diff options
Diffstat (limited to '')
-rw-r--r-- | checks.nix | 5 | ||||
-rw-r--r-- | configurations/eonwe/default.nix | 8 | ||||
-rw-r--r-- | configurations/eonwe/vidya.nix | 5 | ||||
-rw-r--r-- | configurations/varda/default.nix | 2 | ||||
-rw-r--r-- | flake.lock | 279 | ||||
-rw-r--r-- | flake.nix | 3 | ||||
-rw-r--r-- | lib/default.nix | 6 | ||||
-rw-r--r-- | modules/common/nix.nix | 19 | ||||
-rw-r--r-- | modules/common/systemd.nix | 3 | ||||
-rw-r--r-- | modules/direnv.nix | 1 | ||||
-rw-r--r-- | modules/editorconfig.nix | 6 | ||||
-rw-r--r-- | modules/emacs/default.nix | 11 | ||||
-rw-r--r-- | modules/emacs/doom/config.el | 183 | ||||
-rw-r--r-- | modules/emacs/doom/init.el | 1 | ||||
-rw-r--r-- | modules/emacs/doom/packages.el | 13 | ||||
-rw-r--r-- | modules/firefox/addons.nix | 29 | ||||
-rw-r--r-- | modules/firefox/default.nix | 7 | ||||
-rw-r--r-- | modules/firefox/userContent.css | 42 | ||||
-rw-r--r-- | modules/git/default.nix | 4 | ||||
-rw-r--r-- | modules/profiles/headful.nix | 5 | ||||
-rw-r--r-- | modules/profiles/headless.nix | 8 | ||||
-rw-r--r-- | modules/sing-box.nix | 82 | ||||
-rw-r--r-- | modules/soju.nix | 3 | ||||
-rw-r--r-- | modules/vscode.nix | 6 | ||||
-rw-r--r-- | modules/wireguard.nix | 49 | ||||
-rw-r--r-- | overlays.nix | 24 |
26 files changed, 484 insertions, 320 deletions
diff --git a/checks.nix b/checks.nix index 33ab57e..3261f1a 100644 --- a/checks.nix +++ b/checks.nix @@ -11,10 +11,6 @@ path = ./.; }; hooks = { - nixfmt = { - enable = true; - package = pkgs.nixfmt; - }; promtool = { enable = true; name = "promtool"; @@ -35,6 +31,7 @@ fix-byte-order-marker.enable = true; flake-checker.enable = true; nil.enable = true; + nixfmt-rfc-style.enable = true; prettier.enable = true; shellcheck.enable = true; shfmt.enable = true; diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix index a51b5ea..7552f08 100644 --- a/configurations/eonwe/default.nix +++ b/configurations/eonwe/default.nix @@ -33,6 +33,7 @@ with lib; hm = { home.packages = with pkgs; [ anki + audacity calibre gimp kdenlive @@ -173,12 +174,9 @@ with lib; xserver.wacom.enable = true; }; - # Usually stuff that is going to be compiled on this machine is going to have - # parallelisation support enabled, so we will make sure that all cores are - # utilised and limit the job queue to one. nix.settings = { - max-jobs = 1; - cores = 32; + max-jobs = 8; + cores = 30; }; # Required[1] for using ZFS kernel modules with "unsupported" kernels. diff --git a/configurations/eonwe/vidya.nix b/configurations/eonwe/vidya.nix index 5753ede..7e10175 100644 --- a/configurations/eonwe/vidya.nix +++ b/configurations/eonwe/vidya.nix @@ -2,9 +2,10 @@ { nixfiles.modules = { common.nix.allowedUnfreePackages = [ + "cla-theme" # source-available "dwarf-fortress" - "fallout-ce" - "fallout2-ce" + "fallout-ce" # source-available + "fallout2-ce" # source-available ]; games = { diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index 76f8daf..908a3ec 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -6,7 +6,7 @@ with lib; nixfiles.modules = { wireguard.client.enable = true; - k3s.enable = true; + sing-box.enable = true; }; boot = { diff --git a/flake.lock b/flake.lock index 323ea7d..236aa63 100644 --- a/flake.lock +++ b/flake.lock @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1721720317, - "narHash": "sha256-KH0ILX8EGa/A4Bgc6DtsbviG8qaLrzDDV1m1bIXJ+pw=", + "lastModified": 1725263787, + "narHash": "sha256-OSNjus8VSkLCSikN6Qeq+II1bwqTRJEwl6NJvFoQHoE=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "92c9a287b7b98198c3ba5cdfc90218402e49c4b3", + "rev": "72addd96455cce49c0c8524c53aecd02cf20adec", "type": "github" }, "original": { @@ -131,30 +131,14 @@ "type": "github" } }, - "base16-foot": { - "flake": false, - "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", - "owner": "tinted-theming", - "repo": "base16-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-foot", - "type": "github" - } - }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1720809814, - "narHash": "sha256-numb3xigRGnr/deF7wdjBwVg7fpbTH7reFDkJ75AJkY=", + "lastModified": 1725860795, + "narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "34f41987bec14c0f3f6b2155c19787b1f6489625", + "rev": "7f795bf75d38e0eea9fed287264067ca187b88a9", "type": "github" }, "original": { @@ -163,38 +147,6 @@ "type": "github" } }, - "base16-kitty": { - "flake": false, - "locked": { - "lastModified": 1665001328, - "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", - "owner": "kdrag0n", - "repo": "base16-kitty", - "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", - "type": "github" - }, - "original": { - "owner": "kdrag0n", - "repo": "base16-kitty", - "type": "github" - } - }, - "base16-tmux": { - "flake": false, - "locked": { - "lastModified": 1696725902, - "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", - "owner": "tinted-theming", - "repo": "base16-tmux", - "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-tmux", - "type": "github" - } - }, "base16-vim": { "flake": false, "locked": { @@ -278,11 +230,11 @@ ] }, "locked": { - "lastModified": 1724031427, - "narHash": "sha256-o1HdAf+7IGv9M13R3c+zc/sJ0QgeEnhsvHBcodI4UpM=", + "lastModified": 1727531434, + "narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=", "owner": "nix-community", "repo": "disko", - "rev": "4e719b38fa7c85f4f65d0308ca7084c91e7bdd6d", + "rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959", "type": "github" }, "original": { @@ -301,11 +253,11 @@ ] }, "locked": { - "lastModified": 1719459426, - "narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=", + "lastModified": 1726867691, + "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=", "owner": "nix-community", "repo": "dns.nix", - "rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6", + "rev": "a3196708a56dee76186a9415c187473b94e6cbae", "type": "github" }, "original": { @@ -334,11 +286,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -365,6 +317,27 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": [ + "stylix", + "systems" + ] + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -395,11 +368,11 @@ ] }, "locked": { - "lastModified": 1723803910, - "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=", + "lastModified": 1727514110, + "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba", + "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8", "type": "github" }, "original": { @@ -453,11 +426,11 @@ ] }, "locked": { - "lastModified": 1723986931, - "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=", + "lastModified": 1727383923, + "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=", "owner": "nix-community", "repo": "home-manager", - "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671", + "rev": "ffe2d07e771580a005e675108212597e5b367d2d", "type": "github" }, "original": { @@ -469,11 +442,11 @@ "homelab-svg-assets": { "flake": false, "locked": { - "lastModified": 1720537204, - "narHash": "sha256-/hWaS/StMqrJU2Le/vTItIg55HSEbk/dHGkyDrOFoII=", + "lastModified": 1726669367, + "narHash": "sha256-/dQqkVsvE1kq30LnI233tY6dK32XHnD3PNjKLjd7vvo=", "owner": "loganmarchione", "repo": "homelab-svg-assets", - "rev": "6b21726b821c961d5c85b9f7afd8950ba700f306", + "rev": "492c9eabbdce282b14b1e46156d5fdc01c26b36b", "type": "github" }, "original": { @@ -484,11 +457,11 @@ }, "impermanence": { "locked": { - "lastModified": 1724146542, - "narHash": "sha256-MLxtqDtu+y/4UDhXX5pFypX9/qbH54TDP6Z90oFzd/A=", + "lastModified": 1727649413, + "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=", "owner": "nix-community", "repo": "impermanence", - "rev": "03fe473c731cda2900bae9894b8dfc68e3492db5", + "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e", "type": "github" }, "original": { @@ -535,11 +508,11 @@ ] }, "locked": { - "lastModified": 1724117732, - "narHash": "sha256-YukZGv8DyHYWeKMX3e/f12ShvB1fuBjIYgRP91huP28=", + "lastModified": 1727747697, + "narHash": "sha256-bNZ4ykMpxyTLrPsctiDwe5d69vafvIbNTbzbWfd2CH4=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "a8e3133e397a53a3674837a0e8a1efa3b7378da7", + "rev": "30af58cedcc444da772a73286e16287f94a9fef1", "type": "github" }, "original": { @@ -555,11 +528,11 @@ ] }, "locked": { - "lastModified": 1723950649, - "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=", + "lastModified": 1727658919, + "narHash": "sha256-YAePt2GldkkRJ08LvZNHcuS6shIVStj+K+1DZN3gbnM=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "392828aafbed62a6ea6ccab13728df2e67481805", + "rev": "f9fdf8285690a351e8998f1e703ebdf9cdf51dee", "type": "github" }, "original": { @@ -582,11 +555,11 @@ ] }, "locked": { - "lastModified": 1722338736, - "narHash": "sha256-bSnWgJ7eXgHZ/pwL7+NTDGfOzsbOiw899BV3k7TawWE=", + "lastModified": 1725483443, + "narHash": "sha256-WzOlGMKV/51Fccn/OMHcm5yrqgbOJZrJIy1ya4pW0u8=", "owner": "oddlama", "repo": "nix-topology", - "rev": "870dcc9074077a327220b36597098c295944a47d", + "rev": "8738d94670265beb166954c4e3a26e432f79f68c", "type": "github" }, "original": { @@ -597,11 +570,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1727665282, + "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5", "type": "github" }, "original": { @@ -612,11 +585,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724047581, - "narHash": "sha256-BypLrnMS2QvvdVhwWixppTOM3fLPC8eyJse0BNSbbfI=", + "lastModified": 1727716680, + "narHash": "sha256-uMVkVHL4r3QmlZ1JM+UoJwxqa46cgHnIfqGzVlw5ca4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9b5094b8f6e06a46f9f53bb97a9573b7cedf2a2", + "rev": "b5b22b42c0d10c7d2463e90a546c394711e3a724", "type": "github" }, "original": { @@ -641,13 +614,29 @@ "type": "indirect" } }, + "nixpkgs-amneziawg": { + "locked": { + "lastModified": 1728518462, + "narHash": "sha256-RTZ6X/fae4dRPGk0g/LMsD9yRfJ/N2kRQJ4TIaoGNIc=", + "owner": "azahi", + "repo": "nixpkgs", + "rev": "8030066aad97e91dbbb11a32788c7a1f89addf1c", + "type": "github" + }, + "original": { + "owner": "azahi", + "ref": "amneziawg", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-master": { "locked": { - "lastModified": 1724146343, - "narHash": "sha256-SLB5mmhHGLhb7npka7lPrIwymuOAHrsLblkWImLh2HE=", + "lastModified": 1727796460, + "narHash": "sha256-ZERpx+GPuZ7Cg54iDNxhw/9BYmqpmzgMitvU27R5rzs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a04eac9c5aa7f82e02d6e9e0b203b6eb5704c141", + "rev": "8348471506d3f8abad30e848fe113cb4489ba2e9", "type": "github" }, "original": { @@ -659,11 +648,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1724139824, - "narHash": "sha256-ya2P68yRLzutFGcl0CuB6siqP0McLFM92A78NTmNtK0=", + "lastModified": 1727793663, + "narHash": "sha256-PIwGt3UeeAtiwuikQYlqxXGuOdlCHFzxyrw3FIWJ1BY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f07d0e47777d09e719f6f6ebe550f53b240c4d10", + "rev": "3d5d583ab403703be5b0aab368ba8d8ccc481000", "type": "github" }, "original": { @@ -692,11 +681,11 @@ "nmap-vulscan": { "flake": false, "locked": { - "lastModified": 1721191969, - "narHash": "sha256-98UL6N8l/C/UJebzuHJQPxitVya55a0mcwTR4dKII6E=", + "lastModified": 1726027969, + "narHash": "sha256-I8lT5UeMTU63/dRFdWMUJJlEBwEEU0KAse6FdnjJeBs=", "owner": "scipag", "repo": "vulscan", - "rev": "2640d62400e9953fb9a33e6033dc59a9dc9606ba", + "rev": "a87aa9775d305deabd353c0c3fd8abf4b5cc0d8c", "type": "github" }, "original": { @@ -725,6 +714,7 @@ "nix-topology": "nix-topology", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nixpkgs-amneziawg": "nixpkgs-amneziawg", "nixpkgs-master": "nixpkgs-master", "nixpkgs-stable": "nixpkgs-stable", "nmap-vulners": "nmap-vulners", @@ -741,11 +731,11 @@ ] }, "locked": { - "lastModified": 1724028469, - "narHash": "sha256-vUNNPBErgkbthrGq952uNkP/25J12j0uSAB7jjdrNBo=", + "lastModified": 1727723127, + "narHash": "sha256-1Wy+v5xPsAb8GvHtU4egpIo8Rhmw1faAbGaIDduVG9I=", "owner": "nix-community", "repo": "srvos", - "rev": "5a7a27e18839e3392ac12fcb888d5eb6009ab31b", + "rev": "3368388007de976ceb40f3e19f31ffd8667c36a7", "type": "github" }, "original": { @@ -758,28 +748,30 @@ "inputs": { "base16": "base16", "base16-fish": "base16-fish", - "base16-foot": "base16-foot", "base16-helix": "base16-helix", - "base16-kitty": "base16-kitty", - "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", "flake-compat": [ "flake-compat" ], + "flake-utils": "flake-utils_3", "gnome-shell": "gnome-shell", "home-manager": [ "home-manager" ], "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems_4", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1724091143, - "narHash": "sha256-55CrA0BNqmnS4qB812D7JY9hNBB0r36sJlErepkfeTo=", + "lastModified": 1727723275, + "narHash": "sha256-k4HrG8TJQ0RqDS1tlDz71kvWFBNQ7qZI9T5Z0qLR85Y=", "owner": "danth", "repo": "stylix", - "rev": "94d70292d0c687ebacb65d00bd516cbefa18d3ca", + "rev": "e7e97059776da7e34b739415a7bc8f80f606b803", "type": "github" }, "original": { @@ -833,6 +825,69 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1696725948, + "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1665001328, + "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1696725902, + "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, "vscode-extensions": { "inputs": { "flake-compat": [ @@ -846,11 +901,11 @@ ] }, "locked": { - "lastModified": 1724117347, - "narHash": "sha256-/nfm6P0owPtCRjT8ktq/8OChtg2HpkrvNaDJGm9N1Lk=", + "lastModified": 1727747703, + "narHash": "sha256-YbKSShfCRNC4edx39kagpdpMYgu21L4f+sMStDI5rjc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2ef60116ef361d988317cbe52a09acfeda7d3416", + "rev": "2e8837496c0f58c4342ed84d309a8bc57677bc41", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 62f958d..68fa8bb 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,9 @@ nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; + # TODO Upstream this? + nixpkgs-amneziawg.url = "github:azahi/nixpkgs/amneziawg"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; home-manager = { diff --git a/lib/default.nix b/lib/default.nix index aa8df80..662938e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,6 @@ { - lib, inputs, + lib, system, ... }: @@ -86,7 +86,7 @@ rec { # ``` # nixosConfigurations.machine = nixosSystem { # modules = [ - # (_: modulesFromRef "services/security/foobar.nix" "azahi:foobar-fix" "sha256-AAA...") + # (_: moduleFromRef "services/security/foobar.nix" "azahi:foobar-fix" "sha256-AAA...") # ]; # }; # ``` @@ -96,7 +96,7 @@ rec { imports = [ ( let - src = builtins.fetchTarball { + src = inputs.nixpkgs.legacyPackages.${system}.fetchzip { url = let cons = splitString ":" ref; diff --git a/modules/common/nix.nix b/modules/common/nix.nix index d1f835c..0ab2888 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -49,7 +49,7 @@ in } // configurations // local._module.args ''; - programs.bash.shellAliases.nix = "nix --verbose --print-build-logs"; + programs.bash.shellAliases.nix = "nix --verbose --print-build-logs --no-eval-cache"; }; nix = @@ -57,6 +57,8 @@ in notSelfInputs = filterAttrs (n: _: n != "self") inputs; in { + package = mkForce pkgs.nix; # Only use stable Nix. + nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ "nixfiles=${config.my.home}/src/nixfiles" ]; @@ -75,15 +77,12 @@ in my.username ]; - experimental-features = mkForce [ - "auto-allocate-uids" - "cgroups" - "fetch-closure" - "flakes" - "nix-command" - "recursive-nix" - # "configurable-impure-env" - # "pipe-operators" + substituters = [ + "https://cache.tvl.su" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=" ]; }; }; diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix index 81df05c..e058ad8 100644 --- a/modules/common/systemd.nix +++ b/modules/common/systemd.nix @@ -26,8 +26,7 @@ with lib; resolved = { llmnr = "false"; dnsovertls = "opportunistic"; - domains = mapAttrsToList (_: v: v) my.domain; - fallbackDns = map (v: "${v}#dns.quad9.net") dns.const.quad9.default; + fallbackDns = dns.const.quad9.default; }; journald.extraConfig = '' diff --git a/modules/direnv.nix b/modules/direnv.nix index 709a73a..2ab0b3f 100644 --- a/modules/direnv.nix +++ b/modules/direnv.nix @@ -10,6 +10,7 @@ in hm.programs.direnv = { enable = true; config.global = { + load_dotenv = true; strict_env = true; warn_timeout = "1h"; }; diff --git a/modules/editorconfig.nix b/modules/editorconfig.nix index 5dfe845..e7f55ff 100644 --- a/modules/editorconfig.nix +++ b/modules/editorconfig.nix @@ -58,12 +58,6 @@ in indent_style = "space"; }; - # https://github.com/ziglang/zig/wiki/FAQ#why-does-zig-fmt-use-spaces-instead-of-tabs - "*.zig" = { - indent_size = 4; - indent_style = "space"; - }; - "*.{asm,s,S}" = { indent_size = 4; indent_style = "spaces"; diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index eccf179..a182d4c 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -125,7 +125,7 @@ in nixfmt # :lang nix :editor format nls # :lang (nickel +lsp) nodePackages.bash-language-server # :lang (sh +lsp) - nodePackages.eslint # :lang (json +lsp) + # nodePackages.eslint # :lang (json +lsp) nodePackages.js-beautify # :lang web nodePackages.prettier # :editor format nodePackages.stylelint # :lang web @@ -157,8 +157,6 @@ in vscode-langservers-extracted # :lang (json +lsp) (web +lsp) wordnet # :tools (lookup +dictionary +offline) yaml-language-server # :lang (yaml +lsp) - zig # :lang zig :editor format - zls # :lang (zig +lsp) zstd # :emacs undo ]; in @@ -181,8 +179,7 @@ in skk-large-jisyo "${pkgs.skk-dicts}/share/SKK-JISYO.L") ;; :editor parinfer - (setq parinfer-rust-auto-download nil - parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so") + (setq parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so") ;; :lang (org +roam2) :email mu4e (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}") @@ -202,8 +199,8 @@ in (with config.stylix.fonts; '' (setq doom-font "${monospace.name}-${toString sizes.terminal}" doom-serif-font "${serif.name}-${toString sizes.terminal}" - doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}") - doom-emoji-font "${emoji.name}-${toString sizes.terminal}" + doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}" + doom-emoji-font "${emoji.name}-${toString sizes.terminal}") '') ( with config.hm.accounts.email; diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el index 206e5cd..fe3b5b4 100644 --- a/modules/emacs/doom/config.el +++ b/modules/emacs/doom/config.el @@ -2,15 +2,15 @@ ;;; Misc ;; -(setq frame-title-format '("GNU Emacs")) +(setq! frame-title-format '("GNU Emacs")) (setq-hook! '(prog-mode-hook yaml-mode-hook) display-line-numbers-type 'relative scroll-margin 10 hscroll-margin 10) -(setq browse-url-generic-program (executable-find "firefox") - browse-url-browser-function 'browse-url-generic) +(setq! browse-url-generic-program (executable-find "firefox") + browse-url-browser-function 'browse-url-generic) (use-package! xclip :config @@ -19,34 +19,47 @@ xclip-mode t xclip-method 'wl-copy)) -(setq migemo-options '("--quiet" "--emacs") - skk-show-inline t) +(setq! migemo-options '("--quiet" "--emacs") + skk-show-inline t) ;; ;;; Doom-specific ;; -(setq doom-theme 'modus-operandi - doom-modeline-icon nil - doom-modeline-indent-info t - doom-modeline-total-line-number t - doom-modeline-height 30) +(setq! doom-theme 'modus-operandi + doom-modeline-icon nil + doom-modeline-indent-info t + doom-modeline-total-line-number t + doom-modeline-height 30) + +;; +;;; TVL +;; + +(use-package! tvl) ;; ;;; Editorconfig ;; -(setq +editorconfig-mode-alist '((sh-mode . "sh")) - editorconfig-exclude-modes '(lisp-mode - common-lisp-mode - emacs-lisp-mode)) +(setq! +editorconfig-mode-alist '((sh-mode . "sh")) + ;; It's never a good idea to force specific indentation rules for Lisp, + ;; the only rule should be is not to use tabs. + editorconfig-exclude-modes '(emacs-lisp-mode + clojure-mode + scheme-mode + lisp-mode + racket-mode + fennel-mode + hy-mode + dune-mode)) ;; ;;; LSP ;; -(setq lsp-enable-suggest-server-download nil - lsp-modeline-code-actions-enable nil) +(setq! lsp-enable-suggest-server-download nil + lsp-modeline-code-actions-enable nil) ;; ;;; Nix @@ -66,9 +79,9 @@ ;;; Go ;; -(setq lsp-go-analyses '((unsedvariable . t) - (unusedparams . t) - (unusedwrite . t))) +(setq! lsp-go-analyses '((unsedvariable . t) + (unusedparams . t) + (unusedwrite . t))) ;; ;;; Org @@ -79,38 +92,38 @@ ;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't ;; produce expected results. (after! org - (setq org-todo-keywords '((sequence - "TODO(t)" - "LOOP(r)" - "STRT(s@)" - "WAIT(w@/!)" - "HOLD(h@/!)" - "IDEA(i)" - "PROJ(p)" - "|" - "DONE(d@/!)" - "KILL(k@/!)")) - org-todo-keyword-faces '(("STRT" . +org-todo-active) - ("WAIT" . +org-todo-onhold) - ("HOLD" . +org-todo-onhold) - ("PROJ" . +org-todo-project) - ("KILL" . +org-todo-cancel)) - org-capture-templates '(("t" "Todo" entry - (file+headline +org-capture-todo-file "Inbox") - "* TODO %?\n%i\n%a" :prepend t) - ("n" "Note" entry - (file+headline +org-capture-notes-file "Inbox") - "* %u %?\n%i\n%a" :prepend t) - ("j" "Journal" entry - (file+olp+datetree +org-capture-journal-file) - "* %U %?\n%i\n%a" :prepend t)))) + (setq! org-todo-keywords '((sequence + "TODO(t)" + "LOOP(r)" + "STRT(s@)" + "WAIT(w@/!)" + "HOLD(h@/!)" + "IDEA(i)" + "PROJ(p)" + "|" + "DONE(d@/!)" + "KILL(k@/!)")) + org-todo-keyword-faces '(("STRT" . +org-todo-active) + ("WAIT" . +org-todo-onhold) + ("HOLD" . +org-todo-onhold) + ("PROJ" . +org-todo-project) + ("KILL" . +org-todo-cancel)) + org-capture-templates '(("t" "Todo" entry + (file+headline +org-capture-todo-file "Inbox") + "* TODO %?\n%i\n%a" :prepend t) + ("n" "Note" entry + (file+headline +org-capture-notes-file "Inbox") + "* %u %?\n%i\n%a" :prepend t) + ("j" "Journal" entry + (file+olp+datetree +org-capture-journal-file) + "* %U %?\n%i\n%a" :prepend t)))) (add-hook! 'org-mode-hook 'auto-fill-mode) (setq-hook! 'org-mode-hook fill-column 80) -(setq org-roam-directory "~/doc/roam/" - org-roam-db-location (concat org-roam-directory ".db")) +(setq! org-roam-directory "~/doc/roam/" + org-roam-db-location (concat org-roam-directory ".db")) (use-package! org-roam-ui :requires websocket @@ -132,8 +145,8 @@ ;;; PlantUML ;; -(setq plantuml-default-exec-mode 'executable - org-plantuml-exec-mode 'plantuml) +(setq! plantuml-default-exec-mode 'executable + org-plantuml-exec-mode 'plantuml) ;; ;;; Elisp @@ -142,15 +155,11 @@ (after! flycheck (pushnew! flycheck-disabled-checkers 'emacs-lisp-checkdoc)) -;; Turn this off because it leaves face artifacts when changing indentation. -(add-hook! 'emacs-lisp-mode-hook - (highlight-indent-guides-mode -1)) - ;; ;;; Haskell ;; -(setq lsp-haskell-formatting-provider "ormolu") +(setq! lsp-haskell-formatting-provider "ormolu") ;; ;;; Nickel @@ -186,38 +195,23 @@ ;;; Elfeed ;; -(setq elfeed-db-directory "~/.elfeed" - elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures") - rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org")) - elfeed-goodies/powerline-default-separator nil - elfeed-goodies/entry-pane-size 0.75 - elfeed-goodies/entry-pane-position 'bottom) - -(add-hook! 'elfeed-new-entry-hook - '((elfeed-make-tagger - :before "2 weeks ago" - :remove 'unread) - (elfeed-make-tagger - :feed-title "SberMarket Tech" - :entry-title (not ".*(DevOps|Golang).*") - :add 'junk - :remove 'unread) - (elfeed-make-tagger - :feed-title "dotconferences" - :entry-title (not ".*dotGo.*") - :add 'junk - :remove 'unread))) +(setq! elfeed-db-directory "~/.elfeed" + elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures") + rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org")) + elfeed-goodies/powerline-default-separator nil + elfeed-goodies/entry-pane-size 0.75 + elfeed-goodies/entry-pane-position 'bottom) ;; ;;; mu4e ;; (after! mu4e - (setq sendmail-program (executable-find "msmtp") - send-mail-function #'smtpmail-send-it - message-sendmail-f-is-evil t - message-sendmail-extra-arguments '("--read-envelope-from") - message-send-mail-function #'message-send-mail-with-sendmail)) + (setq! sendmail-program (executable-find "msmtp") + send-mail-function #'smtpmail-send-it + message-sendmail-f-is-evil t + message-sendmail-extra-arguments '("--read-envelope-from") + message-send-mail-function #'message-send-mail-with-sendmail)) (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 30) @@ -225,26 +219,25 @@ ;;; Circe ;; -(setq circe-network-options - (mapcar (lambda (server) - `(,server - :server-buffer-name ,server - :host "azahi.cc" - :port 6697 - :tls t - :logging nil - :user ,(concat circe-default-user "/" server) - :pass ,(lambda (&rest _) - (+pass-get-secret "server/soju.shire.net/azahi")))) - '("libera" "oftc" "hackint" "rizon"))) +(setq! circe-network-options + (mapcar (lambda (server) + `(,server + :server-buffer-name ,server + :host "azahi.cc" + :port 6697 + :tls t + :logging nil + :user ,(concat circe-default-user "/" server) + :pass ,(lambda (&rest _) + (+pass-get-secret "server/soju.shire.net/azahi")))) + '("libera" "oftc" "hackint" "rizon"))) ;; ;;; Sops ;; (use-package! sops - :config - (global-sops-mode 1)) + :hook (doom-first-file . global-sops-mode)) ;; ;;; Hledger @@ -256,7 +249,7 @@ :hook ((hledger-view-mode . hl-line-mode) (hledger-view-mode . center-text-for-reading)) :init - (setq hledger-jfile "~/doc/accounting/current.journal") + (setq! hledger-jfile "~/doc/accounting/current.journal") :config (set-company-backend! 'hledger-mode 'hledger-company) (add-hook! 'hledger-mode-hook @@ -272,4 +265,4 @@ (make-local-variable 'compay-idle-delay) (setq-local company-idle-delay 0.1)))) :init - (setq hledger-input-buffer-height 20)) + (setq! hledger-input-buffer-height 20)) diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index 5788fcc..b031880 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -83,7 +83,6 @@ (sh +lsp +tree-sitter) web (yaml +lsp +tree-sitter) - (zig +lsp +tree-sitter) :email mu4e diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el index 2edbf1a..0f908df 100644 --- a/modules/emacs/doom/packages.el +++ b/modules/emacs/doom/packages.el @@ -1,5 +1,7 @@ (disable-packages! writegood-mode) +(unpin! (:editor parinfer)) + (package! xclip) (package! org-roam-ui) @@ -9,12 +11,15 @@ (package! hledger-mode) (package! sops - :recipe (:type git - :host github + :recipe (:host github :repo "djgoku/sops")) (unpin! ansible) (package! ansible - :recipe (:type git - :host gitlab + :recipe (:host gitlab :repo "emacs-ansible/emacs-ansible")) + +(package! tvl + :recipe (:host nil + :repo "https://code.tvl.fyi/depot.git:/tools/emacs-pkgs/tvl.git" + :build nil)) diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix index 7537d60..753a413 100644 --- a/modules/firefox/addons.nix +++ b/modules/firefox/addons.nix @@ -1,11 +1,14 @@ -{ buildFirefoxXpiAddon, lib }: +{ + buildFirefoxXpiAddon, + lib, +}: { "bitwarden" = buildFirefoxXpiAddon { pname = "bitwarden"; - version = "2024.7.1"; + version = "2024.9.0"; addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4326285/bitwarden_password_manager-2024.7.1.xpi"; - sha256 = "28c505df3b615f6a3c829afdcff74584ddc5eb1d3fb35f9848c18470fad93772"; + url = "https://addons.mozilla.org/firefox/downloads/file/4350677/bitwarden_password_manager-2024.9.0.xpi"; + sha256 = "8c8b97b445fe65cbdd91eda4bd07e8946d6c1b21ac89c771205a3b9225e2ef12"; meta = with lib; { homepage = "https://bitwarden.com"; description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information."; @@ -51,10 +54,10 @@ }; "darkreader" = buildFirefoxXpiAddon { pname = "darkreader"; - version = "4.9.88"; + version = "4.9.92"; addonId = "addon@darkreader.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4317971/darkreader-4.9.88.xpi"; - sha256 = "7a965d5880be9fbf8be81a106acd1968263b1acc2db0add580b30f2dd71954b3"; + url = "https://addons.mozilla.org/firefox/downloads/file/4351387/darkreader-4.9.92.xpi"; + sha256 = "be55b3ea5bab95743d43823d9290fa820035b89c4d07943b568111d837a98226"; meta = with lib; { homepage = "https://darkreader.org/"; description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; @@ -120,10 +123,10 @@ }; "languagetool" = buildFirefoxXpiAddon { pname = "languagetool"; - version = "8.11.2"; + version = "8.11.8"; addonId = "languagetool-webextension@languagetool.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4329853/languagetool-8.11.2.xpi"; - sha256 = "bfac73229d0973370d163cd607ed36ada0aff46d597afee2c334cc58ec431210"; + url = "https://addons.mozilla.org/firefox/downloads/file/4341696/languagetool-8.11.8.xpi"; + sha256 = "2f1489f7180303be730ff2b16d6a432d07017c6cffd3fbfc39f37dc809a25fc8"; meta = with lib; { homepage = "https://languagetool.org"; description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word."; @@ -289,10 +292,10 @@ }; "violentmonkey" = buildFirefoxXpiAddon { pname = "violentmonkey"; - version = "2.20.0"; + version = "2.23.0"; addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4315769/violentmonkey-2.20.0.xpi"; - sha256 = "94fe88507ea47e8cc5ca80b76a6aaec44a486dbfd515a03f82f228dc24d49910"; + url = "https://addons.mozilla.org/firefox/downloads/file/4352761/violentmonkey-2.23.0.xpi"; + sha256 = "b3eadf855b6093376590aa63ae05933c5812e9515c9acf558550a4f2c78ab49b"; meta = with lib; { homepage = "https://violentmonkey.github.io/"; description = "Userscript support for browsers, open source."; diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix index 7b69da4..c694a7f 100644 --- a/modules/firefox/default.nix +++ b/modules/firefox/default.nix @@ -516,6 +516,8 @@ in "browser.protections_panel.infoMessage.seen" = true; "browser.region.update.region" = "US"; "browser.search.region" = "US"; + "browser.search.separatePrivateDefault" = mkForce false; + "browser.search.separatePrivateDefault.ui.enabled" = mkForce false; "browser.search.update" = false; "browser.shell.checkDefaultBrowser" = false; "browser.tabs.closeWindowWithLastTab" = true; @@ -529,6 +531,11 @@ in "browser.toolbars.bookmarks.visibility" = "newtab"; "browser.translations.enable" = false; "browser.urlbar.decodeURLsOnCopy" = true; + "browser.urlbar.suggest.addons" = false; + "browser.urlbar.suggest.bookmark" = true; + "browser.urlbar.suggest.engines" = true; + "browser.urlbar.suggest.history" = true; + "browser.urlbar.suggest.openpage" = true; "browser.warnOnQuitShortcut" = false; "devtools.everOpened" = true; "doh-rollout.home-region" = "US"; diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css index d912e5b..96bb529 100644 --- a/modules/firefox/userContent.css +++ b/modules/firefox/userContent.css @@ -58,27 +58,27 @@ @-moz-document regexp("https?://(.*\.)?github.com.*") { .color-fg-muted.f6.mt-4, /* GitHub profile guide. */ - .flex-order-1.flex-md-order-none, /* Follow button. */ - .js-user-status-item, - .protip, - .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ - .user-status-circle-badge-container, - .user-status-container, - a[href^="/account/choose?action=upgrade"], - a[href^="/collections"], - a[href^="/contact/report-content"], - a[href^="/events"], - a[href^="/explore"], - a[href^="/github-copilot"], - a[href^="/organizations/enterprise"], - a[href^="/settings/enterprises"], - a[href^="/sponsors"], - a[href^="/topics"], - a[href^="/trending"], - a[href^="https://github.com/codespaces"], /* Absolute cringe... */ - button[data-testid="copilot-popover-button"], - details[id^="funding-links-modal"], - footer { + .flex-order-1.flex-md-order-none, /* Follow button. */ + .js-user-status-item, + .protip, + .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ + .user-status-circle-badge-container, + .user-status-container, + a[href^="/account/choose?action=upgrade"], + a[href^="/collections"], + a[href^="/contact/report-content"], + a[href^="/events"], + a[href^="/explore"], + a[href^="/github-copilot"], + a[href^="/organizations/enterprise"], + a[href^="/settings/enterprises"], + a[href^="/sponsors"], + a[href^="/topics"], + a[href^="/trending"], + a[href^="https://github.com/codespaces"], /* Absolute cringe... */ + button[data-testid="copilot-popover-button"], + details[id^="funding-links-modal"], + footer { display: none !important; } diff --git a/modules/git/default.nix b/modules/git/default.nix index eb0021d..27c07c4 100644 --- a/modules/git/default.nix +++ b/modules/git/default.nix @@ -73,7 +73,7 @@ in package = if this.isHeadful then pkgs.gitFull else pkgs.gitMinimal; - userName = my.fullname; + userName = my.username; userEmail = my.email; signing = { inherit (my.pgp) key; @@ -134,6 +134,7 @@ in "nixca" = "gitlab.nixca.dev"; "notabug" = "notabug.org"; "opencode" = "opencode.net"; + "syndicate" = "git.syndicate-lang.org"; "torproject" = "gitlab.torproject.org"; "videolan" = "code.videolan.org"; }; @@ -192,7 +193,6 @@ in { ark.directories = [ config.services.gitolite.dataDir ]; - # FIXME Plausible, go-import, custom favicon, etc. nixfiles.modules.nginx = { enable = true; virtualHosts.${domain}.locations = { }; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index 9f6bff5..841f56a 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -50,7 +50,7 @@ in ''; packages = with pkgs; [ - # element-desktop + element-desktop fd imv libreoffice-fresh @@ -125,12 +125,15 @@ in environment.systemPackages = with pkgs; [ arping dnsutils + eaglemode inetutils ldns lm_sensors socat tcpdump usbutils + anki + audacity ]; my.extraGroups = [ diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix index f739206..5d42df0 100644 --- a/modules/profiles/headless.nix +++ b/modules/profiles/headless.nix @@ -30,13 +30,7 @@ in ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - boot = { - # Pin version to prevent any surprises. Try keeping this up-to-date[1] - # with the latest LTS release + hardened patches (just in case). - # - # [1]: https://kernel.org - kernelPackages = pkgs.linuxPackages_6_6_hardened; # EOL Dec, 2026 - }; + boot.kernelPackages = pkgs.linuxPackages_hardened; nix = { gc = { diff --git a/modules/sing-box.nix b/modules/sing-box.nix new file mode 100644 index 0000000..9fc86eb --- /dev/null +++ b/modules/sing-box.nix @@ -0,0 +1,82 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.sing-box; +in +{ + options.nixfiles.modules.sing-box = { + enable = mkEnableOption ""; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.nixfiles.modules.nginx.enable; + message = "VLESS requires binding to 443"; + } + ]; + + secrets = { + sing-box-shadowsocks-password.file = "${inputs.self}/secrets/sing-box-shadowsocks-password"; + sing-box-shadowsocks-users.file = "${inputs.self}/secrets/sing-box-shadowsocks-users"; + sing-box-vless-tls.file = "${inputs.self}/secrets/sing-box-vless-tls"; + sing-box-vless-users.file = "${inputs.self}/secrets/sing-box-vless-users"; + }; + + services.sing-box = { + enable = true; + settings = { + log = { + level = "warn"; + timestamp = false; + }; + inbounds = [ + { + tag = "shadowsocks"; + type = "shadowsocks"; + listen = "::"; + listen_port = 21515; + method = "2022-blake3-aes-128-gcm"; + password = { + _secret = config.secrets.sing-box-shadowsocks-password.path; + quote = true; + }; + users = { + _secret = config.secrets.sing-box-shadowsocks-users.path; + quote = false; + }; + multiplex.enabled = true; + } + { + tag = "vless"; + type = "vless"; + listen = "::"; + listen_port = 443; + users = { + _secret = config.secrets.sing-box-vless-users.path; + quote = false; + }; + tls = { + _secret = config.secrets.sing-box-vless-tls.path; + quote = false; + }; + } + ]; + outbounds = [ + { + type = "direct"; + } + ]; + }; + }; + + networking.firewall.allowedTCPPorts = map ( + a: a.listen_port + ) config.services.sing-box.settings.inbounds; + }; +} diff --git a/modules/soju.nix b/modules/soju.nix index 58bb271..2060eca 100644 --- a/modules/soju.nix +++ b/modules/soju.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - this, ... }: with lib; @@ -16,7 +15,7 @@ in address = mkOption { description = "Address."; type = with types; str; - default = this.wireguard.ipv4.address; + default = ""; }; port = mkOption { diff --git a/modules/vscode.nix b/modules/vscode.nix index 586a817..393b32f 100644 --- a/modules/vscode.nix +++ b/modules/vscode.nix @@ -77,7 +77,6 @@ in tamasfe.even-better-toml # task.vscode-task # vscode-org-mode.org-mode - ziglang.vscode-zig ] ++ optional cfg.vim.enable vscodevim.vim; @@ -228,11 +227,6 @@ in useSystemClipboard = true; }; - zig.zls = { - checkForUpdate = false; - path = getExe' pkgs.zls "zls"; - }; - redhat.telemetry.enabled = false; }; }; diff --git a/modules/wireguard.nix b/modules/wireguard.nix index f408731..8547f70 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -11,6 +11,15 @@ let cfg = config.nixfiles.modules.wireguard; in { + disabledModules = [ + "services/networking/wireguard.nix" + "services/networking/wg-quick.nix" + ]; + imports = [ + "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wireguard.nix" + "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wg-quick.nix" + ]; + options.nixfiles.modules.wireguard = { client = { enable = mkEnableOption "WireGuard client"; @@ -64,8 +73,8 @@ in _: attr: with attr; { inherit (wireguard) publicKey; allowedIPs = with wireguard; [ - "${ipv4.address}/32" "${ipv6.address}/128" + "${ipv4.address}/32" ]; } ) @@ -123,11 +132,17 @@ in (mkIf cfg.client.enable { networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ (with this.wireguard; { + type = "amneziawg"; privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; address = [ "${ipv4.address}/16" "${ipv6.address}/16" ]; + extraInterfaceConfig = mkIf this.isHeadful '' + Jc = 4 + Jmin = 40 + Jmax = 70 + ''; }) (with cfg.server; { peers = [ @@ -137,21 +152,28 @@ in allowedIPs = if cfg.client.enableTrafficRouting then [ - "0.0.0.0/0" "::/0" + "0.0.0.0/0" ] else [ - cfg.ipv4.subnet cfg.ipv6.subnet + cfg.ipv4.subnet ]; - persistentKeepalive = 25; } ]; dns = [ - ipv4.address ipv6.address - ]; # This assumes that the host has Unbound running. + ipv4.address + ]; + postUp = + let + resolvectl = "${config.systemd.package}/bin/resolvectl"; + in + '' + ${resolvectl} dns ${cfg.interface} ${ipv6.address} ${ipv4.address} + ${resolvectl} domain ${cfg.interface} ${concatStringsSep " " (mapAttrsToList (_: v: v) my.domain)} + ''; }) ]; @@ -159,9 +181,9 @@ in (writeShellApplication { name = "wg-toggle"; runtimeInputs = [ + amneziawg-tools iproute2 jq - wireguard-tools ]; text = '' ip46() { @@ -169,13 +191,13 @@ in sudo ip -6 "$@" } - fwmark=$(sudo wg show ${cfg.interface} fwmark) || exit + fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then - ip46 rule del lookup main suppress_prefixlength 0 - ip46 rule del lookup "$fwmark" + ip46 rule del lookup main suppress_prefixlength 0 + ip46 rule del lookup "$fwmark" else - ip46 rule add not fwmark "$fwmark" lookup "$fwmark" - ip46 rule add lookup main suppress_prefixlength 0 + ip46 rule add not fwmark "$fwmark" lookup "$fwmark" + ip46 rule add lookup main suppress_prefixlength 0 fi ''; }) @@ -185,11 +207,12 @@ in networking = { wireguard = { enable = true; + type = "amneziawg"; interfaces.${cfg.interface} = with cfg.server; { privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; ips = [ - "${ipv4.address}/16" "${ipv6.address}/16" + "${ipv4.address}/16" ]; listenPort = port; inherit peers; diff --git a/overlays.nix b/overlays.nix index f92a655..ae4a635 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,6 +1,4 @@ -{ lib, ... }: -with lib; -with packages; +{ inputs, ... }: { default = final: prev: { bruh = prev.callPackage ./packages/bruh.nix { }; @@ -92,5 +90,25 @@ with packages; withSystemVencord = false; withTTS = false; }; + + linuxPackages_xanmod_latest = prev.linuxPackages_xanmod_latest.extend ( + f: _: { + amneziawg = + inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_xanmod_latest.amneziawg.override + { + inherit (f) kernel; + }; + } + ); + linuxPackages_hardened = prev.linuxPackages_hardened.extend ( + f: _: { + amneziawg = + inputs.nixpkgs-amneziawg.legacyPackages.${final.system}.linuxPackages_hardened.amneziawg.override + { + inherit (f) kernel; + }; + } + ); + inherit (inputs.nixpkgs-amneziawg.legacyPackages.${final.system}) amneziawg-go amneziawg-tools; }; } |