ivandimitrov8080/configuration.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ivandimitrov8080:feature/merge
Branches Tags
ivandimitrov8080:master
ivandimitrov8080:wireguard
ivandimitrov8080:test
ivandimitrov8080:feature/merge
ivandimitrov8080:refactor_home
ivandimitrov8080:feat_nixosHome
ivandimitrov8080:feat_vm
ivandimitrov8080:feat_parts
..
compare: ivandimitrov8080:master
Branches Tags
ivandimitrov8080:master
ivandimitrov8080:wireguard
ivandimitrov8080:test
ivandimitrov8080:feature/merge
ivandimitrov8080:refactor_home
ivandimitrov8080:feat_nixosHome
ivandimitrov8080:feat_vm
ivandimitrov8080:feat_parts

46 Commits
feature/me ... master

Author SHA1 Message Date
Ivan Kirilov Dimitrov
bc18255229
Update 2024-09-09 15:53:28 +02:00
Ivan Kirilov Dimitrov
91a32bfdeb
docker root mode 2024-09-05 11:56:46 +02:00
Ivan Kirilov Dimitrov
d2bd664f4e
docker 2024-09-05 10:43:53 +02:00
Ivan Kirilov Dimitrov
73b02b4589
network 2024-08-31 12:52:53 +02:00
Ivan Kirilov Dimitrov
075237ed6f
kaiser 2024-08-28 17:00:07 +02:00
Ivan Kirilov Dimitrov
c213f82d04
network 2024-08-28 12:53:47 +02:00
Ivan Kirilov Dimitrov
3ed2aa4cc1
add chromium 2024-08-22 13:07:57 +02:00
Ivan Kirilov Dimitrov
dc86d80a3a
update 2024-08-21 15:01:08 +02:00
Ivan Kirilov Dimitrov
7df0351721
wg 2024-08-19 12:44:18 +02:00
Ivan Kirilov Dimitrov
eaaf415299
fixing wg 2024-08-19 12:27:22 +02:00
Ivan Kirilov Dimitrov
80daeb3ba5
wifi 2024-08-18 17:13:48 +02:00
Ivan Kirilov Dimitrov
c9b5cb9b52
wifi 2024-08-10 17:34:22 +02:00
Ivan Kirilov Dimitrov
67279849d7
statix fix 2024-08-07 20:38:52 +02:00
Ivan Kirilov Dimitrov
dec199a870
dead code removal 2024-08-07 18:44:14 +02:00
Ivan Kirilov Dimitrov
06dea9ce71
alejandra format 2024-08-07 17:41:33 +02:00
Ivan Kirilov Dimitrov
1a4be3cb75
use official telegram app 2024-08-06 12:21:04 +02:00
Ivan Kirilov Dimitrov
d89757afb9
rest of mailserver 2024-08-05 18:57:10 +02:00
Ivan Kirilov Dimitrov
0b8e88f09d
firewall module 2024-08-05 18:54:30 +02:00
Ivan Kirilov Dimitrov
9ee0b504b1
anonymous dns module 2024-08-05 18:46:10 +02:00
Ivan Kirilov Dimitrov
3afeaa8934
wireguard-output module 2024-08-05 18:40:34 +02:00
Ivan Kirilov Dimitrov
7d7c00de4f
nginx module 2024-08-05 18:25:15 +02:00
Ivan Kirilov Dimitrov
1bd5b467ae
add restrict to vpn on mailserver module 2024-08-05 18:15:50 +02:00
Ivan Kirilov Dimitrov
a10568d5ac
mailserver module 2024-08-05 18:12:02 +02:00
Ivan Kirilov Dimitrov
eac0e79ca3
remove unused home config 2024-08-05 17:49:30 +02:00
Ivan Kirilov Dimitrov
f1b2a18a1d
add telegram 2024-08-05 11:12:19 +02:00
Ivan Kirilov Dimitrov
07512362f8
add stara to wg 2024-08-04 22:11:14 +02:00
Ivan Kirilov Dimitrov
c36b061ce9
add services to intranet 2024-08-04 21:24:32 +02:00
Ivan Kirilov Dimitrov
d0caeb0b57
add ssh to wg for intranet 2024-08-04 20:07:52 +02:00
Ivan Kirilov Dimitrov
00d0aff6f8
grub and wireless to miner 2024-08-04 20:00:51 +02:00
Ivan Kirilov Dimitrov
793790226b
adding hardware to miner 2024-08-04 19:08:59 +02:00
Ivan Kirilov Dimitrov
76266ac03e
add monero miner 2024-08-04 15:11:01 +02:00
Ivan Kirilov Dimitrov
0bf31f6699
add just generate recipe 2024-08-04 14:54:06 +02:00
Ivan Kirilov Dimitrov
2d99617d89
justfile with params 2024-08-04 14:49:20 +02:00
Ivan Kirilov Dimitrov
12466783f7
add justfile syntax 2024-08-04 14:31:30 +02:00
Ivan Kirilov Dimitrov
0bd094330d
default host platform 2024-08-04 14:10:03 +02:00
Ivan Kirilov Dimitrov
13ca2bc6c5
add doas to vps 2024-08-04 13:41:00 +02:00
Ivan Kirilov Dimitrov
d94928d1cf
change lid switch behaviour 2024-08-04 13:33:34 +02:00
Ivan Kirilov Dimitrov
bac787e1d7
add shell and wireless to iso 2024-08-04 12:18:25 +02:00
Ivan Kirilov Dimitrov
b7a673f537
add tshark 2024-08-04 10:29:28 +02:00
Ivan Kirilov Dimitrov
89c45a9e8f
anon dns 2024-08-03 22:41:33 +02:00
Ivan Kirilov Dimitrov
764bf2d3e7
dnscrypt enable o/doh servers 2024-08-03 22:01:37 +02:00
Ivan Kirilov Dimitrov
ea537f647e
add realtime group 2024-08-03 20:19:53 +02:00
Ivan Kirilov Dimitrov
e2e10b3f0a
refactoring vps 2024-08-03 20:16:58 +02:00
Ivan Kirilov Dimitrov
b432efdd0f
spaces for README 2024-08-03 17:45:01 +02:00
Ivan Kirilov Dimitrov
ae75c299cb
README 2024-08-03 17:43:30 +02:00
Ivan Kirilov Dimitrov
b99de1d61f
ssh hosts 2024-08-03 17:22:31 +02:00
26 changed files with 912 additions and 680 deletions
Show Stats Expand all files Collapse all files

40
Justfile
View File

@ -1,38 +1,24 @@
default: nixos default: nova
all: nixos music nonya ai all: nova (nova "music")
home: nova config="nova":
home-manager switch --flake ./. -b $(mktemp -u XXXX) #!/usr/bin/env sh
cfg={{config}}
nixos: if [ "$cfg" != "nova" ]; then
doas nixos-rebuild switch --flake ./. cfg="nova-{{config}}"
fi
doas nixos-rebuild switch --flake ./#"$cfg"
update: update:
nix flake update nix flake update
clean: cleanRoot cleanHome clean:
cleanHome:
nix-collect-garbage --delete-older-than 90d nix-collect-garbage --delete-older-than 90d
cleanRoot:
doas nix-collect-garbage --delete-older-than 90d doas nix-collect-garbage --delete-older-than 90d
news: generate format="install-iso" config="install-iso":
home-manager news --flake ./. nix shell nixpkgs#nixos-generators --command nixos-generate -f {{format}} --flake ./#{{config}}
music:
doas nixos-rebuild switch --flake ./#music
nonya:
doas nixos-rebuild switch --flake ./#nonya
ai:
doas nixos-rebuild switch --flake ./#ai
installer-iso:
nix shell nixpkgs#nixos-generators --command nixos-generate -f install-iso --flake ./#nixos
vps: vps:
nixos-rebuild switch --flake ./#vps --target-host root@10.0.0.1 nixos-rebuild switch --flake ./#vps --target-host root@37.205.13.29

34
README.md
View File

@ -1,20 +1,26 @@
# My personal nixos config. # NixOS configurations
### Usage This repository aims to configure everything I use for all my machines.
To build the nixos system: ### Goals
- Provide me with something that I personally can use.
- Make it modular so that it can be reused by other people or me on other people's machines (my company's workstation).
### How to use
[Check the home-manager modules](./home/modules/default.nix)
[Check the NixOS modules](./nixos/modules/default.nix)
These are exposed in the following way
`<this-flake>.homeManagerModules.<module>`
`<this-flake>.nixosModules.<module>`
Run the following for more info:
```bash ```bash
make nixos nix flake show github:ivandimitrov8080/configuration.nix
``` ```
To build ivand home:
```bash
make home
```
To make music:
```bash
make music # this will compile the realtime kernel
```

2
default.nix
View File

@ -2,7 +2,7 @@ top@{ inputs, ... }: {
imports = [ ./nixos ./home ./packages ./overlays ./hardware-configurations ]; imports = [ ./nixos ./home ./packages ./overlays ./hardware-configurations ];
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
flake.stateVersion = "24.05"; flake.stateVersion = "24.05";
perSystem = perSystem@{ system, ... }: { perSystem = { system, ... }: {
config._module.args = { config._module.args = {
pkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs {
inherit system; inherit system;

42
flake.lock
View File

@ -672,11 +672,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722462338, "lastModified": 1725863684,
"narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "narHash": "sha256-HmdTBpuCsw35Ii35JUKO6AE6nae+kJliQb0XGd4hoLE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "rev": "be47a2bdf278c57c2d05e747a13ed31cef54a037",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -737,11 +737,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722388081, "lastModified": 1725674607,
"narHash": "sha256-gJkry8rSaaZw+d+frABPgVjqBznCa7Jr3A5YLChSR4o=", "narHash": "sha256-vTaoz2yRd9g3NZNKYufZeB8UJ381aBPmRV91lEmV37o=",
"owner": "StevenBlack", "owner": "StevenBlack",
"repo": "hosts", "repo": "hosts",
"rev": "d6039e35d071480c309363eff2690e8b963ab06a", "rev": "10b187280ec15374e4d2b28e7705046e7d535d91",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -806,11 +806,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722213035, "lastModified": 1725237485,
"narHash": "sha256-FrJRRFbaJFm2iW1jddLbcSJwQmk3afMSwYm+7IBxeaw=", "narHash": "sha256-POpzmA7+ecCUEZsu2a5fgwYhJ60POzve+lMhxebmTz4=",
"owner": "musnix", "owner": "musnix",
"repo": "musnix", "repo": "musnix",
"rev": "0e23bb501576ae18b4d19836a91e12c87e4931ee", "rev": "b5f3a47fd74193cb98c85cfeb6a25358150bdd90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -951,11 +951,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1722421184, "lastModified": 1725634671,
"narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1068,11 +1068,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719994518, "lastModified": 1725234343,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1128,11 +1128,11 @@
"nixpkgs-24_05": "nixpkgs-24_05" "nixpkgs-24_05": "nixpkgs-24_05"
}, },
"locked": { "locked": {
"lastModified": 1721121314, "lastModified": 1722877200,
"narHash": "sha256-zwc7YXga/1ppaZMWFreZykXtFwBgXodxUZiUx969r+g=", "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "059b50b2e729729ea00c6831124d3837c494f3d5", "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -1248,11 +1248,11 @@
}, },
"vpsadminos": { "vpsadminos": {
"locked": { "locked": {
"lastModified": 1722101851, "lastModified": 1725810385,
"narHash": "sha256-fM5Z8Qhk9/AbGYJ4VrJilGlFK9btBEF+ROtbYYJZJ1I=", "narHash": "sha256-+6UULi05KMHmLfhlrNGhMdLZUoQeC5Dc1nLFdINyeyI=",
"owner": "vpsfreecz", "owner": "vpsfreecz",
"repo": "vpsadminos", "repo": "vpsadminos",
"rev": "2c8ff8462a6f4aefb7bd2663d6ddbedd9d161f2c", "rev": "37c5eb47ca3f11deac83e4ada20a6c21d5487f29",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
flake.nix
View File

@ -20,7 +20,10 @@
}; };
sal = { sal = {
url = "github:ivandimitrov8080/sal"; url = "github:ivandimitrov8080/sal";
inputs = { nixpkgs.follows = "nixpkgs"; ide.follows = "ide"; }; inputs = {
nixpkgs.follows = "nixpkgs";
ide.follows = "ide";
};
}; };
musnix = { musnix = {
url = "github:musnix/musnix"; url = "github:musnix/musnix";

12
hardware-configurations/default.nix
View File

@ -1,4 +1,4 @@
top@{ ... }: { _: {
flake.hardwareConfigurations = { flake.hardwareConfigurations = {
nova = { lib, modulesPath, ... }: { nova = { lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@ -12,8 +12,14 @@ top@{ ... }: {
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
"/" = { device = "/dev/disk/by-uuid/47536cbe-7265-493b-a2e3-bbd376a6f9af"; fsType = "btrfs"; }; "/" = {
"/boot" = { device = "/dev/disk/by-uuid/4C3C-993A"; fsType = "vfat"; }; device = "/dev/disk/by-uuid/47536cbe-7265-493b-a2e3-bbd376a6f9af";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/4C3C-993A";
fsType = "vfat";
};
}; };
swapDevices = [ ]; swapDevices = [ ];
networking.useDHCP = lib.mkForce true; networking.useDHCP = lib.mkForce true;

19
home/configs/default.nix
View File

@ -1,19 +0,0 @@
toplevel@{ inputs, withSystem, config, ... }:
{
flake.homeConfigurations.ivand = withSystem "x86_64-linux" (ctx@{ pkgs, ... }:
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules =
let
mods = config.flake.homeManagerModules;
in
with mods; [
base
ivand
shell
util
swayland
web
];
});
}

2
home/default.nix
View File

@ -1,3 +1,3 @@
{ {
imports = [ ./modules ./configs ]; imports = [./modules];
} }

329
home/modules/default.nix
View File

@ -1,8 +1,7 @@
toplevel @ { moduleWithSystem, ... }: { toplevel @ { moduleWithSystem, ... }: {
flake.homeManagerModules = { flake.homeManagerModules = {
base = moduleWithSystem ( base = moduleWithSystem (
top@{ ... }: _: { config, ... }: {
perSystem@{ config, ... }: {
programs.home-manager.enable = true; programs.home-manager.enable = true;
home.stateVersion = toplevel.config.flake.stateVersion; home.stateVersion = toplevel.config.flake.stateVersion;
xdg = { xdg = {
@ -24,8 +23,7 @@ toplevel@{ moduleWithSystem, ... }: {
} }
); );
ivand = moduleWithSystem ( ivand = moduleWithSystem (
top@{ ... }: _: { pkgs, ... }: {
perSystem@{ pkgs, ... }: {
home = { home = {
username = "ivand"; username = "ivand";
homeDirectory = "/home/ivand"; homeDirectory = "/home/ivand";
@ -36,68 +34,148 @@ toplevel@{ moduleWithSystem, ... }: {
git = with pkgs.lib; { git = with pkgs.lib; {
userName = mkForce "Ivan Kirilov Dimitrov"; userName = mkForce "Ivan Kirilov Dimitrov";
userEmail = mkForce "ivan@idimitrov.dev"; userEmail = mkForce "ivan@idimitrov.dev";
signing = mkForce { signByDefault = true; key = "ivan@idimitrov.dev"; }; signing = mkForce {
signByDefault = true;
key = "ivan@idimitrov.dev";
};
}; };
ssh = { ssh = {
matchBlocks = { vpsfree = { hostname = "37.205.13.29"; user = "ivand"; }; vpsfree-root = { hostname = "37.205.13.29"; user = "root"; }; }; matchBlocks = {
vpsfree-ivand = {
hostname = "10.0.0.1";
user = "ivand";
};
vpsfree-root = {
hostname = "10.0.0.1";
user = "root";
};
};
}; };
}; };
} }
); );
util = moduleWithSystem ( util = moduleWithSystem (
top@{ ... }: _: { pkgs
perSystem@{ pkgs, config, ... }: { , config
, ...
}: {
home = { home = {
packages = with pkgs; [ openssl mlocate uutils-coreutils-noprefix speedtest-cli ]; packages = with pkgs; [ openssl mlocate uutils-coreutils-noprefix speedtest-cli ];
sessionVariables = { PAGER = "bat"; BAT_THEME = "catppuccin-mocha"; }; sessionVariables = {
PAGER = "bat";
BAT_THEME = "catppuccin-mocha";
};
}; };
programs = { programs = {
password-store = { enable = true; package = pkgs.pass.withExtensions (e: with e; [ pass-otp pass-file ]); settings = { PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; }; }; password-store = {
enable = true;
package = pkgs.pass.withExtensions (e: with e; [ pass-otp pass-file ]);
settings = { PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; };
};
git = { git = {
enable = true; enable = true;
delta.enable = true; delta.enable = true;
extraConfig = { color.ui = "auto"; pull.rebase = true; push.autoSetupRemote = true; }; extraConfig = {
aliases = { a = "add ."; c = "commit"; d = "diff --cached"; p = "push"; pa = "!git remote | xargs -L1 git push --all"; }; color.ui = "auto";
pull.rebase = true;
push.autoSetupRemote = true;
};
aliases = {
a = "add .";
c = "commit";
d = "diff --cached";
p = "push";
pa = "!git remote | xargs -L1 git push --all";
};
}; };
tealdeer = { tealdeer = {
enable = true; enable = true;
settings = { display = { compact = true; }; updates = { auto_update = true; }; }; settings = {
display = { compact = true; };
updates = { auto_update = true; };
};
}; };
bottom = { bottom = {
enable = true; enable = true;
settings = { settings = {
flags = { rate = "250ms"; }; flags = { rate = "250ms"; };
row = [ row = [
{ ratio = 40; child = [{ type = "cpu"; } { type = "mem"; } { type = "net"; }]; } {
{ ratio = 35; child = [{ type = "temp"; } { type = "disk"; }]; } ratio = 40;
{ ratio = 40; child = [{ type = "proc"; default = true; }]; } child = [{ type = "cpu"; } { type = "mem"; } { type = "net"; }];
}
{
ratio = 35;
child = [{ type = "temp"; } { type = "disk"; }];
}
{
ratio = 40;
child = [
{
type = "proc";
default = true;
}
];
}
]; ];
}; };
}; };
fzf = { enable = true; enableBashIntegration = true; enableZshIntegration = true; }; fzf = {
nix-index = { enable = true; enableZshIntegration = false; enableBashIntegration = false; }; enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
nix-index = {
enable = true;
enableZshIntegration = false;
enableBashIntegration = false;
};
bat = { bat = {
enable = true; enable = true;
themes = themes =
let let
catppuccin = pkgs.fetchFromGitHub { owner = "catppuccin"; repo = "bat"; rev = "82e7ca555f805b53d2b377390e4ab38c20282e83"; sha256 = "sha256-/Ob9iCVyjJDBCXlss9KwFQTuxybmSSzYRBZxOT10PZg="; }; catppuccin = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "bat";
rev = "82e7ca555f805b53d2b377390e4ab38c20282e83";
sha256 = "sha256-/Ob9iCVyjJDBCXlss9KwFQTuxybmSSzYRBZxOT10PZg=";
};
in in
{ {
catppuccin-mocha = { src = catppuccin; file = "themes/Catppuccin Mocha.tmTheme"; }; catppuccin-mocha = {
catppuccin-macchiato = { src = catppuccin; file = "themes/Catppuccin Macchiato.tmTheme"; }; src = catppuccin;
catppuccin-frappe = { src = catppuccin; file = "themes/Catppuccin Frappe.tmTheme"; }; file = "themes/Catppuccin Mocha.tmTheme";
catppuccin-latte = { src = catppuccin; file = "themes/Catppuccin Latte.tmTheme"; }; };
catppuccin-macchiato = {
src = catppuccin;
file = "themes/Catppuccin Macchiato.tmTheme";
};
catppuccin-frappe = {
src = catppuccin;
file = "themes/Catppuccin Frappe.tmTheme";
};
catppuccin-latte = {
src = catppuccin;
file = "themes/Catppuccin Latte.tmTheme";
};
}; };
}; };
ssh.enable = true; ssh.enable = true;
gpg.enable = true; gpg.enable = true;
}; };
services = { gpg-agent = { enable = true; enableBashIntegration = true; enableZshIntegration = true; enableNushellIntegration = true; pinentryPackage = pkgs.pinentry-qt; }; }; services = {
gpg-agent = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
enableNushellIntegration = true;
pinentryPackage = pkgs.pinentry-qt;
};
};
} }
); );
shell = moduleWithSystem ( shell = moduleWithSystem (
top@{ ... }: _: { pkgs, ... }: {
perSystem@{ pkgs, ... }: {
programs = programs =
let let
shellAliases = { shellAliases = {
@ -138,9 +216,16 @@ toplevel@{ moduleWithSystem, ... }: {
nushell = { nushell = {
enable = true; enable = true;
environmentVariables = { config = ''{ show_banner: false, completions: { quick: false partial: false algorithm: "prefix" } } ''; }; environmentVariables = { config = ''{ show_banner: false, completions: { quick: false partial: false algorithm: "prefix" } } ''; };
shellAliases = { gcal = '' bash -c "cal $(date +%Y)" ''; la = "ls -al"; dev = "nix develop --command $env.SHELL"; }; shellAliases = {
gcal = ''bash -c "cal $(date +%Y)" '';
la = "ls -al";
dev = "nix develop --command $env.SHELL";
};
};
kitty.shellIntegration = {
enableBashIntegration = true;
enableZshIntegration = true;
}; };
kitty.shellIntegration = { enableBashIntegration = true; enableZshIntegration = true; };
tmux = { tmux = {
enable = true; enable = true;
clock24 = true; clock24 = true;
@ -154,7 +239,12 @@ toplevel@{ moduleWithSystem, ... }: {
set-option -a terminal-features 'screen-256color:RGB' set-option -a terminal-features 'screen-256color:RGB'
''; '';
}; };
starship = { enable = true; enableNushellIntegration = true; enableZshIntegration = true; enableBashIntegration = true; }; starship = {
enable = true;
enableNushellIntegration = true;
enableZshIntegration = true;
enableBashIntegration = true;
};
eza = { eza = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
@ -173,11 +263,18 @@ toplevel@{ moduleWithSystem, ... }: {
} }
); );
swayland = moduleWithSystem ( swayland = moduleWithSystem (
top@{ ... }: _: { pkgs
perSystem@{ pkgs, config, ... }: { , config
, ...
}: {
home = { home = {
packages = with pkgs; [ audacity gimp grim libnotify libreoffice-qt mupdf slurp transmission_4 wl-clipboard xdg-user-dirs xdg-utils xwayland ]; packages = with pkgs; [ audacity gimp grim libnotify libreoffice-qt mupdf slurp transmission_4 wl-clipboard xdg-user-dirs xdg-utils xwayland telegram-desktop ];
pointerCursor = with pkgs; { name = "catppuccin-mocha-green-cursors"; package = catppuccin-cursors.mochaGreen; size = 24; gtk.enable = true; }; pointerCursor = with pkgs; {
name = "catppuccin-mocha-green-cursors";
package = catppuccin-cursors.mochaGreen;
size = 24;
gtk.enable = true;
};
}; };
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
@ -210,17 +307,21 @@ toplevel@{ moduleWithSystem, ... }: {
"${modifier}+Shift+c" = "kill"; "${modifier}+Shift+c" = "kill";
"${modifier}+Shift+q" = "exit"; "${modifier}+Shift+q" = "exit";
}; };
input = { "*" = { xkb_layout = "us,bg"; xkb_options = "grp:win_space_toggle"; xkb_variant = ",phonetic"; }; }; input = {
"*" = {
xkb_layout = "us,bg";
xkb_options = "grp:win_space_toggle";
xkb_variant = ",phonetic";
}; };
swaynag = { enable = config.wayland.windowManager.sway.enable; }; };
};
swaynag = { inherit (config.wayland.windowManager.sway) enable; };
}; };
programs = { programs = {
waybar = { waybar = {
enable = true; enable = true;
settings = { settings = {
mainBar = mainBar =
let
in
{ {
layer = "top"; layer = "top";
position = "top"; position = "top";
@ -231,28 +332,47 @@ toplevel@{ moduleWithSystem, ... }: {
modules-center = [ "clock#week" "clock#year" "clock#time" ]; modules-center = [ "clock#week" "clock#year" "clock#time" ];
modules-right = [ "network" "pulseaudio" "memory" "cpu" "battery" ]; modules-right = [ "network" "pulseaudio" "memory" "cpu" "battery" ];
"clock#time" = { format = "{:%H:%M:%S}"; interval = 1; tooltip = false; }; "clock#time" = {
"clock#week" = { format = "{:%a}"; tooltip = false; }; format = "{:%H:%M:%S}";
"clock#year" = { format = "{:%Y-%m-%d}"; tooltip = false; }; interval = 1;
tooltip = false;
};
"clock#week" = {
format = "{:%a}";
tooltip = false;
};
"clock#year" = {
format = "{:%Y-%m-%d}";
tooltip = false;
};
battery = { battery = {
format = "{icon} <span color='#cdd6f4'>{capacity}% {time}</span>"; format = "{icon} <span color='#cdd6f4'>{capacity}% {time}</span>";
format-time = " {H} h {M} m"; format-time = " {H} h {M} m";
format-icons = [ "" "" "" "" "" ]; format-icons = [ "" "" "" "" "" ];
states = { warning = 30; critical = 15; }; states = {
warning = 30;
critical = 15;
};
tooltip = false; tooltip = false;
}; };
cpu = { format = "<span color='#74c7ec'></span> {usage}%"; }; cpu = { format = "<span color='#74c7ec'></span> {usage}%"; };
memory = { format = "<span color='#89b4fa'></span> {percentage}%"; interval = 5; }; memory = {
format = "<span color='#89b4fa'></span> {percentage}%";
interval = 5;
};
pulseaudio = { pulseaudio = {
format = "<span color='#a6e3a1'>{icon}</span> {volume}% | {format_source}"; format = "<span color='#a6e3a1'>{icon}</span> {volume}% | {format_source}";
format-muted = "<span color='#f38ba8'>󰝟</span> {volume}% | {format_source}"; format-muted = "<span color='#f38ba8'>󰝟</span> {volume}% | {format_source}";
format-source = "{volume}% <span color='#a6e3a1'></span>"; format-source = "{volume}% <span color='#a6e3a1'></span>";
format-source-muted = "{volume}% <span color='#f38ba8'></span>"; format-source-muted = "{volume}% <span color='#f38ba8'></span>";
format-icons = { headphone = ""; default = [ "" "" "" ]; }; format-icons = {
headphone = "";
default = [ "" "" "" ];
};
tooltip = false; tooltip = false;
}; };
@ -265,10 +385,16 @@ toplevel@{ moduleWithSystem, ... }: {
tooltip = false; tooltip = false;
}; };
"sway/workspaces" = { disable-scroll = true; all-outputs = true; }; "sway/workspaces" = {
disable-scroll = true;
all-outputs = true;
}; };
}; };
systemd = { enable = true; target = "sway-session.target"; }; };
systemd = {
enable = true;
target = "sway-session.target";
};
style = '' style = ''
@define-color rosewater #f5e0dc; @define-color rosewater #f5e0dc;
@define-color flamingo #f2cdcd; @define-color flamingo #f2cdcd;
@ -398,12 +524,14 @@ toplevel@{ moduleWithSystem, ... }: {
animation-iteration-count: infinite; animation-iteration-count: infinite;
animation-direction: alternate; animation-direction: alternate;
} }
'' '';
;
}; };
swaylock = { swaylock = {
enable = true; enable = true;
settings = { show-failed-attempts = true; image = config.home.homeDirectory + "/pic/bg.png"; }; settings = {
show-failed-attempts = true;
image = config.home.homeDirectory + "/pic/bg.png";
};
}; };
rofi = { rofi = {
enable = true; enable = true;
@ -423,22 +551,52 @@ toplevel@{ moduleWithSystem, ... }: {
}; };
kitty = { kitty = {
enable = true; enable = true;
font = { package = pkgs.fira-code; name = "FiraCodeNFM-Reg"; }; font = {
settings = { background_opacity = "0.90"; cursor_shape = "beam"; }; package = pkgs.fira-code;
name = "FiraCodeNFM-Reg";
};
settings = {
background_opacity = "0.90";
cursor_shape = "beam";
};
};
imv = {
enable = true;
settings = { options.fullscreen = true; };
};
mpv = {
enable = true;
scripts = with pkgs.mpvScripts; [ uosc thumbfast ];
}; };
imv = { enable = true; settings = { options.fullscreen = true; }; };
mpv = { enable = true; scripts = with pkgs.mpvScripts; [ uosc thumbfast ]; };
bash.profileExtra = ''[ "$(tty)" = "/dev/tty1" ] && exec sway ''; bash.profileExtra = ''[ "$(tty)" = "/dev/tty1" ] && exec sway '';
zsh.loginExtra = ''[ "$(tty)" = "/dev/tty1" ] && exec sway ''; zsh.loginExtra = ''[ "$(tty)" = "/dev/tty1" ] && exec sway '';
nushell.loginFile.text = ''if (tty) == "/dev/tty1" { sway } ''; nushell.loginFile.text = ''if (tty) == "/dev/tty1" { sway } '';
}; };
services = { mako.enable = true; cliphist = { enable = true; systemdTarget = "sway-session.target"; }; }; services = {
mako.enable = true;
cliphist = {
enable = true;
systemdTarget = "sway-session.target";
};
};
systemd.user = { systemd.user = {
timers = { rbingwp = { Timer = { OnCalendar = "*-*-* 10:00:00"; Persistent = true; }; Install = { WantedBy = [ "timers.target" ]; }; }; }; timers = {
rbingwp = {
Timer = {
OnCalendar = "*-*-* 10:00:00";
Persistent = true;
};
Install = { WantedBy = [ "timers.target" ]; };
};
};
services = { services = {
wpd = { wpd = {
Install = { WantedBy = [ "sway-session.target" ]; }; Install = { WantedBy = [ "sway-session.target" ]; };
Unit = { Description = "Switch background every x minutes"; After = "graphical-session-pre.target"; PartOf = "graphical-session.target"; }; Unit = {
Description = "Switch background every x minutes";
After = "graphical-session-pre.target";
PartOf = "graphical-session.target";
};
Service = { Service = {
ExecStart = [ "${pkgs.wpd}/bin/wpd" ]; ExecStart = [ "${pkgs.wpd}/bin/wpd" ];
}; };
@ -461,18 +619,27 @@ toplevel@{ moduleWithSystem, ... }: {
} }
); );
web = moduleWithSystem ( web = moduleWithSystem (
top@{ ... }: _: _: {
perSystem@{ ... }: {
programs = { programs = {
browserpass.enable = true; browserpass.enable = true;
firefox = { firefox = {
enable = true; enable = true;
profiles.ivand = { profiles.ivand = {
id = 0; id = 0;
search = { default = "DuckDuckGo"; privateDefault = "DuckDuckGo"; force = true; }; search = {
default = "DuckDuckGo";
privateDefault = "DuckDuckGo";
force = true;
};
bookmarks = [ bookmarks = [
{ name = "home-options"; url = "https://nix-community.github.io/home-manager/options.xhtml"; } {
{ name = "nixvim-docs"; url = "https://nix-community.github.io/nixvim/"; } name = "home-options";
url = "https://nix-community.github.io/home-manager/options.xhtml";
}
{
name = "nixvim-docs";
url = "https://nix-community.github.io/nixvim/";
}
]; ];
settings = { settings = {
"general.smoothScroll" = true; "general.smoothScroll" = true;
@ -496,18 +663,52 @@ toplevel@{ moduleWithSystem, ... }: {
TranslateEnabled = false; TranslateEnabled = false;
SearchBar = "unified"; SearchBar = "unified";
SearchSuggestEnabled = false; SearchSuggestEnabled = false;
SanitizeOnShutdown = { Cache = true; FormData = true; Locked = true; Cookies = false; Downloads = false; History = false; Sessions = false; SiteSettings = false; OfflineApps = true; }; SanitizeOnShutdown = {
FirefoxHome = { Search = true; Pocket = false; Snippets = false; TopSites = false; Highlights = false; }; Cache = true;
UserMessaging = { ExtensionRecommendations = false; FeatureRecommendations = false; UrlbarInterventions = false; MoreFromMozilla = false; SkipOnboarding = true; }; FormData = true;
Locked = true;
Cookies = false;
Downloads = false;
History = false;
Sessions = false;
SiteSettings = false;
OfflineApps = true;
};
FirefoxHome = {
Search = true;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
FeatureRecommendations = false;
UrlbarInterventions = false;
MoreFromMozilla = false;
SkipOnboarding = true;
};
Handlers = { Handlers = {
schemes = { schemes = {
mailto = { action = "useHelperApp"; ask = false; handlers = [{ name = "RoundCube"; uriTemplate = "https://mail.idimitrov.dev/?_task=mail&_action=compose&_to=%s"; }]; }; mailto = {
action = "useHelperApp";
ask = false;
handlers = [
{
name = "RoundCube";
uriTemplate = "https://mail.idimitrov.dev/?_task=mail&_action=compose&_to=%s";
}
];
}; };
}; };
}; };
}; };
}; };
chromium = {
enable = true;
};
};
xdg.mimeApps.defaultApplications = { xdg.mimeApps.defaultApplications = {
"text/html" = "firefox.desktop"; "text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop"; "x-scheme-handler/http" = "firefox.desktop";

103
hosts/vps/mailserver/configuration.nix
View File

@ -1,103 +0,0 @@
{ pkgs, ... }:
{
time.timeZone = "Europe/Prague";
fileSystems."/mnt/export1981" = {
device = "172.16.128.47:/nas/5490";
fsType = "nfs";
options = [ "nofail" ];
};
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
security = {
acme = {
acceptTerms = true;
defaults.email = "security@idimitrov.dev";
};
};
networking = {
firewall = pkgs.lib.mkForce {
enable = true;
allowedTCPPorts = [
25 # smtp
465 # smtps
80 # http
443 # https
];
allowedUDPPorts = [
25
465
80
443
51820 # wireguard
];
extraCommands = ''
iptables -N vpn # create a new chain named vpn
iptables -A vpn --src 10.0.0.2 -j ACCEPT # allow
iptables -A vpn --src 10.0.0.3 -j ACCEPT # allow
iptables -A vpn --src 10.0.0.4 -j ACCEPT # allow
iptables -A vpn -j DROP # drop everyone else
iptables -I INPUT -m tcp -p tcp --dport 22 -j vpn
'';
extraStopCommands = ''
iptables -F vpn
iptables -D INPUT -m tcp -p tcp --dport 22 -j vpn
iptables -X vpn
'';
};
};
users = {
users.ivand = {
isNormalUser = true;
hashedPassword =
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
extraGroups = [ "wheel" "adm" "mlocate" ];
openssh.authorizedKeys.keys = [
''
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
''
];
};
extraGroups = { mlocate = { }; };
};
environment = {
enableAllTerminfo = true;
};
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
};
};
};
systemd = {
timers = {
bingwp = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 10:00:00";
Persistent = true;
};
};
};
services = {
bingwp = {
description = "Download bing image of the day";
script = ''
${pkgs.nushell}/bin/nu -c "http get ('https://bing.com' + ((http get https://www.bing.com/HPImageArchive.aspx?format=js&n=1).images.0.url)) | save ('/var/pic' | path join ( [ (date now | format date '%Y-%m-%d'), '.png' ] | str join ))"
${pkgs.nushell}/bin/nu -c "${pkgs.toybox}/bin/ln -sf (ls /var/pic | where type == file | get name | sort | last) /var/pic/latest.png"
'';
};
};
};
}

3
hosts/vps/mailserver/default.nix
View File

@ -1,3 +0,0 @@
{
imports = [ ./configuration.nix ./mailserver ./roundcube ./postgres ./wireguard ./nginx ./tor ./i2pd ./gitea ./dnscrypt ./monero ];
}

33
hosts/vps/mailserver/dnscrypt/default.nix
View File

@ -1,33 +0,0 @@
{
networking = {
nameservers = [ "127.0.0.1" "::1" ];
dhcpcd.extraConfig = "nohook resolv.conf";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv4_servers = true;
ipv6_servers = true;
dnscrypt_servers = true;
doh_servers = false;
odoh_servers = false;
require_dnssec = true;
require_nolog = true;
require_nofilter = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}

23
hosts/vps/mailserver/gitea/default.nix
View File

@ -1,23 +0,0 @@
{ ... }:
{
services.gitea = {
enable = true;
appName = "src";
database = {
type = "postgres";
};
settings = {
server = {
DOMAIN = "src.idimitrov.dev";
ROOT_URL = "https://src.idimitrov.dev/";
HTTP_PORT = 3001;
};
repository = {
DEFAULT_BRANCH = "master";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

14
hosts/vps/mailserver/i2pd/default.nix
View File

@ -1,14 +0,0 @@
{
services.i2pd = {
enable = true;
inTunnels = {
idimitrov = {
enable = true;
keys = "idimitrov-keys.dat";
inPort = 80;
destination = "127.0.0.1";
port = 3000;
};
};
};
}

21
hosts/vps/mailserver/mailserver/default.nix
View File

@ -1,21 +0,0 @@
{ config, pkgs, ... }:
{
mailserver = {
enable = true;
localDnsResolver = false;
fqdn = "mail.idimitrov.dev";
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
loginAccounts = {
"ivan@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
aliases = [ "admin@idimitrov.dev" ];
};
"security@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
};
};
certificateScheme = "acme-nginx";
hierarchySeparator = "/";
};
services.dovecot2.sieve.extensions = [ "fileinto" ];
}

6
hosts/vps/mailserver/monero/default.nix
View File

@ -1,6 +0,0 @@
{
services.monero = {
enable = false;
dataDir = "/mnt/export1981/monero";
};
}

72
hosts/vps/mailserver/nginx/default.nix
View File

@ -1,72 +0,0 @@
{ config, pkgs, ... }:
let
webshiteConfig = ''
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Content-Type-Options nosniff;
add_header Onion-Location http://sxfx23zafag4lixkb4s6zwih7ga5jnzfgtgykcerd354bvb6u7alnkid.onion;
'';
restrictToVpn = ''
allow 10.0.0.2/32;
allow fdc9:281f:04d7:9ee9::2/128;
allow 10.0.0.3/32;
allow 10.0.0.4/32;
deny all;
'';
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
serveStatic = exts: ''
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
'';
in
{
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"www.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"${config.mailserver.fqdn}" = {
extraConfig = restrictToVpn;
};
"src.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
};
};
"pic.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/pic";
extraConfig = ''
autoindex on;
${serveStatic ["png"]}
'';
};
};
};
};
};
}

39
hosts/vps/mailserver/postgres/default.nix
View File

@ -1,39 +0,0 @@
{ config, pkgs, ... }:
{
services = {
postgresql = {
enable = true;
ensureDatabases = [ "roundcube" "gitea" ];
ensureUsers = [
{
name = "roundcube";
ensureDBOwnership = true;
}
{
name = "gitea";
ensureDBOwnership = true;
}
{
name = "root";
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}
];
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = ''
gitea-users gitea gitea
'';
initialScript = pkgs.writeText "init" ''
GRANT ALL PRIVILEGES ON DATABASE roundcube TO roundcube;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO roundcube;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO roundcube;
GRANT ALL PRIVILEGES ON SCHEMA public TO roundcube;
'';
};
};
}

18
hosts/vps/mailserver/roundcube/default.nix
View File

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
{
services = {
roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
plugins = [
"persistent_login"
];
hostName = "${config.mailserver.fqdn}";
extraConfig = ''
$config['smtp_host'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
};
}

21
hosts/vps/mailserver/tor/default.nix
View File

@ -1,21 +0,0 @@
{
services.tor = {
enable = true;
client.enable = true;
relay = {
enable = true;
role = "relay";
onionServices = {
idimitrov = {
map = [{
port = 80;
target = {
addr = "127.0.0.1";
port = 3000;
};
}];
};
};
};
};
}

43
hosts/vps/mailserver/wireguard/default.nix
View File

@ -1,43 +0,0 @@
{ pkgs, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
externalInterface = "venet0";
internalInterfaces = [ "wg0" ];
};
networking.wg-quick.interfaces = {
wg0 = {
address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ];
listenPort = 51820;
privateKeyFile = "/etc/wireguard/privatekey";
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o venet0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o venet0 -j MASQUERADE
'';
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o venet0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o venet0 -j MASQUERADE
'';
peers = [
{
publicKey = "28yXYLk4U0r6MdWFEZzk6apI8uhg962wMprF47wUJyI=";
allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
}
{
publicKey = "RqTsFxFCcgYsytcDr+jfEoOA5UNxa1ZzGlpx6iuTpXY=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
publicKey = "kI93V0dVKSqX8hxMJHK5C0c1hEDPQTgPQDU8TKocVgo=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
}

39
nixos/configs/default.nix
View File

@ -1,26 +1,41 @@
toplevel@{ inputs, withSystem, ... }: toplevel @ { inputs
, withSystem
, ...
}:
let let
system = "x86_64-linux"; system = "x86_64-linux";
mods = toplevel.config.flake.nixosModules; mods = toplevel.config.flake.nixosModules;
hardwareConfigurations = toplevel.config.flake.hardwareConfigurations; inherit (toplevel.config.flake) hardwareConfigurations;
essential = with mods; [ grub base shell security wireless wireguard ]; essential = with mods; [ grub base shell security wireless intranet ];
desktop = with mods; [ sound wayland ]; desktop = with mods; [ sound wayland ];
configWithModules = { hardware, modules }: withSystem system (ctx@{ config, inputs', pkgs, ... }: inputs.nixpkgs.lib.nixosSystem { configWithModules =
{ hardware ? { nixpkgs.hostPlatform = system; }
, modules
,
}:
withSystem system ({ inputs', pkgs, ... }:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inputs inputs' pkgs; inherit inputs inputs' pkgs;
packages = config.packages;
}; };
modules = [ hardware ] ++ modules; modules = [ hardware ] ++ modules;
}); });
novaConfig = mods: configWithModules { hardware = hardwareConfigurations.nova; modules = essential ++ desktop ++ mods; }; novaConfig = mods:
configWithModules {
hardware = hardwareConfigurations.nova;
modules = essential ++ desktop ++ mods;
};
in in
{ {
flake.nixosConfigurations = { flake.nixosConfigurations = {
nixos = novaConfig [ mods.ivand ]; nova = novaConfig [ mods.ivand ];
music = novaConfig (with mods; [ music ivand ]); nova-music = novaConfig (with mods; [ ivand music ]);
nonya = novaConfig (with mods; [ anon cryptocurrency ivand ]); nova-crypto = novaConfig (with mods; [ ivand cryptocurrency ]);
ai = novaConfig (with mods; [ ai ivand ]); nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]);
installer-iso = configWithModules { hardware = { }; modules = (with mods; [ grub base ]); }; nova-ai = novaConfig (with mods; [ ivand ai ]);
vps = configWithModules { hardware = { nixpkgs.hostPlatform = system; }; modules = (with mods; [ base shell vps ]); }; nova-containers = novaConfig (with mods; [ ivand containers ]);
install-iso = configWithModules { modules = with mods; [ grub base shell wireless ]; };
vps = configWithModules { modules = with mods; [ base shell security vps mailserver nginx wireguard-output anonymous-dns firewall rest ]; };
stara-miner = configWithModules { modules = essential ++ [ mods.monero-miner ]; };
}; };
} }

495
nixos/modules/default.nix
View File

@ -1,37 +1,60 @@
top @ { inputs, moduleWithSystem, ... }: { top @ { inputs, moduleWithSystem, ... }: {
flake.nixosModules = { flake.nixosModules = {
grub = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { grub = moduleWithSystem (_: { pkgs, ... }: {
boot = { boot = {
loader = { loader = {
grub = grub =
let let
theme = pkgs.sleek-grub-theme.override { withBanner = "Hello Ivan"; withStyle = "bigSur"; }; theme = pkgs.sleek-grub-theme.override {
withBanner = "Hello Ivan";
withStyle = "bigSur";
};
in in
{ enable = pkgs.lib.mkDefault true; useOSProber = true; efiSupport = true; device = "nodev"; theme = theme; splashImage = "${theme}/background.png"; }; {
efi = { canTouchEfiVariables = true; }; inherit theme;
enable = pkgs.lib.mkDefault true;
useOSProber = true;
efiSupport = true;
device = "nodev";
splashImage = "${theme}/background.png";
};
efi.canTouchEfiVariables = true;
}; };
}; };
}); });
base = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { base = moduleWithSystem (_: { pkgs, ... }: {
imports = [ inputs.hosts.nixosModule ]; imports = [ inputs.hosts.nixosModule ];
system.stateVersion = top.config.flake.stateVersion; system.stateVersion = top.config.flake.stateVersion;
nix = { extraOptions = ''experimental-features = nix-command flakes''; }; nix = { extraOptions = ''experimental-features = nix-command flakes''; };
i18n.supportedLocales = [ "all" ]; i18n.supportedLocales = [ "all" ];
time.timeZone = "Europe/Prague"; time.timeZone = "Europe/Prague";
environment = { environment = {
systemPackages = with pkgs; [ cmatrix uutils-coreutils-noprefix cryptsetup fd file git glibc gnumake mlocate openssh openssl procs ripgrep srm unzip vim zip just nixos-install-tools ]; systemPackages = with pkgs; [ cmatrix uutils-coreutils-noprefix cryptsetup fd file git glibc gnumake mlocate openssh openssl procs ripgrep srm unzip vim zip just nixos-install-tools tshark ];
sessionVariables = { MAKEFLAGS = "-j 4"; }; sessionVariables = { MAKEFLAGS = "-j 4"; };
shells = with pkgs; [ bash zsh nushell ]; shells = with pkgs; [ bash zsh nushell ];
enableAllTerminfo = true;
}; };
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
programs = { zsh.enable = true; nix-ld.enable = true; }; programs = {
zsh.enable = true;
nix-ld.enable = true;
};
services = { services = {
dbus.enable = true; dbus.enable = true;
logind = { lidSwitch = "lock"; lidSwitchDocked = "lock"; killUserProcesses = true; powerKeyLongPress = "reboot"; }; logind = {
killUserProcesses = true;
powerKeyLongPress = "reboot";
};
};
networking = {
stevenBlackHosts = {
enable = true;
blockFakenews = true;
blockGambling = true;
};
}; };
networking = { stevenBlackHosts = { enable = true; blockFakenews = true; blockGambling = true; blockSocial = true; }; };
}); });
shell = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { shell = moduleWithSystem (_: { pkgs, ... }: {
programs = { programs = {
starship.enable = true; starship.enable = true;
zsh = { zsh = {
@ -59,11 +82,17 @@ top@{ inputs, moduleWithSystem, ... }: {
}; };
}; };
}); });
sound = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { sound = moduleWithSystem (_: { pkgs, ... }: {
services = { pipewire = { enable = true; alsa.enable = true; pulse.enable = true; }; }; services = {
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
};
environment.systemPackages = with pkgs; [ pwvucontrol ]; environment.systemPackages = with pkgs; [ pwvucontrol ];
}); });
music = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { music = moduleWithSystem (_: { pkgs, ... }: {
imports = [ inputs.musnix.nixosModules.musnix ]; imports = [ inputs.musnix.nixosModules.musnix ];
environment.systemPackages = with pkgs; [ guitarix ]; environment.systemPackages = with pkgs; [ guitarix ];
services.pipewire = { services.pipewire = {
@ -74,31 +103,55 @@ top@{ inputs, moduleWithSystem, ... }: {
enable = true; enable = true;
rtcqs.enable = true; rtcqs.enable = true;
soundcardPciId = "00:1f.3"; soundcardPciId = "00:1f.3";
kernel = { realtime = true; packages = pkgs.linuxPackages-rt; }; kernel = {
realtime = true;
packages = pkgs.linuxPackages-rt;
};
}; };
}); });
wayland = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { wayland = moduleWithSystem (_: _: {
hardware.graphics.enable = true; hardware.graphics.enable = true;
security.pam.services.swaylock = { }; security.pam.services.swaylock = { };
xdg.portal = { xdg.portal = {
enable = true; enable = true;
xdgOpenUsePortal = true; xdgOpenUsePortal = true;
wlr = { enable = true; settings = { screencast = { output_name = "HDMI-A-1"; max_fps = 60; }; }; }; wlr = {
enable = true;
settings = {
screencast = {
output_name = "HDMI-A-1";
max_fps = 60;
};
};
};
config.common.default = "*"; config.common.default = "*";
}; };
}); });
security = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { security = moduleWithSystem (_: _: {
security = { security = {
sudo = { enable = false; execWheelOnly = true; extraRules = [{ groups = [ "wheel" ]; }]; }; sudo = {
doas = { enable = true; extraRules = [{ groups = [ "wheel" ]; noPass = true; keepEnv = true; }]; }; enable = false;
execWheelOnly = true;
extraRules = [{ groups = [ "wheel" ]; }];
};
doas = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
noPass = true;
keepEnv = true;
}
];
};
polkit.enable = true; polkit.enable = true;
rtkit.enable = true; rtkit.enable = true;
}; };
}); });
wireguard = { intranet = {
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
wg0 = { wg0 = {
address = [ "10.0.0.4/32" ]; address = [ "10.0.0.2/32" ];
privateKeyFile = "/etc/wireguard/privatekey"; privateKeyFile = "/etc/wireguard/privatekey";
peers = [ peers = [
{ {
@ -110,6 +163,12 @@ top@{ inputs, moduleWithSystem, ... }: {
]; ];
}; };
}; };
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
};
};
}; };
wireless = { wireless = {
networking = { networking = {
@ -149,6 +208,19 @@ top@{ inputs, moduleWithSystem, ... }: {
"KOTEKLAN_GUEST" = { "KOTEKLAN_GUEST" = {
psk = "koteklankotek"; psk = "koteklankotek";
}; };
"TP-Link_BE7A" = {
psk = "84665461";
};
"Post120" = {
psk = "9996663333";
};
"MOONLIGHT2019" = {
psk = "seacrets";
};
"Kaiser Terrasse" = {
psk = "Internet12";
};
"ATHENS-HAWKS" = { };
"3G" = { "3G" = {
hidden = true; hidden = true;
}; };
@ -156,8 +228,11 @@ top@{ inputs, moduleWithSystem, ... }: {
}; };
}; };
}; };
ivand = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: ivand = moduleWithSystem (_: { pkgs, ... }:
let homeMods = top.config.flake.homeManagerModules; in { let
homeMods = top.config.flake.homeManagerModules;
in
{
imports = [ inputs.home-manager.nixosModules.default ]; imports = [ inputs.home-manager.nixosModules.default ];
home-manager = { home-manager = {
backupFileExtension = "bak"; backupFileExtension = "bak";
@ -196,30 +271,388 @@ top@{ inputs, moduleWithSystem, ... }: {
]; ];
}; };
}; };
extraGroups = { mlocate = { }; }; extraGroups = {
mlocate = { };
realtime = { };
};
}; };
programs.dconf.enable = true; programs.dconf.enable = true;
}); });
flatpak = { flatpak = {
xdg = { portal = { enable = true; wlr.enable = true; config.common.default = "*"; }; }; xdg = {
portal = {
enable = true;
wlr.enable = true;
config.common.default = "*";
};
};
services.flatpak.enable = true; services.flatpak.enable = true;
}; };
ai = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { ai = moduleWithSystem (_: _: {
services = { ollama.enable = true; }; services = { ollama.enable = true; };
}); });
anon = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { containers = moduleWithSystem (_: _: {
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
};
users.users.ivand.extraGroups = [ "docker" ];
});
anon = moduleWithSystem (_: { pkgs, ... }: {
environment.systemPackages = with pkgs; [ tor-browser ]; environment.systemPackages = with pkgs; [ tor-browser ];
}); });
cryptocurrency = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { cryptocurrency = moduleWithSystem (_: { pkgs, ... }: {
environment.systemPackages = with pkgs; [ monero-cli ]; environment.systemPackages = with pkgs; [ monero-cli ];
services = { monero.enable = true; }; services = { monero.enable = true; };
}); });
vps = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { monero-miner = moduleWithSystem (_: _: {
services = {
xmrig = {
enable = true;
settings = {
autosave = true;
cpu = true;
opencl = false;
cuda = false;
pools = [
{
url = "pool.supportxmr.com:443";
user = "48e9t9xvq4M4HBWomz6whiY624YRCPwgJ7LPXngcc8pUHk6hCuR3k6ENpLGDAhPEHWaju8Z4btxkbENpcwaqWcBvLxyh5cn";
keepalive = true;
tls = true;
}
];
};
};
};
});
vps = moduleWithSystem (_: { ... }: {
imports = [ imports = [
inputs.vpsadminos.nixosConfigurations.container inputs.vpsadminos.nixosConfigurations.container
inputs.simple-nixos-mailserver.nixosModule
../../hosts/vps/mailserver
]; ];
}); });
mailserver = moduleWithSystem (_: { config
, pkgs
, ...
}: {
imports = [
inputs.simple-nixos-mailserver.nixosModule
];
mailserver = {
enable = true;
localDnsResolver = false;
fqdn = "mail.idimitrov.dev";
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
loginAccounts = {
"ivan@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
aliases = [ "admin@idimitrov.dev" ];
};
"security@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
};
};
certificateScheme = "acme-nginx";
hierarchySeparator = "/";
};
services = {
dovecot2.sieve.extensions = [ "fileinto" ];
roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
plugins = [
"persistent_login"
];
hostName = "${config.mailserver.fqdn}";
extraConfig = ''
$config['smtp_host'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
nginx.virtualHosts =
let
restrictToVpn = ''
allow 10.0.0.2/32;
allow 10.0.0.3/32;
allow 10.0.0.4/32;
deny all;
'';
in
{
"${config.mailserver.fqdn}" = {
extraConfig = restrictToVpn;
};
};
postgresql.enable = true;
};
security = {
acme = {
acceptTerms = true;
defaults.email = "security@idimitrov.dev";
};
};
});
nginx = moduleWithSystem (_: { pkgs, ... }: {
services = {
nginx =
let
webshiteConfig = ''
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Content-Type-Options nosniff;
'';
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
serveStatic = exts: ''
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
'';
in
{
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"www.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"src.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
};
};
"pic.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/pic";
extraConfig = ''
autoindex on;
${serveStatic ["png"]}
'';
};
};
};
};
gitea = {
enable = true;
appName = "src";
database = {
type = "postgres";
};
settings = {
server = {
DOMAIN = "src.idimitrov.dev";
ROOT_URL = "https://src.idimitrov.dev/";
HTTP_PORT = 3001;
};
repository = {
DEFAULT_BRANCH = "master";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
postgresql = {
enable = true;
ensureUsers = [
{
name = "root";
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}
];
};
};
});
wireguard-output = moduleWithSystem (_: { pkgs, ... }: {
networking = {
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "venet0";
internalInterfaces = [ "wg0" ];
};
wg-quick.interfaces = {
wg0 =
let
iptables = "${pkgs.iptables}/bin/iptables";
ip6tables = "${pkgs.iptables}/bin/ip6tables";
in
{
address = [ "10.0.0.1/32" ];
listenPort = 51820;
privateKeyFile = "/etc/wireguard/privatekey";
postUp = ''
${iptables} -A FORWARD -i wg0 -j ACCEPT
${iptables} -t nat -A POSTROUTING -s 10.0.0.1/24 -o venet0 -j MASQUERADE
${ip6tables} -A FORWARD -i wg0 -j ACCEPT
${ip6tables} -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o venet0 -j MASQUERADE
'';
preDown = ''
${iptables} -D FORWARD -i wg0 -j ACCEPT
${iptables} -t nat -D POSTROUTING -s 10.0.0.1/24 -o venet0 -j MASQUERADE
${ip6tables} -D FORWARD -i wg0 -j ACCEPT
${ip6tables} -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o venet0 -j MASQUERADE
'';
peers = [
{
publicKey = "kI93V0dVKSqX8hxMJHK5C0c1hEDPQTgPQDU8TKocVgo=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
publicKey = "RqTsFxFCcgYsytcDr+jfEoOA5UNxa1ZzGlpx6iuTpXY=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
publicKey = "1e0mjluqXdLbzv681HlC9B8BfGN8sIXIw3huLyQqwXI=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
};
});
anonymous-dns = moduleWithSystem (_: _: {
networking = {
nameservers = [ "127.0.0.1" "::1" ];
dhcpcd.extraConfig = "nohook resolv.conf";
};
services = {
dnscrypt-proxy2 = {
enable = true;
settings = {
cache = false;
ipv4_servers = true;
ipv6_servers = true;
dnscrypt_servers = true;
doh_servers = false;
odoh_servers = false;
require_dnssec = true;
require_nolog = true;
require_nofilter = true;
anonymized_dns = {
routes = [
{
server_name = "*";
via = [ "sdns://gQ8yMTcuMTM4LjIyMC4yNDM" ];
}
];
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
};
});
firewall = moduleWithSystem (_: { lib, ... }: {
networking = {
firewall = lib.mkForce {
enable = true;
allowedTCPPorts = [
25 # smtp
465 # smtps
80 # http
443 # https
];
allowedUDPPorts = [
25
465
80
443
51820 # wireguard
];
extraCommands = ''
iptables -N vpn # create a new chain named vpn
iptables -A vpn --src 10.0.0.2 -j ACCEPT # allow
iptables -A vpn --src 10.0.0.3 -j ACCEPT # allow
iptables -A vpn --src 10.0.0.4 -j ACCEPT # allow
iptables -A vpn -j DROP # drop everyone else
iptables -I INPUT -m tcp -p tcp --dport 22 -j vpn
'';
extraStopCommands = ''
iptables -F vpn
iptables -D INPUT -m tcp -p tcp --dport 22 -j vpn
iptables -X vpn
'';
};
};
});
rest = moduleWithSystem (_: { pkgs, ... }: {
fileSystems."/mnt/export1981" = {
device = "172.16.128.47:/nas/5490";
fsType = "nfs";
options = [ "nofail" ];
};
users = {
users.ivand = {
isNormalUser = true;
hashedPassword = "$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
extraGroups = [ "wheel" "adm" "mlocate" ];
openssh.authorizedKeys.keys = [
''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcLkzuCoBEg+wq/H+hkrv6pLJ8J5BejaNJVNnymlnlo ivan@idimitrov.dev
''
];
};
extraGroups = { mlocate = { }; };
};
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
};
};
};
systemd = {
timers = {
bingwp = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 10:00:00";
Persistent = true;
};
};
};
services = {
bingwp = {
description = "Download bing image of the day";
script = ''
${pkgs.nushell}/bin/nu -c "http get ('https://bing.com' + ((http get https://www.bing.com/HPImageArchive.aspx?format=js&n=1).images.0.url)) | save ('/var/pic' | path join ( [ (date now | format date '%Y-%m-%d'), '.png' ] | str join ))"
${pkgs.nushell}/bin/nu -c "${pkgs.toybox}/bin/ln -sf (ls /var/pic | where type == file | get name | sort | last) /var/pic/latest.png"
'';
};
};
};
});
}; };
} }

16
overlays/default.nix
View File

@ -1,14 +1,8 @@
top@{ inputs, withSystem, ... }: { { withSystem, ... }: {
flake.overlays.default = final: prev: flake.overlays.default = _: _:
let system = "x86_64-linux"; in withSystem system ( withSystem "x86_64-linux" (
{ config, ... }: { { config, ... }: with config.packages; {
nvim = config.packages.nvim; inherit nvim bingwp screenshot cursors wpd webshite sal;
bingwp = config.packages.bingwp;
screenshot = config.packages.screenshot;
cursors = config.packages.cursors;
wpd = config.packages.wpd;
webshite = config.packages.webshite;
sal = inputs.sal.packages.${system}.default;
} }
); );
} }

7
packages/default.nix
View File

@ -1,5 +1,6 @@
top@{ inputs, ... }: { { inputs, ... }: {
perSystem = perSystem@{ system, pkgs, ... }: { perSystem =
{ system, pkgs, ... }: {
config.packages = { config.packages = {
nvim = inputs.ide.nvim.${system}.standalone.default { nvim = inputs.ide.nvim.${system}.standalone.default {
plugins.lsp.servers = { plugins.lsp.servers = {
@ -7,6 +8,7 @@ top@{ inputs, ... }: {
pylsp.enable = true; pylsp.enable = true;
lua-ls.enable = true; lua-ls.enable = true;
}; };
extraPlugins = with pkgs.vimPlugins; [ vim-just ];
}; };
wpd = pkgs.writeShellApplication { wpd = pkgs.writeShellApplication {
name = "wpd"; name = "wpd";
@ -61,6 +63,7 @@ top@{ inputs, ... }: {
}; };
}); });
webshite = inputs.webshite.packages.${system}.default; webshite = inputs.webshite.packages.${system}.default;
sal = inputs.sal.packages."x86_64-linux".default;
}; };
}; };
} }