├── .allowed_signers ├── .envrc ├── .gitignore ├── LICENSE ├── README.md ├── bin ├── buildhost ├── ci ├── deploy ├── fmt ├── mkboot ├── repair └── update-openssh ├── bins ├── check-restart.nix ├── default.nix ├── gen-patches.nix ├── icb-irc-tunnel.nix ├── ix.nix ├── ix │ └── ix.pl ├── pubs │ ├── openbsd-68-base.pub │ ├── openbsd-68-fw.pub │ ├── openbsd-68-pkg.pub │ ├── openbsd-68-syspatch.pub │ ├── openbsd-69-base.pub │ ├── openbsd-69-fw.pub │ ├── openbsd-69-pkg.pub │ ├── openbsd-69-syspatch.pub │ ├── openbsd-70-base.pub │ ├── openbsd-70-fw.pub │ ├── openbsd-70-pkg.pub │ ├── openbsd-70-syspatch.pub │ ├── openbsd-71-base.pub │ ├── openbsd-71-fw.pub │ ├── openbsd-71-pkg.pub │ ├── openbsd-71-syspatch.pub │ ├── openbsd-72-base.pub │ ├── openbsd-72-fw.pub │ ├── openbsd-72-pkg.pub │ ├── openbsd-72-syspatch.pub │ ├── openbsd-73-base.pub │ ├── openbsd-73-fw.pub │ ├── openbsd-73-pkg.pub │ ├── openbsd-73-syspatch.pub │ ├── openbsd-74-base.pub │ ├── openbsd-74-fw.pub │ ├── openbsd-74-pkg.pub │ ├── openbsd-74-syspatch.pub │ ├── openbsd-75-base.pub │ ├── openbsd-75-fw.pub │ ├── openbsd-75-pkg.pub │ ├── openbsd-75-syspatch.pub │ ├── openbsd-76-base.pub │ ├── openbsd-76-fw.pub │ ├── openbsd-76-pkg.pub │ ├── openbsd-76-syspatch.pub │ ├── openbsd-77-base.pub │ ├── openbsd-77-fw.pub │ ├── openbsd-77-pkg.pub │ ├── openbsd-77-syspatch.pub │ ├── openbsd-78-base.pub │ ├── openbsd-78-fw.pub │ ├── openbsd-78-pkg.pub │ ├── openbsd-78-syspatch.pub │ ├── openbsd-79-base.pub │ ├── openbsd-79-fw.pub │ ├── openbsd-79-pkg.pub │ └── openbsd-79-syspatch.pub ├── rage.nix ├── rpr.nix ├── sfetch.nix └── upgrade-pg.nix ├── bold.daemon.pem ├── common.sh ├── configs ├── beet.nix ├── ca.nix ├── chromium.nix ├── ci.nix ├── colemak.nix ├── default.nix ├── dns.nix ├── doas.nix ├── doom.d │ ├── config.el │ ├── init.el │ └── packages.el ├── emacs.nix ├── emacs.org ├── firefox.nix ├── git.nix ├── hardened.nix ├── helix.nix ├── konsole.nix ├── manager.nix ├── neomutt.nix ├── neovim.lua ├── neovim.nix ├── net-overlay.nix ├── nix.nix ├── polybar.nix ├── smug.nix ├── ssh.nix ├── ssh_known_hosts ├── tailnet.nix ├── thunderbird.nix ├── tmux.nix ├── update.nix └── zsh.nix ├── dbuild ├── build-consumer.nix ├── build-server.nix └── default.nix ├── default.nix ├── flake.lock ├── flake.nix ├── gui ├── default.nix ├── gnome.nix ├── kde.nix └── xfce.nix ├── hooks └── pre-commit ├── hosts ├── box │ ├── default.nix │ └── hardware-configuration.nix ├── clunk │ ├── default.nix │ ├── hardware-configuration.nix │ └── xmonad.hs ├── europa │ ├── default.nix │ └── hardware-configuration.nix ├── faf │ ├── default.nix │ └── hardware-configuration.nix ├── h │ ├── alias │ ├── default.nix │ └── hardware-configuration.nix ├── luna │ ├── alias │ ├── default.nix │ └── hardware-configuration.nix ├── octo │ ├── default.nix │ └── hardware-configuration.nix ├── orcim │ ├── alias │ ├── default.nix │ └── hardware-configuration.nix ├── plq │ └── default.nix ├── pwntie │ ├── default.nix │ └── hardware-configuration.nix ├── retic │ ├── alias │ ├── default.nix │ └── hardware-configuration.nix ├── router │ ├── default.nix │ └── hardware-configuration.nix ├── stan │ ├── alias │ ├── default.nix │ └── hardware-configuration.nix ├── tv │ ├── default.nix │ └── hardware-configuration.nix ├── weather │ ├── default.nix │ └── hardware-configuration.nix └── weatherzero │ ├── default.nix │ └── hardware-configuration.nix ├── install_template.nix ├── installer.nix ├── lib └── default.nix ├── modules ├── backup.nix ├── default.nix ├── golink.nix ├── lock-action.nix ├── restic-rest-server.nix ├── rtlamr2mqtt.nix ├── signal-cli.nix ├── ssh-fido-agent.nix ├── tsvnstat.nix ├── veilid-server.nix └── yarr.nix ├── monitoring ├── default.nix └── monitrc ├── overlays ├── 1password-gui.nix ├── PLS.nix ├── bruno.nix ├── default.nix ├── dont_create_privsep_path.patch ├── elm-no-color.diff ├── heisen-plumb-no-react.diff ├── heisenbridge.nix ├── invidious.nix ├── locale_archive.patch ├── nixd.nix ├── obsidian.nix ├── rex.nix ├── signal-desktop.nix ├── ssh-keysign-8.5.patch ├── tailscale.nix └── tidal-hifi.nix ├── pkgs ├── ble-serial.nix ├── cachew.nix ├── default.nix ├── emacs.nix ├── flake-warn.nix ├── flake-warn.sh ├── ghexport.nix ├── gokrazy.nix ├── google-takeout-parser.nix ├── gosignify.nix ├── gqrss.nix ├── hammerspoon.nix ├── hpi.nix ├── icbirc.diff ├── icbirc.nix ├── intiface-engine.nix ├── irken.nix ├── kobuddy.diff ├── kobuddy.nix ├── krunner-krha.nix ├── kurinto.nix ├── lxst-deps.diff ├── lxst-unvendor.diff ├── lxst.nix ├── ollama-el.nix ├── openssh.nix ├── openssh │ ├── dont_create_privsep_path.patch │ ├── locale_archive.patch │ ├── ssh-keysign-8.5.patch │ └── version.json ├── orgparse.nix ├── precursorupdater.nix ├── promnesia.nix ├── pyogg-paths.patch ├── python-dotenv.nix ├── pywebscrapbook.nix ├── rnsh.nix ├── secretive.nix ├── setup-hook.sh ├── sqlcipher3.nix ├── ttfs.nix ├── watchmap.nix ├── weepushover.nix ├── yarr.nix ├── zutty.nix └── zutty_go.diff ├── pull_requests ├── .keep └── 399692.json ├── services ├── config-manager.nix └── default.nix ├── statix.toml ├── templates ├── ada │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ ├── flake.nix │ └── thing.adb ├── fyne │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ └── flake.nix ├── go-fyne-shell │ ├── .envrc │ └── shell.nix ├── go-fyne │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ └── flake.nix ├── go │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ └── flake.nix ├── mojo │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ ├── flake.nix │ └── thing.pl ├── ocaml │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ ├── flake.nix │ └── thing.ml ├── perl │ ├── .envrc │ ├── .gitignore │ ├── LICENSE │ ├── flake.nix │ └── thing.pl └── shell │ ├── .envrc │ └── shell.nix ├── treefmt.toml ├── users └── default.nix └── xintray-logo.png /.allowed_signers: -------------------------------------------------------------------------------- 1 | aaron@bolddaemon.com sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI= 2 | aaron@bolddaemon.com sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu 3 | aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC74Cw0fk2g/Fzo2a5bJ+Tw6mEjbGR1/yx0HBt/p3R30 4 | aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager 5 | aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACUwXo7HdoPI9vAMzcbYuXRgsbHA2otn0zF1zsaaj40 nixos ci 6 | aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlVMdlJxNwsBAb6UUA0hqSwpbMA23L+UzRgkiodpOGq CI Signing 7 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | cp -v hooks/pre-commit .git/hooks/ 3 | PATH_add ./bin 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .gcroots/ 2 | .direnv 3 | result 4 | .DS_Store 5 | tags 6 | *.bak -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | xin 2 | === 3 | 4 | Ever growing nix configuration. It started as a single host and has eventually 5 | consumed more and more machines in my environment! 6 | 7 | ![xin](./xintray-logo.png) 8 | -------------------------------------------------------------------------------- /bin/buildhost: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | nix build --print-out-paths --no-link .#nixosConfigurations.${1}.config.system.build.toplevel 4 | -------------------------------------------------------------------------------- /bin/deploy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | . ./common.sh 4 | 5 | trap error INT TERM 6 | 7 | if [ -f /run/secrets/manager_pubkey ]; then 8 | start 9 | fi 10 | 11 | rebuild() { 12 | host="$(resolveAlias $1)" 13 | skip_check=$2 14 | 15 | build_host=${BUILD_HOST:-$host} 16 | msg "Rebuilding: ${host} using ${build_host}" 17 | nixos-rebuild ${TRACE} --flake .#${1} --build-host "root@${build_host}" --target-host "root@${host}" switch 2>&1 | nom 18 | return $? 19 | } 20 | 21 | if [ "$1" = "watch" ]; then 22 | if [ "$2" = "status" ]; then 23 | for f in pull_requests/*.json; do 24 | pr=$(basename $f .json) 25 | title="$(jq -r '.title' <$f)" 26 | status="$(jq -r '.status' <$f)" 27 | echo "${pr}|${title}|${status}" 28 | done | column -t -s '|' 29 | exit 0 30 | fi 31 | 32 | if [ "$2" = "update" ]; then 33 | msg "updating watches..." 34 | for f in pull_requests/*.json; do 35 | pr=$(basename $f .json) 36 | if [ "$(jq -r '.status' <$f)" = "open" ]; then 37 | curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json 38 | msg "Updated watch for ${pr}: $(jq -r .title pull_requests/${pr}.json 46 | msg "Added watch for ${pr}: $(jq -r .title &1 | nom 54 | exit $? 55 | fi 56 | 57 | if [ "$1" = "update" ]; then 58 | single="$2" 59 | can_sign=0 60 | for i in $(ssh-add -L | awk '{print $2}'); do 61 | grep -q $i .allowed_signers && can_sign=1 62 | done 63 | 64 | # TODO: capture commit message and wrap it with what is being updated. 65 | if [ $can_sign != 1 ]; then 66 | echo "Can't find signing key." 67 | exit 1 68 | fi 69 | 70 | if [ "$single" != "" ]; then 71 | nix flake update --commit-lock-file "$single" 72 | else 73 | nix flake update --commit-lock-file 74 | fi 75 | nix flake archive 76 | exit $? 77 | fi 78 | 79 | if [ "$1" = "diff" ]; then 80 | host="$(resolveAlias $2)" 81 | mkdir -p .gcroots 82 | out=$(nix build -o .gcroots/${host} --json .#nixosConfigurations.${2}.config.system.build.toplevel | jq -r '.[0].outputs.out') 83 | nix copy -s --to "ssh://root@$host" "$out" 84 | nix copy -s --derivation --to "ssh://root@$host" "$out" 85 | ${SSH} "root@$host" "nix-store -qd /run/current-system $out | xargs nix-diff --color=always" | less 86 | exit $? 87 | fi 88 | 89 | ret=0 90 | if [ ${#@} = 1 ]; then 91 | rebuild $1 true || ret=1 92 | else 93 | lock 94 | for host in $(listNixOSHosts); do 95 | rebuild $host false || ret=1 96 | done 97 | fi 98 | -------------------------------------------------------------------------------- /bin/fmt: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | treefmt 6 | -------------------------------------------------------------------------------- /bin/mkboot: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | case $1 in 4 | arm | arm64) 5 | nix build .#nixosConfigurations.arm64Install.config.system.build.sdImage |& nom 6 | ;; 7 | haas) 8 | nix build .#nixosConfigurations.hassInstall.config.system.build.isoImage |& nom 9 | ;; 10 | iso) 11 | nix build .#nixosConfigurations.isoInstall.config.system.build.isoImage |& nom 12 | ;; 13 | reform) 14 | nix build .#nixosConfigurations.reformInstall.config.system.build.sdImage |& nom 15 | ;; 16 | octo) 17 | nix build .#nixosConfigurations.octo.config.system.build.sdImage |& nom 18 | ;; 19 | *) 20 | echo "Usage: boot [iso|arm64|arm|hass|reform]" 21 | ;; 22 | esac 23 | -------------------------------------------------------------------------------- /bin/repair: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | sudo date 3 | while nix flake check --no-build |& grep "is not valid" >/tmp/invalid; do 4 | path=$(cat /tmp/invalid | awk -F\' '{print $2}') 5 | echo "Repairing $path" 6 | sudo nix-store --repair-path $path >/dev/null 7 | done 8 | date 9 | -------------------------------------------------------------------------------- /bin/update-openssh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | . ./common.sh 6 | 7 | trap error INT TERM 8 | 9 | start 10 | 11 | ATOM="$(curl -H "Accept: application/atom+xml" -s https://github.com/openssh/openssh-portable/commits/master.atom)" 12 | CURRENT="$(cat pkgs/openssh/version.json)" 13 | 14 | COMMIT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].id' | awk -F/ '{print $NF}')" 15 | COMMENT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].title')" 16 | UPDATED="$(echo $ATOM | dasel -rxml 'feed.entry.[0].updated' | awk -FT '{print $1}')" 17 | 18 | CURRENT_COMMIT="$(echo $CURRENT | jq -r .rev)" 19 | 20 | if [ "${CURRENT_COMMIT}" != "${COMMIT}" ]; then 21 | nix-prefetch-github openssh openssh-portable \ 22 | --rev "${COMMIT}" \ 23 | --json | 24 | jq -r --arg v "${UPDATED}" \ 25 | --arg c "${COMMENT}" \ 26 | '. |= . + {"version": $v, "comment": $c}' \ 27 | >pkgs/openssh/version.json 28 | FN=$(mktemp) 29 | echo "pkgs/openssh: update to '${COMMIT}'" >${FN} 30 | echo >>${FN} 31 | echo "${COMMENT}" >>${FN} 32 | git add pkgs/openssh/version.json && git commit -F $FN 33 | else 34 | echo "No updates." 35 | fi 36 | -------------------------------------------------------------------------------- /bins/check-restart.nix: -------------------------------------------------------------------------------- 1 | { perl }: '' 2 | #!${perl}/bin/perl 3 | 4 | use strict; 5 | use warnings; 6 | 7 | use feature 'say'; 8 | 9 | my @booted = split("/", `readlink -f /run/booted-system/kernel`); 10 | my @current = split("/", `readlink -f /run/current-system/kernel`); 11 | 12 | if ($booted[3] ne $current[3]) { 13 | say "Restart required!"; 14 | say "old: $booted[3]"; 15 | say "new: $current[3]"; 16 | exit 1; 17 | } else { 18 | say "system is clean.."; 19 | } 20 | '' 21 | -------------------------------------------------------------------------------- /bins/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , config 3 | , isUnstable 4 | , ... 5 | }: 6 | let 7 | mkPubs = ver: { 8 | "signify/openbsd-${toString ver}-base.pub".text = 9 | builtins.readFile ./pubs/openbsd-${toString ver}-base.pub; 10 | "signify/openbsd-${toString ver}-fw.pub".text = 11 | builtins.readFile ./pubs/openbsd-${toString ver}-fw.pub; 12 | "signify/openbsd-${toString ver}-pkg.pub".text = 13 | builtins.readFile ./pubs/openbsd-${toString ver}-pkg.pub; 14 | "signify/openbsd-${toString ver}-syspatch.pub".text = 15 | builtins.readFile ./pubs/openbsd-${toString ver}-syspatch.pub; 16 | }; 17 | gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; }; 18 | 19 | ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; }); 20 | checkRestart = 21 | pkgs.writeScriptBin "check-restart" 22 | (import ./check-restart.nix { inherit (pkgs) perl; }); 23 | sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix { 24 | inherit gosignify; 25 | inherit (pkgs) curl; 26 | }); 27 | genPatches = pkgs.callPackage ./gen-patches.nix { }; 28 | upgrade-pg = pkgs.writeScriptBin "upgrade-pg" (import ./upgrade-pg.nix { 29 | inherit pkgs; 30 | inherit config; 31 | }); 32 | in 33 | { 34 | environment.systemPackages = with pkgs; [ 35 | checkRestart 36 | genPatches 37 | ix 38 | sfetch 39 | xclip 40 | ] ++ (if config.services.postgresql.enable then 41 | [ upgrade-pg ] 42 | else [ ]); 43 | environment.etc = 44 | (mkPubs 68) // 45 | (mkPubs 69) // 46 | (mkPubs 70) // 47 | (mkPubs 71) // 48 | (mkPubs 72) // 49 | (mkPubs 73) // 50 | (mkPubs 74) // 51 | (mkPubs 75) // 52 | (mkPubs 76) // 53 | (mkPubs 77) // 54 | (mkPubs 78) // 55 | (mkPubs 79); 56 | } 57 | -------------------------------------------------------------------------------- /bins/gen-patches.nix: -------------------------------------------------------------------------------- 1 | { writeShellApplication 2 | , diffutils 3 | , findutils 4 | , coreutils 5 | , ... 6 | }: 7 | let 8 | genPatches = writeShellApplication { 9 | name = "gen-patches"; 10 | runtimeInputs = [ diffutils findutils coreutils ]; 11 | text = '' 12 | suffix=".orig" 13 | srcdir=$PWD 14 | output="$PWD/patches" 15 | 16 | usage() { 17 | echo "Usage: $0 [-s suffix (default .orig)] [-d source directory (default PWD)] [-o output directory (default PWD/patches)]" 1>&2; 18 | exit 1; 19 | } 20 | 21 | while getopts "d:ho:s:" arg; do 22 | case $arg in 23 | d) 24 | srcdir=$OPTARG 25 | ;; 26 | h) 27 | usage 28 | ;; 29 | s) 30 | suffix=$OPTARG 31 | ;; 32 | o) 33 | output=$OPTARG 34 | ;; 35 | *) 36 | usage 37 | esac 38 | done 39 | 40 | mkdir -p "$output" 41 | 42 | # hold my be er! 43 | # shellcheck disable=SC2044 44 | for patch in $(find "$srcdir" -name "*$suffix"); do 45 | fname=$(basename "$patch" "$suffix") 46 | dname=$(dirname "$patch") 47 | file="$dname/$fname" 48 | outfile="$(echo "$dname/$fname" | sed 's;/;_;g').diff" 49 | diff -u "$patch" "$file" > "$output/$outfile" || \ 50 | echo "==> Created patch: $output/$outfile" 51 | done 52 | ''; 53 | }; 54 | in 55 | genPatches 56 | -------------------------------------------------------------------------------- /bins/icb-irc-tunnel.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , icbirc 3 | , 4 | }: '' 5 | #!${pkgs.yash}/bin/yash 6 | ${pkgs.procps}/bin/pkill icbirc 7 | 8 | # porters 9 | ${icbirc}/bin/icbirc -d -l 127.0.0.1 -s localhost -p 6644 >/tmp/icbirc-porters & 10 | 11 | # hackers 12 | ${icbirc}/bin/icbirc -d -l 127.0.0.1 -s localhost -p 6645 >/tmp/icbirc-hackers & 13 | 14 | ${pkgs.openssh}/bin/ssh -NTL 7326:localhost:7326 \ 15 | -oServerAliveInterval=60 \ 16 | -oExitOnForwardFailure=yes \ 17 | anonicb@slackers.openbsd.org 18 | '' 19 | -------------------------------------------------------------------------------- /bins/ix.nix: -------------------------------------------------------------------------------- 1 | { perl }: '' 2 | #!${perl}/bin/perl 3 | ${builtins.readFile ./ix/ix.pl} 4 | '' 5 | -------------------------------------------------------------------------------- /bins/ix/ix.pl: -------------------------------------------------------------------------------- 1 | use strict; 2 | use warnings; 3 | 4 | use HTTP::Tiny; 5 | if ( $^O eq "openbsd" ) { 6 | require OpenBSD::Pledge; 7 | require OpenBSD::Unveil; 8 | 9 | OpenBSD::Unveil::unveil( "/", "" ) or die; 10 | OpenBSD::Pledge::pledge(qw( stdio dns inet rpath )) or die; 11 | } 12 | 13 | my $http = HTTP::Tiny->new(); 14 | 15 | sub slurp { 16 | my ($fh) = @_; 17 | local $/; 18 | <$fh>; 19 | } 20 | 21 | sub ix { 22 | my ($input) = @_; 23 | my $url = "http://okturing.com"; 24 | my $form = [ 25 | a_body => $input, 26 | submit => "submit", 27 | fake => "fake", 28 | a_func => "add_post" 29 | ]; 30 | my $resp = $http->post_form( $url, $form ) 31 | or die "could not POST: $!"; 32 | $resp->{content}; 33 | } 34 | 35 | my $input = slurp('STDIN'); 36 | my $out = ix($input); 37 | foreach my $line ($out) { 38 | if ( $line =~ m/href="(.+okturing\.com\/src.+\/body)\"/ ) { 39 | print $1, "\n"; 40 | last; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-68-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 6.8 base public key 2 | RWQZj25CSG5R2oLo5735Hh6C48kkjFsj5rJDjW+fGZwyY+BkD5/zps8f 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-68-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 6.8 firmware public key 2 | RWSYx4htNi/zavF8ZToMBDFz2xymRfFnnR1MEKV9csYbvnrTBwdkXhdy 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-68-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 6.8 packages public key 2 | RWQlDXyHx5KlPoEiz4yWRK/Gt/rvPwI8KEAt3utge/dBS7R+EscdzA5K 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-68-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 6.8 syspatch public key 2 | RWRWuHkSV0U8PUX24vGa3ywrvKNQY6llV3PLvKEzDTiTVPfIRaXPfvzR 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-69-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 6.9 base public key 2 | RWQQsAemppS46LT4dNnAtVUZt51ResyNU35n4OH9yl/r7JcR3B75fO4V 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-69-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 6.9 firmware public key 2 | RWQmtywnZCJ0lWWc2wr0Ity/Ys498gmQksAi2dSmpW5IwkjEH/OXYPaF 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-69-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 6.9 packages public key 2 | RWSG2ib5ZXSfQUmO/SK6MkA6wDVmjQ+7PHIUtEokG4TNnTghJnJ7NtkR 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-69-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 6.9 syspatch public key 2 | RWQukL+0K9o9dQ7z3X8mPAftyJDzxmsm9ojLck+Yi9Q+YGEPqdxDK4ke 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-70-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.0 base public key 2 | RWR3KL+gSr4QZ5mOvKhcOOgGe61ogHp5PyBOj2RrmyCpqchk9A7NVPzh 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-70-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.0 firmware public key 2 | RWS8nd7vy+I+fRHtnpxVBeX+P+9rBqJMPvSU6z8LYyAv5p73WcdFXs3B 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-70-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.0 packages public key 2 | RWR3iauEtA8/bLN/zfIQhOc5ramL/fARX72S6xw8BwAUebxik7KioCvL 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-70-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.0 syspatch public key 2 | RWSD33kMDKsQH8j0Q8FzfYk+vsgTKiP8Q5DcrkQQtrZoWg48yxUQgLxU 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-71-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.1 public key 2 | RWR2eHwZTOEiTWog354iy3StRj18VbZl87O9uZpa1M2jGLXEkco6vDT5 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-71-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.1 firmware public key 2 | RWQCAJ4gBK3pbcm/Q5XYxu+hIY3Zvx9kwGv2uJphEN7kNl1DD4QRue6v 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-71-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.1 packages public key 2 | RWQgLTtHQtisyH9qc9imxVFsf+P24M75F1aNio5qJCfG/bO6gATAzC9V 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-71-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.1 syspatch public key 2 | RWTVqN+z9ta+Z6Ri7W7Vlf+XgXE30rGXld8kO78L1GmE61U5Xvbr/zHM 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-72-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.2 public key 2 | RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-72-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.2 firmware public key 2 | RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-72-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.2 packages public key 2 | RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-72-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.2 syspatch public key 2 | RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-73-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.3 public key 2 | RWQS90bYzZ4XFms5z9OodrFABHMQnW6htU+4Tmp88NuQiTEezMm2cQ3K 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-73-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.3 firmware public key 2 | RWRSJW95RokBEZUxBFvPCEdtQPg2WMExzMIcjnXzVpIwUpyZZmfXun5a 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-73-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.3 packages public key 2 | RWTJxSCZzSPKGp8unIp/yxG2lvCXJg5lFVvbOBQUvKEnGHFAO8RPg3mr 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-73-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.3 syspatch public key 2 | RWShXqVD7hfbBpWb1B5EGr1DUX8kkjkTueCsa243lLNocuuVU+2eWMn5 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-74-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.4 public key 2 | RWRoyQmAD08ajTqgzK3UcWaVlwaJMckH9/CshU8Md5pN1GoIrcBdTF+c 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-74-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.4 firmware public key 2 | RWTRA9KXRuZKunpXYK0ed5OxbE0K7rYWpDnTu+M8wZdqzRroFqed0U6I 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-74-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.4 packages public key 2 | RWR/h7gubZ9M/O46RNy3PzLTPevOCK24LGCPca41IHMwSH4YuVA+jnWO 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-74-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.4 syspatch public key 2 | RWQqty2voy8V8afR9/v2RzuNr7r4y9cKwljABN7Tytd7JcPdBjnXg0Ue 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-75-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.5 base public key 2 | RWRGj1pRpprAfgeF/rgld4ubduChLvTkigA1Zj7WLDsVA4qfYSWOEI8q 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-75-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.5 firmware public key 2 | RWQ6EsXr4NMYvyLICug3dLHfmbpXlVasF1jbt3GVNQsosgB5+PgaufBu 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-75-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.5 packages public key 2 | RWS/sEFDvf+rjUmS1WROzxH05pB1kB7JRRq76DUGUhCE0Ks8AdpjP5pD 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-75-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.5 syspatch public key 2 | RWRAAZC5WcFgn+8b5msDR+yDVCx4ziLaSQI2sy7e4GFY42nFW9p7mP2t 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-76-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.6 base public key 2 | RWTkuwn4mbq8ouJbfO4VfNH8+FdiZUosz2qIR0V0C9bm6CnVEt7CGkV0 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-76-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.6 firmware public key 2 | RWTjkGqNGXmQxWRiGhZYwI3lUuv1LNutoO7ERDCfFwLB/Lkp1aCsS4QP 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-76-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.6 packages public key 2 | RWQnLSfWlibGntNj6cqS87rZEmqv1VWMbGSskBTuNKxiSg5hgBpTvzJz 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-76-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.6 syspatch public key 2 | RWRzQWJ4ipcCDeYWQNJJ2gBVTP8KZTxaD0aELC/SNplE3ynVDEHWaPQR 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-77-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.7 base public key 2 | RWSbCCUoGpcxVRmNb/XFYBbthxWMK7G6fNbJhb993Ohuh29WFaT9vhe2 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-77-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.7 firmware public key 2 | RWSJsKh8CzZG93aXHWDPCNM04iMwt7wRzfWzs1nL/2K6OsUvmAEfQavY 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-77-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.7 packages public key 2 | RWQ0omJ8AdcUd41n7fqEccjc/VyLhJLKVJo7oFUg7epg6lUHRtgMgT52 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-77-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.7 syspatch public key 2 | RWRtcHFMyeKCcG4TkoK/TbEvDd1vch0tq8VgRR5UBpvAQkUcgja3jtV9 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-78-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.8 base public key 2 | RWS3/nvFmk4SWSmt/5QIk9yB4+uoAGoiYvFhVlDQBG3rWENeeIys0LWB 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-78-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.8 firmware public key 2 | RWSFPOE2F7PQul5Fu/3G/JKMmqJD76vKKQh30UrwSslcMcU5/MEBVqTd 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-78-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.8 packages public key 2 | RWRdSyJORZBFeOu7a8K3nODBr9GrFJlGZUG2j93jDSds8Zc+NLTP8v60 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-78-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.8 syspatch public key 2 | RWRYSW9gIG/XToA9BM+s+ehGgxdWe0+ZShwt85+/dFXYOZFRUi4uqhiR 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-79-base.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: openbsd 7.9 base public key 2 | RWTSdNN9A3yvWNn7mUjXwv9DOCOUnyfuV+mq1iGPIfD+NhN8EYnEQ1at 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-79-fw.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.9 firmware public key 2 | RWQdmBb/OCe1hXE08xCj5VLnBpGpphy7kYPdU3oWyfnrwswjtl8K385E 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-79-pkg.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.9 packages public key 2 | RWSw1kDLJJy6OYgnayEMReLV57z2rzx5jYNCghO+2ARwqd6KuwGFWSn7 3 | -------------------------------------------------------------------------------- /bins/pubs/openbsd-79-syspatch.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: OpenBSD 7.9 syspatch public key 2 | RWTJmz/ur68S9e26/JVRr7T88lAPZIF3YgZ3w2lDnf/frAxTerC/DrZ6 3 | -------------------------------------------------------------------------------- /bins/rage.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | let 3 | oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit; 4 | wlclip = 5 | if pkgs.system == "aarch64-darwin" 6 | then "" 7 | else "${pkgs.wl-clipboard}/bin/wl-copy"; 8 | xclip = 9 | if pkgs.system == "aarch64-darwin" 10 | then "pbcopy" 11 | else "${pkgs.xclip}/bin/xclip"; 12 | in 13 | '' 14 | #!${pkgs.yash}/bin/yash 15 | 16 | set -e 17 | 18 | rage_dir=~/.rage 19 | 20 | . ''${rage_dir}/config 21 | 22 | cmd=$1 23 | 24 | list() { 25 | find $rage_dir -type f -name \*.age 26 | } 27 | 28 | if [ -z $cmd ]; then 29 | list 30 | exit 31 | fi 32 | 33 | case $cmd in 34 | ls) 35 | list 36 | ;; 37 | re) 38 | F="" 39 | if [ -f $2 ]; then 40 | F=$2 41 | else 42 | F=$(list | grep $2) 43 | fi 44 | 45 | echo "Re-encrypting: '$F'" 46 | pass="$(${pkgs.age}/bin/age -i $identity -d "$F")" 47 | echo "$pass" | ${pkgs.age}/bin/age -a -R "$recipients" > "$F" 48 | ;; 49 | en) 50 | printf 'Password: ' 51 | stty -echo 52 | read pass 53 | stty echo 54 | echo "" 55 | printf 'Location: ' 56 | read loc 57 | echo "" 58 | mkdir -p "$(dirname ~/.rage/$loc)" 59 | echo "$pass" | ${pkgs.age}/bin/age -a -R "$recipients" > ~/.rage/''${loc}.age 60 | ;; 61 | de) 62 | if [ -f $2 ]; then 63 | ${pkgs.age}/bin/age -i $identity -d $2 64 | else 65 | F=$(list | grep $2) 66 | ${pkgs.age}/bin/age -i $identity -d "$F" 67 | fi 68 | ;; 69 | cp) 70 | CLIP=${xclip} 71 | if [ ! -z $WAYLAND_DISPLAY ]; then 72 | CLIP=${wlclip} 73 | fi 74 | 75 | if [ -f $2 ]; then 76 | ${pkgs.age}/bin/age -i $identity -d $2 | $CLIP 77 | else 78 | F=$(list | grep $2) 79 | ${pkgs.age}/bin/age -i $identity -d "$F" | $CLIP 80 | fi 81 | ;; 82 | otp) 83 | if [ -f $2 ]; then 84 | ${pkgs.age}/bin/age -i $identity -d $2 | ${oathPkg}/bin/oathtool -b --totp - 85 | else 86 | F=$(list | grep $2) 87 | ${pkgs.age}/bin/age -i $identity -d "$F" | ${oathPkg}/bin/oathtool -b --totp - 88 | fi 89 | ;; 90 | push) 91 | cd $rage_dir 92 | ${pkgs.git}/bin/git push 93 | ;; 94 | sync) 95 | cd $rage_dir 96 | ${pkgs.git-sync}/bin/git-sync 97 | ;; 98 | default) 99 | list 100 | esac 101 | '' 102 | -------------------------------------------------------------------------------- /bins/rpr.nix: -------------------------------------------------------------------------------- 1 | { tea 2 | , gh 3 | , hut 4 | , 5 | }: 6 | let 7 | teaBin = "${tea}/bin/tea"; 8 | ghBin = "${gh}/bin/gh"; 9 | htBin = "${hut}/bin/hut"; 10 | in 11 | '' 12 | #!/usr/bin/env sh 13 | 14 | set -eu 15 | 16 | source ~/.config/op/plugins.sh 17 | 18 | proj="$(basename $PWD)" 19 | 20 | for login in $(${teaBin} logins list -o simple | awk '{print $1}'); do 21 | tea logins default "$login" 22 | tea repos create --private --name "$proj" || echo "error creating '$proj' on '$login'" 23 | done 24 | 25 | # ${ghBin} 26 | gh repo create --public "$proj" || echo "error creating '$proj' on 'github'" 27 | 28 | # ${htBin} 29 | ${htBin} git create "$proj" || echo "error creating '$proj' on 'sr.ht'" 30 | 31 | git config --unset-all remote.origin.url || echo "no remote defined..." 32 | for repo in "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s" "git@github.com:qbit/%s.git" "git@gitle.otter-alligator.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git"; do 33 | echo "Adding remote: $(printf $repo $proj)" 34 | git config --add remote.origin.url "$(printf $repo $proj)" 35 | done 36 | 37 | '' 38 | -------------------------------------------------------------------------------- /bins/sfetch.nix: -------------------------------------------------------------------------------- 1 | { curl 2 | , gosignify 3 | , 4 | }: '' 5 | #!/usr/bin/env sh 6 | 7 | set -e 8 | 9 | SERVER=cdn.openbsd.org 10 | ITEM=$1 11 | MACHINE=''${2:-amd64} 12 | V="$(echo $ITEM | sed 's/[^0-9]*//g')" 13 | [[ ! -z $2 ]] && MACHINE=$2 14 | ${curl}/bin/curl -s -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/$ITEM" && \ 15 | ${curl}/bin/curl -s -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/SHA256.sig" 16 | 17 | ${gosignify}/bin/gosignify -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM" 18 | 19 | '' 20 | -------------------------------------------------------------------------------- /bins/upgrade-pg.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config }: 2 | let 3 | newPostgres = pkgs.postgresql_16; 4 | in 5 | '' 6 | #!${pkgs.yash}/bin/yash 7 | 8 | set -xe 9 | 10 | if [ pgrep postgres ]; then 11 | echo "Please exit all postgres services and stop postgres!" 12 | systemctl list-dependencies postgresql.service --reverse 13 | exit 1; 14 | fi 15 | 16 | export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" 17 | export OLDDATA="${config.services.postgresql.dataDir}" 18 | 19 | if [ "$NEWDATA" == "$OLDDATA" ]; then 20 | echo "Nothing to upgrade!" 21 | exit 1; 22 | fi 23 | 24 | export NEWBIN="${newPostgres}/bin" 25 | export OLDBIN="${config.services.postgresql.package}/bin" 26 | 27 | install -d -m 0700 -o postgres -g postgres "$NEWDATA" 28 | cd "$NEWDATA" 29 | 30 | su - postgres -c "$NEWBIN/initdb -D $NEWDATA" 31 | su - postgres -c "$NEWBIN/pg_upgrade \ 32 | --old-datadir $OLDDATA --new-datadir $NEWDATA \ 33 | --old-bindir $OLDBIN --new-bindir $NEWBIN \ 34 | $@" 35 | '' 36 | -------------------------------------------------------------------------------- /bold.daemon.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBrjCCAVOgAwIBAgIIKUKZ6zcNut8wCgYIKoZIzj0EAwIwFzEVMBMGA1UEAxMM 3 | Qm9sZDo6RGFlbW9uMCAXDTIyMDEyOTAxMDMxOVoYDzIxMjIwMTI5MDEwMzE5WjAX 4 | MRUwEwYDVQQDEwxCb2xkOjpEYWVtb24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC 5 | AARYgIn1RWf059Hb964JEaiU3G248k2ZpBHtrACMmLRRO9reKr/prEJ2ltKrjCaX 6 | +98ButRNIn78U8pL+H+aeE0Zo4GGMIGDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUE 7 | FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV 8 | HQ4EFgQUiUdCcaNy3E2bFzO9I76TPlMJ4w4wHwYDVR0jBBgwFoAUiUdCcaNy3E2b 9 | FzO9I76TPlMJ4w4wCgYIKoZIzj0EAwIDSQAwRgIhAOd6ejqevrYAH5JtDdy2Mh9M 10 | OTIx9nDZd+AOAg0wzlzfAiEAvG5taCm14H+qdWbEZVn+vqj6ChtxjH7fqOHv3Xla 11 | HWw= 12 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /configs/chromium.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, config, ... }: 2 | let 3 | defaultProfile = lib.filterAttrs (_: v: v != null) { 4 | DefaultSearchProviderEnabled = true; 5 | DefaultSearchProviderSearchURL = "https://kagi.com?q={searchTerms}"; 6 | DefaultSearchProviderSuggestURL = null; 7 | ExtensionInstallForcelist = [ 8 | "ddkjiahejlhfcafbddmgiahcphecmpfh" 9 | "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" 10 | ]; 11 | }; 12 | extraOpts = { 13 | BrowserSignin = 0; 14 | SyncDisabled = true; 15 | PasswordManagerEnabled = false; 16 | SpellcheckEnabled = true; 17 | # ScreenCaptureAllowed = false; 18 | CloudReportingEnabled = false; 19 | CloudProfileReportingEnabled = false; 20 | CloudExtensionRequestEnabled = false; 21 | ShowHomeButton = true; 22 | HomepageLocation = "https://startpage.otter-alligator.ts.net/"; 23 | HomepageIsNewTabPage = true; 24 | SpellcheckLanguage = [ 25 | "en-US" 26 | ]; 27 | }; 28 | in 29 | { 30 | config = lib.mkIf (config.kde.enable || config.gnome.enable || config.xfce.enable) { 31 | environment = { 32 | systemPackages = [ pkgs.ungoogled-chromium ]; 33 | etc = { 34 | "chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile; 35 | "chromium/policies/managed/extra.json".text = builtins.toJSON extraOpts; 36 | "opt/chrome/policies/managed/default.json".text = builtins.toJSON defaultProfile; 37 | "opt/chrome/policies/managed/extra.json".text = builtins.toJSON extraOpts; 38 | }; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /configs/colemak.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { 7 | colemak = { 8 | enable = mkOption { 9 | description = "Enable colemak keyboard layout"; 10 | default = true; 11 | example = true; 12 | type = lib.types.bool; 13 | }; 14 | }; 15 | }; 16 | 17 | config = mkIf config.colemak.enable { 18 | console = { keyMap = "colemak"; }; 19 | services.xserver = { 20 | xkb = { 21 | options = "ctrl:swapcaps,compose:ralt"; 22 | variant = "colemak"; 23 | layout = "us"; 24 | }; 25 | inputClassSections = [ 26 | '' 27 | Identifier "precursor" 28 | MatchIsKeyboard "on" 29 | MatchProduct "Precursor" 30 | MatchVendor "Kosagi" 31 | Option "XkbLayout" "us" 32 | Option "XkbVariant" "basic" 33 | '' 34 | '' 35 | Identifier "atreus" 36 | MatchIsKeyboard "on" 37 | MatchProduct "Keyboardio Atreus" 38 | MatchVendor "Keyboardio" 39 | Option "XkbLayout" "us" 40 | Option "XkbVariant" "basic" 41 | '' 42 | ]; 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /configs/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | imports = [ 3 | ./ca.nix 4 | ./ci.nix 5 | ./colemak.nix 6 | ./dns.nix 7 | ./doas.nix 8 | ./git.nix 9 | ./manager.nix 10 | ./neovim.nix 11 | ./net-overlay.nix 12 | ./nix.nix 13 | ./ssh.nix 14 | ./tmux.nix 15 | ./update.nix 16 | ./zsh.nix 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /configs/dns.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { 7 | preDNS = { 8 | enable = mkOption { 9 | description = "Enable DNSSEC"; 10 | default = true; 11 | example = true; 12 | type = lib.types.bool; 13 | }; 14 | }; 15 | }; 16 | 17 | config = mkIf config.preDNS.enable { 18 | services = { 19 | openntpd.enable = true; 20 | resolved = { 21 | enable = true; 22 | dnssec = "allow-downgrade"; 23 | # TODO: Enable a toggle for ipv6 24 | fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ]; 25 | extraConfig = '' 26 | [Resolve] 27 | DNS=45.90.28.0#8436c6.dns.nextdns.io 28 | DNS=2a07:a8c0::#8436c6.dns.nextdns.io 29 | DNS=45.90.30.0#8436c6.dns.nextdns.io 30 | DNS=2a07:a8c1::#8436c6.dns.nextdns.io 31 | DNSOverTLS=yes 32 | ''; 33 | }; 34 | }; 35 | }; # tailscale and what not have no preDNS 36 | } 37 | -------------------------------------------------------------------------------- /configs/doas.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { 7 | doas = { enable = mkEnableOption "Enable doas for priv-escie"; }; 8 | }; 9 | 10 | config = mkIf config.doas.enable { 11 | nixpkgs.config.packageOverrides = pkgs: { 12 | doas = pkgs.doas.override { withPAM = false; }; 13 | }; 14 | security = { 15 | doas = { 16 | enable = true; 17 | extraRules = [ 18 | { 19 | groups = [ "wheel" ]; 20 | persist = true; 21 | } 22 | ]; 23 | }; 24 | sudo.enable = false; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /configs/doom.d/config.el: -------------------------------------------------------------------------------- 1 | (setq 2 | acme-theme-black-fg t) 3 | 4 | (load-theme 'acme t) 5 | -------------------------------------------------------------------------------- /configs/doom.d/packages.el: -------------------------------------------------------------------------------- 1 | (package! acme-theme) 2 | -------------------------------------------------------------------------------- /configs/emacs.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , isUnstable 3 | , lib 4 | , config 5 | , ... 6 | }: 7 | let 8 | myEmacs = pkgs.callPackage ../pkgs/emacs.nix { inherit isUnstable; }; 9 | cfg = config.myEmacs; 10 | editorScript = pkgs.writeShellScriptBin "emacseditor" '' 11 | if [ -z "$1" ]; then 12 | exec ${myEmacs}/bin/emacsclient --create-frame --alternate-editor ${myEmacs}/bin/emacs 13 | else 14 | exec ${myEmacs}/bin/emacsclient --alternate-editor ${myEmacs}/bin/emacs "$@" 15 | fi 16 | ''; 17 | in 18 | { 19 | options = { 20 | myEmacs = { 21 | enable = lib.mkOption { 22 | description = "Enable my emacs stuff"; 23 | default = true; 24 | }; 25 | }; 26 | }; 27 | config = lib.mkIf cfg.enable { 28 | environment = { 29 | variables.EDITOR = lib.mkOverride 900 "emacseditor"; 30 | systemPackages = with pkgs; [ 31 | (aspellWithDicts (dicts: with dicts; [ en en-computers es de ])) 32 | go-font 33 | 34 | racket 35 | guile 36 | graphviz 37 | ghostscript 38 | mermaid-cli 39 | 40 | myEmacs 41 | editorScript 42 | ] 43 | ++ lib.optionals (pkgs.system == "x86_64-linux") [ texlive.combined.scheme-full ]; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /configs/git.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | let 3 | rewriteGitHub = 4 | if config.networking.hostName != "stan" 5 | then { 6 | url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; }; 7 | } 8 | else { 9 | url = { }; 10 | }; 11 | in 12 | { 13 | programs.git = { 14 | enable = true; 15 | lfs.enable = true; 16 | config = [ 17 | { init = { defaultBranch = "main"; }; } 18 | { advice.detachedHead = false; } 19 | { 20 | user = { 21 | name = "Aaron Bieber"; 22 | email = "aaron@bolddaemon.com"; 23 | signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOA5iEi4IxSIHXBMdrRlBWHbGtmMNnmBl4qiBPc+eJu9 signer"; 24 | }; 25 | } 26 | 27 | { branch = { sort = "-committerdate"; }; } 28 | { 29 | alias = { 30 | log = "log --color=never"; 31 | diff = "diff --color=always"; 32 | pr = ''!f() { git fetch-pr upstream $1; git checkout pr/$1; }; f''; 33 | fetch-pr = ''!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f''; 34 | }; 35 | } 36 | { push = { default = "current"; }; } 37 | 38 | { gpg = { format = "ssh"; }; } 39 | { commit = { gpgsign = true; }; } 40 | 41 | { 42 | color = { 43 | branch = false; 44 | interactive = false; 45 | log = false; 46 | status = false; 47 | ui = false; 48 | }; 49 | } 50 | 51 | { safe = { directory = "/home/qbit/src/nix-conf"; }; } 52 | 53 | { transfer = { fsckobjects = true; }; } 54 | { fetch = { fsckobjects = true; }; } 55 | { github = { user = "qbit"; }; } 56 | 57 | { inherit (rewriteGitHub) url; } 58 | 59 | { 60 | sendemail = { 61 | smtpserver = "mail.messagingengine.com"; 62 | smtpuser = "qbit@fastmail.com"; 63 | smtpauth = "PLAIN"; 64 | smtpencryption = "tls"; 65 | smtpserverport = 587; 66 | cc = "git@bolddaemon.com"; 67 | confirm = "auto"; 68 | }; 69 | } 70 | 71 | { pull = { rebase = false; }; } 72 | { include = { path = "~/work/git/gitconfig"; }; } 73 | ]; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /configs/hardened.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | with lib; { 3 | environment = { 4 | memoryAllocator.provider = mkDefault "libc"; 5 | variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; 6 | }; 7 | 8 | security = { 9 | lockKernelModules = mkDefault true; 10 | protectKernelImage = mkDefault true; 11 | allowSimultaneousMultithreading = mkDefault false; 12 | forcePageTableIsolation = mkDefault true; 13 | apparmor = { 14 | enable = mkDefault true; 15 | killUnconfinedConfinables = mkDefault true; 16 | }; 17 | }; 18 | 19 | boot = { 20 | kernelParams = [ 21 | # Slab/slub sanity checks, redzoning, and poisoning 22 | "slub_debug=FZP" 23 | 24 | # Overwrite free'd memory 25 | "page_poison=1" 26 | 27 | # Enable page allocator randomization 28 | "page_alloc.shuffle=1" 29 | ]; 30 | 31 | blacklistedKernelModules = [ 32 | # Virtualization 33 | "kvm" 34 | 35 | # Obscure network protocols 36 | "ax25" 37 | "netrom" 38 | "rose" 39 | 40 | # Old or rare or insufficiently audited filesystems 41 | "adfs" 42 | "affs" 43 | "bfs" 44 | "befs" 45 | "cramfs" 46 | "efs" 47 | "erofs" 48 | "exofs" 49 | "freevxfs" 50 | "f2fs" 51 | "hfs" 52 | "hpfs" 53 | "jfs" 54 | "minix" 55 | "nilfs2" 56 | "ntfs" 57 | "omfs" 58 | "qnx4" 59 | "qnx6" 60 | "sysv" 61 | "ufs" 62 | ]; 63 | 64 | kernel = { 65 | sysctl."kernel.ftrace_enabled" = mkDefault false; 66 | sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault true; 67 | }; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /configs/helix.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , linkFarm 3 | , ... 4 | }: 5 | let 6 | tomlFmt = pkgs.formats.toml { }; 7 | helixBin = "${pkgs.helix}/bin/hx"; 8 | 9 | helixConfig = tomlFmt.generate "config.toml" { 10 | theme = "acme-nobg"; 11 | editor = { 12 | mouse = false; 13 | cursor-shape = { 14 | insert = "bar"; 15 | normal = "block"; 16 | select = "underline"; 17 | }; 18 | lsp = { auto-signature-help = false; }; 19 | }; 20 | }; 21 | 22 | helixTheme = tomlFmt.generate "acme-nobg.toml" { 23 | inherits = "acme"; 24 | 25 | "ui.background" = "default"; 26 | "ui.linenr" = "default"; 27 | "ui.linenr.selected" = "#DEDEFF"; 28 | }; 29 | 30 | xdgDir = linkFarm "helix-config" [ 31 | { 32 | name = "helix/config.toml"; 33 | path = helixConfig; 34 | } 35 | { 36 | name = "helix/themes/acme-nobg.toml"; 37 | path = helixTheme; 38 | } 39 | ]; 40 | in 41 | pkgs.writeScriptBin "hx" '' 42 | # Conf: ${helixConfig} 43 | # Theme: ${helixTheme} 44 | 45 | env XDG_CONFIG_HOME="${xdgDir}" ${helixBin} "$@" 46 | '' 47 | -------------------------------------------------------------------------------- /configs/konsole.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, config, ... }: 2 | let 3 | inherit (lib) mkIf; 4 | profile = { 5 | Appearance = { 6 | AntiAliasFonts = true; 7 | BoldIntense = true; 8 | ColorScheme = "BlackOnLightYellow"; 9 | Font = "Go Mono,10,-1,5,50,0,0,0,0,0"; 10 | UseFontLineCharacters = false; 11 | }; 12 | General = { 13 | Name = "ARST"; 14 | Parent = "FALLBACK/"; 15 | }; 16 | 17 | "Interaction Options" = { 18 | AutoCopySelectedText = true; 19 | CopyTextAsHTML = false; 20 | }; 21 | 22 | "Terminal Features" = { 23 | BellMode = 3; 24 | }; 25 | }; 26 | settings = { 27 | "Desktop Entry" = { 28 | DefaultProfile = "${profile.General.Name}.profile"; 29 | }; 30 | MainWindow = { 31 | MenuBar = "Disabled"; 32 | StatusBar = "Disabled"; 33 | ToolBarsMovable = "Disabled"; 34 | }; 35 | }; 36 | settingsFormat = pkgs.formats.ini { }; 37 | settingsFile = settingsFormat.generate "konsolerc" settings; 38 | profileFile = settingsFormat.generate "${profile.General.Name}.profile" profile; 39 | 40 | profilePkg = pkgs.stdenv.mkDerivation { 41 | name = "konsole-profile"; 42 | phases = [ "installPhase" ]; 43 | 44 | installPhase = '' 45 | mkdir -p $out/share/konsole 46 | cp ${profileFile} "$out/share/konsole/${profile.General.Name}.profile" 47 | ''; 48 | }; 49 | in 50 | { 51 | config = mkIf config.kde.enable { 52 | environment = { 53 | systemPackages = [ 54 | profilePkg 55 | ]; 56 | etc = { 57 | "xdg/konsolerc".text = builtins.readFile settingsFile; 58 | }; 59 | }; 60 | fonts = { packages = [ pkgs.go-font ]; }; 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /configs/manager.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , inputs 5 | , ... 6 | }: 7 | let 8 | microcaBin = "${pkgs.microca}/bin/microca"; 9 | microca = pkgs.writeScriptBin "microca" '' 10 | #!/usr/bin/env sh 11 | ${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@ 12 | ''; 13 | mkXinHost = hostList: map (host: { inherit host; }) hostList; 14 | in 15 | with lib; { 16 | options = { 17 | nixManager = { 18 | enable = mkEnableOption "Configure host as nix-conf manager."; 19 | user = mkOption { 20 | type = types.str; 21 | default = "root"; 22 | description = '' 23 | User who will own the private key. 24 | ''; 25 | }; 26 | }; 27 | }; 28 | 29 | imports = [ ./tailnet.nix ]; 30 | 31 | config = mkIf config.nixManager.enable { 32 | programs.xin-status = { 33 | enable = true; 34 | settings = { 35 | repository = "/home/qbit/src/xin"; 36 | privKeyPath = "/run/secrets/xin_status_key"; 37 | flakeRss = "https://github.com/qbit/xin/commits/main.atom"; 38 | statuses = [ 39 | { 40 | host = "tv"; 41 | mac = "9c:bf:0d:00:04:e7"; 42 | } 43 | { 44 | name = "stan"; 45 | host = "10.6.0.224"; 46 | } 47 | ] ++ (mkXinHost [ "europa" "h" "orcim" "box" "pwntie" ]); 48 | ciHost = "pwntie"; 49 | }; 50 | }; 51 | sops.defaultSopsFile = config.xin-secrets.manager; 52 | sops.secrets = { 53 | xin_status_key = { owner = config.nixManager.user; }; 54 | xin_status_pubkey = { owner = config.nixManager.user; }; 55 | manager_key = { owner = config.nixManager.user; }; 56 | manager_pubkey = { owner = config.nixManager.user; }; 57 | ca_key = { owner = config.nixManager.user; }; 58 | ca_cert = { owner = config.nixManager.user; }; 59 | }; 60 | 61 | environment.systemPackages = [ 62 | microca 63 | # inputs.xintray.packages.${pkgs.system}.xintray 64 | inputs.po.packages.${pkgs.system}.po 65 | ]; 66 | 67 | networking = { 68 | hosts = { 69 | "66.135.2.235" = [ "ns1" ]; 70 | "142.171.43.82" = [ "ns2" ]; 71 | "64.176.200.236" = [ "ns3" ]; 72 | "198.23.149.18" = [ "ns4" ]; 73 | }; 74 | }; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /configs/neovim.nix: -------------------------------------------------------------------------------- 1 | { pkgs, isUnstable, ... }: 2 | with pkgs; 3 | let 4 | vimBuildTool = pkgs.vimUtils.buildVimPlugin; 5 | 6 | vacme = vimBuildTool rec { 7 | pname = "vacme"; 8 | # https://github.com/qbit/vacme 9 | version = "2017-01-14"; 10 | src = pkgs.fetchFromGitHub { 11 | owner = "qbit"; 12 | repo = pname; 13 | rev = "3715958cc23195e0224efe4cb5ba5cfe129bd592"; 14 | hash = "sha256-vwqCa/iC01SY68seZ4/WarXDVjyi1FO5XHJglZr4l+8="; 15 | }; 16 | }; 17 | 18 | nofrils = vimBuildTool rec { 19 | pname = "nofrils"; 20 | version = "unstable-2020-10-08"; 21 | src = pkgs.fetchFromGitHub { 22 | owner = "robertmeta"; 23 | repo = pname; 24 | rev = "bad6e490846e098866136ef20fff31e99f428bb9"; 25 | hash = "sha256-BVBX2sFyTTqqgUmP0o77SKP1xrraJvCqkF+73rs0fLk="; 26 | }; 27 | }; 28 | 29 | unstablePkgs = if isUnstable then [ htmx-lsp ] else [ ]; 30 | baseVimPackages = with vimPlugins; [ 31 | elm-vim 32 | fugitive 33 | fzf-vim 34 | gleam-vim 35 | haskell-vim 36 | neoformat 37 | neogit 38 | nvim-cmp 39 | nvim-lspconfig 40 | nvim-tree-lua 41 | nvim-treesitter.withAllGrammars 42 | rust-vim 43 | telescope-fzf-native-nvim 44 | telescope-manix 45 | telescope-nvim 46 | todo-comments-nvim 47 | vimagit 48 | vim-gitgutter 49 | vim-go 50 | vim-hindent 51 | vim-lua 52 | vim-markdown 53 | vim-nix 54 | vim-ocaml 55 | vim-sleuth 56 | zig-vim 57 | 58 | neogen 59 | vacme 60 | nofrils 61 | ]; 62 | myVimPackages = baseVimPackages; 63 | in 64 | { 65 | environment.systemPackages = with pkgs; [ 66 | djlint 67 | elmPackages.elm 68 | elmPackages.elm-format 69 | elmPackages.elm-language-server 70 | fd 71 | fzf 72 | go 73 | gopls 74 | gotools 75 | haskellPackages.haskell-language-server 76 | haskellPackages.hindent 77 | luaformatter 78 | luajitPackages.lua-lsp 79 | manix 80 | nixpkgs-fmt 81 | nodejs 82 | nodePackages.prettier 83 | nodePackages.typescript-language-server 84 | perl 85 | perlPackages.NeovimExt 86 | perlPackages.PerlCritic 87 | perlPackages.PLS 88 | ripgrep 89 | rubyPackages.solargraph 90 | sleek 91 | sumneko-lua-language-server 92 | tree-sitter 93 | zls 94 | ] ++ unstablePkgs; 95 | 96 | programs.neovim = { 97 | enable = true; 98 | configure = { 99 | packages.myVimPackage = { start = myVimPackages; }; 100 | customRC = '' 101 | " Restore cursor position 102 | autocmd BufReadPost * 103 | \ if line("'\"") > 1 && line("'\"") <= line("$") | 104 | \ exe "normal! g`\"" | 105 | \ endif 106 | 107 | luafile ${./neovim.lua} 108 | ''; 109 | }; 110 | }; 111 | } 112 | -------------------------------------------------------------------------------- /configs/net-overlay.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | with lib; { 7 | options = { 8 | zerotier = { 9 | enable = mkOption { 10 | description = "Enable ZeroTier"; 11 | default = false; 12 | example = true; 13 | type = lib.types.bool; 14 | }; 15 | }; 16 | tailscale = { 17 | enable = mkOption { 18 | description = "Enable TailScale"; 19 | default = true; 20 | example = true; 21 | type = lib.types.bool; 22 | }; 23 | sshOnly = mkOption { 24 | description = "Enable TailScale with only ssh traffic to the tailnet allowed"; 25 | default = false; 26 | example = true; 27 | type = lib.types.bool; 28 | }; 29 | }; 30 | }; 31 | 32 | config = mkMerge [ 33 | (mkIf config.tailscale.enable { 34 | services = { 35 | tailscale = { 36 | enable = mkDefault true; 37 | extraDaemonFlags = [ 38 | "--no-logs-no-support" 39 | ]; 40 | }; 41 | }; 42 | networking.firewall.checkReversePath = mkDefault "loose"; 43 | }) 44 | (mkIf (config.tailscale.enable && config.tailscale.sshOnly) { 45 | sops.secrets = { 46 | ts_sshonly = { 47 | sopsFile = config.xin-secrets.net-overlays; 48 | owner = "root"; 49 | mode = "400"; 50 | }; 51 | }; 52 | systemd.services = { 53 | "tailscale-ssh-init" = { 54 | wantedBy = [ "tailscaled.service" ]; 55 | after = [ "tailscaled.service" ]; 56 | serviceConfig = { 57 | ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.ts_sshonly.path}"; 58 | }; 59 | }; 60 | }; 61 | }) 62 | (mkIf config.zerotier.enable { 63 | environment.systemPackages = with pkgs; [ zerotierone ]; 64 | services = { 65 | zerotierone = { 66 | enable = true; 67 | joinNetworks = [ "db64858fedd3b256" ]; 68 | }; 69 | }; 70 | networking.firewall.checkReversePath = "loose"; 71 | }) 72 | ]; 73 | } 74 | -------------------------------------------------------------------------------- /configs/nix.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | nix = 4 | { 5 | gc = lib.mkDefault { 6 | automatic = true; 7 | dates = "daily"; 8 | options = "--delete-older-than 10d"; 9 | }; 10 | 11 | extraOptions = '' 12 | experimental-features = nix-command flakes 13 | ''; 14 | settings.auto-optimise-store = true; 15 | settings = { 16 | sandbox = true; 17 | trusted-users = [ "@wheel" ]; 18 | allowed-users = [ "root" "qbit" ]; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /configs/ssh.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , xinlib 5 | , ... 6 | }: 7 | let 8 | myOpenSSH = pkgs.pkgsMusl.callPackage ../pkgs/openssh.nix { 9 | inherit config; 10 | inherit xinlib; 11 | }; 12 | in 13 | { 14 | config = { 15 | programs = { 16 | ssh = { 17 | package = lib.mkDefault myOpenSSH; 18 | agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so"; 19 | knownHosts = { 20 | "[namish.otter-alligator.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk"; 21 | "[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW"; 22 | "[xin-store]".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQAGLPWFv6f/0Lr0ikgoFP/vUGgd2pQzQOZs3dGMrZg"; 23 | }; 24 | knownHostsFiles = [ ./ssh_known_hosts ]; 25 | startAgent = true; 26 | agentTimeout = "100m"; 27 | extraConfig = '' 28 | Host * 29 | controlmaster auto 30 | controlpath /tmp/ssh-%r@%h:%p 31 | 32 | VerifyHostKeyDNS yes 33 | AddKeysToAgent yes 34 | CanonicalizeHostname always 35 | ''; 36 | }; 37 | }; 38 | 39 | services = { 40 | openssh = { 41 | enable = true; 42 | extraConfig = '' 43 | TrustedUserCAKeys = /etc/ssh/ca.pub 44 | ''; 45 | settings = { 46 | UsePAM = lib.mkDefault false; 47 | PrintMotd = true; 48 | PermitRootLogin = "prohibit-password"; 49 | PasswordAuthentication = false; 50 | KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; 51 | Macs = [ 52 | "hmac-sha2-512-etm@openssh.com" 53 | "hmac-sha2-256-etm@openssh.com" 54 | "umac-128-etm@openssh.com" 55 | ]; 56 | }; 57 | }; 58 | }; 59 | }; 60 | } 61 | -------------------------------------------------------------------------------- /configs/tmux.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | programs.tmux = { 3 | enable = true; 4 | extraConfig = '' 5 | unbind C-b 6 | set-option -g prefix C-o 7 | 8 | set-window-option -g mode-keys emacs 9 | set-window-option -g automatic-rename off 10 | set-window-option -g base-index 1 11 | 12 | bind-key \\ split-window -h -c '#{pane_current_path}' # vertical pane 13 | bind-key - split-window -v -c '#{pane_current_path}' # horizontal pane 14 | 15 | bind-key C-r source-file /etc/tmux.conf \; \ 16 | display-message "source-file done" 17 | 18 | bind-key m set mouse \; \ 19 | display-message "toggle mouse" 20 | 21 | bind-key C-s set synchronize-panes \; \ 22 | display-message "toggle synchronize-panes" 23 | 24 | # stolen from jca 25 | bind o send-prefix 26 | bind C-o last-window 27 | 28 | bind-key h select-pane -L 29 | bind-key j select-pane -D 30 | bind-key k select-pane -U 31 | bind-key l select-pane -R 32 | 33 | set -g bell-action any 34 | 35 | set -g default-terminal "tmux-256color" 36 | 37 | set -g set-titles on 38 | 39 | set -g automatic-rename 40 | set-option -g status-bg colour253 41 | set-window-option -g clock-mode-colour colour246 42 | set -g clock-mode-style 12 43 | set-window-option -g window-status-bell-style fg=white,bg=red 44 | 45 | # Change the default escape-time to 0 (from 500) so emacs will work right 46 | set -g escape-time 0 47 | 48 | set -g window-status-current-format '#[bg=colour250]#I:#W•' 49 | 50 | set -g status-left '#[fg=green][#[fg=red]#S:#(~/bin/beat)#[fg=black,dim]#[fg=green]] ' 51 | set -g status-right-length 50 52 | 53 | set -g status-right '#[fg=green][#[fg=black]#(basename "#{pane_current_path}")#[fg=green]][#[fg=black]%Y-%m-%d #[fg=black]%I:%M %p#[default]#[fg=green]]' 54 | 55 | set -g window-style 'bg=#DEDEFF' 56 | set -g window-active-style 'bg=terminal' 57 | ''; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /configs/update.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { 7 | autoUpdate = { 8 | enable = mkOption { 9 | description = "Enable Auto Update"; 10 | default = true; 11 | example = true; 12 | type = lib.types.bool; 13 | }; 14 | }; 15 | needsDeploy = { 16 | enable = mkOption { 17 | description = "Host needs deploy key to receive encrypted secrets"; 18 | default = true; 19 | example = true; 20 | type = lib.types.bool; 21 | }; 22 | }; 23 | }; 24 | 25 | config = mkMerge [ 26 | (mkIf config.autoUpdate.enable { 27 | system.autoUpgrade = { 28 | # enable is set in lib/default.nix depending on the state of the tree 29 | # DIRTY means disabled, git revision means enabled 30 | allowReboot = mkDefault true; 31 | flake = "git+https://codeberg.org/qbit/xin"; 32 | dates = "*-*-* *:05:00"; 33 | }; 34 | }) 35 | 36 | # Always add our host alias or we run into a bootstrap issue 37 | (mkIf config.needsDeploy.enable { 38 | programs.ssh.extraConfig = 39 | '' 40 | Host xin-secrets-ro 41 | IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path} 42 | User gitea 43 | Port 2222 44 | Hostname git.tapenet.org 45 | ''; 46 | }) 47 | ]; 48 | } 49 | -------------------------------------------------------------------------------- /configs/zsh.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | config = { 3 | programs.zsh.interactiveShellInit = '' 4 | export NO_COLOR=1 5 | # That sweet sweet ^W 6 | WORDCHARS='*?_-.[]~=&;!#$%^(){}<>' 7 | 8 | autoload -Uz compinit && compinit 9 | 10 | set -o emacs 11 | 12 | ''; 13 | programs.zsh.promptInit = '' 14 | autoload -U promptinit && promptinit 15 | autoload -Uz vcs_info 16 | autoload -Uz colors && colors 17 | 18 | setopt prompt_subst 19 | #setopt prompt_sp 20 | 21 | zstyle ':vcs_info:*' enable git hg cvs 22 | zstyle ':vcs_info:*' get-revision true 23 | zstyle ':vcs_info:git:*' check-for-changes true 24 | zstyle ':vcs_info:git:*' formats '(%b)' 25 | 26 | precmd_vcs_info() { vcs_info } 27 | precmd_functions+=( precmd_vcs_info ) 28 | 29 | prompt_char() { 30 | if [ -z "$IN_NIX_SHELL" ]; then 31 | echo -n "%#" 32 | else 33 | echo -n ";" 34 | fi 35 | } 36 | 37 | export NETRC=/run/secrets/netrc 38 | 39 | PROMPT='%n@%m[%(?.%{$fg[default]%}.%{$fg[red]%})%?%{$reset_color%}]:%~$vcs_info_msg_0_$(prompt_char) ' 40 | 41 | ni() { 42 | if [ "$#" -eq 0 ]; then 43 | echo "please specify packages to install" 44 | return 1 45 | fi 46 | 47 | opts=() 48 | for i in $@; do 49 | opts+="nixpkgs#$i" 50 | done 51 | 52 | echo "==> Installing: $opts" 53 | nix shell $opts 54 | } 55 | 56 | go_safe_update_deps() { 57 | for i in $(go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all); do 58 | go get -u=patch $i 59 | done 60 | go mod tidy 61 | } 62 | 63 | go_update_deps() { 64 | for i in $(go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all); do 65 | go get -u $i 66 | done 67 | go mod tidy 68 | } 69 | 70 | xin-update() { 71 | SUDO_CMD="" 72 | [[ $(id -u) == 0 ]] || SUDO_CMD="sudo" 73 | $SUDO_CMD nixos-rebuild switch --flake git+https://codeberg.org/qbit/xin --refresh |& nom 74 | } 75 | 76 | mkhash() { 77 | nix hash to-sri --type sha256 $(nix-prefetch-url --type sha256 "$1") 78 | } 79 | 80 | k() { 81 | ''${K_DEBUG} 82 | if [ -z $1 ]; then 83 | echo $PWD >> ~/.k 84 | else 85 | K=~/.k 86 | case $1 in 87 | clean) sort -u $K -o ''${K};; 88 | rm) sed -i -E "\#^''${2:-''${PWD}}\$#d" ''${K};; 89 | ls) cat ''${K};; 90 | *) cd "$(grep -e "$1" ''${K} | head -n 1)";; 91 | esac 92 | fi 93 | } 94 | 95 | eval "$(direnv hook zsh)" 96 | ''; 97 | }; 98 | } 99 | -------------------------------------------------------------------------------- /dbuild/build-consumer.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { 7 | buildConsumer = { enable = mkEnableOption "Use remote build machines"; }; 8 | }; 9 | 10 | config = mkIf config.buildConsumer.enable { 11 | programs.ssh.knownHosts = { 12 | pcake = { 13 | hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ]; 14 | publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH"; 15 | }; 16 | }; 17 | programs.ssh.extraConfig = '' 18 | Host pcake 19 | HostName 10.6.0.202 20 | IdentitiesOnly yes 21 | IdentityFile /root/.ssh/nix_remote 22 | ''; 23 | nix = { 24 | buildMachines = [ 25 | { 26 | hostName = "pcake"; 27 | systems = [ "x86_64-linux" "aarch64-linux" ]; 28 | maxJobs = 2; 29 | speedFactor = 4; 30 | supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ]; 31 | mandatoryFeatures = [ ]; 32 | } 33 | ]; 34 | 35 | distributedBuilds = true; 36 | extraOptions = '' 37 | builders-use-substitutes = true 38 | ''; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /dbuild/build-server.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { 7 | buildServer = { 8 | enable = mkEnableOption "Server will be used as part of the build infra"; 9 | }; 10 | }; 11 | 12 | config = mkIf config.buildServer.enable { 13 | boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; 14 | 15 | users.users.root.openssh.authorizedKeys.keys = [ 16 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEtoU6ObMP7wmglT7rXMg0HEnh7cGBo6COL7BpmRC/o" 17 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyOQdqfm7mG+5rOGIqPHSaZQdG/4L03dVJnuE1lO1fo" 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /dbuild/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; } 2 | -------------------------------------------------------------------------------- /gui/gnome.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; { 6 | options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; }; 7 | 8 | config = mkIf config.gnome.enable { 9 | services.xserver.displayManager.gdm.enable = true; 10 | services.xserver.desktopManager.gnome.enable = true; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /gui/kde.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , isUnstable 5 | , ... 6 | }: 7 | let 8 | inherit (lib) mkIf mkEnableOption mkOption types; 9 | kconnect = mkIf config.kdeConnect.enable 10 | (if isUnstable then 11 | pkgs.kdePackages.kdeconnect-kde 12 | else 13 | pkgs.plasma5Packages.kdeconnect-kde); 14 | in 15 | with pkgs; 16 | { 17 | options = { 18 | kde = { enable = mkEnableOption "Enable KDE desktop."; }; 19 | kdeConnect = { 20 | enable = mkEnableOption { 21 | description = "Enable KDE Connect"; 22 | default = false; 23 | example = true; 24 | }; 25 | 26 | interface = mkOption { 27 | description = "listen interface for kde connect"; 28 | default = "tailscale0"; 29 | type = types.str; 30 | }; 31 | }; 32 | }; 33 | 34 | config = mkIf config.kde.enable { 35 | services = { 36 | desktopManager.plasma6.enable = true; 37 | displayManager.sddm = { 38 | enable = true; 39 | wayland.enable = true; 40 | }; 41 | }; 42 | # Listen for KDE Connect connections on the tailnet 43 | networking.firewall.interfaces = mkIf config.kdeConnect.enable { 44 | "${config.kdeConnect.interface}" = 45 | let 46 | range = { 47 | from = 1714; 48 | to = 1764; 49 | }; 50 | in 51 | { 52 | allowedUDPPortRanges = [ range ]; 53 | allowedTCPPortRanges = [ range ]; 54 | }; 55 | }; 56 | environment = { 57 | sessionVariables = { 58 | NIXOS_OZONE_WL = 1; 59 | }; 60 | systemPackages = with kdePackages; [ 61 | akonadi-calendar-tools 62 | kcolorchooser 63 | kconnect 64 | kontact 65 | kcontacts 66 | konversation 67 | korganizer 68 | kzones 69 | merkuro 70 | (pkgs.callPackage ../pkgs/krunner-krha.nix { }) 71 | wl-clipboard 72 | ]; 73 | }; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /gui/xfce.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | with lib; { 7 | options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; }; 8 | 9 | config = mkIf config.xfce.enable { 10 | security.pam.services = { 11 | gdm.enableKwallet = true; 12 | kdm.enableKwallet = true; 13 | lightdm.enableKwallet = true; 14 | sddm.enableKwallet = true; 15 | slim.enableKwallet = true; 16 | }; 17 | 18 | environment.systemPackages = with pkgs.libsForQt5; [ 19 | kwallet 20 | kwallet-pam 21 | kwalletmanager 22 | ]; 23 | 24 | services.xserver.displayManager.sddm.enable = true; 25 | services.xserver.desktopManager.xfce = { enable = true; }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /hooks/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . ./common.sh 4 | 5 | set -e 6 | 7 | if [ -z $SKIP_FMT ]; then 8 | treefmt 9 | else 10 | echo "Skipping formatting..." 11 | fi 12 | if [ -z $SKIP_CHECK ]; then 13 | nix flake check --no-build |& nom 14 | else 15 | echo "Skipping checks..." 16 | fi 17 | 18 | if [ -f /run/secrets/manager_pubkey ]; then 19 | # Ensure the key is loaded after checks (sometimes they take longer than auto key removal) 20 | start 21 | fi 22 | -------------------------------------------------------------------------------- /hosts/box/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | boot = { 3 | initrd = { 4 | availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; 5 | kernelModules = [ ]; 6 | }; 7 | kernelModules = [ "kvm-intel" "wireguard" ]; 8 | extraModulePackages = [ ]; 9 | }; 10 | 11 | hardware.enableRedistributableFirmware = true; 12 | 13 | fileSystems = { 14 | "/" = { 15 | device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1"; 16 | fsType = "ext4"; 17 | }; 18 | 19 | "/external" = { 20 | device = "/dev/disk/by-uuid/e73b7f14-a921-4d06-813a-0655583d8948"; 21 | fsType = "ext4"; 22 | }; 23 | 24 | "/home" = { 25 | device = "rpool/home"; 26 | fsType = "zfs"; 27 | }; 28 | 29 | "/backups" = { 30 | device = "rpool/backups"; 31 | fsType = "zfs"; 32 | }; 33 | 34 | "/media/music" = { 35 | device = "rpool/media/music"; 36 | fsType = "zfs"; 37 | }; 38 | 39 | "/media/movies" = { 40 | device = "rpool/media/movies"; 41 | fsType = "zfs"; 42 | }; 43 | 44 | "/media/pictures" = { 45 | device = "rpool/pictures"; 46 | fsType = "zfs"; 47 | }; 48 | 49 | "/media/tv" = { 50 | device = "rpool/media/tv"; 51 | fsType = "zfs"; 52 | }; 53 | 54 | "/media/nextcloud" = { 55 | device = "rpool/nextcloud"; 56 | fsType = "zfs"; 57 | }; 58 | 59 | "/media/naughty" = { 60 | device = "rpool/media/naughty"; 61 | fsType = "zfs"; 62 | }; 63 | 64 | "/media/git" = { 65 | device = "rpool/git"; 66 | fsType = "zfs"; 67 | }; 68 | 69 | "/media/downloads" = { 70 | device = "rpool/downloads"; 71 | fsType = "zfs"; 72 | }; 73 | 74 | "/db/postgres" = { 75 | device = "rpool/db/postgres"; 76 | fsType = "zfs"; 77 | }; 78 | 79 | "/boot" = { 80 | device = "/dev/disk/by-uuid/2AC3-DB6C"; 81 | fsType = "vfat"; 82 | }; 83 | }; 84 | 85 | swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }]; 86 | } 87 | -------------------------------------------------------------------------------- /hosts/clunk/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , ... 3 | }: 4 | let 5 | pubKeys = [ 6 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" 7 | ]; 8 | in 9 | { 10 | _module.args.isUnstable = true; 11 | imports = [ 12 | ./hardware-configuration.nix 13 | ]; 14 | 15 | hardware.rtl-sdr.enable = true; 16 | 17 | boot = { 18 | loader.grub = { 19 | enable = true; 20 | devices = [ 21 | "/dev/disk/by-id/wwn-0x5001b448be78d64a" 22 | ]; 23 | }; 24 | kernelPackages = pkgs.linuxPackages_latest; 25 | }; 26 | nixpkgs.config.allowUnsupportedSystem = true; 27 | 28 | networking = { 29 | hostName = "clunk"; 30 | networkmanager.enable = true; 31 | firewall = { 32 | enable = true; 33 | allowedTCPPorts = [ 22 ]; 34 | checkReversePath = "loose"; 35 | }; 36 | }; 37 | 38 | environment.systemPackages = with pkgs; [ 39 | alacritty 40 | direwolf 41 | polybar 42 | rofi 43 | rtl-sdr 44 | tncattach 45 | 46 | # no GLSL ES 3.10 47 | # (callPackage ../../pkgs/zutty.nix { }) 48 | ]; 49 | 50 | services = { 51 | fwupd = { 52 | enable = true; 53 | }; 54 | 55 | libinput.enable = true; 56 | 57 | xserver = { 58 | enable = true; 59 | 60 | displayManager.lightdm.enable = true; 61 | 62 | deviceSection = '' 63 | Option "DRI" "2" 64 | Option "TearFree" "true" 65 | ''; 66 | 67 | 68 | windowManager.xmonad = { 69 | enable = true; 70 | extraPackages = haskellPackages: with haskellPackages; [ xmonad-contrib hostname ]; 71 | config = builtins.readFile ./xmonad.hs; 72 | }; 73 | }; 74 | }; 75 | 76 | users = { 77 | users = { 78 | root = { openssh.authorizedKeys.keys = pubKeys; }; 79 | qbit = { 80 | openssh.authorizedKeys.keys = pubKeys; 81 | extraGroups = [ "dialout" "libvirtd" "plugdev" ]; 82 | }; 83 | }; 84 | }; 85 | 86 | system = { 87 | autoUpgrade.allowReboot = false; 88 | autoUpgrade.enable = false; 89 | stateVersion = "22.11"; 90 | }; 91 | } 92 | -------------------------------------------------------------------------------- /hosts/clunk/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { config, lib, modulesPath, ... }: 2 | 3 | { 4 | imports = 5 | [ 6 | (modulesPath + "/installer/scan/not-detected.nix") 7 | ]; 8 | 9 | boot = { 10 | initrd = { 11 | availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; 12 | kernelModules = [ ]; 13 | }; 14 | kernelModules = [ ]; 15 | extraModulePackages = [ ]; 16 | }; 17 | 18 | fileSystems."/" = 19 | { 20 | device = "/dev/disk/by-uuid/d97f80ac-63fe-43d3-a3f5-3c385a41a068"; 21 | fsType = "ext4"; 22 | }; 23 | 24 | swapDevices = 25 | [{ device = "/dev/disk/by-uuid/b70a6cac-996e-4a05-a3d0-17c7acf90f08"; }]; 26 | 27 | networking.useDHCP = lib.mkDefault true; 28 | 29 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 30 | hardware = { 31 | cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 32 | bluetooth.enable = true; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/europa/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { config, lib, modulesPath, ... }: 2 | 3 | { 4 | imports = 5 | [ 6 | (modulesPath + "/installer/scan/not-detected.nix") 7 | ]; 8 | 9 | boot = { 10 | initrd = { 11 | availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; 12 | kernelModules = [ ]; 13 | luks.devices."luks-e8368ac8-9b9c-496f-bb19-0d1911070140".device = "/dev/disk/by-uuid/e8368ac8-9b9c-496f-bb19-0d1911070140"; 14 | }; 15 | kernelModules = [ "kvm-amd" ]; 16 | extraModulePackages = [ ]; 17 | }; 18 | 19 | environment.etc."davfs2/secrets" = { 20 | text = '' 21 | ''; 22 | user = "root"; 23 | group = "root"; 24 | mode = "600"; 25 | }; 26 | 27 | services.davfs2 = { 28 | enable = true; 29 | davUser = "qbit"; 30 | settings = { 31 | globalSection = { 32 | ask_auth = false; 33 | }; 34 | sections = { 35 | "/run/media/qbit/TailDrive" = { 36 | gui_optimize = true; 37 | }; 38 | "/run/media/qbit/keestore" = { 39 | gui_optimize = true; 40 | }; 41 | }; 42 | }; 43 | }; 44 | 45 | fileSystems = { 46 | "/" = 47 | { 48 | device = "/dev/disk/by-uuid/0b946ca0-f0cb-4e54-bc73-d2afe6b328d2"; 49 | fsType = "ext4"; 50 | }; 51 | "/boot" = 52 | { 53 | device = "/dev/disk/by-uuid/3D38-3AEC"; 54 | fsType = "vfat"; 55 | options = [ "fmask=0022" "dmask=0022" ]; 56 | }; 57 | 58 | "/run/media/qbit/backup" = { 59 | device = "/dev/disk/by-uuid/6e71eeea-6437-46f4-88d0-126c92af42ef"; 60 | fsType = "ext4"; 61 | neededForBoot = false; 62 | }; 63 | 64 | "/run/media/qbit/keestore" = { 65 | device = "http://100.100.100.100:8080/tapenet.org/box/keestore"; 66 | fsType = "davfs"; 67 | options = [ 68 | "_netdev" 69 | "x-systemd.automount" 70 | "reconnect" 71 | "rw" 72 | "user" 73 | "uid=1000" 74 | "gid=1000" 75 | ]; 76 | neededForBoot = false; 77 | }; 78 | "/run/media/qbit/TailDrive" = { 79 | device = "http://100.100.100.100:8080/tapenet.org/box/media"; 80 | fsType = "davfs"; 81 | options = [ 82 | "_netdev" 83 | "x-systemd.automount" 84 | "reconnect" 85 | "rw" 86 | "user" 87 | "uid=1000" 88 | "gid=1000" 89 | ]; 90 | neededForBoot = false; 91 | }; 92 | }; 93 | 94 | swapDevices = 95 | [{ device = "/dev/disk/by-uuid/1c2bb5e0-7ca8-4943-8e0f-527497ce2d61"; }]; 96 | 97 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 98 | 99 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 100 | 101 | hardware = { 102 | bluetooth.enable = true; 103 | rtl-sdr.enable = true; 104 | cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 105 | }; 106 | } 107 | -------------------------------------------------------------------------------- /hosts/faf/default.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | let 3 | pubKeys = [ 4 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" 5 | ]; 6 | userBase = { 7 | openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; 8 | }; 9 | in 10 | { 11 | _module.args.isUnstable = false; 12 | imports = [ ./hardware-configuration.nix ]; 13 | 14 | boot = { 15 | loader = { 16 | systemd-boot.enable = true; 17 | efi.canTouchEfiVariables = true; 18 | }; 19 | 20 | supportedFilesystems = [ "zfs" ]; 21 | zfs.devNodes = "/dev/"; 22 | }; 23 | 24 | networking = { 25 | hostName = "faf"; 26 | hostId = "12963a2a"; 27 | 28 | useDHCP = false; 29 | interfaces.enp1s0.useDHCP = true; 30 | interfaces.enp2s0.useDHCP = true; 31 | 32 | firewall = { 33 | allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ]; 34 | allowedUDPPorts = [ 53 ]; 35 | }; 36 | hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; }; 37 | }; 38 | 39 | users.users = { 40 | root = userBase; 41 | }; 42 | 43 | services = { 44 | prometheus = { 45 | enable = true; 46 | port = 9001; 47 | 48 | exporters = { 49 | node = { 50 | enable = true; 51 | enabledCollectors = [ "systemd" ]; 52 | port = 9002; 53 | }; 54 | }; 55 | }; 56 | unbound = { 57 | enable = true; 58 | settings = { 59 | server = { 60 | interface = [ "100.80.94.131" ]; 61 | access-control = [ "100.64.0.0/10 allow" ]; 62 | }; 63 | local-zone = ''"bold.daemon." static''; 64 | local-data = [ 65 | ''"books.bold.daemon. IN A 100.115.16.150"'' 66 | ''"headphones.bold.daemon. IN A 100.115.16.150"'' 67 | ''"jelly.bold.daemon. IN A 100.115.16.150"'' 68 | ''"lidarr.bold.daemon. IN A 100.115.16.150"'' 69 | ''"nzb.bold.daemon. IN A 100.115.16.150"'' 70 | ''"prowlarr.bold.daemon. IN A 100.115.16.150"'' 71 | ''"radarr.bold.daemon. IN A 100.115.16.150"'' 72 | ''"reddit.bold.daemon. IN A 100.115.16.150"'' 73 | ''"sonarr.bold.daemon. IN A 100.115.16.150"'' 74 | ''"readarr.bold.daemon. IN A 100.115.16.150"'' 75 | ''"home.bold.daemon. IN A 100.115.16.150"'' 76 | ''"graph.bold.daemon. IN A 100.115.16.150"'' 77 | ''"invidious.bold.daemon. IN A 100.115.16.150"'' 78 | ''"backup.bold.daemon. IN A 10.6.0.15"'' 79 | ''"router.bold.daemon. IN A 10.6.0.1"'' 80 | ''"cake.bold.daemon. IN A 10.6.0.144"'' 81 | ]; 82 | }; 83 | }; 84 | }; 85 | 86 | system.stateVersion = "21.11"; # Did you read the comment? 87 | } 88 | -------------------------------------------------------------------------------- /hosts/faf/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config 5 | , lib 6 | , modulesPath 7 | , ... 8 | }: { 9 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 10 | 11 | boot = { 12 | initrd.availableKernelModules = [ 13 | "uhci_hcd" 14 | "ehci_pci" 15 | "ahci" 16 | "xhci_pci" 17 | "sata_sil24" 18 | "usb_storage" 19 | "usbhid" 20 | "sd_mod" 21 | ]; 22 | initrd.kernelModules = [ ]; 23 | kernelModules = [ ]; 24 | extraModulePackages = [ ]; 25 | }; 26 | 27 | fileSystems = { 28 | "/" = { 29 | device = "tank/nixos"; 30 | fsType = "zfs"; 31 | }; 32 | 33 | "/nix" = { 34 | device = "tank/nixos/nix"; 35 | fsType = "zfs"; 36 | }; 37 | 38 | "/etc" = { 39 | device = "tank/nixos/etc"; 40 | fsType = "zfs"; 41 | }; 42 | 43 | "/var" = { 44 | device = "tank/nixos/var"; 45 | fsType = "zfs"; 46 | }; 47 | 48 | "/var/lib" = { 49 | device = "tank/nixos/var/lib"; 50 | fsType = "zfs"; 51 | }; 52 | 53 | "/var/log" = { 54 | device = "tank/nixos/var/log"; 55 | fsType = "zfs"; 56 | }; 57 | 58 | "/var/spool" = { 59 | device = "tank/nixos/var/spool"; 60 | fsType = "zfs"; 61 | }; 62 | 63 | "/home" = { 64 | device = "tank/userdata/home"; 65 | fsType = "zfs"; 66 | }; 67 | 68 | "/boot" = { 69 | device = "/dev/disk/by-uuid/5851-DEF2"; 70 | fsType = "vfat"; 71 | }; 72 | }; 73 | 74 | swapDevices = [ ]; 75 | 76 | hardware.cpu.intel.updateMicrocode = 77 | lib.mkDefault config.hardware.enableRedistributableFirmware; 78 | } 79 | -------------------------------------------------------------------------------- /hosts/h/alias: -------------------------------------------------------------------------------- 1 | suah.dev 2 | -------------------------------------------------------------------------------- /hosts/h/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config 5 | , lib 6 | , modulesPath 7 | , ... 8 | }: { 9 | imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; 10 | 11 | boot = { 12 | initrd = { 13 | availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ]; 14 | kernelModules = [ ]; 15 | }; 16 | kernelModules = [ "wireguard" ]; 17 | extraModulePackages = [ ]; 18 | }; 19 | 20 | fileSystems."/" = { 21 | device = "/dev/disk/by-uuid/b3caa6ff-5610-4ae2-999d-f8f0b1599c4f"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }]; 26 | 27 | hardware.cpu.intel.updateMicrocode = 28 | lib.mkDefault config.hardware.enableRedistributableFirmware; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/luna/alias: -------------------------------------------------------------------------------- 1 | 10.6.0.114 2 | -------------------------------------------------------------------------------- /hosts/luna/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | let 3 | pubKeys = [ 4 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" 5 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" 6 | ]; 7 | userBase = { openssh.authorizedKeys.keys = pubKeys; }; 8 | in 9 | { 10 | _module.args.isUnstable = false; 11 | imports = [ ./hardware-configuration.nix ]; 12 | 13 | boot.loader.grub = { 14 | enable = true; 15 | device = "/dev/sdb"; 16 | useOSProber = true; 17 | }; 18 | 19 | # The moon based shipyard 20 | networking = { 21 | hostName = "luna"; 22 | 23 | networkmanager.enable = true; 24 | firewall.allowedTCPPorts = [ 22 ]; 25 | }; 26 | 27 | environment.systemPackages = [ ]; 28 | 29 | users.users.root = userBase; 30 | users.users.qbit = userBase; 31 | 32 | services = { 33 | fwupd = { 34 | enable = true; 35 | }; 36 | }; 37 | 38 | preDNS.enable = true; 39 | 40 | system.stateVersion = "22.05"; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/luna/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , modulesPath 4 | , ... 5 | }: { 6 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 7 | 8 | boot = { 9 | initrd = { 10 | availableKernelModules = [ 11 | "uhci_hcd" 12 | "ehci_pci" 13 | "ata_piix" 14 | "megaraid_sas" 15 | "usb_storage" 16 | "usbhid" 17 | "sd_mod" 18 | "sr_mod" 19 | ]; 20 | kernelModules = [ ]; 21 | }; 22 | kernelModules = [ "kvm-intel" ]; 23 | extraModulePackages = [ ]; 24 | }; 25 | 26 | fileSystems."/" = { 27 | device = "/dev/disk/by-uuid/caa1051c-f7c3-4809-9a63-b3908de9c27c"; 28 | fsType = "ext4"; 29 | }; 30 | 31 | swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }]; 32 | 33 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 34 | # (the default) this is the recommended approach. When using systemd-networkd it's 35 | # still possible to use this option, but it's recommended to use it in conjunction 36 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 37 | networking.useDHCP = lib.mkDefault true; 38 | # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 39 | # networking.interfaces.eno2.useDHCP = lib.mkDefault true; 40 | # networking.interfaces.eno3.useDHCP = lib.mkDefault true; 41 | # networking.interfaces.eno4.useDHCP = lib.mkDefault true; 42 | 43 | hardware.cpu.intel.updateMicrocode = 44 | lib.mkDefault config.hardware.enableRedistributableFirmware; 45 | } 46 | -------------------------------------------------------------------------------- /hosts/octo/default.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , pkgs 3 | , lib 4 | , ... 5 | }: 6 | let 7 | pubKeys = [ 8 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" 9 | "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" 10 | ]; 11 | userBase = { 12 | openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; 13 | }; 14 | in 15 | { 16 | _module.args.isUnstable = false; 17 | imports = [ ./hardware-configuration.nix ]; 18 | 19 | boot = { 20 | initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; 21 | kernelPackages = pkgs.linuxPackages_latest; 22 | kernelModules = [ "raspberrypi_ts" ]; 23 | loader = { 24 | grub.enable = false; 25 | generic-extlinux-compatible.enable = true; 26 | }; 27 | }; 28 | 29 | networking = { 30 | hostName = "octo"; 31 | networkmanager = { enable = true; }; 32 | wireless.userControlled.enable = true; 33 | }; 34 | 35 | preDNS.enable = false; 36 | systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = 37 | lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ]; 38 | 39 | users.users = { 40 | root = userBase; 41 | qbit = userBase; 42 | }; 43 | 44 | services.octoprint = { 45 | enable = true; 46 | openFirewall = true; 47 | }; 48 | 49 | system.stateVersion = "21.11"; 50 | } 51 | -------------------------------------------------------------------------------- /hosts/octo/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | fileSystems = { 3 | "/" = { 4 | device = "/dev/disk/by-label/NIXOS_SD"; 5 | fsType = "ext4"; 6 | }; 7 | }; 8 | 9 | hardware.enableRedistributableFirmware = true; 10 | 11 | #hardware.deviceTree = { 12 | # overlays = [ 13 | # #"${pkgs.raspberrypifw}/share/raspberrypi/boot/overlays/rpi-ft5406.dtbo" 14 | # { 15 | # name = "rpi4-cma-overlay"; 16 | # dtsText = '' 17 | # // SPDX-License-Identifier: GPL-2.0 18 | # /dts-v1/; 19 | # /plugin/; 20 | # / { 21 | # compatible = "brcm,bcm2711"; 22 | # fragment@0 { 23 | # target = <&cma>; 24 | # __overlay__ { 25 | # size = <(512 * 1024 * 1024)>; 26 | # }; 27 | # }; 28 | # }; 29 | # ''; 30 | # } 31 | # ]; 32 | #}; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/orcim/alias: -------------------------------------------------------------------------------- 1 | orcim.otter-alligator.ts.net -------------------------------------------------------------------------------- /hosts/orcim/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , ... 3 | }: 4 | let 5 | pubKeys = [ 6 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" 7 | ]; 8 | in 9 | { 10 | _module.args.isUnstable = true; 11 | imports = [ 12 | ./hardware-configuration.nix 13 | ]; 14 | 15 | hardware = { 16 | rtl-sdr.enable = true; 17 | bluetooth.enable = true; 18 | enableAllFirmware = true; 19 | }; 20 | 21 | nixpkgs.config = { 22 | allowUnsupportedSystem = true; 23 | allowUnfree = true; 24 | }; 25 | 26 | console.font = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz"; 27 | console.earlySetup = true; 28 | 29 | boot = { 30 | loader = { 31 | systemd-boot.enable = true; 32 | efi.canTouchEfiVariables = true; 33 | }; 34 | 35 | kernelPatches = [ 36 | { 37 | name = "pwm-lpss"; 38 | patch = null; 39 | extraConfig = '' 40 | PWM y 41 | PWM_LPSS m 42 | PWM_LPSS_PCI m 43 | PWM_LPSS_PLATFORM m 44 | ''; 45 | } 46 | ]; 47 | 48 | kernelPackages = pkgs.linuxPackages_latest; 49 | kernelParams = [ 50 | "fbcon=rotate:1" 51 | "gpd-pocket-fan.speed_on_ac=0" 52 | "video=DSI-1:panel_orientation=right_side_up" 53 | ]; 54 | 55 | kernelModules = [ "btusb" "kvm-intel" "i915" "pwm-lpss" "pwm-lpss-platform" ]; 56 | 57 | initrd = { 58 | kernelModules = [ 59 | "g_serial" 60 | "bq24190_charger" 61 | "i915" 62 | "pwm-lpss" 63 | "pwm-lpss-platform" 64 | ]; 65 | 66 | availableKernelModules = [ 67 | "xhci_pci" 68 | "dm_mod" 69 | "nvme" 70 | "usbhid" 71 | "usb_storage" 72 | "sd_mod" 73 | "sdhci_acpi" 74 | "sdhci_pci" 75 | "rtsx_pci_sdmmc" 76 | ]; 77 | }; 78 | 79 | }; 80 | 81 | networking = { 82 | hostName = "orcim"; 83 | networkmanager.enable = true; 84 | wireless.userControlled.enable = true; 85 | firewall = { 86 | enable = true; 87 | allowedTCPPorts = [ 22 ]; 88 | checkReversePath = "loose"; 89 | }; 90 | }; 91 | 92 | environment.systemPackages = with pkgs; [ 93 | rtl-sdr 94 | signal-desktop 95 | ]; 96 | 97 | kde.enable = true; 98 | 99 | services = { 100 | smartd.enable = false; 101 | fwupd = { 102 | enable = true; 103 | }; 104 | }; 105 | 106 | # pamu2fcfg -u qbit -opam://xin -ipam://orcim 107 | security.pam.u2f = { 108 | enable = true; 109 | settings = { 110 | origin = "pam://xin"; 111 | }; 112 | }; 113 | 114 | users = { 115 | users = { 116 | root = { openssh.authorizedKeys.keys = pubKeys; }; 117 | qbit = { 118 | openssh.authorizedKeys.keys = pubKeys; 119 | extraGroups = [ "dialout" "libvirtd" "plugdev" ]; 120 | }; 121 | }; 122 | }; 123 | 124 | system.stateVersion = "22.11"; 125 | } 126 | -------------------------------------------------------------------------------- /hosts/orcim/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { config, lib, modulesPath, ... }: 2 | 3 | { 4 | imports = 5 | [ 6 | (modulesPath + "/hardware/network/broadcom-43xx.nix") 7 | (modulesPath + "/installer/scan/not-detected.nix") 8 | ]; 9 | 10 | boot = { 11 | initrd = { 12 | luks.devices.crypted.device = "/dev/disk/by-uuid/5be7f5d5-3172-4058-b9c1-93376758f4c0"; 13 | availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ]; 14 | kernelModules = [ "dm-snapshot" ]; 15 | }; 16 | kernelModules = [ "kvm-intel" ]; 17 | extraModulePackages = [ ]; 18 | }; 19 | 20 | fileSystems."/" = 21 | { 22 | device = "/dev/disk/by-uuid/c22ae62d-e66d-42fa-9892-d4b8fbb1e6f4"; 23 | fsType = "ext4"; 24 | }; 25 | 26 | fileSystems."/boot" = 27 | { 28 | device = "/dev/disk/by-uuid/E1A0-9ACF"; 29 | fsType = "vfat"; 30 | options = [ "fmask=0022" "dmask=0022" ]; 31 | }; 32 | 33 | swapDevices = 34 | [ 35 | { device = "/dev/disk/by-uuid/e3cf51f7-1856-429c-baab-c7c07e3dc6cc"; } 36 | ]; 37 | 38 | networking.useDHCP = lib.mkDefault true; 39 | 40 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 41 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 42 | } 43 | -------------------------------------------------------------------------------- /hosts/plq/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , lib 3 | , isUnstable 4 | , ... 5 | }: 6 | let 7 | secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent"; 8 | rage = 9 | pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; }); 10 | in 11 | { 12 | _module.args.isUnstable = false; 13 | imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ]; 14 | 15 | networking.hostName = "plq"; 16 | 17 | security.pam.services.sudo_local.touchIdAuth = true; 18 | 19 | programs = { 20 | zsh = { 21 | enable = true; 22 | shellInit = '' 23 | export OP_PLUGIN_ALIASES_SOURCED=1 24 | ''; 25 | }; 26 | }; 27 | nix = { 28 | package = pkgs.nix; 29 | settings = { 30 | sandbox = true; 31 | }; 32 | }; 33 | services = { 34 | emacs.package = pkgs.callPackage ../pkgs/emacs.nix { inherit isUnstable; }; 35 | }; 36 | 37 | system = { 38 | keyboard = { 39 | enableKeyMapping = true; 40 | remapCapsLockToControl = true; 41 | }; 42 | defaults = { 43 | dock.orientation = "left"; 44 | SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; 45 | }; 46 | }; 47 | 48 | launchd.user.agents."SecretAgent" = { 49 | command = ''"/Users/qbit/Applications/Nix Apps/Secretive.app/${secretAgent}"''; 50 | serviceConfig = rec { 51 | KeepAlive = true; 52 | StandardErrorPath = StandardOutPath; 53 | StandardOutPath = "/Users/qbit/Library/Logs/SecretAgent.log"; 54 | }; 55 | }; 56 | 57 | nixpkgs.config = { 58 | allowUnfree = true; 59 | allowUnfreePredicate = pkg: 60 | builtins.elm (lib.getName pkg) [ 61 | "obsidian" 62 | ]; 63 | }; 64 | 65 | environment.variables = { 66 | SSH_AUTH_SOCK = "$HOME/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh"; 67 | }; 68 | 69 | environment.systemPackages = with pkgs; [ 70 | (callPackage ../../pkgs/secretive.nix { inherit isUnstable; }) 71 | (callPackage ../../pkgs/hammerspoon.nix { inherit isUnstable; }) 72 | 73 | direnv 74 | exiftool 75 | gh 76 | gnupg 77 | go 78 | mosh 79 | nb 80 | neovim 81 | nixpkgs-review 82 | nmap 83 | obsidian 84 | rage 85 | statix 86 | ]; 87 | system.stateVersion = 5; 88 | } 89 | -------------------------------------------------------------------------------- /hosts/pwntie/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config 5 | , lib 6 | , modulesPath 7 | , ... 8 | }: { 9 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 10 | 11 | boot = { 12 | initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; 13 | initrd.kernelModules = [ ]; 14 | kernelModules = [ "kvm-amd" ]; 15 | extraModulePackages = [ ]; 16 | }; 17 | 18 | fileSystems = { 19 | "/" = { 20 | device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec"; 21 | fsType = "ext4"; 22 | }; 23 | 24 | "/boot/efi" = { 25 | device = "/dev/disk/by-uuid/2079-D1CE"; 26 | fsType = "vfat"; 27 | }; 28 | }; 29 | 30 | swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }]; 31 | 32 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 33 | # (the default) this is the recommended approach. When using systemd-networkd it's 34 | # still possible to use this option, but it's recommended to use it in conjunction 35 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 36 | networking.useDHCP = lib.mkDefault true; 37 | # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true; 38 | 39 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 40 | hardware.cpu.amd.updateMicrocode = 41 | lib.mkDefault config.hardware.enableRedistributableFirmware; 42 | # high-resolution display 43 | } 44 | -------------------------------------------------------------------------------- /hosts/retic/alias: -------------------------------------------------------------------------------- 1 | 10.6.0.153 2 | -------------------------------------------------------------------------------- /hosts/retic/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , ... 3 | }: 4 | let 5 | checkKillAll = p: (_: super: { 6 | "${p}" = super."${p}".overrideAttrs (_: { 7 | doCheck = false; 8 | doInstallCheck = false; 9 | checkPhase = ""; 10 | }); 11 | }); 12 | checkKill = p: (_: super: { 13 | "${p}" = super."${p}".overrideAttrs (_: { 14 | doCheck = false; 15 | doInstallCheck = false; 16 | checkPhase = ""; 17 | }); 18 | }); 19 | in 20 | { 21 | _module.args.isUnstable = false; 22 | imports = [ 23 | ./hardware-configuration.nix 24 | ]; 25 | 26 | nixpkgs.overlays = [ 27 | (checkKill "boehmgc") 28 | (checkKill "libuv") 29 | (checkKillAll "llvm") 30 | (checkKill "elfutils") 31 | ]; 32 | 33 | myEmacs.enable = false; 34 | 35 | boot = { 36 | initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" ]; 37 | kernelPackages = pkgs.linuxPackages; 38 | loader = { 39 | grub.enable = false; 40 | generic-extlinux-compatible.enable = true; 41 | }; 42 | }; 43 | 44 | networking = { 45 | hostName = "retic"; 46 | }; 47 | 48 | preDNS.enable = false; 49 | 50 | system.stateVersion = "24.05"; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/retic/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | fileSystems = { 3 | "/" = { 4 | device = "/dev/disk/by-label/NIXOS_SD"; 5 | fsType = "ext4"; 6 | }; 7 | }; 8 | 9 | hardware = { 10 | enableRedistributableFirmware = true; 11 | bluetooth.enable = true; 12 | }; 13 | 14 | #hardware.deviceTree = { 15 | # overlays = [ 16 | # #"${pkgs.raspberrypifw}/share/raspberrypi/boot/overlays/rpi-ft5406.dtbo" 17 | # { 18 | # name = "rpi4-cma-overlay"; 19 | # dtsText = '' 20 | # // SPDX-License-Identifier: GPL-2.0 21 | # /dts-v1/; 22 | # /plugin/; 23 | # / { 24 | # compatible = "brcm,bcm2711"; 25 | # fragment@0 { 26 | # target = <&cma>; 27 | # __overlay__ { 28 | # size = <(512 * 1024 * 1024)>; 29 | # }; 30 | # }; 31 | # }; 32 | # ''; 33 | # } 34 | # ]; 35 | #}; 36 | } 37 | -------------------------------------------------------------------------------- /hosts/router/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config 5 | , lib 6 | , modulesPath 7 | , ... 8 | }: { 9 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 10 | 11 | boot.loader.grub = { 12 | enable = true; 13 | device = "/dev/sda"; 14 | useOSProber = true; 15 | }; 16 | 17 | boot = { 18 | initrd = { 19 | availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ]; 20 | kernelModules = [ ]; 21 | }; 22 | kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ]; 23 | extraModulePackages = [ ]; 24 | }; 25 | 26 | fileSystems."/" = { 27 | device = "/dev/disk/by-uuid/4c84fd36-f143-4db8-bfe5-65de0287f894"; 28 | fsType = "ext4"; 29 | }; 30 | 31 | swapDevices = [ ]; 32 | 33 | hardware.cpu.intel.updateMicrocode = 34 | lib.mkDefault config.hardware.enableRedistributableFirmware; 35 | } 36 | -------------------------------------------------------------------------------- /hosts/stan/alias: -------------------------------------------------------------------------------- 1 | 10.6.0.224 -------------------------------------------------------------------------------- /hosts/stan/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , lib 3 | , modulesPath 4 | , ... 5 | }: { 6 | imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 7 | 8 | boot = { 9 | initrd = { 10 | availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; 11 | kernelModules = [ ]; 12 | luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827"; 13 | }; 14 | kernelModules = [ "kvm-intel" ]; 15 | extraModulePackages = [ ]; 16 | }; 17 | 18 | system.fsPackages = [ pkgs.sshfs ]; 19 | 20 | fileSystems = { 21 | "/" = { 22 | device = "/dev/disk/by-uuid/56138f23-38c0-4e4f-8dee-4fcd57c238a0"; 23 | fsType = "ext4"; 24 | }; 25 | "/boot/efi" = { 26 | device = "/dev/disk/by-uuid/4CFA-E61D"; 27 | fsType = "vfat"; 28 | }; 29 | "/home/abieber/aef100" = { 30 | device = "vm:aef100/"; 31 | fsType = "sshfs"; 32 | options = [ 33 | "_netdev" 34 | "x-systemd.automount" 35 | 36 | (builtins.replaceStrings [ " " ] [ "\\040" ] 37 | "ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config") 38 | "reconnect" 39 | "allow_other" 40 | "cache=yes" 41 | "auto_cache" 42 | 43 | "ServerAliveInterval=15" 44 | "IdentityFile=/home/abieber/.ssh/vm" 45 | ]; 46 | }; 47 | }; 48 | 49 | 50 | swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }]; 51 | 52 | networking.useDHCP = lib.mkDefault true; 53 | 54 | hardware = { 55 | bluetooth.enable = true; 56 | rtl-sdr.enable = true; 57 | }; 58 | } 59 | -------------------------------------------------------------------------------- /hosts/tv/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, modulesPath, ... }: 5 | 6 | { 7 | imports = 8 | [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | boot = { 13 | initrd = { 14 | availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; 15 | kernelModules = [ "cdc-acm" ]; 16 | }; 17 | kernelModules = [ "kvm-intel" "cdc-acm" ]; 18 | extraModulePackages = [ ]; 19 | }; 20 | 21 | fileSystems."/" = 22 | { 23 | device = "/dev/disk/by-uuid/9833387e-b5d9-4e77-8891-7829a0e83954"; 24 | fsType = "ext4"; 25 | }; 26 | 27 | fileSystems."/boot" = 28 | { 29 | device = "/dev/disk/by-uuid/B185-050E"; 30 | fsType = "vfat"; 31 | options = [ "fmask=0022" "dmask=0022" ]; 32 | }; 33 | 34 | swapDevices = [ ]; 35 | 36 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 37 | # (the default) this is the recommended approach. When using systemd-networkd it's 38 | # still possible to use this option, but it's recommended to use it in conjunction 39 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 40 | networking.useDHCP = lib.mkDefault true; 41 | # networking.interfaces.enp0s13f0u3.useDHCP = lib.mkDefault true; 42 | 43 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 44 | hardware = { 45 | cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 46 | bluetooth.enable = true; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/weather/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | fileSystems = { 3 | "/" = { 4 | device = "/dev/disk/by-label/NIXOS_SD"; 5 | fsType = "ext4"; 6 | }; 7 | "/tmp" = { 8 | device = "/dev/disk/by-label/nix-extra"; 9 | fsType = "ext4"; 10 | }; 11 | }; 12 | 13 | hardware.enableRedistributableFirmware = true; 14 | 15 | #hardware.deviceTree = { 16 | # overlays = [ 17 | # #"${pkgs.raspberrypifw}/share/raspberrypi/boot/overlays/rpi-ft5406.dtbo" 18 | # { 19 | # name = "rpi4-cma-overlay"; 20 | # dtsText = '' 21 | # // SPDX-License-Identifier: GPL-2.0 22 | # /dts-v1/; 23 | # /plugin/; 24 | # / { 25 | # compatible = "brcm,bcm2711"; 26 | # fragment@0 { 27 | # target = <&cma>; 28 | # __overlay__ { 29 | # size = <(512 * 1024 * 1024)>; 30 | # }; 31 | # }; 32 | # }; 33 | # ''; 34 | # } 35 | # ]; 36 | #}; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/weatherzero/default.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , pkgs 3 | , lib 4 | , ... 5 | }: 6 | let 7 | pubKeys = [ 8 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" 9 | "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" 10 | ]; 11 | userBase = { 12 | openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; 13 | }; 14 | in 15 | { 16 | _module.args.isUnstable = false; 17 | imports = [ 18 | ./hardware-configuration.nix 19 | ]; 20 | 21 | defaultUsers.enable = false; 22 | 23 | boot = { 24 | initrd.availableKernelModules = lib.mkForce [ 25 | "mmc_block" 26 | "usbhid" 27 | "hid_generic" 28 | "hid_microsoft" 29 | ]; 30 | 31 | supportedFilesystems = lib.mkForce [ "vfat" ]; 32 | 33 | kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0; 34 | }; 35 | 36 | networking = { 37 | hostName = "wzero"; 38 | networkmanager = { enable = true; }; 39 | wireless.userControlled.enable = true; 40 | hosts."100.120.151.126" = [ "graph.tapenet.org" ]; 41 | }; 42 | 43 | users.users.weather = { 44 | shell = pkgs.zsh; 45 | isNormalUser = true; 46 | description = "Weather"; 47 | extraGroups = [ "wheel" ]; 48 | }; 49 | 50 | preDNS.enable = false; 51 | users.users.root = userBase; 52 | 53 | #environment.systemPackages = with pkgs; [ 54 | #]; 55 | 56 | system.stateVersion = "21.11"; 57 | } 58 | -------------------------------------------------------------------------------- /hosts/weatherzero/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { 2 | hardware = { 3 | deviceTree = { 4 | enable = true; 5 | overlays = [ "${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo" ]; 6 | }; 7 | 8 | enableRedistributableFirmware = true; 9 | i2c.enable = true; 10 | firmware = with pkgs; [ 11 | raspberrypiWirelessFirmware 12 | ]; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /install_template.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | let 3 | pubKeys = [ 4 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager" 5 | "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI=" 6 | "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo=" 7 | "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0=" 8 | "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu" 9 | ]; 10 | in 11 | { 12 | imports = [ ./hardware-configuration.nix ]; 13 | 14 | boot.loader = { 15 | systemd-boot.enable = true; 16 | efi = { 17 | canTouchEfiVariables = true; 18 | efiSysMountPoint = "/boot/efi"; 19 | }; 20 | }; 21 | 22 | nix = { 23 | package = pkgs.nixUnstable; 24 | extraOptions = '' 25 | experimental-features = nix-command flakes 26 | ''; 27 | }; 28 | 29 | networking = { 30 | hostName = "changeme"; 31 | networkmanager.enable = true; 32 | }; 33 | 34 | time.timeZone = "America/Denver"; 35 | 36 | services.xserver = { 37 | layout = "us"; 38 | xkbVariant = "colemak"; 39 | }; 40 | console = { keyMap = "colemak"; }; 41 | 42 | users.users = { 43 | qbit = { 44 | isNormalUser = true; 45 | description = "Aaron Bieber"; 46 | extraGroups = [ "networkmanager" "wheel" ]; 47 | packages = [ ]; 48 | }; 49 | root = { openssh.authorizedKeys.keys = pubKeys; }; 50 | }; 51 | 52 | # neovim will overwrite my neovim!! 53 | environment.systemPackages = with pkgs; [ neovim jq ]; 54 | 55 | services.openssh = { 56 | enable = true; 57 | permitRootLogin = "prohibit-password"; 58 | }; 59 | 60 | system.stateVersion = "22.05"; # Did you read the comment? 61 | } 62 | -------------------------------------------------------------------------------- /modules/default.nix: -------------------------------------------------------------------------------- 1 | { xinlib, ... }: 2 | let 3 | inherit (xinlib) prIsOpen; 4 | in 5 | { 6 | imports = [ 7 | ./backup.nix 8 | ./golink.nix 9 | ./lock-action.nix 10 | ./signal-cli.nix 11 | ./ssh-fido-agent.nix 12 | ./tsvnstat.nix 13 | ./veilid-server.nix 14 | ./yarr.nix 15 | ] ++ prIsOpen.list 399692 [ ./restic-rest-server.nix ]; 16 | } 17 | -------------------------------------------------------------------------------- /modules/golink.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , inputs 5 | , ... 6 | }: 7 | with pkgs; let 8 | inherit (inputs.unstable.legacyPackages.${pkgs.system}) golink; 9 | cfg = config.services.golink; 10 | in 11 | { 12 | options = with lib; { 13 | services.golink = { 14 | enable = mkEnableOption "Enable golink"; 15 | 16 | user = mkOption { 17 | type = with types; oneOf [ str int ]; 18 | default = "golink"; 19 | description = '' 20 | The user the service will use. 21 | ''; 22 | }; 23 | 24 | dataDir = mkOption { 25 | type = types.path; 26 | default = "/var/lib/golink"; 27 | description = '' 28 | Path to the golink sqlite database 29 | ''; 30 | }; 31 | 32 | envFile = mkOption { 33 | type = types.path; 34 | default = "/run/secrets/golink"; 35 | description = '' 36 | Path to a file containing the golink tailscale auth token 37 | ''; 38 | }; 39 | 40 | group = mkOption { 41 | type = with types; oneOf [ str int ]; 42 | default = "golink"; 43 | description = '' 44 | The user the service will use. 45 | ''; 46 | }; 47 | 48 | package = mkOption { 49 | type = types.package; 50 | default = golink; 51 | defaultText = literalExpression "pkgs.golink"; 52 | description = "The package to use for golink"; 53 | }; 54 | }; 55 | }; 56 | config = lib.mkIf cfg.enable { 57 | users.groups.${cfg.group} = { }; 58 | users.users.${cfg.user} = { 59 | description = "golink service user"; 60 | isSystemUser = true; 61 | home = cfg.dataDir; 62 | createHome = true; 63 | group = "${cfg.group}"; 64 | }; 65 | 66 | systemd.services.golink = { 67 | enable = true; 68 | description = "golink server"; 69 | wants = [ "network-online.target" ]; 70 | 71 | path = [ pkgs.vnstat ]; 72 | 73 | environment = { 74 | HOME = cfg.dataDir; 75 | HOSTNAME = config.networking.hostName; 76 | }; 77 | 78 | serviceConfig = { 79 | User = cfg.user; 80 | Group = cfg.group; 81 | 82 | RuntimeDirectory = "golink"; 83 | StateDirectory = "golink"; 84 | StateDirectoryMode = "0755"; 85 | CacheDirectory = "golink"; 86 | CacheDirectoryMode = "0755"; 87 | 88 | EnvironmentFile = cfg.envFile; 89 | 90 | ExecStart = "${cfg.package}/bin/golink -sqlitedb ${cfg.dataDir}/golink.db"; 91 | }; 92 | }; 93 | }; 94 | } 95 | -------------------------------------------------------------------------------- /modules/lock-action.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, config, ... }: 2 | let 3 | cfg = config.services.lock-action; 4 | dbus-monitor = "${pkgs.dbus}/bin/dbus-monitor"; 5 | awk = "${pkgs.gawk}/bin/awk"; 6 | ssh-add = "${pkgs.openssh}/bin/ssh-add"; 7 | action-script = pkgs.writeScript "action-script" '' 8 | export DBUS_SESSION_BUS_ADDRESS="$(systemctl --user show-environment | ${awk} -F= '/^DBUS_SESSION_BUS_ADDRESS/ {print $(NF-1) "=" $NF}')" 9 | export SSH_AUTH_SOCK="$(systemctl --user show-environment | ${awk} -F= '/^SSH_AUTH_SOCK/ {print $NF}')" 10 | 11 | echo $DBUS_SESSION_BUS_ADDRESS 12 | echo $SSH_AUTH_SOCK 13 | 14 | ${dbus-monitor} --session "type='signal',interface='org.freedesktop.ScreenSaver'" | \ 15 | while read x; do 16 | case "$x" in 17 | *"boolean true"*) 18 | echo "Screen Locked"; 19 | ${ssh-add} -D 20 | /run/wrappers/bin/sudo -K 21 | esac 22 | done 23 | 24 | ''; 25 | in 26 | { 27 | options = { 28 | services.lock-action = { 29 | enable = lib.mkEnableOption "Enable lock actions"; 30 | }; 31 | }; 32 | config = lib.mkIf cfg.enable { 33 | systemd.user.services.lock-action = { 34 | enable = true; 35 | script = '' 36 | ${action-script} 37 | ''; 38 | 39 | environment = { 40 | DBUS_SESSION_BUS_ADDRESS = "fake"; 41 | SSH_AUTH_SOCK = "fake"; 42 | }; 43 | 44 | wantedBy = [ "graphical-session.target" ]; 45 | after = [ "graphical-session.target" ]; 46 | }; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /modules/rtlamr2mqtt.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | with pkgs; let 7 | cfg = config.services.rtlamr2mqtt; 8 | rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { }; 9 | settingsFormat = pkgs.formats.json { }; 10 | settingsType = settingsFormat.type; 11 | prettyJSON = conf: 12 | pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } '' 13 | echo '${ 14 | builtins.toJSON conf 15 | }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out 16 | ''; 17 | in 18 | { 19 | options = with lib; { 20 | services.rtlamr2mqtt = { 21 | enable = mkEnableOption "Enable rtlamr2mqtt"; 22 | 23 | user = mkOption { 24 | type = with types; oneOf [ str int ]; 25 | default = "rtlamr2mqtt"; 26 | description = '' 27 | The user the service will use. 28 | ''; 29 | }; 30 | 31 | group = mkOption { 32 | type = with types; oneOf [ str int ]; 33 | default = "rtlamr2mqtt"; 34 | description = '' 35 | The user the service will use. 36 | ''; 37 | }; 38 | 39 | configuration = mkOption { 40 | type = settingsType; 41 | description = '' 42 | Specify the configuration for rtlamr2mqtt in Nix. 43 | ''; 44 | }; 45 | 46 | package = mkOption { 47 | type = types.package; 48 | default = rtlamr2mqtt; 49 | defaultText = literalExpression "pkgs.rtlamr2mqtt"; 50 | description = "The package to use for rtlamr2mqtt"; 51 | }; 52 | }; 53 | }; 54 | 55 | config = lib.mkIf cfg.enable { 56 | users.groups.rtlamr2mqtt = { }; 57 | users.users.rtlamr2mqtt = { 58 | description = "rtlamr2mqtt service user"; 59 | isSystemUser = true; 60 | home = "/var/lib/rtlamr2mqtt"; 61 | createHome = true; 62 | group = "rtlamr2mqtt"; 63 | extraGroups = [ "plugdev" ]; 64 | }; 65 | 66 | systemd.services.rtlamr2mqtt = { 67 | enable = true; 68 | description = "rtlamr2mqtt server"; 69 | wantedBy = [ "multi-user.target" ]; 70 | 71 | serviceConfig = { 72 | User = cfg.user; 73 | Group = cfg.group; 74 | 75 | RuntimeDirectory = "rtlamr2mqtt"; 76 | 77 | ExecStart = "${cfg.package}/bin/rtlamr2mqtt ${prettyJSON cfg.configuration}"; 78 | }; 79 | }; 80 | }; 81 | } 82 | -------------------------------------------------------------------------------- /modules/signal-cli.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | let cfg = config.services.signal-cli; 7 | in 8 | with pkgs; { 9 | options = with lib; { 10 | services.signal-cli = { 11 | enable = mkEnableOption "Enable signal-cli"; 12 | 13 | user = mkOption { 14 | type = with types; oneOf [ str int ]; 15 | default = "signal-cli"; 16 | description = '' 17 | The user the service will use. 18 | ''; 19 | }; 20 | 21 | dataDir = mkOption { 22 | type = types.path; 23 | default = "/var/lib/signal-cli"; 24 | description = '' 25 | Path to the signal-cli sqlite database 26 | ''; 27 | }; 28 | 29 | socketPath = mkOption { 30 | type = types.path; 31 | default = "${cfg.dataDir}/socket"; 32 | description = "Path to create the socket on"; 33 | }; 34 | 35 | envFile = mkOption { 36 | type = types.path; 37 | default = "/run/secrets/signal-cli"; 38 | description = '' 39 | Path to a file containing the signal-cli tailscale auth token 40 | ''; 41 | }; 42 | 43 | group = mkOption { 44 | type = with types; oneOf [ str int ]; 45 | default = "signal-cli"; 46 | description = '' 47 | The user the service will use. 48 | ''; 49 | }; 50 | 51 | package = mkOption { 52 | type = types.package; 53 | default = signal-cli; 54 | defaultText = literalExpression "pkgs.signal-cli"; 55 | description = "The package to use for signal-cli"; 56 | }; 57 | }; 58 | }; 59 | config = lib.mkIf cfg.enable { 60 | users.groups.${cfg.group} = { }; 61 | users.users.${cfg.user} = { 62 | description = "signal-cli service user"; 63 | isSystemUser = true; 64 | home = cfg.dataDir; 65 | homeMode = "0750"; 66 | createHome = true; 67 | group = "${cfg.group}"; 68 | }; 69 | 70 | systemd.services.signal-cli = { 71 | enable = true; 72 | description = "signal-cli server"; 73 | wants = [ "network-online.target" ]; 74 | wantedBy = [ "multi-user.target" ]; 75 | 76 | environment = { 77 | HOME = cfg.dataDir; 78 | }; 79 | 80 | serviceConfig = { 81 | User = cfg.user; 82 | Group = cfg.group; 83 | 84 | RuntimeDirectory = "signal-cli"; 85 | StateDirectory = "signal-cli"; 86 | StateDirectoryMode = "0750"; 87 | CacheDirectory = "signal-cli"; 88 | CacheDirectoryMode = "0700"; 89 | 90 | EnvironmentFile = cfg.envFile; 91 | 92 | ExecStart = "${cfg.package}/bin/signal-cli --scrub-log -a $SIGNAL_NUMBER daemon --socket ${cfg.socketPath}"; 93 | }; 94 | }; 95 | }; 96 | } 97 | -------------------------------------------------------------------------------- /modules/ssh-fido-agent.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | let 7 | perl = "${pkgs.perl}/bin/perl"; 8 | sshAdd = "${pkgs.openssh}/bin/ssh-add"; 9 | pKill = "${pkgs.procps}/bin/pkill"; 10 | awk = "${pkgs.gawk}/bin/awk"; 11 | 12 | # fido-add-device is started by a systemd unit. It runs continuously waiting for a USR1 signal 13 | # that is triggered by inserting a Yubikey. Once it receives the signal, it executes 'ssh-add -K' 14 | # which when run without a terminal will use SSH_ASKPASS to prompt the user for the unlock 15 | # phrase for their YK FIDO setup. 16 | fidoAddDevice = pkgs.writeScriptBin "fido-add-device" '' 17 | #!${perl} 18 | 19 | use strict; 20 | use warnings; 21 | 22 | $ENV{'SSH_AUTH_SOCK'} = "$ENV{'XDG_RUNTIME_DIR'}/ssh-agent"; 23 | $ENV{'DISPLAY'} = `systemctl --user show-environment | ${awk} -F= '/^DISPLAY/ {print \$NF}'`; 24 | 25 | $SIG{USR1} = sub { system("${sshAdd}", "-K") }; 26 | 27 | while (1) { 28 | sleep; 29 | } 30 | ''; 31 | 32 | # fido-send-sig is called by a udev rule when a YK is attached. It sends SIGUSR1 to fido-add-device. 33 | fidoSendSig = pkgs.writeScriptBin "fido-send-sig" '' 34 | #! ${pkgs.runtimeShell} -e 35 | 36 | ${pKill} -USR1 -xf "${perl} ${fidoAddDevice}/bin/fido-add-device" 37 | ''; 38 | 39 | # my-ssh-askpass-wrapper wraps programs.ssh.askPassword in order to supply user-specific environment 40 | # variables. 41 | # TODO: replace this with makeWrapper 42 | askPassWrapper = pkgs.writeScript "my-ssh-askpass-wrapper" '' 43 | #! ${pkgs.runtimeShell} -e 44 | export DISPLAY="$(systemctl --user show-environment | ${awk} -F= '/^DISPLAY/ {print $NF}')" 45 | export SSH_AUTH_SOCK="$(echo $XDG_RUNTIME_DIR/ssh-agent)"; 46 | exec ${config.programs.ssh.askPassword} "$@" 47 | ''; 48 | in 49 | { 50 | options = { 51 | sshFidoAgent = { 52 | enable = lib.mkEnableOption "Add FIDO keys to ssh-agent when attached."; 53 | }; 54 | }; 55 | 56 | config = lib.mkIf config.sshFidoAgent.enable { 57 | environment.systemPackages = [ fidoAddDevice ]; 58 | systemd.user.services.sshfidoagent = { 59 | script = '' 60 | ${fidoAddDevice}/bin/fido-add-device 61 | ''; 62 | wantedBy = [ "graphical-session.target" ]; 63 | partOf = [ "graphical-session.target" ]; 64 | after = [ "graphical-session.target" ]; 65 | environment.DISPLAY = "fake"; 66 | environment.SSH_ASKPASS = askPassWrapper; 67 | #serviceConfig = { Restart = "on-failure"; }; 68 | }; 69 | services.udev.extraRules = '' 70 | SUBSYSTEM=="hidraw", ACTION=="add", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407|0402", RUN+="${fidoSendSig}/bin/fido-send-sig" 71 | ''; 72 | }; 73 | } 74 | -------------------------------------------------------------------------------- /modules/tsvnstat.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , inputs 5 | , ... 6 | }: 7 | with pkgs; let 8 | cfg = config.services.tsvnstat; 9 | inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat; 10 | in 11 | { 12 | options = with lib; { 13 | services.tsvnstat = { 14 | enable = mkEnableOption "Enable tsvnstat"; 15 | 16 | user = mkOption { 17 | type = with types; oneOf [ str int ]; 18 | default = "tsvnstat"; 19 | description = '' 20 | The user the service will use. 21 | ''; 22 | }; 23 | 24 | keyPath = mkOption { 25 | type = with types; oneOf [ path str ]; 26 | default = ""; 27 | description = '' 28 | Path to the TS API key file 29 | ''; 30 | }; 31 | 32 | nodeName = mkOption { 33 | type = types.str; 34 | default = "${config.networking.hostName}-stats"; 35 | description = '' 36 | The name of the TS node. 37 | ''; 38 | }; 39 | 40 | group = mkOption { 41 | type = with types; oneOf [ str int ]; 42 | default = "tsvnstat"; 43 | description = '' 44 | The user the service will use. 45 | ''; 46 | }; 47 | package = mkOption { 48 | type = types.package; 49 | default = tsvnstat; 50 | defaultText = literalExpression "pkgs.tsvnstat"; 51 | description = "The package to use for tsvnstat"; 52 | }; 53 | }; 54 | }; 55 | config = lib.mkIf cfg.enable { 56 | users.groups.${cfg.group} = { }; 57 | users.users.${cfg.user} = { 58 | description = "tsvnstat service user"; 59 | isSystemUser = true; 60 | home = "/var/lib/tsvnstat"; 61 | createHome = true; 62 | group = "${cfg.group}"; 63 | }; 64 | 65 | services.vnstat.enable = true; 66 | 67 | systemd.services.tsvnstat = { 68 | enable = true; 69 | description = "tsvnstat server"; 70 | wants = [ "network-online.target" ]; 71 | 72 | path = [ pkgs.vnstat ]; 73 | 74 | environment = { 75 | HOME = "/var/lib/tsvnstat"; 76 | HOSTNAME = config.networking.hostName; 77 | }; 78 | 79 | serviceConfig = { 80 | User = cfg.user; 81 | Group = cfg.group; 82 | 83 | RuntimeDirectory = "tsvnstat"; 84 | StateDirectory = "tsvnstat"; 85 | StateDirectoryMode = "0755"; 86 | CacheDirectory = "tsvnstat"; 87 | CacheDirectoryMode = "0755"; 88 | 89 | ExecStart = '' 90 | ${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"} 91 | ''; 92 | }; 93 | }; 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /modules/veilid-server.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | with pkgs; let 7 | cfg = config.services.veilid-server; 8 | in 9 | { 10 | options = with lib; { 11 | services.veilid-server = { 12 | enable = mkEnableOption "Enable velid-server"; 13 | user = mkOption { 14 | type = with types; oneOf [ str int ]; 15 | default = "veilid"; 16 | description = "The user veilid-server will run as."; 17 | }; 18 | 19 | group = mkOption { 20 | type = with types; oneOf [ str int ]; 21 | default = "veilid"; 22 | description = "The group veilid-server will run with."; 23 | }; 24 | 25 | dataDir = mkOption { 26 | type = types.path; 27 | default = "/var/lib/veilid"; 28 | description = "Path for veilid-server state directory."; 29 | }; 30 | 31 | package = mkOption { 32 | type = types.package; 33 | default = pkgs.veilid; 34 | }; 35 | 36 | openFirewall = mkOption { 37 | type = types.bool; 38 | default = false; 39 | description = "enable veilid-server in the firewall"; 40 | }; 41 | }; 42 | }; 43 | 44 | config = lib.mkIf cfg.enable { 45 | users.groups.${cfg.group} = { }; 46 | users.users.${cfg.user} = { 47 | inherit (cfg) group; 48 | description = "veilid-server user"; 49 | isSystemUser = true; 50 | home = cfg.dataDir; 51 | createHome = true; 52 | }; 53 | 54 | networking.firewall = lib.mkIf cfg.openFirewall { 55 | allowedTCPPorts = [ 5150 ]; 56 | allowedUDPPorts = [ 5150 ]; 57 | }; 58 | 59 | systemd.services.veilid-server = { 60 | enable = true; 61 | description = "veilid-server"; 62 | wants = [ "network-online.target" ]; 63 | 64 | environment = { 65 | HOME = cfg.dataDir; 66 | }; 67 | 68 | serviceConfig = { 69 | User = cfg.user; 70 | Group = cfg.group; 71 | 72 | RuntimeDirectory = "veilid"; 73 | StateDirectory = "veilid"; 74 | StateDirectoryMode = "0700"; 75 | CacheDirectory = "veilid"; 76 | 77 | ExecStart = "${cfg.package}/bin/veilid-server"; 78 | }; 79 | }; 80 | }; 81 | } 82 | -------------------------------------------------------------------------------- /modules/yarr.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | with pkgs; let 7 | cfg = config.services.yarr; 8 | yarr = callPackage ../pkgs/yarr.nix { }; 9 | in 10 | { 11 | options = with lib; { 12 | services.yarr = { 13 | enable = mkEnableOption "Enable yarr"; 14 | 15 | directory = mkOption { 16 | type = types.str; 17 | default = "/var/lib/yarr"; 18 | description = "Persistent directory to house database."; 19 | }; 20 | 21 | basePath = mkOption { 22 | type = types.str; 23 | default = ""; 24 | description = "Base path of the service URL."; 25 | }; 26 | 27 | authFilePath = mkOption { 28 | type = types.str; 29 | default = "/run/secrets/yarr_auth"; 30 | description = "Path to file containing authentication information."; 31 | }; 32 | 33 | address = mkOption { 34 | type = types.str; 35 | default = "127.0.0.1"; 36 | description = '' 37 | Address to run yarr on. 38 | ''; 39 | }; 40 | 41 | port = mkOption { 42 | type = types.int; 43 | default = 7070; 44 | description = "Port to listen on"; 45 | }; 46 | 47 | dbPath = mkOption { 48 | type = types.str; 49 | default = "${cfg.directory}/storage.db"; 50 | description = "Full path to the database file."; 51 | }; 52 | 53 | user = mkOption { 54 | type = with types; oneOf [ str int ]; 55 | default = "yarr"; 56 | description = '' 57 | The user the service will use. 58 | ''; 59 | }; 60 | 61 | group = mkOption { 62 | type = with types; oneOf [ str int ]; 63 | default = "yarr"; 64 | description = '' 65 | The user the service will use. 66 | ''; 67 | }; 68 | 69 | package = mkOption { 70 | type = types.package; 71 | default = yarr; 72 | defaultText = literalExpression "pkgs.yarr"; 73 | description = "The package to use for yarr"; 74 | }; 75 | }; 76 | }; 77 | 78 | config = lib.mkIf cfg.enable { 79 | users.groups.yarr = { }; 80 | users.users.yarr = { 81 | description = "Yarr service user"; 82 | isSystemUser = true; 83 | home = "${cfg.directory}"; 84 | createHome = true; 85 | group = "yarr"; 86 | }; 87 | 88 | systemd.services.yarr = { 89 | enable = true; 90 | description = "Yet Another Rss Reader server"; 91 | wantedBy = [ "multi-user.target" ]; 92 | after = [ "networking.service" ]; 93 | 94 | serviceConfig = { 95 | User = cfg.user; 96 | Group = cfg.group; 97 | 98 | ExecStart = "${cfg.package}/bin/yarr -addr ${cfg.address}:${ 99 | toString cfg.port 100 | } -db ${cfg.dbPath} -auth-file ${cfg.authFilePath}"; 101 | }; 102 | }; 103 | }; 104 | } 105 | -------------------------------------------------------------------------------- /monitoring/default.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , ... 4 | }: 5 | with lib; let 6 | cfg = config.services.xin-monitoring; 7 | inherit 8 | (builtins) 9 | readFile 10 | concatStringsSep 11 | attrValues 12 | mapAttrs 13 | replaceStrings 14 | ; 15 | 16 | nginxCfg = config.services.nginx; 17 | buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs 18 | (f: v: 19 | if v.fsType != "sshfs" 20 | then '' 21 | check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f} 22 | if space usage > 90% then alert 23 | if inode usage > 90% then alert 24 | '' 25 | else "") 26 | fsList))); 27 | buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs 28 | (f: v: '' 29 | check host ${f} with address ${f} 30 | if failed port 80 protocol http then alert 31 | ${ 32 | if v.enableACME 33 | then "if failed port 443 protocol https then alert" 34 | else "" 35 | } 36 | '') 37 | vhostList))); 38 | nginxChecks = 39 | if nginxCfg.enable 40 | then 41 | if config.networking.hostName == "h" 42 | then (buildNginxChecker nginxCfg.virtualHosts) 43 | else "" 44 | else ""; 45 | in 46 | { 47 | options = { 48 | services.xin-monitoring = { 49 | enable = mkOption { 50 | type = types.bool; 51 | default = true; 52 | description = "Enable Monitoring"; 53 | }; 54 | fs = mkOption { 55 | type = types.bool; 56 | default = true; 57 | description = '' 58 | Create monitoring entry points from `config.fileSystems`. 59 | ''; 60 | }; 61 | nginx = mkOption { 62 | type = types.bool; 63 | default = false; 64 | description = '' 65 | Create monitoring entry points from `services.nginx.virtualHosts`. 66 | ''; 67 | }; 68 | }; 69 | }; 70 | config = mkIf cfg.enable { 71 | sops.secrets = { 72 | monit_cfg = { 73 | sopsFile = config.xin-secrets.deploy; 74 | owner = "root"; 75 | mode = "400"; 76 | }; 77 | }; 78 | services.monit = { 79 | enable = true; 80 | config = concatStrings [ 81 | (readFile ./monitrc) 82 | (optionalString cfg.fs (buildFSChecker config.fileSystems)) 83 | (optionalString cfg.nginx nginxChecks) 84 | ]; 85 | }; 86 | }; 87 | } 88 | -------------------------------------------------------------------------------- /monitoring/monitrc: -------------------------------------------------------------------------------- 1 | set daemon 30 2 | set alert alert@bolddaemon.com 3 | set logfile /var/log/monit.log 4 | 5 | include /run/secrets/monit_cfg 6 | 7 | set mail-format { 8 | from: alerts@bolddaemon.com 9 | subject: $SERVICE @ $HOST $EVENT on $DATE 10 | message: $DESCRIPTION 11 | } 12 | 13 | 14 | -------------------------------------------------------------------------------- /overlays/1password-gui.nix: -------------------------------------------------------------------------------- 1 | let 2 | _1password-gui = _: super: { 3 | _1password-gui = super._1password-gui.overrideAttrs (_: rec { 4 | version = "8.10.7"; 5 | src = super.fetchurl { 6 | url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz"; 7 | sha256 = "sha256-5KMAzstoPmNgFejp21R8PcdrmUtkX3qxHYX3rV5JqyE="; 8 | }; 9 | }); 10 | }; 11 | in 12 | _1password-gui 13 | -------------------------------------------------------------------------------- /overlays/PLS.nix: -------------------------------------------------------------------------------- 1 | let 2 | perlPackages = _: super: { 3 | PLS = 4 | let 5 | FutureQueue = super.buildPerlModule { 6 | pname = "Future-Queue"; 7 | version = "0.51"; 8 | src = super.fetchurl { 9 | url = "mirror://cpan/authors/id/P/PE/PEVANS/Future-Queue-0.51.tar.gz"; 10 | hash = "sha256-HVAcOpot3/x8YPlvpmlp1AyykuCSBM9t7NHCuLUAPNY="; 11 | }; 12 | buildInputs = with super.perlPackages; [ Test2Suite ]; 13 | propagatedBuildInputs = with super.perlPackages; [ Future ]; 14 | meta = { 15 | description = "A FIFO queue of values that uses Ls"; 16 | license = with super.lib.licenses; [ artistic1 gpl1Plus ]; 17 | }; 18 | }; 19 | in 20 | super.PLS.overrideAttrs (_: { 21 | propagatedBuildInputs = with super.perlPackages; [ 22 | Future 23 | FutureQueue 24 | IOAsync 25 | PPI 26 | PPR 27 | PathTiny 28 | PerlCritic 29 | PerlTidy 30 | PodMarkdown 31 | URI 32 | ]; 33 | }); 34 | }; 35 | in 36 | perlPackages 37 | -------------------------------------------------------------------------------- /overlays/bruno.nix: -------------------------------------------------------------------------------- 1 | let 2 | bruno = _: super: { 3 | bruno = super.bruno.overrideAttrs (_: rec { 4 | version = "0.25.0"; 5 | src = super.fetchurl { 6 | url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb"; 7 | hash = "sha256-h7GBZaYKHwZnGNZGcVtyV0cJa8EgsulDsFIB3ggYGng="; 8 | }; 9 | }); 10 | }; 11 | in 12 | bruno 13 | -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | { isUnstable 2 | , ... 3 | }: 4 | { 5 | nixpkgs.overlays = [ 6 | (_: super: { 7 | smug = super.smug.overrideAttrs (_: rec { 8 | version = "0.3.3"; 9 | 10 | src = super.fetchFromGitHub { 11 | owner = "ivaaaan"; 12 | repo = "smug"; 13 | rev = "v${version}"; 14 | sha256 = "sha256-dQp9Ov8Si9DfziVtX3dXsJg+BNKYOoL9/WwdalQ5TVw="; 15 | }; 16 | }); 17 | }) 18 | ] ++ 19 | (if isUnstable 20 | then [ 21 | ] 22 | else [ 23 | ]); 24 | } 25 | -------------------------------------------------------------------------------- /overlays/dont_create_privsep_path.patch: -------------------------------------------------------------------------------- 1 | diff --git i/Makefile.in w/Makefile.in 2 | index 04e1c8e5..9bd5d01b 100644 3 | --- i/Makefile.in 4 | +++ w/Makefile.in 5 | @@ -329,7 +329,6 @@ install-files: 6 | $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 7 | $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 8 | $(MKDIR_P) $(DESTDIR)$(libexecdir) 9 | - $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) 10 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) 11 | $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) 12 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) 13 | -------------------------------------------------------------------------------- /overlays/elm-no-color.diff: -------------------------------------------------------------------------------- 1 | diff --git a/compiler/src/Reporting/Doc.hs b/compiler/src/Reporting/Doc.hs 2 | index 26c15517..95dbae4e 100644 3 | --- a/compiler/src/Reporting/Doc.hs 4 | +++ b/compiler/src/Reporting/Doc.hs 5 | @@ -404,7 +404,6 @@ encodeChunks (Style bold underline color) revChunks = 6 | E.object 7 | [ "bold" ==> E.bool bold 8 | , "underline" ==> E.bool underline 9 | - , "color" ==> maybe E.null encodeColor color 10 | , "string" ==> E.chars chars 11 | ] 12 | 13 | -------------------------------------------------------------------------------- /overlays/heisen-plumb-no-react.diff: -------------------------------------------------------------------------------- 1 | diff --git a/heisenbridge/plumbed_room.py b/heisenbridge/plumbed_room.py 2 | index 869e43e..c91b151 100644 3 | --- a/heisenbridge/plumbed_room.py 4 | +++ b/heisenbridge/plumbed_room.py 5 | @@ -46,7 +46,7 @@ def sanitize_irc_nick(nick): 6 | class PlumbedRoom(ChannelRoom): 7 | max_lines = 5 8 | use_pastebin = True 9 | - use_reacts = True 10 | + use_reacts = False 11 | use_displaynames = True 12 | use_disambiguation = True 13 | use_zwsp = False 14 | -------------------------------------------------------------------------------- /overlays/heisenbridge.nix: -------------------------------------------------------------------------------- 1 | let 2 | hash = "sha256-4K6Sffu/yKHkcoNENbgpci2dbJVAH3vVkogcw/IYpnw="; 3 | heisenbridge = _: super: { 4 | heisenbridge = super.heisenbridge.overrideAttrs (_: rec { 5 | version = "1.15.0"; 6 | pname = "heisenbridge"; 7 | 8 | src = super.fetchFromGitHub { 9 | owner = "hifi"; 10 | repo = pname; 11 | rev = "refs/tags/v${version}"; 12 | inherit hash; 13 | }; 14 | 15 | patches = [ 16 | ./heisen-plumb-no-react.diff 17 | ]; 18 | 19 | postPatch = '' 20 | echo "${version}" > heisenbridge/version.txt 21 | ''; 22 | }); 23 | }; 24 | in 25 | heisenbridge 26 | -------------------------------------------------------------------------------- /overlays/invidious.nix: -------------------------------------------------------------------------------- 1 | let 2 | invidious = _: super: { 3 | invidious = super.invidious.overrideAttrs (_: { 4 | patches = [ 5 | (super.fetchpatch { 6 | name = "use-android"; 7 | url = "https://patch-diff.githubusercontent.com/raw/iv-org/invidious/pull/4650.diff"; 8 | hash = "sha256-nI9T0p2i2uqB2qJgZXD1nhiBUNhpTvMPS/XNNWPWCBs="; 9 | }) 10 | ]; 11 | }); 12 | }; 13 | in 14 | invidious 15 | -------------------------------------------------------------------------------- /overlays/locale_archive.patch: -------------------------------------------------------------------------------- 1 | diff --git i/session.c w/session.c 2 | index 58826db1..658dd911 100644 3 | --- i/session.c 4 | +++ w/session.c 5 | @@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) 6 | if (getenv("TZ")) 7 | child_set_env(&env, &envsize, "TZ", getenv("TZ")); 8 | 9 | + /* NixOS path to the glibc locale archive, to be set in the systemd job */ 10 | + if (getenv("LOCALE_ARCHIVE")) 11 | + child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE")); 12 | + 13 | /* Set custom environment options from pubkey authentication. */ 14 | if (options.permit_user_env) { 15 | for (n = 0 ; n < auth_opts->nenv; n++) { 16 | -------------------------------------------------------------------------------- /overlays/nixd.nix: -------------------------------------------------------------------------------- 1 | let 2 | nixd = _: super: { 3 | nixd = super.nixd.overrideAttrs (_: rec { 4 | version = "1.1.0"; 5 | src = super.fetchFromGitHub { 6 | owner = "nix-community"; 7 | repo = "nixd"; 8 | rev = version; 9 | hash = "sha256-zeBVh9gPMR+1ETx0ujl+TUSoeHHR4fkQfxyOpCDKP9M="; 10 | }; 11 | nativeBuildInputs = with super.pkgs; [ 12 | meson 13 | ninja 14 | pkg-config 15 | bison 16 | flex 17 | ]; 18 | }); 19 | }; 20 | in 21 | nixd 22 | -------------------------------------------------------------------------------- /overlays/obsidian.nix: -------------------------------------------------------------------------------- 1 | let 2 | obsidian = _: super: { 3 | obsidian = super.obsidian.overrideAttrs (_: rec { 4 | version = "1.3.5"; 5 | filename = 6 | if super.stdenv.isDarwin 7 | then "Obsidian-${version}-universal.dmg" 8 | else "obsidian-${version}.tar.gz"; 9 | src = super.fetchurl { 10 | url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}"; 11 | sha256 = 12 | if super.stdenv.isDarwin 13 | then "sha256-bTIJwQqufzxq1/ZxR8rVYER82tl0pPMpKwDPr9Gz1Q4=" 14 | else "sha256-jhm6ziFaJnv4prPSfOnJ/EbIRTf9rnvzAJVxnVqmWE4="; 15 | }; 16 | }); 17 | }; 18 | in 19 | obsidian 20 | -------------------------------------------------------------------------------- /overlays/rex.nix: -------------------------------------------------------------------------------- 1 | let 2 | rex = _: super: { 3 | rex = super.rex.overrideAttrs (_: { 4 | postPatch = '' 5 | patchShebangs bin 6 | ''; 7 | }); 8 | }; 9 | in 10 | rex 11 | -------------------------------------------------------------------------------- /overlays/signal-desktop.nix: -------------------------------------------------------------------------------- 1 | let 2 | signal-desktop = _: super: { 3 | signal-desktop = super.signal-desktop.overrideAttrs (old: rec { 4 | version = "6.34.1"; 5 | src = super.fetchurl { 6 | url = "https://updates.signal.org/desktop/apt/pool/s/${old.pname}/${old.pname}_${version}_amd64.deb"; 7 | hash = "sha256-1kffRXPQmtxIsLZVOgPXDnxUmY59q+1umy25cditRhw="; 8 | }; 9 | }); 10 | }; 11 | in 12 | signal-desktop 13 | -------------------------------------------------------------------------------- /overlays/ssh-keysign-8.5.patch: -------------------------------------------------------------------------------- 1 | diff --git a/pathnames.h b/pathnames.h 2 | index cb44caa4..354fdf05 100644 3 | --- a/pathnames.h 4 | +++ b/pathnames.h 5 | @@ -124,7 +124,7 @@ 6 | 7 | /* Location of ssh-keysign for hostbased authentication */ 8 | #ifndef _PATH_SSH_KEY_SIGN 9 | -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" 10 | +#define _PATH_SSH_KEY_SIGN "ssh-keysign" 11 | #endif 12 | 13 | /* Location of ssh-pkcs11-helper to support keys in tokens */ 14 | --- a/sshconnect2.c 15 | +++ b/sshconnect2.c 16 | @@ -2021,7 +2021,7 @@ 17 | 18 | debug3_f("[child] pid=%ld, exec %s", 19 | (long)getpid(), _PATH_SSH_KEY_SIGN); 20 | - execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); 21 | + execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); 22 | fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN, 23 | strerror(errno)); 24 | } 25 | -------------------------------------------------------------------------------- /overlays/tailscale.nix: -------------------------------------------------------------------------------- 1 | let 2 | version = "1.52.0"; 3 | fetchArgs = { 4 | owner = "tailscale"; 5 | repo = "tailscale"; 6 | rev = "v${version}"; 7 | hash = "sha256-mvsDM1kOLP/1LbTzmojquEF8HGy6Kb2cqJu7EnxEHPU="; 8 | }; 9 | vendorHash = "sha256-WGZkpffwe4I8FewdBHXGaLbKQP/kHr7UF2lCXBTcNb4="; 10 | ldflags = [ 11 | "-X tailscale.com/version.longStamp=${version}" 12 | "-X tailscale.com/version.shortStamp=${version}" 13 | ]; 14 | 15 | #tailscale = _: super: { 16 | # tailscale = super.tailscale.overrideAttrs (_: { 17 | # src = super.fetchFromGitHub fetchArgs; 18 | # inherit vendorHash ldflags version; 19 | # }); 20 | #}; 21 | tailscale = _: super: { 22 | tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" { 23 | buildGoModule = args: 24 | super.buildGo121Module (args // { 25 | src = super.fetchFromGitHub fetchArgs; 26 | inherit vendorHash ldflags version; 27 | }); 28 | }; 29 | }; 30 | in 31 | tailscale 32 | -------------------------------------------------------------------------------- /overlays/tidal-hifi.nix: -------------------------------------------------------------------------------- 1 | let 2 | tidal-hifi = _: super: { 3 | tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec { 4 | version = "5.3.0"; 5 | 6 | src = super.fetchurl { 7 | url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb"; 8 | sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M="; 9 | }; 10 | }); 11 | }; 12 | in 13 | tidal-hifi 14 | -------------------------------------------------------------------------------- /pkgs/ble-serial.nix: -------------------------------------------------------------------------------- 1 | { buildPythonPackage 2 | , setuptools-scm 3 | , fetchFromGitHub 4 | , pyserial 5 | , coloredlogs 6 | , bleak 7 | , ... 8 | }: 9 | buildPythonPackage rec { 10 | pname = "ble-serial"; 11 | version = "2.8.0"; 12 | 13 | nativeBuildInputs = [ 14 | setuptools-scm 15 | ]; 16 | 17 | propagatedBuildInputs = [ 18 | pyserial 19 | coloredlogs 20 | bleak 21 | ]; 22 | 23 | buildInputs = [ setuptools-scm ]; 24 | 25 | src = fetchFromGitHub { 26 | owner = "jakeler"; 27 | repo = "ble-serial"; 28 | rev = "v${version}"; 29 | hash = "sha256-KQCnrloBrY7hRt2cFcWiFUg5GgrdbXbcTCNcIuVryZw="; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /pkgs/cachew.nix: -------------------------------------------------------------------------------- 1 | { buildPythonPackage 2 | , fetchFromGitHub 3 | , setuptools-scm 4 | , appdirs 5 | , sqlalchemy 6 | , orjson 7 | , pytz 8 | , ... 9 | }: 10 | buildPythonPackage rec { 11 | pname = "cachew"; 12 | version = "0.16.20240828"; 13 | 14 | nativeBuildInputs = [ setuptools-scm ]; 15 | 16 | pyproject = true; 17 | 18 | doCheck = true; 19 | 20 | propagatedBuildInputs = [ appdirs sqlalchemy orjson pytz ]; 21 | 22 | src = fetchFromGitHub { 23 | owner = "karlicoss"; 24 | repo = pname; 25 | rev = "250f648c4b9f27fb9dfc8961d8f261faddcf5cb0"; 26 | hash = "sha256-6UZQ6J3XSSFrrxON1/0J/zvOD0Pu5ufU13CBcTs+6vs="; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: { 2 | environment.systemPackages = [ 3 | #(callPackage ./cinny-desktop.nix { inherit isUnstable; }) 4 | #(callPackage ./mudita-center.nix { inherit isUnstable; }) 5 | #(callPackage ./govulncheck.nix { inherit isUnstable; }) 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /pkgs/emacs.nix: -------------------------------------------------------------------------------- 1 | { emacsWithPackagesFromUsePackage 2 | , pkgs 3 | , ... 4 | }: 5 | let 6 | emacsPkg = 7 | if (pkgs.system == "x86_64-linux") then 8 | pkgs.emacs-git-pgtk 9 | else 10 | pkgs.emacs; 11 | in 12 | emacsWithPackagesFromUsePackage { 13 | config = ../configs/emacs.org; 14 | 15 | alwaysEnsure = true; 16 | alwaysTangle = true; 17 | 18 | defaultInitFile = true; 19 | package = emacsPkg; 20 | 21 | override = epkgs: epkgs // { 22 | ollama = pkgs.callPackage ../pkgs/ollama-el.nix { 23 | inherit (pkgs) fetchFromGitHub; 24 | inherit (epkgs) trivialBuild; 25 | }; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /pkgs/flake-warn.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , substituteAll 4 | , jq 5 | , nix 6 | , coreutils 7 | , ... 8 | }: 9 | stdenv.mkDerivation rec { 10 | pname = "flake-warn"; 11 | version = "1.0.0"; 12 | 13 | buildCommand = '' 14 | install -Dm755 $script $out/bin/${pname} 15 | ''; 16 | 17 | script = substituteAll { 18 | src = ./flake-warn.sh; 19 | isExecutable = true; 20 | inherit jq nix coreutils; 21 | inherit (stdenv) shell; 22 | }; 23 | 24 | meta = { 25 | description = "script to warn when flake inputs are out of date"; 26 | homepage = "https://codeberg.org/qbit/xin"; 27 | license = lib.licenses.isc; 28 | maintainer = with lib.maintainers; [ qbit ]; 29 | mainProgram = "flake-warn"; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /pkgs/flake-warn.sh: -------------------------------------------------------------------------------- 1 | #!@shell@ -e 2 | 3 | BOLD=$(tput bold) 4 | NORMAL=$(tput sgr0) 5 | 6 | # TODO: Use the following for more accurate, to-the-input results: 7 | # nix flake metadata --json | jq -r '.locks.nodes[] | select(.original.repo == "nixpkgs" and .original.owner == "NixOS") | [ .original.ref, .locked.lastModified ] | join("^")' 8 | 9 | FLAKE_EPOCH=$(@nix@/bin/nix flake metadata --json | @jq@/bin/jq .lastModified) 10 | NOW_EPOCH=$(@coreutils@/bin/date +"%s") 11 | 12 | EPOCH_DIFF=$((NOW_EPOCH - FLAKE_EPOCH)) 13 | 14 | if [ $EPOCH_DIFF -gt $((60480 * 5)) ]; then 15 | echo 16 | echo "${BOLD}WARNING: inputs haven't been updated in $((EPOCH_DIFF / 86400)) days!${NORMAL}" 17 | echo 18 | fi 19 | -------------------------------------------------------------------------------- /pkgs/ghexport.nix: -------------------------------------------------------------------------------- 1 | { buildPythonPackage 2 | , setuptools-scm 3 | , fetchFromGitHub 4 | , PyGithub 5 | , pytz 6 | , ... 7 | }: 8 | buildPythonPackage rec { 9 | pname = "ghexport"; 10 | version = "20231020"; 11 | 12 | pyproject = true; 13 | 14 | nativeBuildInputs = [ setuptools-scm ]; 15 | propagatedBuildInputs = [ PyGithub pytz ]; 16 | 17 | doCheck = true; 18 | 19 | buildInputs = [ ]; 20 | 21 | preCheck = '' 22 | export HOME=$(mktemp -d) 23 | ''; 24 | 25 | SETUPTOOLS_SCM_PRETEND_VERSION = version; 26 | 27 | src = fetchFromGitHub { 28 | owner = "karlicoss"; 29 | repo = pname; 30 | rev = "03207b63da4a0f570700f373867ff67deb4f43d1"; 31 | hash = "sha256-QfYpi59q5uqOEAcxLC72972HMsgRlMngjuRULwRbmUc="; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /pkgs/gokrazy.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildGoModule 3 | , fetchFromGitHub 4 | , ... 5 | }: 6 | with lib; 7 | buildGoModule { 8 | pname = "gokrazy"; 9 | version = "2023-12-22"; 10 | 11 | src = fetchFromGitHub { 12 | owner = "gokrazy"; 13 | repo = "tools"; 14 | rev = "80a59f115332a41206487afc6038beaaed48ce70"; 15 | sha256 = "sha256-YOo2VhidMbc5Cmc3YHx4hb/vlbnXeyrWWGxuSJPdX/o="; 16 | }; 17 | 18 | vendorHash = "sha256-BJTEP9n9oJcW2m5UAeExg3ydi+k9w4e+XLmxj/wGAl0="; 19 | 20 | proxyVendor = true; 21 | 22 | doCheck = false; 23 | 24 | meta = { 25 | description = "CLI tools for gokrazy"; 26 | homepage = "https://github.com/gokrazy/tools"; 27 | license = licenses.bsd3; 28 | maintainers = with maintainers; [ qbit ]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /pkgs/google-takeout-parser.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , buildPythonPackage 3 | , fetchFromGitHub 4 | , setuptools-scm 5 | , beautifulsoup4 6 | , click 7 | , ipython 8 | , logzero 9 | , lxml 10 | , platformdirs 11 | , pytz 12 | }: 13 | let 14 | cachew = pkgs.python3Packages.callPackage ./cachew.nix { inherit pkgs; }; 15 | in 16 | buildPythonPackage rec { 17 | pname = "google_takeout_parser"; 18 | version = "0.0.20240508"; 19 | 20 | pyproject = true; 21 | 22 | src = fetchFromGitHub { 23 | owner = "seanbreckenridge"; 24 | repo = pname; 25 | rev = "9aea89ffeae29246c9c6e27a62dd9fad13b17abc"; 26 | hash = "sha256-ns3vBnsZVyUi2nnnE3cBZ7vzZQQ44gkfvglkMZGuud0="; 27 | }; 28 | 29 | SETUPTOOLS_SCM_PRETEND_VERSION = version; 30 | 31 | doCheck = true; 32 | 33 | nativeBuildInputs = [ 34 | setuptools-scm 35 | ]; 36 | 37 | propagatedBuildInputs = [ 38 | beautifulsoup4 39 | cachew 40 | click 41 | ipython 42 | logzero 43 | lxml 44 | platformdirs 45 | pytz 46 | ]; 47 | } 48 | -------------------------------------------------------------------------------- /pkgs/gosignify.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildGoModule 3 | , fetchFromGitHub 4 | , ... 5 | }: 6 | with lib; 7 | buildGoModule rec { 8 | pname = "gosignify"; 9 | version = "0.0.0-20210702013543-c91e79d30e91"; 10 | 11 | src = fetchFromGitHub { 12 | owner = "frankbraun"; 13 | repo = pname; 14 | rev = "c91e79d30e9115216a827222e07f44e9c4339ed2"; 15 | sha256 = "sha256-Ynmx6NUUQ5WEYFowuW/ELjV2ESOHqoOTVqdZ6CWt6LQ="; 16 | }; 17 | 18 | proxyVendor = false; 19 | 20 | vendorHash = null; 21 | 22 | meta = { 23 | description = "gosignify is a Go reimplementation of OpenBSD's signify"; 24 | homepage = "https://github.com/frankbraun/gosignify"; 25 | license = licenses.unlicense; 26 | maintainers = with maintainers; [ qbit ]; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /pkgs/gqrss.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildGoModule 3 | , fetchFromGitHub 4 | , ... 5 | }: 6 | let 7 | vendorHash = "sha256-1zBZREClt8jy0TUXJ1FuBEAJEPQoUcl4DZZ6U2LtRzg="; 8 | in 9 | with lib; 10 | buildGoModule rec { 11 | pname = "gqrss"; 12 | version = "1.0.0"; 13 | 14 | src = fetchFromGitHub { 15 | owner = "qbit"; 16 | repo = pname; 17 | rev = "v${version}"; 18 | sha256 = "sha256-1ZGjifDgqA9yk9l0YB4rLpcvwaq9lWxDgItJ7lCVj2I="; 19 | }; 20 | 21 | inherit vendorHash; 22 | 23 | proxyVendor = true; 24 | 25 | doCheck = false; 26 | 27 | meta = { 28 | description = "Simple github query tool"; 29 | homepage = "https://github.com/qbit/gqrss"; 30 | license = licenses.isc; 31 | maintainers = with maintainers; [ qbit ]; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /pkgs/hammerspoon.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , fetchurl 3 | , stdenv 4 | , unzip 5 | , ... 6 | }: 7 | stdenv.mkDerivation rec { 8 | pname = "hammerspoon"; 9 | version = "0.9.97"; 10 | 11 | src = fetchurl { 12 | name = "Hammerspoon-${version}.zip"; 13 | url = "https://github.com/Hammerspoon/hammerspoon/releases/download/${version}/Hammerspoon-${version}.zip"; 14 | hash = "sha256-7y7YZYmB+KMVdHZXLdic5JanXQl6vtaTmqmvkFa8UTM="; 15 | }; 16 | 17 | buildInputs = [ unzip ]; 18 | 19 | installPhase = '' 20 | mkdir -p $out/Applications 21 | cp -R ../*.app $out/Applications 22 | ''; 23 | 24 | meta = { 25 | description = "Staggeringly powerful macOS desktop automation with Lua"; 26 | homepage = "http://www.hammerspoon.org/"; 27 | license = lib.licenses.mit; 28 | platforms = lib.platforms.darwin; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /pkgs/hpi.nix: -------------------------------------------------------------------------------- 1 | { pkgs 2 | , buildPythonPackage 3 | , setuptools-scm 4 | , pytest 5 | , appdirs 6 | , click 7 | , decorator 8 | , geopy 9 | , logzero 10 | , lxml 11 | , more-itertools 12 | , hypothesis 13 | , mypy 14 | , orjson 15 | , pandas 16 | , pytz 17 | , simplejson 18 | , colorlog 19 | , ... 20 | }: 21 | with pkgs; let 22 | orgparse = pkgs.python3Packages.callPackage ./orgparse.nix { inherit pkgs; }; 23 | cachew = pkgs.python3Packages.callPackage ./cachew.nix { inherit pkgs; }; 24 | google_takeout_parser = pkgs.python3Packages.callPackage ./google-takeout-parser.nix { inherit pkgs; }; 25 | kobuddy = pkgs.python3Packages.callPackage ./kobuddy.nix { inherit pkgs; }; 26 | ghexport = pkgs.python3Packages.callPackage ./ghexport.nix { inherit pkgs; }; 27 | kompress = buildPythonPackage rec { 28 | pname = "kompress"; 29 | version = "0.1.20240829"; 30 | 31 | pyproject = true; 32 | 33 | nativeBuildInputs = [ setuptools-scm ]; 34 | 35 | src = fetchFromGitHub { 36 | owner = "karlicoss"; 37 | repo = pname; 38 | rev = "b4127543d8ca22988335d2640f905b8d939f85a1"; 39 | hash = "sha256-U7o5FG2FscAhbsYd/KS/vess/eJU/A2jH/WOve0anHo="; 40 | }; 41 | }; 42 | in 43 | buildPythonPackage rec { 44 | pname = "HPI"; 45 | version = "0.5.20240824"; 46 | 47 | pyproject = true; 48 | 49 | nativeBuildInputs = [ setuptools-scm ]; 50 | propagatedBuildInputs = [ 51 | appdirs 52 | click 53 | decorator 54 | geopy 55 | cachew 56 | hypothesis 57 | colorlog 58 | kompress 59 | kobuddy 60 | logzero 61 | lxml 62 | ghexport 63 | more-itertools 64 | google_takeout_parser 65 | mypy 66 | orgparse 67 | orjson 68 | pandas 69 | pytest 70 | pytz 71 | simplejson 72 | ]; 73 | 74 | doCheck = true; 75 | 76 | buildInputs = [ mypy kobuddy ]; 77 | 78 | makeWrapperArgs = [ 79 | # Add the installed directories to the python path so the daemon can find them 80 | "--prefix PYTHONPATH : ${python3.pkgs.makePythonPath propagatedBuildInputs}" 81 | "--prefix PYTHONPATH : $out/lib/${python3.libPrefix}/site-packages" 82 | ]; 83 | 84 | preCheck = '' 85 | export HOME=$(mktemp -d) 86 | ''; 87 | 88 | src = fetchFromGitHub { 89 | owner = "karlicoss"; 90 | repo = pname; 91 | rev = "d58453410c34d75715b71c041f7a58a4f0954436"; 92 | hash = "sha256-UMccXFUwcyQOQdJuR3f9OgjskUs99zR5HPZ5NjKdVRI="; 93 | }; 94 | } 95 | -------------------------------------------------------------------------------- /pkgs/icbirc.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , stdenv 3 | , fetchurl 4 | , pkgs 5 | , ... 6 | }: 7 | stdenv.mkDerivation rec { 8 | pname = "icbirc"; 9 | version = "2.1"; 10 | 11 | src = fetchurl { 12 | url = "http://www.benzedrine.ch/icbirc-${version}.tar.gz"; 13 | sha256 = "sha256-aDk0TZPABNqX7Gu12AWh234Kee/DhwRFeIBDYnFiu7E="; 14 | }; 15 | 16 | patches = [ ./icbirc.diff ]; 17 | 18 | buildInputs = with pkgs; [ libbsd bsdbuild bmake ]; 19 | 20 | meta = with lib; { 21 | description = "proxy IRC client with ICB server"; 22 | longDescription = '' 23 | icbirc is a proxy that allows to connect an IRC client to an ICB server. 24 | ''; 25 | homepage = "http://www.benzedrine.ch/icbirc.html"; 26 | license = licenses.bsd2; 27 | platforms = platforms.linux; 28 | maintainers = with maintainers; [ qbit ]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /pkgs/intiface-engine.nix: -------------------------------------------------------------------------------- 1 | { lib, rustPlatform, fetchFromGitHub, pkg-config, dbus, simpleDBus, openssl, libudev-zero }: 2 | rustPlatform.buildRustPackage rec { 3 | pname = "intiface-engine"; 4 | version = "3.0.2"; 5 | 6 | src = fetchFromGitHub { 7 | owner = "intiface"; 8 | repo = pname; 9 | rev = "v${version}"; 10 | hash = "sha256-8voURSl4l5AJrXNCLl9BXbUJNLvNphk7kosJVdgqhRI="; 11 | }; 12 | 13 | VERGEN_GIT_SHA_SHORT = "98df405"; 14 | VERGEN_BUILD_TIMESTAMP = "2024-09-08"; 15 | 16 | cargoHash = "sha256-Y0J2ZKa7MPaTbLrlsD6mdu6mrBIGKG6cXBj/a0Qeb3Q="; 17 | 18 | nativeBuildInputs = [ 19 | pkg-config 20 | ]; 21 | 22 | buildInputs = [ 23 | dbus 24 | simpleDBus 25 | openssl 26 | libudev-zero 27 | ]; 28 | 29 | meta = with lib; { 30 | description = "CLI and Library frontend for Buttplug"; 31 | homepage = "https://github.com/intiface/intiface-engine"; 32 | license = licenses.bsd3; 33 | maintainers = [ maintainers.qbit ]; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /pkgs/irken.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , mkTclDerivation 3 | , fetchFromGitHub 4 | , bwidget 5 | , libnotify 6 | , tclcurl 7 | , tcltls 8 | , tk 9 | }: 10 | 11 | mkTclDerivation { 12 | 13 | pname = "irken"; 14 | version = "2024-11-19"; 15 | 16 | src = fetchFromGitHub { 17 | owner = "dlowe-net"; 18 | repo = "irken"; 19 | rev = "2196a9c0d4549d43972fbc56ef38a06b2b569c4f"; 20 | hash = "sha256-vK7eoJDMh9D/+BJMyGaDAsQSC8ENgu4D9ZNV5d1zLr0="; 21 | }; 22 | 23 | buildInputs = [ 24 | bwidget 25 | libnotify 26 | tclcurl 27 | tcltls 28 | tk 29 | ]; 30 | 31 | installPhase = '' 32 | runHook preInstall 33 | mkdir -p $out/bin 34 | cp irken.tcl $out/bin/irken 35 | runHook postInstall 36 | ''; 37 | 38 | meta = with lib; { 39 | homepage = "https://github.com/dlowe-net/irken"; 40 | license = licenses.asl20; 41 | maintainers = with maintainers; [ qbit ]; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /pkgs/kobuddy.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , fetchFromGitHub 3 | , buildPythonPackage 4 | , fetchPypi 5 | , setuptools-scm 6 | , pytz 7 | , alembic 8 | , banal 9 | , sqlalchemy 10 | , ... 11 | }: 12 | let 13 | myDataset = buildPythonPackage rec { 14 | pname = "dataset"; 15 | version = "1.6.0"; 16 | format = "setuptools"; 17 | 18 | src = fetchFromGitHub { 19 | owner = "pudo"; 20 | repo = pname; 21 | rev = "0757b5010b600a66ed07fbb06a0e86c7bb0e09bc"; 22 | hash = "sha256-BfIGQvXKlsydV3p93/qLYtbVujTNWqWfMg16/aENHks="; 23 | }; 24 | 25 | patches = [ ./kobuddy.diff ]; 26 | 27 | propagatedBuildInputs = [ alembic banal sqlalchemy ]; 28 | 29 | # checks attempt to import nonexistent module 'test.test' and fail 30 | doCheck = false; 31 | 32 | pythonImportsCheck = [ "dataset" ]; 33 | 34 | meta = with lib; { 35 | description = "Toolkit for Python-based database access"; 36 | homepage = "https://dataset.readthedocs.io"; 37 | license = licenses.mit; 38 | maintainers = with maintainers; [ xfnw ]; 39 | }; 40 | }; 41 | in 42 | buildPythonPackage rec { 43 | pname = "kobuddy"; 44 | version = "0.2.20221023"; 45 | 46 | src = fetchPypi { 47 | inherit pname version; 48 | sha256 = "sha256-2Al1aDx9ymr0Pw+HC2S6mXkKvsDLhM1Oto+urr9i7BY="; 49 | }; 50 | 51 | doCheck = true; 52 | 53 | nativeBuildInputs = [ setuptools-scm ]; 54 | 55 | propagatedBuildInputs = [ myDataset pytz ]; 56 | 57 | meta = with lib; { 58 | homepage = "https://github.com/karlicoss/promnesia"; 59 | description = "Another piece of your extended mind"; 60 | license = licenses.mit; 61 | maintainers = with maintainers; [ qbit ]; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /pkgs/krunner-krha.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , fetchFromGitHub 3 | , python3 4 | , wrapGAppsHook 5 | , gobject-introspection 6 | }: 7 | let 8 | pythonEnv = python3.withPackages ( 9 | p: with p; [ 10 | dbus-python 11 | pygobject3 12 | requests 13 | ] 14 | ); 15 | in 16 | stdenv.mkDerivation { 17 | pname = "krunner-krha"; 18 | version = "1.0"; 19 | 20 | src = fetchFromGitHub { 21 | owner = "qbit"; 22 | repo = "krha"; 23 | rev = "8eec95fd64e44155aac6818d6a17d288da1ae030"; 24 | hash = "sha256-/QQZLQMsff6KwBv3UQiHaOQJw4DJdbrehj4YQ+5Mis4="; 25 | }; 26 | 27 | nativeBuildInputs = [ 28 | pythonEnv 29 | wrapGAppsHook 30 | gobject-introspection 31 | ]; 32 | 33 | installPhase = '' 34 | runHook preInstall 35 | 36 | patchShebangs krha.py 37 | 38 | 39 | echo "[D-BUS Service]" > krha.service 40 | echo "Name=dev.suah.krha" >> krha.service 41 | echo "EnvironmentFile=/run/secrets/krha_env_file" >> krha.service 42 | echo "Exec=$out/libexec/krha.py" >> krha.service 43 | 44 | install -D krha.service $out/share/dbus-1/services/dev.suah.krha.service 45 | install -m 0755 -D krha.py $out/libexec/krha.py 46 | install -D plasma-runner-krha.desktop $out/share/krunner/dbusplugins/plasma-runner-krha.desktop 47 | 48 | runHook postInstall 49 | ''; 50 | } 51 | -------------------------------------------------------------------------------- /pkgs/kurinto.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , stdenvNoCC 3 | , fetchzip 4 | , 5 | }: 6 | stdenvNoCC.mkDerivation rec { 7 | pname = "kurinto"; 8 | version = "2.197"; 9 | 10 | src = fetchzip { 11 | # Upstream re-rolled the same file name with changes so I am hosting on my site. 12 | #url = "https://www.kurinto.com/zip/Kurinto_v${version}_Full.zip"; 13 | url = "https://deftly.net/Kurinto_v${version}_Full.zip"; 14 | stripRoot = true; 15 | sha256 = "sha256-0tr2PyznTnipTVN6ydOxgvmCXj1WA7F696FtDmPBd+A="; 16 | }; 17 | 18 | installPhase = '' 19 | mkdir -p $out/share/fonts/truetype 20 | find . -name \*.ttf -exec cp {} $out/share/fonts/truetype/ \; 21 | ''; 22 | 23 | dontBuild = true; 24 | 25 | meta = with lib; { 26 | homepage = "https://www.kurinto.com/index.htm"; 27 | description = "a large collection of free fonts that include most of the characters in every human language"; 28 | license = licenses.ofl; 29 | maintainers = with maintainers; [ qbit ]; 30 | platforms = lib.platforms.all; 31 | hydraPlatform = [ ]; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /pkgs/lxst-deps.diff: -------------------------------------------------------------------------------- 1 | diff --git a/requirements.txt b/requirements.txt 2 | index b7fd8e6..fa3d934 100644 3 | --- a/requirements.txt 4 | +++ b/requirements.txt 5 | @@ -1,3 +1,5 @@ 6 | soundcard 7 | numpy 8 | -pycodec2 9 | \ No newline at end of file 10 | +pycodec2 11 | +pyogg 12 | +pydub 13 | diff --git a/setup.py b/setup.py 14 | index 5e377a3..b444bd4 100644 15 | --- a/setup.py 16 | +++ b/setup.py 17 | @@ -8,13 +8,9 @@ exec(open("LXST/_version.py", "r").read()) 18 | packages = setuptools.find_packages(exclude=[]) 19 | packages.append("LXST.Utilities") 20 | packages.append("LXST.Primitives.hardware") 21 | -packages.append("LXST.Codecs.libs.pydub") 22 | -packages.append("LXST.Codecs.libs.pyogg") 23 | 24 | package_data = { 25 | "": [ 26 | - "Codecs/libs/pyogg/libs/win_amd64/*", 27 | - "Codecs/libs/pyogg/libs/macos/*", 28 | "Sounds/*", 29 | ] 30 | } 31 | @@ -43,7 +39,9 @@ setuptools.setup( 32 | install_requires=["rns>=0.9.2", 33 | "soundcard", 34 | "numpy", 35 | + "pydub", 36 | + "pyogg", 37 | "pycodec2", 38 | "audioop-lts>=0.2.1;python_version>='3.13'"], 39 | python_requires=">=3.7", 40 | -) 41 | \ No newline at end of file 42 | +) 43 | -------------------------------------------------------------------------------- /pkgs/lxst-unvendor.diff: -------------------------------------------------------------------------------- 1 | diff --git a/LXST/Codecs/Codec.py b/LXST/Codecs/Codec.py 2 | index 911d7f5..9a41398 100644 3 | --- a/LXST/Codecs/Codec.py 4 | +++ b/LXST/Codecs/Codec.py 5 | @@ -1,5 +1,5 @@ 6 | import numpy as np 7 | -from .libs.pydub import AudioSegment 8 | +from pydub import AudioSegment 9 | 10 | TYPE_MAP_FACTOR = np.iinfo("int16").max 11 | 12 | @@ -59,4 +59,4 @@ def resample(input_samples, bitdepth, channels, input_rate, output_rate, normali 13 | output_samples = output_samples.reshape(output_samples.shape[0]//channels, channels) 14 | output_samples = output_samples.astype(np.float32) 15 | 16 | - return output_samples 17 | \ No newline at end of file 18 | + return output_samples 19 | diff --git a/LXST/Codecs/Opus.py b/LXST/Codecs/Opus.py 20 | index f85defc..38aadee 100644 21 | --- a/LXST/Codecs/Opus.py 22 | +++ b/LXST/Codecs/Opus.py 23 | @@ -4,7 +4,7 @@ import time 24 | import math 25 | import numpy as np 26 | from .Codec import Codec, CodecError, resample_bytes 27 | -from .libs.pyogg import OpusEncoder, OpusDecoder 28 | +from pyogg import OpusEncoder, OpusDecoder 29 | 30 | class Opus(Codec): 31 | FRAME_QUANTA_MS = 2.5 32 | @@ -176,4 +176,4 @@ class Opus(Codec): 33 | decoded_samples = np.frombuffer(decoded_frame_bytes, dtype="int16")/self.TYPE_MAP_FACTOR 34 | frame_samples = decoded_samples.reshape(len(decoded_samples)//self.channels, self.channels) 35 | 36 | - return frame_samples 37 | \ No newline at end of file 38 | + return frame_samples 39 | diff --git a/LXST/Sources.py b/LXST/Sources.py 40 | index 2fe6d2c..3f311e6 100644 41 | --- a/LXST/Sources.py 42 | +++ b/LXST/Sources.py 43 | @@ -7,7 +7,7 @@ import numpy as np 44 | from collections import deque 45 | from .Sinks import LocalSink 46 | from .Codecs import Codec, CodecError 47 | -from .Codecs.libs.pyogg import OpusFile 48 | +from pyogg import OpusFile 49 | 50 | RNS.loglevel = RNS.LOG_DEBUG 51 | 52 | @@ -323,4 +323,4 @@ class OpusFileSource(LocalSource): 53 | time.sleep(self.frame_time*0.1) 54 | 55 | class PacketSource(RemoteSource): 56 | - pass 57 | \ No newline at end of file 58 | + pass 59 | -------------------------------------------------------------------------------- /pkgs/ollama-el.nix: -------------------------------------------------------------------------------- 1 | { trivialBuild 2 | , fetchFromGitHub 3 | , ... 4 | }: 5 | trivialBuild { 6 | pname = "ollama"; 7 | version = "unstable-2023-08-28"; 8 | src = fetchFromGitHub { 9 | owner = "zweifisch"; 10 | repo = "ollama"; 11 | rev = "19e8babd6eceef37ca4bf9a58bc666d0e55b70c6"; 12 | hash = "sha256-u3+V7bLH/l2hcVoSdQYsQNKDpz4pwPFjAn1ED8vSk50="; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /pkgs/openssh/dont_create_privsep_path.patch: -------------------------------------------------------------------------------- 1 | diff --git i/Makefile.in w/Makefile.in 2 | index 04e1c8e5..9bd5d01b 100644 3 | --- i/Makefile.in 4 | +++ w/Makefile.in 5 | @@ -329,7 +329,6 @@ install-files: 6 | $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 7 | $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 8 | $(MKDIR_P) $(DESTDIR)$(libexecdir) 9 | - $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) 10 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) 11 | $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) 12 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) 13 | -------------------------------------------------------------------------------- /pkgs/openssh/locale_archive.patch: -------------------------------------------------------------------------------- 1 | diff --git i/session.c w/session.c 2 | index 58826db1..658dd911 100644 3 | --- i/session.c 4 | +++ w/session.c 5 | @@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) 6 | if (getenv("TZ")) 7 | child_set_env(&env, &envsize, "TZ", getenv("TZ")); 8 | 9 | + /* NixOS path to the glibc locale archive, to be set in the systemd job */ 10 | + if (getenv("LOCALE_ARCHIVE")) 11 | + child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE")); 12 | + 13 | /* Set custom environment options from pubkey authentication. */ 14 | if (options.permit_user_env) { 15 | for (n = 0 ; n < auth_opts->nenv; n++) { 16 | -------------------------------------------------------------------------------- /pkgs/openssh/ssh-keysign-8.5.patch: -------------------------------------------------------------------------------- 1 | diff --git a/pathnames.h b/pathnames.h 2 | index cb44caa4..354fdf05 100644 3 | --- a/pathnames.h 4 | +++ b/pathnames.h 5 | @@ -124,7 +124,7 @@ 6 | 7 | /* Location of ssh-keysign for hostbased authentication */ 8 | #ifndef _PATH_SSH_KEY_SIGN 9 | -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" 10 | +#define _PATH_SSH_KEY_SIGN "ssh-keysign" 11 | #endif 12 | 13 | /* Location of ssh-pkcs11-helper to support keys in tokens */ 14 | --- a/sshconnect2.c 15 | +++ b/sshconnect2.c 16 | @@ -2021,7 +2021,7 @@ 17 | 18 | debug3_f("[child] pid=%ld, exec %s", 19 | (long)getpid(), _PATH_SSH_KEY_SIGN); 20 | - execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); 21 | + execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); 22 | fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN, 23 | strerror(errno)); 24 | } 25 | -------------------------------------------------------------------------------- /pkgs/openssh/version.json: -------------------------------------------------------------------------------- 1 | { 2 | "owner": "openssh", 3 | "repo": "openssh-portable", 4 | "rev": "3e11478f585408888defa56fa47e8dc6567378d0", 5 | "hash": "sha256-mu+adC/dhZ/qFVguJexzFGGrEFa4X4MTsHz456Pqhek=", 6 | "version": "2025-05-23", 7 | "comment": "upstream: Ensure args to nh_update() fit within uint32, which it" 8 | } 9 | -------------------------------------------------------------------------------- /pkgs/orgparse.nix: -------------------------------------------------------------------------------- 1 | { buildPythonPackage 2 | , setuptools-scm 3 | , pytest 4 | , fetchFromGitHub 5 | , ... 6 | }: 7 | buildPythonPackage rec { 8 | pname = "orgparse"; 9 | version = "0.4.20231004"; 10 | 11 | pyproject = true; 12 | 13 | nativeBuildInputs = [ setuptools-scm ]; 14 | #propagatedBuildInputs = [ ]; 15 | 16 | nativeCheckInputs = [ pytest ]; 17 | 18 | doCheck = true; 19 | 20 | src = fetchFromGitHub { 21 | owner = "karlicoss"; 22 | repo = pname; 23 | rev = "da56aae64a6373ae8bab2dde9dc756f904f1d8f8"; 24 | sha256 = "sha256-Vx7WDL6svMtlhuxXBQsh9gcCZTnVD4RV8lz6ijK6qbw="; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /pkgs/precursorupdater.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildPythonPackage 3 | , fetchPypi 4 | , pyusb 5 | , progressbar2 6 | , requests 7 | , pycryptodome 8 | , ... 9 | }: 10 | buildPythonPackage rec { 11 | pname = "precursorupdater"; 12 | version = "0.1.5"; 13 | 14 | src = fetchPypi { 15 | inherit pname version; 16 | sha256 = "sha256-m2uqfwVH2ekmIPQAfS43CGXE20+v6W1tB9m8x2sYcK0="; 17 | }; 18 | 19 | propagatedBuildInputs = [ pyusb progressbar2 requests pycryptodome ]; 20 | 21 | doCheck = false; 22 | 23 | meta = with lib; { 24 | homepage = "https://github.com/betrusted-io/betrusted-wiki/wiki/Updating-Your-Device"; 25 | description = "script to automatically updates a Precursor device"; 26 | license = licenses.asl20; 27 | maintainers = with maintainers; [ qbit ]; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /pkgs/promnesia.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , beautifulsoup4 3 | , buildPythonPackage 4 | , fastapi 5 | , fetchFromGitHub 6 | , httptools 7 | , logzero 8 | , lxml 9 | , mistletoe 10 | , more-itertools 11 | , mypy 12 | , pkgs 13 | , python-dotenv 14 | , python-magic 15 | , pytz 16 | , setuptools 17 | , setuptools-scm 18 | , sqlitebrowser 19 | , starlette 20 | , tzlocal 21 | , urlextract 22 | , uvicorn 23 | , uvloop 24 | , watchfiles 25 | , websockets 26 | , ... 27 | }: 28 | with pkgs; let 29 | hpi = pkgs.python3Packages.callPackage ./hpi.nix { inherit pkgs; }; 30 | sqlcipher3 = 31 | pkgs.python3Packages.callPackage ./sqlcipher3.nix { inherit pkgs; }; 32 | cachew = pkgs.python3Packages.callPackage ./cachew.nix { inherit pkgs; }; 33 | google_takeout_parser = pkgs.python3Packages.callPackage ./google-takeout-parser.nix { inherit pkgs; }; 34 | in 35 | buildPythonPackage rec { 36 | pname = "promnesia"; 37 | version = "1.1.20240810"; 38 | 39 | pyproject = true; 40 | 41 | src = fetchFromGitHub { 42 | owner = "karlicoss"; 43 | repo = pname; 44 | rev = "61f1c47992881f85748c8a184f1e0946bf69bb21"; 45 | hash = "sha256-vBYH2xKIWDcaQ5ee6aZYCBEkFtvv+OnFirq0WeyXBrQ="; 46 | }; 47 | 48 | SETUPTOOLS_SCM_PRETEND_VERSION = version; 49 | 50 | doCheck = true; 51 | 52 | nativeBuildInputs = [ 53 | setuptools-scm 54 | ]; 55 | 56 | # Optional 57 | # bs4 lxml mistletoe logzero 58 | propagatedBuildInputs = [ 59 | beautifulsoup4 60 | cachew 61 | fastapi 62 | hpi 63 | google_takeout_parser 64 | python-magic 65 | httptools 66 | starlette 67 | logzero 68 | lxml 69 | mistletoe 70 | more-itertools 71 | mypy 72 | python-dotenv 73 | pytz 74 | setuptools 75 | sqlcipher3 76 | tzlocal 77 | urlextract 78 | uvicorn 79 | uvloop 80 | watchfiles 81 | websockets 82 | sqlitebrowser 83 | ]; 84 | 85 | makeWrapperArgs = [ 86 | # Add the installed directories to the python path so the daemon can find them 87 | "--prefix PYTHONPATH : ${python3.pkgs.makePythonPath propagatedBuildInputs}" 88 | "--prefix PYTHONPATH : $out/lib/${python3.libPrefix}/site-packages" 89 | ]; 90 | 91 | meta = with lib; { 92 | homepage = "https://github.com/karlicoss/promnesia"; 93 | description = "Another piece of your extended mind"; 94 | license = licenses.mit; 95 | maintainers = with maintainers; [ qbit ]; 96 | }; 97 | } 98 | -------------------------------------------------------------------------------- /pkgs/python-dotenv.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildPythonPackage 3 | , click 4 | , fetchPypi 5 | , ipython 6 | , mock 7 | , pytestCheckHook 8 | , pythonOlder 9 | , sh 10 | , 11 | }: 12 | buildPythonPackage rec { 13 | pname = "python-dotenv"; 14 | version = "0.21.0"; 15 | disabled = pythonOlder "3.5"; 16 | 17 | src = fetchPypi { 18 | inherit pname version; 19 | sha256 = "sha256-t30IJ0Y549NBRd+mxwCOZt8PBLe+enX9DVKSwZHXkEU="; 20 | }; 21 | 22 | propagatedBuildInputs = [ click ]; 23 | 24 | nativeCheckInputs = [ ipython mock pytestCheckHook sh ]; 25 | 26 | disabledTests = [ "cli" ]; 27 | 28 | pythonImportsCheck = [ "dotenv" ]; 29 | 30 | meta = with lib; { 31 | description = "Add .env support to your django/flask apps in development and deployments"; 32 | homepage = "https://github.com/theskumar/python-dotenv"; 33 | license = licenses.bsdOriginal; 34 | maintainers = with maintainers; [ erikarvstedt ]; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /pkgs/pywebscrapbook.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildPythonPackage 3 | , fetchFromGitHub 4 | , lxml 5 | , flask 6 | , werkzeug 7 | , jinja2 8 | , commonmark 9 | , setuptools 10 | , setuptools-scm 11 | , ... 12 | }: 13 | buildPythonPackage rec { 14 | pname = "PyWebScrapBook"; 15 | version = "2.2.0"; 16 | 17 | pyproject = true; 18 | 19 | src = fetchFromGitHub { 20 | owner = "danny0838"; 21 | repo = pname; 22 | rev = version; 23 | hash = "sha256-VqoYvAda1TwqwzdDc8SqAGGJcOomGEp1K6bhb9jY+k8="; 24 | }; 25 | 26 | SETUPTOOLS_SCM_PRETEND_VERSION = version; 27 | 28 | doCheck = true; 29 | 30 | nativeBuildInputs = [ 31 | setuptools-scm 32 | setuptools 33 | ]; 34 | 35 | propagatedBuildInputs = [ 36 | lxml 37 | flask 38 | werkzeug 39 | jinja2 40 | commonmark 41 | ]; 42 | 43 | 44 | meta = with lib; { 45 | homepage = "https://github.com/danny0838/PyWebScrapBook"; 46 | description = "webscrapbook"; 47 | license = licenses.mit; 48 | maintainers = with maintainers; [ qbit ]; 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /pkgs/rnsh.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildPythonPackage 3 | , fetchFromGitHub 4 | , rns 5 | , setuptools 6 | , setuptools-scm 7 | , poetry-core 8 | , ... 9 | }: 10 | 11 | buildPythonPackage rec { 12 | pname = "rnsh"; 13 | version = "0.1.5"; 14 | 15 | pyproject = true; 16 | 17 | src = fetchFromGitHub { 18 | owner = "acehoss"; 19 | repo = pname; 20 | rev = "release/v${version}"; 21 | hash = "sha256-Dog5InfCRCxqe9pXpCAPdqGbEz2SvNOGq4BvR8oM05o="; 22 | }; 23 | 24 | doCheck = true; 25 | 26 | nativeBuildInputs = [ 27 | setuptools-scm 28 | setuptools 29 | poetry-core 30 | ]; 31 | 32 | dependencies = [ 33 | rns 34 | ]; 35 | 36 | meta = with lib; { 37 | homepage = "https://github.com/acehoss/rnsh"; 38 | description = "rnsh"; 39 | mainProgram = "rnsh"; 40 | maintainers = with maintainers; [ qbit ]; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /pkgs/secretive.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , fetchurl 3 | , stdenv 4 | , unzip 5 | , ... 6 | }: 7 | stdenv.mkDerivation rec { 8 | pname = "secretive"; 9 | version = "2.3.1"; 10 | 11 | src = fetchurl { 12 | name = "Secretive-${version}.zip"; 13 | url = "https://github.com/maxgoedjen/secretive/releases/download/v${version}/Secretive.zip"; 14 | hash = "sha256-STpyNiiYtEgLqnDxFdlRW0Gyr0pQPK8AJ34rw4JLC70="; 15 | }; 16 | 17 | buildInputs = [ unzip ]; 18 | 19 | installPhase = '' 20 | mkdir -p $out/Applications 21 | cp -R ../*.app $out/Applications 22 | ''; 23 | 24 | meta = { 25 | description = "Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app."; 26 | homepage = "https://github.com/maxgoedjen/secretive"; 27 | license = lib.licenses.mit; 28 | platforms = lib.platforms.darwin; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /pkgs/setup-hook.sh: -------------------------------------------------------------------------------- 1 | addHarepath() { 2 | for haredir in third-party stdlib; do 3 | if [[ -d "$1/src/hare/$haredir" ]]; then 4 | addToSearchPath HAREPATH "$1/src/hare/$haredir" 5 | fi 6 | done 7 | } 8 | 9 | addEnvHooks "$hostOffset" addHarepath 10 | -------------------------------------------------------------------------------- /pkgs/sqlcipher3.nix: -------------------------------------------------------------------------------- 1 | { buildPythonPackage 2 | , setuptools-scm 3 | , sqlcipher 4 | , fetchFromGitHub 5 | , sqlite 6 | , ... 7 | }: 8 | buildPythonPackage rec { 9 | pname = "sqlcipher3"; 10 | version = "0.5.3"; 11 | 12 | nativeBuildInputs = [ setuptools-scm ]; 13 | propagatedBuildInputs = [ sqlcipher sqlite ]; 14 | 15 | doCheck = true; 16 | 17 | src = fetchFromGitHub { 18 | owner = "coleifer"; 19 | repo = "sqlcipher3"; 20 | rev = "0.5.3"; 21 | hash = "sha256-eRXwovBBzEKP7K97lDXeKXWwBTO6pW9FSzKx4TAD29U="; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /pkgs/ttfs.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , fetchgit 4 | , gnumake 5 | , pkg-config 6 | , SDL2 7 | , SDL2_ttf 8 | , 9 | }: 10 | stdenv.mkDerivation { 11 | pname = "ttfs"; 12 | version = "2023-03-27"; 13 | 14 | src = fetchgit { 15 | url = "https://git.sr.ht/~ft/ttfs"; 16 | rev = "c672c1919865fe26e2bd50ea31920117d0db6b09"; 17 | hash = "sha256-VHUlfgF8jzGmLO2gxuHFDoKqF92c4Tae7x+8KK1xnug="; 18 | }; 19 | 20 | buildInputs = [ gnumake ]; 21 | 22 | nativeBuildInputs = [ 23 | pkg-config 24 | SDL2 25 | SDL2_ttf 26 | ]; 27 | 28 | installPhase = '' 29 | mkdir -p $out/bin 30 | cp ttfs $out/bin 31 | ''; 32 | 33 | meta = { 34 | description = "TTF/OTF/BDF→Plan9Font converter"; 35 | homepage = "https://git.sr.ht/~ft/ttfs"; 36 | license = lib.licenses.publicDomain; 37 | maintainer = with lib.maintainers; [ qbit ]; 38 | mainProgram = "ttfs"; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /pkgs/watchmap.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildPythonPackage 3 | , fetchFromGitHub 4 | , matplotlib 5 | , folium 6 | , datetime 7 | , gpsbabel 8 | , ... 9 | }: 10 | buildPythonPackage { 11 | pname = "watchmap"; 12 | version = "2021-05-16"; 13 | 14 | pyproject = false; 15 | doBuild = false; 16 | 17 | propagatedBuildInputs = [ 18 | folium 19 | matplotlib 20 | datetime 21 | gpsbabel 22 | ]; 23 | 24 | src = fetchFromGitHub { 25 | owner = "bunnie"; 26 | repo = "watchmap"; 27 | hash = "sha256-WSFUVn3SB7WS8hiJxlZSWXLnx2K7gJAufYGmvvC5PBQ="; 28 | rev = "5bab6e5107554bc76a51ccd6b5190764a0633097"; 29 | }; 30 | 31 | installPhase = '' 32 | mkdir -p $out/bin 33 | cp plot.py $out/bin/watchmap 34 | ''; 35 | 36 | meta = with lib; { 37 | description = "Tool to convert Garmin .fit files to a web map"; 38 | homepage = "https://github.com/bunnie/watchmap/"; 39 | license = licenses.gpl3; 40 | maintainers = [ maintainers.qbit ]; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /pkgs/weepushover.nix: -------------------------------------------------------------------------------- 1 | { buildPythonPackage 2 | , lib 3 | , fetchurl 4 | , python 5 | , weechat 6 | , ... 7 | }: 8 | buildPythonPackage { 9 | pname = "weepushover"; 10 | version = "0.1"; 11 | 12 | src = fetchurl { 13 | url = "https://raw.githubusercontent.com/weechat/scripts/77a0c0bf2b0da64c33a50d8f8514d0467b0569e4/python/weepushover.py"; 14 | hash = "sha256-msOdNfYg88Wq00UJIRNu1OjKSUO0Kfq5rvLbIET2eo4="; 15 | }; 16 | 17 | propagatedBuildInputs = [ ]; 18 | 19 | dontUnpack = true; 20 | 21 | passthru.scripts = [ "weepushover.py" ]; 22 | 23 | dontBuild = true; 24 | doCheck = false; 25 | 26 | format = "other"; 27 | 28 | installPhase = '' 29 | runHook preInstall 30 | install -D $src $out/share/weepushover.py 31 | runHook postInstall 32 | ''; 33 | 34 | dontPatchShebangs = true; 35 | postFixup = '' 36 | addToSearchPath program_PYTHONPATH $out/${python.sitePackages} 37 | patchPythonScript $out/share/weepushover.py 38 | ''; 39 | 40 | meta = with lib; { 41 | inherit (weechat.meta) platforms; 42 | homepage = "https://github.com/adtac/weepushover"; 43 | description = "push notifications from weechat to pushover"; 44 | license = licenses.mit; 45 | maintainers = with maintainers; [ qbit ]; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /pkgs/yarr.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildGoModule 3 | , fetchFromGitHub 4 | , ... 5 | }: 6 | with lib; 7 | buildGoModule rec { 8 | pname = "yarr"; 9 | version = "2.5"; 10 | 11 | src = fetchFromGitHub { 12 | owner = "nkanaev"; 13 | repo = pname; 14 | rev = "v${version}"; 15 | sha256 = "sha256-yII0KV4AKIS1Tfhvj588O631JDArnr0/30rNynTSwzk="; 16 | }; 17 | 18 | vendorHash = null; 19 | 20 | ldflags = [ "-X main.Version=${version}" ]; 21 | 22 | tags = [ "sqlite_foreign_keys" "release" ]; 23 | 24 | proxyVendor = true; 25 | 26 | doCheck = false; 27 | 28 | meta = { 29 | description = "Yet Another RSS Reader"; 30 | homepage = "https://github.com/nkanaev/yarr"; 31 | license = licenses.mit; 32 | maintainers = with maintainers; [ qbit ]; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /pkgs/zutty.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , stdenv 3 | , fetchurl 4 | , pkgs 5 | , go-font 6 | , ... 7 | }: 8 | stdenv.mkDerivation rec { 9 | pname = "zutty"; 10 | version = "unstable-2024-01-10"; 11 | rev = "8453f9f251dfcc14e0ba2d819b5367cbc5c9c47e"; 12 | 13 | src = fetchurl { 14 | url = "https://git.hq.sig7.se/zutty.git/snapshot/${rev}.tar.gz"; 15 | hash = "sha256-iRAr1QEZj1UvKBHRJmhZkbEq/Uq0gEAMNTtCpx/nz5w="; 16 | }; 17 | 18 | patches = [ ./zutty_go.diff ]; 19 | 20 | nativeBuildInputs = with pkgs; [ 21 | gcc 22 | pkg-config 23 | python3 24 | wafHook 25 | xorg.libXmu 26 | libGL 27 | ]; 28 | 29 | buildInputs = with pkgs; [ freetype fontconfig ]; 30 | 31 | prePatch = '' 32 | substituteInPlace src/options.h \ 33 | --replace "/usr/share/fonts" "${go-font}/share/fonts" 34 | ''; 35 | 36 | postInstall = '' 37 | mkdir -p $out/share/applications/ 38 | for size in 16 32 48 64 96 128; do 39 | mkdir -p $out/share/icons/hicolor/''${size}x''${size}/apps/ 40 | cp icons/zutty_''${size}x''${size}.png \ 41 | $out/share/icons/hicolor/''${size}x''${size}/apps/zutty.png 42 | done 43 | cp icons/zutty.desktop $out/share/applications/ 44 | ''; 45 | 46 | meta = with lib; { 47 | description = "X terminal emulator rendering through OpenGL ES Compute Shaders"; 48 | longDescription = '' 49 | Zutty is a terminal emulator for the X Window System, functionally 50 | similar to several other X terminal emulators such as xterm, rxvt and 51 | countless others. It is also similar to other, much more modern, 52 | GPU-accelerated terminal emulators such as Alacritty and Kitty. What 53 | really sets Zutty apart is its radically simple, yet extremely 54 | efficient rendering implementation, coupled with a sufficiently 55 | complete feature set to make it useful for a wide range of users. 56 | ''; 57 | homepage = "https://tomscii.sig7.se/zutty/"; 58 | license = licenses.gpl3; 59 | platforms = platforms.linux; 60 | maintainers = with maintainers; [ qbit ]; 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /pkgs/zutty_go.diff: -------------------------------------------------------------------------------- 1 | diff --git a/src/options.h b/src/options.h 2 | index 7bac116..67b2e1d 100644 3 | --- a/src/options.h 4 | +++ b/src/options.h 5 | @@ -52,15 +52,15 @@ namespace zutty 6 | // option parseType implValue hardDefault helpDescr 7 | {"altScroll", NoArg, "true", "false", "Alternate scroll mode"}, 8 | {"autoCopy", NoArg, "true", "false", "Sync primary to clipboard"}, 9 | - {"bg", SepArg, nullptr, "#000", "Background color"}, 10 | + {"bg", SepArg, nullptr, "#ffffea", "Background color"}, 11 | {"boldColors", NoArg, "true", "true", "Enable bright for bold"}, 12 | {"border", SepArg, nullptr, "2", "Border width in pixels"}, 13 | {"cr", SepArg, nullptr, nullptr, "Cursor color"}, 14 | {"display", SepArg, nullptr, nullptr, "Display to connect to"}, 15 | {"dwfont", SepArg, nullptr, "18x18ja", "Double-width font to use"}, 16 | - {"fg", SepArg, nullptr, "#fff", "Foreground color"}, 17 | - {"font", SepArg, nullptr, "9x18", "Font to use"}, 18 | - {"fontsize", SepArg, nullptr, "16", "Font size"}, 19 | + {"fg", SepArg, nullptr, "#000", "Foreground color"}, 20 | + {"font", SepArg, nullptr, "go-mono", "Font to use"}, 21 | + {"fontsize", SepArg, nullptr, "13", "Font size"}, 22 | {"fontpath", SepArg, nullptr, fontpath, "Font search path"}, 23 | {"geometry", SepArg, nullptr, "80x24", "Terminal size in chars"}, 24 | {"glinfo", NoArg, "true", "false", "Print OpenGL information"}, 25 | -------------------------------------------------------------------------------- /pull_requests/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qbit/xin/aa0e5ee85559af889cc57cc26198dfdfa799cf30/pull_requests/.keep -------------------------------------------------------------------------------- /pull_requests/399692.json: -------------------------------------------------------------------------------- 1 | { 2 | "branches": [], 3 | "error": "", 4 | "pull_request": 399692, 5 | "release": "stable", 6 | "searches": [ 7 | { 8 | "epoch": 1744997485.73502, 9 | "pull_request": 399692, 10 | "title": "nixos/restic-rest-server Fixed htpasswd-path when null." 11 | } 12 | ], 13 | "status": "open", 14 | "status_info": {}, 15 | "title": "nixos/restic-rest-server Fixed htpasswd-path when null." 16 | } 17 | -------------------------------------------------------------------------------- /services/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: with lib; { imports = [ ./config-manager.nix ]; } 2 | -------------------------------------------------------------------------------- /statix.toml: -------------------------------------------------------------------------------- 1 | disabled = [ 2 | "empty_pattern" 3 | ] 4 | -------------------------------------------------------------------------------- /templates/ada/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/ada/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/ada/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/ada/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | packages = forAllSystems (system: 18 | let 19 | pkgs = nixpkgsFor.${system}; 20 | in 21 | { 22 | thing = pkgs.stdenv.mkDerivation { 23 | pname = "thing"; 24 | version = "v0.0.0"; 25 | src = ./.; 26 | buildInputs = with pkgs; [ gnat gprbuild ]; 27 | 28 | buildPhase = '' 29 | gprbuild thing 30 | ''; 31 | 32 | installPhase = '' 33 | mkdir -p $out/bin 34 | mv thing $out/bin 35 | ''; 36 | }; 37 | }); 38 | 39 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 40 | devShells = forAllSystems (system: 41 | let 42 | pkgs = nixpkgsFor.${system}; 43 | in 44 | { 45 | default = pkgs.mkShell { 46 | shellHook = '' 47 | PS1='\u@\h:\@; ' 48 | nix run github:qbit/xin#flake-warn 49 | echo "Ada `${pkgs.gnat}/bin/gnatmake --version`" 50 | ''; 51 | nativeBuildInputs = with pkgs; [ gnat gprbuild ]; 52 | }; 53 | }); 54 | }; 55 | } 56 | -------------------------------------------------------------------------------- /templates/ada/thing.adb: -------------------------------------------------------------------------------- 1 | with Ada.Text_IO; use Ada.Text_IO; 2 | 3 | procedure Thing is 4 | begin 5 | Put_Line ("Hi Thing!"); 6 | end Thing; 7 | -------------------------------------------------------------------------------- /templates/fyne/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/fyne/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/fyne/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/fyne/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | overlay = _: prev: { inherit (self.packages.${prev.system}) thing; }; 18 | 19 | packages = forAllSystems (system: 20 | let 21 | pkgs = nixpkgsFor.${system}; 22 | in 23 | { 24 | thing = pkgs.buildGoModule rec { 25 | pname = "thing"; 26 | version = "v0.0.0"; 27 | src = ./.; 28 | 29 | vendorHash = pkgs.lib.fakeSha256; 30 | proxyVendor = true; 31 | 32 | nativeBuildInputs = with pkgs; [ pkg-config ]; 33 | buildInputs = with pkgs; [ 34 | fyne 35 | git 36 | glfw 37 | libGL 38 | libGLU 39 | openssh 40 | pkg-config 41 | xorg.libXcursor 42 | xorg.libXi 43 | xorg.libXinerama 44 | xorg.libXrandr 45 | xorg.libXxf86vm 46 | xorg.xinput 47 | ]; 48 | 49 | buildPhase = '' 50 | ${fyne}/bin/fyne package 51 | ''; 52 | 53 | installPhase = '' 54 | mkdir -p $out 55 | pkg="$PWD/${pname}.tar.xz" 56 | cd $out 57 | tar --strip-components=1 -xvf $pkg 58 | ''; 59 | }; 60 | }); 61 | 62 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 63 | devShells = forAllSystems (system: 64 | let 65 | pkgs = nixpkgsFor.${system}; 66 | in 67 | { 68 | default = pkgs.mkShell { 69 | shellHook = '' 70 | PS1='\u@\h:\@; ' 71 | nix run github:qbit/xin#flake-warn 72 | echo "Go `${pkgs.go}/bin/go version`" 73 | ''; 74 | buildInputs = with pkgs; [ 75 | fyne 76 | git 77 | go_1_20 78 | gopls 79 | go-tools 80 | 81 | glfw 82 | pkg-config 83 | xorg.libXcursor 84 | xorg.libXi 85 | xorg.libXinerama 86 | xorg.libXrandr 87 | xorg.libXxf86vm 88 | xorg.xinput 89 | ]; 90 | }; 91 | }); 92 | }; 93 | } 94 | -------------------------------------------------------------------------------- /templates/go-fyne-shell/.envrc: -------------------------------------------------------------------------------- 1 | use nix 2 | -------------------------------------------------------------------------------- /templates/go-fyne-shell/shell.nix: -------------------------------------------------------------------------------- 1 | { pkgs ? import { } }: 2 | pkgs.mkShell { 3 | shellHook = '' 4 | export NO_COLOR=true 5 | export PS1="\u@\h:\w; " 6 | ''; 7 | 8 | nativeBuildInputs = with pkgs.buildPackages; [ 9 | alsa-lib 10 | glfw 11 | go 12 | libxkbcommon 13 | pkg-config 14 | wayland 15 | xorg.libXcursor 16 | xorg.libXi 17 | xorg.libXinerama 18 | xorg.libXrandr 19 | xorg.libXxf86vm 20 | xorg.xinput 21 | ]; 22 | } 23 | -------------------------------------------------------------------------------- /templates/go-fyne/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/go-fyne/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/go-fyne/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/go-fyne/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | overlay = _: prev: { inherit (self.packages.${prev.system}) thing; }; 18 | 19 | packages = forAllSystems (system: 20 | let 21 | pkgs = nixpkgsFor.${system}; 22 | in 23 | { 24 | thing = with pkgs; pkgs.buildGoModule { 25 | pname = "thing"; 26 | version = "v0.0.0"; 27 | src = ./.; 28 | 29 | vendorHash = pkgs.lib.fakeSha256; 30 | 31 | nativeBuildInputs = [ pkg-config copyDesktopItems ]; 32 | buildInputs = [ 33 | glfw 34 | libGL 35 | libGLU 36 | openssh 37 | pkg-config 38 | glibc 39 | xorg.libXcursor 40 | xorg.libXi 41 | xorg.libXinerama 42 | xorg.libXrandr 43 | xorg.libXxf86vm 44 | xorg.xinput 45 | ]; 46 | 47 | desktopItems = [ 48 | (makeDesktopItem { 49 | name = "traygent"; 50 | exec = pname; 51 | icon = pname; 52 | desktopName = pname; 53 | }) 54 | ]; 55 | }; 56 | }); 57 | 58 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 59 | devShells = forAllSystems (system: 60 | let 61 | pkgs = nixpkgsFor.${system}; 62 | in 63 | { 64 | default = pkgs.mkShell { 65 | shellHook = '' 66 | PS1='\u@\h:\@; ' 67 | nix run github:qbit/xin#flake-warn 68 | echo "Go `${pkgs.go}/bin/go version`" 69 | ''; 70 | buildInputs = with pkgs; [ 71 | git 72 | go_1_21 73 | gopls 74 | go-tools 75 | glxinfo 76 | 77 | glfw 78 | glibc 79 | pkg-config 80 | xorg.libXcursor 81 | xorg.libXi 82 | xorg.libXinerama 83 | xorg.libXrandr 84 | xorg.libXxf86vm 85 | xorg.xinput 86 | graphviz 87 | 88 | go-font 89 | ]; 90 | }; 91 | }); 92 | }; 93 | } 94 | -------------------------------------------------------------------------------- /templates/go/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/go/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/go/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/go/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | overlay = _: prev: { inherit (self.packages.${prev.system}) thing; }; 18 | 19 | packages = forAllSystems (system: 20 | let 21 | pkgs = nixpkgsFor.${system}; 22 | in 23 | { 24 | thing = pkgs.buildGoModule { 25 | pname = "thing"; 26 | version = "v0.0.0"; 27 | src = ./.; 28 | 29 | vendorHash = pkgs.lib.fakeSha256; 30 | }; 31 | }); 32 | 33 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 34 | devShells = forAllSystems (system: 35 | let 36 | pkgs = nixpkgsFor.${system}; 37 | in 38 | { 39 | default = pkgs.mkShell { 40 | shellHook = '' 41 | PS1='\u@\h:\@; ' 42 | nix run github:qbit/xin#flake-warn 43 | echo "Go `${pkgs.go}/bin/go version`" 44 | ''; 45 | nativeBuildInputs = with pkgs; [ git go gopls go-tools ]; 46 | }; 47 | }); 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /templates/mojo/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/mojo/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/mojo/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/mojo/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | packages = forAllSystems (system: 18 | let 19 | pkgs = nixpkgsFor.${system}; 20 | in 21 | { 22 | thing = pkgs.stdenv.mkDerivation { 23 | pname = "thing"; 24 | version = "v0.0.0"; 25 | src = ./.; 26 | buildInputs = with pkgs.perlPackages; [ PerlTidy perl ]; 27 | nativeBuildInputs = with pkgs.perlPackages; [ 28 | perl 29 | Mojolicious 30 | MojoSQLite 31 | ]; 32 | 33 | installPhase = '' 34 | mkdir -p $out/bin 35 | install -t $out/bin thing.pl 36 | ''; 37 | }; 38 | }); 39 | 40 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 41 | devShells = forAllSystems (system: 42 | let 43 | pkgs = nixpkgsFor.${system}; 44 | in 45 | { 46 | default = pkgs.mkShell { 47 | shellHook = '' 48 | PS1='\u@\h:\@; ' 49 | nix run github:qbit/xin#flake-warn 50 | echo "Perl `${pkgs.perl}/bin/perl --version`" 51 | ''; 52 | buildInputs = with pkgs.perlPackages; [ PerlTidy ]; 53 | nativeBuildInputs = with pkgs.perlPackages; [ 54 | perl 55 | Mojolicious 56 | MojoSQLite 57 | ]; 58 | }; 59 | }); 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /templates/mojo/thing.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | 3 | use strict; 4 | use warnings; 5 | 6 | use 5.10.0; 7 | 8 | use Mojolicious::Lite -signatures; 9 | 10 | get '/' => sub ($c) { 11 | $c->render( text => 'Hello Thing!' ); 12 | }; 13 | 14 | app->start; 15 | -------------------------------------------------------------------------------- /templates/ocaml/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/ocaml/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/ocaml/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/ocaml/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | packages = forAllSystems (system: 18 | let 19 | pkgs = nixpkgsFor.${system}; 20 | in 21 | { 22 | thing = pkgs.stdenv.mkDerivation { 23 | pname = "thing"; 24 | version = "v0.0.0"; 25 | src = ./.; 26 | buildInputs = with pkgs; 27 | [ ocaml opam ocamlformat pkg-config ] 28 | ++ (with pkgs.ocamlPackages; [ dune_3 odoc ]); 29 | 30 | buildPhase = '' 31 | ocamlc -o thing thing.ml 32 | ''; 33 | 34 | installPhase = '' 35 | mkdir -p $out/bin 36 | mv thing $out/bin 37 | ''; 38 | }; 39 | }); 40 | 41 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 42 | devShells = forAllSystems (system: 43 | let 44 | pkgs = nixpkgsFor.${system}; 45 | in 46 | { 47 | default = pkgs.mkShell { 48 | shellHook = '' 49 | PS1='\u@\h:\@; ' 50 | nix run github:qbit/xin#flake-warn 51 | echo "OCaml `${pkgs.ocaml}/bin/ocaml --version`" 52 | ''; 53 | nativeBuildInputs = with pkgs; 54 | [ ocaml opam ocamlformat pkg-config ] 55 | ++ (with pkgs.ocamlPackages; [ dune_3 odoc ]); 56 | }; 57 | }); 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /templates/ocaml/thing.ml: -------------------------------------------------------------------------------- 1 | print_string "hello thing!\n";; 2 | 3 | -------------------------------------------------------------------------------- /templates/perl/.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /templates/perl/.gitignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | *.bak 3 | result 4 | tags 5 | -------------------------------------------------------------------------------- /templates/perl/LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Aaron Bieber 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | -------------------------------------------------------------------------------- /templates/perl/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "thing: stuff and things"; 3 | 4 | inputs.nixpkgs.url = "nixpkgs/nixos-24.11"; 5 | 6 | outputs = 7 | { self 8 | , nixpkgs 9 | , 10 | }: 11 | let 12 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 13 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 14 | nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); 15 | in 16 | { 17 | packages = forAllSystems (system: 18 | let 19 | pkgs = nixpkgsFor.${system}; 20 | in 21 | { 22 | thing = pkgs.stdenv.mkDerivation { 23 | pname = "thing"; 24 | version = "v0.0.0"; 25 | src = ./.; 26 | buildInputs = with pkgs.perlPackages; [ PerlTidy ]; 27 | nativeBuildInputs = with pkgs.perlPackages; [ perl ]; 28 | 29 | installPhase = '' 30 | mkdir -p $out/bin 31 | install -t $out/bin thing.pl 32 | ''; 33 | }; 34 | }); 35 | 36 | defaultPackage = forAllSystems (system: self.packages.${system}.thing); 37 | devShells = forAllSystems (system: 38 | let 39 | pkgs = nixpkgsFor.${system}; 40 | in 41 | { 42 | default = pkgs.mkShell { 43 | shellHook = '' 44 | PS1='\u@\h:\@; ' 45 | nix run github:qbit/xin#flake-warn 46 | echo "Perl `${pkgs.perl}/bin/perl --version`" 47 | ''; 48 | buildInputs = with pkgs.perlPackages; [ PerlTidy ]; 49 | nativeBuildInputs = with pkgs.perlPackages; [ perl ]; 50 | }; 51 | }); 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /templates/perl/thing.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | 3 | use strict; 4 | use warnings; 5 | 6 | use 5.10.0; 7 | 8 | say 'hi thing!'; 9 | -------------------------------------------------------------------------------- /templates/shell/.envrc: -------------------------------------------------------------------------------- 1 | use_nix 2 | -------------------------------------------------------------------------------- /templates/shell/shell.nix: -------------------------------------------------------------------------------- 1 | { pkgs ? import { } }: 2 | pkgs.mkShell { 3 | shellHook = '' 4 | PS1='\u@\h:\w; ' 5 | ''; 6 | buildInputs = with pkgs; [ 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /treefmt.toml: -------------------------------------------------------------------------------- 1 | [formatter.statix] 2 | #command = "statix" 3 | #options = ["check"] 4 | command = "sh" 5 | options = ["-euc", "for file in \"$@\"; do statix check \"$file\"; done"] 6 | includes = [ "*.nix" ] 7 | priority = 1 8 | 9 | [formatter.deadnix] 10 | command = "deadnix" 11 | options = ["-f"] 12 | includes = [ "*.nix" ] 13 | priority = 2 14 | 15 | [formatter.nix] 16 | command = "nix" 17 | options = ["fmt"] 18 | includes = ["*.nix"] 19 | priority = 3 20 | 21 | [formatter.shfmt] 22 | command = "shfmt" 23 | options = ["-w"] 24 | includes = ["*.sh", "bin/*"] 25 | priority = 1 26 | 27 | [formatter.perltidy] 28 | command = "perltidy" 29 | options = ["-b"] 30 | includes = ["*.pl", "*.PL"] 31 | priority = 1 -------------------------------------------------------------------------------- /users/default.nix: -------------------------------------------------------------------------------- 1 | { config 2 | , lib 3 | , pkgs 4 | , ... 5 | }: 6 | with lib; let 7 | userBase = { 8 | shell = pkgs.zsh; 9 | openssh.authorizedKeys.keys = 10 | config.myconf.hwPubKeys 11 | ++ config.myconf.managementPubKeys; 12 | }; 13 | in 14 | { 15 | options = { 16 | defaultUsers = { 17 | enable = mkOption { 18 | description = "Enable regular set of users"; 19 | default = if (builtins.hasAttr "${config.networking.hostName}" config.xin-secrets) then true else false; 20 | example = true; 21 | type = lib.types.bool; 22 | }; 23 | }; 24 | }; 25 | 26 | config = 27 | let 28 | inherit (config.networking) hostName; 29 | hasQbit = 30 | if (builtins.hasAttr hostName config.xin-secrets) && 31 | (builtins.hasAttr "qbit" config.xin-secrets.${hostName}.user_passwords) then true else false; 32 | in 33 | mkIf config.defaultUsers.enable { 34 | sops = 35 | let 36 | secretAttrs = config.xin-secrets.${hostName}.user_passwords; 37 | in 38 | { 39 | age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; 40 | secrets = mkMerge [ 41 | { 42 | root_hash = 43 | { 44 | name = "hash"; 45 | sopsFile = secretAttrs.root; 46 | owner = "root"; 47 | mode = "400"; 48 | neededForUsers = true; 49 | }; 50 | } 51 | (mkIf hasQbit { 52 | qbit_hash = { 53 | sopsFile = secretAttrs.qbit; 54 | owner = "root"; 55 | mode = "400"; 56 | neededForUsers = true; 57 | }; 58 | }) 59 | ]; 60 | }; 61 | users = { 62 | mutableUsers = false; 63 | users = mkMerge [ 64 | { 65 | root = userBase // { 66 | hashedPasswordFile = config.sops.secrets.root_hash.path; 67 | }; 68 | } 69 | (mkIf hasQbit { 70 | qbit = userBase // { 71 | isNormalUser = true; 72 | description = "Aaron Bieber"; 73 | home = "/home/qbit"; 74 | extraGroups = [ "wheel" ]; 75 | hashedPasswordFile = config.sops.secrets.qbit_hash.path; 76 | }; 77 | }) 78 | ]; 79 | }; 80 | }; 81 | } 82 | -------------------------------------------------------------------------------- /xintray-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qbit/xin/aa0e5ee85559af889cc57cc26198dfdfa799cf30/xintray-logo.png --------------------------------------------------------------------------------