max/config
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: max:master
Branches Tags
max:master
max:d2n-bug-98ca5ea
max:gnome-42-alpha
..
compare: max:d2n-bug-98ca5ea
Branches Tags
max:master
max:d2n-bug-98ca5ea
max:gnome-42-alpha

1 commit
master ... d2n-bug-98

Author SHA1 Message Date
Max
7bb46b1471 flake.lock: Update 
Flake lock file updates:

• Updated input 'dream2nix':
    'github:nix-community/dream2nix/28b890821fb82f2918b5a6ec49dff4bfebaba108' (2022-03-28)
  → 'github:nix-community/dream2nix/98ca5ea9bca45e99f20042f135ee90b500d2c192' (2022-03-28)
 2022-03-29 20:38:08 +02:00
141 changed files with 24406 additions and 10769 deletions
Show stats Expand all files Collapse all files

9
config/zsh/prompt.zsh
View file

@ -49,15 +49,10 @@ delta_prompt_init() {
hostnamevar='%m' hostnamevar='%m'
fi fi
local dirdisplay="%c"
if [[ -n $HOVER_HOME ]]; then
dirdisplay="[ %c ]"
fi
if [[ -n $SSH_CONNECTION ]]; then if [[ -n $SSH_CONNECTION ]]; then
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$hostnamevar $dirdisplay >%f " PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$hostnamevar %c >%f "
else else
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$dirdisplay >%f " PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}%c >%f "
fi fi
zstyle ':vcs_info:*' enable git zstyle ':vcs_info:*' enable git

1168
flake.lock
View file

File diff suppressed because it is too large Load diff

54
flake.nix
View file

@ -4,46 +4,43 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nix-super.url = "gitlab:max/nix-super?host=git.privatevoid.net"; nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
nix-super.inputs.nixpkgs.follows = "nixpkgs";
modular-nvim.url = "git+https://git.privatevoid.net/max/modular-neovim-prototype";
modular-nvim.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/master"; home-manager.url = "github:nix-community/home-manager/master";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nix-crx.url = "git+https://git.privatevoid.net/max/nix-crx.git"; nix-crx.url = "git+https://git.privatevoid.net/max/nix-crx";
nix-crx.inputs.nixpkgs.follows = "nixpkgs"; nix-crx.inputs.nixpkgs.follows = "nixpkgs";
nix-vsx.url = "git+https://git.privatevoid.net/max/nix-vsx";
nix-vsx.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.inputs.naersk.follows = "naersk";
# re-pin naersk to fix deprecation warning in deploy-rs
naersk.url = "github:nmattia/naersk/master";
naersk.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
helix.url = "github:helix-editor/helix"; helix.url = "git+https://git.privatevoid.net/max/helix";
helix.inputs = { helix.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.follows = "nixpkgs";
};
kernel-clr = { url = "github:clearlinux-pkgs/linux"; flake = false; }; kernel-clr = { url = "github:clearlinux-pkgs/linux"; flake = false; };
dream2nix.url = "github:nix-community/dream2nix"; dream2nix.url = "github:nix-community/dream2nix";
dream2nix.inputs.nixpkgs.follows = "nixpkgs"; dream2nix.inputs.nixpkgs.follows = "nixpkgs";
nixpak.url = "github:nixpak/nixpak"; shinobi = { url = "gitlab:Shinobi-Systems/Shinobi/dashboard-v3"; flake = false; };
nixpak.inputs.nixpkgs.follows = "nixpkgs";
nil.url = "github:oxalica/nil";
nil.inputs.nixpkgs.follows = "nixpkgs";
hyprspace.url = "github:hyprspace/hyprspace";
hyprspace.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.url = "github:nix-community/lanzaboote";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, home-manager, nixos-hardware, ... }@inputs: outputs = { self, nixpkgs, home-manager, nixos-hardware, ... }@inputs:
let let
@ -51,7 +48,6 @@
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
config.allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) (import ./packages/unfree.nix);
}; };
deploy-rs-lib = inputs.deploy-rs.lib.${system}; deploy-rs-lib = inputs.deploy-rs.lib.${system};
@ -74,14 +70,14 @@
deploy.nodes = with deploy-rs-lib; { deploy.nodes = with deploy-rs-lib; {
TITAN = { TITAN = {
hostname = "titan.hyprspace"; hostname = "titan.hypr";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos self.nixosConfigurations.TITAN; path = activate.nixos self.nixosConfigurations.TITAN;
}; };
}; };
jericho = { jericho = {
hostname = "jericho.hyprspace"; hostname = "jericho.hypr";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos self.nixosConfigurations.jericho; path = activate.nixos self.nixosConfigurations.jericho;
@ -105,14 +101,10 @@
homeConfigurations = { homeConfigurations = {
max = inputs.home-manager.lib.homeManagerConfiguration { max = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs; inherit system;
modules = [ homeDirectory = "/home/max";
{ username = "max";
home.homeDirectory = "/home/max"; configuration.imports = [ ./users/max/home.nix ];
home.username = "max";
}
./users/max/home.nix
];
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs; };
}; };
}; };

6
hosts/TITAN/default.nix
View file

@ -4,12 +4,10 @@ tools: {
extraHostNames = clientResolve "titan"; extraHostNames = clientResolve "titan";
}; };
hyprspace = { hypr = {
id = "QmfJ5Tv2z9jFv9Aocevyn6QqRcfm9eYQZhvYvmAVfACfuM"; id = "QmfJ5Tv2z9jFv9Aocevyn6QqRcfm9eYQZhvYvmAVfACfuM";
addr = "10.100.3.7";
listenPort = 443; listenPort = 443;
routes = [
"10.0.0.0/24"
];
}; };
nixos = import ./system.nix; nixos = import ./system.nix;

39
hosts/TITAN/extras/attic-upload-daemon.nix
View file

@ -1,39 +0,0 @@
{ config, pkgs, inputs, ... }:
let
toml = pkgs.formats.toml {};
atticConfig = toml.generate "attic-upload-config.toml" {
default-server = "cache";
servers.cache.endpoint = "https://cache-api.privatevoid.net";
};
inherit (inputs.attic.packages.${pkgs.system}) attic;
in
{
age.secrets.attic-upload-key = {
file = ../../../secrets/attic-upload-key.age;
mode = "0400";
};
systemd.services.attic-upload = {
description = "Attic Uploader";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ config.nix.package ];
environment.XDG_CONFIG_HOME = "/tmp/attic-upload";
preStart = ''
install -dm700 "$XDG_CONFIG_HOME/attic"
cp --no-preserve=mode ${atticConfig} "$XDG_CONFIG_HOME/attic/config.toml"
echo "token = \"$ATTIC_TOKEN\"" >> "$XDG_CONFIG_HOME/attic/config.toml"
'';
serviceConfig = {
ExecStart = "${attic}/bin/attic watch-store nix-store";
Restart = "always";
RestartSec = "10s";
DynamicUser = true;
EnvironmentFile = config.age.secrets.attic-upload-key.path;
};
};
}

21
hosts/TITAN/extras/cachix-upload-daemon.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
age.secrets.cachix-upload-key = {
file = ../../../secrets/cachix-upload-key.age;
mode = "0400";
};
systemd.services.cachix-upload = {
description = "Cachix Uploader";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
path = [ config.nix.package ];
serviceConfig = {
ExecStart = "${pkgs.cachix}/bin/cachix watch-store max";
Restart = "always";
DynamicUser = true;
EnvironmentFile = config.age.secrets.cachix-upload-key.path;
};
};
}

45
hosts/TITAN/extras/fbi-downloader.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, ... }:
{ {
age.secrets = { age.secrets = {
@ -6,6 +6,10 @@
file = ../../../secrets/transmission-rpc-password.age; file = ../../../secrets/transmission-rpc-password.age;
mode = "0400"; mode = "0400";
}; };
wireguard-key-upload = {
file = ../../../secrets/wireguard-key-upload.age;
mode = "0400";
};
}; };
users.groups.mediamanagers = { users.groups.mediamanagers = {
@ -17,9 +21,8 @@
enable = true; enable = true;
group = "mediamanagers"; group = "mediamanagers";
settings = { settings = {
download-dir = "/srv/data/download"; download-dir = "/srv/data/DOWNLOAD";
incomplete-dir = "/srv/data/download/.incomplete"; incomplete-dir = "/srv/data/DOWNLOAD/.incomplete";
incomplete-dir-enabled = false;
# being a leech # being a leech
speed-limit-up = 20; speed-limit-up = 20;
@ -31,13 +34,41 @@
utp-enabled = false; utp-enabled = false;
rpc-bind-address = "0.0.0.0"; rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,::1,10.100.0.1,10.100.0.*,10.100.1.*,10.100.3.*,100.64.*.*"; rpc-whitelist = "127.0.0.1,::1,10.100.0.1,10.100.0.*,10.100.1.*,10.100.3.*";
rpc-authentication-required = true; rpc-authentication-required = true;
}; };
credentialsFile = config.age.secrets.transmission-rpc-password.path; credentialsFile = config.age.secrets.transmission-rpc-password.path;
}; };
systemd.services.transmission = {
after = [ "mnt-media\\x2duploads.mount" ];
unitConfig = {
RequiresMountsFor = [ "/mnt/media-uploads" ];
};
serviceConfig = {
BindPaths = [ "/mnt/media-uploads" ];
};
};
networking.firewall.interfaces.tungsten.allowedTCPPorts = [ 9091 ]; networking.firewall.interfaces.tungsten.allowedTCPPorts = [ 9091 ];
networking.wireguard = {
services.hyprspace.settings.services.fbi-download = "/tcp/${toString config.services.transmission.settings.rpc-port}"; enable = true;
interfaces.wgupload = {
ips = [ "10.150.0.2/24" ];
privateKeyFile = config.age.secrets.wireguard-key-upload.path;
allowedIPsAsRoutes = true;
peers = [
{
publicKey = "apKXnlMtcOe8WqCVXJAXEjzppN+qTmESlt0NjMTaclQ=";
allowedIPs = [ "10.150.0.0/24" ];
endpoint = "116.202.226.86:6969";
}
];
};
};
fileSystems."/mnt/media-uploads" = {
device = "10.150.0.254:/mnt/storage/media/media/uploads";
fsType = "nfs4";
noCheck = true;
options = [ "rsize=1024" "wsize=1024" "x-systemd.after=wireguard-wgupload.service" "x-systemd.mount-timeout=10s" ];
};
} }

9
hosts/TITAN/extras/nvidia-ml.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
services.xserver.videoDrivers = lib.mkOptionDefault [ "nvidia" ];
hardware.nvidia = {
nvidiaPersistenced = true;
open = false;
};
}

64
hosts/TITAN/extras/shinobi.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, inputs, pkgs, ... }:
let
dataDir = "/srv/data/SHINOBI/shinobi";
shinobiConfigJson = builtins.toJSON {
ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg";
port = 38080;
db = {
host = "127.0.0.1";
port = 3306;
user = "majesticflame";
database = "ccio";
};
};
configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson;
secretFile = config.age.secrets.shinobi-secrets.path;
inherit (inputs.self.packages.${pkgs.system}) shinobi;
in
{
age.secrets.shinobi-secrets = {
file = ../../../secrets/shinobi-secrets.age;
owner = "shinobi";
group = "shinobi";
mode = "0400";
};
services.mysql = {
enable = true;
settings.mysqld.bind-address = "127.0.0.1";
package = pkgs.mariadb;
dataDir = "/srv/data/DB/mariadb";
};
users.users.shinobi = {
isSystemUser = true;
group = "shinobi";
};
users.groups.shinobi = {};
systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ];
systemd.services.shinobi = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.nodejs-14_x ];
preStart = ''
${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json
'';
serviceConfig = {
WorkingDirectory = dataDir;
User = "shinobi";
ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi";
KillSignal = "HUP";
OOMPolicy = "continue";
Restart = "on-abnormal";
RestartSec = "5s";
};
environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules";
};
networking.firewall.allowedTCPPorts = [ 38080 ];
}

9
hosts/TITAN/extras/vendor-reset.nix
View file

@ -1,9 +0,0 @@
{ config, ... }:
{
boot.extraModulePackages = [
config.boot.kernelPackages.vendor-reset
];
boot.initrd.kernelModules = [ "vendor-reset" ];
}

15
hosts/TITAN/hardware-configuration.nix
View file

@ -13,19 +13,11 @@
"usbhid" "usbhid"
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
"dm_cache_smq"
"dm_persistent_data"
"dm_bio_prison"
"dm_bufio"
"amdgpu"
"ddcci_backlight"
]; ];
boot.initrd.kernelModules = [ "dm_cache" ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
services.lvm.boot.thin.enable = true;
fileSystems."/" = { fileSystems."/" = {
device = "tmprootfs"; device = "tmprootfs";
fsType = "tmpfs"; fsType = "tmpfs";
@ -39,9 +31,8 @@
}; };
fileSystems."/srv/data" = { fileSystems."/srv/data" = {
device = "/dev/mapper/tank-shelf"; device = "/dev/disk/by-label/butter";
fsType = "xfs"; fsType = "btrfs";
neededForBoot = true;
}; };
fileSystems."/nix" = { fileSystems."/nix" = {

32
hosts/TITAN/system.nix
View file

@ -1,14 +1,13 @@
{ config, lib, pkgs, aspect, inputs, hosts, ... }: { config, pkgs, aspect, inputs, hosts, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./extras/attic-upload-daemon.nix ./extras/cachix-upload-daemon.nix
./extras/ddcci-backlight.nix ./extras/ddcci-backlight.nix
./extras/fbi-downloader.nix ./extras/fbi-downloader.nix
./extras/nvidia-ml.nix ./extras/shinobi.nix
./extras/vendor-reset.nix
(import ../../users "desktop").users.max (import ../../users "desktop").users.max
inputs.agenix.nixosModules.age inputs.agenix.nixosModules.age
] ]
@ -24,11 +23,11 @@
prowlarr prowlarr
]); ]);
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_6_6;
networking.hostName = "TITAN"; networking.hostName = "TITAN";
time.timeZone = "Europe/Vienna"; time.timeZone = "Europe/Vienna";
@ -39,31 +38,18 @@
keyMap = "de"; keyMap = "de";
}; };
services.xserver.xkb.layout = "de"; services.xserver.layout = "de";
services.xserver.libinput.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
system.stateVersion = "22.05"; system.stateVersion = "20.09";
services.fstrim.enable = true; services.fstrim.enable = true;
users.mutableUsers = false; users.mutableUsers = false;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
services.xserver.displayManager.gdm.autoSuspend = false;
boot.tmp = {
useTmpfs = true;
tmpfsSize = "75%";
};
networking.nat = {
enable = true;
externalInterface = "enp24s0";
internalIPs = [
"100.64.0.0/16"
];
};
} }

52
hosts/default.nix
View file

@ -12,60 +12,32 @@ in with tools.dns; {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
extraHostNames = subResolve "vegas" "backbone"; extraHostNames = subResolve "vegas" "backbone";
}; };
hyprspace = { hypr = {
id = "QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J"; id = "QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J";
routes = [ addr = "10.100.3.5";
"10.1.0.1/32"
"10.10.0.0/16"
];
}; };
}; };
prophet = { prophet = {
ssh.id = { ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUG/ubwo68tt2jMP5ia0Sa4mnkWtlKVN5n4Y50U2nTC"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ4FyGi69MksEn+UJZ87vw1APqiZmPNlEYIr0CbEoGv";
extraHostNames = subResolve "prophet" "node"; extraHostNames = subResolve "prophet" "node";
}; };
hyprspace = { hypr = {
id = "QmbrAHuh4RYcyN9fWePCZMVmQjbaNXtyvrDCWz4VrchbXh"; id = "QmbrAHuh4RYcyN9fWePCZMVmQjbaNXtyvrDCWz4VrchbXh";
routes = [ addr = "10.100.3.9";
"10.1.0.9/32"
];
}; };
}; };
checkmate = { styx = {
ssh.id = { ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINImnMfEzUBU5qiuu05DMPrddTGypOtr+cL1/yQN2GFn"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYLrmiuPK77cw71QNzG2zaWs6gsxmYuLyqsUrWMYLnk";
extraHostNames = subResolve "checkmate" "node"; extraHostNames = subResolve "styx" "services";
};
hyprspace = {
id = "12D3KooWL84sAtq1QTYwb7gVbhSNX5ZUfVt4kgYKz8pdif1zpGUh";
routes = [
"10.1.0.32/32"
];
}; };
}; };
grail = { AnimusAlpha = let extraHostNames = [ "alpha.animus.com" "animus.com" ]; in {
ssh.id = { ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBi5Fm2pmMBhRgJms+me1ldt9Vgj9cMSnB7UllSz3mpY"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpFR47Ev+W+bdng6IrDVpl8rlKBBHSr1v5lwJmZcEFH";
extraHostNames = subResolve "grail" "node"; extraHostNames = portMap 69 extraHostNames;
};
hyprspace = {
id = "12D3KooWN31twBvdEcxz2jTv4tBfPe3mkNueBwDJFCN4xn7ZwFbi";
routes = [
"10.1.0.6/32"
];
};
};
thunderskin = {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8TbMvGXfAp9R2I9GdR7aLlGjxh2CW1pCZjQSB4TJp";
extraHostNames = subResolve "thunderskin" "node";
};
hyprspace = {
id = "12D3KooWB9AUPorFoACkWbphyargRBV9osJsYuQDumtQ85j7Aqmg";
routes = [
"10.1.0.4/32"
];
}; };
ssh.extraConfig = tools.ssh.extraConfig extraHostNames [ "Port 69" ];
}; };
} }

3
hosts/jericho/default.nix
View file

@ -4,8 +4,9 @@ tools: {
extraHostNames = clientResolve "jericho"; extraHostNames = clientResolve "jericho";
}; };
hyprspace = { hypr = {
id = "QmccBLgGP3HR36tTkwSYZX3KDv2EXb1MvYwGVs6PbpbHv9"; id = "QmccBLgGP3HR36tTkwSYZX3KDv2EXb1MvYwGVs6PbpbHv9";
addr = "10.100.3.13";
}; };
nixos = import ./system.nix; nixos = import ./system.nix;

9
hosts/jericho/extras/custom-kernel.nix
View file

@ -1,9 +0,0 @@
{ config, lib, ... }:
{
boot.kernelPatches = lib.singleton {
name = "custom-kernel-config-${config.networking.hostName}";
patch = null;
extraConfig = builtins.readFile ./kernel-config.txt;
};
}

12
hosts/jericho/extras/fprint.nix
View file

@ -1,12 +0,0 @@
{ inputs, pkgs, ... }:
{
services.fprintd = {
enable = true;
};
security.pam.services = {
login.fprintAuth = false;
gdm-password.fprintAuth = false;
gdm-fingerprint.fprintAuth = true;
};
}

27
hosts/jericho/extras/kernel-clr.nix
View file

@ -2,15 +2,24 @@
{ {
boot.kernelPatches = let boot.kernelPatches = let
patch = pkgs.runCommand "kernel-clr-combined.patch" { pickPatch = x: "${inputs.kernel-clr}/${x}";
nativeBuildInputs = [ pkgs.gnugrep ]; patchFiles = map pickPatch [
} '' "0104-pci-pme-wakeups.patch"
cd ${inputs.kernel-clr} "0108-smpboot-reuse-timer-calibration.patch"
grep -o '^%patch[0-9]* ' linux.spec \ "0110-give-rdrand-some-credit.patch"
| grep -o '[0-9]*' \ "0111-ipv4-tcp-allow-the-memory-tuning-for-tcp-to-go-a-lit.patch"
| xargs -I '{}' grep '^Patch{}:' linux.spec \ "0118-add-scheduler-turbo3-patch.patch"
| cut -d" " -f2- | xargs cat >> $out "0119-use-lfence-instead-of-rep-and-nop.patch"
''; "0120-do-accept-in-LIFO-order-for-cache-efficiency.patch"
"0121-locking-rwsem-spin-faster.patch"
"itmt_epb.patch"
"mm-wakeups.patch"
"percpu-minsize.patch"
"socket.patch"
];
patches = map builtins.readFile patchFiles;
patchSet = builtins.concatStringsSep "\n" patches;
patch = pkgs.writeText "kernel-clr-combined.patch" patchSet;
in [{ in [{
inherit patch; inherit patch;
name = "Clear Linux* patchset"; name = "Clear Linux* patchset";

124
hosts/jericho/extras/kernel-config.txt
View file

@ -1,124 +0,0 @@
CAN n
CAIF n
AGP n
DRM_NOUVEAU n
DRM_VMWGFX n
DRM_AST n
DRM_MGAG200 n
DRM_QXL n
DRM_VIRTIO_GPU n
DRM_ETNAVIV n
DRM_CIRRUS_QEMU n
ACCESSIBILITY n
INFINIBAND n
HYPERV n
XEN_BALLOON n
XEN_DEV_EVTCHN n
XENFS n
XEN_SYS_HYPERVISOR n
XEN_GNTDEV n
XEN_GRANT_DEV_ALLOC n
XEN_PCIDEV_BACKEND n
XEN_PVCALLS_FRONTEND n
XEN_PVCALLS_BACKEND n
XEN_SCSI_BACKEND n
XEN_PRIVCMD n
XEN_ACPI_PROCESSOR n
GREYBUS n
SOUNDWIRE n
REISERFS_FS n
JFS_FS n
GFS2_FS n
OCFS2_FS n
NILFS2_FS n
ORANGEFS_FS n
ADFS_FS n
AFFS_FS n
BEFS_FS n
BFS_FS n
EFS_FS n
JFFS2_FS n
UBIFS_FS n
VXFS_FS n
MINIX_FS n
OMFS_FS n
HPFS_FS n
QNX4FS_FS n
QNX6FS_FS n
SYSV_FS n
KVM_AMD n
XEN_PCIDEV_FRONTEND n
VMD n
PCI_MESON n
PCCARD n
RAPIDIO n
GNSS n
MTD n
PARPORT n
BLK_DEV_SX8 n
CDROM_PKTCDVD n
ATA_OVER_ETH n
XEN_BLKDEV_FRONTEND n
XEN_BLKDEV_BACKEND n
FIREWIRE n
FIREWIRE_NOSY n
MACINTOSH_DRIVERS n
FDDI n
HIPPI n
NET_SB1000 n
SLIP n
XEN_NETDEV_FRONTEND n
XEN_NETDEV_BACKEND n
VMXNET3 n
DRM_RADEON n
DRM_AMDGPU n
MEMSTICK n
ATLAS_PH_SENSOR n
ATLAS_EZO_SENSOR n
BME680 n
CCS811 n
IAQCORE n
PMS7003 n
SCD30_CORE n
SCD4X n
SENSIRION_SGP30 n
SENSIRION_SGP40 n
SPS30_I2C n
SPS30_SERIAL n
SENSEAIR_SUNRISE_CO2 n
VZ89X n
IIO_CROS_EC_SENSORS_CORE n
AFE4403 n
AFE4404 n
MAX30100 n
MAX30102 n
AM2315 n
DHT11 n
HDC100X n
HDC2010 n
HID_SENSOR_HUMIDITY n
HTS221 n
HTU21 n
SI7005 n
SI7020 n
ABP060MG n
BMP280 n
DLHL60D n
DPS310 n
HID_SENSOR_PRESS n
HP03 n
ICP10100 n
MPL115_I2C n
MPL115_SPI n
MPL3115 n
MS5611 n
MS5637 n
IIO_ST_PRESS n
T5403 n
HP206C n
ZPA2326 n
IPACK_BUS n
PHY_CAN_TRANSCEIVER n
MCB n
FPGA n
SIOX n

18
hosts/jericho/extras/lanzaboote.nix
View file

@ -1,18 +0,0 @@
{ config, inputs, ... }:
{
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];
age.secrets.secureBootKey.file = ../../../secrets/secure-boot-private-key-jericho.age;
boot.lanzaboote = {
enable = true;
configurationLimit = 50;
publicKeyFile = ./secure-boot/db.pem;
# BUG: the bootloader installation runs before/without the activation script,
# so this key may not exist unless the system has been activated beforehand.
privateKeyFile = config.age.secrets.secureBootKey.path;
};
}

29
hosts/jericho/extras/secure-boot/db.pem
View file

@ -1,29 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIE+TCCAuGgAwIBAgIRAKeYRMV7Va8InQlau+W84swwDQYJKoZIhvcNAQELBQAw
LjEVMBMGA1UEBhMMRGF0YWJhc2UgS2V5MRUwEwYDVQQDEwxEYXRhYmFzZSBLZXkw
HhcNMjMwMTExMjE0MDEzWhcNMjgwMTExMjE0MDEzWjAuMRUwEwYDVQQGEwxEYXRh
YmFzZSBLZXkxFTATBgNVBAMTDERhdGFiYXNlIEtleTCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBALG4gvuyX8lX0HhbLxEkKmEh1ikjR6XxGhWEHePa+xhC
aCHpPdG4R4Q3U/PGNteaxhoFCRTo6TkUcU/WtoYb3CNcDZ51mtUHtY9KFY5A5Yki
yPnNT0W+LFP+vz9B1U+soHp1EA6HgbB/CGWvhmMHwZSzhMsOTsad7nZaiaBfzUmU
p6y616XfI2RzpIlctxQGWNOL0lpdOqCW247ujJdubezvuoXw5gS+6yUi5ssegPdu
UuQkZvgO9yNawISSPNNLj7TbmOC19mQ0q3KcangCCt8/93bbjdtlWMwaDoiWCtL5
e7+Fo/MlhRovcmcz2wPGUr4tn/64mTuMWHhK9CvyIPS3hf7oNGZEWeSdvp8ppaM5
OtocRkDmJjSS+45iEU+d6TTWMrK6s+Mx9UWWJDn/HqRnlmxW4E2eFRhuFRW6/SaB
SbY3X36GMzByj84A4qKwkUGBCK9UZnflXiPv/KSumyg5wmQU4ulAirpMsGP6o78F
vKE8j8avHfC70LPuv9o+pgecp9F7Kg5f6ywGPfXSxv054znV6ZMxpUa0NjLEMp57
2PVfd3EeifgY4M4T5/wQulp8vxN9ipqD/toro16gRB2/Cb1o5FtwV9Fe4/ndVfUA
m8bnG2zo0iLU15L1iTW4vdDZp40BZhzptaz2Xuykqum+BK+8idNtZ8xG5Fy+rED3
AgMBAAGjEjAQMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAIJSY
Lp9/84FJv0/QSBJwI9Ly6p2lobaaZqsUVrOHYqz1Q6VU3zhhTbIYsdfiq/RJY/Dq
w7qPPHwDN9+MgeKPN89q/kXZcZGxO+mT+eAjNBzJUJ3dUfuuoDRgQQEzVd9jUmEA
F39SPZWoa4lefLNdKk7tGu/8T6wmXk03q/RHsG4xWHn4fLdg9XHI4g5o2W9Vorf/
Y2Tz+oQTSipRrqX7lZ0xHGriWp4qTHikBsunzZ/krupSCvAahzG+fDnNYuNHj1FX
/bsITw/2NU7xzJXIRI2+VPTRIppSyZ5hvRBrwfA7mVdRq2HjT0wIRfjnppJvNrOQ
iBKZb/q7shy7bq35SSLpnAQk4ne0BAqPbJP31UxZZ7lzSvynGCUQDwM7A50OkGLC
V9+ov+44+0NN7gCvXhhd8uPuunBTa9zv2gcnoBIy51KvBTxFZ4LOHeU9esPc7W/z
qVaU+yOP3lUJI0Ou285zkP1xhkJyLqv2WlfuXbNxBi3ZmAckrQTjh2llOjSBdy8F
Ce14ni9ybLiIouiEFtBEvDN4jMudDpL04zCuT9amkfznooQsak3T7QrvHl52qLDp
HLOtegwnn8M1ivoqmM6eValayBKN/2gFjHpHmZQmf7J636UNvs6FIvpsPznj+L7a
uJmcfil84qaqDLTNQJfIAyPvOqdnwFO8FiNuAQE=
-----END CERTIFICATE-----

10
hosts/jericho/hardware-configuration.nix
View file

@ -18,6 +18,16 @@
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = {
device = "/dev/disk/by-partlabel/home";
fsType = "xfs";
};
fileSystems."/srv/data" = {
device = "/dev/disk/by-partlabel/data";
fsType = "xfs";
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.sensor.iio.enable = true; hardware.sensor.iio.enable = true;
} }

16
hosts/jericho/system.nix
View file

@ -3,11 +3,8 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./extras/custom-kernel.nix
./extras/fprint.nix
./extras/i915-dp-hdmi-always-full-color-patch.nix ./extras/i915-dp-hdmi-always-full-color-patch.nix
./extras/kernel-clr.nix ./extras/kernel-clr.nix
./extras/lanzaboote.nix
./extras/thermal.nix ./extras/thermal.nix
(import ../../users "desktop").users.max (import ../../users "desktop").users.max
inputs.nixos-hardware.nixosModules.dell-xps-13-7390 inputs.nixos-hardware.nixosModules.dell-xps-13-7390
@ -16,21 +13,24 @@
++ aspect.sets.laptop ++ aspect.sets.laptop
++ (with aspect.modules; [ games ]); ++ (with aspect.modules; [ games ]);
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_9.override { boot.kernelPackages = pkgs.linuxPackages_5_16;
ignoreConfigErrors = true;
});
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "jericho"; networking.hostName = "jericho";
time.timeZone = "Europe/Vienna";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
font = ""; font = "";
keyMap = "us"; keyMap = "us";
}; };
services.xserver.xkb.layout = "us"; services.xserver.layout = "us";
services.xserver.libinput.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
@ -38,6 +38,6 @@
services.fstrim.enable = true; services.fstrim.enable = true;
services.kubo.dataDir = "/srv/data/ipfs"; services.ipfs.dataDir = "/srv/data/ipfs";
} }

2
hosts/tools.nix
View file

@ -10,7 +10,7 @@
]; ];
findResolve = list: dnameResolve (append "find" list) ++ append "f.void" list; findResolve = list: dnameResolve (append "find" list) ++ append "f.void" list;
dnameResolve = list: append "private.void" list ++ append "privatevoid.net" list; dnameResolve = list: append "private.void" list ++ append "privatevoid.net" list;
vpnResolve = list: dnameResolve (append "vpn" list) ++ (append "hyprspace" list); vpnResolve = list: dnameResolve (append "vpn" list) ++ (append "hypr" list);
llmnrResolve = append "local"; llmnrResolve = append "local";
append = part: map (x: "${x}.${part}"); append = part: map (x: "${x}.${part}");
portMap = port: map (x: "[${x}]:${builtins.toString port}"); portMap = port: map (x: "[${x}]:${builtins.toString port}");

15
modules/autopatch/default.nix
View file

@ -8,15 +8,15 @@
inherit (patched) inherit (patched)
ddcci-driver-with-global-control ddcci-driver-with-global-control
kubo
nerdfonts-terminus nerdfonts-terminus
terminus_font_fancy terminus_font_fancy
libfprint webkitgtk
fprintd
; ;
doas = patched.doas-interactive; doas = patched.doas-interactive;
ipfs = patched.lain-ipfs;
hydra-unstable = patched.hydra; hydra-unstable = patched.hydra;
nix-direnv = super.nix-direnv.override { nix-direnv = super.nix-direnv.override {
@ -29,7 +29,14 @@
commandLineArgs = "--enable-features=OverlayScrollbar,OverlayScrollbarFlashAfterAnyScrollUpdate,OverlayScrollbarFlashWhenMouseEnter --auth-server-whitelist=*privatevoid.net"; commandLineArgs = "--enable-features=OverlayScrollbar,OverlayScrollbarFlashAfterAnyScrollUpdate,OverlayScrollbarFlashWhenMouseEnter --auth-server-whitelist=*privatevoid.net";
}; };
inherit (patched) gnome-control-center nautilus; gnome = super.gnome.overrideScope' (self': super': {
inherit (patched) nautilus;
gnome-control-center = patched.gnome-control-center.override { inherit (self') gnome-user-share; };
});
tilix = patched.tilix-high-refresh-rate;
})) }))
]; ];
} }

23
modules/brig/default.nix
View file

@ -1,23 +0,0 @@
{ pkgs, config, inputs, ... }:
let
inherit (inputs.self.packages.${pkgs.system}) brig;
in
{
environment.systemPackages = [ brig ];
systemd.user.services.brig = {
description = "Brig Daemon";
wantedBy = [ "gnome-session.target" ];
path = [ "/run/wrappers" config.services.kubo.package ];
serviceConfig = {
ExecStart = "${brig}/bin/brig --repo %h/.brig daemon launch";
#ExecStartPost = "${brig}/bin/brig fstab apply";
Restart = "always";
Slice = "background.slice";
SyslogIdentifier = "brig";
};
environment = {
inherit (config.environment.variables) IPFS_PATH;
};
};
}

21
modules/cockpit/default.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
let
port = 31350;
in
{
services.cockpit = {
enable = true;
inherit port;
package = pkgs.cockpit.overrideAttrs {
postFixup = ''
for package in apps kdump packagekit playground selinux sosreport; do
rm -rf $out/share/cockpit/$package
done
'';
};
};
services.hyprspace.settings.services.manage = "/tcp/${toString port}";
}

15
modules/default.nix
View file

@ -3,16 +3,13 @@ with builtins;
let let
aspects = [ aspects = [
./autopatch ./autopatch
./brig
./cockpit
./desktop ./desktop
./enterprise
./firewall ./firewall
./games ./games
./hardened ./hardened
./hyprspace ./hyprspace
./idm ./ipfs-lain
./impurity-logger
./ipfs
./jackett ./jackett
./laptop-config ./laptop-config
./lidarr ./lidarr
@ -27,7 +24,6 @@ let
./shell-config ./shell-config
./sound ./sound
./ssh ./ssh
./xr
]; ];
mappedAspects = map (x: { name = baseNameOf x; value = import x; }) aspects; mappedAspects = map (x: { name = baseNameOf x; value = import x; }) aspects;
in rec { in rec {
@ -35,15 +31,13 @@ in rec {
sets = with modules; rec { sets = with modules; rec {
base = [ base = [
autopatch autopatch
cockpit enterprise
hardened hardened
idm
impurity-logger
]; ];
networking = [ firewall ssh ]; networking = [ firewall ssh ];
client-networking = networking ++ [ networking-client nm-vdns-auto ipfs hyprspace ]; client-networking = networking ++ [ networking-client nm-vdns-auto ipfs-lain hyprspace ];
desktop = [ desktop = [
modules.desktop modules.desktop
@ -53,7 +47,6 @@ in rec {
nix-config nix-config
shell-config shell-config
sound sound
xr
] ++ base ++ client-networking; ] ++ base ++ client-networking;
laptop = desktop ++ [ laptop-config ]; laptop = desktop ++ [ laptop-config ];

5
modules/desktop/bluetooth.nix
View file

@ -1,5 +0,0 @@
{
hardware.bluetooth.settings = {
General.Experimental = true;
};
}

68
modules/desktop/default.nix
View file

@ -6,13 +6,6 @@
in { in {
imports = [ imports = [
./package-sets.nix ./package-sets.nix
./nixpak-tricks.nix
./hidden-apps.nix
./helix-desktop.nix
./open-in-blackbox.nix
./bluetooth.nix
./pkexec.nix
./security.nix
]; ];
services.xserver = { services.xserver = {
@ -27,57 +20,20 @@ in {
programs.adb.enable = true; programs.adb.enable = true;
environment.gnome.excludePackages = with pkgs; [ environment.gnome.excludePackages = with pkgs.gnome; [
cheese
gnome-logs gnome-logs
gnome-music gnome-music
gnome-console
gnome-photos
gnome-tour
orca
snapshot
totem totem
yelp pkgs.gnome-photos
];
desktop.hiddenApps = [
"startcenter.desktop" # LibreOffice Start Center
"xsltfilter.desktop" # LibreOffice XSLT based filters
"xterm.desktop"
"cups.desktop"
"scrcpy-console.desktop"
# all the Krita mimetype stuff
"krita_brush.desktop"
"krita_csv.desktop"
"krita_exr.desktop"
"krita_gif.desktop"
"krita_heif.desktop"
"krita_heightmap.desktop"
"krita_jp2.desktop"
"krita_jpeg.desktop"
"krita_jxl.desktop"
"krita_kra.desktop"
"krita_krz.desktop"
"krita_ora.desktop"
"krita_pdf.desktop"
"krita_png.desktop"
"krita_psd.desktop"
"krita_qimageio.desktop"
"krita_raw.desktop"
"krita_spriter.desktop"
"krita_svg.desktop"
"krita_tga.desktop"
"krita_tiff.desktop"
"krita_webp.desktop"
"krita_xcf.desktop"
]; ];
environment.variables = { environment.variables = {
EDITOR = "hx"; EDITOR = "nvim";
SSH_ASKPASS = lib.mkForce ""; SSH_ASKPASS = lib.mkForce "";
}; };
fonts.packages = with pkgs; [ fonts.fonts = with pkgs; [
terminus_font_fancy terminus_font_fancy
terminus_font_ttf terminus_font_ttf
nerdfonts-terminus nerdfonts-terminus
@ -87,10 +43,9 @@ in {
security = { security = {
sudo.enable = false; sudo.enable = false;
doas.enable = true; doas.enable = true;
doas.extraRules = lib.mkForce [ rec { doas.extraRules = [{
groups = [ "wheel" ]; groups = [ "wheel" ];
noPass = !config.services.fprintd.enable; noPass = true;
persist = !noPass;
}]; }];
}; };
@ -117,16 +72,11 @@ in {
services.packagekit.enable = lib.mkForce false; services.packagekit.enable = lib.mkForce false;
programs.gnome-terminal.enable = false; programs.gnome-terminal.enable = false;
qt = { qt5 = {
enable = true; enable = true;
platformTheme = "gtk2"; platformTheme = "gtk2";
style = "gtk2"; style = "gtk2";
}; };
virtualisation.libvirtd = { virtualisation.libvirtd.enable = true;
enable = true;
qemu.package = pkgs.qemu_kvm;
};
services.printing.drivers = with pkgs; [ hplip gutenprint ];
} }

58
modules/desktop/helix-desktop.nix
View file

@ -1,58 +0,0 @@
{ pkgs, ... }:
let
helixDesktop = pkgs.makeDesktopItem {
name = "net.privatevoid.HelixDesktop";
desktopName = "Helix";
comment = "Helix Editor";
mimeTypes = [
"text/plain"
"application/x-zerosize"
"inode/directory"
];
inherit icon;
tryExec = "hx";
exec = ''${hxOpenHandler} %F'';
};
icon = pkgs.fetchurl {
name = "helix-logo.svg";
url = "https://raw.githubusercontent.com/helix-editor/helix/d1a4bd876b3ae646693c0905d7f29b636e2e5033/logo.svg";
sha256 = "sha256-1XBrlGbCfkfYhIZuQ9eDBgDoohup/gQ9VZynEerUqcY=";
};
hxOpenHandler = pkgs.writeShellScript "hx-open-handler" ''
isDir () { test -d "$1"; }
isFile () { test -f "$1"; }
findAnyDir () {
for f in "$@"; do
if test -d "$f"; then
echo "$f"
return 0
fi
done
return 1
}
if [[ "$#" == 0 ]]; then
exec blackbox -w "$HOME" -c hx
elif [[ "$#" == 1 ]]; then
isDir "$1" && exec blackbox -w "$1" -c "hx ."
isFile "$1" && exec blackbox -w "$(dirname "$1")" -c "hx '$1'"
else
firstDir="$(findAnyDir "$@")"
findAnyDirStatus="$?"
if [[ "$findAnyDirStatus" == 0 ]]; then
exec blackbox -w "$firstDir" -c "hx ."
else
# magic: find common base directory
workDir="$(dirname "$@" | sed -e 'N;s/^\(.*\).*\n\1.*$/\1\n\1/;D')"
args=("$@")
exec blackbox -w "$workDir" -c "hx ''${args[*]@Q}"
fi
fi
'';
in
{
environment.systemPackages = [ helixDesktop ];
}

31
modules/desktop/hidden-apps.nix
View file

@ -1,31 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (config.desktop) hiddenApps;
hiddenDesktopFile = pkgs.writeText "hidden.desktop" ''
[Desktop Entry]
Hidden=true
NoDisplay=true
'';
hiddenAppsPackage = pkgs.runCommandLocal "hidden-apps" {} ''
mkdir -p $out/share/applications
for app in ${lib.escapeShellArgs hiddenApps}; do
ln -sf ${hiddenDesktopFile} "$out/share/applications/$app"
done
'';
in
{
options.desktop = {
hiddenApps = lib.mkOption {
type = with lib.types; listOf str;
default = [];
};
};
config = lib.mkIf (hiddenApps != []) {
environment.systemPackages = [
(lib.hiPrio hiddenAppsPackage)
];
};
}

32
modules/desktop/nixpak-tricks.nix
View file

@ -1,32 +0,0 @@
{ pkgs, ... }:
let
# tricks xdg-document-portal into not using the document portal for pointless things
# note that we report read-write even if the access is supposed to be read-only,
# because ticking the checkbox in the dialog every time is annoying, ro status
# is enforced by the sandbox anyway
# example call: flatpak info --file-access=/srv/file.txt com.nixpak.Whatever
documentPortalFileAccessTrick = pkgs.writeShellScriptBin "flatpak" ''
[[ "$1" == "info" ]] || exit 1
case "$3" in
org.chromium.Chromium)
case "''${2#--file-access=}" in
$HOME/Downloads*) echo read-write;;
*) echo hidden;;
esac;;
io.bassi.Amberol)
case "''${2#--file-access=}" in
$HOME/Music*) echo read-write;;
/srv/data/music*) echo read-write;;
*) echo hidden;;
esac;;
*)
echo hidden;;
esac
'';
in
{
environment.systemPackages = [
documentPortalFileAccessTrick
];
}

18
modules/desktop/open-in-blackbox.nix
View file

@ -1,18 +0,0 @@
{ pkgs, ... }:
let
openInBlackBox = pkgs.makeDesktopItem {
name = "net.privatevoid.OpenInBlackBox";
desktopName = "Black Box";
noDisplay = true;
mimeTypes = [ "inode/directory" ];
icon = "com.raggesilver.BlackBox";
startupNotify = false;
tryExec = "blackbox";
exec = "blackbox -w %f";
};
in
{
environment.systemPackages = [ openInBlackBox ];
}

56
modules/desktop/package-sets.nix
View file

@ -1,9 +1,10 @@
{ pkgs, inputs, lib, ... }: let { pkgs, config, inputs, lib, ... }: let
custom = inputs.self.packages.${pkgs.system}; sets = with pkgs; rec {
editor = [
sets = with pkgs; { inputs.modular-nvim.defaultPackage.x86_64-linux
];
writing = [ writing = [
(apostrophe.override { texliveMedium = pkgs.emptyDirectory; }) apostrophe
libreoffice libreoffice
]; ];
drawing = [ drawing = [
@ -11,7 +12,7 @@
gimp gimp
inkscape inkscape
krita krita
rnote xournalpp
]; ];
cli-utils = [ cli-utils = [
bat bat
@ -26,45 +27,30 @@
xh xh
]; ];
www = [ www = [
custom.ungoogled-chromium ungoogled-chromium
]; ];
gui-apps = with custom; [ gui-apps = with inputs.self.packages.x86_64-linux; [
amberol identity
blackbox-high-refresh-rate
cavalier
denaro
deja-dup
dialect
obfuscate obfuscate
fragments-remote ] ++ [
tubefeeder
wike
celluloid celluloid
easyeffects
endeavour
gnome-firmware-updater gnome-firmware-updater
gnome-podcasts gnome-podcasts
dconf-editor gnome.dconf-editor
gnome-boxes gnome.gnome-boxes
gnome-sound-recorder gnome.gnome-todo
gnome-tweaks gnome.gnome-tweaks
nautilus-python gnome.nautilus-python
jellyfin-media-player lollypop
junction
newsflash
pavucontrol pavucontrol
scrcpy scrcpy
vaults tilix
virt-manager virt-manager
warp
]; ];
dev-tools = [ dev-tools = [
d-spy bustle
emblem gnome-builder
sysprof inputs.self.packages.x86_64-linux.neovim-gtk
textpieces
custom.git-remote-ipld
custom.webfont-kit-generator
]; ];
system = with pkgs.gnomeExtensions; [ system = with pkgs.gnomeExtensions; [
appindicator appindicator

16
modules/desktop/pkexec.nix
View file

@ -1,16 +0,0 @@
{
security.polkit.extraConfig = /*javascript*/ ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.policykit.exec" &&
subject.isInGroup("wheel")
) {
if (subject.active) {
return polkit.Result.AUTH_SELF_KEEP;
} else {
return polkit.Result.AUTH_SELF;
}
}
});
'';
}

3
modules/desktop/security.nix
View file

@ -1,3 +0,0 @@
{
programs.yubikey-touch-detector.enable = true;
}

30
modules/enterprise/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, config, inputs, ... }:
let
orgDomain = "privatevoid.net";
orgRealm = "PRIVATEVOID.NET";
in {
krb5 = {
enable = true;
domain_realm = {
${orgDomain} = orgRealm;
".${orgDomain}" = orgRealm;
};
libdefaults = {
default_realm = orgRealm;
dns_lookup_kdc = true;
rdns = false;
forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}";
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}";
};
realms = {
"${orgRealm}" = rec {
kdc = "authsys.virtual-machines.privatevoid.net";
admin_server = kdc;
kpasswd_server = kdc;
default_domain = orgDomain;
};
};
};
services.pcscd.enable = true;
}

2
modules/games/default.nix
View file

@ -1,6 +1,6 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
hardware.graphics.enable32Bit = true; hardware.opengl.driSupport32Bit = true;
programs.steam.enable = true; programs.steam.enable = true;
} }

82
modules/hyprspace/default.nix
View file

@ -1,55 +1,75 @@
{ inputs, pkgs, lib, hosts, config, ... }: { inputs, pkgs, lib, hosts, config, ... }:
let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hyprspace) hosts; inherit (inputs.self.packages.${pkgs.system}) hyprspace;
peersFormatted = builtins.mapAttrs (name: x: { hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts;
inherit name; peersFormatted = builtins.mapAttrs (_: x: { "${x.hypr.addr}".id = x.hypr.id; }) hyprspaceCapableNodes;
inherit (x.hyprspace) id;
routes = map (net: { inherit net; }) (x.hyprspace.routes or []);
}) hyprspaceCapableNodes;
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted; peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
peerList = builtins.attrValues peersFiltered; buildHyprspacePeerList = peers: pkgs.writeText "hyprspace-peers.yml" (builtins.toJSON peers);
peers = lib.foldAttrs (n: _: n) null (builtins.attrValues peersFiltered);
peerList = buildHyprspacePeerList peers;
myNode = hosts.${hostName}; myNode = hosts.${hostName};
listenPort = myNode.hyprspace.listenPort or 8001; listenPort = myNode.hypr.listenPort or 8001;
precedingConfig = pkgs.writeText "hyprspace-interface.yml" ''
interface:
name: hyprspace
listen_port: ${builtins.toString listenPort}
id: ${myNode.hypr.id}
address: ${myNode.hypr.addr}/24
private_key: !!binary |
'';
privateKeyFile = config.age.secrets.hyprspace-key.path; privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.yml";
in { in {
imports = [ networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair (v.hypr.addr) ([k "${k}.hypr"])) hyprspaceCapableNodes;
inputs.hyprspace.nixosModules.default
];
age.secrets.hyprspace-key = { age.secrets.hyprspace-key = {
file = ../../secrets/hyprspace-key- + "${hostName}.age"; file = ../../secrets/hyprspace-key- + "${hostName}.age";
mode = "0400"; mode = "0400";
}; };
age.secrets.ipfs-swarm-key = {
file = ../../secrets/ipfs-swarm-key.age;
mode = "0400";
};
systemd.services.hyprspace = { systemd.services.hyprspace = {
environment = lib.optionalAttrs config.services.kubo.enable {
HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API;
};
};
services.hyprspace = {
enable = true; enable = true;
inherit privateKeyFile; wantedBy = [ "multi-user.target" ];
settings = { wants = [ "network-online.target" ];
listenAddresses = let after = [ "network-online.target" ];
port = toString listenPort; preStart = ''
in [ test -e ${runConfig} && rm ${runConfig}
"/ip4/0.0.0.0/tcp/${port}" touch ${runConfig}
"/ip4/0.0.0.0/udp/${port}/quic-v1" chmod 0600 ${runConfig}
"/ip6/::/tcp/${port}"
"/ip6/::/udp/${port}/quic-v1" cat ${precedingConfig} >> ${runConfig}
]; sed 's/^/ /g' ${privateKeyFile} >> ${runConfig}
peers = peerList; echo -n 'peers: ' >> ${runConfig}
cat ${peerList} >> ${runConfig}
chmod 0400 ${runConfig}
'';
environment.HYPRSPACE_SWARM_KEY = config.age.secrets.ipfs-swarm-key.path;
serviceConfig = {
ExecStart = "${hyprspace}/bin/hyprspace up hyprspace -f -c ${runConfig}";
ExecStop = "${hyprspace}/bin/hyprspace down hyprspace";
}; };
}; };
networking.firewall = {
allowedTCPPorts = [ listenPort ];
allowedUDPPorts = [ listenPort ];
trustedInterfaces = [ "hyprspace" ];
};
networking.networkmanager.dispatcherScripts = [{ networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "hyprspace-reconnect.sh" '' source = pkgs.writeShellScript "hyprspace-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0 [[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:$PATH PATH=${pkgs.systemd}/bin:$PATH
case $1 in case $1 in
wl*|en*) wl*|en*)
systemctl reload-or-restart --no-block hyprspace.service;; if systemctl is-active hyprspace.service; then
${builtins.concatStringsSep "\n" (map (peer: "/run/wrappers/bin/ping -qnA -c3 -W1 ${peer} && exit") (builtins.attrNames peers))}
fi
systemctl restart --no-block hyprspace.service;;
esac esac
exit 0 exit 0
''; '';

25
modules/idm/default.nix
View file

@ -1,25 +0,0 @@
{ pkgs, ... }:
{
services.kanidm = {
enableClient = true;
clientSettings = {
uri = "https://idm.privatevoid.net";
};
};
environment.systemPackages = let
idmAlias = pkgs.runCommand "kanidm-idm-alias" {} ''
mkdir -p $out/bin
ln -s ${pkgs.kanidm}/bin/kanidm $out/bin/idm
mkdir -p $out/share/bash-completion/completions
cat >$out/share/bash-completion/completions/idm.bash <<EOF
source ${pkgs.kanidm}/share/bash-completion/completions/kanidm.bash
complete -F _kanidm -o bashdefault -o default idm
EOF
mkdir -p $out/share/zsh/site-functions
cp ${pkgs.kanidm}/share/zsh/site-functions/_kanidm $out/share/zsh/site-functions/_idm
substituteInPlace $out/share/zsh/site-functions/_idm --replace kanidm idm
'';
in [ idmAlias ];
}

15
modules/impurity-logger/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
let
mkTracer = name: target: exe: lib.getExe (pkgs.writeShellScriptBin name ''
echo "PID $PPID executed ${target}" |& ${config.systemd.package}/bin/systemd-cat --identifier=impurity >/dev/null 2>/dev/null
exec -a "$0" '${exe}' "$@"
'');
in
{
environment = {
usrbinenv = mkTracer "env" "/usr/bin/env" "${pkgs.coreutils}/bin/env";
binsh = mkTracer "sh" "/bin/sh" "${pkgs.bashInteractive}/bin/sh";
};
}

60
modules/ipfs-lain/default.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.ipfs;
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
in {
services.ipfs = {
enable = true;
localDiscovery = true;
autoMount = true;
startWhenNeeded = false;
enableGC = true;
extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ];
extraConfig = {
Bootstrap = [
"/ip4/95.216.8.12/tcp/4001/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
"/ip4/51.38.87.150/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN"
];
};
};
systemd.services.ipfs.environment.LIBP2P_FORCE_PNET = "1";
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
environment = {
variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
shellAliases = {
ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
f = "ipfs files";
};
};
networking.firewall.allowedTCPPorts = [ 4001 ];
environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" ''
PATH=${cfg.package}/bin:$PATH
set -e
cid=$(ipfs add -Qrp --pin=false "$@")
test -n $cid || exit 0
echo -e "\n\n IPFS path: /ipfs/$cid"
echo -e " Web link: https://$(ipfs cid base32 $cid).ipfs.privatevoid.net\n"
'');
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH
export IPFS_PATH=${ipfsApi}
systemctl is-active ipfs.service || exit 0
case $1 in
wl*|en*)
ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect
ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect
esac
exit 0
'';
type = "basic";
}];
}

197
modules/ipfs/default.nix
View file

@ -1,197 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.kubo;
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
peeringPeers = [
{
ID = "Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo";
Addrs = [
"/ip4/95.216.8.12/udp/110/quic"
"/ip4/95.216.8.12/tcp/110"
];
}
{
ID = "12D3KooWQWsHPUUeFhe4b6pyCaD1hBoj8j6Z7S7kTznRTh1p1eVt";
Addrs = [
"/ip4/152.67.79.222/udp/110/quic"
"/ip4/152.67.79.222/tcp/110"
];
}
];
in {
services.kubo = {
enable = true;
localDiscovery = true;
autoMount = true;
startWhenNeeded = false;
enableGC = true;
extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ];
settings = {
Addresses = {
Swarm = [
"/ip4/0.0.0.0/tcp/4001"
"/ip4/0.0.0.0/tcp/110"
"/ip4/0.0.0.0/udp/4001/quic"
"/ip4/0.0.0.0/udp/110/quic"
];
API = "/ip4/127.0.0.1/tcp/5001";
};
Peering.Peers = peeringPeers;
Bootstrap = (lib.flatten (map (p: map (a: "${a}/p2p/${p.ID}") p.Addrs) peeringPeers)) ++ [
"/dnsaddr/bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
];
Datastore = {
BloomFilterSize = 0;
GCPeriod = "1h";
HashOnRead = false;
NoSync = true;
Spec = {
mounts = [];
child = {
path = "badgerds";
syncWrites = false;
truncate = true;
type = "badgerds";
};
prefix = "badger.datastore";
type = "measure";
};
StorageGCWatermark = 90;
StorageMax = "200GB";
};
Routing = {
Type = "custom";
Routers = {
LanDHT = {
Type = "dht";
Parameters = {
Mode = "auto";
PublicIPNetwork = false;
AcceleratedDHTClient = false;
};
};
WanDHT = {
Type = "dht";
Parameters = {
Mode = "auto";
PublicIPNetwork = true;
AcceleratedDHTClient = false;
};
};
CidContact = {
Type = "http";
Parameters.Endpoint = "https://cid.contact";
};
PrivateVoid = {
Type = "http";
Parameters.Endpoint = "https://p2p.privatevoid.net";
};
AllDHT = {
Type = "parallel";
Parameters.Routers = [
{
RouterName = "WanDHT";
IgnoreErrors = false;
Timeout = "30s";
}
{
RouterName = "LanDHT";
IgnoreErrors = false;
Timeout = "10s";
}
];
};
Parallel = {
Type = "parallel";
Parameters.Routers = [
{
RouterName = "WanDHT";
IgnoreErrors = false;
Timeout = "30s";
}
{
RouterName = "LanDHT";
IgnoreErrors = false;
Timeout = "10s";
}
{
RouterName = "CidContact";
IgnoreErrors = true;
Timeout = "10s";
ExecuteAfter = "3s";
}
{
RouterName = "PrivateVoid";
IgnoreErrors = true;
Timeout = "5s";
ExecuteAfter = "200ms";
}
];
};
};
Methods = {
find-peers.RouterName = "Parallel";
find-providers.RouterName = "Parallel";
get-ipns.RouterName = "Parallel";
put-ipns.RouterName = "Parallel";
provide.RouterName = "AllDHT";
};
};
};
};
systemd.services.ipfs = {
serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
ReadWritePaths = lib.mkForce [ ];
};
};
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
environment = {
variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
shellAliases = {
ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
f = "ipfs files";
};
};
networking.firewall.allowedTCPPorts = [ 110 4001 ];
environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" ''
PATH=${cfg.package}/bin:$PATH
set -e
cid=$(ipfs add -Qrp --pin=false "$@")
test -n $cid || exit 0
echo -e "\n\n IPFS path: /ipfs/$cid"
b32=$(ipfs cid base32 $cid)
echo -e " Web link: https://$b32.ipfs.privatevoid.net"
echo -e " Web link: https://$b32.ipfs.dweb.link"
echo -e " Web link: https://privatevoid.net/ipfs/$cid"
echo -e " Web link: https://ipfs.io/ipfs/$cid"
echo -e " Web link: https://cloudflare-ipfs.com/ipfs/$cid\n"
'');
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH
export IPFS_PATH=${ipfsApi}
systemctl is-active ipfs.service || exit 0
case $1 in
wl*|en*)
ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect
ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect
esac
exit 0
'';
type = "basic";
}];
}

45
modules/laptop-config/gdm-touchpad-config.nix
View file

@ -1,15 +1,36 @@
{ lib, ... }: { pkgs, lib, ... }:
{ {
programs.dconf.profiles.gdm.databases = [ programs.dconf.profiles.gdm = lib.mkForce (let
{ customDconf = pkgs.writeTextFile {
settings."org/gnome/desktop/peripherals/touchpad" = { name = "gdm-dconf-touchpad";
edge-scrolling-enabled = false; destination = "/dconf/gdm-custom";
natural-scroll = false; text = ''
speed= lib.gvariant.mkDouble 0.375; [org/gnome/desktop/peripherals/touchpad]
tap-to-click = true; edge-scrolling-enabled=false
two-finger-scrolling-enabled = true; natural-scroll=false
}; speed=0.375
} tap-to-click=true
]; two-finger-scrolling-enabled=true
'';
};
customDconfDb = pkgs.stdenv.mkDerivation {
name = "gdm-dconf-db";
buildCommand = ''
${pkgs.dconf}/bin/dconf compile $out ${customDconf}/dconf
'';
};
in pkgs.stdenv.mkDerivation {
name = "dconf-gdm-profile";
buildCommand = with { gdm = pkgs.gnome.gdm; }; ''
# Check that the GDM profile starts with what we expect.
if [ $(head -n 1 ${gdm}/share/dconf/profile/gdm) != "user-db:user" ]; then
echo "GDM dconf profile changed, please update gdm.nix"
exit 1
fi
# Insert our custom DB behind it.
sed '2ifile-db:${customDconfDb}' ${gdm}/share/dconf/profile/gdm > $out
'';
});
} }

33
modules/networking-client/default.nix
View file

@ -1,31 +1,22 @@
{ config, inputs, pkgs, ... }:
{ {
networking.useDHCP = false; networking.useDHCP = false;
networking.networkmanager = { networking.networkmanager = {
dns = "systemd-resolved"; dns = "systemd-resolved";
enableStrongSwan = false; enableStrongSwan = false;
settings.connectivity = { extraConfig = ''
url = "http://whoami.privatevoid.net/online"; [connectivity]
respone = "CONNECTED_GLOBAL"; uri=http://whoami.privatevoid.net/online
interval = 120; response=CONNECTED_GLOBAL
}; interval=120
'';
}; };
services.resolved = { services.resolved = {
enable = true; enable = true;
fallbackDns = [ fallbackDns = [ "10.1.0.1" ];
"95.216.8.12#securedns.privatevoid.net"
"152.67.73.164#securedns.privatevoid.net"
"10.1.0.1"
];
llmnr = "true"; llmnr = "true";
dnssec = "false"; dnssec = "false";
extraConfig = '' extraConfig = "Cache=no-negative";
Cache=no-negative
DNSOverTLS=opportunistic
DNS=${builtins.concatStringsSep " " config.services.resolved.fallbackDns}
'';
}; };
networking.firewall = let networking.firewall = let
ports = [ ports = [
@ -35,12 +26,4 @@
allowedTCPPorts = ports; allowedTCPPorts = ports;
allowedUDPPorts = ports; allowedUDPPorts = ports;
}; };
boot.extraModulePackages = [
(inputs.self.packages.${pkgs.system}.evil.override {
inherit (config.boot.kernelPackages) kernel;
})
];
boot.kernelModules = [ "evil" ];
} }

13
modules/nextcloud-client/default.nix
View file

@ -1,4 +1,15 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
# expose nextcloud client into the environment
environment.systemPackages = [ pkgs.nextcloud-client ]; environment.systemPackages = [ pkgs.nextcloud-client ];
systemd.user.services.nextcloud = {
description = "Nextcloud Client Service";
wantedBy = [ "gnome-session.target" ];
serviceConfig = {
ExecStart = "${pkgs.nextcloud-client}/bin/nextcloud --background";
Restart = "always";
Slice = "background.slice";
};
};
} }

18
modules/nix-config/default.nix
View file

@ -1,11 +1,10 @@
{ pkgs, lib, config, inputs, ... }: { pkgs, lib, config, inputs, ... }@args:
let let
builder = { builder = {
systems = [ "x86_64-linux" "i686-linux" ]; systems = [ "x86_64-linux" "i686-linux" ];
speedFactor = 4; speedFactor = 4;
supportedFeatures = [ "benchmark" "nixos-test" ]; supportedFeatures = [ "benchmark" "nixos-test" ];
sshKey = config.age.secrets.nixBuilderKey.path; sshKey = config.age.secrets.nixBuilderKey.path;
protocol = "ssh-ng";
}; };
bigBuilder = builder // { bigBuilder = builder // {
speedFactor = 16; speedFactor = 16;
@ -18,7 +17,7 @@ in {
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
nixSuper = inputs.nix-super.packages.x86_64-linux.default; nixSuper = inputs.nix-super.defaultPackage.x86_64-linux;
}) })
]; ];
nix = { nix = {
@ -30,10 +29,13 @@ in {
substituters = [ substituters = [
"https://cache.privatevoid.net" "https://cache.privatevoid.net"
"https://max.cachix.org?priority=100"
"https://reflex.privatevoid.net?priority=90"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="
"max.cachix.org-1:oSMQ1zYLR8H4L17hfe6ETlI/d+VeiBykB8PbBdPtDJw="
]; ];
}; };
@ -56,15 +58,15 @@ in {
distributedBuilds = true; distributedBuilds = true;
buildMachines = [ buildMachines = [
(builder // { (bigBuilder // {
sshUser = "nix"; sshUser = "nixbuilder";
hostName = "prophet.node.privatevoid.net"; hostName = "animus.com";
systems = [ "aarch64-linux" ]; maxJobs = 4;
}) })
] ++ ] ++
(lib.optional (config.networking.hostName != "TITAN") (bigBuilder // { (lib.optional (config.networking.hostName != "TITAN") (bigBuilder // {
sshUser = "nix"; sshUser = "nix";
hostName = "titan.hyprspace"; hostName = "titan.hypr";
speedFactor = 12; speedFactor = 12;
maxJobs = 12; maxJobs = 12;
})); }));

11
modules/nix-register-flakes/default.nix
View file

@ -18,6 +18,17 @@ with inputs;
}; };
default.flake = nixpkgs; default.flake = nixpkgs;
home-manager.flake = home-manager; home-manager.flake = home-manager;
vim.flake = let
nixpkgsSelfLock = lib.importJSON "${self}/flake.lock";
vimLock = lib.importJSON "${modular-nvim}/flake.lock";
patchedLock = lib.recursiveUpdate vimLock { nodes.nixpkgs.locked = (nixpkgsSelfLock.nodes.nixpkgs.locked); };
patchedLockFile = pkgs.writeText "patched-flake.lock" (builtins.toJSON patchedLock);
in pkgs.runCommand "vim-flake" {} ''
cp -vr ${modular-nvim} $out
chmod +w $out
rm $out/flake.lock
cp -v ${patchedLockFile} $out/flake.lock
'';
templates.to = { templates.to = {
owner = "max"; owner = "max";
repo = "flake-templates"; repo = "flake-templates";

2
modules/persistence/default.nix
View file

@ -13,7 +13,7 @@
} }
]; ];
services.kubo.dataDir = "/srv/data/ipfs"; services.ipfs.dataDir = "/persist/ipfs";
services.lidarr.dataDir = "/persist/db/lidarr"; services.lidarr.dataDir = "/persist/db/lidarr";
services.jackett.dataDir = "/persist/db/jackett"; services.jackett.dataDir = "/persist/db/jackett";

10
modules/shell-config/default.nix
View file

@ -10,11 +10,6 @@ let
] ++ [ ] ++ [
"source ${pkgs.fzf}/share/fzf/key-bindings.zsh" "source ${pkgs.fzf}/share/fzf/key-bindings.zsh"
"ZSH_HIGHLIGHT_DIRS_BLACKLIST=(/* /ipfs /ipns)" "ZSH_HIGHLIGHT_DIRS_BLACKLIST=(/* /ipfs /ipns)"
''
command_not_found_handler() {
${pkgs.comma}/bin/comma "$@"
}
''
]; ];
in { in {
environment.shellAliases = { environment.shellAliases = {
@ -27,13 +22,13 @@ in {
sudo = "sudo "; sudo = "sudo ";
tree = "lsd --tree"; tree = "lsd --tree";
uctl = "systemctl --user"; uctl = "systemctl --user";
vim = "hx"; vim = "nvim";
nvr = "nvr --servername /tmp/nvim-remote-$USER --remote-tab";
nix-repl = "nix repl '<repl>'"; nix-repl = "nix repl '<repl>'";
# thanks gytis # thanks gytis
manix-view = ''manix "" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --ansi --preview="manix '{}' | sed 's/type: /> type: /g' | bat -l Markdown --color=always --plain"''; manix-view = ''manix "" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --ansi --preview="manix '{}' | sed 's/type: /> type: /g' | bat -l Markdown --color=always --plain"'';
}; };
programs = { programs = {
command-not-found.enable = false;
zsh = { zsh = {
enable = true; enable = true;
histFile = "$HOME/.cache/zsh_history"; histFile = "$HOME/.cache/zsh_history";
@ -53,7 +48,6 @@ in {
"interactivecomments" "interactivecomments"
"monitor" "monitor"
"nobadpattern" "nobadpattern"
"nonomatch"
"promptsubst" "promptsubst"
"sharehistory" "sharehistory"
"zle" "zle"

17
modules/sound/default.nix
View file

@ -1,5 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -7,14 +8,18 @@
pulse.enable = true; pulse.enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
jack.enable = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# KXStudio stuff # KXStudio stuff
cadence
carla carla
jack_oscrolloscope
jack_rack jack_rack
jackmeter
qjackctl qjackctl
# Audio plugins # Audio plugins
@ -23,12 +28,16 @@
artyFX artyFX
calf calf
distrho distrho
guitarix
helm helm
infamousPlugins
ingen
kapitonov-plugins-pack kapitonov-plugins-pack
ladspaPlugins ladspaPlugins
lv2 lv2
metersLv2 metersLv2
noise-repellent noise-repellent
rakarrack
rkrlv2 rkrlv2
sorcer sorcer
swh_lv2 swh_lv2
@ -44,11 +53,5 @@
VST_PATH = "/run/current-system/sw/lib/vst"; VST_PATH = "/run/current-system/sw/lib/vst";
}; };
desktop.hiddenApps = [
"carla-control.desktop"
"carla-jack-multi.desktop"
"carla-jack-single.desktop"
"carla-patchbay.desktop"
"carla-rack.desktop"
];
} }

12
modules/xr/default.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
let
rules = pkgs.writeTextDir "etc/udev/rules.d/70-xr.rules" ''
# Xreal Air 2 Pro
ATTRS{idVendor}=="3318", ATTRS{idProduct}=="0432", TAG+="uaccess"
'';
in
{
services.udev.packages = [ rules ];
}

68
packages/apps/forge-sparks/default.nix
View file

@ -1,68 +0,0 @@
{ stdenv
, desktop-file-utils
, meson
, ninja
, gettext
, pkg-config
, gtk4
, gtksourceview5
, gobject-introspection
, wrapGAppsHook4
, fetchFromGitHub
, gjs
, blueprint-compiler
, libadwaita
, libsecret
, libsoup_3
, libportal-gtk4
}:
let
troll = fetchFromGitHub {
owner = "sonnyp";
repo = "troll";
rev = "12a42a5afc8c6c26d3d782ea75b1e1372a0e8f36";
hash = "sha256-e9C9Du5j7tEy/q/OhbfCU7DD3Oe6Hnq1xcFYablBipw=";
};
in
stdenv.mkDerivation rec {
pname = "forge-sparks";
version = "0.2.0";
src = fetchFromGitHub {
owner = "rafaelmardojai";
repo = pname;
rev = version;
hash = "sha256-BxC5BqwSDuLBwG4a5/0pntuHhW05xDsmzO7yMQKi/vI=";
};
postPatch = ''
rmdir troll
cp -r ${troll} troll
chmod +w -R troll
patchShebangs troll/gjspack/bin
'';
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
wrapGAppsHook4
blueprint-compiler
];
buildInputs = [
gjs
gtk4
gtksourceview5
libadwaita
gobject-introspection
libsecret
libsoup_3
libportal-gtk4
];
}

6
packages/apps/identity/default.nix
View file

@ -7,8 +7,6 @@
, gettext , gettext
, python3 , python3
, rustPlatform , rustPlatform
, rustc
, cargo
, pkg-config , pkg-config
, glib , glib
, libhandy , libhandy
@ -43,9 +41,9 @@ stdenv.mkDerivation rec {
ninja ninja
pkg-config pkg-config
python3 python3
cargo rustPlatform.rust.cargo
rustPlatform.cargoSetupHook rustPlatform.cargoSetupHook
rustc rustPlatform.rust.rustc
wrapGAppsHook wrapGAppsHook
glib glib
]; ];

14
packages/apps/obfuscate/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv { lib, stdenv
, desktop-file-utils , desktop-file-utils
, fetchFromGitLab , fetchFromGitLab
, nix-update-script , nix-update-script
@ -7,8 +7,6 @@
, gettext , gettext
, python3 , python3
, rustPlatform , rustPlatform
, rustc
, cargo
, pkg-config , pkg-config
, glib , glib
, libadwaita , libadwaita
@ -21,20 +19,20 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "obfuscate"; pname = "obfuscate";
version = "0.0.9"; version = "0.0.4";
src = fetchFromGitLab { src = fetchFromGitLab {
domain = "gitlab.gnome.org"; domain = "gitlab.gnome.org";
owner = "World"; owner = "World";
repo = "obfuscate"; repo = "obfuscate";
rev = version; rev = version;
sha256 = "sha256-aUhzact437V/bSsG2Ddu2mC03LbyXFg+hJiuGy5NQfQ="; sha256 = "sha256-P8Y2Eizn1BMZXuFjGMXF/3oAUzI8ZNTrnbLyU+V6uk4=";
}; };
cargoDeps = rustPlatform.fetchCargoTarball { cargoDeps = rustPlatform.fetchCargoTarball {
inherit src; inherit src;
name = "${pname}-${version}"; name = "${pname}-${version}";
hash = "sha256-O/Bg8b5ZEId3PNebd19TIrFvyb0yngtKuMNJlM8M5Fg="; hash = "sha256-eKXVN3PHgeLeG4qxh30VhyMX0FMOO/ZlZ8trUGIs2sc=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
@ -44,9 +42,9 @@ stdenv.mkDerivation rec {
ninja ninja
pkg-config pkg-config
python3 python3
cargo rustPlatform.rust.cargo
rustPlatform.cargoSetupHook rustPlatform.cargoSetupHook
rustc rustPlatform.rust.rustc
wrapGAppsHook wrapGAppsHook
glib glib
]; ];

32
packages/apps/sonnyp-commit/always-use-latest.patch
View file

@ -1,32 +0,0 @@
By default, commit displays something along of "git config core.editors /nix/store/[...]/bin/re.sonny.Commit"
as command to set it as git editor. Since this would break on upgrades, just use the non-versioned binary
diff --git a/src/welcome.js b/src/welcome.js
index c410e2d..62e46ba 100644
--- a/src/welcome.js
+++ b/src/welcome.js
@@ -70,24 +70,7 @@ export default function Welcome({ application }) {
}
function getCommand() {
- const FLATPAK_ID = GLib.getenv("FLATPAK_ID");
- const { programInvocationName } = system;
-
- if (FLATPAK_ID) {
- return `flatpak run --file-forwarding ${FLATPAK_ID} @@`;
- }
-
- // re.sonny.Commit
- if (programInvocationName === GLib.path_get_basename(programInvocationName)) {
- return programInvocationName;
- }
-
- // ./re.sonny.commit
- // /home/sonny/re.sonny.Commit
- return GLib.canonicalize_filename(
- programInvocationName,
- GLib.get_current_dir(),
- );
+ return "re.sonny.Commit";
}
function getRange(key) {

64
packages/apps/sonnyp-commit/default.nix
View file

@ -1,64 +0,0 @@
{ stdenv
, lib
, desktop-file-utils
, meson
, ninja
, gettext
, pkg-config
, gtk4
, gtksourceview5
, gobject-introspection
, wrapGAppsHook4
, fetchFromGitHub
, gjs
, libadwaita
}:
stdenv.mkDerivation rec {
pname = "commit";
version = "3.2.0";
src = fetchFromGitHub {
owner = "sonnyp";
repo = "Commit";
rev = "v${version}";
hash = "sha256-nnjHuE7MzCuoPfCb4MA00BIzLPbhgR6mbeWYagmNjME=";
};
patches = [
./always-use-latest.patch
];
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
wrapGAppsHook4
];
buildInputs = [
gjs
gtk4
gtksourceview5
libadwaita
gobject-introspection
];
postPatch = ''
substituteInPlace src/re.sonny.Commit \
--replace "/usr/bin/env -S gjs" ${gjs}/bin/gjs
'';
dontPatchShebangs = true;
meta = with lib; {
homepage = "https://commit.sonny.re/";
description = "Commit message editor";
maintainers = [ maintainers.Cogitri ];
license = licenses.gpl3Plus;
platforms = platforms.linux;
};
}

2658
packages/apps/tubefeeder/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

60
packages/apps/tubefeeder/default.nix
View file

@ -1,60 +0,0 @@
{ stdenv
, desktop-file-utils
, fetchFromGitLab
, gettext
, glib
, gtk4
, libadwaita
, meson
, ninja
, openssl
, pkg-config
, python3
, rustPlatform
, rustc
, cargo
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "pipeline";
version = "1.14.5";
src = fetchFromGitLab {
owner = "schmiddi-on-mobile";
repo = "pipeline";
rev = "v${version}";
sha256 = "sha256-C5mFOYYrm8e2zlac7qclhpONKuqdvqfwT74gSX28VPs=";
};
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"tf_core-0.1.4" = "sha256-yOuvHLyX/qUJSs62VbripKwIEoErsPu9rzbKMdndvmc=";
};
};
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
python3
cargo
rustPlatform.cargoSetupHook
rustc
wrapGAppsHook
];
buildInputs = [
glib
gtk4
libadwaita
openssl
];
postPatch = ''
patchShebangs build-aux/meson_post_install.py
'';
}

64
packages/apps/vaults/default.nix
View file

@ -1,64 +0,0 @@
{ lib, stdenv
, cryfs
, desktop-file-utils
, fetchFromGitHub
, gettext
, glib
, gtk4
, libadwaita
, meson
, ninja
, pkg-config
, python3
, rustPlatform
, rustc
, cargo
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "vaults";
version = "0.6.0";
src = fetchFromGitHub {
owner = "mpobaschnig";
repo = "Vaults";
rev = version;
sha256 = "sha256-1WxzE3sH4QpUU13mTLjYt1zMUgAQ+OA7J5j4pwG9oWo=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-uUO7l+B/6I+XxEb0xxBynq9CC8ixRAvdJ2HWTCVyeQM=";
};
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
python3
cargo
rustPlatform.cargoSetupHook
rustc
wrapGAppsHook
];
buildInputs = [
glib
gtk4
libadwaita
];
postPatch = ''
patchShebangs build-aux/meson_post_install.py
'';
preFixup = ''
gappsWrapperArgs+=(
--prefix PATH ":" "${lib.makeBinPath [ cryfs ]}"
);
'';
}

52
packages/apps/webfont-kit-generator/default.nix
View file

@ -1,52 +0,0 @@
{ fetchFromGitHub
, meson, pkg-config, ninja
, python3
, glib, appstream-glib , desktop-file-utils
, gobject-introspection, gtk4, libadwaita
, wrapGAppsHook
, gnome
, gtksourceview5
, libsoup_3
}:
python3.pkgs.buildPythonApplication rec {
pname = "webfont-kit-generator";
version = "1.0.3";
format = "other";
src = fetchFromGitHub {
owner = "rafaelmardojai";
repo = pname;
rev = version;
sha256 = "sha256-aD/1moWIiU4zpLTW+VHH9n/sj10vCZ8UzB2ey3mR0/k=";
};
nativeBuildInputs = [
meson
pkg-config
ninja
appstream-glib
desktop-file-utils
gobject-introspection
wrapGAppsHook
];
buildInputs = [
glib
gtk4
libadwaita
gtksourceview5
libsoup_3
gnome.adwaita-icon-theme
];
propagatedBuildInputs = with python3.pkgs; [
pygobject3
fonttools
brotli
];
postPatch = ''
patchShebangs build-aux/meson/postinstall.py
'';
}

7
packages/data/privatevoid-smart-card-certificate-authority-bundle.nix Normal file
View file

@ -0,0 +1,7 @@
{ fetchurl }:
fetchurl {
url =
"https://export.privatevoid.net/Certificates/PRIVATEVOID.NET__Private_Void_Smart_Card_Authority-bundle-s12.pem";
sha256 = "3939eb6512e5675bb27028f9bf9892dbb1d1a60b014f4537f8d2b6180deece68";
}

14
packages/dream2nix/overrides/nodejs/default.nix
View file

@ -8,5 +8,17 @@
}: }:
{ {
shinobi.directory-patches = {
patches = [
./shinobi/0001-packageDirectory.patch
./shinobi/0002-use-packageDirectory-for-languages.patch
./shinobi/0003-use-s.location.languages.patch
./shinobi/0004-use-packageDirectory-for-folders.patch
./shinobi/0005-use-packageDirectory-for-definitions.patch
./shinobi/0006-use-packageDirectory-for-web-server-paths.patch
./shinobi/0007-remove-terminalCommands.patch
./shinobi/0008-disable-subscription-bullshit.patch
./shinobi/0009-remove-updater-logic.patch
];
};
} }

28
packages/dream2nix/overrides/nodejs/shinobi/0001-packageDirectory.patch Normal file
View file

@ -0,0 +1,28 @@
From 033c0a2889ec62ffbb3c489676fb315b3780ba60 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:15:23 +0100
Subject: [PATCH 1/9] packageDirectory
---
libs/process.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libs/process.js b/libs/process.js
index 9f3852e..b19384a 100644
--- a/libs/process.js
+++ b/libs/process.js
@@ -30,8 +30,10 @@ module.exports = function(process,__dirname){
isWin : (process.platform === 'win32' || process.platform === 'win64'),
//UTC Offset
utcOffset : require('moment')().utcOffset(),
- //directory path for this file
+ //directory path for cwd
mainDirectory : process.cwd(),
+ //directory path for this file
+ packageDirectory : require('path').resolve(__dirname),
//time start
timeStarted : new Date()
--
2.35.1

25
packages/dream2nix/overrides/nodejs/shinobi/0002-use-packageDirectory-for-languages.patch Normal file
View file

@ -0,0 +1,25 @@
From 955e63a2f2cd13b84fb8de1c379b5a7dc98c3dc4 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:19:58 +0100
Subject: [PATCH 2/9] use packageDirectory for languages
---
libs/config.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/config.js b/libs/config.js
index 27dae08..e2c8dae 100644
--- a/libs/config.js
+++ b/libs/config.js
@@ -2,7 +2,7 @@ module.exports = function(s){
s.location = {
super : s.mainDirectory+'/super.json',
config : s.mainDirectory+'/conf.json',
- languages : s.mainDirectory+'/languages'
+ languages : s.packageDirectory+'/languages'
}
try{
var config = require(s.location.config)
--
2.35.1

25
packages/dream2nix/overrides/nodejs/shinobi/0003-use-s.location.languages.patch Normal file
View file

@ -0,0 +1,25 @@
From 585c3b05855e4bf3e2bf059d0fda0a893700d3a0 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:26:44 +0100
Subject: [PATCH 3/9] use s.location.languages
---
libs/language.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/language.js b/libs/language.js
index 285d514..3f964b6 100644
--- a/libs/language.js
+++ b/libs/language.js
@@ -16,7 +16,7 @@ module.exports = function(s,config){
return Object.assign({},lang)
}
s.listOfPossibleLanguages = []
- fs.readdirSync(s.mainDirectory + '/languages').forEach(function(filename){
+ fs.readdirSync(s.location.languages).forEach(function(filename){
var name = filename.replace('.json','')
s.listOfPossibleLanguages.push({
"name": name,
--
2.35.1

43
packages/dream2nix/overrides/nodejs/shinobi/0004-use-packageDirectory-for-folders.patch Normal file
View file

@ -0,0 +1,43 @@
From 1f2260eae4be7084e209f07c2316328ed221433e Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:28:48 +0100
Subject: [PATCH 4/9] use packageDirectory for folders
---
libs/folders.js | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libs/folders.js b/libs/folders.js
index 54f9acc..d35d337 100644
--- a/libs/folders.js
+++ b/libs/folders.js
@@ -3,7 +3,7 @@ module.exports = function(s,config,lang){
//directories
s.group = {}
if(!config.windowsTempDir&&s.isWin===true){config.windowsTempDir='C:/Windows/Temp'}
- if(!config.defaultMjpeg){config.defaultMjpeg=s.mainDirectory+'/web/libs/img/bg.jpg'}
+ if(!config.defaultMjpeg){config.defaultMjpeg=s.packageDirectory+'/web/libs/img/bg.jpg'}
//default stream folder check
if(!config.streamDir){
if(s.isWin === false){
@@ -62,7 +62,7 @@ module.exports = function(s,config,lang){
value:""
}
]
- fs.readdirSync(s.mainDirectory + '/web/libs/audio').forEach(function(file){
+ fs.readdirSync(s.packageDirectory + '/web/libs/audio').forEach(function(file){
s.listOfAudioFiles.push({
name: file,
value: file
@@ -75,7 +75,7 @@ module.exports = function(s,config,lang){
value:""
}
]
- fs.readdirSync(s.mainDirectory + '/web/libs/themes').forEach(function(folder){
+ fs.readdirSync(s.packageDirectory + '/web/libs/themes').forEach(function(folder){
s.listOfThemes.push({
name: folder,
value: folder
--
2.35.1

25
packages/dream2nix/overrides/nodejs/shinobi/0005-use-packageDirectory-for-definitions.patch Normal file
View file

@ -0,0 +1,25 @@
From 48b276736cf7fbd721dad40b5cabca1fb094b5d9 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:35:04 +0100
Subject: [PATCH 5/9] use packageDirectory for definitions
---
libs/definitions.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/definitions.js b/libs/definitions.js
index a58a6e2..d60cad9 100644
--- a/libs/definitions.js
+++ b/libs/definitions.js
@@ -1,7 +1,7 @@
var fs = require('fs')
var express = require('express')
module.exports = function(s,config,lang,app,io){
- s.location.definitions = s.mainDirectory+'/definitions'
+ s.location.definitions = s.packageDirectory+'/definitions'
try{
var definitions = require(s.location.definitions+'/'+config.language+'.js')(s,config,lang)
}catch(er){
--
2.35.1

64
packages/dream2nix/overrides/nodejs/shinobi/0006-use-packageDirectory-for-web-server-paths.patch Normal file
View file

@ -0,0 +1,64 @@
From c700ec6a01cfc99a639484e9045fc4492466c6ee Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:48:34 +0100
Subject: [PATCH 6/9] use packageDirectory for web server paths
---
libs/webServerPaths.js | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libs/webServerPaths.js b/libs/webServerPaths.js
index fba78ba..b72aff6 100644
--- a/libs/webServerPaths.js
+++ b/libs/webServerPaths.js
@@ -77,7 +77,7 @@ module.exports = function(s,config,lang,app,io){
////Pages
app.enable('trust proxy');
if(config.webPaths.home !== '/'){
- app.use('/libs',express.static(s.mainDirectory + '/web/libs'))
+ app.use('/libs',express.static(s.packageDirectory + '/web/libs'))
}
[
[config.webPaths.home,'libs','/web/libs'],
@@ -87,7 +87,7 @@ module.exports = function(s,config,lang,app,io){
[config.webPaths.admin,'assets','/web/assets'],
[config.webPaths.super,'assets','/web/assets'],
].forEach((piece) => {
- app.use(s.checkCorrectPathEnding(piece[0])+piece[1],express.static(s.mainDirectory + piece[2]))
+ app.use(s.checkCorrectPathEnding(piece[0])+piece[1],express.static(s.packageDirectory + piece[2]))
})
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
@@ -95,10 +95,10 @@ module.exports = function(s,config,lang,app,io){
res.header("Access-Control-Allow-Origin",'*');
next()
})
- app.set('views', s.mainDirectory + '/web');
+ app.set('views', s.packageDirectory + '/web');
app.set('view engine','ejs');
//add template handler
- if(config.renderPaths.handler!==undefined){require(s.mainDirectory+'/web/'+config.renderPaths.handler+'.js').addHandlers(s,app,io,config)}
+ if(config.renderPaths.handler!==undefined){require(s.packageDirectory+'/web/'+config.renderPaths.handler+'.js').addHandlers(s,app,io,config)}
/**
* API : Logout
@@ -339,7 +339,7 @@ module.exports = function(s,config,lang,app,io){
define: s.getDefinitonFile(userInfo.details.lang),
addStorage: s.dir.addStorage,
fs: fs,
- __dirname: s.mainDirectory,
+ __dirname: s.packageDirectory,
customAutoLoad: s.customAutoLoadTree
})
break;
@@ -1850,6 +1850,6 @@ module.exports = function(s,config,lang,app,io){
res.on('finish',function(){
res.end()
})
- fs.createReadStream(s.mainDirectory + '/web/pages/robots.txt').pipe(res)
+ fs.createReadStream(s.packageDirectory + '/web/pages/robots.txt').pipe(res)
})
}
--
2.35.1

37
packages/dream2nix/overrides/nodejs/shinobi/0007-remove-terminalCommands.patch Normal file
View file

@ -0,0 +1,37 @@
From a2a0608c4844520b0660bdf48b5376ed0a42e7af Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:51:47 +0100
Subject: [PATCH 7/9] remove terminalCommands
---
libs/startup.js | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/libs/startup.js b/libs/startup.js
index b1c8e56..247eeee 100644
--- a/libs/startup.js
+++ b/libs/startup.js
@@ -32,19 +32,7 @@ module.exports = function(s,config,lang,io){
var next = function(){
if(callback)callback()
}
- if(!s.isWin && s.packageJson.mainDirectory !== '.'){
- var etcPath = '/etc/shinobisystems/cctv.txt'
- fs.stat(etcPath,function(err,stat){
- if(err || !stat){
- exec('node '+ s.mainDirectory + '/INSTALL/terminalCommands.js',function(err){
- if(err)console.log(err)
- })
- }
- next()
- })
- }else{
- next()
- }
+ next()
}
var loadedAccounts = []
var foundMonitors = []
--
2.35.1

48
packages/dream2nix/overrides/nodejs/shinobi/0008-disable-subscription-bullshit.patch Normal file
View file

@ -0,0 +1,48 @@
From adb23ffced5408cc010b3863ba88fe81e39f17ce Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 21:38:42 +0100
Subject: [PATCH 8/9] disable subscription bullshit
---
libs/startup.js | 4 ++--
libs/webServerSuperPaths.js | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libs/startup.js b/libs/startup.js
index 247eeee..a810171 100644
--- a/libs/startup.js
+++ b/libs/startup.js
@@ -383,7 +383,7 @@ module.exports = function(s,config,lang,io){
}
})
}
- config.userHasSubscribed = false
+ config.userHasSubscribed = true
//check disk space every 20 minutes
if(config.autoDropCache===true){
setInterval(function(){
@@ -404,7 +404,7 @@ module.exports = function(s,config,lang,io){
await checkForStaticUsers()
//check for subscription
checkSubscription(config.subscriptionId,function(hasSubcribed){
- config.userHasSubscribed = hasSubcribed
+ config.userHasSubscribed = true
//check terminal commander
checkForTerminalCommands(function(){
//load administrators (groups)
diff --git a/libs/webServerSuperPaths.js b/libs/webServerSuperPaths.js
index bfbccf9..1d1bf3b 100644
--- a/libs/webServerSuperPaths.js
+++ b/libs/webServerSuperPaths.js
@@ -167,7 +167,7 @@ module.exports = function(s,config,lang,app){
}
checkSubscription(subscriptionId,function(hasSubcribed){
endData.ok = hasSubcribed
- config.userHasSubscribed = hasSubcribed
+ config.userHasSubscribed = true
s.closeJsonResponse(res,endData)
})
},res,req)
--
2.35.1

44
packages/dream2nix/overrides/nodejs/shinobi/0009-remove-updater-logic.patch Normal file
View file

@ -0,0 +1,44 @@
From 78e72ba70ddbe690720fd7351934481534fed6c2 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Thu, 17 Mar 2022 23:28:40 +0100
Subject: [PATCH 9/9] remove updater logic
---
libs/system/utils.js | 21 +--------------------
1 file changed, 1 insertion(+), 20 deletions(-)
diff --git a/libs/system/utils.js b/libs/system/utils.js
index c41c4f6..d045bac 100644
--- a/libs/system/utils.js
+++ b/libs/system/utils.js
@@ -46,26 +46,7 @@ module.exports = (config) => {
},
updateSystem: () => {
return new Promise((resolve,reject) => {
- if(!config.thisIsDocker){
- if(currentlyUpdating){
- resolve(true)
- return
- };
- currentlyUpdating = true
- const updateProcess = spawn('sh',[s.mainDirectory + '/UPDATE.sh'])
- updateProcess.stderr.on('data',(data) => {
- s.systemLog('UPDATE.sh',data.toString())
- })
- updateProcess.stdout.on('data',(data) => {
- s.systemLog('UPDATE.sh',data.toString())
- })
- updateProcess.on('exit',(data) => {
- resolve(true)
- currentlyUpdating = false
- })
- }else{
- resolve(false)
- }
+ resolve(false)
})
}
}
--
2.35.1

5589
packages/dream2nix/packages/shinobi/plugins/openalpr/dream-lock.json Normal file
View file

File diff suppressed because it is too large Load diff

5589
packages/dream2nix/packages/shinobi/plugins/tensorflow-coral/dream-lock.json Normal file
View file

File diff suppressed because it is too large Load diff

5589
packages/dream2nix/packages/shinobi/plugins/tensorflow/dream-lock.json Normal file
View file

File diff suppressed because it is too large Load diff

5589
packages/dream2nix/packages/shinobi/plugins/yolo/dream-lock.json Normal file
View file

File diff suppressed because it is too large Load diff

30
packages/networking/evil/default.nix
View file

@ -1,30 +0,0 @@
{ stdenv, fetchFromGitHub, kernel }:
stdenv.mkDerivation rec {
pname = "evil";
version = "1.0.0";
name = "${pname}-${kernel.version}-${version}";
src = fetchFromGitHub {
owner = "alwilson";
repo = pname;
rev = "096ba9bf408fc714dc09a2e41be9ec03fc50ee4a";
sha256 = "sha256-t0iJwIIThNkCcR2P1kJRdffcY6HmFg5qvJeXQhPfy6U=";
};
nativeBuildInputs = kernel.moduleBuildDependencies;
makeFlags = kernel.makeFlags ++ [
"KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
"KVER=${kernel.modDirVersion}"
"KERNEL_MODLIB=$(out)/lib/modules/${kernel.modDirVersion}"
"INCLUDEDIR=$(out)/include"
];
installPhase = ''
installDir=$out/lib/modules/${kernel.modDirVersion}/extra
xz evil.ko
install -d $installDir
install -m644 evil.ko.xz $installDir
'';
}

2
packages/networking/hyprspace/0001-Lain-ipfs-bootstrap-nodes.patch
View file

@ -60,7 +60,7 @@ index 65d13c8..736101a 100644
- "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN", - "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN",
- "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa", - "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa",
- "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb", - "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb",
+ "/ip4/95.216.8.12/tcp/995/p2p/QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J", + "/ip4/168.235.67.108/tcp/4001/p2p/QmRMA5pWXtfuW1y5w2t9gYxrDDD6bPRLKdWAYnHTeCxZMm",
+ "/ip4/95.216.8.12/tcp/4001/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo", + "/ip4/95.216.8.12/tcp/4001/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo",
+ "/ip6/2001:41d0:800:1402::3f16:3fb5/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN", + "/ip6/2001:41d0:800:1402::3f16:3fb5/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN",
+ "/ip6/2001:818:da65:e400:a553:fbc1:f0b1:5743/tcp/4001/p2p/12D3KooWC1RZxLvAeEFNTZWk1FWc1sZZ3yemF4FNNRYa3X854KJ8", + "/ip6/2001:818:da65:e400:a553:fbc1:f0b1:5743/tcp/4001/p2p/12D3KooWC1RZxLvAeEFNTZWk1FWc1sZZ3yemF4FNNRYa3X854KJ8",

26
packages/networking/hyprspace/0004-Use-more-NAT-traversal-features.patch
View file

@ -1,26 +0,0 @@
From 46110b055eaaa0c1f815ff876da4713499c17bc8 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Fri, 17 Jun 2022 22:17:08 +0200
Subject: [PATCH 4/4] Use more NAT traversal features
---
p2p/node.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/p2p/node.go b/p2p/node.go
index 2f86317..0c9a250 100644
--- a/p2p/node.go
+++ b/p2p/node.go
@@ -49,6 +49,9 @@ func CreateNode(ctx context.Context, inputKey string, port int, handler network.
libp2p.NATPortMap(),
libp2p.DefaultMuxers,
libp2p.Transport(tcp.NewTCPTransport),
+ libp2p.EnableHolePunching(),
+ libp2p.EnableRelayService(),
+ libp2p.EnableNATService(),
libp2p.FallbackDefaults,
)
if err != nil {
--
2.36.0

90
packages/networking/hyprspace/0005-Grab-bootstrap-peers-from-IPFS-API.patch
View file

@ -1,90 +0,0 @@
From 3942aaa7dcfa8cfd2fe110cf2bda66b34ead6539 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 25 Sep 2022 01:29:25 +0200
Subject: [PATCH] Grab bootstrap peers from IPFS API
---
p2p/node.go | 44 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 43 insertions(+), 1 deletion(-)
diff --git a/p2p/node.go b/p2p/node.go
index 0c9a250..f5d5292 100644
--- a/p2p/node.go
+++ b/p2p/node.go
@@ -2,8 +2,12 @@ package p2p
import (
"context"
+ "encoding/json"
"errors"
"fmt"
+ "io/ioutil"
+ "net/http"
+ "net/url"
"os"
"sync"
@@ -22,6 +26,35 @@ import (
// Protocol is a descriptor for the Hyprspace P2P Protocol.
const Protocol = "/hyprspace/0.0.1"
+func getExtraBootstrapNodes(addr ma.Multiaddr) (nodesList []string) {
+ nodesList = []string{}
+ ip4, err := addr.ValueForProtocol(ma.P_IP4)
+ if err != nil {
+ return
+ }
+ port, err := addr.ValueForProtocol(ma.P_TCP)
+ if err != nil {
+ return
+ }
+ resp, err := http.PostForm("http://"+ip4+":"+port+"/api/v0/swarm/addrs", url.Values{})
+
+ defer resp.Body.Close()
+
+ apiResponse, err := ioutil.ReadAll(resp.Body)
+
+ if err != nil {
+ return
+ }
+ var obj = map[string]map[string][]string{}
+ json.Unmarshal([]byte(apiResponse), &obj)
+ for k, v := range obj["Addrs"] {
+ for _, addr := range v {
+ nodesList = append(nodesList, (addr + "/p2p/" + k))
+ }
+ }
+ return
+}
+
// CreateNode creates an internal Libp2p nodes and returns it and it's DHT Discovery service.
func CreateNode(ctx context.Context, inputKey string, port int, handler network.StreamHandler) (node host.Host, dhtOut *dht.IpfsDHT, err error) {
// Unmarshal Private Key
@@ -34,6 +67,15 @@ func CreateNode(ctx context.Context, inputKey string, port int, handler network.
if err != nil {
return
}
+ extraBootstrapNodes := []string{}
+ ipfsApiStr, ok := os.LookupEnv("HYPRSPACE_IPFS_API")
+ if ok {
+ ipfsApiAddr, err := ma.NewMultiaddr(ipfsApiStr)
+ if err == nil {
+ fmt.Println("[+] Getting additional peers from IPFS API")
+ extraBootstrapNodes = getExtraBootstrapNodes(ipfsApiAddr)
+ }
+ }
ip6tcp := fmt.Sprintf("/ip6/::/tcp/%d", port)
ip4tcp := fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", port)
@@ -74,7 +116,7 @@ func CreateNode(ctx context.Context, inputKey string, port int, handler network.
// Convert Bootstap Nodes into usable addresses.
BootstrapPeers := make(map[peer.ID]*peer.AddrInfo, len(peers))
- for _, addrStr := range peers {
+ for _, addrStr := range append(peers, extraBootstrapNodes...) {
addr, err := ma.NewMultiaddr(addrStr)
if err != nil {
return node, dhtOut, err
--
2.37.2

6
packages/networking/hyprspace/default.nix
View file

@ -1,6 +1,6 @@
{ lib, stdenv, buildGo117Module, fetchFromGitHub, iproute2mac }: { lib, stdenv, buildGoModule, fetchFromGitHub, iproute2mac }:
buildGo117Module rec { buildGoModule rec {
pname = "hyprspace"; pname = "hyprspace";
version = "0.2.2"; version = "0.2.2";
@ -10,8 +10,6 @@ buildGo117Module rec {
./0001-Lain-ipfs-bootstrap-nodes.patch ./0001-Lain-ipfs-bootstrap-nodes.patch
./0002-Remove-quic-transport-for-Lain-ipfs.patch ./0002-Remove-quic-transport-for-Lain-ipfs.patch
./0003-Remove-dep-from-go.mod.patch ./0003-Remove-dep-from-go.mod.patch
./0004-Use-more-NAT-traversal-features.patch
./0005-Grab-bootstrap-peers-from-IPFS-API.patch
]; ];
src = fetchFromGitHub { src = fetchFromGitHub {

24
packages/nixpak/amberol/default.nix
View file

@ -1,24 +0,0 @@
{ mkNixPak, amberol }:
mkNixPak {
config = { sloth, ... }: {
imports = [
../modules/gui-base.nix
../modules/mpris2-player.nix
];
flatpak.appId = "io.bassi.Amberol";
bubblewrap = {
bind.rw = [
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/amberol"))
(sloth.concat' sloth.xdgCacheHome "/amberol")
]
];
bind.ro = [
(sloth.concat' sloth.homeDir "/Music")
"/srv/data/music"
];
};
app.package = amberol;
};
}

17
packages/nixpak/dialect/default.nix
View file

@ -1,17 +0,0 @@
{ mkNixPak, dialect }:
mkNixPak {
config = { sloth, ... }: {
imports = [
../modules/gui-base.nix
../modules/network.nix
];
flatpak.appId = "app.drey.Dialect";
app = {
package = dialect;
extraEntrypoints = [
"/share/dialect/search_provider"
];
};
};
}

25
packages/nixpak/fragments/default.nix
View file

@ -1,25 +0,0 @@
{ mkNixPak, fragments }:
mkNixPak {
config = { sloth, ... }: {
imports = [ ../modules/gui-base.nix ];
flatpak.appId = "de.haeckerfelix.Fragments";
app.package = fragments;
dbus.policies = {
"org.freedesktop.secrets" = "talk";
};
bubblewrap = {
network = true;
bind.ro = [
"/etc/hosts"
];
bind.rw = [
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/fragments"))
(sloth.concat' sloth.xdgCacheHome "/fragments")
]
(sloth.concat' sloth.xdgConfigHome "/fragments")
];
};
};
}

58
packages/nixpak/modules/gui-base.nix
View file

@ -1,58 +0,0 @@
{ config, lib, pkgs, sloth, ... }:
let
envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
in
{
config = {
dbus.policies = {
"${config.flatpak.appId}" = "own";
"${config.flatpak.appId}.*" = "own";
"org.freedesktop.DBus" = "talk";
"org.gtk.vfs.*" = "talk";
"org.gtk.vfs" = "talk";
"ca.desrt.dconf" = "talk";
"org.freedesktop.portal.*" = "talk";
"org.a11y.Bus" = "talk";
};
gpu.enable = lib.mkDefault true;
gpu.provider = "bundle";
fonts.enable = true;
locale.enable = true;
bubblewrap = {
sockets = {
wayland = true;
pulse = true;
};
network = lib.mkDefault false;
bind.rw = [
(sloth.concat' sloth.xdgCacheHome "/fontconfig")
(sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
(envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
(envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
(envSuffix "XDG_RUNTIME_DIR" "/doc")
(envSuffix "XDG_RUNTIME_DIR" "/dconf")
];
bind.ro = [
(sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
(sloth.concat' sloth.xdgConfigHome "/dconf")
"/etc/localtime"
];
env = {
XDG_DATA_DIRS = lib.makeSearchPath "share" [
pkgs.gnome.adwaita-icon-theme
pkgs.gnome-themes-extra
pkgs.shared-mime-info
];
XCURSOR_PATH = lib.concatStringsSep ":" [
"${pkgs.gnome.adwaita-icon-theme}/share/icons"
"${pkgs.gnome.adwaita-icon-theme}/share/pixmaps"
];
};
};
};
}

6
packages/nixpak/modules/mpris2-player.nix
View file

@ -1,6 +0,0 @@
{ config, ... }:
{
dbus.policies = {
"org.mpris.MediaPlayer2.${config.flatpak.appId}" = "own";
};
}

6
packages/nixpak/modules/network.nix
View file

@ -1,6 +0,0 @@
{
etc.sslCertificates.enable = true;
bubblewrap = {
network = true;
};
}

51
packages/nixpak/ungoogled-chromium/default.nix
View file

@ -1,51 +0,0 @@
{ mkNixPak, ungoogled-chromium }:
mkNixPak {
config = { config, sloth, ... }: {
app.package = ungoogled-chromium;
flatpak = {
appId = "org.chromium.Chromium";
desktopFile = "chromium-browser.desktop";
};
imports = [
../modules/gui-base.nix
../modules/network.nix
../modules/mpris2-player.nix
];
# chromium doesn't use the expected MPRIS2 name format
dbus.policies = {
"org.mpris.MediaPlayer2.chromium.*" = "own";
};
bubblewrap = {
# for hidraw access (WebAuthn keys)
bind.dev = [ "/dev" ];
bind.rw = [
[
(sloth.mkdir (sloth.concat [
sloth.appCacheDir
"/nixpak-app-shared-tmp"
]))
"/tmp"
]
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/chromium"))
(sloth.concat' sloth.xdgCacheHome "/chromium")
]
[
# home-manager does some funny things
(sloth.concat [
sloth.xdgConfigHome
"/nixpak-ungoogled-chromium"
])
(sloth.concat [
sloth.xdgConfigHome
"/chromium"
])
]
(sloth.concat' sloth.homeDir "/Downloads")
"/tmp/.X11-unix"
(sloth.envOr "XAUTHORITY" "/no-xauth")
];
};
};
}

42
packages/nixpak/wike/default.nix
View file

@ -1,42 +0,0 @@
{ mkNixPak, wike, python3Packages }:
mkNixPak {
config = { sloth, ... }: {
imports = [
../modules/gui-base.nix
../modules/network.nix
];
flatpak.appId = "com.github.hugolabe.Wike";
bubblewrap = {
bind.rw = [
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/wike"))
(sloth.concat' sloth.xdgCacheHome "/wike")
]
];
};
app = {
# upstream wike is a bit broken
package = wike.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs ++ [
python3Packages.dbus-python
];
# fix double wrapping
dontWrapGApps = true;
makeWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
# properly wrap wike-sp
postFixup = (old.postFixup or "") + ''
wrapPythonProgramsIn $out/share/wike "$out $propagatedBuildInputs"
'';
});
extraEntrypoints = [
"/share/wike/wike-sp"
];
};
};
}

48
packages/packages.nix
View file

@ -1,7 +1,5 @@
{ inputs, pkgs }: { inputs, pkgs }:
let let
tools = import ./lib/tools.nix;
patch' = super: tools.patch super "patches/base/${super.pname}";
dream2nix = inputs.dream2nix.lib2.init { dream2nix = inputs.dream2nix.lib2.init {
inherit pkgs; inherit pkgs;
config = { config = {
@ -9,42 +7,14 @@ let
overridesDirs = [ "${inputs.dream2nix}/overrides" ./dream2nix/overrides ]; overridesDirs = [ "${inputs.dream2nix}/overrides" ./dream2nix/overrides ];
}; };
}; };
mkNixPak = inputs.nixpak.lib.nixpak {
inherit (pkgs) lib;
inherit pkgs;
};
sandbox = path: extra: (pkgs.callPackage path ({ inherit mkNixPak; } // extra)).config.env;
in in
{ {
amberol = sandbox ./nixpak/amberol { }; privatevoid-smart-card-ca-bundle = pkgs.callPackage ./data/privatevoid-smart-card-certificate-authority-bundle.nix { };
brig = pkgs.callPackage ./tools/brig { };
dialect = sandbox ./nixpak/dialect { };
evil = pkgs.linuxPackages_latest.callPackage ./networking/evil { };
jdtls = pkgs.callPackage ./development/langservers/jdtls.nix { }; jdtls = pkgs.callPackage ./development/langservers/jdtls.nix { };
doom-one-vim = pkgs.callPackage ./vim-plugins/doom-one-vim.nix { }; doom-one-vim = pkgs.callPackage ./vim-plugins/doom-one-vim.nix { };
fragments-remote = let
fakeTransmission = pkgs.writeShellScriptBin "transmission-daemon" ''
exec ${pkgs.coreutils}/bin/sleep +Infinity
'';
app = pkgs.fragments.overrideAttrs (_: {
preFixup = ''
gappsWrapperArgs+=(
--prefix PATH : "${pkgs.lib.makeBinPath [ fakeTransmission ] }"
)
'';
});
in sandbox ./nixpak/fragments { fragments = app; };
git-remote-ipld = pkgs.callPackage ./tools/git-remote-ipld { };
hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; }; hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; };
identity = pkgs.callPackage ./apps/identity { }; identity = pkgs.callPackage ./apps/identity { };
@ -53,17 +23,11 @@ in
neovim-gtk = pkgs.callPackage ./apps/neovim-gtk { }; neovim-gtk = pkgs.callPackage ./apps/neovim-gtk { };
sonnyp-commit = pkgs.callPackage ./apps/sonnyp-commit { }; shinobi = let
dream = dream2nix.makeFlakeOutputs {
source = inputs.shinobi;
};
in dream.packages.${pkgs.system}.shinobi // { inherit (dream.apps.${pkgs.system}) resolveImpure; };
steam-metro-skin = import ./data/misc/steam-metro-skin { inherit (pkgs) fetchzip; }; steam-metro-skin = import ./data/misc/steam-metro-skin { inherit (pkgs) fetchzip; };
tubefeeder = pkgs.callPackage ./apps/tubefeeder { };
ungoogled-chromium = sandbox ./nixpak/ungoogled-chromium { };
vaults = pkgs.callPackage ./apps/vaults { };
webfont-kit-generator = pkgs.callPackage ./apps/webfont-kit-generator { };
wike = sandbox ./nixpak/wike { };
} }

31
packages/patched-derivations.nix
View file

@ -7,30 +7,11 @@ super: rec {
doas-interactive = patch-rename super.doas "doas-interactive" "patches/base/doas"; doas-interactive = patch-rename super.doas "doas-interactive" "patches/base/doas";
kubo = patch super.kubo "patches/base/ipfs"; lain-ipfs = patch-rename super.ipfs "lain-ipfs" "patches/base/ipfs";
gnome-control-center = super.gnome-control-center.overrideAttrs (old: { gnome-control-center = patch' super.gnome.gnome-control-center;
postPatch = (old.postPatch or "") + ''
echo disabling alert sound chooser
${super.xmlstarlet}/bin/xmlstarlet edit -L \
-s '//property[@name="title" and text()="_Alert Sound"]/..' -t elem -n propertyAlertSoundVisible -v False \
-s //propertyAlertSoundVisible -t attr -n name -v visible \
-r //propertyAlertSoundVisible -v property \
panels/sound/cc-sound-panel.ui
test "$(${super.xmlstarlet}/bin/xmlstarlet select -t -c '//property[@name="title" and text()="_Alert Sound"]/../property[@name="visible"]/text()' panels/sound/cc-sound-panel.ui)" == "False" nautilus = (patch' super.gnome.nautilus).overrideAttrs (attrs: {
'';
});
libfprint = (patch' super.libfprint).overrideAttrs (old: {
buildInputs = old.buildInputs ++ [
super.openssl
];
});
fprintd = super.fprintd.override { inherit libfprint; };
nautilus = (patch' super.nautilus).overrideAttrs (attrs: {
preFixup = with super; preFixup = with super;
let py = (python3.withPackages (ps: with ps; [ ps.pygobject3 ])); let py = (python3.withPackages (ps: with ps; [ ps.pygobject3 ]));
in attrs.preFixup + '' in attrs.preFixup + ''
@ -48,9 +29,9 @@ super: rec {
vte-high-refresh-rate = patch' super.vte; vte-high-refresh-rate = patch' super.vte;
vte-gtk4-high-refresh-rate = patch' super.vte-gtk4;
tilix-high-refresh-rate = super.tilix.override { gtkd = super.gtkd.override { vte = vte-high-refresh-rate; }; }; tilix-high-refresh-rate = super.tilix.override { gtkd = super.gtkd.override { vte = vte-high-refresh-rate; }; };
blackbox-high-refresh-rate = (patch' super.blackbox-terminal).override { vte-gtk4 = vte-gtk4-high-refresh-rate; }; webkitgtk = patch' super.webkitgtk;
webkitgtk_4_1 = patch' super.webkitgtk_4_1;
} }

2
packages/patched-inputs.nix
View file

@ -1,7 +1,7 @@
let tools = import ./lib/tools.nix; let tools = import ./lib/tools.nix;
in with tools; in with tools;
inputs: rec { inputs: rec {
nix-super = inputs.nix-super.packages.x86_64-linux.default; nix-super = inputs.nix-super.defaultPackage.x86_64-linux;
deploy-rs = inputs.deploy-rs.packages.x86_64-linux.deploy-rs; deploy-rs = inputs.deploy-rs.packages.x86_64-linux.deploy-rs;

12
packages/tools/brig/default-repo-location.patch
View file

@ -1,12 +0,0 @@
diff --git a/cmd/util.go b/cmd/util.go
index 37ebfe64..ceee4730 100644
--- a/cmd/util.go
+++ b/cmd/util.go
@@ -79,6 +80,7 @@ func guessRepoFolder(ctx *cli.Context) (string, error) {
guessLocations := []string{
// TODO: For now just one.
+ (os.Getenv("HOME") + "/.brig"),
".",
}

47
packages/tools/brig/default.nix
View file

@ -1,47 +0,0 @@
{ lib, buildGoModule, fetchFromGitHub }:
let
vp = "github.com/sahib/brig/version";
version = {
major = "0";
minor = "5";
patch = "3";
releaseType = "develop";
gitRev = "6b7eccf8fcbd907fc759f8ca8aa814df8499e2ed";
};
in
buildGoModule {
pname = "brig";
version = "0.5.3pre";
subPackages = ["."];
patches = [
./default-repo-location.patch
./fix-ghost-remove.patch
./fix-replay-remove-already-gone.patch
./info-no-check-cached.patch
./ls-no-check-cached.patch
./pin-ls-recursive.patch
./repin-relaxed-locking.patch
./vcs-mapper-debug-to-logger.patch
];
src = fetchFromGitHub {
owner = "sahib";
repo = "brig";
rev = version.gitRev;
sha256 = "sha256-lCXSeTIZcIcVcblm9BTUMqTfxO7+BHYQNv6/RlPq14A=";
};
vendorSha256 = "sha256-pFrrMq7VFCwt8KRgJApCq8lPYv0P8hIUOxKJMN9QR0U=";
ldflags = with version; [
"-s" "-w"
"-X ${vp}.Major=${major}"
"-X ${vp}.Minor=${minor}"
"-X ${vp}.Patch=${patch}"
"-X ${vp}.GitRev=${gitRev}"
"-X ${vp}.ReleaseType=${releaseType}"
"-X ${vp}.BuildTime=1970-01-01T01:00:01+01:00"
];
}

13
packages/tools/brig/fix-ghost-remove.patch
View file

@ -1,13 +0,0 @@
diff --git a/catfs/vcs/mapper.go b/catfs/vcs/mapper.go
index 5568e600..bfba247d 100644
--- a/catfs/vcs/mapper.go
+++ b/catfs/vcs/mapper.go
@@ -311,7 +311,7 @@ func (ma *Mapper) mapDirectory(srcCurr *n.Directory, dstPath string, force bool)
// No sibling found for this ghost.
if aliveDstCurr == nil {
- return ma.report(srcCurr, nil, false, false, false)
+ return ma.report(srcCurr, nil, false, true, false)
}
localBackCheck, err := ma.lkrSrc.LookupNodeAt(ma.srcHead, aliveDstCurr.Path())

15
packages/tools/brig/fix-replay-remove-already-gone.patch
View file

@ -1,15 +0,0 @@
diff --git a/catfs/vcs/change.go b/catfs/vcs/change.go
index 94800b23..e454c399 100644
--- a/catfs/vcs/change.go
+++ b/catfs/vcs/change.go
@@ -234,6 +234,10 @@ func replayAddMoveMapping(lkr *c.Linker, oldPath, newPath string) error {
func replayRemove(lkr *c.Linker, ch *Change) error {
currNd, err := lkr.LookupModNode(ch.Curr.Path())
if err != nil {
+ // file doesn't exist locally, nothing to do
+ if ie.IsNoSuchFileError(err) {
+ return nil
+ }
return e.Wrapf(err, "replay: lookup: %v", ch.Curr.Path())
}

27
packages/tools/brig/info-no-check-cached.patch
View file

@ -1,27 +0,0 @@
diff --git a/cmd/fs_handlers.go b/cmd/fs_handlers.go
index d86e8d91..f894ac89 100644
--- a/cmd/fs_handlers.go
+++ b/cmd/fs_handlers.go
@@ -591,14 +591,8 @@ func handleShowFileOrDir(ctx *cli.Context, ctl *client.Client, path string) erro
return tmpl.Execute(os.Stdout, info)
}
- isCached, err := ctl.IsCached(path)
- if err != nil {
- return err
- }
-
pinState := yesify(info.IsPinned)
explicitState := yesify(info.IsExplicit)
- cachedState := yesify(isCached)
nodeType := "file"
if info.IsDir {
@@ -627,7 +621,6 @@ func handleShowFileOrDir(ctx *cli.Context, ctl *client.Client, path string) erro
printPair("Inode", strconv.FormatUint(info.Inode, 10))
printPair("Pinned", pinState)
printPair("Explicit", explicitState)
- printPair("Cached", cachedState)
printPair("IsRaw", yesify(info.IsRaw))
printPair("ModTime", info.ModTime.Format(time.RFC3339))
printPair("Tree Hash", info.TreeHash.B58String())

37
packages/tools/brig/ls-no-check-cached.patch
View file

@ -1,37 +0,0 @@
diff --git a/cmd/fs_handlers.go b/cmd/fs_handlers.go
index f1791b16..d86e8d91 100644
--- a/cmd/fs_handlers.go
+++ b/cmd/fs_handlers.go
@@ -449,7 +449,7 @@ func handleList(ctx *cli.Context, ctl *client.Client) error {
userColumn = "USER\t"
}
- fmt.Fprintf(tabW, "SIZE\tBKEND\tMODTIME\t%sPATH\tPIN\tCACHED\tHINT\n", userColumn)
+ fmt.Fprintf(tabW, "SIZE\tBKEND\tMODTIME\t%sPATH\tPIN\tHINT\n", userColumn)
}
for _, entry := range entries {
@@ -467,22 +467,15 @@ func handleList(ctx *cli.Context, ctl *client.Client) error {
userEntry = color.GreenString(userMap[entry.User]) + "\t"
}
- isCached, err := ctl.IsCached(entry.Path)
- if err != nil {
- return err
- }
- cachedState := " " + pinStateToSymbol(isCached, false)
-
fmt.Fprintf(
tabW,
- "%s\t%s\t%s\t%s%s\t%s\t%s\t%s\n",
+ "%s\t%s\t%s\t%s%s\t%s\t%s\n",
colorForSize(entry.Size)(humanize.Bytes(entry.Size)),
colorForSize(entry.Size)(humanize.Bytes(uint64(entry.CachedSize))),
entry.ModTime.Format("2006-01-02 15:04:05 MST"),
userEntry,
coloredPath,
pinState,
- cachedState,
formatHint(entry.Hint),
)
}

13
packages/tools/brig/pin-ls-recursive.patch
View file

@ -1,13 +0,0 @@
diff --git a/backend/httpipfs/pin.go b/backend/httpipfs/pin.go
index 74c7dec..65d78b8 100644
--- a/backend/httpipfs/pin.go
+++ b/backend/httpipfs/pin.go
@@ -13,7 +13,7 @@ import (
// IsPinned returns true when `hash` is pinned in some way.
func (nd *Node) IsPinned(hash h.Hash) (bool, error) {
ctx := context.Background()
- resp, err := nd.sh.Request("pin/ls", hash.B58String()).Send(ctx)
+ resp, err := nd.sh.Request("pin/ls", hash.B58String()).Option("type", "recursive").Send(ctx)
if err != nil {
return false, err
}

41
packages/tools/brig/repin-relaxed-locking.patch
View file

@ -1,41 +0,0 @@
diff --git a/catfs/repin.go b/catfs/repin.go
index 63ba711e..f8b5b9d6 100644
--- a/catfs/repin.go
+++ b/catfs/repin.go
@@ -247,9 +247,12 @@ func (fs *FS) repin(root string) error {
savedStorage := uint64(0)
parts := []*partition{}
+ fs.mu.Unlock()
log.Infof("repin started (min=%d max=%d quota=%s)", minDepth, maxDepth, quotaSrc)
err = n.Walk(fs.lkr, rootNd, true, func(child n.Node) error {
+ fs.mu.Lock()
+ defer fs.mu.Unlock()
if child.Type() == n.NodeTypeDirectory {
return nil
}
@@ -259,6 +262,7 @@ func (fs *FS) repin(root string) error {
return e.Wrapf(ie.ErrBadNode, "repin")
}
+ fs.mu.Unlock()
part, err := fs.partitionNodeHashes(modChild, minDepth, maxDepth)
if err != nil {
return err
@@ -273,6 +277,7 @@ func (fs *FS) repin(root string) error {
if err != nil {
return err
}
+ fs.mu.Lock()
totalStorage += part.PinSize
addedToStorage += pinBytes
@@ -286,6 +291,7 @@ func (fs *FS) repin(root string) error {
return e.Wrapf(err, "repin: walk")
}
+ fs.mu.Lock()
quotaUnpins, err := fs.balanceQuota(parts, totalStorage, quota)
if err != nil {
return e.Wrapf(err, "repin: quota balance")

Some files were not shown because too many files have changed in this diff Show more