diff --git a/.github/workflows/buildiso.yaml b/.github/workflows/buildiso.yaml
index 67ac87d..2e86622 100644
--- a/.github/workflows/buildiso.yaml
+++ b/.github/workflows/buildiso.yaml
@@ -82,10 +82,11 @@ jobs:
name: dcompass
skipPush: true
- - name: Update flake.lock, show drv, and calculate the hashes
- id: update
- run: |
- nix flake update
+ # NOTE: Don't update automatically, it breaks build
+ # - name: Update flake.lock, show drv, and calculate the hashes
+ # id: update
+ # run: |
+ # nix flake update
- name: Build LiveCD ISO image
id: iso
diff --git a/cfgs/deck/boot.nix b/cfgs/deck/boot.nix
index 8784849..1bcba80 100644
--- a/cfgs/deck/boot.nix
+++ b/cfgs/deck/boot.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
my.lanzaboote.enable = true;
# Clean tmp folder which is a btrfs subvol
@@ -7,7 +13,11 @@
# Create root on tmpfs
fileSystems."/" = {
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ];
+ options = [
+ "defaults"
+ "size=2G"
+ "mode=755"
+ ];
};
fileSystems."/persist".neededForBoot = true;
diff --git a/cfgs/deck/default.nix b/cfgs/deck/default.nix
index 12446d9..a3a9330 100644
--- a/cfgs/deck/default.nix
+++ b/cfgs/deck/default.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
imports = [
./boot.nix
./networking.nix
@@ -67,19 +73,27 @@
};
# Allow users in wheel to control sing-box without passwords.
- security.sudo.extraRules = [{
- groups = [ "whell" ];
- commands = [
- {
- command = "${startSingBox}";
- options = [ "NOPASSWD" "SETENV" ];
- }
- {
- command = "${stopSingBox}";
- options = [ "NOPASSWD" "SETENV" ];
- }
- ];
- }];
+ security.sudo.extraRules = [
+ {
+ groups = [ "whell" ];
+ commands = [
+ {
+ command = "${startSingBox}";
+ options = [
+ "NOPASSWD"
+ "SETENV"
+ ];
+ }
+ {
+ command = "${stopSingBox}";
+ options = [
+ "NOPASSWD"
+ "SETENV"
+ ];
+ }
+ ];
+ }
+ ];
my.home.ash = {
extraPackages = with pkgs; [
@@ -123,7 +137,8 @@
# Extra files
extraFiles = {
- ".config/steam-rom-manager/userData/userConfigurations.json".source = ../../misc/blobs/steam-rom-manager/userConfigurations.json;
+ ".config/steam-rom-manager/userData/userConfigurations.json".source =
+ ../../misc/blobs/steam-rom-manager/userConfigurations.json;
".config/yuzu/qt-config.ini".source = ../../misc/blobs/yuzu/qt-config.ini;
};
};
@@ -138,11 +153,11 @@
# Fonts
fonts.packages = with pkgs; [
noto-fonts
- noto-fonts-cjk
+ noto-fonts-cjk-sans
noto-fonts-emoji
fira-code
fira-code-symbols
- fira-code-nerdfont
+ nerd-fonts.fira-code
# needed by steam to display CJK fonts
wqy_zenhei
];
@@ -184,7 +199,10 @@
# Both git-credentials and zsh_hist_dir doesn't seem to play well with impermanence
# NO sensitive task shall be carried out!
# { directory = ".git_creds_dir"; mode = "0700"; }
- { directory = ".zsh_hist_dir"; mode = "0700"; }
+ {
+ directory = ".zsh_hist_dir";
+ mode = "0700";
+ }
# { directory = ".gnupg"; mode = "0700"; }
# { directory = ".ssh"; mode = "0700"; }
# { directory = ".local/share/keyrings"; mode = "0700"; }
@@ -196,11 +214,9 @@
users = {
mutableUsers = false;
users = {
- root.hashedPassword =
- "$6$oNsoXzCopc6uxli4$vthBqdTNXtq8MWlWRHRGe6QZUMb7CtPWaTdXSOKszeTAtmjG5zE/JPd7F668VTiuOUtpiy1oy061N0LlxjtHD1";
+ root.hashedPassword = "$6$oNsoXzCopc6uxli4$vthBqdTNXtq8MWlWRHRGe6QZUMb7CtPWaTdXSOKszeTAtmjG5zE/JPd7F668VTiuOUtpiy1oy061N0LlxjtHD1";
ash = {
- hashedPassword =
- "$y$j9T$yLdLVVEQoolJR9LNMYGl30$dNnh67D78jLz/YR9YXSR3i8efYd0QmI2ezo2h5v2W78";
+ hashedPassword = "$y$j9T$yLdLVVEQoolJR9LNMYGl30$dNnh67D78jLz/YR9YXSR3i8efYd0QmI2ezo2h5v2W78";
shell = pkgs.zsh;
isNormalUser = true;
# wheel - sudo
@@ -208,7 +224,10 @@
# video - light control
# libvirtd - virtual manager controls.
# docker - Docker control
- extraGroups = [ "wheel" "networkmanager" ];
+ extraGroups = [
+ "wheel"
+ "networkmanager"
+ ];
};
};
};
diff --git a/cfgs/deck/i18n.nix b/cfgs/deck/i18n.nix
index d5401ff..ff49ecf 100644
--- a/cfgs/deck/i18n.nix
+++ b/cfgs/deck/i18n.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
my.timezone = {
enable = true;
path = "/etc/persisted-timezone";
diff --git a/cfgs/deck/networking.nix b/cfgs/deck/networking.nix
index a973ac4..a321c74 100644
--- a/cfgs/deck/networking.nix
+++ b/cfgs/deck/networking.nix
@@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
networking.resolvconf.useLocalResolver = true;
networking.networkmanager = {
@@ -17,24 +18,29 @@
level = "info";
};
- inbounds = [{
- type = "tun";
- # sing-box version is too old to support this
- # address = [
- # "172.18.0.1/30"
- # "fdfe:dcba:9876::1/126"
- # ];
- inet4_address = "172.19.0.1/30";
- inet6_address = "fdfe:dcba:9876::1/126";
- auto_route = true;
- strict_route = true;
- # sniff = true;
- # # Override IP addr with sniffed domain
- # sniff_override_destination = true;
- }];
+ inbounds = [
+ {
+ type = "tun";
+ # sing-box version is too old to support this
+ # address = [
+ # "172.18.0.1/30"
+ # "fdfe:dcba:9876::1/126"
+ # ];
+ inet4_address = "172.19.0.1/30";
+ inet6_address = "fdfe:dcba:9876::1/126";
+ auto_route = true;
+ strict_route = true;
+ # sniff = true;
+ # # Override IP addr with sniffed domain
+ # sniff_override_destination = true;
+ }
+ ];
outbounds = [
- { type = "direct"; tag = "direct"; }
+ {
+ type = "direct";
+ tag = "direct";
+ }
{
_secret = config.age.secrets.sing-box.path;
quote = false;
diff --git a/cfgs/deck/security.nix b/cfgs/deck/security.nix
index b0d2f99..835cc41 100644
--- a/cfgs/deck/security.nix
+++ b/cfgs/deck/security.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
# sbctl database files
age.secrets = {
secureboot_guid = {
diff --git a/cfgs/deck/services.nix b/cfgs/deck/services.nix
index 7447a20..3af6591 100644
--- a/cfgs/deck/services.nix
+++ b/cfgs/deck/services.nix
@@ -1,4 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+{
# Enable SSH for remote access
services.openssh = {
enable = true;
@@ -7,9 +13,11 @@
};
# Also the pub key used for age encryption
- users.users.ash.openssh.authorizedKeys.keys = let keys = import ../../secrets/keys.nix; in [ keys.ash_pubkey ];
-
-
+ users.users.ash.openssh.authorizedKeys.keys =
+ let
+ keys = import ../../secrets/keys.nix;
+ in
+ [ keys.ash_pubkey ];
### Power and hardware
# Enable fwupd service for firmware updates
diff --git a/cfgs/img-deck/default.nix b/cfgs/img-deck/default.nix
index b5a870d..501fe07 100644
--- a/cfgs/img-deck/default.nix
+++ b/cfgs/img-deck/default.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: with lib;
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib;
{
imports = [
./networking.nix
@@ -11,13 +17,23 @@
# This is a dummy key in ISO image, we shall not worry about its security.
# Agenix breaks in LiveCD due to https://github.com/ryantm/agenix/issues/165.
- age.identityPaths = [ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) ];
+ age.identityPaths = [
+ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519))
+ ];
# GPG agent that makes GPG work in LiveCD.
programs.gnupg.agent.enable = true;
# ZFS is currently broken on the latest kernel. Since we don't use it, it's fine to disable it.
- boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+ boot.supportedFilesystems = lib.mkForce [
+ "btrfs"
+ "reiserfs"
+ "vfat"
+ "f2fs"
+ "xfs"
+ "ntfs"
+ "cifs"
+ ];
# Needed for boot! Otherwise the initrd couldn't mount the root on hub.
boot.initrd.availableKernelModules = [ "hub" ];
@@ -32,18 +48,21 @@
inputMethod = {
enable = true;
type = "ibus";
- ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ];
+ ibus.engines = with pkgs.ibus-engines; [
+ libpinyin
+ typing-booster
+ ];
};
};
# Fonts
fonts.packages = with pkgs; [
noto-fonts
- noto-fonts-cjk
+ noto-fonts-cjk-sans
noto-fonts-emoji
fira-code
fira-code-symbols
- fira-code-nerdfont
+ nerd-fonts.fira-code
];
isoImage.edition = "gnome";
@@ -108,20 +127,23 @@
# This is a LiveCD, please don't enable disk config in NixOS.
disko.enableConfig = false;
- environment.systemPackages = with pkgs; let
- create-disko-pkg = name: path: (runCommandLocal "disko-${name}" { } ''
- mkdir -p $out/bin
- install ${path} $out/bin/disko-${name}
- '');
- in
- [
- (writeShellScriptBin "install-script"
- (builtins.readFile ./install.sh))
-
- (create-disko-pkg "main" config.system.build.diskoScript)
- (create-disko-pkg "format" config.system.build.formatScript)
- (create-disko-pkg "mount" config.system.build.mountScript)
- ];
+ environment.systemPackages =
+ with pkgs;
+ let
+ create-disko-pkg =
+ name: path:
+ (runCommandLocal "disko-${name}" { } ''
+ mkdir -p $out/bin
+ install ${path} $out/bin/disko-${name}
+ '');
+ in
+ [
+ (writeShellScriptBin "install-script" (builtins.readFile ./install.sh))
+
+ (create-disko-pkg "main" config.system.build.diskoScript)
+ (create-disko-pkg "format" config.system.build.formatScript)
+ (create-disko-pkg "mount" config.system.build.mountScript)
+ ];
users.users.nixos = {
shell = pkgs.zsh;
diff --git a/cfgs/img-deck/networking.nix b/cfgs/img-deck/networking.nix
index 3aa2cc2..3ffc33d 100644
--- a/cfgs/img-deck/networking.nix
+++ b/cfgs/img-deck/networking.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
# Use local DNS server all the time
networking.resolvconf.useLocalResolver = true;
diff --git a/cfgs/img-x1c7/default.nix b/cfgs/img-x1c7/default.nix
index f3a5742..fc18599 100644
--- a/cfgs/img-x1c7/default.nix
+++ b/cfgs/img-x1c7/default.nix
@@ -1,4 +1,11 @@
-{ inputs, config, lib, pkgs, ... }: with lib;
+{
+ inputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+with lib;
{
imports = [
./networking.nix
@@ -13,13 +20,23 @@
# This is a dummy key in ISO image, we shall not worry about its security.
# Agenix breaks in LiveCD due to https://github.com/ryantm/agenix/issues/165.
- age.identityPaths = [ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) ];
+ age.identityPaths = [
+ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519))
+ ];
# GPG agent that makes GPG work in LiveCD.
programs.gnupg.agent.enable = true;
# ZFS is currently broken on the latest kernel. Since we don't use it, it's fine to disable it.
- boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+ boot.supportedFilesystems = lib.mkForce [
+ "btrfs"
+ "reiserfs"
+ "vfat"
+ "f2fs"
+ "xfs"
+ "ntfs"
+ "cifs"
+ ];
# Set internationalisation properties.
console = {
@@ -31,18 +48,21 @@
inputMethod = {
enable = true;
type = "ibus";
- ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ];
+ ibus.engines = with pkgs.ibus-engines; [
+ libpinyin
+ typing-booster
+ ];
};
};
# Fonts
fonts.packages = with pkgs; [
noto-fonts
- noto-fonts-cjk
+ noto-fonts-cjk-sans
noto-fonts-emoji
fira-code
fira-code-symbols
- fira-code-nerdfont
+ nerd-fonts.fira-code
];
isoImage.edition = "gnome";
@@ -94,29 +114,36 @@
dnsutils
smartmontools
];
- extraDconf = let hm = inputs.home-manager.lib.hm; in {
- "org/gnome/desktop/interface"."scaling-factor" = hm.gvariant.mkUint32 2;
- };
+ extraDconf =
+ let
+ hm = inputs.home-manager.lib.hm;
+ in
+ {
+ "org/gnome/desktop/interface"."scaling-factor" = hm.gvariant.mkUint32 2;
+ };
};
disko.devices = (import ./../../modules/disko/disk.nix { });
# This is a LiveCD, please don't enable disk config in NixOS.
disko.enableConfig = false;
- environment.systemPackages = with pkgs; let
- create-disko-pkg = name: path: (runCommandLocal "disko-${name}" { } ''
- mkdir -p $out/bin
- install ${path} $out/bin/disko-${name}
- '');
- in
- [
- (writeShellScriptBin "install-script"
- (builtins.readFile ./install.sh))
-
- (create-disko-pkg "main" config.system.build.diskoScript)
- (create-disko-pkg "format" config.system.build.formatScript)
- (create-disko-pkg "mount" config.system.build.mountScript)
- ];
+ environment.systemPackages =
+ with pkgs;
+ let
+ create-disko-pkg =
+ name: path:
+ (runCommandLocal "disko-${name}" { } ''
+ mkdir -p $out/bin
+ install ${path} $out/bin/disko-${name}
+ '');
+ in
+ [
+ (writeShellScriptBin "install-script" (builtins.readFile ./install.sh))
+
+ (create-disko-pkg "main" config.system.build.diskoScript)
+ (create-disko-pkg "format" config.system.build.formatScript)
+ (create-disko-pkg "mount" config.system.build.mountScript)
+ ];
users.users.nixos.shell = pkgs.zsh;
programs.zsh.enable = true;
diff --git a/cfgs/img-x1c7/networking.nix b/cfgs/img-x1c7/networking.nix
index e717acd..fbc548f 100644
--- a/cfgs/img-x1c7/networking.nix
+++ b/cfgs/img-x1c7/networking.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
# Use local DNS server all the time
networking.resolvconf.useLocalResolver = true;
diff --git a/cfgs/shards/default.nix b/cfgs/shards/default.nix
index b97fcf7..074b0b1 100644
--- a/cfgs/shards/default.nix
+++ b/cfgs/shards/default.nix
@@ -5,7 +5,13 @@
#
# HOW TO DEPLOY
# `deploy .#shards --ssh-opts="-i ~/ash_ed25519"`
-{ config, lib, pkgs, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
imports = [
./secrets.nix
./hardware.nix
@@ -20,7 +26,10 @@
time.timeZone = "Europe/London";
# Firewall options
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
# This is required to push "unsigned" nix store paths. We only allow wheel group to do so to limit the attack surface.
nix.settings.trusted-users = [ "@wheel" ];
@@ -41,7 +50,11 @@
fileSystems."/" = {
fsType = "tmpfs";
- options = [ "defaults" "size=1G" "mode=755" ];
+ options = [
+ "defaults"
+ "size=1G"
+ "mode=755"
+ ];
};
fileSystems."/persist".neededForBoot = true;
@@ -65,7 +78,11 @@
};
};
- environment.systemPackages = with pkgs; [ coreutils-full gitMinimal curl ];
+ environment.systemPackages = with pkgs; [
+ coreutils-full
+ gitMinimal
+ curl
+ ];
users = {
# Let users be immutable/declarative
@@ -73,11 +90,9 @@
# Note: these are only basic users, users for specific profiles/services, e.g. networking services' pseudo users are declared seperately
# Note: for portable usages, passwords should be changed here.
users = {
- root.hashedPassword =
- "$6$EKVU.ASDFD1ehd$HhL4g2ZSAKy7w5hOZPcrzxcd3R3axmx6Ku/xL6lvoGy1kJ1flTpxXEPNO/wxCYaxGQHt2Nt5VsY5VBmWU1dAV/";
+ root.hashedPassword = "$6$EKVU.ASDFD1ehd$HhL4g2ZSAKy7w5hOZPcrzxcd3R3axmx6Ku/xL6lvoGy1kJ1flTpxXEPNO/wxCYaxGQHt2Nt5VsY5VBmWU1dAV/";
ash = {
- hashedPassword =
- "$6$/DrCzjENUCPZ$3YWcERAWSkLiZYG8YMeyDDo6j8mJ517MZ3GmEplLeF4HVw8125.k2qEsLgNmS1IyHK7VhyaRv7Rd4azsT.nEy.";
+ hashedPassword = "$6$/DrCzjENUCPZ$3YWcERAWSkLiZYG8YMeyDDo6j8mJ517MZ3GmEplLeF4HVw8125.k2qEsLgNmS1IyHK7VhyaRv7Rd4azsT.nEy.";
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
};
diff --git a/cfgs/shards/disk-config.nix b/cfgs/shards/disk-config.nix
index d7b53e7..90a1a3d 100644
--- a/cfgs/shards/disk-config.nix
+++ b/cfgs/shards/disk-config.nix
@@ -38,19 +38,31 @@
# Mountpoints now must be explicitly stated
"/persist" = {
mountpoint = "/persist";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/persist/home" = {
mountpoint = "/persist/home";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/nix" = {
mountpoint = "/nix";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/tmp" = {
mountpoint = "/tmp";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
};
};
diff --git a/cfgs/shards/hardware.nix b/cfgs/shards/hardware.nix
index 3cb4bc5..f544331 100644
--- a/cfgs/shards/hardware.nix
+++ b/cfgs/shards/hardware.nix
@@ -1,12 +1,22 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
{
- imports =
- [
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
diff --git a/cfgs/shards/secrets.nix b/cfgs/shards/secrets.nix
index 14fcef1..e384e70 100644
--- a/cfgs/shards/secrets.nix
+++ b/cfgs/shards/secrets.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
# v2ray config
age.secrets.v2ray_config = {
file = ../../secrets/v2ray_shards.age;
diff --git a/cfgs/shards/services.nix b/cfgs/shards/services.nix
index 85150c4..9071813 100644
--- a/cfgs/shards/services.nix
+++ b/cfgs/shards/services.nix
@@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
# Enable SSH for remote access
services.openssh = {
enable = true;
@@ -7,7 +8,11 @@
};
# Also the pub key used for age encryption
- users.users.ash.openssh.authorizedKeys.keys = let keys = import ../../secrets/keys.nix; in [ keys.ash_pubkey ];
+ users.users.ash.openssh.authorizedKeys.keys =
+ let
+ keys = import ../../secrets/keys.nix;
+ in
+ [ keys.ash_pubkey ];
services.tor = {
enable = true;
@@ -19,10 +24,12 @@
settings = {
ContactInfo = "dontcontact@cia.gov";
# Nickname = "toradmin";
- ORPort = [{
- port = 8002;
- flags = [ "IPv4Only" ];
- }];
+ ORPort = [
+ {
+ port = 8002;
+ flags = [ "IPv4Only" ];
+ }
+ ];
# ServerTransportPlugins are automatically set by nixpkgs
ServerTransportListenAddr = "obfs4 0.0.0.0:8003";
AccountingStart = "week 1 10:00";
diff --git a/cfgs/x1c7/boot.nix b/cfgs/x1c7/boot.nix
index 49a117f..64950b5 100644
--- a/cfgs/x1c7/boot.nix
+++ b/cfgs/x1c7/boot.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
my.lanzaboote.enable = true;
# Clean tmp folder which is a btrfs subvol
@@ -7,7 +13,11 @@
# Create root on tmpfs
fileSystems."/" = {
fsType = "tmpfs";
- options = [ "defaults" "size=2G" "mode=755" ];
+ options = [
+ "defaults"
+ "size=2G"
+ "mode=755"
+ ];
};
fileSystems."/persist".neededForBoot = true;
diff --git a/cfgs/x1c7/default.nix b/cfgs/x1c7/default.nix
index cf776c8..e829e4d 100644
--- a/cfgs/x1c7/default.nix
+++ b/cfgs/x1c7/default.nix
@@ -1,4 +1,11 @@
-{ inputs, lib, config, pkgs, ... }: {
+{
+ inputs,
+ lib,
+ config,
+ pkgs,
+ ...
+}:
+{
imports = [
./boot.nix
./hardware.nix
@@ -24,7 +31,7 @@
# Not very useful as SecureBoot already ensures that we are booting trustworthy kernels.
# WARN: Still could be dangerous as Microsoft key is present and someone could boot Ubuntu and decrypt the disk.
- # 9 # Hash of the initrd and EFI Load Options
+ # 9 # Hash of the initrd and EFI Load Options
# 11 # Hash of the unified kernel image
];
@@ -68,7 +75,7 @@
tdesktop
htop
qbittorrent
- # zoom-us
+ zoom-us
thunderbird-bin
pavucontrol
dnsperf
@@ -94,14 +101,21 @@
(final: prev: {
# Patch mathematica to solve "libdbus not found" error.
# Also pin it to a specific commit to prevent from rebuilding.
- mathematica_13_3_1 = (prev.mathematica.overrideAttrs (_: prevAttrs: {
- wrapProgramFlags = prevAttrs.wrapProgramFlags ++ [ "--prefix LD_LIBRARY_PATH : ${prev.lib.makeLibraryPath [ prev.dbus.lib ]}" ];
- })).override {
- version = "13.3.1";
- };
+ mathematica_13_3_1 =
+ (prev.mathematica.overrideAttrs (
+ _: prevAttrs: {
+ wrapProgramFlags = prevAttrs.wrapProgramFlags ++ [
+ "--prefix LD_LIBRARY_PATH : ${prev.lib.makeLibraryPath [ prev.dbus.lib ]}"
+ ];
+ }
+ )).override
+ {
+ version = "13.3.1";
+ };
})
];
}).mathematica_13_3_1
+ coyim
uxplay
zotero
];
@@ -113,11 +127,11 @@
# Fonts
fonts.packages = with pkgs; [
noto-fonts
- noto-fonts-cjk
+ noto-fonts-cjk-sans
noto-fonts-emoji
fira-code
fira-code-symbols
- fira-code-nerdfont
+ nerd-fonts.fira-code
];
environment.persistence."/persist" = {
@@ -152,16 +166,32 @@
".mozilla"
".thunderbird"
".config/qBittorrent"
+ ".config/coyim"
".config/Zulip"
".julia"
".Mathematica"
"org-files"
# Both git-credentials and zsh_hist_dir doesn't seem to play well with impermanence
- { directory = ".git_creds_dir"; mode = "0700"; }
- { directory = ".zsh_hist_dir"; mode = "0700"; }
- { directory = ".gnupg"; mode = "0700"; }
- { directory = ".ssh"; mode = "0700"; }
- { directory = ".local/share/keyrings"; mode = "0700"; }
+ {
+ directory = ".git_creds_dir";
+ mode = "0700";
+ }
+ {
+ directory = ".zsh_hist_dir";
+ mode = "0700";
+ }
+ {
+ directory = ".gnupg";
+ mode = "0700";
+ }
+ {
+ directory = ".ssh";
+ mode = "0700";
+ }
+ {
+ directory = ".local/share/keyrings";
+ mode = "0700";
+ }
];
};
};
@@ -169,11 +199,9 @@
users = {
mutableUsers = false;
users = {
- root.hashedPassword =
- "$6$TqNkihvO4K$x.qSUVbLQ9.IfAc9tOQawDzVdHJtQIcKrJpBCBR.wMuQ8qfbbbm9bN7JNMgneYnNPzAi2k9qXk0klhTlRgGnk0";
+ root.hashedPassword = "$6$TqNkihvO4K$x.qSUVbLQ9.IfAc9tOQawDzVdHJtQIcKrJpBCBR.wMuQ8qfbbbm9bN7JNMgneYnNPzAi2k9qXk0klhTlRgGnk0";
ash = {
- hashedPassword =
- "$6$FAs.ZfxAkhAK0ted$/aHwa39iJ6wsZDCxoJVjedhfPZ0XlmgKcxkgxGDE.hw3JlCjPHmauXmQAZUlF8TTUGgxiOJZcbYSPsW.QBH5F.";
+ hashedPassword = "$6$FAs.ZfxAkhAK0ted$/aHwa39iJ6wsZDCxoJVjedhfPZ0XlmgKcxkgxGDE.hw3JlCjPHmauXmQAZUlF8TTUGgxiOJZcbYSPsW.QBH5F.";
shell = pkgs.zsh;
isNormalUser = true;
# wheel - sudo
@@ -182,7 +210,12 @@
# libvirtd - virtual manager controls.
# docker - Docker control
# tss - TPM2 control
- extraGroups = [ "wheel" "networkmanager" "wireshark" "tss" ];
+ extraGroups = [
+ "wheel"
+ "networkmanager"
+ "wireshark"
+ "tss"
+ ];
};
};
};
diff --git a/cfgs/x1c7/hardware.nix b/cfgs/x1c7/hardware.nix
index 33d4d13..a152e7c 100644
--- a/cfgs/x1c7/hardware.nix
+++ b/cfgs/x1c7/hardware.nix
@@ -3,8 +3,12 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Needed for boot! we didn't include these for steamdeck as Jovian did these for us.
- boot.initrd.availableKernelModules =
- [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "nvme"
+ "usb_storage"
+ "sd_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
diff --git a/cfgs/x1c7/i18n.nix b/cfgs/x1c7/i18n.nix
index 29a2fdc..da41316 100644
--- a/cfgs/x1c7/i18n.nix
+++ b/cfgs/x1c7/i18n.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
my.timezone = {
enable = true;
path = "/etc/persisted-timezone";
@@ -14,7 +20,10 @@
inputMethod = {
enable = true;
type = "ibus";
- ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ];
+ ibus.engines = with pkgs.ibus-engines; [
+ libpinyin
+ typing-booster
+ ];
};
};
}
diff --git a/cfgs/x1c7/networking.nix b/cfgs/x1c7/networking.nix
index 1bc3ad8..22e8c71 100644
--- a/cfgs/x1c7/networking.nix
+++ b/cfgs/x1c7/networking.nix
@@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
networking.resolvconf.useLocalResolver = true;
networking.networkmanager = {
@@ -20,24 +21,29 @@
level = "info";
};
- inbounds = [{
- type = "tun";
- # sing-box version is too old to support this
- # address = [
- # "172.18.0.1/30"
- # "fdfe:dcba:9876::1/126"
- # ];
- inet4_address = "172.19.0.1/30";
- inet6_address = "fdfe:dcba:9876::1/126";
- auto_route = true;
- strict_route = true;
- # sniff = true;
- # # Override IP addr with sniffed domain
- # sniff_override_destination = true;
- }];
+ inbounds = [
+ {
+ type = "tun";
+ # sing-box version is too old to support this
+ # address = [
+ # "172.18.0.1/30"
+ # "fdfe:dcba:9876::1/126"
+ # ];
+ inet4_address = "172.19.0.1/30";
+ inet6_address = "fdfe:dcba:9876::1/126";
+ auto_route = true;
+ strict_route = true;
+ # sniff = true;
+ # # Override IP addr with sniffed domain
+ # sniff_override_destination = true;
+ }
+ ];
outbounds = [
- { type = "direct"; tag = "direct"; }
+ {
+ type = "direct";
+ tag = "direct";
+ }
{
_secret = config.age.secrets.sing-box.path;
quote = false;
@@ -54,7 +60,7 @@
{ process_name = "dcompass"; }
{ process_name = "NetworkManager"; }
{ process_name = "steam"; }
- { process_name = "qbittorrent"; }
+ # { process_name = "qbittorrent"; }
];
outbound = "direct";
}
diff --git a/cfgs/x1c7/security.nix b/cfgs/x1c7/security.nix
index b0d2f99..835cc41 100644
--- a/cfgs/x1c7/security.nix
+++ b/cfgs/x1c7/security.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
# sbctl database files
age.secrets = {
secureboot_guid = {
diff --git a/cfgs/x1c7/services.nix b/cfgs/x1c7/services.nix
index 98ab891..f6ef028 100644
--- a/cfgs/x1c7/services.nix
+++ b/cfgs/x1c7/services.nix
@@ -1,4 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+{
### Power and hardware
# Enable fwupd service for firmware updates
services.fwupd.enable = true;
@@ -16,18 +22,18 @@
### Sound and graphics
# This uses pipewire and conflicts with pulseaudio
- services.gnome.gnome-remote-desktop.enable = false;
- # Have to additionally disable pipewire: https://github.com/NixOS/nixpkgs/commit/438fd16359cf30090c66d3748727829afa90e814
- services.pipewire.enable = false;
- # Configuration of pulseaudio to facilitate bluetooth headphones and Steam.
- hardware.pulseaudio = {
- enable = true;
- # 32 bit support for steam.
- support32Bit = true;
- # NixOS allows either a lightweight build (default) or full build of PulseAudio to be installed.
- # Only the full build has Bluetooth support, so it must be selected here.
- package = pkgs.pulseaudioFull;
- };
+ # services.gnome.gnome-remote-desktop.enable = false;
+ # # Have to additionally disable pipewire: https://github.com/NixOS/nixpkgs/commit/438fd16359cf30090c66d3748727829afa90e814
+ # services.pipewire.enable = false;
+ # # Configuration of pulseaudio to facilitate bluetooth headphones and Steam.
+ # hardware.pulseaudio = {
+ # enable = true;
+ # # 32 bit support for steam.
+ # support32Bit = true;
+ # # NixOS allows either a lightweight build (default) or full build of PulseAudio to be installed.
+ # # Only the full build has Bluetooth support, so it must be selected here.
+ # package = pkgs.pulseaudioFull;
+ # };
# OpenGL 32 bit support for steam
hardware.graphics.enable32Bit = true;
diff --git a/flake.lock b/flake.lock
index 37d44d4..8a866b5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -99,11 +99,11 @@
"utils": "utils_3"
},
"locked": {
- "lastModified": 1687138261,
- "narHash": "sha256-wFM3GV41P0fCAJ9lkhcZYolPfOYpbIVK5gZS3k3hA8s=",
+ "lastModified": 1730570373,
+ "narHash": "sha256-A0x3M4b3FrK4HJHNKyTIkN8+So2pOTYGo/gkOTcxz2s=",
"owner": "compassd",
"repo": "dcompass",
- "rev": "6b645d6c2fc7b08872dd823d2a25eb8ceb0c37de",
+ "rev": "68315d0052aa2887c6d6d995b46dd316cf49d571",
"type": "github"
},
"original": {
@@ -121,11 +121,11 @@
]
},
"locked": {
- "lastModified": 1722113426,
- "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
+ "lastModified": 1728330715,
+ "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
- "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
+ "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
@@ -141,11 +141,11 @@
]
},
"locked": {
- "lastModified": 1726524467,
- "narHash": "sha256-xkPPPvfHhHK7BNX5ZrQ9N6AIEixCmFzRZHduDf0zv30=",
+ "lastModified": 1734343412,
+ "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=",
"owner": "nix-community",
"repo": "disko",
- "rev": "22ee467a54a3ab7fa9d637ccad5330c6c087e9dc",
+ "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19",
"type": "github"
},
"original": {
@@ -310,11 +310,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
- "lastModified": 1726153070,
- "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
+ "lastModified": 1733312601,
+ "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
+ "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@@ -332,11 +332,11 @@
]
},
"locked": {
- "lastModified": 1726153070,
- "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
+ "lastModified": 1733312601,
+ "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
+ "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@@ -401,25 +401,7 @@
},
"flake-utils_4": {
"inputs": {
- "systems": "systems_7"
- },
- "locked": {
- "lastModified": 1681202837,
- "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_5": {
- "inputs": {
- "systems": "systems_9"
+ "systems": "systems_8"
},
"locked": {
"lastModified": 1710146030,
@@ -435,16 +417,16 @@
"type": "github"
}
},
- "flake-utils_6": {
+ "flake-utils_5": {
"inputs": {
- "systems": "systems_10"
+ "systems": "systems_9"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -453,16 +435,16 @@
"type": "github"
}
},
- "flake-utils_7": {
+ "flake-utils_6": {
"inputs": {
- "systems": "systems_12"
+ "systems": "systems_11"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -479,11 +461,11 @@
"nixpkgs-stable": "nixpkgs-stable_6"
},
"locked": {
- "lastModified": 1725513492,
- "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
+ "lastModified": 1734425854,
+ "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=",
"owner": "cachix",
"repo": "git-hooks.nix",
- "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
+ "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d",
"type": "github"
},
"original": {
@@ -512,11 +494,11 @@
]
},
"locked": {
- "lastModified": 1725513492,
- "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
+ "lastModified": 1734279981,
+ "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
"owner": "cachix",
"repo": "git-hooks.nix",
- "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
+ "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
"type": "github"
},
"original": {
@@ -686,11 +668,11 @@
]
},
"locked": {
- "lastModified": 1726440980,
- "narHash": "sha256-ChhIrjtdu5d83W+YDRH+Ec5g1MmM0xk6hJnkz15Ot7M=",
+ "lastModified": 1734344598,
+ "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff",
+ "rev": "83ecd50915a09dca928971139d3a102377a8d242",
"type": "github"
},
"original": {
@@ -708,11 +690,11 @@
]
},
"locked": {
- "lastModified": 1726357542,
- "narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=",
+ "lastModified": 1734093295,
+ "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f",
+ "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8",
"type": "github"
},
"original": {
@@ -723,11 +705,11 @@
},
"impermanence": {
"locked": {
- "lastModified": 1725690722,
- "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
+ "lastModified": 1734200366,
+ "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
"owner": "nix-community",
"repo": "impermanence",
- "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
+ "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
"type": "github"
},
"original": {
@@ -736,6 +718,36 @@
"type": "github"
}
},
+ "ixx": {
+ "inputs": {
+ "flake-utils": [
+ "vimrc",
+ "nixvim",
+ "nuschtosSearch",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "vimrc",
+ "nixvim",
+ "nuschtosSearch",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1729958008,
+ "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
+ "owner": "NuschtOS",
+ "repo": "ixx",
+ "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NuschtOS",
+ "ref": "v0.0.6",
+ "repo": "ixx",
+ "type": "github"
+ }
+ },
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
@@ -744,11 +756,11 @@
]
},
"locked": {
- "lastModified": 1726115155,
- "narHash": "sha256-VDylz5VX4JD4/TZv6xUJDwuvNdgLRGoOpue1dlZGdIQ=",
+ "lastModified": 1734162608,
+ "narHash": "sha256-m2AX+3eiVqIK6uO7GbGY7SFnkkYOlR5fQiNI0eRvWOQ=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
- "rev": "02cf60ce20b6034fc0459e5116cec7016aaff6e4",
+ "rev": "31bdf4c7c91204d65afbde01146deee0259a8fb7",
"type": "github"
},
"original": {
@@ -762,7 +774,7 @@
"crane": "crane",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
- "flake-utils": "flake-utils_5",
+ "flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
],
@@ -793,11 +805,11 @@
]
},
"locked": {
- "lastModified": 1726188813,
- "narHash": "sha256-Vop/VRi6uCiScg/Ic+YlwsdIrLabWUJc57dNczp0eBc=",
+ "lastModified": 1733570843,
+ "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "21fe31f26473c180390cfa81e3ea81aca0204c80",
+ "rev": "a35b08d09efda83625bef267eb24347b446c80b8",
"type": "github"
},
"original": {
@@ -814,11 +826,11 @@
]
},
"locked": {
- "lastModified": 1690328911,
- "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
+ "lastModified": 1729697500,
+ "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
- "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
+ "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
@@ -846,14 +858,14 @@
},
"nixpkgs-lib": {
"locked": {
- "lastModified": 1725233747,
- "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
+ "lastModified": 1733096140,
+ "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
+ "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
},
"original": {
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
+ "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
}
},
"nixpkgs-mathematica": {
@@ -938,11 +950,11 @@
},
"nixpkgs-stable_5": {
"locked": {
- "lastModified": 1720386169,
- "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
+ "lastModified": 1730741070,
+ "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
+ "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
@@ -954,11 +966,11 @@
},
"nixpkgs-stable_6": {
"locked": {
- "lastModified": 1720386169,
- "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
+ "lastModified": 1730741070,
+ "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
+ "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
@@ -970,11 +982,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1681358109,
- "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
+ "lastModified": 1728538411,
+ "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
+ "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
"type": "github"
},
"original": {
@@ -986,11 +998,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1726463316,
- "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
+ "lastModified": 1734119587,
+ "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
+ "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"type": "github"
},
"original": {
@@ -1002,11 +1014,11 @@
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1719082008,
- "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
+ "lastModified": 1730768919,
+ "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9693852a2070b398ee123a329e68f0dab5526681",
+ "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
@@ -1032,11 +1044,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
- "lastModified": 1726502324,
- "narHash": "sha256-I/WFSIBeIjlY3CgSJ6IRYxP2aEJ6b42Y1HAeATlBh48=",
+ "lastModified": 1734446876,
+ "narHash": "sha256-cGZBeTh+9pChvz0phepOzM+NK7QVl0Cp5EPBlh1l5xc=",
"owner": "nix-community",
"repo": "nixvim",
- "rev": "2e3083e42509c399b224239f6d7fa17976b18536",
+ "rev": "f4b7fd46f6caf984fdfc41281792eac7b7ab8f24",
"type": "github"
},
"original": {
@@ -1047,7 +1059,8 @@
},
"nuschtosSearch": {
"inputs": {
- "flake-utils": "flake-utils_7",
+ "flake-utils": "flake-utils_6",
+ "ixx": "ixx",
"nixpkgs": [
"vimrc",
"nixvim",
@@ -1055,11 +1068,11 @@
]
},
"locked": {
- "lastModified": 1726392886,
- "narHash": "sha256-9RtOuG7V8KG8IU8nZje5EQ1WSM/inr7+zb3tAgTiHDM=",
+ "lastModified": 1733773348,
+ "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
"owner": "NuschtOS",
"repo": "search",
- "rev": "97d34b70deed4878fcb2449ac89dab717d72efa1",
+ "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
"type": "github"
},
"original": {
@@ -1071,17 +1084,17 @@
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_4",
- "flake-utils": "flake-utils_6",
+ "flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
- "lastModified": 1718252448,
- "narHash": "sha256-xZZBdKqe1ByITzvx65pVgGQ5jeb73MybjgrcfI84lEo=",
+ "lastModified": 1732501185,
+ "narHash": "sha256-Z0BpHelaGQsE5VD9hBsBHsvMU9h+Xt0kfkDJyFivZOU=",
"owner": "berberman",
"repo": "nvfetcher",
- "rev": "fa7609950023462c6f91c425de7610c0bb6b86ba",
+ "rev": "bdb14eab6fe9cefc29efe01e60c3a3f616d6b62a",
"type": "github"
},
"original": {
@@ -1194,11 +1207,11 @@
"nixpkgs-stable": "nixpkgs-stable_5"
},
"locked": {
- "lastModified": 1725513492,
- "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
+ "lastModified": 1734425854,
+ "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
- "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
+ "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d",
"type": "github"
},
"original": {
@@ -1227,15 +1240,14 @@
},
"rust-overlay": {
"inputs": {
- "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1687055571,
- "narHash": "sha256-UvLoO6u5n9TzY80BpM4DaacxvyJl7u9mm9CA72d309g=",
+ "lastModified": 1730514457,
+ "narHash": "sha256-cjFX208s9pyaOfMvF9xI6WyafyXINqdhMF7b1bMQpLI=",
"owner": "oxalica",
"repo": "rust-overlay",
- "rev": "2de557c780dcb127128ae987fca9d6c2b0d7dc0f",
+ "rev": "1ff38ca26eb31858e4dfe7fe738b6b3ce5d74922",
"type": "github"
},
"original": {
@@ -1314,21 +1326,6 @@
"type": "github"
}
},
- "systems_12": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
"systems_2": {
"locked": {
"lastModified": 1681028828,
@@ -1458,11 +1455,11 @@
]
},
"locked": {
- "lastModified": 1725271838,
- "narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=",
+ "lastModified": 1733761991,
+ "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
"owner": "numtide",
"repo": "treefmt-nix",
- "rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd",
+ "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
"type": "github"
},
"original": {
@@ -1550,14 +1547,14 @@
},
"utils_3": {
"inputs": {
- "systems": "systems_8"
+ "systems": "systems_7"
},
"locked": {
- "lastModified": 1685518550,
- "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+ "lastModified": 1726560853,
+ "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+ "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@@ -1568,14 +1565,14 @@
},
"utils_4": {
"inputs": {
- "systems": "systems_11"
+ "systems": "systems_10"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -1594,11 +1591,11 @@
"nixvim": "nixvim"
},
"locked": {
- "lastModified": 1726543792,
- "narHash": "sha256-M/3Rr8WODiDxZsm/o+HbDBPNoEmweApAjHnRtwrNCbE=",
+ "lastModified": 1734454113,
+ "narHash": "sha256-+F9kb5zh40gcZ8qxydUAFHipYwK9kw6ZUqelyREgedA=",
"owner": "LEXUGE",
"repo": "vimrc",
- "rev": "5e85162e963d5d16a6b88cc1382d5f050adf93ec",
+ "rev": "430b0d84c6c7c4230f0e2fdcc1acd4b83438cf1c",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index e97b4db..c16190a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -59,215 +59,273 @@
};
};
- outputs = { self, nixpkgs, nixpkgs-mathematica, utils, nvfetcher, dcompass, impermanence, vimrc, ash-emacs, home-manager, agenix, disko, jovian, lanzaboote, pre-commit-hooks }@inputs: with utils.lib; let
- lib = nixpkgs.lib;
+ outputs =
+ {
+ self,
+ nixpkgs,
+ nixpkgs-mathematica,
+ utils,
+ nvfetcher,
+ dcompass,
+ impermanence,
+ vimrc,
+ ash-emacs,
+ home-manager,
+ agenix,
+ disko,
+ jovian,
+ lanzaboote,
+ pre-commit-hooks,
+ }@inputs:
+ with utils.lib;
+ let
+ lib = nixpkgs.lib;
- mkSystem = { name, extraMods ? [ ], extraOverlays ? [ ], extraSubstituters ? [ ], extraPublicKeys ? [ ], system }: (lib.nixosSystem {
- inherit system;
- modules = [
- ./cfgs/${name}
- ({ pkgs, config, ... }: {
- config = {
- nixpkgs.overlays = [ self.overlays.default ] ++ extraOverlays;
- nix.settings = {
- substituters = [ "https://dcompass.cachix.org" "https://nix-community.cachix.org" "https://lexuge.cachix.org" ] ++ extraSubstituters;
- trusted-public-keys = [ dcompass.publicKey "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" self.publicKey ] ++ extraPublicKeys;
- trusted-users = [ "@wheel" ];
+ mkSystem =
+ {
+ name,
+ extraMods ? [ ],
+ extraOverlays ? [ ],
+ extraSubstituters ? [ ],
+ extraPublicKeys ? [ ],
+ system,
+ }:
+ (lib.nixosSystem {
+ inherit system;
+ modules = [
+ ./cfgs/${name}
+ (
+ { pkgs, config, ... }:
+ {
+ config = {
+ nixpkgs.overlays = [ self.overlays.default ] ++ extraOverlays;
+ nix.settings = {
+ substituters = [
+ "https://dcompass.cachix.org"
+ "https://nix-community.cachix.org"
+ "https://lexuge.cachix.org"
+ ] ++ extraSubstituters;
+ trusted-public-keys = [
+ dcompass.publicKey
+ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+ self.publicKey
+ ] ++ extraPublicKeys;
+ trusted-users = [ "@wheel" ];
+ };
+ nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
+ nix.package = pkgs.nixVersions.latest;
+ };
+ }
+ )
+ ] ++ extraMods;
+ specialArgs = { inherit inputs; };
+ });
+ in
+ nixpkgs.lib.recursiveUpdate
+ rec {
+ # Use the default overlay to export all packages under ./pkgs
+ overlays = {
+ default =
+ final: prev:
+ (import ./pkgs {
+ inherit (prev) lib;
+ pkgs = prev;
+ overlay = true;
+ });
+ # NOTE: Currently not used, but put here as an example
+ pidgin = final: prev: {
+ pidgin-with-plugins = prev.pidgin.override {
+ plugins = [ prev.pidgin-otr ];
};
- nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
- nix.package = pkgs.nixVersions.latest;
};
- })
- ] ++ extraMods;
- specialArgs = { inherit inputs; };
- });
- in
- nixpkgs.lib.recursiveUpdate
- rec {
- # Use the default overlay to export all packages under ./pkgs
- overlays = {
- default = final: prev:
- (import ./pkgs {
- inherit (prev) lib;
- pkgs = prev;
- overlay = true;
- });
- };
+ };
- # Export modules under ./modules as NixOS modules
- nixosModules = (import ./modules { inherit lib; });
+ # Export modules under ./modules as NixOS modules
+ nixosModules = (import ./modules { inherit lib; });
- # Export system cfgs
- nixosConfigurations.x1c7 = mkSystem {
- name = "x1c7";
- # extraSubstituters = [ "https://nixbld.m-labs.hk" ];
- # extraPublicKeys = [ "nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc=" ];
- extraMods = [
- nixosModules.clash
- nixosModules.base
- nixosModules.disko
- nixosModules.lanzaboote
- nixosModules.uxplay
- nixosModules.home
- nixosModules.gnome-desktop
- nixosModules.dcompass
- nixosModules.sing-box
- nixosModules.timezone
- impermanence.nixosModules.impermanence
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- lanzaboote.nixosModules.lanzaboote
- agenix.nixosModules.age
- ];
- extraOverlays = [
- dcompass.overlays.default
- ash-emacs.overlays.emacs-overlay
- ash-emacs.overlays.default
- vimrc.overlays.default
- ];
- system = system.x86_64-linux;
- };
+ # Export system cfgs
+ nixosConfigurations.x1c7 = mkSystem {
+ name = "x1c7";
+ # extraSubstituters = [ "https://nixbld.m-labs.hk" ];
+ # extraPublicKeys = [ "nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc=" ];
+ extraMods = [
+ nixosModules.clash
+ nixosModules.base
+ nixosModules.disko
+ nixosModules.lanzaboote
+ nixosModules.uxplay
+ nixosModules.home
+ nixosModules.gnome-desktop
+ nixosModules.dcompass
+ nixosModules.sing-box
+ nixosModules.timezone
+ impermanence.nixosModules.impermanence
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ lanzaboote.nixosModules.lanzaboote
+ agenix.nixosModules.age
+ ];
+ extraOverlays = [
+ dcompass.overlays.default
+ ash-emacs.overlays.emacs-overlay
+ ash-emacs.overlays.default
+ vimrc.overlays.default
+ ];
+ system = system.x86_64-linux;
+ };
- diskoConfigurations = {
- deck = (import ./modules/disko/disk.nix { });
- x1c7 = (import ./modules/disko/disk.nix { });
- shards = (import ./cfgs/shards/disk-config.nix { });
- };
+ diskoConfigurations = {
+ deck = (import ./modules/disko/disk.nix { });
+ x1c7 = (import ./modules/disko/disk.nix { });
+ shards = (import ./cfgs/shards/disk-config.nix { });
+ };
- # Deploy using nixos-rebuild directly
- # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild
- nixosConfigurations.shards = mkSystem {
- name = "shards";
- extraMods = [
- disko.nixosModules.disko
- impermanence.nixosModules.impermanence
- agenix.nixosModules.age
- ];
- system = system.x86_64-linux;
- };
+ # Deploy using nixos-rebuild directly
+ # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild
+ nixosConfigurations.shards = mkSystem {
+ name = "shards";
+ extraMods = [
+ disko.nixosModules.disko
+ impermanence.nixosModules.impermanence
+ agenix.nixosModules.age
+ ];
+ system = system.x86_64-linux;
+ };
- # Deploy using nixos-rebuild directly
- # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild
- nixosConfigurations.deck = mkSystem {
- name = "deck";
- extraMods = [
- nixosModules.clash
- nixosModules.base
- nixosModules.disko
- nixosModules.lanzaboote
- nixosModules.home
- nixosModules.gnome-desktop
- nixosModules.dcompass
- nixosModules.sing-box
- nixosModules.timezone
- disko.nixosModules.disko
- nixosModules.steamdeck
- impermanence.nixosModules.impermanence
- home-manager.nixosModules.home-manager
- agenix.nixosModules.age
- lanzaboote.nixosModules.lanzaboote
- jovian.nixosModules.default
- ];
- extraOverlays = [
- dcompass.overlays.default
- ash-emacs.overlays.emacs-overlay
- ash-emacs.overlays.default
- vimrc.overlays.default
- ];
- system = system.x86_64-linux;
- };
+ # Deploy using nixos-rebuild directly
+ # https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment#deploy-through-nixos-rebuild
+ nixosConfigurations.deck = mkSystem {
+ name = "deck";
+ extraMods = [
+ nixosModules.clash
+ nixosModules.base
+ nixosModules.disko
+ nixosModules.lanzaboote
+ nixosModules.home
+ nixosModules.gnome-desktop
+ nixosModules.dcompass
+ nixosModules.sing-box
+ nixosModules.timezone
+ disko.nixosModules.disko
+ nixosModules.steamdeck
+ impermanence.nixosModules.impermanence
+ home-manager.nixosModules.home-manager
+ agenix.nixosModules.age
+ lanzaboote.nixosModules.lanzaboote
+ jovian.nixosModules.default
+ ];
+ extraOverlays = [
+ dcompass.overlays.default
+ ash-emacs.overlays.emacs-overlay
+ ash-emacs.overlays.default
+ vimrc.overlays.default
+ ];
+ system = system.x86_64-linux;
+ };
- nixosConfigurations.img-x1c7 = mkSystem {
- name = "img-x1c7";
- extraMods = [
- nixosModules.clash
- nixosModules.home
- nixosModules.base
- nixosModules.gnome-desktop
- nixosModules.dcompass
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- agenix.nixosModules.age
- "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
- ];
- extraOverlays = [
- dcompass.overlays.default
- ash-emacs.overlays.emacs-overlay
- ash-emacs.overlays.default
- vimrc.overlays.default
- ];
- system = system.x86_64-linux;
- };
+ nixosConfigurations.img-x1c7 = mkSystem {
+ name = "img-x1c7";
+ extraMods = [
+ nixosModules.clash
+ nixosModules.home
+ nixosModules.base
+ nixosModules.gnome-desktop
+ nixosModules.dcompass
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ agenix.nixosModules.age
+ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
+ ];
+ extraOverlays = [
+ dcompass.overlays.default
+ ash-emacs.overlays.emacs-overlay
+ ash-emacs.overlays.default
+ vimrc.overlays.default
+ ];
+ system = system.x86_64-linux;
+ };
- nixosConfigurations.img-deck = mkSystem {
- name = "img-deck";
- extraMods = [
- nixosModules.clash
- nixosModules.home
- nixosModules.base
- nixosModules.gnome-desktop
- nixosModules.dcompass
- nixosModules.steamdeck
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- agenix.nixosModules.age
- "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
- jovian.nixosModules.default
- ];
- extraOverlays = [
- dcompass.overlays.default
- ash-emacs.overlays.emacs-overlay
- ash-emacs.overlays.default
- vimrc.overlays.default
- ];
- system = system.x86_64-linux;
- };
+ nixosConfigurations.img-deck = mkSystem {
+ name = "img-deck";
+ extraMods = [
+ nixosModules.clash
+ nixosModules.home
+ nixosModules.base
+ nixosModules.gnome-desktop
+ nixosModules.dcompass
+ nixosModules.steamdeck
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ agenix.nixosModules.age
+ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
+ jovian.nixosModules.default
+ ];
+ extraOverlays = [
+ dcompass.overlays.default
+ ash-emacs.overlays.emacs-overlay
+ ash-emacs.overlays.default
+ vimrc.overlays.default
+ ];
+ system = system.x86_64-linux;
+ };
- # ISO image entry point
- imgs.x1c7 = nixosConfigurations.img-x1c7.config.system.build.isoImage;
- imgs.deck = nixosConfigurations.img-deck.config.system.build.isoImage;
+ # ISO image entry point
+ imgs.x1c7 = nixosConfigurations.img-x1c7.config.system.build.isoImage;
+ imgs.deck = nixosConfigurations.img-deck.config.system.build.isoImage;
- publicKey = "lexuge.cachix.org-1:RRFg8AxcexeBd33smnmcayMLU6r2wbVKbZHWtg2dKnY=";
- }
- (eachSystem [ system.x86_64-linux ] (system:
- let pkgs = nixpkgs.legacyPackages.${system}; in
- {
- # Other than overlay, we have packages independently declared in flake.
- packages = (import ./pkgs {
- inherit lib;
- pkgs = import nixpkgs {
- inherit system;
- overlays = [ self.overlays.default ];
- };
- });
+ publicKey = "lexuge.cachix.org-1:RRFg8AxcexeBd33smnmcayMLU6r2wbVKbZHWtg2dKnY=";
+ }
+ (
+ eachSystem [ system.x86_64-linux ] (
+ system:
+ let
+ pkgs = nixpkgs.legacyPackages.${system};
+ in
+ {
+ # Other than overlay, we have packages independently declared in flake.
+ packages = (
+ import ./pkgs {
+ inherit lib;
+ pkgs = import nixpkgs {
+ inherit system;
+ overlays = [ self.overlays.default ];
+ };
+ }
+ );
- # devShell used to launch agenix env.
- devShells.default = with import nixpkgs { inherit system; };
- mkShell {
- inherit (self.checks.${system}.pre-commit-check) shellHook;
- nativeBuildInputs = [ openssl agenix.packages.${system}.default nvfetcher.packages.${system}.default ];
- };
+ # devShell used to launch agenix env.
+ devShells.default =
+ with import nixpkgs { inherit system; };
+ mkShell {
+ inherit (self.checks.${system}.pre-commit-check) shellHook;
+ nativeBuildInputs = [
+ openssl
+ agenix.packages.${system}.default
+ nvfetcher.packages.${system}.default
+ ];
+ };
- checks = {
- pre-commit-check = pre-commit-hooks.lib.${system}.run {
- src = ./.;
- hooks = {
- nixpkgs-fmt.enable = true;
+ checks = {
+ pre-commit-check = pre-commit-hooks.lib.${system}.run {
+ src = ./.;
+ hooks = {
+ nixfmt-rfc-style.enable = true;
- shellcheck.enable = true;
- shfmt.enable = true;
+ shellcheck.enable = true;
+ shfmt.enable = true;
+ };
+ };
};
- };
- };
- apps = rec {
- update = utils.lib.mkApp {
- drv =
- pkgs.writeShellScriptBin "flake-update-nv" ''
- ${nvfetcher.packages.${system}.default}/bin/nvfetcher -c ./pkgs/nvfetcher.toml -o ./pkgs/_sources
- '';
- };
- default = update;
- };
- }));
+ apps = rec {
+ update = utils.lib.mkApp {
+ drv = pkgs.writeShellScriptBin "flake-update-nv" ''
+ ${nvfetcher.packages.${system}.default}/bin/nvfetcher -c ./pkgs/nvfetcher.toml -o ./pkgs/_sources
+ '';
+ };
+ default = update;
+ };
+ }
+ )
+ );
}
diff --git a/misc/dcompass_settings.nix b/misc/dcompass_settings.nix
index 660283e..8cb2215 100644
--- a/misc/dcompass_settings.nix
+++ b/misc/dcompass_settings.nix
@@ -1,15 +1,44 @@
-{ pkgs }: {
+{ pkgs }:
+{
cache_size = 1024;
upstreams = {
- domestic = { hybrid = [ "feic" "ali" "aliudp" ]; };
+ domestic = {
+ hybrid = [
+ "feic"
+ "ali"
+ "aliudp"
+ ];
+ };
- secure = { hybrid = [ "cloudflare" "google" "switch" "a-and-a" ]; };
+ secure = {
+ hybrid = [
+ "cloudflare"
+ "google"
+ "switch"
+ "a-and-a"
+ ];
+ };
- feic = { udp = { addr = "[240C::6666]:53"; }; };
+ feic = {
+ udp = {
+ addr = "[240C::6666]:53";
+ };
+ };
- aliudp = { udp = { addr = "223.5.5.6:53"; }; };
+ aliudp = {
+ udp = {
+ addr = "223.5.5.6:53";
+ };
+ };
- ali = { tls = { domain = "dns.alidns.com"; max_reuse = 100; reuse_timeout = 5000; addr = "223.6.6.6:853"; }; };
+ ali = {
+ tls = {
+ domain = "dns.alidns.com";
+ max_reuse = 100;
+ reuse_timeout = 5000;
+ addr = "223.6.6.6:853";
+ };
+ };
cloudflare = {
https = {
@@ -44,28 +73,29 @@
};
};
};
- script = ''pub async fn init() {
- let domain = Domain::new()
- // .add_file("${pkgs.chinalist}/google.china.raw.txt")?
- // .add_file("${pkgs.chinalist}/apple.china.raw.txt")?
- .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")?
- .add_qname("flibrary.info")?
- .seal();
+ script = ''
+ pub async fn init() {
+ let domain = Domain::new()
+ // .add_file("${pkgs.chinalist}/google.china.raw.txt")?
+ // .add_file("${pkgs.chinalist}/apple.china.raw.txt")?
+ .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")?
+ .add_qname("flibrary.info")?
+ .seal();
- Ok(#{"domain": Utils::Domain(domain)})
- }
+ Ok(#{"domain": Utils::Domain(domain)})
+ }
- pub async fn route(upstreams, inited, ctx, query) {
- if query.first_question?.qtype == "AAAA" { return blackhole(query); }
+ pub async fn route(upstreams, inited, ctx, query) {
+ if query.first_question?.qtype == "AAAA" { return blackhole(query); }
- if inited.domain.0.contains(query.first_question?.qname) {
- // query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?;
- upstreams.send_default("domestic", query).await
- } else {
- upstreams.send("secure", CacheMode::Standard, query).await
- }
- }
- '';
+ if inited.domain.0.contains(query.first_question?.qname) {
+ // query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?;
+ upstreams.send_default("domestic", query).await
+ } else {
+ upstreams.send("secure", CacheMode::Disabled, query).await
+ }
+ }
+ '';
address = "127.0.0.1:53";
verbosity = "warn";
}
diff --git a/modules/base/default.nix b/modules/base/default.nix
index d6504e9..1858a6a 100644
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
let
cfg = config.my.base;
@@ -16,34 +21,35 @@ in
};
};
- config = mkIf cfg.enable
- (
- {
- networking.hostName = cfg.hostname;
+ config = mkIf cfg.enable ({
+ networking.hostName = cfg.hostname;
- # Support NTFS
- boot.supportedFilesystems = [ "ntfs" ];
+ # Support NTFS
+ boot.supportedFilesystems = [ "ntfs" ];
- # Auto upgrade
- # system.autoUpgrade.enable = true;
+ # Auto upgrade
+ # system.autoUpgrade.enable = true;
- # deploy-rs doesn't play well with wheel passwords when deploying, better to disable it.
- security.sudo.wheelNeedsPassword = false;
+ # deploy-rs doesn't play well with wheel passwords when deploying, better to disable it.
+ security.sudo.wheelNeedsPassword = false;
- # Enable flake
- nix.extraOptions = ''
- experimental-features = nix-command flakes
- '';
+ # Enable flake
+ nix.extraOptions = ''
+ experimental-features = nix-command flakes
+ '';
- # Auto gc and optimise
- nix.optimise.automatic = true;
- nix.gc.automatic = false;
- nix.gc.options = "--delete-older-than 7d";
+ # Auto gc and optimise
+ nix.optimise.automatic = true;
+ nix.gc.automatic = false;
+ nix.gc.options = "--delete-older-than 7d";
- # Allow unfree packages
- nixpkgs.config.allowUnfree = true;
+ # Allow unfree packages
+ nixpkgs.config.allowUnfree = true;
- environment.systemPackages = with pkgs; [ wget coreutils-full git ];
- }
- );
+ environment.systemPackages = with pkgs; [
+ wget
+ coreutils-full
+ git
+ ];
+ });
}
diff --git a/modules/clash/default.nix b/modules/clash/default.nix
index 6fbab73..168ea62 100644
--- a/modules/clash/default.nix
+++ b/modules/clash/default.nix
@@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+ pkgs,
+ config,
+ lib,
+ ...
+}:
with lib;
@@ -13,11 +18,9 @@ let
helper = ''
ip46tables() {
iptables -w "$@"
- ${
- optionalString config.networking.enableIPv6 ''
- ip6tables -w "$@"
- ''
- }
+ ${optionalString config.networking.enableIPv6 ''
+ ip6tables -w "$@"
+ ''}
}
'';
@@ -85,36 +88,31 @@ let
clashUserName = mkOption {
type = types.str;
default = "clash";
- description =
- "The user who would run the clash proxy systemd service. User would be created automatically.";
+ description = "The user who would run the clash proxy systemd service. User would be created automatically.";
};
tproxyPort = mkOption {
type = types.port;
default = 7893;
- description =
- "Clash tproxy-port";
+ description = "Clash tproxy-port";
};
afterUnits = mkOption {
type = with types; listOf str;
default = [ ];
- description =
- "List of systemd units that need to be started after clash. Note this is placed in `before` parameter of clash's systemd config.";
+ description = "List of systemd units that need to be started after clash. Note this is placed in `before` parameter of clash's systemd config.";
};
requireUnits = mkOption {
type = with types; listOf str;
default = [ ];
- description =
- "List of systemd units that need to be required by clash.";
+ description = "List of systemd units that need to be required by clash.";
};
beforeUnits = mkOption {
type = with types; listOf str;
default = [ ];
- description =
- "List of systemd units that need to be started before clash. Note this is placed in `after` parameter of clash's systemd config.";
+ description = "List of systemd units that need to be started before clash. Note this is placed in `after` parameter of clash's systemd config.";
};
};
};
@@ -127,8 +125,7 @@ in
};
config = mkIf (cfg.enable) {
- environment.etc."clash/Country.mmdb".source =
- "${pkgs.maxmind-geoip}/Country.mmdb"; # Bring pre-installed geoip data into directory.
+ environment.etc."clash/Country.mmdb".source = "${pkgs.maxmind-geoip}/Country.mmdb"; # Bring pre-installed geoip data into directory.
environment.etc."clash/config.yaml".source = cfg.configPath;
# Yacd
@@ -168,15 +165,40 @@ in
networks.lo = {
# equivalent to matchConfig.Name = "lo";
name = "lo";
- routingPolicyRules = [{
- # Route all packets with firewallmark 1 (set by iptables in output chain) using table "100" which says go to loopback
- routingPolicyRuleConfig = { FirewallMark = 1; Table = 100; Priority = 100; };
- }
- { routingPolicyRuleConfig = { From = "::/0"; FirewallMark = 1; Table = 100; Priority = 100; }; }];
+ routingPolicyRules = [
+ {
+ # Route all packets with firewallmark 1 (set by iptables in output chain) using table "100" which says go to loopback
+ routingPolicyRuleConfig = {
+ FirewallMark = 1;
+ Table = 100;
+ Priority = 100;
+ };
+ }
+ {
+ routingPolicyRuleConfig = {
+ From = "::/0";
+ FirewallMark = 1;
+ Table = 100;
+ Priority = 100;
+ };
+ }
+ ];
routes = [
# Create a table that routes to loopback
- { routeConfig = { Table = 100; Destination = "0.0.0.0/0"; Type = "local"; }; }
- { routeConfig = { Table = 100; Destination = "::/0"; Type = "local"; }; }
+ {
+ routeConfig = {
+ Table = 100;
+ Destination = "0.0.0.0/0";
+ Type = "local";
+ };
+ }
+ {
+ routeConfig = {
+ Table = 100;
+ Destination = "::/0";
+ Type = "local";
+ };
+ }
];
};
};
@@ -200,8 +222,12 @@ in
# Don't intercept packets sent to any of the reserved IP addresses
# Otherwise all responses from clash to "local" application will be routed back to clash again
- ${concatStringsSep "\n" (map (addr: "iptables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv4Addrs)}
- ${concatStringsSep "\n" (map (addr: "ip6tables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv6Addrs)}
+ ${concatStringsSep "\n" (
+ map (addr: "iptables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv4Addrs
+ )}
+ ${concatStringsSep "\n" (
+ map (addr: "ip6tables -w -t mangle -A ${tag} -d ${addr} -j RETURN") reservedIPv6Addrs
+ )}
# Intercept all traffic to clash otherwise. Note by default TPROXY implies local IP which is desired.
ip46tables -t mangle -A ${tag} -p tcp -j TPROXY --on-port ${tproxyPortStr}
@@ -214,8 +240,12 @@ in
# Don't intercept local packets sent to any of the reserved IP addresses.
# Even this is not necessary, it eliminates the need to exempt these traffics in clash config and expedite the routing as otherwise these packets will be routed again.
- ${concatStringsSep "\n" (map (addr: "iptables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv4Addrs)}
- ${concatStringsSep "\n" (map (addr: "ip6tables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv6Addrs)}
+ ${concatStringsSep "\n" (
+ map (addr: "iptables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv4Addrs
+ )}
+ ${concatStringsSep "\n" (
+ map (addr: "ip6tables -w -t mangle -A ${tag_local} -d ${addr} -j RETURN") reservedIPv6Addrs
+ )}
# Don't forward package created by ${clashUserName}. Since after forwarding by clash the packets' owner would be changed to ${clashUserName}, this helps us to avoid dead loop in packet forwarding.
ip46tables -t mangle -A ${tag_local} -m owner --uid-owner ${clashUserName} -j RETURN
@@ -234,14 +264,17 @@ in
'';
in
{
- path = with pkgs; [ gnugrep iptables clash ];
+ path = with pkgs; [
+ gnugrep
+ iptables
+ clash
+ ];
description = "Clash networking service";
after = [ "network.target" ] ++ cfg.beforeUnits;
before = cfg.afterUnits;
requires = cfg.requireUnits;
wantedBy = [ "multi-user.target" ];
- script =
- "exec clash -d /etc/clash"; # We don't need to worry about whether /etc/clash is reachable in Live CD or not. Since it would never be execuated inside LiveCD.
+ script = "exec clash -d /etc/clash"; # We don't need to worry about whether /etc/clash is reachable in Live CD or not. Since it would never be execuated inside LiveCD.
# Don't start if the config file doesn't exist.
unitConfig = {
@@ -254,8 +287,7 @@ in
ExecStopPost = "+${postStopScript}";
# CAP_NET_BIND_SERVICE: Bind arbitary ports by unprivileged user.
# CAP_NET_ADMIN: Listen on UDP.
- AmbientCapabilities =
- "CAP_NET_BIND_SERVICE CAP_NET_ADMIN"; # We want additional capabilities upon a unprivileged user.
+ AmbientCapabilities = "CAP_NET_BIND_SERVICE CAP_NET_ADMIN"; # We want additional capabilities upon a unprivileged user.
User = clashUserName;
Restart = "on-failure";
};
diff --git a/modules/dcompass/default.nix b/modules/dcompass/default.nix
index f1f4e03..273d8c6 100644
--- a/modules/dcompass/default.nix
+++ b/modules/dcompass/default.nix
@@ -1,11 +1,15 @@
-{ lib, pkgs, config, ... }:
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
with lib;
let
cfg = config.my.dcompass;
- confFile =
- pkgs.writeText "dcompass-config.json" (generators.toJSON { } cfg.settings);
+ confFile = pkgs.writeText "dcompass-config.json" (generators.toJSON { } cfg.settings);
in
{
options.my.dcompass = {
diff --git a/modules/default.nix b/modules/default.nix
index f3890ca..60e16f7 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,17 +1,22 @@
{ lib }:
let
- listModulesRecursive = with builtins;
+ listModulesRecursive =
+ with builtins;
dir:
- (lib.lists.foldr (n: col: col // n) { } (lib.attrsets.mapAttrsToList
- (name: type:
- let path = dir + "/${name}";
- in if type == "directory" then
+ (lib.lists.foldr (n: col: col // n) { } (
+ lib.attrsets.mapAttrsToList (
+ name: type:
+ let
+ path = dir + "/${name}";
+ in
+ if type == "directory" then
if builtins.pathExists (path + "/default.nix") then
{ "${name}" = (import path); }
else
listModulesRecursive path
else
- { })
- (builtins.readDir dir)));
+ { }
+ ) (builtins.readDir dir)
+ ));
in
listModulesRecursive ./.
diff --git a/modules/disko/default.nix b/modules/disko/default.nix
index 0222b9b..c624ae4 100644
--- a/modules/disko/default.nix
+++ b/modules/disko/default.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
with lib;
diff --git a/modules/disko/disk.nix b/modules/disko/disk.nix
index 9adc457..f2562e1 100644
--- a/modules/disko/disk.nix
+++ b/modules/disko/disk.nix
@@ -1,4 +1,8 @@
-{ device ? "/dev/nvme0n1", ... }: {
+{
+ device ? "/dev/nvme0n1",
+ ...
+}:
+{
disk = {
nvme = {
type = "disk";
@@ -46,23 +50,38 @@
# Mountpoints now must be explicitly stated
"/persist" = {
mountpoint = "/persist";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/persist/home" = {
mountpoint = "/persist/home";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/nix" = {
mountpoint = "/nix";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/tmp" = {
mountpoint = "/tmp";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
"/.snapshots" = {
mountpoint = "/.snapshots";
- mountOptions = [ "compress=zstd" "noatime" ];
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
};
};
};
diff --git a/modules/gnome-desktop/default.nix b/modules/gnome-desktop/default.nix
index 40e0a74..fdae5c5 100644
--- a/modules/gnome-desktop/default.nix
+++ b/modules/gnome-desktop/default.nix
@@ -1,7 +1,14 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
-let cfg = config.my.gnome-desktop;
-in {
+let
+ cfg = config.my.gnome-desktop;
+in
+{
options.my.gnome-desktop = {
enable = mkOption {
type = types.bool;
@@ -41,11 +48,14 @@ in {
# Some of the GNOME Packages are unwanted
programs.geary.enable = false;
- environment.gnome.excludePackages = [
- pkgs.epiphany # GNOME Web
- ] ++ (with pkgs; [
- gnome-software
- gnome-characters
- ]) ++ cfg.extraExcludePackages;
+ environment.gnome.excludePackages =
+ [
+ pkgs.epiphany # GNOME Web
+ ]
+ ++ (with pkgs; [
+ gnome-software
+ gnome-characters
+ ])
+ ++ cfg.extraExcludePackages;
};
}
diff --git a/modules/home/default.nix b/modules/home/default.nix
index 561c939..f601535 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
with lib;
@@ -14,14 +19,14 @@ let
in
{
options.my.home = mkOption {
- type = with types;
+ type =
+ with types;
attrsOf (submodule {
options = {
extraPackages = mkOption {
type = with types; nullOr (listOf package);
default = null;
- description =
- "Extra packages to install for user ash.";
+ description = "Extra packages to install for user ash.";
};
extraDconf = mkOption {
@@ -37,7 +42,10 @@ in
emacsPackages = mkOption {
type = with types; listOf package;
default = with pkgs; [
- (hunspellWithDicts [ hunspellDicts.en-us hunspellDicts.en-us-large ])
+ (hunspellWithDicts [
+ hunspellDicts.en-us
+ hunspellDicts.en-us-large
+ ])
emacs-all-the-icons-fonts
ash-emacs
];
@@ -50,16 +58,20 @@ in
config.home-manager = {
users = mkMerge [
- (mkUserConfigs (n: c:
+ (mkUserConfigs (
+ n: c:
{ lib, ... }:
- let inherit (lib.hm.gvariant) mkTuple;
- in rec {
+ let
+ inherit (lib.hm.gvariant) mkTuple;
+ in
+ rec {
# Use system stateVersion;
home.stateVersion = config.system.stateVersion;
# Home-manager settings.
# User-layer packages
- home.packages = with pkgs;
+ home.packages =
+ with pkgs;
# c.emacsPackages ++ optionals (c.extraPackages != null) c.extraPackages ++ [ pkgs.nvim ];
optionals (c.extraPackages != null) c.extraPackages ++ [ pkgs.nvim ];
@@ -84,7 +96,9 @@ in
# GnuPG
gpg = {
enable = true;
- settings = { throw-keyids = false; };
+ settings = {
+ throw-keyids = false;
+ };
};
# Git
@@ -98,7 +112,9 @@ in
};
extraConfig = {
# To make sure Git don't complain about impermanence's bind mount.
- credential = { helper = "store --file=\"$HOME/.git_creds_dir/.git-credentials\""; };
+ credential = {
+ helper = "store --file=\"$HOME/.git_creds_dir/.git-credentials\"";
+ };
pull.ff = "only"; # Use fast-forward only for git pull.
};
};
@@ -127,70 +143,76 @@ in
};
# Setting GNOME Dconf settings
- dconf.settings = mkIf (gnomeEnable)
- (recursiveUpdate
- {
- # Input sources
- "org/gnome/desktop/input-sources".sources = map mkTuple [
- [ "xkb" "us" ]
- [ "ibus" "libpinyin" ]
- [ "ibus" "typing-booster" ]
- ];
- "com/github/libpinyin/ibus-libpinyin/libpinyin" = {
- # Don't suggest English words
- english-candidate = false;
- # Use comma and period to flip pages
- comma-period-page = true;
- # Don't use minus or equal to flip pages
- minus-equal-page = true;
- };
- # Touchpad settings
- "org/gnome/desktop/peripherals/touchpad" = {
- disable-while-typing = false;
- tap-to-click = true;
- two-finger-scrolling-enabled = true;
- };
- # Enable dynamic workspacing
- "org/gnome/mutter".dynamic-workspaces = true;
- # Don't show welcome-dialog
- "org/gnome/shell".welcome-dialog-last-shown-version = "9999999999";
- # Prefer dark mode
- "org/gnome/desktop/interface".color-scheme = "prefer-dark";
- # Don't suspend on power
- "org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type =
- "nothing";
- # Always show logout
- "org/gnome/shell".always-show-log-out = true;
- # Keybindings
- "org/gnome/settings-daemon/plugins/media-keys".custom-keybindings = [
- "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
+ dconf.settings = mkIf (gnomeEnable) (
+ recursiveUpdate {
+ # Input sources
+ "org/gnome/desktop/input-sources".sources = map mkTuple [
+ [
+ "xkb"
+ "us"
+ ]
+ [
+ "ibus"
+ "libpinyin"
+ ]
+ [
+ "ibus"
+ "typing-booster"
+ ]
+ ];
+ "com/github/libpinyin/ibus-libpinyin/libpinyin" = {
+ # Don't suggest English words
+ english-candidate = false;
+ # Use comma and period to flip pages
+ comma-period-page = true;
+ # Don't use minus or equal to flip pages
+ minus-equal-page = true;
+ };
+ # Touchpad settings
+ "org/gnome/desktop/peripherals/touchpad" = {
+ disable-while-typing = false;
+ tap-to-click = true;
+ two-finger-scrolling-enabled = true;
+ };
+ # Enable dynamic workspacing
+ "org/gnome/mutter".dynamic-workspaces = true;
+ # Don't show welcome-dialog
+ "org/gnome/shell".welcome-dialog-last-shown-version = "9999999999";
+ # Prefer dark mode
+ "org/gnome/desktop/interface".color-scheme = "prefer-dark";
+ # Don't suspend on power
+ "org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type = "nothing";
+ # Always show logout
+ "org/gnome/shell".always-show-log-out = true;
+ # Keybindings
+ "org/gnome/settings-daemon/plugins/media-keys".custom-keybindings = [
+ "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
+ ];
+ "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
+ binding = "Return";
+ command = "kgx";
+ name = "Open Terminal";
+ };
+ "org/gnome/desktop/wm/keybindings" = {
+ close = [ "q" ];
+ show-desktop = [ "d" ];
+ toggle-fullscreen = [ "f" ];
+ };
+ # Favorite apps
+ "org/gnome/shell" = {
+ favorite-apps = lists.flatten [
+ (if (builtins.elem pkgs.firefox-wayland home.packages) then [ "firefox.desktop" ] else [ ])
+ (if (builtins.elem pkgs.tdesktop home.packages) then [ "org.telegram.desktop.desktop" ] else [ ])
+ "org.gnome.Nautilus.desktop"
+ "org.gnome.Terminal.desktop"
+ # "emacs.desktop"
];
- "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" =
- {
- binding = "Return";
- command = "kgx";
- name = "Open Terminal";
- };
- "org/gnome/desktop/wm/keybindings" = {
- close = [ "q" ];
- show-desktop = [ "d" ];
- toggle-fullscreen = [ "f" ];
- };
- # Favorite apps
- "org/gnome/shell" = {
- favorite-apps = lists.flatten [
- (if (builtins.elem pkgs.firefox-wayland home.packages) then [ "firefox.desktop" ] else [ ])
- (if (builtins.elem pkgs.tdesktop home.packages) then [ "org.telegram.desktop.desktop" ] else [ ])
- "org.gnome.Nautilus.desktop"
- "org.gnome.Terminal.desktop"
- # "emacs.desktop"
- ];
- };
- # Timezone and location
- # "org/gnome/desktop/datetime".automatic-timezone = true;
- "org/gnome/system/location".enabled = true;
- }
- c.extraDconf);
+ };
+ # Timezone and location
+ # "org/gnome/desktop/datetime".automatic-timezone = true;
+ "org/gnome/system/location".enabled = true;
+ } c.extraDconf
+ );
# Configure uniform UI for QT apps.
qt = {
@@ -203,17 +225,23 @@ in
};
# Handwritten configs
- home.file = ({
- ".config/gtk-3.0/settings.ini".source = gtkSettings;
- # ".emacs.d/init.el".source = "${pkgs.ash-emacs-source}/init.el";
- # ".emacs.d/elisp/".source = "${pkgs.ash-emacs-source}/elisp";
- } // c.extraFiles);
- }))
-
- (mkUserConfigs (n: c: {
- # GNOME and other wayland DEs use systemd sessionvariables to launch GUI apps. Therefore, it's necessary to set it.
- systemd.user.sessionVariables = config.home-manager.users.${n}.home.sessionVariables;
- }))
+ home.file = (
+ {
+ ".config/gtk-3.0/settings.ini".source = gtkSettings;
+ # ".emacs.d/init.el".source = "${pkgs.ash-emacs-source}/init.el";
+ # ".emacs.d/elisp/".source = "${pkgs.ash-emacs-source}/elisp";
+ }
+ // c.extraFiles
+ );
+ }
+ ))
+
+ (mkUserConfigs (
+ n: c: {
+ # GNOME and other wayland DEs use systemd sessionvariables to launch GUI apps. Therefore, it's necessary to set it.
+ systemd.user.sessionVariables = config.home-manager.users.${n}.home.sessionVariables;
+ }
+ ))
];
useGlobalPkgs = true;
};
diff --git a/modules/lanzaboote/default.nix b/modules/lanzaboote/default.nix
index 113136f..1b617c3 100644
--- a/modules/lanzaboote/default.nix
+++ b/modules/lanzaboote/default.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
with lib;
diff --git a/modules/sing-box/default.nix b/modules/sing-box/default.nix
index bad86d5..67b9abf 100644
--- a/modules/sing-box/default.nix
+++ b/modules/sing-box/default.nix
@@ -1,6 +1,9 @@
{ config, lib, ... }:
with lib;
-let cfg = config.my.sing-box; in {
+let
+ cfg = config.my.sing-box;
+in
+{
options.my.sing-box = {
enable = mkEnableOption "sing-box module including related systemd and networking setups";
settings = mkOption {
diff --git a/modules/steamdeck/default.nix b/modules/steamdeck/default.nix
index 5080384..4fd291d 100644
--- a/modules/steamdeck/default.nix
+++ b/modules/steamdeck/default.nix
@@ -1,7 +1,14 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
with lib;
-let cfg = config.my.steamdeck;
-in {
+let
+ cfg = config.my.steamdeck;
+in
+{
options.my.steamdeck = {
enable = mkOption {
type = types.bool;
@@ -24,9 +31,9 @@ in {
jovian.devices.steamdeck.enable = true;
# Sounds are set up by Jovian NixOS
- hardware.pulseaudio.enable = lib.mkIf
- (config.jovian.devices.steamdeck.enableSoundSupport && config.services.pipewire.enable)
- (lib.mkForce false);
+ hardware.pulseaudio.enable = lib.mkIf (
+ config.jovian.devices.steamdeck.enableSoundSupport && config.services.pipewire.enable
+ ) (lib.mkForce false);
})
(mkIf (cfg.enable && cfg.steam.enable) {
jovian.steam = {
diff --git a/modules/timezone/default.nix b/modules/timezone/default.nix
index 3970d16..e9c1791 100644
--- a/modules/timezone/default.nix
+++ b/modules/timezone/default.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
with lib;
@@ -21,7 +26,10 @@ in
description = "activate persisted timezone";
# From `man systemd.special`:
# netowrk-pre.target: This passive target unit may be pulled in by services that want to run before any network is set up
- wantedBy = [ "multi-user.target" "network-pre.target" ];
+ wantedBy = [
+ "multi-user.target"
+ "network-pre.target"
+ ];
serviceConfig = {
Type = "oneshot";
diff --git a/modules/uxplay/default.nix b/modules/uxplay/default.nix
index b176267..266fda7 100644
--- a/modules/uxplay/default.nix
+++ b/modules/uxplay/default.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
with lib;
@@ -20,7 +25,15 @@ in
# If the -p option is not used, the ports are chosen dynamically (randomly), which will not work if a firewall is running.
# These are the default ports for "-p"
- networking.firewall.allowedUDPPorts = [ 7011 6001 6000 ];
- networking.firewall.allowedTCPPorts = [ 7100 7000 7001 ];
+ networking.firewall.allowedUDPPorts = [
+ 7011
+ 6001
+ 6000
+ ];
+ networking.firewall.allowedTCPPorts = [
+ 7100
+ 7000
+ 7001
+ ];
};
}
diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json
index 550da74..dd9982b 100644
--- a/pkgs/_sources/generated.json
+++ b/pkgs/_sources/generated.json
@@ -1,7 +1,7 @@
{
"chinalist": {
"cargoLocks": null,
- "date": "2024-06-13",
+ "date": "2024-12-16",
"extract": null,
"name": "chinalist",
"passthru": null,
@@ -13,12 +13,12 @@
"name": null,
"owner": "felixonmars",
"repo": "dnsmasq-china-list",
- "rev": "9988820dcbb7d7911bb6449ffe119859e91cb2c7",
- "sha256": "sha256-Ym0Z1I6beSBW+G55NARCGzUOSEH0rApZVVR6fb6Cxk4=",
+ "rev": "c2b64540aef8260d53e15b42f16961a57486ba85",
+ "sha256": "sha256-QYPvVynRkphrI7QjzSnqAnZ+T6X2CyukQXStiBKV2CA=",
"sparseCheckout": [],
"type": "github"
},
- "version": "9988820dcbb7d7911bb6449ffe119859e91cb2c7"
+ "version": "c2b64540aef8260d53e15b42f16961a57486ba85"
},
"maxmind-geoip": {
"cargoLocks": null,
@@ -29,11 +29,11 @@
"pinned": false,
"src": {
"name": null,
- "sha256": "sha256-uLXdQUrhBZC7av5MWvlVC0W8UQBWDsYhdmKwKEfOQfk=",
+ "sha256": "sha256-SOHiaTiyJTUuya+NCOxnLXdGBuABtIy6c7hRYalmEPw=",
"type": "url",
- "url": "https://github.com/Dreamacro/maxmind-geoip/releases/download/20240612/Country.mmdb"
+ "url": "https://github.com/Dreamacro/maxmind-geoip/releases/download/20241212/Country.mmdb"
},
- "version": "20240612"
+ "version": "20241212"
},
"proton-ge": {
"cargoLocks": null,
@@ -43,11 +43,11 @@
"passthru": null,
"pinned": false,
"src": {
- "sha256": "sha256-/FXdyPuCe6rD5HoMOHPVlwRXu3DMJ3lEOnRloYZMA8s=",
+ "sha256": "sha256-WNOl0pu3xcEObxSK054u4e3hTWtA/51mH25uQih0+a0=",
"type": "tarball",
- "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-7/GE-Proton9-7.tar.gz"
+ "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-21/GE-Proton9-21.tar.gz"
},
- "version": "GE-Proton9-7"
+ "version": "GE-Proton9-21"
},
"upnote": {
"cargoLocks": null,
@@ -62,7 +62,7 @@
"type": "url",
"url": "https://upnote.sfo3.cdn.digitaloceanspaces.com/UpNote.AppImage"
},
- "version": "9.4.4"
+ "version": "9.7.2"
},
"yacd": {
"cargoLocks": null,
diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix
index cd02d67..abae517 100644
--- a/pkgs/_sources/generated.nix
+++ b/pkgs/_sources/generated.nix
@@ -1,37 +1,42 @@
# This file was generated by nvfetcher, please do not modify it manually.
-{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }:
+{
+ fetchgit,
+ fetchurl,
+ fetchFromGitHub,
+ dockerTools,
+}:
{
chinalist = {
pname = "chinalist";
- version = "9988820dcbb7d7911bb6449ffe119859e91cb2c7";
+ version = "c2b64540aef8260d53e15b42f16961a57486ba85";
src = fetchFromGitHub {
owner = "felixonmars";
repo = "dnsmasq-china-list";
- rev = "9988820dcbb7d7911bb6449ffe119859e91cb2c7";
+ rev = "c2b64540aef8260d53e15b42f16961a57486ba85";
fetchSubmodules = false;
- sha256 = "sha256-Ym0Z1I6beSBW+G55NARCGzUOSEH0rApZVVR6fb6Cxk4=";
+ sha256 = "sha256-QYPvVynRkphrI7QjzSnqAnZ+T6X2CyukQXStiBKV2CA=";
};
- date = "2024-06-13";
+ date = "2024-12-16";
};
maxmind-geoip = {
pname = "maxmind-geoip";
- version = "20240612";
+ version = "20241212";
src = fetchurl {
- url = "https://github.com/Dreamacro/maxmind-geoip/releases/download/20240612/Country.mmdb";
- sha256 = "sha256-uLXdQUrhBZC7av5MWvlVC0W8UQBWDsYhdmKwKEfOQfk=";
+ url = "https://github.com/Dreamacro/maxmind-geoip/releases/download/20241212/Country.mmdb";
+ sha256 = "sha256-SOHiaTiyJTUuya+NCOxnLXdGBuABtIy6c7hRYalmEPw=";
};
};
proton-ge = {
pname = "proton-ge";
- version = "GE-Proton9-7";
+ version = "GE-Proton9-21";
src = fetchTarball {
- url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-7/GE-Proton9-7.tar.gz";
- sha256 = "sha256-/FXdyPuCe6rD5HoMOHPVlwRXu3DMJ3lEOnRloYZMA8s=";
+ url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-21/GE-Proton9-21.tar.gz";
+ sha256 = "sha256-WNOl0pu3xcEObxSK054u4e3hTWtA/51mH25uQih0+a0=";
};
};
upnote = {
pname = "upnote";
- version = "9.4.4";
+ version = "9.7.2";
src = fetchurl {
url = "https://upnote.sfo3.cdn.digitaloceanspaces.com/UpNote.AppImage";
sha256 = "sha256-r0BAoJy+UHVE0kHsY0WJYAOwNoFTza0pVkEKpvkZbCI=";
diff --git a/pkgs/apps/upnote/default.nix b/pkgs/apps/upnote/default.nix
index 3c344ce..f248432 100644
--- a/pkgs/apps/upnote/default.nix
+++ b/pkgs/apps/upnote/default.nix
@@ -1,4 +1,8 @@
-{ source, lib, appimageTools }:
+{
+ source,
+ lib,
+ appimageTools,
+}:
let
appimageContents = appimageTools.extractType2 {
diff --git a/pkgs/data/chinalist/default.nix b/pkgs/data/chinalist/default.nix
index 3efe2dd..bc41b99 100644
--- a/pkgs/data/chinalist/default.nix
+++ b/pkgs/data/chinalist/default.nix
@@ -1,9 +1,19 @@
-{ source, lib, stdenv, fetchFromGitHub, format ? "raw", server ? "china" }:
+{
+ source,
+ lib,
+ stdenv,
+ fetchFromGitHub,
+ format ? "raw",
+ server ? "china",
+}:
stdenv.mkDerivation rec {
inherit (source) pname version src;
- makeFlags = [ format "SERVER=${server}" ];
+ makeFlags = [
+ format
+ "SERVER=${server}"
+ ];
installPhase = ''
mkdir $out
@@ -11,8 +21,7 @@ stdenv.mkDerivation rec {
'';
meta = with lib; {
- description =
- "Chinese-specific configuration to improve your favorite DNS server.";
+ description = "Chinese-specific configuration to improve your favorite DNS server.";
longDescription = ''
Chinese-specific configuration to improve your favorite DNS server. Best partner for chnroutes.
'';
diff --git a/pkgs/data/maxmind-geoip/default.nix b/pkgs/data/maxmind-geoip/default.nix
index b1656e1..c431cf2 100644
--- a/pkgs/data/maxmind-geoip/default.nix
+++ b/pkgs/data/maxmind-geoip/default.nix
@@ -1,4 +1,9 @@
-{ source, lib, stdenv, fetchurl }:
+{
+ source,
+ lib,
+ stdenv,
+ fetchurl,
+}:
stdenv.mkDerivation rec {
inherit (source) pname version src;
diff --git a/pkgs/default.nix b/pkgs/default.nix
index feca72c..fa47656 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,17 +1,32 @@
-{ lib, pkgs, overlay ? false }:
+{
+ lib,
+ pkgs,
+ overlay ? false,
+}:
let
# All source files generated by nvfetcher
- sources = (import ./_sources/generated.nix) { inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools; };
+ sources = (import ./_sources/generated.nix) {
+ inherit (pkgs)
+ fetchurl
+ fetchgit
+ fetchFromGitHub
+ dockerTools
+ ;
+ };
ignoredPkgs = [
"proton-ge"
];
- listPackageRecursive = with builtins;
+ listPackageRecursive =
+ with builtins;
dir:
- (lib.lists.foldr (n: col: col // n) { } (lib.attrsets.mapAttrsToList
- (name: type:
- let path = dir + "/${name}";
- in if type == "directory" then
- # Ignore broken packages
+ (lib.lists.foldr (n: col: col // n) { } (
+ lib.attrsets.mapAttrsToList (
+ name: type:
+ let
+ path = dir + "/${name}";
+ in
+ if type == "directory" then
+ # Ignore broken packages
if (builtins.pathExists (path + "/default.nix")) && !(lib.lists.any (p: p == name) ignoredPkgs) then
if overlay then
{ "${name}" = (pkgs.callPackage path { source = sources.${name}; }); }
@@ -20,7 +35,8 @@ let
else
listPackageRecursive path
else
- { })
- (builtins.readDir dir)));
+ { }
+ ) (builtins.readDir dir)
+ ));
in
listPackageRecursive ./.
diff --git a/pkgs/tools/proton-ge/default.nix b/pkgs/tools/proton-ge/default.nix
index a6381c1..8d4fb3e 100644
--- a/pkgs/tools/proton-ge/default.nix
+++ b/pkgs/tools/proton-ge/default.nix
@@ -1,4 +1,8 @@
-{ lib, stdenv, source }:
+{
+ lib,
+ stdenv,
+ source,
+}:
stdenv.mkDerivation rec {
inherit (source) pname src version;
diff --git a/pkgs/tools/yacd/default.nix b/pkgs/tools/yacd/default.nix
index 038d72d..554cac6 100644
--- a/pkgs/tools/yacd/default.nix
+++ b/pkgs/tools/yacd/default.nix
@@ -1,4 +1,9 @@
-{ source, lib, fetchzip, stdenv }:
+{
+ source,
+ lib,
+ fetchzip,
+ stdenv,
+}:
stdenv.mkDerivation rec {
inherit (source) pname version src;