Compare commits

..

1 commit

Author SHA1 Message Date
Max
7bb46b1471 flake.lock: Update
Flake lock file updates:

• Updated input 'dream2nix':
    'github:nix-community/dream2nix/28b890821fb82f2918b5a6ec49dff4bfebaba108' (2022-03-28)
  → 'github:nix-community/dream2nix/98ca5ea9bca45e99f20042f135ee90b500d2c192' (2022-03-28)
2022-03-29 20:38:08 +02:00
141 changed files with 24406 additions and 10769 deletions

View file

@ -49,15 +49,10 @@ delta_prompt_init() {
hostnamevar='%m'
fi
local dirdisplay="%c"
if [[ -n $HOVER_HOME ]]; then
dirdisplay="[ %c ]"
fi
if [[ -n $SSH_CONNECTION ]]; then
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$hostnamevar $dirdisplay >%f "
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$hostnamevar %c >%f "
else
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$dirdisplay >%f "
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}%c >%f "
fi
zstyle ':vcs_info:*' enable git

1168
flake.lock

File diff suppressed because it is too large Load diff

View file

@ -4,46 +4,43 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nix-super.url = "gitlab:max/nix-super?host=git.privatevoid.net";
nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
nix-super.inputs.nixpkgs.follows = "nixpkgs";
modular-nvim.url = "git+https://git.privatevoid.net/max/modular-neovim-prototype";
modular-nvim.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/master";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nix-crx.url = "git+https://git.privatevoid.net/max/nix-crx.git";
nix-crx.url = "git+https://git.privatevoid.net/max/nix-crx";
nix-crx.inputs.nixpkgs.follows = "nixpkgs";
nix-vsx.url = "git+https://git.privatevoid.net/max/nix-vsx";
nix-vsx.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.inputs.naersk.follows = "naersk";
# re-pin naersk to fix deprecation warning in deploy-rs
naersk.url = "github:nmattia/naersk/master";
naersk.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
helix.url = "github:helix-editor/helix";
helix.inputs = {
nixpkgs.follows = "nixpkgs";
};
helix.url = "git+https://git.privatevoid.net/max/helix";
helix.inputs.nixpkgs.follows = "nixpkgs";
kernel-clr = { url = "github:clearlinux-pkgs/linux"; flake = false; };
dream2nix.url = "github:nix-community/dream2nix";
dream2nix.inputs.nixpkgs.follows = "nixpkgs";
nixpak.url = "github:nixpak/nixpak";
nixpak.inputs.nixpkgs.follows = "nixpkgs";
nil.url = "github:oxalica/nil";
nil.inputs.nixpkgs.follows = "nixpkgs";
hyprspace.url = "github:hyprspace/hyprspace";
hyprspace.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.url = "github:nix-community/lanzaboote";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
shinobi = { url = "gitlab:Shinobi-Systems/Shinobi/dashboard-v3"; flake = false; };
};
outputs = { self, nixpkgs, home-manager, nixos-hardware, ... }@inputs:
let
@ -51,7 +48,6 @@
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) (import ./packages/unfree.nix);
};
deploy-rs-lib = inputs.deploy-rs.lib.${system};
@ -74,14 +70,14 @@
deploy.nodes = with deploy-rs-lib; {
TITAN = {
hostname = "titan.hyprspace";
hostname = "titan.hypr";
profiles.system = {
user = "root";
path = activate.nixos self.nixosConfigurations.TITAN;
};
};
jericho = {
hostname = "jericho.hyprspace";
hostname = "jericho.hypr";
profiles.system = {
user = "root";
path = activate.nixos self.nixosConfigurations.jericho;
@ -105,14 +101,10 @@
homeConfigurations = {
max = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
{
home.homeDirectory = "/home/max";
home.username = "max";
}
./users/max/home.nix
];
inherit system;
homeDirectory = "/home/max";
username = "max";
configuration.imports = [ ./users/max/home.nix ];
extraSpecialArgs = { inherit inputs; };
};
};

View file

@ -4,12 +4,10 @@ tools: {
extraHostNames = clientResolve "titan";
};
hyprspace = {
hypr = {
id = "QmfJ5Tv2z9jFv9Aocevyn6QqRcfm9eYQZhvYvmAVfACfuM";
addr = "10.100.3.7";
listenPort = 443;
routes = [
"10.0.0.0/24"
];
};
nixos = import ./system.nix;

View file

@ -1,39 +0,0 @@
{ config, pkgs, inputs, ... }:
let
toml = pkgs.formats.toml {};
atticConfig = toml.generate "attic-upload-config.toml" {
default-server = "cache";
servers.cache.endpoint = "https://cache-api.privatevoid.net";
};
inherit (inputs.attic.packages.${pkgs.system}) attic;
in
{
age.secrets.attic-upload-key = {
file = ../../../secrets/attic-upload-key.age;
mode = "0400";
};
systemd.services.attic-upload = {
description = "Attic Uploader";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ config.nix.package ];
environment.XDG_CONFIG_HOME = "/tmp/attic-upload";
preStart = ''
install -dm700 "$XDG_CONFIG_HOME/attic"
cp --no-preserve=mode ${atticConfig} "$XDG_CONFIG_HOME/attic/config.toml"
echo "token = \"$ATTIC_TOKEN\"" >> "$XDG_CONFIG_HOME/attic/config.toml"
'';
serviceConfig = {
ExecStart = "${attic}/bin/attic watch-store nix-store";
Restart = "always";
RestartSec = "10s";
DynamicUser = true;
EnvironmentFile = config.age.secrets.attic-upload-key.path;
};
};
}

View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
age.secrets.cachix-upload-key = {
file = ../../../secrets/cachix-upload-key.age;
mode = "0400";
};
systemd.services.cachix-upload = {
description = "Cachix Uploader";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
path = [ config.nix.package ];
serviceConfig = {
ExecStart = "${pkgs.cachix}/bin/cachix watch-store max";
Restart = "always";
DynamicUser = true;
EnvironmentFile = config.age.secrets.cachix-upload-key.path;
};
};
}

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, ... }:
{
age.secrets = {
@ -6,6 +6,10 @@
file = ../../../secrets/transmission-rpc-password.age;
mode = "0400";
};
wireguard-key-upload = {
file = ../../../secrets/wireguard-key-upload.age;
mode = "0400";
};
};
users.groups.mediamanagers = {
@ -17,9 +21,8 @@
enable = true;
group = "mediamanagers";
settings = {
download-dir = "/srv/data/download";
incomplete-dir = "/srv/data/download/.incomplete";
incomplete-dir-enabled = false;
download-dir = "/srv/data/DOWNLOAD";
incomplete-dir = "/srv/data/DOWNLOAD/.incomplete";
# being a leech
speed-limit-up = 20;
@ -31,13 +34,41 @@
utp-enabled = false;
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,::1,10.100.0.1,10.100.0.*,10.100.1.*,10.100.3.*,100.64.*.*";
rpc-whitelist = "127.0.0.1,::1,10.100.0.1,10.100.0.*,10.100.1.*,10.100.3.*";
rpc-authentication-required = true;
};
credentialsFile = config.age.secrets.transmission-rpc-password.path;
};
systemd.services.transmission = {
after = [ "mnt-media\\x2duploads.mount" ];
unitConfig = {
RequiresMountsFor = [ "/mnt/media-uploads" ];
};
serviceConfig = {
BindPaths = [ "/mnt/media-uploads" ];
};
};
networking.firewall.interfaces.tungsten.allowedTCPPorts = [ 9091 ];
services.hyprspace.settings.services.fbi-download = "/tcp/${toString config.services.transmission.settings.rpc-port}";
networking.wireguard = {
enable = true;
interfaces.wgupload = {
ips = [ "10.150.0.2/24" ];
privateKeyFile = config.age.secrets.wireguard-key-upload.path;
allowedIPsAsRoutes = true;
peers = [
{
publicKey = "apKXnlMtcOe8WqCVXJAXEjzppN+qTmESlt0NjMTaclQ=";
allowedIPs = [ "10.150.0.0/24" ];
endpoint = "116.202.226.86:6969";
}
];
};
};
fileSystems."/mnt/media-uploads" = {
device = "10.150.0.254:/mnt/storage/media/media/uploads";
fsType = "nfs4";
noCheck = true;
options = [ "rsize=1024" "wsize=1024" "x-systemd.after=wireguard-wgupload.service" "x-systemd.mount-timeout=10s" ];
};
}

View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
services.xserver.videoDrivers = lib.mkOptionDefault [ "nvidia" ];
hardware.nvidia = {
nvidiaPersistenced = true;
open = false;
};
}

View file

@ -0,0 +1,64 @@
{ config, inputs, pkgs, ... }:
let
dataDir = "/srv/data/SHINOBI/shinobi";
shinobiConfigJson = builtins.toJSON {
ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg";
port = 38080;
db = {
host = "127.0.0.1";
port = 3306;
user = "majesticflame";
database = "ccio";
};
};
configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson;
secretFile = config.age.secrets.shinobi-secrets.path;
inherit (inputs.self.packages.${pkgs.system}) shinobi;
in
{
age.secrets.shinobi-secrets = {
file = ../../../secrets/shinobi-secrets.age;
owner = "shinobi";
group = "shinobi";
mode = "0400";
};
services.mysql = {
enable = true;
settings.mysqld.bind-address = "127.0.0.1";
package = pkgs.mariadb;
dataDir = "/srv/data/DB/mariadb";
};
users.users.shinobi = {
isSystemUser = true;
group = "shinobi";
};
users.groups.shinobi = {};
systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ];
systemd.services.shinobi = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.nodejs-14_x ];
preStart = ''
${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json
'';
serviceConfig = {
WorkingDirectory = dataDir;
User = "shinobi";
ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi";
KillSignal = "HUP";
OOMPolicy = "continue";
Restart = "on-abnormal";
RestartSec = "5s";
};
environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules";
};
networking.firewall.allowedTCPPorts = [ 38080 ];
}

View file

@ -1,9 +0,0 @@
{ config, ... }:
{
boot.extraModulePackages = [
config.boot.kernelPackages.vendor-reset
];
boot.initrd.kernelModules = [ "vendor-reset" ];
}

View file

@ -13,19 +13,11 @@
"usbhid"
"sd_mod"
"sr_mod"
"dm_cache_smq"
"dm_persistent_data"
"dm_bio_prison"
"dm_bufio"
"amdgpu"
"ddcci_backlight"
];
boot.initrd.kernelModules = [ "dm_cache" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
services.lvm.boot.thin.enable = true;
fileSystems."/" = {
device = "tmprootfs";
fsType = "tmpfs";
@ -39,9 +31,8 @@
};
fileSystems."/srv/data" = {
device = "/dev/mapper/tank-shelf";
fsType = "xfs";
neededForBoot = true;
device = "/dev/disk/by-label/butter";
fsType = "btrfs";
};
fileSystems."/nix" = {

View file

@ -1,14 +1,13 @@
{ config, lib, pkgs, aspect, inputs, hosts, ... }:
{ config, pkgs, aspect, inputs, hosts, ... }:
{
imports = [
./hardware-configuration.nix
./extras/attic-upload-daemon.nix
./extras/cachix-upload-daemon.nix
./extras/ddcci-backlight.nix
./extras/fbi-downloader.nix
./extras/nvidia-ml.nix
./extras/vendor-reset.nix
./extras/shinobi.nix
(import ../../users "desktop").users.max
inputs.agenix.nixosModules.age
]
@ -24,11 +23,11 @@
prowlarr
]);
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_6_6;
networking.hostName = "TITAN";
time.timeZone = "Europe/Vienna";
@ -39,31 +38,18 @@
keyMap = "de";
};
services.xserver.xkb.layout = "de";
services.xserver.layout = "de";
services.xserver.libinput.enable = true;
services.openssh.enable = true;
system.stateVersion = "22.05";
system.stateVersion = "20.09";
services.fstrim.enable = true;
users.mutableUsers = false;
virtualisation.podman.enable = true;
services.xserver.displayManager.gdm.autoSuspend = false;
boot.tmp = {
useTmpfs = true;
tmpfsSize = "75%";
};
networking.nat = {
enable = true;
externalInterface = "enp24s0";
internalIPs = [
"100.64.0.0/16"
];
};
}

View file

@ -12,60 +12,32 @@ in with tools.dns; {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
extraHostNames = subResolve "vegas" "backbone";
};
hyprspace = {
hypr = {
id = "QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J";
routes = [
"10.1.0.1/32"
"10.10.0.0/16"
];
addr = "10.100.3.5";
};
};
prophet = {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUG/ubwo68tt2jMP5ia0Sa4mnkWtlKVN5n4Y50U2nTC";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ4FyGi69MksEn+UJZ87vw1APqiZmPNlEYIr0CbEoGv";
extraHostNames = subResolve "prophet" "node";
};
hyprspace = {
hypr = {
id = "QmbrAHuh4RYcyN9fWePCZMVmQjbaNXtyvrDCWz4VrchbXh";
routes = [
"10.1.0.9/32"
];
addr = "10.100.3.9";
};
};
checkmate = {
styx = {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINImnMfEzUBU5qiuu05DMPrddTGypOtr+cL1/yQN2GFn";
extraHostNames = subResolve "checkmate" "node";
};
hyprspace = {
id = "12D3KooWL84sAtq1QTYwb7gVbhSNX5ZUfVt4kgYKz8pdif1zpGUh";
routes = [
"10.1.0.32/32"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYLrmiuPK77cw71QNzG2zaWs6gsxmYuLyqsUrWMYLnk";
extraHostNames = subResolve "styx" "services";
};
};
grail = {
AnimusAlpha = let extraHostNames = [ "alpha.animus.com" "animus.com" ]; in {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBi5Fm2pmMBhRgJms+me1ldt9Vgj9cMSnB7UllSz3mpY";
extraHostNames = subResolve "grail" "node";
};
hyprspace = {
id = "12D3KooWN31twBvdEcxz2jTv4tBfPe3mkNueBwDJFCN4xn7ZwFbi";
routes = [
"10.1.0.6/32"
];
};
};
thunderskin = {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8TbMvGXfAp9R2I9GdR7aLlGjxh2CW1pCZjQSB4TJp";
extraHostNames = subResolve "thunderskin" "node";
};
hyprspace = {
id = "12D3KooWB9AUPorFoACkWbphyargRBV9osJsYuQDumtQ85j7Aqmg";
routes = [
"10.1.0.4/32"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpFR47Ev+W+bdng6IrDVpl8rlKBBHSr1v5lwJmZcEFH";
extraHostNames = portMap 69 extraHostNames;
};
ssh.extraConfig = tools.ssh.extraConfig extraHostNames [ "Port 69" ];
};
}

View file

@ -4,8 +4,9 @@ tools: {
extraHostNames = clientResolve "jericho";
};
hyprspace = {
hypr = {
id = "QmccBLgGP3HR36tTkwSYZX3KDv2EXb1MvYwGVs6PbpbHv9";
addr = "10.100.3.13";
};
nixos = import ./system.nix;

View file

@ -1,9 +0,0 @@
{ config, lib, ... }:
{
boot.kernelPatches = lib.singleton {
name = "custom-kernel-config-${config.networking.hostName}";
patch = null;
extraConfig = builtins.readFile ./kernel-config.txt;
};
}

View file

@ -1,12 +0,0 @@
{ inputs, pkgs, ... }:
{
services.fprintd = {
enable = true;
};
security.pam.services = {
login.fprintAuth = false;
gdm-password.fprintAuth = false;
gdm-fingerprint.fprintAuth = true;
};
}

View file

@ -2,15 +2,24 @@
{
boot.kernelPatches = let
patch = pkgs.runCommand "kernel-clr-combined.patch" {
nativeBuildInputs = [ pkgs.gnugrep ];
} ''
cd ${inputs.kernel-clr}
grep -o '^%patch[0-9]* ' linux.spec \
| grep -o '[0-9]*' \
| xargs -I '{}' grep '^Patch{}:' linux.spec \
| cut -d" " -f2- | xargs cat >> $out
'';
pickPatch = x: "${inputs.kernel-clr}/${x}";
patchFiles = map pickPatch [
"0104-pci-pme-wakeups.patch"
"0108-smpboot-reuse-timer-calibration.patch"
"0110-give-rdrand-some-credit.patch"
"0111-ipv4-tcp-allow-the-memory-tuning-for-tcp-to-go-a-lit.patch"
"0118-add-scheduler-turbo3-patch.patch"
"0119-use-lfence-instead-of-rep-and-nop.patch"
"0120-do-accept-in-LIFO-order-for-cache-efficiency.patch"
"0121-locking-rwsem-spin-faster.patch"
"itmt_epb.patch"
"mm-wakeups.patch"
"percpu-minsize.patch"
"socket.patch"
];
patches = map builtins.readFile patchFiles;
patchSet = builtins.concatStringsSep "\n" patches;
patch = pkgs.writeText "kernel-clr-combined.patch" patchSet;
in [{
inherit patch;
name = "Clear Linux* patchset";

View file

@ -1,124 +0,0 @@
CAN n
CAIF n
AGP n
DRM_NOUVEAU n
DRM_VMWGFX n
DRM_AST n
DRM_MGAG200 n
DRM_QXL n
DRM_VIRTIO_GPU n
DRM_ETNAVIV n
DRM_CIRRUS_QEMU n
ACCESSIBILITY n
INFINIBAND n
HYPERV n
XEN_BALLOON n
XEN_DEV_EVTCHN n
XENFS n
XEN_SYS_HYPERVISOR n
XEN_GNTDEV n
XEN_GRANT_DEV_ALLOC n
XEN_PCIDEV_BACKEND n
XEN_PVCALLS_FRONTEND n
XEN_PVCALLS_BACKEND n
XEN_SCSI_BACKEND n
XEN_PRIVCMD n
XEN_ACPI_PROCESSOR n
GREYBUS n
SOUNDWIRE n
REISERFS_FS n
JFS_FS n
GFS2_FS n
OCFS2_FS n
NILFS2_FS n
ORANGEFS_FS n
ADFS_FS n
AFFS_FS n
BEFS_FS n
BFS_FS n
EFS_FS n
JFFS2_FS n
UBIFS_FS n
VXFS_FS n
MINIX_FS n
OMFS_FS n
HPFS_FS n
QNX4FS_FS n
QNX6FS_FS n
SYSV_FS n
KVM_AMD n
XEN_PCIDEV_FRONTEND n
VMD n
PCI_MESON n
PCCARD n
RAPIDIO n
GNSS n
MTD n
PARPORT n
BLK_DEV_SX8 n
CDROM_PKTCDVD n
ATA_OVER_ETH n
XEN_BLKDEV_FRONTEND n
XEN_BLKDEV_BACKEND n
FIREWIRE n
FIREWIRE_NOSY n
MACINTOSH_DRIVERS n
FDDI n
HIPPI n
NET_SB1000 n
SLIP n
XEN_NETDEV_FRONTEND n
XEN_NETDEV_BACKEND n
VMXNET3 n
DRM_RADEON n
DRM_AMDGPU n
MEMSTICK n
ATLAS_PH_SENSOR n
ATLAS_EZO_SENSOR n
BME680 n
CCS811 n
IAQCORE n
PMS7003 n
SCD30_CORE n
SCD4X n
SENSIRION_SGP30 n
SENSIRION_SGP40 n
SPS30_I2C n
SPS30_SERIAL n
SENSEAIR_SUNRISE_CO2 n
VZ89X n
IIO_CROS_EC_SENSORS_CORE n
AFE4403 n
AFE4404 n
MAX30100 n
MAX30102 n
AM2315 n
DHT11 n
HDC100X n
HDC2010 n
HID_SENSOR_HUMIDITY n
HTS221 n
HTU21 n
SI7005 n
SI7020 n
ABP060MG n
BMP280 n
DLHL60D n
DPS310 n
HID_SENSOR_PRESS n
HP03 n
ICP10100 n
MPL115_I2C n
MPL115_SPI n
MPL3115 n
MS5611 n
MS5637 n
IIO_ST_PRESS n
T5403 n
HP206C n
ZPA2326 n
IPACK_BUS n
PHY_CAN_TRANSCEIVER n
MCB n
FPGA n
SIOX n

View file

@ -1,18 +0,0 @@
{ config, inputs, ... }:
{
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];
age.secrets.secureBootKey.file = ../../../secrets/secure-boot-private-key-jericho.age;
boot.lanzaboote = {
enable = true;
configurationLimit = 50;
publicKeyFile = ./secure-boot/db.pem;
# BUG: the bootloader installation runs before/without the activation script,
# so this key may not exist unless the system has been activated beforehand.
privateKeyFile = config.age.secrets.secureBootKey.path;
};
}

View file

@ -1,29 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIE+TCCAuGgAwIBAgIRAKeYRMV7Va8InQlau+W84swwDQYJKoZIhvcNAQELBQAw
LjEVMBMGA1UEBhMMRGF0YWJhc2UgS2V5MRUwEwYDVQQDEwxEYXRhYmFzZSBLZXkw
HhcNMjMwMTExMjE0MDEzWhcNMjgwMTExMjE0MDEzWjAuMRUwEwYDVQQGEwxEYXRh
YmFzZSBLZXkxFTATBgNVBAMTDERhdGFiYXNlIEtleTCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBALG4gvuyX8lX0HhbLxEkKmEh1ikjR6XxGhWEHePa+xhC
aCHpPdG4R4Q3U/PGNteaxhoFCRTo6TkUcU/WtoYb3CNcDZ51mtUHtY9KFY5A5Yki
yPnNT0W+LFP+vz9B1U+soHp1EA6HgbB/CGWvhmMHwZSzhMsOTsad7nZaiaBfzUmU
p6y616XfI2RzpIlctxQGWNOL0lpdOqCW247ujJdubezvuoXw5gS+6yUi5ssegPdu
UuQkZvgO9yNawISSPNNLj7TbmOC19mQ0q3KcangCCt8/93bbjdtlWMwaDoiWCtL5
e7+Fo/MlhRovcmcz2wPGUr4tn/64mTuMWHhK9CvyIPS3hf7oNGZEWeSdvp8ppaM5
OtocRkDmJjSS+45iEU+d6TTWMrK6s+Mx9UWWJDn/HqRnlmxW4E2eFRhuFRW6/SaB
SbY3X36GMzByj84A4qKwkUGBCK9UZnflXiPv/KSumyg5wmQU4ulAirpMsGP6o78F
vKE8j8avHfC70LPuv9o+pgecp9F7Kg5f6ywGPfXSxv054znV6ZMxpUa0NjLEMp57
2PVfd3EeifgY4M4T5/wQulp8vxN9ipqD/toro16gRB2/Cb1o5FtwV9Fe4/ndVfUA
m8bnG2zo0iLU15L1iTW4vdDZp40BZhzptaz2Xuykqum+BK+8idNtZ8xG5Fy+rED3
AgMBAAGjEjAQMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAIJSY
Lp9/84FJv0/QSBJwI9Ly6p2lobaaZqsUVrOHYqz1Q6VU3zhhTbIYsdfiq/RJY/Dq
w7qPPHwDN9+MgeKPN89q/kXZcZGxO+mT+eAjNBzJUJ3dUfuuoDRgQQEzVd9jUmEA
F39SPZWoa4lefLNdKk7tGu/8T6wmXk03q/RHsG4xWHn4fLdg9XHI4g5o2W9Vorf/
Y2Tz+oQTSipRrqX7lZ0xHGriWp4qTHikBsunzZ/krupSCvAahzG+fDnNYuNHj1FX
/bsITw/2NU7xzJXIRI2+VPTRIppSyZ5hvRBrwfA7mVdRq2HjT0wIRfjnppJvNrOQ
iBKZb/q7shy7bq35SSLpnAQk4ne0BAqPbJP31UxZZ7lzSvynGCUQDwM7A50OkGLC
V9+ov+44+0NN7gCvXhhd8uPuunBTa9zv2gcnoBIy51KvBTxFZ4LOHeU9esPc7W/z
qVaU+yOP3lUJI0Ou285zkP1xhkJyLqv2WlfuXbNxBi3ZmAckrQTjh2llOjSBdy8F
Ce14ni9ybLiIouiEFtBEvDN4jMudDpL04zCuT9amkfznooQsak3T7QrvHl52qLDp
HLOtegwnn8M1ivoqmM6eValayBKN/2gFjHpHmZQmf7J636UNvs6FIvpsPznj+L7a
uJmcfil84qaqDLTNQJfIAyPvOqdnwFO8FiNuAQE=
-----END CERTIFICATE-----

View file

@ -18,6 +18,16 @@
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-partlabel/home";
fsType = "xfs";
};
fileSystems."/srv/data" = {
device = "/dev/disk/by-partlabel/data";
fsType = "xfs";
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.sensor.iio.enable = true;
}

View file

@ -3,11 +3,8 @@
{
imports = [
./hardware-configuration.nix
./extras/custom-kernel.nix
./extras/fprint.nix
./extras/i915-dp-hdmi-always-full-color-patch.nix
./extras/kernel-clr.nix
./extras/lanzaboote.nix
./extras/thermal.nix
(import ../../users "desktop").users.max
inputs.nixos-hardware.nixosModules.dell-xps-13-7390
@ -16,21 +13,24 @@
++ aspect.sets.laptop
++ (with aspect.modules; [ games ]);
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_9.override {
ignoreConfigErrors = true;
});
boot.kernelPackages = pkgs.linuxPackages_5_16;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "jericho";
time.timeZone = "Europe/Vienna";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "";
keyMap = "us";
};
services.xserver.xkb.layout = "us";
services.xserver.layout = "us";
services.xserver.libinput.enable = true;
services.openssh.enable = true;
@ -38,6 +38,6 @@
services.fstrim.enable = true;
services.kubo.dataDir = "/srv/data/ipfs";
services.ipfs.dataDir = "/srv/data/ipfs";
}

View file

@ -10,7 +10,7 @@
];
findResolve = list: dnameResolve (append "find" list) ++ append "f.void" list;
dnameResolve = list: append "private.void" list ++ append "privatevoid.net" list;
vpnResolve = list: dnameResolve (append "vpn" list) ++ (append "hyprspace" list);
vpnResolve = list: dnameResolve (append "vpn" list) ++ (append "hypr" list);
llmnrResolve = append "local";
append = part: map (x: "${x}.${part}");
portMap = port: map (x: "[${x}]:${builtins.toString port}");

View file

@ -8,15 +8,15 @@
inherit (patched)
ddcci-driver-with-global-control
kubo
nerdfonts-terminus
terminus_font_fancy
libfprint
fprintd
webkitgtk
;
doas = patched.doas-interactive;
ipfs = patched.lain-ipfs;
hydra-unstable = patched.hydra;
nix-direnv = super.nix-direnv.override {
@ -29,7 +29,14 @@
commandLineArgs = "--enable-features=OverlayScrollbar,OverlayScrollbarFlashAfterAnyScrollUpdate,OverlayScrollbarFlashWhenMouseEnter --auth-server-whitelist=*privatevoid.net";
};
inherit (patched) gnome-control-center nautilus;
gnome = super.gnome.overrideScope' (self': super': {
inherit (patched) nautilus;
gnome-control-center = patched.gnome-control-center.override { inherit (self') gnome-user-share; };
});
tilix = patched.tilix-high-refresh-rate;
}))
];
}

View file

@ -1,23 +0,0 @@
{ pkgs, config, inputs, ... }:
let
inherit (inputs.self.packages.${pkgs.system}) brig;
in
{
environment.systemPackages = [ brig ];
systemd.user.services.brig = {
description = "Brig Daemon";
wantedBy = [ "gnome-session.target" ];
path = [ "/run/wrappers" config.services.kubo.package ];
serviceConfig = {
ExecStart = "${brig}/bin/brig --repo %h/.brig daemon launch";
#ExecStartPost = "${brig}/bin/brig fstab apply";
Restart = "always";
Slice = "background.slice";
SyslogIdentifier = "brig";
};
environment = {
inherit (config.environment.variables) IPFS_PATH;
};
};
}

View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
let
port = 31350;
in
{
services.cockpit = {
enable = true;
inherit port;
package = pkgs.cockpit.overrideAttrs {
postFixup = ''
for package in apps kdump packagekit playground selinux sosreport; do
rm -rf $out/share/cockpit/$package
done
'';
};
};
services.hyprspace.settings.services.manage = "/tcp/${toString port}";
}

View file

@ -3,16 +3,13 @@ with builtins;
let
aspects = [
./autopatch
./brig
./cockpit
./desktop
./enterprise
./firewall
./games
./hardened
./hyprspace
./idm
./impurity-logger
./ipfs
./ipfs-lain
./jackett
./laptop-config
./lidarr
@ -27,7 +24,6 @@ let
./shell-config
./sound
./ssh
./xr
];
mappedAspects = map (x: { name = baseNameOf x; value = import x; }) aspects;
in rec {
@ -35,15 +31,13 @@ in rec {
sets = with modules; rec {
base = [
autopatch
cockpit
enterprise
hardened
idm
impurity-logger
];
networking = [ firewall ssh ];
client-networking = networking ++ [ networking-client nm-vdns-auto ipfs hyprspace ];
client-networking = networking ++ [ networking-client nm-vdns-auto ipfs-lain hyprspace ];
desktop = [
modules.desktop
@ -53,7 +47,6 @@ in rec {
nix-config
shell-config
sound
xr
] ++ base ++ client-networking;
laptop = desktop ++ [ laptop-config ];

View file

@ -1,5 +0,0 @@
{
hardware.bluetooth.settings = {
General.Experimental = true;
};
}

View file

@ -6,13 +6,6 @@
in {
imports = [
./package-sets.nix
./nixpak-tricks.nix
./hidden-apps.nix
./helix-desktop.nix
./open-in-blackbox.nix
./bluetooth.nix
./pkexec.nix
./security.nix
];
services.xserver = {
@ -27,57 +20,20 @@ in {
programs.adb.enable = true;
environment.gnome.excludePackages = with pkgs; [
environment.gnome.excludePackages = with pkgs.gnome; [
cheese
gnome-logs
gnome-music
gnome-console
gnome-photos
gnome-tour
orca
snapshot
totem
yelp
];
desktop.hiddenApps = [
"startcenter.desktop" # LibreOffice Start Center
"xsltfilter.desktop" # LibreOffice XSLT based filters
"xterm.desktop"
"cups.desktop"
"scrcpy-console.desktop"
# all the Krita mimetype stuff
"krita_brush.desktop"
"krita_csv.desktop"
"krita_exr.desktop"
"krita_gif.desktop"
"krita_heif.desktop"
"krita_heightmap.desktop"
"krita_jp2.desktop"
"krita_jpeg.desktop"
"krita_jxl.desktop"
"krita_kra.desktop"
"krita_krz.desktop"
"krita_ora.desktop"
"krita_pdf.desktop"
"krita_png.desktop"
"krita_psd.desktop"
"krita_qimageio.desktop"
"krita_raw.desktop"
"krita_spriter.desktop"
"krita_svg.desktop"
"krita_tga.desktop"
"krita_tiff.desktop"
"krita_webp.desktop"
"krita_xcf.desktop"
pkgs.gnome-photos
];
environment.variables = {
EDITOR = "hx";
EDITOR = "nvim";
SSH_ASKPASS = lib.mkForce "";
};
fonts.packages = with pkgs; [
fonts.fonts = with pkgs; [
terminus_font_fancy
terminus_font_ttf
nerdfonts-terminus
@ -87,10 +43,9 @@ in {
security = {
sudo.enable = false;
doas.enable = true;
doas.extraRules = lib.mkForce [ rec {
doas.extraRules = [{
groups = [ "wheel" ];
noPass = !config.services.fprintd.enable;
persist = !noPass;
noPass = true;
}];
};
@ -117,16 +72,11 @@ in {
services.packagekit.enable = lib.mkForce false;
programs.gnome-terminal.enable = false;
qt = {
qt5 = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
virtualisation.libvirtd = {
enable = true;
qemu.package = pkgs.qemu_kvm;
};
services.printing.drivers = with pkgs; [ hplip gutenprint ];
virtualisation.libvirtd.enable = true;
}

View file

@ -1,58 +0,0 @@
{ pkgs, ... }:
let
helixDesktop = pkgs.makeDesktopItem {
name = "net.privatevoid.HelixDesktop";
desktopName = "Helix";
comment = "Helix Editor";
mimeTypes = [
"text/plain"
"application/x-zerosize"
"inode/directory"
];
inherit icon;
tryExec = "hx";
exec = ''${hxOpenHandler} %F'';
};
icon = pkgs.fetchurl {
name = "helix-logo.svg";
url = "https://raw.githubusercontent.com/helix-editor/helix/d1a4bd876b3ae646693c0905d7f29b636e2e5033/logo.svg";
sha256 = "sha256-1XBrlGbCfkfYhIZuQ9eDBgDoohup/gQ9VZynEerUqcY=";
};
hxOpenHandler = pkgs.writeShellScript "hx-open-handler" ''
isDir () { test -d "$1"; }
isFile () { test -f "$1"; }
findAnyDir () {
for f in "$@"; do
if test -d "$f"; then
echo "$f"
return 0
fi
done
return 1
}
if [[ "$#" == 0 ]]; then
exec blackbox -w "$HOME" -c hx
elif [[ "$#" == 1 ]]; then
isDir "$1" && exec blackbox -w "$1" -c "hx ."
isFile "$1" && exec blackbox -w "$(dirname "$1")" -c "hx '$1'"
else
firstDir="$(findAnyDir "$@")"
findAnyDirStatus="$?"
if [[ "$findAnyDirStatus" == 0 ]]; then
exec blackbox -w "$firstDir" -c "hx ."
else
# magic: find common base directory
workDir="$(dirname "$@" | sed -e 'N;s/^\(.*\).*\n\1.*$/\1\n\1/;D')"
args=("$@")
exec blackbox -w "$workDir" -c "hx ''${args[*]@Q}"
fi
fi
'';
in
{
environment.systemPackages = [ helixDesktop ];
}

View file

@ -1,31 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (config.desktop) hiddenApps;
hiddenDesktopFile = pkgs.writeText "hidden.desktop" ''
[Desktop Entry]
Hidden=true
NoDisplay=true
'';
hiddenAppsPackage = pkgs.runCommandLocal "hidden-apps" {} ''
mkdir -p $out/share/applications
for app in ${lib.escapeShellArgs hiddenApps}; do
ln -sf ${hiddenDesktopFile} "$out/share/applications/$app"
done
'';
in
{
options.desktop = {
hiddenApps = lib.mkOption {
type = with lib.types; listOf str;
default = [];
};
};
config = lib.mkIf (hiddenApps != []) {
environment.systemPackages = [
(lib.hiPrio hiddenAppsPackage)
];
};
}

View file

@ -1,32 +0,0 @@
{ pkgs, ... }:
let
# tricks xdg-document-portal into not using the document portal for pointless things
# note that we report read-write even if the access is supposed to be read-only,
# because ticking the checkbox in the dialog every time is annoying, ro status
# is enforced by the sandbox anyway
# example call: flatpak info --file-access=/srv/file.txt com.nixpak.Whatever
documentPortalFileAccessTrick = pkgs.writeShellScriptBin "flatpak" ''
[[ "$1" == "info" ]] || exit 1
case "$3" in
org.chromium.Chromium)
case "''${2#--file-access=}" in
$HOME/Downloads*) echo read-write;;
*) echo hidden;;
esac;;
io.bassi.Amberol)
case "''${2#--file-access=}" in
$HOME/Music*) echo read-write;;
/srv/data/music*) echo read-write;;
*) echo hidden;;
esac;;
*)
echo hidden;;
esac
'';
in
{
environment.systemPackages = [
documentPortalFileAccessTrick
];
}

View file

@ -1,18 +0,0 @@
{ pkgs, ... }:
let
openInBlackBox = pkgs.makeDesktopItem {
name = "net.privatevoid.OpenInBlackBox";
desktopName = "Black Box";
noDisplay = true;
mimeTypes = [ "inode/directory" ];
icon = "com.raggesilver.BlackBox";
startupNotify = false;
tryExec = "blackbox";
exec = "blackbox -w %f";
};
in
{
environment.systemPackages = [ openInBlackBox ];
}

View file

@ -1,9 +1,10 @@
{ pkgs, inputs, lib, ... }: let
custom = inputs.self.packages.${pkgs.system};
sets = with pkgs; {
{ pkgs, config, inputs, lib, ... }: let
sets = with pkgs; rec {
editor = [
inputs.modular-nvim.defaultPackage.x86_64-linux
];
writing = [
(apostrophe.override { texliveMedium = pkgs.emptyDirectory; })
apostrophe
libreoffice
];
drawing = [
@ -11,7 +12,7 @@
gimp
inkscape
krita
rnote
xournalpp
];
cli-utils = [
bat
@ -26,45 +27,30 @@
xh
];
www = [
custom.ungoogled-chromium
ungoogled-chromium
];
gui-apps = with custom; [
amberol
blackbox-high-refresh-rate
cavalier
denaro
deja-dup
dialect
gui-apps = with inputs.self.packages.x86_64-linux; [
identity
obfuscate
fragments-remote
tubefeeder
wike
] ++ [
celluloid
easyeffects
endeavour
gnome-firmware-updater
gnome-podcasts
dconf-editor
gnome-boxes
gnome-sound-recorder
gnome-tweaks
nautilus-python
jellyfin-media-player
junction
newsflash
gnome.dconf-editor
gnome.gnome-boxes
gnome.gnome-todo
gnome.gnome-tweaks
gnome.nautilus-python
lollypop
pavucontrol
scrcpy
vaults
tilix
virt-manager
warp
];
dev-tools = [
d-spy
emblem
sysprof
textpieces
custom.git-remote-ipld
custom.webfont-kit-generator
bustle
gnome-builder
inputs.self.packages.x86_64-linux.neovim-gtk
];
system = with pkgs.gnomeExtensions; [
appindicator

View file

@ -1,16 +0,0 @@
{
security.polkit.extraConfig = /*javascript*/ ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.policykit.exec" &&
subject.isInGroup("wheel")
) {
if (subject.active) {
return polkit.Result.AUTH_SELF_KEEP;
} else {
return polkit.Result.AUTH_SELF;
}
}
});
'';
}

View file

@ -1,3 +0,0 @@
{
programs.yubikey-touch-detector.enable = true;
}

View file

@ -0,0 +1,30 @@
{ pkgs, config, inputs, ... }:
let
orgDomain = "privatevoid.net";
orgRealm = "PRIVATEVOID.NET";
in {
krb5 = {
enable = true;
domain_realm = {
${orgDomain} = orgRealm;
".${orgDomain}" = orgRealm;
};
libdefaults = {
default_realm = orgRealm;
dns_lookup_kdc = true;
rdns = false;
forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}";
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}";
};
realms = {
"${orgRealm}" = rec {
kdc = "authsys.virtual-machines.privatevoid.net";
admin_server = kdc;
kpasswd_server = kdc;
default_domain = orgDomain;
};
};
};
services.pcscd.enable = true;
}

View file

@ -1,6 +1,6 @@
{ pkgs, config, ... }:
{
nixpkgs.config.allowUnfree = true;
hardware.graphics.enable32Bit = true;
hardware.opengl.driSupport32Bit = true;
programs.steam.enable = true;
}

View file

@ -1,55 +1,75 @@
{ inputs, pkgs, lib, hosts, config, ... }:
let
inherit (config.networking) hostName;
hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hyprspace) hosts;
peersFormatted = builtins.mapAttrs (name: x: {
inherit name;
inherit (x.hyprspace) id;
routes = map (net: { inherit net; }) (x.hyprspace.routes or []);
}) hyprspaceCapableNodes;
inherit (inputs.self.packages.${pkgs.system}) hyprspace;
hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts;
peersFormatted = builtins.mapAttrs (_: x: { "${x.hypr.addr}".id = x.hypr.id; }) hyprspaceCapableNodes;
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
peerList = builtins.attrValues peersFiltered;
buildHyprspacePeerList = peers: pkgs.writeText "hyprspace-peers.yml" (builtins.toJSON peers);
peers = lib.foldAttrs (n: _: n) null (builtins.attrValues peersFiltered);
peerList = buildHyprspacePeerList peers;
myNode = hosts.${hostName};
listenPort = myNode.hyprspace.listenPort or 8001;
listenPort = myNode.hypr.listenPort or 8001;
precedingConfig = pkgs.writeText "hyprspace-interface.yml" ''
interface:
name: hyprspace
listen_port: ${builtins.toString listenPort}
id: ${myNode.hypr.id}
address: ${myNode.hypr.addr}/24
private_key: !!binary |
'';
privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.yml";
in {
imports = [
inputs.hyprspace.nixosModules.default
];
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair (v.hypr.addr) ([k "${k}.hypr"])) hyprspaceCapableNodes;
age.secrets.hyprspace-key = {
file = ../../secrets/hyprspace-key- + "${hostName}.age";
mode = "0400";
};
age.secrets.ipfs-swarm-key = {
file = ../../secrets/ipfs-swarm-key.age;
mode = "0400";
};
systemd.services.hyprspace = {
environment = lib.optionalAttrs config.services.kubo.enable {
HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API;
};
};
services.hyprspace = {
enable = true;
inherit privateKeyFile;
settings = {
listenAddresses = let
port = toString listenPort;
in [
"/ip4/0.0.0.0/tcp/${port}"
"/ip4/0.0.0.0/udp/${port}/quic-v1"
"/ip6/::/tcp/${port}"
"/ip6/::/udp/${port}/quic-v1"
];
peers = peerList;
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
preStart = ''
test -e ${runConfig} && rm ${runConfig}
touch ${runConfig}
chmod 0600 ${runConfig}
cat ${precedingConfig} >> ${runConfig}
sed 's/^/ /g' ${privateKeyFile} >> ${runConfig}
echo -n 'peers: ' >> ${runConfig}
cat ${peerList} >> ${runConfig}
chmod 0400 ${runConfig}
'';
environment.HYPRSPACE_SWARM_KEY = config.age.secrets.ipfs-swarm-key.path;
serviceConfig = {
ExecStart = "${hyprspace}/bin/hyprspace up hyprspace -f -c ${runConfig}";
ExecStop = "${hyprspace}/bin/hyprspace down hyprspace";
};
};
networking.firewall = {
allowedTCPPorts = [ listenPort ];
allowedUDPPorts = [ listenPort ];
trustedInterfaces = [ "hyprspace" ];
};
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "hyprspace-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:$PATH
case $1 in
wl*|en*)
systemctl reload-or-restart --no-block hyprspace.service;;
if systemctl is-active hyprspace.service; then
${builtins.concatStringsSep "\n" (map (peer: "/run/wrappers/bin/ping -qnA -c3 -W1 ${peer} && exit") (builtins.attrNames peers))}
fi
systemctl restart --no-block hyprspace.service;;
esac
exit 0
'';

View file

@ -1,25 +0,0 @@
{ pkgs, ... }:
{
services.kanidm = {
enableClient = true;
clientSettings = {
uri = "https://idm.privatevoid.net";
};
};
environment.systemPackages = let
idmAlias = pkgs.runCommand "kanidm-idm-alias" {} ''
mkdir -p $out/bin
ln -s ${pkgs.kanidm}/bin/kanidm $out/bin/idm
mkdir -p $out/share/bash-completion/completions
cat >$out/share/bash-completion/completions/idm.bash <<EOF
source ${pkgs.kanidm}/share/bash-completion/completions/kanidm.bash
complete -F _kanidm -o bashdefault -o default idm
EOF
mkdir -p $out/share/zsh/site-functions
cp ${pkgs.kanidm}/share/zsh/site-functions/_kanidm $out/share/zsh/site-functions/_idm
substituteInPlace $out/share/zsh/site-functions/_idm --replace kanidm idm
'';
in [ idmAlias ];
}

View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
let
mkTracer = name: target: exe: lib.getExe (pkgs.writeShellScriptBin name ''
echo "PID $PPID executed ${target}" |& ${config.systemd.package}/bin/systemd-cat --identifier=impurity >/dev/null 2>/dev/null
exec -a "$0" '${exe}' "$@"
'');
in
{
environment = {
usrbinenv = mkTracer "env" "/usr/bin/env" "${pkgs.coreutils}/bin/env";
binsh = mkTracer "sh" "/bin/sh" "${pkgs.bashInteractive}/bin/sh";
};
}

View file

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.ipfs;
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
in {
services.ipfs = {
enable = true;
localDiscovery = true;
autoMount = true;
startWhenNeeded = false;
enableGC = true;
extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ];
extraConfig = {
Bootstrap = [
"/ip4/95.216.8.12/tcp/4001/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
"/ip4/51.38.87.150/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN"
];
};
};
systemd.services.ipfs.environment.LIBP2P_FORCE_PNET = "1";
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
environment = {
variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
shellAliases = {
ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
f = "ipfs files";
};
};
networking.firewall.allowedTCPPorts = [ 4001 ];
environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" ''
PATH=${cfg.package}/bin:$PATH
set -e
cid=$(ipfs add -Qrp --pin=false "$@")
test -n $cid || exit 0
echo -e "\n\n IPFS path: /ipfs/$cid"
echo -e " Web link: https://$(ipfs cid base32 $cid).ipfs.privatevoid.net\n"
'');
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH
export IPFS_PATH=${ipfsApi}
systemctl is-active ipfs.service || exit 0
case $1 in
wl*|en*)
ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect
ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect
esac
exit 0
'';
type = "basic";
}];
}

View file

@ -1,197 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.kubo;
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
peeringPeers = [
{
ID = "Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo";
Addrs = [
"/ip4/95.216.8.12/udp/110/quic"
"/ip4/95.216.8.12/tcp/110"
];
}
{
ID = "12D3KooWQWsHPUUeFhe4b6pyCaD1hBoj8j6Z7S7kTznRTh1p1eVt";
Addrs = [
"/ip4/152.67.79.222/udp/110/quic"
"/ip4/152.67.79.222/tcp/110"
];
}
];
in {
services.kubo = {
enable = true;
localDiscovery = true;
autoMount = true;
startWhenNeeded = false;
enableGC = true;
extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ];
settings = {
Addresses = {
Swarm = [
"/ip4/0.0.0.0/tcp/4001"
"/ip4/0.0.0.0/tcp/110"
"/ip4/0.0.0.0/udp/4001/quic"
"/ip4/0.0.0.0/udp/110/quic"
];
API = "/ip4/127.0.0.1/tcp/5001";
};
Peering.Peers = peeringPeers;
Bootstrap = (lib.flatten (map (p: map (a: "${a}/p2p/${p.ID}") p.Addrs) peeringPeers)) ++ [
"/dnsaddr/bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
];
Datastore = {
BloomFilterSize = 0;
GCPeriod = "1h";
HashOnRead = false;
NoSync = true;
Spec = {
mounts = [];
child = {
path = "badgerds";
syncWrites = false;
truncate = true;
type = "badgerds";
};
prefix = "badger.datastore";
type = "measure";
};
StorageGCWatermark = 90;
StorageMax = "200GB";
};
Routing = {
Type = "custom";
Routers = {
LanDHT = {
Type = "dht";
Parameters = {
Mode = "auto";
PublicIPNetwork = false;
AcceleratedDHTClient = false;
};
};
WanDHT = {
Type = "dht";
Parameters = {
Mode = "auto";
PublicIPNetwork = true;
AcceleratedDHTClient = false;
};
};
CidContact = {
Type = "http";
Parameters.Endpoint = "https://cid.contact";
};
PrivateVoid = {
Type = "http";
Parameters.Endpoint = "https://p2p.privatevoid.net";
};
AllDHT = {
Type = "parallel";
Parameters.Routers = [
{
RouterName = "WanDHT";
IgnoreErrors = false;
Timeout = "30s";
}
{
RouterName = "LanDHT";
IgnoreErrors = false;
Timeout = "10s";
}
];
};
Parallel = {
Type = "parallel";
Parameters.Routers = [
{
RouterName = "WanDHT";
IgnoreErrors = false;
Timeout = "30s";
}
{
RouterName = "LanDHT";
IgnoreErrors = false;
Timeout = "10s";
}
{
RouterName = "CidContact";
IgnoreErrors = true;
Timeout = "10s";
ExecuteAfter = "3s";
}
{
RouterName = "PrivateVoid";
IgnoreErrors = true;
Timeout = "5s";
ExecuteAfter = "200ms";
}
];
};
};
Methods = {
find-peers.RouterName = "Parallel";
find-providers.RouterName = "Parallel";
get-ipns.RouterName = "Parallel";
put-ipns.RouterName = "Parallel";
provide.RouterName = "AllDHT";
};
};
};
};
systemd.services.ipfs = {
serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
ReadWritePaths = lib.mkForce [ ];
};
};
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
environment = {
variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
shellAliases = {
ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
f = "ipfs files";
};
};
networking.firewall.allowedTCPPorts = [ 110 4001 ];
environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" ''
PATH=${cfg.package}/bin:$PATH
set -e
cid=$(ipfs add -Qrp --pin=false "$@")
test -n $cid || exit 0
echo -e "\n\n IPFS path: /ipfs/$cid"
b32=$(ipfs cid base32 $cid)
echo -e " Web link: https://$b32.ipfs.privatevoid.net"
echo -e " Web link: https://$b32.ipfs.dweb.link"
echo -e " Web link: https://privatevoid.net/ipfs/$cid"
echo -e " Web link: https://ipfs.io/ipfs/$cid"
echo -e " Web link: https://cloudflare-ipfs.com/ipfs/$cid\n"
'');
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH
export IPFS_PATH=${ipfsApi}
systemctl is-active ipfs.service || exit 0
case $1 in
wl*|en*)
ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect
ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect
esac
exit 0
'';
type = "basic";
}];
}

View file

@ -1,15 +1,36 @@
{ lib, ... }:
{ pkgs, lib, ... }:
{
programs.dconf.profiles.gdm.databases = [
{
settings."org/gnome/desktop/peripherals/touchpad" = {
edge-scrolling-enabled = false;
natural-scroll = false;
speed= lib.gvariant.mkDouble 0.375;
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
}
];
programs.dconf.profiles.gdm = lib.mkForce (let
customDconf = pkgs.writeTextFile {
name = "gdm-dconf-touchpad";
destination = "/dconf/gdm-custom";
text = ''
[org/gnome/desktop/peripherals/touchpad]
edge-scrolling-enabled=false
natural-scroll=false
speed=0.375
tap-to-click=true
two-finger-scrolling-enabled=true
'';
};
customDconfDb = pkgs.stdenv.mkDerivation {
name = "gdm-dconf-db";
buildCommand = ''
${pkgs.dconf}/bin/dconf compile $out ${customDconf}/dconf
'';
};
in pkgs.stdenv.mkDerivation {
name = "dconf-gdm-profile";
buildCommand = with { gdm = pkgs.gnome.gdm; }; ''
# Check that the GDM profile starts with what we expect.
if [ $(head -n 1 ${gdm}/share/dconf/profile/gdm) != "user-db:user" ]; then
echo "GDM dconf profile changed, please update gdm.nix"
exit 1
fi
# Insert our custom DB behind it.
sed '2ifile-db:${customDconfDb}' ${gdm}/share/dconf/profile/gdm > $out
'';
});
}

View file

@ -1,31 +1,22 @@
{ config, inputs, pkgs, ... }:
{
networking.useDHCP = false;
networking.networkmanager = {
dns = "systemd-resolved";
enableStrongSwan = false;
settings.connectivity = {
url = "http://whoami.privatevoid.net/online";
respone = "CONNECTED_GLOBAL";
interval = 120;
};
extraConfig = ''
[connectivity]
uri=http://whoami.privatevoid.net/online
response=CONNECTED_GLOBAL
interval=120
'';
};
services.resolved = {
enable = true;
fallbackDns = [
"95.216.8.12#securedns.privatevoid.net"
"152.67.73.164#securedns.privatevoid.net"
"10.1.0.1"
];
fallbackDns = [ "10.1.0.1" ];
llmnr = "true";
dnssec = "false";
extraConfig = ''
Cache=no-negative
DNSOverTLS=opportunistic
DNS=${builtins.concatStringsSep " " config.services.resolved.fallbackDns}
'';
extraConfig = "Cache=no-negative";
};
networking.firewall = let
ports = [
@ -35,12 +26,4 @@
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
boot.extraModulePackages = [
(inputs.self.packages.${pkgs.system}.evil.override {
inherit (config.boot.kernelPackages) kernel;
})
];
boot.kernelModules = [ "evil" ];
}

View file

@ -1,4 +1,15 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
{
# expose nextcloud client into the environment
environment.systemPackages = [ pkgs.nextcloud-client ];
systemd.user.services.nextcloud = {
description = "Nextcloud Client Service";
wantedBy = [ "gnome-session.target" ];
serviceConfig = {
ExecStart = "${pkgs.nextcloud-client}/bin/nextcloud --background";
Restart = "always";
Slice = "background.slice";
};
};
}

View file

@ -1,11 +1,10 @@
{ pkgs, lib, config, inputs, ... }:
{ pkgs, lib, config, inputs, ... }@args:
let
builder = {
systems = [ "x86_64-linux" "i686-linux" ];
speedFactor = 4;
supportedFeatures = [ "benchmark" "nixos-test" ];
sshKey = config.age.secrets.nixBuilderKey.path;
protocol = "ssh-ng";
};
bigBuilder = builder // {
speedFactor = 16;
@ -18,7 +17,7 @@ in {
};
nixpkgs.overlays = [
(self: super: {
nixSuper = inputs.nix-super.packages.x86_64-linux.default;
nixSuper = inputs.nix-super.defaultPackage.x86_64-linux;
})
];
nix = {
@ -30,10 +29,13 @@ in {
substituters = [
"https://cache.privatevoid.net"
"https://max.cachix.org?priority=100"
"https://reflex.privatevoid.net?priority=90"
];
trusted-public-keys = [
"cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="
"max.cachix.org-1:oSMQ1zYLR8H4L17hfe6ETlI/d+VeiBykB8PbBdPtDJw="
];
};
@ -56,15 +58,15 @@ in {
distributedBuilds = true;
buildMachines = [
(builder // {
sshUser = "nix";
hostName = "prophet.node.privatevoid.net";
systems = [ "aarch64-linux" ];
(bigBuilder // {
sshUser = "nixbuilder";
hostName = "animus.com";
maxJobs = 4;
})
] ++
(lib.optional (config.networking.hostName != "TITAN") (bigBuilder // {
sshUser = "nix";
hostName = "titan.hyprspace";
hostName = "titan.hypr";
speedFactor = 12;
maxJobs = 12;
}));

View file

@ -18,6 +18,17 @@ with inputs;
};
default.flake = nixpkgs;
home-manager.flake = home-manager;
vim.flake = let
nixpkgsSelfLock = lib.importJSON "${self}/flake.lock";
vimLock = lib.importJSON "${modular-nvim}/flake.lock";
patchedLock = lib.recursiveUpdate vimLock { nodes.nixpkgs.locked = (nixpkgsSelfLock.nodes.nixpkgs.locked); };
patchedLockFile = pkgs.writeText "patched-flake.lock" (builtins.toJSON patchedLock);
in pkgs.runCommand "vim-flake" {} ''
cp -vr ${modular-nvim} $out
chmod +w $out
rm $out/flake.lock
cp -v ${patchedLockFile} $out/flake.lock
'';
templates.to = {
owner = "max";
repo = "flake-templates";

View file

@ -13,7 +13,7 @@
}
];
services.kubo.dataDir = "/srv/data/ipfs";
services.ipfs.dataDir = "/persist/ipfs";
services.lidarr.dataDir = "/persist/db/lidarr";
services.jackett.dataDir = "/persist/db/jackett";

View file

@ -10,11 +10,6 @@ let
] ++ [
"source ${pkgs.fzf}/share/fzf/key-bindings.zsh"
"ZSH_HIGHLIGHT_DIRS_BLACKLIST=(/* /ipfs /ipns)"
''
command_not_found_handler() {
${pkgs.comma}/bin/comma "$@"
}
''
];
in {
environment.shellAliases = {
@ -27,13 +22,13 @@ in {
sudo = "sudo ";
tree = "lsd --tree";
uctl = "systemctl --user";
vim = "hx";
vim = "nvim";
nvr = "nvr --servername /tmp/nvim-remote-$USER --remote-tab";
nix-repl = "nix repl '<repl>'";
# thanks gytis
manix-view = ''manix "" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --ansi --preview="manix '{}' | sed 's/type: /> type: /g' | bat -l Markdown --color=always --plain"'';
};
programs = {
command-not-found.enable = false;
zsh = {
enable = true;
histFile = "$HOME/.cache/zsh_history";
@ -53,7 +48,6 @@ in {
"interactivecomments"
"monitor"
"nobadpattern"
"nonomatch"
"promptsubst"
"sharehistory"
"zle"

View file

@ -1,5 +1,6 @@
{ pkgs, ... }:
{
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
@ -7,14 +8,18 @@
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
jack.enable = true;
};
environment.systemPackages = with pkgs; [
# KXStudio stuff
cadence
carla
jack_oscrolloscope
jack_rack
jackmeter
qjackctl
# Audio plugins
@ -23,12 +28,16 @@
artyFX
calf
distrho
guitarix
helm
infamousPlugins
ingen
kapitonov-plugins-pack
ladspaPlugins
lv2
metersLv2
noise-repellent
rakarrack
rkrlv2
sorcer
swh_lv2
@ -44,11 +53,5 @@
VST_PATH = "/run/current-system/sw/lib/vst";
};
desktop.hiddenApps = [
"carla-control.desktop"
"carla-jack-multi.desktop"
"carla-jack-single.desktop"
"carla-patchbay.desktop"
"carla-rack.desktop"
];
}

View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
let
rules = pkgs.writeTextDir "etc/udev/rules.d/70-xr.rules" ''
# Xreal Air 2 Pro
ATTRS{idVendor}=="3318", ATTRS{idProduct}=="0432", TAG+="uaccess"
'';
in
{
services.udev.packages = [ rules ];
}

View file

@ -1,68 +0,0 @@
{ stdenv
, desktop-file-utils
, meson
, ninja
, gettext
, pkg-config
, gtk4
, gtksourceview5
, gobject-introspection
, wrapGAppsHook4
, fetchFromGitHub
, gjs
, blueprint-compiler
, libadwaita
, libsecret
, libsoup_3
, libportal-gtk4
}:
let
troll = fetchFromGitHub {
owner = "sonnyp";
repo = "troll";
rev = "12a42a5afc8c6c26d3d782ea75b1e1372a0e8f36";
hash = "sha256-e9C9Du5j7tEy/q/OhbfCU7DD3Oe6Hnq1xcFYablBipw=";
};
in
stdenv.mkDerivation rec {
pname = "forge-sparks";
version = "0.2.0";
src = fetchFromGitHub {
owner = "rafaelmardojai";
repo = pname;
rev = version;
hash = "sha256-BxC5BqwSDuLBwG4a5/0pntuHhW05xDsmzO7yMQKi/vI=";
};
postPatch = ''
rmdir troll
cp -r ${troll} troll
chmod +w -R troll
patchShebangs troll/gjspack/bin
'';
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
wrapGAppsHook4
blueprint-compiler
];
buildInputs = [
gjs
gtk4
gtksourceview5
libadwaita
gobject-introspection
libsecret
libsoup_3
libportal-gtk4
];
}

View file

@ -7,8 +7,6 @@
, gettext
, python3
, rustPlatform
, rustc
, cargo
, pkg-config
, glib
, libhandy
@ -43,9 +41,9 @@ stdenv.mkDerivation rec {
ninja
pkg-config
python3
cargo
rustPlatform.rust.cargo
rustPlatform.cargoSetupHook
rustc
rustPlatform.rust.rustc
wrapGAppsHook
glib
];

View file

@ -1,4 +1,4 @@
{ stdenv
{ lib, stdenv
, desktop-file-utils
, fetchFromGitLab
, nix-update-script
@ -7,8 +7,6 @@
, gettext
, python3
, rustPlatform
, rustc
, cargo
, pkg-config
, glib
, libadwaita
@ -21,20 +19,20 @@
stdenv.mkDerivation rec {
pname = "obfuscate";
version = "0.0.9";
version = "0.0.4";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "obfuscate";
rev = version;
sha256 = "sha256-aUhzact437V/bSsG2Ddu2mC03LbyXFg+hJiuGy5NQfQ=";
sha256 = "sha256-P8Y2Eizn1BMZXuFjGMXF/3oAUzI8ZNTrnbLyU+V6uk4=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-O/Bg8b5ZEId3PNebd19TIrFvyb0yngtKuMNJlM8M5Fg=";
hash = "sha256-eKXVN3PHgeLeG4qxh30VhyMX0FMOO/ZlZ8trUGIs2sc=";
};
nativeBuildInputs = [
@ -44,9 +42,9 @@ stdenv.mkDerivation rec {
ninja
pkg-config
python3
cargo
rustPlatform.rust.cargo
rustPlatform.cargoSetupHook
rustc
rustPlatform.rust.rustc
wrapGAppsHook
glib
];

View file

@ -1,32 +0,0 @@
By default, commit displays something along of "git config core.editors /nix/store/[...]/bin/re.sonny.Commit"
as command to set it as git editor. Since this would break on upgrades, just use the non-versioned binary
diff --git a/src/welcome.js b/src/welcome.js
index c410e2d..62e46ba 100644
--- a/src/welcome.js
+++ b/src/welcome.js
@@ -70,24 +70,7 @@ export default function Welcome({ application }) {
}
function getCommand() {
- const FLATPAK_ID = GLib.getenv("FLATPAK_ID");
- const { programInvocationName } = system;
-
- if (FLATPAK_ID) {
- return `flatpak run --file-forwarding ${FLATPAK_ID} @@`;
- }
-
- // re.sonny.Commit
- if (programInvocationName === GLib.path_get_basename(programInvocationName)) {
- return programInvocationName;
- }
-
- // ./re.sonny.commit
- // /home/sonny/re.sonny.Commit
- return GLib.canonicalize_filename(
- programInvocationName,
- GLib.get_current_dir(),
- );
+ return "re.sonny.Commit";
}
function getRange(key) {

View file

@ -1,64 +0,0 @@
{ stdenv
, lib
, desktop-file-utils
, meson
, ninja
, gettext
, pkg-config
, gtk4
, gtksourceview5
, gobject-introspection
, wrapGAppsHook4
, fetchFromGitHub
, gjs
, libadwaita
}:
stdenv.mkDerivation rec {
pname = "commit";
version = "3.2.0";
src = fetchFromGitHub {
owner = "sonnyp";
repo = "Commit";
rev = "v${version}";
hash = "sha256-nnjHuE7MzCuoPfCb4MA00BIzLPbhgR6mbeWYagmNjME=";
};
patches = [
./always-use-latest.patch
];
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
wrapGAppsHook4
];
buildInputs = [
gjs
gtk4
gtksourceview5
libadwaita
gobject-introspection
];
postPatch = ''
substituteInPlace src/re.sonny.Commit \
--replace "/usr/bin/env -S gjs" ${gjs}/bin/gjs
'';
dontPatchShebangs = true;
meta = with lib; {
homepage = "https://commit.sonny.re/";
description = "Commit message editor";
maintainers = [ maintainers.Cogitri ];
license = licenses.gpl3Plus;
platforms = platforms.linux;
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,60 +0,0 @@
{ stdenv
, desktop-file-utils
, fetchFromGitLab
, gettext
, glib
, gtk4
, libadwaita
, meson
, ninja
, openssl
, pkg-config
, python3
, rustPlatform
, rustc
, cargo
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "pipeline";
version = "1.14.5";
src = fetchFromGitLab {
owner = "schmiddi-on-mobile";
repo = "pipeline";
rev = "v${version}";
sha256 = "sha256-C5mFOYYrm8e2zlac7qclhpONKuqdvqfwT74gSX28VPs=";
};
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"tf_core-0.1.4" = "sha256-yOuvHLyX/qUJSs62VbripKwIEoErsPu9rzbKMdndvmc=";
};
};
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
python3
cargo
rustPlatform.cargoSetupHook
rustc
wrapGAppsHook
];
buildInputs = [
glib
gtk4
libadwaita
openssl
];
postPatch = ''
patchShebangs build-aux/meson_post_install.py
'';
}

View file

@ -1,64 +0,0 @@
{ lib, stdenv
, cryfs
, desktop-file-utils
, fetchFromGitHub
, gettext
, glib
, gtk4
, libadwaita
, meson
, ninja
, pkg-config
, python3
, rustPlatform
, rustc
, cargo
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "vaults";
version = "0.6.0";
src = fetchFromGitHub {
owner = "mpobaschnig";
repo = "Vaults";
rev = version;
sha256 = "sha256-1WxzE3sH4QpUU13mTLjYt1zMUgAQ+OA7J5j4pwG9oWo=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-uUO7l+B/6I+XxEb0xxBynq9CC8ixRAvdJ2HWTCVyeQM=";
};
nativeBuildInputs = [
desktop-file-utils
gettext
meson
ninja
pkg-config
python3
cargo
rustPlatform.cargoSetupHook
rustc
wrapGAppsHook
];
buildInputs = [
glib
gtk4
libadwaita
];
postPatch = ''
patchShebangs build-aux/meson_post_install.py
'';
preFixup = ''
gappsWrapperArgs+=(
--prefix PATH ":" "${lib.makeBinPath [ cryfs ]}"
);
'';
}

View file

@ -1,52 +0,0 @@
{ fetchFromGitHub
, meson, pkg-config, ninja
, python3
, glib, appstream-glib , desktop-file-utils
, gobject-introspection, gtk4, libadwaita
, wrapGAppsHook
, gnome
, gtksourceview5
, libsoup_3
}:
python3.pkgs.buildPythonApplication rec {
pname = "webfont-kit-generator";
version = "1.0.3";
format = "other";
src = fetchFromGitHub {
owner = "rafaelmardojai";
repo = pname;
rev = version;
sha256 = "sha256-aD/1moWIiU4zpLTW+VHH9n/sj10vCZ8UzB2ey3mR0/k=";
};
nativeBuildInputs = [
meson
pkg-config
ninja
appstream-glib
desktop-file-utils
gobject-introspection
wrapGAppsHook
];
buildInputs = [
glib
gtk4
libadwaita
gtksourceview5
libsoup_3
gnome.adwaita-icon-theme
];
propagatedBuildInputs = with python3.pkgs; [
pygobject3
fonttools
brotli
];
postPatch = ''
patchShebangs build-aux/meson/postinstall.py
'';
}

View file

@ -0,0 +1,7 @@
{ fetchurl }:
fetchurl {
url =
"https://export.privatevoid.net/Certificates/PRIVATEVOID.NET__Private_Void_Smart_Card_Authority-bundle-s12.pem";
sha256 = "3939eb6512e5675bb27028f9bf9892dbb1d1a60b014f4537f8d2b6180deece68";
}

View file

@ -8,5 +8,17 @@
}:
{
shinobi.directory-patches = {
patches = [
./shinobi/0001-packageDirectory.patch
./shinobi/0002-use-packageDirectory-for-languages.patch
./shinobi/0003-use-s.location.languages.patch
./shinobi/0004-use-packageDirectory-for-folders.patch
./shinobi/0005-use-packageDirectory-for-definitions.patch
./shinobi/0006-use-packageDirectory-for-web-server-paths.patch
./shinobi/0007-remove-terminalCommands.patch
./shinobi/0008-disable-subscription-bullshit.patch
./shinobi/0009-remove-updater-logic.patch
];
};
}

View file

@ -0,0 +1,28 @@
From 033c0a2889ec62ffbb3c489676fb315b3780ba60 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:15:23 +0100
Subject: [PATCH 1/9] packageDirectory
---
libs/process.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libs/process.js b/libs/process.js
index 9f3852e..b19384a 100644
--- a/libs/process.js
+++ b/libs/process.js
@@ -30,8 +30,10 @@ module.exports = function(process,__dirname){
isWin : (process.platform === 'win32' || process.platform === 'win64'),
//UTC Offset
utcOffset : require('moment')().utcOffset(),
- //directory path for this file
+ //directory path for cwd
mainDirectory : process.cwd(),
+ //directory path for this file
+ packageDirectory : require('path').resolve(__dirname),
//time start
timeStarted : new Date()
--
2.35.1

View file

@ -0,0 +1,25 @@
From 955e63a2f2cd13b84fb8de1c379b5a7dc98c3dc4 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:19:58 +0100
Subject: [PATCH 2/9] use packageDirectory for languages
---
libs/config.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/config.js b/libs/config.js
index 27dae08..e2c8dae 100644
--- a/libs/config.js
+++ b/libs/config.js
@@ -2,7 +2,7 @@ module.exports = function(s){
s.location = {
super : s.mainDirectory+'/super.json',
config : s.mainDirectory+'/conf.json',
- languages : s.mainDirectory+'/languages'
+ languages : s.packageDirectory+'/languages'
}
try{
var config = require(s.location.config)
--
2.35.1

View file

@ -0,0 +1,25 @@
From 585c3b05855e4bf3e2bf059d0fda0a893700d3a0 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:26:44 +0100
Subject: [PATCH 3/9] use s.location.languages
---
libs/language.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/language.js b/libs/language.js
index 285d514..3f964b6 100644
--- a/libs/language.js
+++ b/libs/language.js
@@ -16,7 +16,7 @@ module.exports = function(s,config){
return Object.assign({},lang)
}
s.listOfPossibleLanguages = []
- fs.readdirSync(s.mainDirectory + '/languages').forEach(function(filename){
+ fs.readdirSync(s.location.languages).forEach(function(filename){
var name = filename.replace('.json','')
s.listOfPossibleLanguages.push({
"name": name,
--
2.35.1

View file

@ -0,0 +1,43 @@
From 1f2260eae4be7084e209f07c2316328ed221433e Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:28:48 +0100
Subject: [PATCH 4/9] use packageDirectory for folders
---
libs/folders.js | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libs/folders.js b/libs/folders.js
index 54f9acc..d35d337 100644
--- a/libs/folders.js
+++ b/libs/folders.js
@@ -3,7 +3,7 @@ module.exports = function(s,config,lang){
//directories
s.group = {}
if(!config.windowsTempDir&&s.isWin===true){config.windowsTempDir='C:/Windows/Temp'}
- if(!config.defaultMjpeg){config.defaultMjpeg=s.mainDirectory+'/web/libs/img/bg.jpg'}
+ if(!config.defaultMjpeg){config.defaultMjpeg=s.packageDirectory+'/web/libs/img/bg.jpg'}
//default stream folder check
if(!config.streamDir){
if(s.isWin === false){
@@ -62,7 +62,7 @@ module.exports = function(s,config,lang){
value:""
}
]
- fs.readdirSync(s.mainDirectory + '/web/libs/audio').forEach(function(file){
+ fs.readdirSync(s.packageDirectory + '/web/libs/audio').forEach(function(file){
s.listOfAudioFiles.push({
name: file,
value: file
@@ -75,7 +75,7 @@ module.exports = function(s,config,lang){
value:""
}
]
- fs.readdirSync(s.mainDirectory + '/web/libs/themes').forEach(function(folder){
+ fs.readdirSync(s.packageDirectory + '/web/libs/themes').forEach(function(folder){
s.listOfThemes.push({
name: folder,
value: folder
--
2.35.1

View file

@ -0,0 +1,25 @@
From 48b276736cf7fbd721dad40b5cabca1fb094b5d9 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:35:04 +0100
Subject: [PATCH 5/9] use packageDirectory for definitions
---
libs/definitions.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/definitions.js b/libs/definitions.js
index a58a6e2..d60cad9 100644
--- a/libs/definitions.js
+++ b/libs/definitions.js
@@ -1,7 +1,7 @@
var fs = require('fs')
var express = require('express')
module.exports = function(s,config,lang,app,io){
- s.location.definitions = s.mainDirectory+'/definitions'
+ s.location.definitions = s.packageDirectory+'/definitions'
try{
var definitions = require(s.location.definitions+'/'+config.language+'.js')(s,config,lang)
}catch(er){
--
2.35.1

View file

@ -0,0 +1,64 @@
From c700ec6a01cfc99a639484e9045fc4492466c6ee Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:48:34 +0100
Subject: [PATCH 6/9] use packageDirectory for web server paths
---
libs/webServerPaths.js | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libs/webServerPaths.js b/libs/webServerPaths.js
index fba78ba..b72aff6 100644
--- a/libs/webServerPaths.js
+++ b/libs/webServerPaths.js
@@ -77,7 +77,7 @@ module.exports = function(s,config,lang,app,io){
////Pages
app.enable('trust proxy');
if(config.webPaths.home !== '/'){
- app.use('/libs',express.static(s.mainDirectory + '/web/libs'))
+ app.use('/libs',express.static(s.packageDirectory + '/web/libs'))
}
[
[config.webPaths.home,'libs','/web/libs'],
@@ -87,7 +87,7 @@ module.exports = function(s,config,lang,app,io){
[config.webPaths.admin,'assets','/web/assets'],
[config.webPaths.super,'assets','/web/assets'],
].forEach((piece) => {
- app.use(s.checkCorrectPathEnding(piece[0])+piece[1],express.static(s.mainDirectory + piece[2]))
+ app.use(s.checkCorrectPathEnding(piece[0])+piece[1],express.static(s.packageDirectory + piece[2]))
})
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
@@ -95,10 +95,10 @@ module.exports = function(s,config,lang,app,io){
res.header("Access-Control-Allow-Origin",'*');
next()
})
- app.set('views', s.mainDirectory + '/web');
+ app.set('views', s.packageDirectory + '/web');
app.set('view engine','ejs');
//add template handler
- if(config.renderPaths.handler!==undefined){require(s.mainDirectory+'/web/'+config.renderPaths.handler+'.js').addHandlers(s,app,io,config)}
+ if(config.renderPaths.handler!==undefined){require(s.packageDirectory+'/web/'+config.renderPaths.handler+'.js').addHandlers(s,app,io,config)}
/**
* API : Logout
@@ -339,7 +339,7 @@ module.exports = function(s,config,lang,app,io){
define: s.getDefinitonFile(userInfo.details.lang),
addStorage: s.dir.addStorage,
fs: fs,
- __dirname: s.mainDirectory,
+ __dirname: s.packageDirectory,
customAutoLoad: s.customAutoLoadTree
})
break;
@@ -1850,6 +1850,6 @@ module.exports = function(s,config,lang,app,io){
res.on('finish',function(){
res.end()
})
- fs.createReadStream(s.mainDirectory + '/web/pages/robots.txt').pipe(res)
+ fs.createReadStream(s.packageDirectory + '/web/pages/robots.txt').pipe(res)
})
}
--
2.35.1

View file

@ -0,0 +1,37 @@
From a2a0608c4844520b0660bdf48b5376ed0a42e7af Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 18:51:47 +0100
Subject: [PATCH 7/9] remove terminalCommands
---
libs/startup.js | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/libs/startup.js b/libs/startup.js
index b1c8e56..247eeee 100644
--- a/libs/startup.js
+++ b/libs/startup.js
@@ -32,19 +32,7 @@ module.exports = function(s,config,lang,io){
var next = function(){
if(callback)callback()
}
- if(!s.isWin && s.packageJson.mainDirectory !== '.'){
- var etcPath = '/etc/shinobisystems/cctv.txt'
- fs.stat(etcPath,function(err,stat){
- if(err || !stat){
- exec('node '+ s.mainDirectory + '/INSTALL/terminalCommands.js',function(err){
- if(err)console.log(err)
- })
- }
- next()
- })
- }else{
- next()
- }
+ next()
}
var loadedAccounts = []
var foundMonitors = []
--
2.35.1

View file

@ -0,0 +1,48 @@
From adb23ffced5408cc010b3863ba88fe81e39f17ce Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 15 Mar 2022 21:38:42 +0100
Subject: [PATCH 8/9] disable subscription bullshit
---
libs/startup.js | 4 ++--
libs/webServerSuperPaths.js | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libs/startup.js b/libs/startup.js
index 247eeee..a810171 100644
--- a/libs/startup.js
+++ b/libs/startup.js
@@ -383,7 +383,7 @@ module.exports = function(s,config,lang,io){
}
})
}
- config.userHasSubscribed = false
+ config.userHasSubscribed = true
//check disk space every 20 minutes
if(config.autoDropCache===true){
setInterval(function(){
@@ -404,7 +404,7 @@ module.exports = function(s,config,lang,io){
await checkForStaticUsers()
//check for subscription
checkSubscription(config.subscriptionId,function(hasSubcribed){
- config.userHasSubscribed = hasSubcribed
+ config.userHasSubscribed = true
//check terminal commander
checkForTerminalCommands(function(){
//load administrators (groups)
diff --git a/libs/webServerSuperPaths.js b/libs/webServerSuperPaths.js
index bfbccf9..1d1bf3b 100644
--- a/libs/webServerSuperPaths.js
+++ b/libs/webServerSuperPaths.js
@@ -167,7 +167,7 @@ module.exports = function(s,config,lang,app){
}
checkSubscription(subscriptionId,function(hasSubcribed){
endData.ok = hasSubcribed
- config.userHasSubscribed = hasSubcribed
+ config.userHasSubscribed = true
s.closeJsonResponse(res,endData)
})
},res,req)
--
2.35.1

View file

@ -0,0 +1,44 @@
From 78e72ba70ddbe690720fd7351934481534fed6c2 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Thu, 17 Mar 2022 23:28:40 +0100
Subject: [PATCH 9/9] remove updater logic
---
libs/system/utils.js | 21 +--------------------
1 file changed, 1 insertion(+), 20 deletions(-)
diff --git a/libs/system/utils.js b/libs/system/utils.js
index c41c4f6..d045bac 100644
--- a/libs/system/utils.js
+++ b/libs/system/utils.js
@@ -46,26 +46,7 @@ module.exports = (config) => {
},
updateSystem: () => {
return new Promise((resolve,reject) => {
- if(!config.thisIsDocker){
- if(currentlyUpdating){
- resolve(true)
- return
- };
- currentlyUpdating = true
- const updateProcess = spawn('sh',[s.mainDirectory + '/UPDATE.sh'])
- updateProcess.stderr.on('data',(data) => {
- s.systemLog('UPDATE.sh',data.toString())
- })
- updateProcess.stdout.on('data',(data) => {
- s.systemLog('UPDATE.sh',data.toString())
- })
- updateProcess.on('exit',(data) => {
- resolve(true)
- currentlyUpdating = false
- })
- }else{
- resolve(false)
- }
+ resolve(false)
})
}
}
--
2.35.1

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -1,30 +0,0 @@
{ stdenv, fetchFromGitHub, kernel }:
stdenv.mkDerivation rec {
pname = "evil";
version = "1.0.0";
name = "${pname}-${kernel.version}-${version}";
src = fetchFromGitHub {
owner = "alwilson";
repo = pname;
rev = "096ba9bf408fc714dc09a2e41be9ec03fc50ee4a";
sha256 = "sha256-t0iJwIIThNkCcR2P1kJRdffcY6HmFg5qvJeXQhPfy6U=";
};
nativeBuildInputs = kernel.moduleBuildDependencies;
makeFlags = kernel.makeFlags ++ [
"KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
"KVER=${kernel.modDirVersion}"
"KERNEL_MODLIB=$(out)/lib/modules/${kernel.modDirVersion}"
"INCLUDEDIR=$(out)/include"
];
installPhase = ''
installDir=$out/lib/modules/${kernel.modDirVersion}/extra
xz evil.ko
install -d $installDir
install -m644 evil.ko.xz $installDir
'';
}

View file

@ -60,7 +60,7 @@ index 65d13c8..736101a 100644
- "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN",
- "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa",
- "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb",
+ "/ip4/95.216.8.12/tcp/995/p2p/QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J",
+ "/ip4/168.235.67.108/tcp/4001/p2p/QmRMA5pWXtfuW1y5w2t9gYxrDDD6bPRLKdWAYnHTeCxZMm",
+ "/ip4/95.216.8.12/tcp/4001/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo",
+ "/ip6/2001:41d0:800:1402::3f16:3fb5/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN",
+ "/ip6/2001:818:da65:e400:a553:fbc1:f0b1:5743/tcp/4001/p2p/12D3KooWC1RZxLvAeEFNTZWk1FWc1sZZ3yemF4FNNRYa3X854KJ8",

View file

@ -1,26 +0,0 @@
From 46110b055eaaa0c1f815ff876da4713499c17bc8 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Fri, 17 Jun 2022 22:17:08 +0200
Subject: [PATCH 4/4] Use more NAT traversal features
---
p2p/node.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/p2p/node.go b/p2p/node.go
index 2f86317..0c9a250 100644
--- a/p2p/node.go
+++ b/p2p/node.go
@@ -49,6 +49,9 @@ func CreateNode(ctx context.Context, inputKey string, port int, handler network.
libp2p.NATPortMap(),
libp2p.DefaultMuxers,
libp2p.Transport(tcp.NewTCPTransport),
+ libp2p.EnableHolePunching(),
+ libp2p.EnableRelayService(),
+ libp2p.EnableNATService(),
libp2p.FallbackDefaults,
)
if err != nil {
--
2.36.0

View file

@ -1,90 +0,0 @@
From 3942aaa7dcfa8cfd2fe110cf2bda66b34ead6539 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 25 Sep 2022 01:29:25 +0200
Subject: [PATCH] Grab bootstrap peers from IPFS API
---
p2p/node.go | 44 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 43 insertions(+), 1 deletion(-)
diff --git a/p2p/node.go b/p2p/node.go
index 0c9a250..f5d5292 100644
--- a/p2p/node.go
+++ b/p2p/node.go
@@ -2,8 +2,12 @@ package p2p
import (
"context"
+ "encoding/json"
"errors"
"fmt"
+ "io/ioutil"
+ "net/http"
+ "net/url"
"os"
"sync"
@@ -22,6 +26,35 @@ import (
// Protocol is a descriptor for the Hyprspace P2P Protocol.
const Protocol = "/hyprspace/0.0.1"
+func getExtraBootstrapNodes(addr ma.Multiaddr) (nodesList []string) {
+ nodesList = []string{}
+ ip4, err := addr.ValueForProtocol(ma.P_IP4)
+ if err != nil {
+ return
+ }
+ port, err := addr.ValueForProtocol(ma.P_TCP)
+ if err != nil {
+ return
+ }
+ resp, err := http.PostForm("http://"+ip4+":"+port+"/api/v0/swarm/addrs", url.Values{})
+
+ defer resp.Body.Close()
+
+ apiResponse, err := ioutil.ReadAll(resp.Body)
+
+ if err != nil {
+ return
+ }
+ var obj = map[string]map[string][]string{}
+ json.Unmarshal([]byte(apiResponse), &obj)
+ for k, v := range obj["Addrs"] {
+ for _, addr := range v {
+ nodesList = append(nodesList, (addr + "/p2p/" + k))
+ }
+ }
+ return
+}
+
// CreateNode creates an internal Libp2p nodes and returns it and it's DHT Discovery service.
func CreateNode(ctx context.Context, inputKey string, port int, handler network.StreamHandler) (node host.Host, dhtOut *dht.IpfsDHT, err error) {
// Unmarshal Private Key
@@ -34,6 +67,15 @@ func CreateNode(ctx context.Context, inputKey string, port int, handler network.
if err != nil {
return
}
+ extraBootstrapNodes := []string{}
+ ipfsApiStr, ok := os.LookupEnv("HYPRSPACE_IPFS_API")
+ if ok {
+ ipfsApiAddr, err := ma.NewMultiaddr(ipfsApiStr)
+ if err == nil {
+ fmt.Println("[+] Getting additional peers from IPFS API")
+ extraBootstrapNodes = getExtraBootstrapNodes(ipfsApiAddr)
+ }
+ }
ip6tcp := fmt.Sprintf("/ip6/::/tcp/%d", port)
ip4tcp := fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", port)
@@ -74,7 +116,7 @@ func CreateNode(ctx context.Context, inputKey string, port int, handler network.
// Convert Bootstap Nodes into usable addresses.
BootstrapPeers := make(map[peer.ID]*peer.AddrInfo, len(peers))
- for _, addrStr := range peers {
+ for _, addrStr := range append(peers, extraBootstrapNodes...) {
addr, err := ma.NewMultiaddr(addrStr)
if err != nil {
return node, dhtOut, err
--
2.37.2

View file

@ -1,6 +1,6 @@
{ lib, stdenv, buildGo117Module, fetchFromGitHub, iproute2mac }:
{ lib, stdenv, buildGoModule, fetchFromGitHub, iproute2mac }:
buildGo117Module rec {
buildGoModule rec {
pname = "hyprspace";
version = "0.2.2";
@ -10,8 +10,6 @@ buildGo117Module rec {
./0001-Lain-ipfs-bootstrap-nodes.patch
./0002-Remove-quic-transport-for-Lain-ipfs.patch
./0003-Remove-dep-from-go.mod.patch
./0004-Use-more-NAT-traversal-features.patch
./0005-Grab-bootstrap-peers-from-IPFS-API.patch
];
src = fetchFromGitHub {

View file

@ -1,24 +0,0 @@
{ mkNixPak, amberol }:
mkNixPak {
config = { sloth, ... }: {
imports = [
../modules/gui-base.nix
../modules/mpris2-player.nix
];
flatpak.appId = "io.bassi.Amberol";
bubblewrap = {
bind.rw = [
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/amberol"))
(sloth.concat' sloth.xdgCacheHome "/amberol")
]
];
bind.ro = [
(sloth.concat' sloth.homeDir "/Music")
"/srv/data/music"
];
};
app.package = amberol;
};
}

View file

@ -1,17 +0,0 @@
{ mkNixPak, dialect }:
mkNixPak {
config = { sloth, ... }: {
imports = [
../modules/gui-base.nix
../modules/network.nix
];
flatpak.appId = "app.drey.Dialect";
app = {
package = dialect;
extraEntrypoints = [
"/share/dialect/search_provider"
];
};
};
}

View file

@ -1,25 +0,0 @@
{ mkNixPak, fragments }:
mkNixPak {
config = { sloth, ... }: {
imports = [ ../modules/gui-base.nix ];
flatpak.appId = "de.haeckerfelix.Fragments";
app.package = fragments;
dbus.policies = {
"org.freedesktop.secrets" = "talk";
};
bubblewrap = {
network = true;
bind.ro = [
"/etc/hosts"
];
bind.rw = [
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/fragments"))
(sloth.concat' sloth.xdgCacheHome "/fragments")
]
(sloth.concat' sloth.xdgConfigHome "/fragments")
];
};
};
}

View file

@ -1,58 +0,0 @@
{ config, lib, pkgs, sloth, ... }:
let
envSuffix = envKey: suffix: sloth.concat' (sloth.env envKey) suffix;
in
{
config = {
dbus.policies = {
"${config.flatpak.appId}" = "own";
"${config.flatpak.appId}.*" = "own";
"org.freedesktop.DBus" = "talk";
"org.gtk.vfs.*" = "talk";
"org.gtk.vfs" = "talk";
"ca.desrt.dconf" = "talk";
"org.freedesktop.portal.*" = "talk";
"org.a11y.Bus" = "talk";
};
gpu.enable = lib.mkDefault true;
gpu.provider = "bundle";
fonts.enable = true;
locale.enable = true;
bubblewrap = {
sockets = {
wayland = true;
pulse = true;
};
network = lib.mkDefault false;
bind.rw = [
(sloth.concat' sloth.xdgCacheHome "/fontconfig")
(sloth.concat' sloth.xdgCacheHome "/mesa_shader_cache")
(envSuffix "XDG_RUNTIME_DIR" "/at-spi/bus")
(envSuffix "XDG_RUNTIME_DIR" "/gvfsd")
(envSuffix "XDG_RUNTIME_DIR" "/doc")
(envSuffix "XDG_RUNTIME_DIR" "/dconf")
];
bind.ro = [
(sloth.concat' sloth.xdgConfigHome "/gtk-2.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-3.0")
(sloth.concat' sloth.xdgConfigHome "/gtk-4.0")
(sloth.concat' sloth.xdgConfigHome "/dconf")
"/etc/localtime"
];
env = {
XDG_DATA_DIRS = lib.makeSearchPath "share" [
pkgs.gnome.adwaita-icon-theme
pkgs.gnome-themes-extra
pkgs.shared-mime-info
];
XCURSOR_PATH = lib.concatStringsSep ":" [
"${pkgs.gnome.adwaita-icon-theme}/share/icons"
"${pkgs.gnome.adwaita-icon-theme}/share/pixmaps"
];
};
};
};
}

View file

@ -1,6 +0,0 @@
{ config, ... }:
{
dbus.policies = {
"org.mpris.MediaPlayer2.${config.flatpak.appId}" = "own";
};
}

View file

@ -1,6 +0,0 @@
{
etc.sslCertificates.enable = true;
bubblewrap = {
network = true;
};
}

View file

@ -1,51 +0,0 @@
{ mkNixPak, ungoogled-chromium }:
mkNixPak {
config = { config, sloth, ... }: {
app.package = ungoogled-chromium;
flatpak = {
appId = "org.chromium.Chromium";
desktopFile = "chromium-browser.desktop";
};
imports = [
../modules/gui-base.nix
../modules/network.nix
../modules/mpris2-player.nix
];
# chromium doesn't use the expected MPRIS2 name format
dbus.policies = {
"org.mpris.MediaPlayer2.chromium.*" = "own";
};
bubblewrap = {
# for hidraw access (WebAuthn keys)
bind.dev = [ "/dev" ];
bind.rw = [
[
(sloth.mkdir (sloth.concat [
sloth.appCacheDir
"/nixpak-app-shared-tmp"
]))
"/tmp"
]
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/chromium"))
(sloth.concat' sloth.xdgCacheHome "/chromium")
]
[
# home-manager does some funny things
(sloth.concat [
sloth.xdgConfigHome
"/nixpak-ungoogled-chromium"
])
(sloth.concat [
sloth.xdgConfigHome
"/chromium"
])
]
(sloth.concat' sloth.homeDir "/Downloads")
"/tmp/.X11-unix"
(sloth.envOr "XAUTHORITY" "/no-xauth")
];
};
};
}

View file

@ -1,42 +0,0 @@
{ mkNixPak, wike, python3Packages }:
mkNixPak {
config = { sloth, ... }: {
imports = [
../modules/gui-base.nix
../modules/network.nix
];
flatpak.appId = "com.github.hugolabe.Wike";
bubblewrap = {
bind.rw = [
[
(sloth.mkdir (sloth.concat' sloth.appCacheDir "/wike"))
(sloth.concat' sloth.xdgCacheHome "/wike")
]
];
};
app = {
# upstream wike is a bit broken
package = wike.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs ++ [
python3Packages.dbus-python
];
# fix double wrapping
dontWrapGApps = true;
makeWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
# properly wrap wike-sp
postFixup = (old.postFixup or "") + ''
wrapPythonProgramsIn $out/share/wike "$out $propagatedBuildInputs"
'';
});
extraEntrypoints = [
"/share/wike/wike-sp"
];
};
};
}

View file

@ -1,7 +1,5 @@
{ inputs, pkgs }:
let
tools = import ./lib/tools.nix;
patch' = super: tools.patch super "patches/base/${super.pname}";
dream2nix = inputs.dream2nix.lib2.init {
inherit pkgs;
config = {
@ -9,42 +7,14 @@ let
overridesDirs = [ "${inputs.dream2nix}/overrides" ./dream2nix/overrides ];
};
};
mkNixPak = inputs.nixpak.lib.nixpak {
inherit (pkgs) lib;
inherit pkgs;
};
sandbox = path: extra: (pkgs.callPackage path ({ inherit mkNixPak; } // extra)).config.env;
in
{
amberol = sandbox ./nixpak/amberol { };
brig = pkgs.callPackage ./tools/brig { };
dialect = sandbox ./nixpak/dialect { };
evil = pkgs.linuxPackages_latest.callPackage ./networking/evil { };
privatevoid-smart-card-ca-bundle = pkgs.callPackage ./data/privatevoid-smart-card-certificate-authority-bundle.nix { };
jdtls = pkgs.callPackage ./development/langservers/jdtls.nix { };
doom-one-vim = pkgs.callPackage ./vim-plugins/doom-one-vim.nix { };
fragments-remote = let
fakeTransmission = pkgs.writeShellScriptBin "transmission-daemon" ''
exec ${pkgs.coreutils}/bin/sleep +Infinity
'';
app = pkgs.fragments.overrideAttrs (_: {
preFixup = ''
gappsWrapperArgs+=(
--prefix PATH : "${pkgs.lib.makeBinPath [ fakeTransmission ] }"
)
'';
});
in sandbox ./nixpak/fragments { fragments = app; };
git-remote-ipld = pkgs.callPackage ./tools/git-remote-ipld { };
hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; };
identity = pkgs.callPackage ./apps/identity { };
@ -53,17 +23,11 @@ in
neovim-gtk = pkgs.callPackage ./apps/neovim-gtk { };
sonnyp-commit = pkgs.callPackage ./apps/sonnyp-commit { };
shinobi = let
dream = dream2nix.makeFlakeOutputs {
source = inputs.shinobi;
};
in dream.packages.${pkgs.system}.shinobi // { inherit (dream.apps.${pkgs.system}) resolveImpure; };
steam-metro-skin = import ./data/misc/steam-metro-skin { inherit (pkgs) fetchzip; };
tubefeeder = pkgs.callPackage ./apps/tubefeeder { };
ungoogled-chromium = sandbox ./nixpak/ungoogled-chromium { };
vaults = pkgs.callPackage ./apps/vaults { };
webfont-kit-generator = pkgs.callPackage ./apps/webfont-kit-generator { };
wike = sandbox ./nixpak/wike { };
}

View file

@ -7,30 +7,11 @@ super: rec {
doas-interactive = patch-rename super.doas "doas-interactive" "patches/base/doas";
kubo = patch super.kubo "patches/base/ipfs";
lain-ipfs = patch-rename super.ipfs "lain-ipfs" "patches/base/ipfs";
gnome-control-center = super.gnome-control-center.overrideAttrs (old: {
postPatch = (old.postPatch or "") + ''
echo disabling alert sound chooser
${super.xmlstarlet}/bin/xmlstarlet edit -L \
-s '//property[@name="title" and text()="_Alert Sound"]/..' -t elem -n propertyAlertSoundVisible -v False \
-s //propertyAlertSoundVisible -t attr -n name -v visible \
-r //propertyAlertSoundVisible -v property \
panels/sound/cc-sound-panel.ui
gnome-control-center = patch' super.gnome.gnome-control-center;
test "$(${super.xmlstarlet}/bin/xmlstarlet select -t -c '//property[@name="title" and text()="_Alert Sound"]/../property[@name="visible"]/text()' panels/sound/cc-sound-panel.ui)" == "False"
'';
});
libfprint = (patch' super.libfprint).overrideAttrs (old: {
buildInputs = old.buildInputs ++ [
super.openssl
];
});
fprintd = super.fprintd.override { inherit libfprint; };
nautilus = (patch' super.nautilus).overrideAttrs (attrs: {
nautilus = (patch' super.gnome.nautilus).overrideAttrs (attrs: {
preFixup = with super;
let py = (python3.withPackages (ps: with ps; [ ps.pygobject3 ]));
in attrs.preFixup + ''
@ -48,9 +29,9 @@ super: rec {
vte-high-refresh-rate = patch' super.vte;
vte-gtk4-high-refresh-rate = patch' super.vte-gtk4;
tilix-high-refresh-rate = super.tilix.override { gtkd = super.gtkd.override { vte = vte-high-refresh-rate; }; };
blackbox-high-refresh-rate = (patch' super.blackbox-terminal).override { vte-gtk4 = vte-gtk4-high-refresh-rate; };
webkitgtk = patch' super.webkitgtk;
webkitgtk_4_1 = patch' super.webkitgtk_4_1;
}

View file

@ -1,7 +1,7 @@
let tools = import ./lib/tools.nix;
in with tools;
inputs: rec {
nix-super = inputs.nix-super.packages.x86_64-linux.default;
nix-super = inputs.nix-super.defaultPackage.x86_64-linux;
deploy-rs = inputs.deploy-rs.packages.x86_64-linux.deploy-rs;

View file

@ -1,12 +0,0 @@
diff --git a/cmd/util.go b/cmd/util.go
index 37ebfe64..ceee4730 100644
--- a/cmd/util.go
+++ b/cmd/util.go
@@ -79,6 +80,7 @@ func guessRepoFolder(ctx *cli.Context) (string, error) {
guessLocations := []string{
// TODO: For now just one.
+ (os.Getenv("HOME") + "/.brig"),
".",
}

View file

@ -1,47 +0,0 @@
{ lib, buildGoModule, fetchFromGitHub }:
let
vp = "github.com/sahib/brig/version";
version = {
major = "0";
minor = "5";
patch = "3";
releaseType = "develop";
gitRev = "6b7eccf8fcbd907fc759f8ca8aa814df8499e2ed";
};
in
buildGoModule {
pname = "brig";
version = "0.5.3pre";
subPackages = ["."];
patches = [
./default-repo-location.patch
./fix-ghost-remove.patch
./fix-replay-remove-already-gone.patch
./info-no-check-cached.patch
./ls-no-check-cached.patch
./pin-ls-recursive.patch
./repin-relaxed-locking.patch
./vcs-mapper-debug-to-logger.patch
];
src = fetchFromGitHub {
owner = "sahib";
repo = "brig";
rev = version.gitRev;
sha256 = "sha256-lCXSeTIZcIcVcblm9BTUMqTfxO7+BHYQNv6/RlPq14A=";
};
vendorSha256 = "sha256-pFrrMq7VFCwt8KRgJApCq8lPYv0P8hIUOxKJMN9QR0U=";
ldflags = with version; [
"-s" "-w"
"-X ${vp}.Major=${major}"
"-X ${vp}.Minor=${minor}"
"-X ${vp}.Patch=${patch}"
"-X ${vp}.GitRev=${gitRev}"
"-X ${vp}.ReleaseType=${releaseType}"
"-X ${vp}.BuildTime=1970-01-01T01:00:01+01:00"
];
}

View file

@ -1,13 +0,0 @@
diff --git a/catfs/vcs/mapper.go b/catfs/vcs/mapper.go
index 5568e600..bfba247d 100644
--- a/catfs/vcs/mapper.go
+++ b/catfs/vcs/mapper.go
@@ -311,7 +311,7 @@ func (ma *Mapper) mapDirectory(srcCurr *n.Directory, dstPath string, force bool)
// No sibling found for this ghost.
if aliveDstCurr == nil {
- return ma.report(srcCurr, nil, false, false, false)
+ return ma.report(srcCurr, nil, false, true, false)
}
localBackCheck, err := ma.lkrSrc.LookupNodeAt(ma.srcHead, aliveDstCurr.Path())

View file

@ -1,15 +0,0 @@
diff --git a/catfs/vcs/change.go b/catfs/vcs/change.go
index 94800b23..e454c399 100644
--- a/catfs/vcs/change.go
+++ b/catfs/vcs/change.go
@@ -234,6 +234,10 @@ func replayAddMoveMapping(lkr *c.Linker, oldPath, newPath string) error {
func replayRemove(lkr *c.Linker, ch *Change) error {
currNd, err := lkr.LookupModNode(ch.Curr.Path())
if err != nil {
+ // file doesn't exist locally, nothing to do
+ if ie.IsNoSuchFileError(err) {
+ return nil
+ }
return e.Wrapf(err, "replay: lookup: %v", ch.Curr.Path())
}

View file

@ -1,27 +0,0 @@
diff --git a/cmd/fs_handlers.go b/cmd/fs_handlers.go
index d86e8d91..f894ac89 100644
--- a/cmd/fs_handlers.go
+++ b/cmd/fs_handlers.go
@@ -591,14 +591,8 @@ func handleShowFileOrDir(ctx *cli.Context, ctl *client.Client, path string) erro
return tmpl.Execute(os.Stdout, info)
}
- isCached, err := ctl.IsCached(path)
- if err != nil {
- return err
- }
-
pinState := yesify(info.IsPinned)
explicitState := yesify(info.IsExplicit)
- cachedState := yesify(isCached)
nodeType := "file"
if info.IsDir {
@@ -627,7 +621,6 @@ func handleShowFileOrDir(ctx *cli.Context, ctl *client.Client, path string) erro
printPair("Inode", strconv.FormatUint(info.Inode, 10))
printPair("Pinned", pinState)
printPair("Explicit", explicitState)
- printPair("Cached", cachedState)
printPair("IsRaw", yesify(info.IsRaw))
printPair("ModTime", info.ModTime.Format(time.RFC3339))
printPair("Tree Hash", info.TreeHash.B58String())

View file

@ -1,37 +0,0 @@
diff --git a/cmd/fs_handlers.go b/cmd/fs_handlers.go
index f1791b16..d86e8d91 100644
--- a/cmd/fs_handlers.go
+++ b/cmd/fs_handlers.go
@@ -449,7 +449,7 @@ func handleList(ctx *cli.Context, ctl *client.Client) error {
userColumn = "USER\t"
}
- fmt.Fprintf(tabW, "SIZE\tBKEND\tMODTIME\t%sPATH\tPIN\tCACHED\tHINT\n", userColumn)
+ fmt.Fprintf(tabW, "SIZE\tBKEND\tMODTIME\t%sPATH\tPIN\tHINT\n", userColumn)
}
for _, entry := range entries {
@@ -467,22 +467,15 @@ func handleList(ctx *cli.Context, ctl *client.Client) error {
userEntry = color.GreenString(userMap[entry.User]) + "\t"
}
- isCached, err := ctl.IsCached(entry.Path)
- if err != nil {
- return err
- }
- cachedState := " " + pinStateToSymbol(isCached, false)
-
fmt.Fprintf(
tabW,
- "%s\t%s\t%s\t%s%s\t%s\t%s\t%s\n",
+ "%s\t%s\t%s\t%s%s\t%s\t%s\n",
colorForSize(entry.Size)(humanize.Bytes(entry.Size)),
colorForSize(entry.Size)(humanize.Bytes(uint64(entry.CachedSize))),
entry.ModTime.Format("2006-01-02 15:04:05 MST"),
userEntry,
coloredPath,
pinState,
- cachedState,
formatHint(entry.Hint),
)
}

View file

@ -1,13 +0,0 @@
diff --git a/backend/httpipfs/pin.go b/backend/httpipfs/pin.go
index 74c7dec..65d78b8 100644
--- a/backend/httpipfs/pin.go
+++ b/backend/httpipfs/pin.go
@@ -13,7 +13,7 @@ import (
// IsPinned returns true when `hash` is pinned in some way.
func (nd *Node) IsPinned(hash h.Hash) (bool, error) {
ctx := context.Background()
- resp, err := nd.sh.Request("pin/ls", hash.B58String()).Send(ctx)
+ resp, err := nd.sh.Request("pin/ls", hash.B58String()).Option("type", "recursive").Send(ctx)
if err != nil {
return false, err
}

View file

@ -1,41 +0,0 @@
diff --git a/catfs/repin.go b/catfs/repin.go
index 63ba711e..f8b5b9d6 100644
--- a/catfs/repin.go
+++ b/catfs/repin.go
@@ -247,9 +247,12 @@ func (fs *FS) repin(root string) error {
savedStorage := uint64(0)
parts := []*partition{}
+ fs.mu.Unlock()
log.Infof("repin started (min=%d max=%d quota=%s)", minDepth, maxDepth, quotaSrc)
err = n.Walk(fs.lkr, rootNd, true, func(child n.Node) error {
+ fs.mu.Lock()
+ defer fs.mu.Unlock()
if child.Type() == n.NodeTypeDirectory {
return nil
}
@@ -259,6 +262,7 @@ func (fs *FS) repin(root string) error {
return e.Wrapf(ie.ErrBadNode, "repin")
}
+ fs.mu.Unlock()
part, err := fs.partitionNodeHashes(modChild, minDepth, maxDepth)
if err != nil {
return err
@@ -273,6 +277,7 @@ func (fs *FS) repin(root string) error {
if err != nil {
return err
}
+ fs.mu.Lock()
totalStorage += part.PinSize
addedToStorage += pinBytes
@@ -286,6 +291,7 @@ func (fs *FS) repin(root string) error {
return e.Wrapf(err, "repin: walk")
}
+ fs.mu.Lock()
quotaUnpins, err := fs.balanceQuota(parts, totalStorage, quota)
if err != nil {
return e.Wrapf(err, "repin: quota balance")

Some files were not shown because too many files have changed in this diff Show more