diff options
-rw-r--r-- | configurations/varda/default.nix | 7 | ||||
-rw-r--r-- | flake.lock | 42 | ||||
-rw-r--r-- | modules/nixfiles/common/default.nix | 2 | ||||
-rw-r--r-- | modules/nixfiles/common/nix/default.nix (renamed from modules/nixfiles/common/nix.nix) | 41 | ||||
-rw-r--r-- | modules/nixfiles/common/nix/patches/alejandra-no-ads.patch | 33 | ||||
-rw-r--r-- | modules/nixfiles/emacs/default.nix | 18 | ||||
-rw-r--r-- | modules/nixfiles/games/minecraft.nix | 35 | ||||
-rw-r--r-- | modules/nixfiles/nmap.nix | 64 | ||||
-rw-r--r-- | modules/nixfiles/profiles/dev/containers/default.nix | 14 |
9 files changed, 159 insertions, 97 deletions
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index f700df5..d7c6132 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -14,12 +14,15 @@ with lib; { client.enable = true; }; - games.minecraft.server.enable = true; + games.minecraft.server = { + enable = true; + memory = "6G"; + }; acme.enable = true; }; - systemd.services.minecraft-server.wantedBy = mkForce []; + # systemd.services.minecraft-server.wantedBy = mkForce []; networking = let interface = "eth0"; diff --git a/flake.lock b/flake.lock index 9655a98..c6028b1 100644 --- a/flake.lock +++ b/flake.lock @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1661048606, - "narHash": "sha256-s5kRhiNnsAe5YoQhFZQS5MS+is0z9UjWlYvuObTGjjg=", + "lastModified": 1661315932, + "narHash": "sha256-3+CUK8wx+oEaKhrXWrK9LQVdhtkArXcy+mvihstlAXc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "798ab8fd2043e8b800a70a3eebd42388e34cf708", + "rev": "9df7898566fe546ddebc15e665a938a9dec84d01", "type": "github" }, "original": { @@ -250,11 +250,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1657791189, - "narHash": "sha256-Z2ckMWqybpJjIdGIPuHcYzTL7DPTbFKpBZJJgGfFUog=", + "lastModified": 1661161594, + "narHash": "sha256-tu1KKNLw+v7ZOIUPGDE66tn9vEyhIAWiiJYZRGGev8E=", "owner": "NixOS", "repo": "flake-registry", - "rev": "7a481cef7e86d6ceb4aec244d9bb085619360ba1", + "rev": "8634fb4e1db6c76ce037bc00ef80f9ebd2616476", "type": "github" }, "original": { @@ -307,11 +307,11 @@ ] }, "locked": { - "lastModified": 1660574517, - "narHash": "sha256-Lp5D2pAPrM3iAc1eeR0iGwz5rM+SYOWzVxI3p17nlrU=", + "lastModified": 1661323822, + "narHash": "sha256-1UGGcQ00uSo5cPTwL7C3S1zkcScbpF0WzspvnceWkbQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "688e5c85b7537f308b82167c8eb4ecfb70a49861", + "rev": "1d81e6295ca530603478114f4977402d51299ad8", "type": "github" }, "original": { @@ -404,11 +404,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661008273, - "narHash": "sha256-UpDqsGzUswIHG7FwzeIewjWlElF17UVLNbI2pwlbcBY=", + "lastModified": 1661239106, + "narHash": "sha256-C5OCLnrv2c4CHs9DMEtYKkjJmGL7ySAZ1PqPkHBonxQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cc6444e74cd21e8da8d81ef4cd778492e10f843", + "rev": "963d27a0767422be9b8686a8493dcade6acee992", "type": "github" }, "original": { @@ -420,11 +420,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1661078620, - "narHash": "sha256-9kPlq/k6R0q1OVsEvjleI4lU58otJiofVCj/0qaVi08=", + "lastModified": 1661326595, + "narHash": "sha256-efDmckd14Muk9GBGUx4gMVBNI0tjt1UO0VOf+7TE5No=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c91de512dac418bb3a13d76b160af060cef3aaf", + "rev": "b9f400f2989c97cb4016c7035b4dc0b4fe118060", "type": "github" }, "original": { @@ -436,11 +436,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1661064672, - "narHash": "sha256-/Vdvm0hZl2KOtb4jSqwYZTIGtN2zne7BZChiuyTy0MQ=", + "lastModified": 1661309001, + "narHash": "sha256-a0CDFy+TD1/csQw+Bqdk4cT//BVAvp+A4QPYbUV9LlQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2cb8ab06d9768c06c2f452d13c23d49756457630", + "rev": "a5c89f496b91b441f5259c29bd48b62e0d265b25", "type": "github" }, "original": { @@ -502,11 +502,11 @@ }, "nur": { "locked": { - "lastModified": 1661072238, - "narHash": "sha256-X9jXdO2kS3i+E5fyhNqAfiClLMaC8Qria0m26UXXGIo=", + "lastModified": 1661324410, + "narHash": "sha256-UDZxQoSt5YqydpSbaqS3XQBura9Z4beJZo7mnBT1zp4=", "owner": "nix-community", "repo": "NUR", - "rev": "572f1871e41f327bfe84f58388bcdebfd3b774f8", + "rev": "67fc62908c93529adb71baadc9d120e5a0106711", "type": "github" }, "original": { diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix index d73ac53..7f60f77 100644 --- a/modules/nixfiles/common/default.nix +++ b/modules/nixfiles/common/default.nix @@ -6,7 +6,7 @@ _: { ./kernel.nix ./locale.nix ./networking.nix - ./nix.nix + ./nix ./secrets.nix ./security.nix ./services.nix diff --git a/modules/nixfiles/common/nix.nix b/modules/nixfiles/common/nix/default.nix index 2447d96..4213a29 100644 --- a/modules/nixfiles/common/nix.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -8,9 +8,7 @@ this, ... }: -with lib; let - nixfilesSrc = "${config.my.home}/src/nixfiles"; -in { +with lib; { _module.args = let importNixpkgs = nixpkgs: import nixpkgs { @@ -46,7 +44,7 @@ in { nixPath = mapAttrsToList (n: v: "${n}=${v}") filteredInputs - ++ ["nixfiles=${nixfilesSrc}"]; + ++ ["nixfiles=${config.my.home}/src/nixfiles"]; registry = mapAttrs (_: flake: {inherit flake;}) filteredInputs @@ -79,30 +77,18 @@ in { self.overlays.default (_: super: { - # Splitting this into a separate package could be a good PR. - logcli = super.grafana-loki.overrideAttrs (_: _: { - subPackages = ["cmd/logcli"]; - preFixup = ""; - doCheck = false; + nix-bash-completions = super.nix-bash-completions.overrideAttrs (_: _: { + postPatch = '' + substituteInPlace _nix \ + --replace 'nix nixos-option' 'nixos-option' + ''; }); - nix-bash-completions = - super.nix-bash-completions.overrideAttrs - (_: _: { - postPatch = '' - substituteInPlace _nix --replace 'nix nixos-option' 'nixos-option' - ''; - }); - - helm = super.kubernetes-helm-wrapped.override { - plugins = with super.kubernetes-helmPlugins; [ - helm-diff - helm-secrets - ]; - }; + alejandra = super.alejandra.overrideAttrs (_: _: { + patches = [./patches/alejandra-no-ads.patch]; + }); - # https://github.com/matrix-org/dendrite/issues/2650 - # Wait till 0.9.4 + # FIXME https://github.com/NixOS/nixpkgs/pull/187519 dendrite = super.dendrite.overrideAttrs (_: _: { doCheck = false; }); @@ -120,7 +106,6 @@ in { lua-language-server = sumneko-lua-language-server; nix-language-server = rnix-lsp; omnisharp = omnisharp-roslyn; - telepresence = telepresence2; tor-browser = tor-browser-bundle-bin; })) agenix.overlay @@ -145,10 +130,6 @@ in { systemPackages = with pkgs; optionals config.profile.headful [ - (pkgs.nixfiles.override { - nix = config.nix.package; - inherit nixfilesSrc; - }) nix-top nix-tree ]; diff --git a/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch b/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch new file mode 100644 index 0000000..6eaac66 --- /dev/null +++ b/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch @@ -0,0 +1,33 @@ +diff --git i/src/alejandra_cli/src/cli.rs w/src/alejandra_cli/src/cli.rs +index bab102c..b90bf1d 100644 +--- i/src/alejandra_cli/src/cli.rs ++++ w/src/alejandra_cli/src/cli.rs +@@ -7,7 +7,6 @@ use futures::future::RemoteHandle; + use futures::stream::FuturesUnordered; + use futures::task::SpawnExt; + +-use crate::ads::random_ad; + use crate::verbosity::Verbosity; + + /// The Uncompromising Nix Code Formatter. +@@ -203,11 +202,6 @@ pub fn main() -> std::io::Result<()> { + (true, false) => "requires formatting", + } + ); +- +- if in_place { +- eprintln!(); +- eprint!("{}", random_ad()); +- } + } + + std::process::exit(if in_place { 0 } else { 2 }); +@@ -218,8 +212,6 @@ pub fn main() -> std::io::Result<()> { + eprintln!( + "Congratulations! Your code complies with the Alejandra style." + ); +- eprintln!(); +- eprint!("{}", random_ad()); + } + + std::process::exit(0); diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index a972060..86db0f7 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -8,8 +8,7 @@ with lib; let cfg = config.nixfiles.modules.emacs; in { - options.nixfiles.modules.emacs.enable = - mkEnableOption "GNU Emacs"; + options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { # TODO Make magit-forge to work with this. @@ -33,16 +32,13 @@ in { programs.doom-emacs = { enable = true; doomPrivateDir = ./doom; - # NOTE NativeComp breaks non-latin fonts and takes a long time to - # perform updates while giving miniscule speed improvements. Emacs is - # still a laggy and slow piece of shit regardless of enabling this flag - # or not. - # emacsPackage = pkgs.emacs28.override {nativeComp = true;}; - emacsPackage = pkgs.emacs28; + emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises. extraPackages = with pkgs; [ mu # :email mu4e ]; extraConfig = let + # NOTE gopls will require a Go executable, which must be provided by + # the project's flake. extraBins = with pkgs; [ (aspellWithDicts (p: with p; [en ru])) # :checkers spell (+aspell) asmfmt # :editor format @@ -81,6 +77,7 @@ in { python3Packages.isort # :lang python python3Packages.pyflakes # :lang python ripgrep # core + rust-analyzer # :lang rust shellcheck # :lang sh shfmt # :lang sh :editor format sqlite # :lang (org +roam2) :tools lookup @@ -115,9 +112,8 @@ in { circe-default-realname "${my.fullname}" circe-default-user circe-default-nick) - (setq doom-font (font-spec - :family "${config.fontScheme.monospaceFont.family}" - :size ${toString config.fontScheme.monospaceFont.size}) + (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" + :size ${toString config.fontScheme.monospaceFont.size}) doom-unicode-font doom-font) ''; }; diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix index 4825a7b..3936eaa 100644 --- a/modules/nixfiles/games/minecraft.nix +++ b/modules/nixfiles/games/minecraft.nix @@ -10,7 +10,15 @@ with lib; let in { options.nixfiles.modules.games.minecraft = { client.enable = mkEnableOption "Minecraft client"; - server.enable = mkEnableOption "Minecraft server"; + server = { + enable = mkEnableOption "Minecraft server"; + + memory = mkOption { + description = "Amount of RAM to allocate."; + type = types.str; + default = "2G"; + }; + }; }; # Configurations, opslist, whitelist and plugins are managed imperatively. @@ -30,7 +38,30 @@ in { package = (pkgsPR "187458" "sha256-kOYkuXvcmqt8Lsh0yMr8reurzU1qTrzh0Z/Tjan0IF0=").papermc; # TODO Make PR fixing trailing whitespace on this. - jvmOpts = mkDefault "-Xmx4096M -Xms4096M "; + jvmOpts = + (concatStringsSep " " [ + "-Xmx${cfg.server.memory}" + "-Xms${cfg.server.memory}" + # "-XX:+AlwaysPreTouch" + # "-XX:+DisableExplicitGC" + # "-XX:+ParallelRefProcEnabled" + # "-XX:+PerfDisableSharedMem" + # "-XX:+UnlockExperimentalVMOptions" + # "-XX:+UseG1GC" + # "-XX:G1HeapRegionSize=8M" + # "-XX:G1HeapWastePercent=5" + # "-XX:G1MaxNewSizePercent=40" + # "-XX:G1MixedGCCountTarget=4" + # "-XX:G1MixedGCLiveThresholdPercent=90" + # "-XX:G1NewSizePercent=30" + # "-XX:G1RSetUpdatingPauseTimePercent=5" + # "-XX:G1ReservePercent=20" + # "-XX:InitiatingHeapOccupancyPercent=15" + # "-XX:MaxGCPauseMillis=200" + # "-XX:MaxTenuringThreshold=1" + # "-XX:SurvivorRatio=32" + ]) + + " "; openFirewall = true; }; diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 56ac88f..27a36bb 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -11,31 +11,49 @@ in { options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; config = mkIf cfg.enable { - hm.home = { - file = { - ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse"; - ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; + hm = { + home = { + file = { + ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse"; + ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; + }; + + packages = with pkgs; [nmap nmap-formatter]; + + activation.regenerateNmapScriptDatabase = with pkgs; '' + # TODO Add an update timestamp and pull files only when they are old. + # declare -a vulscandbs=( + # "cve" + # "exploitdb" + # "openvas" + # "osvdb" + # "scipvuldb" + # "securityfocus" + # "securitytracker" + # "xforce" + # ) + # for i in "''${vulscandbs[@]}"; do + # ${curl}/bin/curl \ + # -o "$HOME/.nmap/scripts/vulscan/$i.csv" \ + # "https://www.computec.ch/projekte/vulscan/download/$i.csv" + # done + + ${nmap}/bin/nmap --script-updatedb + ''; }; - packages = with pkgs; [nmap nmap-formatter]; - activation.regenerateNmapScriptDatabase = with pkgs; '' - # declare -a vulscandbs=( - # "cve" - # "exploitdb" - # "openvas" - # "osvdb" - # "scipvuldb" - # "securityfocus" - # "securitytracker" - # "xforce" - # ) - # for i in "''${vulscandbs[@]}"; do - # ${curl}/bin/curl \ - # -o "$HOME/.nmap/scripts/vulscan/$i.csv" \ - # "https://www.computec.ch/projekte/vulscan/download/$i.csv" - # done - ${nmap}/bin/nmap --script-updatedb - ''; + programs.bash = { + shellAliases = let + base = "${pkgs.nmap}/bin/nmap -sV"; + in { + nmap-vulscan = "${base} --script=vulscan/vulscan.nse"; + nmap-vulners = "${base} --script=vulners/vulners.nse"; + }; + initExtra = mkAfter '' + _complete_alias nmap-vulscan _nmap nmap + _complete_alias nmap-vulners _nmap nmap + ''; + }; }; }; } diff --git a/modules/nixfiles/profiles/dev/containers/default.nix b/modules/nixfiles/profiles/dev/containers/default.nix index 3196654..b533626 100644 --- a/modules/nixfiles/profiles/dev/containers/default.nix +++ b/modules/nixfiles/profiles/dev/containers/default.nix @@ -19,14 +19,14 @@ in { hm = { home = { sessionVariables = { - MINIKUBE_IN_STYLE = "false"; - WERF_DEV = "true"; - WERF_INSECURE_REGISTRY = "true"; - WERF_LOG_DEBUG = "true"; - WERF_LOG_PRETTY = "false"; - WERF_LOG_VERBOSE = "true"; + MINIKUBE_IN_STYLE = false; + WERF_DEV = true; + WERF_INSECURE_REGISTRY = true; + WERF_LOG_DEBUG = true; + WERF_LOG_PRETTY = false; + WERF_LOG_VERBOSE = true; WERF_SYNCHRONIZATION = ":local"; - WERF_TELEMETRY = 0; + WERF_TELEMETRY = false; }; file.".minikube/config/config.json".text = generators.toJSON {} { |