about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-08-24 13:46:57 +0300
committerAzat Bahawi <azat@bahawi.net>2022-08-24 13:46:57 +0300
commit63f085f0b035bee67254918c7b17bcc31984580c (patch)
tree06dfe93521c1d905a948328197edfc2f0aeeab82
parent2022-08-21 (diff)
2022-08-24
-rw-r--r--configurations/varda/default.nix7
-rw-r--r--flake.lock42
-rw-r--r--modules/nixfiles/common/default.nix2
-rw-r--r--modules/nixfiles/common/nix/default.nix (renamed from modules/nixfiles/common/nix.nix)41
-rw-r--r--modules/nixfiles/common/nix/patches/alejandra-no-ads.patch33
-rw-r--r--modules/nixfiles/emacs/default.nix18
-rw-r--r--modules/nixfiles/games/minecraft.nix35
-rw-r--r--modules/nixfiles/nmap.nix64
-rw-r--r--modules/nixfiles/profiles/dev/containers/default.nix14
9 files changed, 159 insertions, 97 deletions
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix
index f700df5..d7c6132 100644
--- a/configurations/varda/default.nix
+++ b/configurations/varda/default.nix
@@ -14,12 +14,15 @@ with lib; {
       client.enable = true;
     };
 
-    games.minecraft.server.enable = true;
+    games.minecraft.server = {
+      enable = true;
+      memory = "6G";
+    };
 
     acme.enable = true;
   };
 
-  systemd.services.minecraft-server.wantedBy = mkForce [];
+  # systemd.services.minecraft-server.wantedBy = mkForce [];
 
   networking = let
     interface = "eth0";
diff --git a/flake.lock b/flake.lock
index 9655a98..c6028b1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -121,11 +121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1661048606,
-        "narHash": "sha256-s5kRhiNnsAe5YoQhFZQS5MS+is0z9UjWlYvuObTGjjg=",
+        "lastModified": 1661315932,
+        "narHash": "sha256-3+CUK8wx+oEaKhrXWrK9LQVdhtkArXcy+mvihstlAXc=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "798ab8fd2043e8b800a70a3eebd42388e34cf708",
+        "rev": "9df7898566fe546ddebc15e665a938a9dec84d01",
         "type": "github"
       },
       "original": {
@@ -250,11 +250,11 @@
     "flake-registry": {
       "flake": false,
       "locked": {
-        "lastModified": 1657791189,
-        "narHash": "sha256-Z2ckMWqybpJjIdGIPuHcYzTL7DPTbFKpBZJJgGfFUog=",
+        "lastModified": 1661161594,
+        "narHash": "sha256-tu1KKNLw+v7ZOIUPGDE66tn9vEyhIAWiiJYZRGGev8E=",
         "owner": "NixOS",
         "repo": "flake-registry",
-        "rev": "7a481cef7e86d6ceb4aec244d9bb085619360ba1",
+        "rev": "8634fb4e1db6c76ce037bc00ef80f9ebd2616476",
         "type": "github"
       },
       "original": {
@@ -307,11 +307,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1660574517,
-        "narHash": "sha256-Lp5D2pAPrM3iAc1eeR0iGwz5rM+SYOWzVxI3p17nlrU=",
+        "lastModified": 1661323822,
+        "narHash": "sha256-1UGGcQ00uSo5cPTwL7C3S1zkcScbpF0WzspvnceWkbQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "688e5c85b7537f308b82167c8eb4ecfb70a49861",
+        "rev": "1d81e6295ca530603478114f4977402d51299ad8",
         "type": "github"
       },
       "original": {
@@ -404,11 +404,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1661008273,
-        "narHash": "sha256-UpDqsGzUswIHG7FwzeIewjWlElF17UVLNbI2pwlbcBY=",
+        "lastModified": 1661239106,
+        "narHash": "sha256-C5OCLnrv2c4CHs9DMEtYKkjJmGL7ySAZ1PqPkHBonxQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0cc6444e74cd21e8da8d81ef4cd778492e10f843",
+        "rev": "963d27a0767422be9b8686a8493dcade6acee992",
         "type": "github"
       },
       "original": {
@@ -420,11 +420,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1661078620,
-        "narHash": "sha256-9kPlq/k6R0q1OVsEvjleI4lU58otJiofVCj/0qaVi08=",
+        "lastModified": 1661326595,
+        "narHash": "sha256-efDmckd14Muk9GBGUx4gMVBNI0tjt1UO0VOf+7TE5No=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5c91de512dac418bb3a13d76b160af060cef3aaf",
+        "rev": "b9f400f2989c97cb4016c7035b4dc0b4fe118060",
         "type": "github"
       },
       "original": {
@@ -436,11 +436,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1661064672,
-        "narHash": "sha256-/Vdvm0hZl2KOtb4jSqwYZTIGtN2zne7BZChiuyTy0MQ=",
+        "lastModified": 1661309001,
+        "narHash": "sha256-a0CDFy+TD1/csQw+Bqdk4cT//BVAvp+A4QPYbUV9LlQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2cb8ab06d9768c06c2f452d13c23d49756457630",
+        "rev": "a5c89f496b91b441f5259c29bd48b62e0d265b25",
         "type": "github"
       },
       "original": {
@@ -502,11 +502,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1661072238,
-        "narHash": "sha256-X9jXdO2kS3i+E5fyhNqAfiClLMaC8Qria0m26UXXGIo=",
+        "lastModified": 1661324410,
+        "narHash": "sha256-UDZxQoSt5YqydpSbaqS3XQBura9Z4beJZo7mnBT1zp4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "572f1871e41f327bfe84f58388bcdebfd3b774f8",
+        "rev": "67fc62908c93529adb71baadc9d120e5a0106711",
         "type": "github"
       },
       "original": {
diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix
index d73ac53..7f60f77 100644
--- a/modules/nixfiles/common/default.nix
+++ b/modules/nixfiles/common/default.nix
@@ -6,7 +6,7 @@ _: {
     ./kernel.nix
     ./locale.nix
     ./networking.nix
-    ./nix.nix
+    ./nix
     ./secrets.nix
     ./security.nix
     ./services.nix
diff --git a/modules/nixfiles/common/nix.nix b/modules/nixfiles/common/nix/default.nix
index 2447d96..4213a29 100644
--- a/modules/nixfiles/common/nix.nix
+++ b/modules/nixfiles/common/nix/default.nix
@@ -8,9 +8,7 @@
   this,
   ...
 }:
-with lib; let
-  nixfilesSrc = "${config.my.home}/src/nixfiles";
-in {
+with lib; {
   _module.args = let
     importNixpkgs = nixpkgs:
       import nixpkgs {
@@ -46,7 +44,7 @@ in {
 
     nixPath =
       mapAttrsToList (n: v: "${n}=${v}") filteredInputs
-      ++ ["nixfiles=${nixfilesSrc}"];
+      ++ ["nixfiles=${config.my.home}/src/nixfiles"];
 
     registry =
       mapAttrs (_: flake: {inherit flake;}) filteredInputs
@@ -79,30 +77,18 @@ in {
       self.overlays.default
       (_: super:
         {
-          # Splitting this into a separate package could be a good PR.
-          logcli = super.grafana-loki.overrideAttrs (_: _: {
-            subPackages = ["cmd/logcli"];
-            preFixup = "";
-            doCheck = false;
+          nix-bash-completions = super.nix-bash-completions.overrideAttrs (_: _: {
+            postPatch = ''
+              substituteInPlace _nix \
+                --replace 'nix nixos-option' 'nixos-option'
+            '';
           });
 
-          nix-bash-completions =
-            super.nix-bash-completions.overrideAttrs
-            (_: _: {
-              postPatch = ''
-                substituteInPlace _nix --replace 'nix nixos-option' 'nixos-option'
-              '';
-            });
-
-          helm = super.kubernetes-helm-wrapped.override {
-            plugins = with super.kubernetes-helmPlugins; [
-              helm-diff
-              helm-secrets
-            ];
-          };
+          alejandra = super.alejandra.overrideAttrs (_: _: {
+            patches = [./patches/alejandra-no-ads.patch];
+          });
 
-          # https://github.com/matrix-org/dendrite/issues/2650
-          # Wait till 0.9.4
+          # FIXME https://github.com/NixOS/nixpkgs/pull/187519
           dendrite = super.dendrite.overrideAttrs (_: _: {
             doCheck = false;
           });
@@ -120,7 +106,6 @@ in {
           lua-language-server = sumneko-lua-language-server;
           nix-language-server = rnix-lsp;
           omnisharp = omnisharp-roslyn;
-          telepresence = telepresence2;
           tor-browser = tor-browser-bundle-bin;
         }))
       agenix.overlay
@@ -145,10 +130,6 @@ in {
 
     systemPackages = with pkgs;
       optionals config.profile.headful [
-        (pkgs.nixfiles.override {
-          nix = config.nix.package;
-          inherit nixfilesSrc;
-        })
         nix-top
         nix-tree
       ];
diff --git a/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch b/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch
new file mode 100644
index 0000000..6eaac66
--- /dev/null
+++ b/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch
@@ -0,0 +1,33 @@
+diff --git i/src/alejandra_cli/src/cli.rs w/src/alejandra_cli/src/cli.rs
+index bab102c..b90bf1d 100644
+--- i/src/alejandra_cli/src/cli.rs
++++ w/src/alejandra_cli/src/cli.rs
+@@ -7,7 +7,6 @@ use futures::future::RemoteHandle;
+ use futures::stream::FuturesUnordered;
+ use futures::task::SpawnExt;
+ 
+-use crate::ads::random_ad;
+ use crate::verbosity::Verbosity;
+ 
+ /// The Uncompromising Nix Code Formatter.
+@@ -203,11 +202,6 @@ pub fn main() -> std::io::Result<()> {
+                     (true, false) => "requires formatting",
+                 }
+             );
+-
+-            if in_place {
+-                eprintln!();
+-                eprint!("{}", random_ad());
+-            }
+         }
+ 
+         std::process::exit(if in_place { 0 } else { 2 });
+@@ -218,8 +212,6 @@ pub fn main() -> std::io::Result<()> {
+         eprintln!(
+             "Congratulations! Your code complies with the Alejandra style."
+         );
+-        eprintln!();
+-        eprint!("{}", random_ad());
+     }
+ 
+     std::process::exit(0);
diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix
index a972060..86db0f7 100644
--- a/modules/nixfiles/emacs/default.nix
+++ b/modules/nixfiles/emacs/default.nix
@@ -8,8 +8,7 @@
 with lib; let
   cfg = config.nixfiles.modules.emacs;
 in {
-  options.nixfiles.modules.emacs.enable =
-    mkEnableOption "GNU Emacs";
+  options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs";
 
   config = mkIf cfg.enable {
     # TODO Make magit-forge to work with this.
@@ -33,16 +32,13 @@ in {
       programs.doom-emacs = {
         enable = true;
         doomPrivateDir = ./doom;
-        # NOTE NativeComp breaks non-latin fonts and takes a long time to
-        # perform updates while giving miniscule speed improvements. Emacs is
-        # still a laggy and slow piece of shit regardless of enabling this flag
-        # or not.
-        # emacsPackage = pkgs.emacs28.override {nativeComp = true;};
-        emacsPackage = pkgs.emacs28;
+        emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises.
         extraPackages = with pkgs; [
           mu # :email mu4e
         ];
         extraConfig = let
+          # NOTE gopls will require a Go executable, which must be provided by
+          # the project's flake.
           extraBins = with pkgs; [
             (aspellWithDicts (p: with p; [en ru])) # :checkers spell (+aspell)
             asmfmt # :editor format
@@ -81,6 +77,7 @@ in {
             python3Packages.isort # :lang python
             python3Packages.pyflakes # :lang python
             ripgrep # core
+            rust-analyzer # :lang rust
             shellcheck # :lang sh
             shfmt # :lang sh :editor format
             sqlite # :lang (org +roam2) :tools lookup
@@ -115,9 +112,8 @@ in {
                 circe-default-realname "${my.fullname}"
                 circe-default-user circe-default-nick)
 
-          (setq doom-font (font-spec
-                          :family "${config.fontScheme.monospaceFont.family}"
-                          :size ${toString config.fontScheme.monospaceFont.size})
+          (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}"
+                                     :size ${toString config.fontScheme.monospaceFont.size})
                 doom-unicode-font doom-font)
         '';
       };
diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix
index 4825a7b..3936eaa 100644
--- a/modules/nixfiles/games/minecraft.nix
+++ b/modules/nixfiles/games/minecraft.nix
@@ -10,7 +10,15 @@ with lib; let
 in {
   options.nixfiles.modules.games.minecraft = {
     client.enable = mkEnableOption "Minecraft client";
-    server.enable = mkEnableOption "Minecraft server";
+    server = {
+      enable = mkEnableOption "Minecraft server";
+
+      memory = mkOption {
+        description = "Amount of RAM to allocate.";
+        type = types.str;
+        default = "2G";
+      };
+    };
   };
 
   # Configurations, opslist, whitelist and plugins are managed imperatively.
@@ -30,7 +38,30 @@ in {
         package = (pkgsPR "187458" "sha256-kOYkuXvcmqt8Lsh0yMr8reurzU1qTrzh0Z/Tjan0IF0=").papermc;
 
         # TODO Make PR fixing trailing whitespace on this.
-        jvmOpts = mkDefault "-Xmx4096M -Xms4096M ";
+        jvmOpts =
+          (concatStringsSep " " [
+            "-Xmx${cfg.server.memory}"
+            "-Xms${cfg.server.memory}"
+            # "-XX:+AlwaysPreTouch"
+            # "-XX:+DisableExplicitGC"
+            # "-XX:+ParallelRefProcEnabled"
+            # "-XX:+PerfDisableSharedMem"
+            # "-XX:+UnlockExperimentalVMOptions"
+            # "-XX:+UseG1GC"
+            # "-XX:G1HeapRegionSize=8M"
+            # "-XX:G1HeapWastePercent=5"
+            # "-XX:G1MaxNewSizePercent=40"
+            # "-XX:G1MixedGCCountTarget=4"
+            # "-XX:G1MixedGCLiveThresholdPercent=90"
+            # "-XX:G1NewSizePercent=30"
+            # "-XX:G1RSetUpdatingPauseTimePercent=5"
+            # "-XX:G1ReservePercent=20"
+            # "-XX:InitiatingHeapOccupancyPercent=15"
+            # "-XX:MaxGCPauseMillis=200"
+            # "-XX:MaxTenuringThreshold=1"
+            # "-XX:SurvivorRatio=32"
+          ])
+          + " ";
 
         openFirewall = true;
       };
diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix
index 56ac88f..27a36bb 100644
--- a/modules/nixfiles/nmap.nix
+++ b/modules/nixfiles/nmap.nix
@@ -11,31 +11,49 @@ in {
   options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap";
 
   config = mkIf cfg.enable {
-    hm.home = {
-      file = {
-        ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse";
-        ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
+    hm = {
+      home = {
+        file = {
+          ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse";
+          ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
+        };
+
+        packages = with pkgs; [nmap nmap-formatter];
+
+        activation.regenerateNmapScriptDatabase = with pkgs; ''
+          # TODO Add an update timestamp and pull files only when they are old.
+          # declare -a vulscandbs=(
+          #   "cve"
+          #   "exploitdb"
+          #   "openvas"
+          #   "osvdb"
+          #   "scipvuldb"
+          #   "securityfocus"
+          #   "securitytracker"
+          #   "xforce"
+          # )
+          # for i in "''${vulscandbs[@]}"; do
+          #   ${curl}/bin/curl \
+          #     -o "$HOME/.nmap/scripts/vulscan/$i.csv" \
+          #     "https://www.computec.ch/projekte/vulscan/download/$i.csv"
+          # done
+
+          ${nmap}/bin/nmap --script-updatedb
+        '';
       };
-      packages = with pkgs; [nmap nmap-formatter];
-      activation.regenerateNmapScriptDatabase = with pkgs; ''
-        # declare -a vulscandbs=(
-        #   "cve"
-        #   "exploitdb"
-        #   "openvas"
-        #   "osvdb"
-        #   "scipvuldb"
-        #   "securityfocus"
-        #   "securitytracker"
-        #   "xforce"
-        # )
-        # for i in "''${vulscandbs[@]}"; do
-        #   ${curl}/bin/curl \
-        #     -o "$HOME/.nmap/scripts/vulscan/$i.csv" \
-        #     "https://www.computec.ch/projekte/vulscan/download/$i.csv"
-        # done
 
-        ${nmap}/bin/nmap --script-updatedb
-      '';
+      programs.bash = {
+        shellAliases = let
+          base = "${pkgs.nmap}/bin/nmap -sV";
+        in {
+          nmap-vulscan = "${base} --script=vulscan/vulscan.nse";
+          nmap-vulners = "${base} --script=vulners/vulners.nse";
+        };
+        initExtra = mkAfter ''
+          _complete_alias nmap-vulscan _nmap nmap
+          _complete_alias nmap-vulners _nmap nmap
+        '';
+      };
     };
   };
 }
diff --git a/modules/nixfiles/profiles/dev/containers/default.nix b/modules/nixfiles/profiles/dev/containers/default.nix
index 3196654..b533626 100644
--- a/modules/nixfiles/profiles/dev/containers/default.nix
+++ b/modules/nixfiles/profiles/dev/containers/default.nix
@@ -19,14 +19,14 @@ in {
     hm = {
       home = {
         sessionVariables = {
-          MINIKUBE_IN_STYLE = "false";
-          WERF_DEV = "true";
-          WERF_INSECURE_REGISTRY = "true";
-          WERF_LOG_DEBUG = "true";
-          WERF_LOG_PRETTY = "false";
-          WERF_LOG_VERBOSE = "true";
+          MINIKUBE_IN_STYLE = false;
+          WERF_DEV = true;
+          WERF_INSECURE_REGISTRY = true;
+          WERF_LOG_DEBUG = true;
+          WERF_LOG_PRETTY = false;
+          WERF_LOG_VERBOSE = true;
           WERF_SYNCHRONIZATION = ":local";
-          WERF_TELEMETRY = 0;
+          WERF_TELEMETRY = false;
         };
 
         file.".minikube/config/config.json".text = generators.toJSON {} {

Consider giving Nix/NixOS a try! <3