├── .gitignore ├── README.md ├── flake.lock ├── flake.nix ├── garnix.yaml ├── packages.nix ├── readme.tmpl └── toolbox ├── all-deb.nix ├── deb.nix └── shell.nix /.gitignore: -------------------------------------------------------------------------------- 1 | result 2 | .direnv 3 | .envrc 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # debs 2 | 3 | A nix flake that is used to create an apt repository for debian-based 4 | distros containing a small selection of packages. 5 | 6 | A live and mostly up-to-date version of the repo this flake produces is 7 | available on `apt.noql.net`. It can used by adding the following to 8 | `/etc/apt/sources.list`: 9 | 10 | ``` 11 | deb [trusted=yes] https://apt.noql.net/all all main 12 | ``` 13 | 14 | Make sure to install `ca-certificates` to be able to use https sources, 15 | and run `apt update` afterwards. 16 | 17 | ## Goals 18 | The packages produced here are statically compiled, and target 19 | both amd64 and arm64 architectures. The arm64 packages are 20 | cross-compiled on amd64 build machines. 21 | 22 | ## Package selection 23 | The packages that are added here are generally 24 | anti-censorship/proxy, networking, encryption/privacy related tools. The 25 | selection is updated very regularly. 26 | 27 | If there's a tool that would be appropriate to add, please file an 28 | issue. 29 | 30 | ## Packages 31 | ``` 32 | bepass 33 | bepass-relay 34 | brook 35 | chisel 36 | clash 37 | cloak 38 | daze 39 | dnscrypt-proxy2 40 | dtlspipe 41 | gg 42 | glider 43 | go-shadowsocks2 44 | gost 45 | headscale 46 | hysteria 47 | juicity 48 | lyrebird 49 | mieru 50 | mihomo 51 | mtg 52 | mwgp 53 | ooniprobe-cli 54 | outline-ss-server 55 | psiphon-tunnel-core 56 | shadowsocks-rust 57 | shadowsocks-v2ray-plugin 58 | shadowsocks-xray-plugin 59 | sing-box 60 | trojan-go 61 | tuic 62 | tun2socks 63 | v2ray-core 64 | wireproxy 65 | xray-core 66 | xray-knife 67 | ``` 68 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "crane": { 4 | "locked": { 5 | "lastModified": 1739053031, 6 | "narHash": "sha256-LrMDRuwAlRFD2T4MgBSRd1s2VtOE+Vl1oMCNu3RpPE0=", 7 | "owner": "ipetkov", 8 | "repo": "crane", 9 | "rev": "112e6591b2d6313b1bd05a80a754a8ee42432a7e", 10 | "type": "github" 11 | }, 12 | "original": { 13 | "owner": "ipetkov", 14 | "ref": "v0.20.1", 15 | "repo": "crane", 16 | "type": "github" 17 | } 18 | }, 19 | "nixpkgs": { 20 | "locked": { 21 | "lastModified": 1696541930, 22 | "narHash": "sha256-vFoVz++/01+aIp3Mw5AMNR8xvqXO4iY+iiTFt9s+1pc=", 23 | "owner": "NixOS", 24 | "repo": "nixpkgs", 25 | "rev": "35502f30abc1b59a793926212f5dfcd907cd1fe6", 26 | "type": "github" 27 | }, 28 | "original": { 29 | "owner": "NixOS", 30 | "ref": "master", 31 | "repo": "nixpkgs", 32 | "type": "github" 33 | } 34 | }, 35 | "nixpkgs-stable": { 36 | "locked": { 37 | "lastModified": 1720535198, 38 | "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", 39 | "owner": "NixOS", 40 | "repo": "nixpkgs", 41 | "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", 42 | "type": "github" 43 | }, 44 | "original": { 45 | "id": "nixpkgs", 46 | "ref": "nixos-23.11", 47 | "type": "indirect" 48 | } 49 | }, 50 | "nixpkgs_2": { 51 | "locked": { 52 | "lastModified": 1744932701, 53 | "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", 54 | "owner": "NixOS", 55 | "repo": "nixpkgs", 56 | "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", 57 | "type": "github" 58 | }, 59 | "original": { 60 | "id": "nixpkgs", 61 | "ref": "nixos-unstable", 62 | "type": "indirect" 63 | } 64 | }, 65 | "nixpkgs_3": { 66 | "locked": { 67 | "lastModified": 1744536153, 68 | "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", 69 | "owner": "NixOS", 70 | "repo": "nixpkgs", 71 | "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", 72 | "type": "github" 73 | }, 74 | "original": { 75 | "owner": "NixOS", 76 | "ref": "nixpkgs-unstable", 77 | "repo": "nixpkgs", 78 | "type": "github" 79 | } 80 | }, 81 | "oven": { 82 | "inputs": { 83 | "crane": "crane", 84 | "nixpkgs": "nixpkgs_2", 85 | "nixpkgs-stable": "nixpkgs-stable", 86 | "oxalica-rust": "oxalica-rust" 87 | }, 88 | "locked": { 89 | "lastModified": 1745243522, 90 | "narHash": "sha256-U9hipW2ZelPvRaGmJ1lu6JQ7NOg+zjmZj77+qeMw8EY=", 91 | "owner": "noql-net", 92 | "repo": "oven", 93 | "rev": "03563697cea6269371f779be06a884ede979cb3f", 94 | "type": "github" 95 | }, 96 | "original": { 97 | "owner": "noql-net", 98 | "repo": "oven", 99 | "rev": "03563697cea6269371f779be06a884ede979cb3f", 100 | "type": "github" 101 | } 102 | }, 103 | "oxalica-rust": { 104 | "inputs": { 105 | "nixpkgs": "nixpkgs_3" 106 | }, 107 | "locked": { 108 | "lastModified": 1745029910, 109 | "narHash": "sha256-9CtbfTTQWMoOkXejxc5D+K3z/39wkQQt2YfYJW50tnI=", 110 | "owner": "oxalica", 111 | "repo": "rust-overlay", 112 | "rev": "50fefac8cdfd1587ac6d8678f6181e7d348201d2", 113 | "type": "github" 114 | }, 115 | "original": { 116 | "owner": "oxalica", 117 | "repo": "rust-overlay", 118 | "type": "github" 119 | } 120 | }, 121 | "root": { 122 | "inputs": { 123 | "nixpkgs": "nixpkgs", 124 | "oven": "oven" 125 | } 126 | } 127 | }, 128 | "root": "root", 129 | "version": 7 130 | } 131 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "debs"; 3 | 4 | inputs.nixpkgs.url = "github:NixOS/nixpkgs/master"; 5 | inputs.oven.url = "github:noql-net/oven?rev=03563697cea6269371f779be06a884ede979cb3f"; 6 | 7 | outputs = { self, nixpkgs, oven }: rec { 8 | devShells.x86_64-linux.default = ((import ./toolbox/shell.nix) { pkgs = nixpkgs.legacyPackages.x86_64-linux; }); 9 | packages = 10 | let 11 | lib = nixpkgs.lib; 12 | pkgs = nixpkgs.legacyPackages.x86_64-linux; 13 | builder = import ./packages.nix; 14 | in 15 | { 16 | x86_64-linux = 17 | (builder { inherit lib pkgs; oven = oven.packages.x86_64-linux; }) // 18 | { default = packages.x86_64-linux.all-deb; }; 19 | 20 | aarch64-linux = 21 | (builder { inherit lib pkgs; oven = oven.packages.aarch64-linux; }) // 22 | { default = packages.aarch64-linux.all-deb; }; 23 | 24 | all = { 25 | all-deb = with pkgs; 26 | (import ./toolbox/all-deb.nix) { 27 | inherit lib stdenv; 28 | debs = with packages; { 29 | x86_64-linux = x86_64-linux.all-deb; 30 | aarch64-linux = aarch64-linux.all-deb; 31 | }; 32 | }; 33 | default = packages.all.all-deb; 34 | }; 35 | }; 36 | }; 37 | 38 | nixConfig = { 39 | extra-substituters = "https://cache.garnix.io/"; 40 | extra-trusted-public-keys = "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /garnix.yaml: -------------------------------------------------------------------------------- 1 | builds: 2 | exclude: [] 3 | include: 4 | - 'packages.*.*' 5 | -------------------------------------------------------------------------------- /packages.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, oven }: 2 | 3 | let 4 | dpkg = pkgs.dpkg; 5 | stdenv = pkgs.stdenv; 6 | 7 | staticPackages = { 8 | bepass = oven.bepass; 9 | bepass-relay = oven.bepass-relay; 10 | brook = oven.brook; 11 | chisel = oven.chisel; 12 | clash = oven.clash; 13 | cloak = oven.cloak; 14 | daze = oven.daze; 15 | dnscrypt-proxy2 = oven.dnscrypt-proxy2; 16 | dtlspipe = oven.dtlspipe; 17 | gg = oven.gg; 18 | glider = oven.glider; 19 | go-shadowsocks2 = oven.go-shadowsocks2; 20 | gost = oven.gost; 21 | headscale = oven.headscale; 22 | hysteria = oven.hysteria; 23 | juicity = oven.juicity; 24 | lyrebird = oven.lyrebird; 25 | mieru = oven.mieru; 26 | mihomo = oven.mihomo; 27 | mtg = oven.mtg; 28 | mwgp = oven.mwgp; 29 | ooniprobe-cli = oven.ooniprobe-cli; 30 | outline-ss-server = oven.outline-ss-server; 31 | psiphon-tunnel-core = oven.psiphon-tunnel-core; 32 | shadowsocks-rust = oven.shadowsocks-rust; 33 | shadowsocks-v2ray-plugin = oven.shadowsocks-v2ray-plugin; 34 | shadowsocks-xray-plugin = oven.shadowsocks-xray-plugin; 35 | sing-box = oven.sing-box; 36 | trojan-go = oven.trojan-go; 37 | tuic = oven.tuic; 38 | tun2socks = oven.tun2socks; 39 | v2ray-core = oven.v2ray-core; 40 | wireproxy = oven.wireproxy; 41 | xray-core = oven.xray-core; 42 | xray-knife = oven.xray-knife; 43 | }; 44 | 45 | debPackages = lib.attrsets.mapAttrs' 46 | (pkgName: inputPackage: 47 | lib.attrsets.nameValuePair (pkgName + "-deb") ( 48 | (import ./toolbox/deb.nix) { inherit inputPackage stdenv dpkg; } 49 | ) 50 | ) 51 | (staticPackages); 52 | 53 | all-deb = { all-deb = (import ./toolbox/all-deb.nix) { inherit lib stdenv; debs = debPackages; }; }; 54 | in 55 | 56 | staticPackages // debPackages // all-deb 57 | -------------------------------------------------------------------------------- /readme.tmpl: -------------------------------------------------------------------------------- 1 | # debs 2 | 3 | A nix flake that is used to create an apt repository for debian-based 4 | distros containing a small selection of packages. 5 | 6 | A live and mostly up-to-date version of the repo this flake produces is 7 | available on `apt.noql.net`. It can used by adding the following to 8 | `/etc/apt/sources.list`: 9 | 10 | ``` 11 | deb [trusted=yes] https://apt.noql.net/all all main 12 | ``` 13 | 14 | Make sure to install `ca-certificates` to be able to use https sources, 15 | and run `apt update` afterwards. 16 | 17 | ## Goals 18 | The packages produced here are statically compiled, and target 19 | both amd64 and arm64 architectures. The arm64 packages are 20 | cross-compiled on amd64 build machines. 21 | 22 | ## Package selection 23 | The packages that are added here are generally 24 | anti-censorship/proxy, networking, encryption/privacy related tools. The 25 | selection is updated very regularly. 26 | 27 | If there's a tool that would be appropriate to add, please file an 28 | issue. 29 | 30 | ## Packages 31 | ``` 32 | {{- range (datasource "pkgs") }} 33 | {{ . }} 34 | {{- end }} 35 | ``` 36 | -------------------------------------------------------------------------------- /toolbox/all-deb.nix: -------------------------------------------------------------------------------- 1 | { lib, stdenv, debs }: 2 | 3 | stdenv.mkDerivation rec { 4 | name = "all-deb"; 5 | src = ./.; 6 | buildInputs = lib.attrsets.attrValues debs; 7 | phases = [ "installPhase" ]; 8 | paths = lib.strings.concatStringsSep " " (lib.attrsets.attrValues debs); 9 | 10 | installPhase = '' 11 | mkdir -p "$out" 12 | for path in ${paths} 13 | do 14 | cp $path/* $out/ 15 | done 16 | ''; 17 | } 18 | -------------------------------------------------------------------------------- /toolbox/deb.nix: -------------------------------------------------------------------------------- 1 | { inputPackage, stdenv, dpkg }: 2 | 3 | stdenv.mkDerivation rec { 4 | name = "${inputPackage.pname}-deb"; 5 | src = ./.; 6 | nativeBuildInputs = [ dpkg ]; 7 | buildInputs = [ inputPackage ]; 8 | phases = [ "installPhase" ]; 9 | 10 | debArch = { 11 | x86_64 = "amd64"; 12 | arm64 = "arm64"; 13 | }.${inputPackage.stdenv.targetPlatform.linuxArch} or (throw "Unsupported architecture: ${inputPackage.stdenv.targetPlatform.linuxArch}"); 14 | 15 | debControlFile = '' 16 | Package: ${inputPackage.pname} 17 | Description: ${inputPackage.pname} 18 | Version: ${inputPackage.version} 19 | Section: base 20 | Priority: optional 21 | Architecture: ${debArch} 22 | Maintainer: Mark Pashmfouroush 23 | ''; 24 | 25 | installPhase = '' 26 | mkdir -p $out 27 | temp=$(mktemp -d) 28 | mkdir -p "$temp/usr/bin" 29 | mkdir -p "$temp/DEBIAN" 30 | cp ${inputPackage}/bin/* "$temp/usr/bin/" 31 | echo "${debControlFile}" > "$temp/DEBIAN/control" 32 | dpkg-deb -Zxz -z9 --build "$temp" "$out" 33 | rm -rf "$temp" 34 | ''; 35 | } 36 | -------------------------------------------------------------------------------- /toolbox/shell.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | let 4 | build-debs = pkgs.writeShellApplication { 5 | name = "build-debs"; 6 | runtimeInputs = [ ]; 7 | text = ''nix build -L .#packages.all.all-deb''; 8 | }; 9 | 10 | repo-add = pkgs.writeShellApplication { 11 | name = "repo-add"; 12 | runtimeInputs = [ pkgs.aptly ]; 13 | text = '' 14 | build-debs 15 | aptly repo add -force-replace all result/* 16 | ''; 17 | }; 18 | 19 | repo-publish = pkgs.writeShellApplication { 20 | name = "repo-publish"; 21 | runtimeInputs = [ pkgs.aptly ]; 22 | text = ''aptly publish update -force-overwrite all s3:noql-apt:all''; 23 | }; 24 | 25 | readme-update = pkgs.writeShellApplication { 26 | name = "readme-update"; 27 | runtimeInputs = [ pkgs.gomplate ]; 28 | text = '' 29 | nix eval --json '.#packages.x86_64-linux' --apply builtins.attrNames | \ 30 | jq 'map(select(.|test("(deb|default)$")|not))' | \ 31 | gomplate --datasource pkgs=stdin:///pkgs.json --file readme.tmpl --out README.md 32 | ''; 33 | }; 34 | in pkgs.mkShell { 35 | buildInputs = [ 36 | pkgs.aptly 37 | pkgs.gomplate 38 | 39 | build-debs 40 | repo-add 41 | repo-publish 42 | readme-update 43 | ]; 44 | } 45 | --------------------------------------------------------------------------------