nix +++ b/modules/clash/default.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; @@ -13,11 +18,9 @@ let helper = '' ip46tables() { iptables -w "$@" - ${ - optionalString config.networking.enableIPv6 '' - ip6tables -w "$@" - '' - } + ${optionalString config.networking.enableIPv6 '' + ip6tables -w "$@" + ''} } ''; @@ -85,36 +88,31 @@ let clashUserName = mkOption { type = types.str; default = "clash"; - description = - "The user who would run the clash proxy systemd service. User would be created automatically."; + description = "The user who would run the clash proxy systemd service. User would be created automatically."; }; tproxyPort = mkOption { type = types.port; default = 7893; - description = - "Clash tproxy-port"; + description = "Clash tproxy-port"; }; afterUnits = mkOption { type = with types; listOf str; default = [ ]; - description = - "List of systemd units that need to be started after clash. Note this is placed in `before` parameter of clash's systemd config."; + description = "List of systemd units that need to be started after clash. Note this is placed in `before` parameter of clash's systemd config."; }; requireUnits = mkOption { type = with types; listOf str; default = [ ]; - description = - "List of systemd units that need to be required by clash."; + description = "List of systemd units that need to be required by clash."; }; beforeUnits = mkOption { type = with types; listOf str; default = [ ]; - description = - "List of systemd units that need to be started before clash. Note this is placed in `after` parameter of clash's systemd config."; + description = "List of systemd units that need to be started before clash. Note this is placed in `after` parameter of clash's systemd config."; }; }; }; @@ -127,8 +125,7 @@ in }; config = mkIf (cfg.enable) { - environment.etc."clash/Country.mmdb".source = - "${pkgs.maxmind-geoip}/Country.mmdb"; # Bring pre-installed geoip data into directory. + environment.etc."clash/Country.mmdb".source = "${pkgs.maxmind-geoip}/Country.mmdb"; # Bring pre-installed geoip data into directory. environment.etc."clash/config.yaml".source = cfg.configPath; # Yacd @@ -168,15 +165,40 @@ in networks.lo = { # equivalent to matchConfig.Name = "lo"; name = "lo"; - routingPolicyRules = [{ - # Route all packets with firewallmark 1 (set by iptables in output chain) using table "100" which says go to loopback - routingPolicyRuleConfig = { FirewallMark = 1; Table = 100; Priority = 100; }; - } - { routingPolicyRuleConfig = { From = "::/0"; FirewallMark = 1; Table = 100; Priority = 100; }; }]; + routingPolicyRules = [ + { + # Route all packets with firewallmark 1 (set by iptables in output chain) using table "100" which says go to loopback + routingPolicyRuleConfig = { + FirewallMark = 1; + Table = 100; + Priority = 100; + }; + } + { + routingPolicyRuleConfig = { + From = "::/0"; + FirewallMark = 1; + Table = 100; + Priority = 100; + }; + } + ]; routes = [ # Create a table that routes to loopback - { routeConfig = { Table = 100; Destination = "0.0.0.0/0"; Type = "local"; }; } - { routeConfig = { Table = 100; Destination = "::/0"; Type = "local"; }; } + { + routeConfig = { + Table = 100; + Destination = "0.0.0.0/0"; + Type = "local"; + }; + } + { + routeConfig = { + Table = 100; + Destination = "::/0"; + Type = "local"; + }; + } ]; }; }; @@ -200,8 +222,12 @@ in # Don't intercept packets sent to any of the reserved IP addresses # Otherwise all responses from clash to "local" application will be routed back to clash again - ${concatStringsSep "\n" (map (addr: "iptables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv4Addrs)} - ${concatStringsSep "\n" (map (addr: "ip6tables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv6Addrs)} + ${concatStringsSep "\n" ( + map (addr: "iptables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv4Addrs + )} + ${concatStringsSep "\n" ( + map (addr: "ip6tables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv6Addrs + )} # Intercept all traffic to clash otherwise. Note by default TPROXY implies local IP which is desired. ip46tables -t mangle -A ${tag} -p tcp -j TPROXY --on-port ${tproxyPortStr} @@ -214,8 +240,12 @@ in # Don't intercept local packets sent to any of the reserved IP addresses. # Even this is not necessary, it eliminates the need to exempt these traffics in clash config and expedite the routing as otherwise these packets will be routed again. - ${concatStringsSep "\n" (map (addr: "iptables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv4Addrs)} - ${concatStringsSep "\n" (map (addr: "ip6tables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv6Addrs)} + ${concatStringsSep "\n" ( + map (addr: "iptables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv4Addrs + )} + ${concatStringsSep "\n" ( + map (addr: "ip6tables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv6Addrs + )} # Don't forward package created by ${clashUserName}. Since after forwarding by clash the packets' owner would be changed to ${clashUserName}, this helps us to avoid dead loop in packet forwarding. ip46tables -t mangle -A ${tag_local} -m owner --uid-owner ${clashUserName} -j RETURN @@ -234,14 +264,17 @@ in ''; in { - path = with pkgs; [ gnugrep iptables clash ]; + path = with pkgs; [ + gnugrep + iptables + clash + ]; description = "Clash networking service"; after = [ "network.target" ] ++ cfg.beforeUnits; before = cfg.afterUnits; requires = cfg.requireUnits; wantedBy = [ "multi-user.target" ]; - script = - "exec clash -d /etc/clash"; # We don't need to worry about whether /etc/clash is reachable in Live CD or not. Since it would never be execuated inside LiveCD. + script = "exec clash -d /etc/clash"; # We don't need to worry about whether /etc/clash is reachable in Live CD or not. Since it would never be execuated inside LiveCD. # Don't start if the config file doesn't exist. unitConfig = { @@ -254,8 +287,7 @@ in ExecStopPost = "+${postStopScript}"; # CAP_NET_BIND_SERVICE: Bind arbitary ports by unprivileged user. # CAP_NET_ADMIN: Listen on UDP. - AmbientCapabilities = - "CAP_NET_BIND_SERVICE CAP_NET_ADMIN"; # We want additional capabilities upon a unprivileged user. + AmbientCapabilities = "CAP_NET_BIND_SERVICE CAP_NET_ADMIN"; # We want additional capabilities upon a unprivileged user. User = clashUserName; Restart = "on-failure"; }; diff --git a/modules/dcompass/default.nix b/modules/dcompass/default.nix index f1f4e03..273d8c6 100644 --- a/modules/dcompass/default.nix +++ b/modules/dcompass/default.nix @@ -1,11 +1,15 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; let cfg = config.my.dcompass; - confFile = - pkgs.writeText "dcompass-config.json" (generators.toJSON { } cfg.settings); + confFile = pkgs.writeText "dcompass-config.json" (generators.toJSON { } cfg.settings); in { options.my.dcompass = { diff --git a/modules/default.nix b/modules/default.nix index f3890ca..60e16f7 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,17 +1,22 @@ { lib }: let - listModulesRecursive = with builtins; + listModulesRecursive = + with builtins; dir: - (lib.lists.foldr (n: col: col // n) { } (lib.attrsets.mapAttrsToList - (name: type: - let path = dir + "/${name}"; - in if type == "directory" then + (lib.lists.foldr (n: col: col // n) { } ( + lib.attrsets.mapAttrsToList ( + name: type: + let + path = dir + "/${name}"; + in + if type == "directory" then if builtins.pathExists (path + "/default.nix") then { "${name}" = (import path); } else listModulesRecursive path else - { }) - (builtins.readDir dir))); + { } + ) (builtins.readDir dir) + )); in listModulesRecursive ./. diff --git a/modules/disko/default.nix b/modules/disko/default.nix index 0222b9b..c624ae4 100644 --- a/modules/disko/default.nix +++ b/modules/disko/default.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; diff --git a/modules/disko/disk.nix b/modules/disko/disk.nix index 9adc457..f2562e1 100644 --- a/modules/disko/disk.nix +++ b/modules/disko/disk.nix @@ -1,4 +1,8 @@ -{ device ? "/dev/nvme0n1", ... }: { +{ + device ? "/dev/nvme0n1", + ... +}: +{ disk = { nvme = { type = "disk"; @@ -46,23 +50,38 @@ # Mountpoints now must be explicitly stated "/persist" = { mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/persist/home" = { mountpoint = "/persist/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/tmp" = { mountpoint = "/tmp"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; "/.snapshots" = { mountpoint = "/.snapshots"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; }; }; }; diff --git a/modules/gnome-desktop/default.nix b/modules/gnome-desktop/default.nix index 40e0a74..fdae5c5 100644 --- a/modules/gnome-desktop/default.nix +++ b/modules/gnome-desktop/default.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; -let cfg = config.my.gnome-desktop; -in { +let + cfg = config.my.gnome-desktop; +in +{ options.my.gnome-desktop = { enable = mkOption { type = types.bool; @@ -41,11 +48,14 @@ in { # Some of the GNOME Packages are unwanted programs.geary.enable = false; - environment.gnome.excludePackages = [ - pkgs.epiphany # GNOME Web - ] ++ (with pkgs; [ - gnome-software - gnome-characters - ]) ++ cfg.extraExcludePackages; + environment.gnome.excludePackages = + [ + pkgs.epiphany # GNOME Web + ] + ++ (with pkgs; [ + gnome-software + gnome-characters + ]) + ++ cfg.extraExcludePackages; }; } diff --git a/modules/home/default.nix b/modules/home/default.nix index 561c939..f601535 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; @@ -14,14 +19,14 @@ let in { options.my.home = mkOption { - type = with types; + type = + with types; attrsOf (submodule { options = { extraPackages = mkOption { type = with types; nullOr (listOf package); default = null; - description = - "Extra packages to install for user ash."; + description = "Extra packages to install for user ash."; }; extraDconf = mkOption { @@ -37,7 +42,10 @@ in emacsPackages = mkOption { type = with types; listOf package; default = with pkgs; [ - (hunspellWithDicts [ hunspellDicts.en-us hunspellDicts.en-us-large ]) + (hunspellWithDicts [ + hunspellDicts.en-us + hunspellDicts.en-us-large + ]) emacs-all-the-icons-fonts ash-emacs ]; @@ -50,16 +58,20 @@ in config.home-manager = { users = mkMerge [ - (mkUserConfigs (n: c: + (mkUserConfigs ( + n: c: { lib, ... }: - let inherit (lib.hm.gvariant) mkTuple; - in rec { + let + inherit (lib.hm.gvariant) mkTuple; + in + rec { # Use system stateVersion; home.stateVersion = config.system.stateVersion; # Home-manager settings. # User-layer packages - home.packages = with pkgs; + home.packages = + with pkgs; # c.emacsPackages ++ optionals (c.extraPackages != null) c.extraPackages ++ [ pkgs.nvim ]; optionals (c.extraPackages != null) c.extraPackages ++ [ pkgs.nvim ]; @@ -84,7 +96,9 @@ in # GnuPG gpg = { enable = true; - settings = { throw-keyids = false; }; + settings = { + throw-keyids = false; + }; }; # Git @@ -98,7 +112,9 @@ in }; extraConfig = { # To make sure Git don't complain about impermanence's bind mount. - credential = { helper = "store --file=\"$HOME/.git_creds_dir/.git-credentials\""; }; + credential = { + helper = "store --file=\"$HOME/.git_creds_dir/.git-credentials\""; + }; pull.ff = "only"; # Use fast-forward only for git pull. }; }; @@ -127,70 +143,76 @@ in }; # Setting GNOME Dconf settings - dconf.settings = mkIf (gnomeEnable) - (recursiveUpdate - { - # Input sources - "org/gnome/desktop/input-sources".sources = map mkTuple [ - [ "xkb" "us" ] - [ "ibus" "libpinyin" ] - [ "ibus" "typing-booster" ] - ]; - "com/github/libpinyin/ibus-libpinyin/libpinyin" = { - # Don't suggest English words - english-candidate = false; - # Use comma and period to flip pages - comma-period-page = true; - # Don't use minus or equal to flip pages - minus-equal-page = true; - }; - # Touchpad settings - "org/gnome/desktop/peripherals/touchpad" = { - disable-while-typing = false; - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - # Enable dynamic workspacing - "org/gnome/mutter".dynamic-workspaces = true; - # Don't show welcome-dialog - "org/gnome/shell".welcome-dialog-last-shown-version = "9999999999"; - # Prefer dark mode - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - # Don't suspend on power - "org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type = - "nothing"; - # Always show logout - "org/gnome/shell".always-show-log-out = true; - # Keybindings - "org/gnome/settings-daemon/plugins/media-keys".custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + dconf.settings = mkIf (gnomeEnable) ( + recursiveUpdate { + # Input sources + "org/gnome/desktop/input-sources".sources = map mkTuple [ + [ + "xkb" + "us" + ] + [ + "ibus" + "libpinyin" + ] + [ + "ibus" + "typing-booster" + ] + ]; + "com/github/libpinyin/ibus-libpinyin/libpinyin" = { + # Don't suggest English words + english-candidate = false; + # Use comma and period to flip pages + comma-period-page = true; + # Don't use minus or equal to flip pages + minus-equal-page = true; + }; + # Touchpad settings + "org/gnome/desktop/peripherals/touchpad" = { + disable-while-typing = false; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + # Enable dynamic workspacing + "org/gnome/mutter".dynamic-workspaces = true; + # Don't show welcome-dialog + "org/gnome/shell".welcome-dialog-last-shown-version = "9999999999"; + # Prefer dark mode + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + # Don't suspend on power + "org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type = "nothing"; + # Always show logout + "org/gnome/shell".always-show-log-out = true; + # Keybindings + "org/gnome/settings-daemon/plugins/media-keys".custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "Return"; + command = "kgx"; + name = "Open Terminal"; + }; + "org/gnome/desktop/wm/keybindings" = { + close = [ "q" ]; + show-desktop = [ "d" ]; + toggle-fullscreen = [ "f" ]; + }; + # Favorite apps + "org/gnome/shell" = { + favorite-apps = lists.flatten [ + (if (builtins.elem pkgs.firefox-wayland home.packages) then [ "firefox.desktop" ] else [ ]) + (if (builtins.elem pkgs.tdesktop home.packages) then [ "org.telegram.desktop.desktop" ] else [ ]) + "org.gnome.Nautilus.desktop" + "org.gnome.Terminal.desktop" + # "emacs.desktop" ]; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = - { - binding = "Return"; - command = "kgx"; - name = "Open Terminal"; - }; - "org/gnome/desktop/wm/keybindings" = { - close = [ "q" ]; - show-desktop = [ "d" ]; - toggle-fullscreen = [ "f" ]; - }; - # Favorite apps - "org/gnome/shell" = { - favorite-apps = lists.flatten [ - (if (builtins.elem pkgs.firefox-wayland home.packages) then [ "firefox.desktop" ] else [ ]) - (if (builtins.elem pkgs.tdesktop home.packages) then [ "org.telegram.desktop.desktop" ] else [ ]) - "org.gnome.Nautilus.desktop" - "org.gnome.Terminal.desktop" - # "emacs.desktop" - ]; - }; - # Timezone and location - # "org/gnome/desktop/datetime".automatic-timezone = true; - "org/gnome/system/location".enabled = true; - } - c.extraDconf); + }; + # Timezone and location + # "org/gnome/desktop/datetime".automatic-timezone = true; + "org/gnome/system/location".enabled = true; + } c.extraDconf + ); # Configure uniform UI for QT apps. qt = { @@ -203,17 +225,23 @@ in }; # Handwritten configs - home.file = ({ - ".config/gtk-3.0/settings.ini".source = gtkSettings; - # ".emacs.d/init.el".source = "${pkgs.ash-emacs-source}/init.el"; - # ".emacs.d/elisp/".source = "${pkgs.ash-emacs-source}/elisp"; - } // c.extraFiles); - })) - - (mkUserConfigs (n: c: { - # GNOME and other wayland DEs use systemd sessionvariables to launch GUI apps. Therefore, it's necessary to set it. - systemd.user.sessionVariables = config.home-manager.users.${n}.home.sessionVariables; - })) + home.file = ( + { + ".config/gtk-3.0/settings.ini".source = gtkSettings; + # ".emacs.d/init.el".source = "${pkgs.ash-emacs-source}/init.el"; + # ".emacs.d/elisp/".source = "${pkgs.ash-emacs-source}/elisp"; + } + // c.extraFiles + ); + } + )) + + (mkUserConfigs ( + n: c: { + # GNOME and other wayland DEs use systemd sessionvariables to launch GUI apps. Therefore, it's necessary to set it. + systemd.user.sessionVariables = config.home-manager.users.${n}.home.sessionVariables; + } + )) ]; useGlobalPkgs = true; }; diff --git a/modules/lanzaboote/default.nix b/modules/lanzaboote/default.nix index 113136f..1b617c3 100644 --- a/modules/lanzaboote/default.nix +++ b/modules/lanzaboote/default.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; diff --git a/modules/sing-box/default.nix b/modules/sing-box/default.nix index bad86d5..67b9abf 100644 --- a/modules/sing-box/default.nix +++ b/modules/sing-box/default.nix @@ -1,6 +1,9 @@ { config, lib, ... }: with lib; -let cfg = config.my.sing-box; in { +let + cfg = config.my.sing-box; +in +{ options.my.sing-box = { enable = mkEnableOption "sing-box module including related systemd and networking setups"; settings = mkOption { diff --git a/modules/steamdeck/default.nix b/modules/steamdeck/default.nix index 5080384..4fd291d 100644 --- a/modules/steamdeck/default.nix +++ b/modules/steamdeck/default.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; -let cfg = config.my.steamdeck; -in { +let + cfg = config.my.steamdeck; +in +{ options.my.steamdeck = { enable = mkOption { type = types.bool; @@ -24,9 +31,9 @@ in { jovian.devices.steamdeck.enable = true; # Sounds are set up by Jovian NixOS - hardware.pulseaudio.enable = lib.mkIf - (config.jovian.devices.steamdeck.enableSoundSupport && config.services.pipewire.enable) - (lib.mkForce false); + hardware.pulseaudio.enable = lib.mkIf ( + config.jovian.devices.steamdeck.enableSoundSupport && config.services.pipewire.enable + ) (lib.mkForce false); }) (mkIf (cfg.enable && cfg.steam.enable) { jovian.steam = { diff --git a/modules/timezone/default.nix b/modules/timezone/default.nix index 3970d16..e9c1791 100644 --- a/modules/timezone/default.nix +++ b/modules/timezone/default.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; @@ -21,7 +26,10 @@ in description = "activate persisted timezone"; # From `man systemd.special`: # netowrk-pre.target: This passive target unit may be pulled in by services that want to run before any network is set up - wantedBy = [ "multi-user.target" "network-pre.target" ]; + wantedBy = [ + "multi-user.target" + "network-pre.target" + ]; serviceConfig = { Type = "oneshot"; diff --git a/modules/uxplay/default.nix b/modules/uxplay/default.nix index b176267..266fda7 100644 --- a/modules/uxplay/default.nix +++ b/modules/uxplay/default.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: with lib; @@ -20,7 +25,15 @@ in # If the -p option is not used, the ports are chosen dynamically (randomly), which will not work if a firewall is running. # These are the default ports for "-p" - networking.firewall.allowedUDPPorts = [ 7011 6001 6000 ]; - networking.firewall.allowedTCPPorts = [ 7100 7000 7001 ]; + networking.firewall.allowedUDPPorts = [ + 7011 + 6001 + 6000 + ]; + networking.firewall.allowedTCPPorts = [ + 7100 + 7000 + 7001 + ]; }; } diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json index 550da74..dd9982b 100644 --- a/pkgs/_sources/generated.json +++ b/pkgs/_sources/generated.json @@ -1,7 +1,7 @@ { "chinalist": { "cargoLocks": null, - "date": "2024-06-13", + "date": "2024-12-16", "extract": null, "name": "chinalist", "passthru": null, @@ -13,12 +13,12 @@ "name": null, "owner": "felixonmars", "repo": "dnsmasq-china-list", - "rev": "9988820dcbb7d7911bb6449ffe119859e91cb2c7", - "sha256": "sha256-Ym0Z1I6beSBW+G55NARCGzUOSEH0rApZVVR6fb6Cxk4=", + "rev": "c2b64540aef8260d53e15b42f16961a57486ba85", + "sha256": "sha256-QYPvVynRkphrI7QjzSnqAnZ+T6X2CyukQXStiBKV2CA=", "sparseCheckout": [], "type": "github" }, - "version": "9988820dcbb7d7911bb6449ffe119859e91cb2c7" + "version": "c2b64540aef8260d53e15b42f16961a57486ba85" }, "maxmind-geoip": { "cargoLocks": null, @@ -29,11 +29,11 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-uLXdQUrhBZC7av5MWvlVC0W8UQBWDsYhdmKwKEfOQfk=", + "sha256": "sha256-SOHiaTiyJTUuya+NCOxnLXdGBuABtIy6c7hRYalmEPw=", "type": "url", - "url": "https://github.com/Dreamacro/maxmind-geoip/releases/download/20240612/Country.mmdb" + "url": "https://github.com/Dreamacro/maxmind-geoip/releases/download/20241212/Country.mmdb" }, - "version": "20240612" + "version": "20241212" }, "proton-ge": { "cargoLocks": null, @@ -43,11 +43,11 @@ "passthru": null, "pinned": false, "src": { - "sha256": "sha256-/FXdyPuCe6rD5HoMOHPVlwRXu3DMJ3lEOnRloYZMA8s=", + "sha256": "sha256-WNOl0pu3xcEObxSK054u4e3hTWtA/51mH25uQih0+a0=", "type": "tarball", - "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-7/GE-Proton9-7.tar.gz" + "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-21/GE-Proton9-21.tar.gz" }, - "version": "GE-Proton9-7" + "version": "GE-Proton9-21" }, "upnote": { "cargoLocks": null, @@ -62,7 +62,7 @@ "type": "url", "url": "https://upnote.sfo3.cdn.digitaloceanspaces.com/UpNote.AppImage" }, - "version": "9.4.4" + "version": "9.7.2" }, "yacd": { "cargoLocks": null, diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index cd02d67..abae517 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -1,37 +1,42 @@ # This file was generated by nvfetcher, please do not modify it manually. -{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }: +{ + fetchgit, + fetchurl, + fetchFromGitHub, + dockerTools, +}: { chinalist = { pname = "chinalist"; - version = "9988820dcbb7d7911bb6449ffe119859e91cb2c7"; + version = "c2b64540aef8260d53e15b42f16961a57486ba85"; src = fetchFromGitHub { owner = "felixonmars"; repo = "dnsmasq-china-list"; - rev = "9988820dcbb7d7911bb6449ffe119859e91cb2c7"; + rev = "c2b64540aef8260d53e15b42f16961a57486ba85"; fetchSubmodules = false; - sha256 = "sha256-Ym0Z1I6beSBW+G55NARCGzUOSEH0rApZVVR6fb6Cxk4="; + sha256 = "sha256-QYPvVynRkphrI7QjzSnqAnZ+T6X2CyukQXStiBKV2CA="; }; - date = "2024-06-13"; + date = "2024-12-16"; }; maxmind-geoip = { pname = "maxmind-geoip"; - version = "20240612"; + version = "20241212"; src = fetchurl { - url = "https://github.com/Dreamacro/maxmind-geoip/releases/download/20240612/Country.mmdb"; - sha256 = "sha256-uLXdQUrhBZC7av5MWvlVC0W8UQBWDsYhdmKwKEfOQfk="; + url = "https://github.com/Dreamacro/maxmind-geoip/releases/download/20241212/Country.mmdb"; + sha256 = "sha256-SOHiaTiyJTUuya+NCOxnLXdGBuABtIy6c7hRYalmEPw="; }; }; proton-ge = { pname = "proton-ge"; - version = "GE-Proton9-7"; + version = "GE-Proton9-21"; src = fetchTarball { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-7/GE-Proton9-7.tar.gz"; - sha256 = "sha256-/FXdyPuCe6rD5HoMOHPVlwRXu3DMJ3lEOnRloYZMA8s="; + url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-21/GE-Proton9-21.tar.gz"; + sha256 = "sha256-WNOl0pu3xcEObxSK054u4e3hTWtA/51mH25uQih0+a0="; }; }; upnote = { pname = "upnote"; - version = "9.4.4"; + version = "9.7.2"; src = fetchurl { url = "https://upnote.sfo3.cdn.digitaloceanspaces.com/UpNote.AppImage"; sha256 = "sha256-r0BAoJy+UHVE0kHsY0WJYAOwNoFTza0pVkEKpvkZbCI="; diff --git a/pkgs/apps/upnote/default.nix b/pkgs/apps/upnote/default.nix index 3c344ce..f248432 100644 --- a/pkgs/apps/upnote/default.nix +++ b/pkgs/apps/upnote/default.nix @@ -1,4 +1,8 @@ -{ source, lib, appimageTools }: +{ + source, + lib, + appimageTools, +}: let appimageContents = appimageTools.extractType2 { diff --git a/pkgs/data/chinalist/default.nix b/pkgs/data/chinalist/default.nix index 3efe2dd..bc41b99 100644 --- a/pkgs/data/chinalist/default.nix +++ b/pkgs/data/chinalist/default.nix @@ -1,9 +1,19 @@ -{ source, lib, stdenv, fetchFromGitHub, format ? "raw", server ? "china" }: +{ + source, + lib, + stdenv, + fetchFromGitHub, + format ? "raw", + server ? "china", +}: stdenv.mkDerivation rec { inherit (source) pname version src; - makeFlags = [ format "SERVER=${server}" ]; + makeFlags = [ + format + "SERVER=${server}" + ]; installPhase = '' mkdir $out @@ -11,8 +21,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = - "Chinese-specific configuration to improve your favorite DNS server."; + description = "Chinese-specific configuration to improve your favorite DNS server."; longDescription = '' Chinese-specific configuration to improve your favorite DNS server. Best partner for chnroutes. ''; diff --git a/pkgs/data/maxmind-geoip/default.nix b/pkgs/data/maxmind-geoip/default.nix index b1656e1..c431cf2 100644 --- a/pkgs/data/maxmind-geoip/default.nix +++ b/pkgs/data/maxmind-geoip/default.nix @@ -1,4 +1,9 @@ -{ source, lib, stdenv, fetchurl }: +{ + source, + lib, + stdenv, + fetchurl, +}: stdenv.mkDerivation rec { inherit (source) pname version src; diff --git a/pkgs/default.nix b/pkgs/default.nix index feca72c..fa47656 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,17 +1,32 @@ -{ lib, pkgs, overlay ? false }: +{ + lib, + pkgs, + overlay ? false, +}: let # All source files generated by nvfetcher - sources = (import ./_sources/generated.nix) { inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools; }; + sources = (import ./_sources/generated.nix) { + inherit (pkgs) + fetchurl + fetchgit + fetchFromGitHub + dockerTools + ; + }; ignoredPkgs = [ "proton-ge" ]; - listPackageRecursive = with builtins; + listPackageRecursive = + with builtins; dir: - (lib.lists.foldr (n: col: col // n) { } (lib.attrsets.mapAttrsToList - (name: type: - let path = dir + "/${name}"; - in if type == "directory" then - # Ignore broken packages + (lib.lists.foldr (n: col: col // n) { } ( + lib.attrsets.mapAttrsToList ( + name: type: + let + path = dir + "/${name}"; + in + if type == "directory" then + # Ignore broken packages if (builtins.pathExists (path + "/default.nix")) && !(lib.lists.any (p: p == name) ignoredPkgs) then if overlay then { "${name}" = (pkgs.callPackage path { source = sources.${name}; }); } @@ -20,7 +35,8 @@ let else listPackageRecursive path else - { }) - (builtins.readDir dir))); + { } + ) (builtins.readDir dir) + )); in listPackageRecursive ./. diff --git a/pkgs/tools/proton-ge/default.nix b/pkgs/tools/proton-ge/default.nix index a6381c1..8d4fb3e 100644 --- a/pkgs/tools/proton-ge/default.nix +++ b/pkgs/tools/proton-ge/default.nix @@ -1,4 +1,8 @@ -{ lib, stdenv, source }: +{ + lib, + stdenv, + source, +}: stdenv.mkDerivation rec { inherit (source) pname src version; diff --git a/pkgs/tools/yacd/default.nix b/pkgs/tools/yacd/default.nix index 038d72d..554cac6 100644 --- a/pkgs/tools/yacd/default.nix +++ b/pkgs/tools/yacd/default.nix @@ -1,4 +1,9 @@ -{ source, lib, fetchzip, stdenv }: +{ + source, + lib, + fetchzip, + stdenv, +}: stdenv.mkDerivation rec { inherit (source) pname version src;