diff options
Diffstat (limited to '')
-rw-r--r-- | modules/common/nix.nix | 19 | ||||
-rw-r--r-- | modules/common/systemd.nix | 3 | ||||
-rw-r--r-- | modules/direnv.nix | 1 | ||||
-rw-r--r-- | modules/editorconfig.nix | 6 | ||||
-rw-r--r-- | modules/emacs/default.nix | 11 | ||||
-rw-r--r-- | modules/emacs/doom/config.el | 183 | ||||
-rw-r--r-- | modules/emacs/doom/init.el | 1 | ||||
-rw-r--r-- | modules/emacs/doom/packages.el | 13 | ||||
-rw-r--r-- | modules/firefox/addons.nix | 29 | ||||
-rw-r--r-- | modules/firefox/default.nix | 7 | ||||
-rw-r--r-- | modules/firefox/userContent.css | 42 | ||||
-rw-r--r-- | modules/git/default.nix | 4 | ||||
-rw-r--r-- | modules/profiles/headful.nix | 5 | ||||
-rw-r--r-- | modules/profiles/headless.nix | 8 | ||||
-rw-r--r-- | modules/sing-box.nix | 82 | ||||
-rw-r--r-- | modules/soju.nix | 3 | ||||
-rw-r--r-- | modules/vscode.nix | 6 | ||||
-rw-r--r-- | modules/wireguard.nix | 49 |
18 files changed, 282 insertions, 190 deletions
diff --git a/modules/common/nix.nix b/modules/common/nix.nix index d1f835c..0ab2888 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -49,7 +49,7 @@ in } // configurations // local._module.args ''; - programs.bash.shellAliases.nix = "nix --verbose --print-build-logs"; + programs.bash.shellAliases.nix = "nix --verbose --print-build-logs --no-eval-cache"; }; nix = @@ -57,6 +57,8 @@ in notSelfInputs = filterAttrs (n: _: n != "self") inputs; in { + package = mkForce pkgs.nix; # Only use stable Nix. + nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ "nixfiles=${config.my.home}/src/nixfiles" ]; @@ -75,15 +77,12 @@ in my.username ]; - experimental-features = mkForce [ - "auto-allocate-uids" - "cgroups" - "fetch-closure" - "flakes" - "nix-command" - "recursive-nix" - # "configurable-impure-env" - # "pipe-operators" + substituters = [ + "https://cache.tvl.su" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=" ]; }; }; diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix index 81df05c..e058ad8 100644 --- a/modules/common/systemd.nix +++ b/modules/common/systemd.nix @@ -26,8 +26,7 @@ with lib; resolved = { llmnr = "false"; dnsovertls = "opportunistic"; - domains = mapAttrsToList (_: v: v) my.domain; - fallbackDns = map (v: "${v}#dns.quad9.net") dns.const.quad9.default; + fallbackDns = dns.const.quad9.default; }; journald.extraConfig = '' diff --git a/modules/direnv.nix b/modules/direnv.nix index 709a73a..2ab0b3f 100644 --- a/modules/direnv.nix +++ b/modules/direnv.nix @@ -10,6 +10,7 @@ in hm.programs.direnv = { enable = true; config.global = { + load_dotenv = true; strict_env = true; warn_timeout = "1h"; }; diff --git a/modules/editorconfig.nix b/modules/editorconfig.nix index 5dfe845..e7f55ff 100644 --- a/modules/editorconfig.nix +++ b/modules/editorconfig.nix @@ -58,12 +58,6 @@ in indent_style = "space"; }; - # https://github.com/ziglang/zig/wiki/FAQ#why-does-zig-fmt-use-spaces-instead-of-tabs - "*.zig" = { - indent_size = 4; - indent_style = "space"; - }; - "*.{asm,s,S}" = { indent_size = 4; indent_style = "spaces"; diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index eccf179..a182d4c 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -125,7 +125,7 @@ in nixfmt # :lang nix :editor format nls # :lang (nickel +lsp) nodePackages.bash-language-server # :lang (sh +lsp) - nodePackages.eslint # :lang (json +lsp) + # nodePackages.eslint # :lang (json +lsp) nodePackages.js-beautify # :lang web nodePackages.prettier # :editor format nodePackages.stylelint # :lang web @@ -157,8 +157,6 @@ in vscode-langservers-extracted # :lang (json +lsp) (web +lsp) wordnet # :tools (lookup +dictionary +offline) yaml-language-server # :lang (yaml +lsp) - zig # :lang zig :editor format - zls # :lang (zig +lsp) zstd # :emacs undo ]; in @@ -181,8 +179,7 @@ in skk-large-jisyo "${pkgs.skk-dicts}/share/SKK-JISYO.L") ;; :editor parinfer - (setq parinfer-rust-auto-download nil - parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so") + (setq parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so") ;; :lang (org +roam2) :email mu4e (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}") @@ -202,8 +199,8 @@ in (with config.stylix.fonts; '' (setq doom-font "${monospace.name}-${toString sizes.terminal}" doom-serif-font "${serif.name}-${toString sizes.terminal}" - doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}") - doom-emoji-font "${emoji.name}-${toString sizes.terminal}" + doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}" + doom-emoji-font "${emoji.name}-${toString sizes.terminal}") '') ( with config.hm.accounts.email; diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el index 206e5cd..fe3b5b4 100644 --- a/modules/emacs/doom/config.el +++ b/modules/emacs/doom/config.el @@ -2,15 +2,15 @@ ;;; Misc ;; -(setq frame-title-format '("GNU Emacs")) +(setq! frame-title-format '("GNU Emacs")) (setq-hook! '(prog-mode-hook yaml-mode-hook) display-line-numbers-type 'relative scroll-margin 10 hscroll-margin 10) -(setq browse-url-generic-program (executable-find "firefox") - browse-url-browser-function 'browse-url-generic) +(setq! browse-url-generic-program (executable-find "firefox") + browse-url-browser-function 'browse-url-generic) (use-package! xclip :config @@ -19,34 +19,47 @@ xclip-mode t xclip-method 'wl-copy)) -(setq migemo-options '("--quiet" "--emacs") - skk-show-inline t) +(setq! migemo-options '("--quiet" "--emacs") + skk-show-inline t) ;; ;;; Doom-specific ;; -(setq doom-theme 'modus-operandi - doom-modeline-icon nil - doom-modeline-indent-info t - doom-modeline-total-line-number t - doom-modeline-height 30) +(setq! doom-theme 'modus-operandi + doom-modeline-icon nil + doom-modeline-indent-info t + doom-modeline-total-line-number t + doom-modeline-height 30) + +;; +;;; TVL +;; + +(use-package! tvl) ;; ;;; Editorconfig ;; -(setq +editorconfig-mode-alist '((sh-mode . "sh")) - editorconfig-exclude-modes '(lisp-mode - common-lisp-mode - emacs-lisp-mode)) +(setq! +editorconfig-mode-alist '((sh-mode . "sh")) + ;; It's never a good idea to force specific indentation rules for Lisp, + ;; the only rule should be is not to use tabs. + editorconfig-exclude-modes '(emacs-lisp-mode + clojure-mode + scheme-mode + lisp-mode + racket-mode + fennel-mode + hy-mode + dune-mode)) ;; ;;; LSP ;; -(setq lsp-enable-suggest-server-download nil - lsp-modeline-code-actions-enable nil) +(setq! lsp-enable-suggest-server-download nil + lsp-modeline-code-actions-enable nil) ;; ;;; Nix @@ -66,9 +79,9 @@ ;;; Go ;; -(setq lsp-go-analyses '((unsedvariable . t) - (unusedparams . t) - (unusedwrite . t))) +(setq! lsp-go-analyses '((unsedvariable . t) + (unusedparams . t) + (unusedwrite . t))) ;; ;;; Org @@ -79,38 +92,38 @@ ;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't ;; produce expected results. (after! org - (setq org-todo-keywords '((sequence - "TODO(t)" - "LOOP(r)" - "STRT(s@)" - "WAIT(w@/!)" - "HOLD(h@/!)" - "IDEA(i)" - "PROJ(p)" - "|" - "DONE(d@/!)" - "KILL(k@/!)")) - org-todo-keyword-faces '(("STRT" . +org-todo-active) - ("WAIT" . +org-todo-onhold) - ("HOLD" . +org-todo-onhold) - ("PROJ" . +org-todo-project) - ("KILL" . +org-todo-cancel)) - org-capture-templates '(("t" "Todo" entry - (file+headline +org-capture-todo-file "Inbox") - "* TODO %?\n%i\n%a" :prepend t) - ("n" "Note" entry - (file+headline +org-capture-notes-file "Inbox") - "* %u %?\n%i\n%a" :prepend t) - ("j" "Journal" entry - (file+olp+datetree +org-capture-journal-file) - "* %U %?\n%i\n%a" :prepend t)))) + (setq! org-todo-keywords '((sequence + "TODO(t)" + "LOOP(r)" + "STRT(s@)" + "WAIT(w@/!)" + "HOLD(h@/!)" + "IDEA(i)" + "PROJ(p)" + "|" + "DONE(d@/!)" + "KILL(k@/!)")) + org-todo-keyword-faces '(("STRT" . +org-todo-active) + ("WAIT" . +org-todo-onhold) + ("HOLD" . +org-todo-onhold) + ("PROJ" . +org-todo-project) + ("KILL" . +org-todo-cancel)) + org-capture-templates '(("t" "Todo" entry + (file+headline +org-capture-todo-file "Inbox") + "* TODO %?\n%i\n%a" :prepend t) + ("n" "Note" entry + (file+headline +org-capture-notes-file "Inbox") + "* %u %?\n%i\n%a" :prepend t) + ("j" "Journal" entry + (file+olp+datetree +org-capture-journal-file) + "* %U %?\n%i\n%a" :prepend t)))) (add-hook! 'org-mode-hook 'auto-fill-mode) (setq-hook! 'org-mode-hook fill-column 80) -(setq org-roam-directory "~/doc/roam/" - org-roam-db-location (concat org-roam-directory ".db")) +(setq! org-roam-directory "~/doc/roam/" + org-roam-db-location (concat org-roam-directory ".db")) (use-package! org-roam-ui :requires websocket @@ -132,8 +145,8 @@ ;;; PlantUML ;; -(setq plantuml-default-exec-mode 'executable - org-plantuml-exec-mode 'plantuml) +(setq! plantuml-default-exec-mode 'executable + org-plantuml-exec-mode 'plantuml) ;; ;;; Elisp @@ -142,15 +155,11 @@ (after! flycheck (pushnew! flycheck-disabled-checkers 'emacs-lisp-checkdoc)) -;; Turn this off because it leaves face artifacts when changing indentation. -(add-hook! 'emacs-lisp-mode-hook - (highlight-indent-guides-mode -1)) - ;; ;;; Haskell ;; -(setq lsp-haskell-formatting-provider "ormolu") +(setq! lsp-haskell-formatting-provider "ormolu") ;; ;;; Nickel @@ -186,38 +195,23 @@ ;;; Elfeed ;; -(setq elfeed-db-directory "~/.elfeed" - elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures") - rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org")) - elfeed-goodies/powerline-default-separator nil - elfeed-goodies/entry-pane-size 0.75 - elfeed-goodies/entry-pane-position 'bottom) - -(add-hook! 'elfeed-new-entry-hook - '((elfeed-make-tagger - :before "2 weeks ago" - :remove 'unread) - (elfeed-make-tagger - :feed-title "SberMarket Tech" - :entry-title (not ".*(DevOps|Golang).*") - :add 'junk - :remove 'unread) - (elfeed-make-tagger - :feed-title "dotconferences" - :entry-title (not ".*dotGo.*") - :add 'junk - :remove 'unread))) +(setq! elfeed-db-directory "~/.elfeed" + elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures") + rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org")) + elfeed-goodies/powerline-default-separator nil + elfeed-goodies/entry-pane-size 0.75 + elfeed-goodies/entry-pane-position 'bottom) ;; ;;; mu4e ;; (after! mu4e - (setq sendmail-program (executable-find "msmtp") - send-mail-function #'smtpmail-send-it - message-sendmail-f-is-evil t - message-sendmail-extra-arguments '("--read-envelope-from") - message-send-mail-function #'message-send-mail-with-sendmail)) + (setq! sendmail-program (executable-find "msmtp") + send-mail-function #'smtpmail-send-it + message-sendmail-f-is-evil t + message-sendmail-extra-arguments '("--read-envelope-from") + message-send-mail-function #'message-send-mail-with-sendmail)) (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 30) @@ -225,26 +219,25 @@ ;;; Circe ;; -(setq circe-network-options - (mapcar (lambda (server) - `(,server - :server-buffer-name ,server - :host "azahi.cc" - :port 6697 - :tls t - :logging nil - :user ,(concat circe-default-user "/" server) - :pass ,(lambda (&rest _) - (+pass-get-secret "server/soju.shire.net/azahi")))) - '("libera" "oftc" "hackint" "rizon"))) +(setq! circe-network-options + (mapcar (lambda (server) + `(,server + :server-buffer-name ,server + :host "azahi.cc" + :port 6697 + :tls t + :logging nil + :user ,(concat circe-default-user "/" server) + :pass ,(lambda (&rest _) + (+pass-get-secret "server/soju.shire.net/azahi")))) + '("libera" "oftc" "hackint" "rizon"))) ;; ;;; Sops ;; (use-package! sops - :config - (global-sops-mode 1)) + :hook (doom-first-file . global-sops-mode)) ;; ;;; Hledger @@ -256,7 +249,7 @@ :hook ((hledger-view-mode . hl-line-mode) (hledger-view-mode . center-text-for-reading)) :init - (setq hledger-jfile "~/doc/accounting/current.journal") + (setq! hledger-jfile "~/doc/accounting/current.journal") :config (set-company-backend! 'hledger-mode 'hledger-company) (add-hook! 'hledger-mode-hook @@ -272,4 +265,4 @@ (make-local-variable 'compay-idle-delay) (setq-local company-idle-delay 0.1)))) :init - (setq hledger-input-buffer-height 20)) + (setq! hledger-input-buffer-height 20)) diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index 5788fcc..b031880 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -83,7 +83,6 @@ (sh +lsp +tree-sitter) web (yaml +lsp +tree-sitter) - (zig +lsp +tree-sitter) :email mu4e diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el index 2edbf1a..0f908df 100644 --- a/modules/emacs/doom/packages.el +++ b/modules/emacs/doom/packages.el @@ -1,5 +1,7 @@ (disable-packages! writegood-mode) +(unpin! (:editor parinfer)) + (package! xclip) (package! org-roam-ui) @@ -9,12 +11,15 @@ (package! hledger-mode) (package! sops - :recipe (:type git - :host github + :recipe (:host github :repo "djgoku/sops")) (unpin! ansible) (package! ansible - :recipe (:type git - :host gitlab + :recipe (:host gitlab :repo "emacs-ansible/emacs-ansible")) + +(package! tvl + :recipe (:host nil + :repo "https://code.tvl.fyi/depot.git:/tools/emacs-pkgs/tvl.git" + :build nil)) diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix index 7537d60..753a413 100644 --- a/modules/firefox/addons.nix +++ b/modules/firefox/addons.nix @@ -1,11 +1,14 @@ -{ buildFirefoxXpiAddon, lib }: +{ + buildFirefoxXpiAddon, + lib, +}: { "bitwarden" = buildFirefoxXpiAddon { pname = "bitwarden"; - version = "2024.7.1"; + version = "2024.9.0"; addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4326285/bitwarden_password_manager-2024.7.1.xpi"; - sha256 = "28c505df3b615f6a3c829afdcff74584ddc5eb1d3fb35f9848c18470fad93772"; + url = "https://addons.mozilla.org/firefox/downloads/file/4350677/bitwarden_password_manager-2024.9.0.xpi"; + sha256 = "8c8b97b445fe65cbdd91eda4bd07e8946d6c1b21ac89c771205a3b9225e2ef12"; meta = with lib; { homepage = "https://bitwarden.com"; description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information."; @@ -51,10 +54,10 @@ }; "darkreader" = buildFirefoxXpiAddon { pname = "darkreader"; - version = "4.9.88"; + version = "4.9.92"; addonId = "addon@darkreader.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4317971/darkreader-4.9.88.xpi"; - sha256 = "7a965d5880be9fbf8be81a106acd1968263b1acc2db0add580b30f2dd71954b3"; + url = "https://addons.mozilla.org/firefox/downloads/file/4351387/darkreader-4.9.92.xpi"; + sha256 = "be55b3ea5bab95743d43823d9290fa820035b89c4d07943b568111d837a98226"; meta = with lib; { homepage = "https://darkreader.org/"; description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; @@ -120,10 +123,10 @@ }; "languagetool" = buildFirefoxXpiAddon { pname = "languagetool"; - version = "8.11.2"; + version = "8.11.8"; addonId = "languagetool-webextension@languagetool.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4329853/languagetool-8.11.2.xpi"; - sha256 = "bfac73229d0973370d163cd607ed36ada0aff46d597afee2c334cc58ec431210"; + url = "https://addons.mozilla.org/firefox/downloads/file/4341696/languagetool-8.11.8.xpi"; + sha256 = "2f1489f7180303be730ff2b16d6a432d07017c6cffd3fbfc39f37dc809a25fc8"; meta = with lib; { homepage = "https://languagetool.org"; description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word."; @@ -289,10 +292,10 @@ }; "violentmonkey" = buildFirefoxXpiAddon { pname = "violentmonkey"; - version = "2.20.0"; + version = "2.23.0"; addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4315769/violentmonkey-2.20.0.xpi"; - sha256 = "94fe88507ea47e8cc5ca80b76a6aaec44a486dbfd515a03f82f228dc24d49910"; + url = "https://addons.mozilla.org/firefox/downloads/file/4352761/violentmonkey-2.23.0.xpi"; + sha256 = "b3eadf855b6093376590aa63ae05933c5812e9515c9acf558550a4f2c78ab49b"; meta = with lib; { homepage = "https://violentmonkey.github.io/"; description = "Userscript support for browsers, open source."; diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix index 7b69da4..c694a7f 100644 --- a/modules/firefox/default.nix +++ b/modules/firefox/default.nix @@ -516,6 +516,8 @@ in "browser.protections_panel.infoMessage.seen" = true; "browser.region.update.region" = "US"; "browser.search.region" = "US"; + "browser.search.separatePrivateDefault" = mkForce false; + "browser.search.separatePrivateDefault.ui.enabled" = mkForce false; "browser.search.update" = false; "browser.shell.checkDefaultBrowser" = false; "browser.tabs.closeWindowWithLastTab" = true; @@ -529,6 +531,11 @@ in "browser.toolbars.bookmarks.visibility" = "newtab"; "browser.translations.enable" = false; "browser.urlbar.decodeURLsOnCopy" = true; + "browser.urlbar.suggest.addons" = false; + "browser.urlbar.suggest.bookmark" = true; + "browser.urlbar.suggest.engines" = true; + "browser.urlbar.suggest.history" = true; + "browser.urlbar.suggest.openpage" = true; "browser.warnOnQuitShortcut" = false; "devtools.everOpened" = true; "doh-rollout.home-region" = "US"; diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css index d912e5b..96bb529 100644 --- a/modules/firefox/userContent.css +++ b/modules/firefox/userContent.css @@ -58,27 +58,27 @@ @-moz-document regexp("https?://(.*\.)?github.com.*") { .color-fg-muted.f6.mt-4, /* GitHub profile guide. */ - .flex-order-1.flex-md-order-none, /* Follow button. */ - .js-user-status-item, - .protip, - .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ - .user-status-circle-badge-container, - .user-status-container, - a[href^="/account/choose?action=upgrade"], - a[href^="/collections"], - a[href^="/contact/report-content"], - a[href^="/events"], - a[href^="/explore"], - a[href^="/github-copilot"], - a[href^="/organizations/enterprise"], - a[href^="/settings/enterprises"], - a[href^="/sponsors"], - a[href^="/topics"], - a[href^="/trending"], - a[href^="https://github.com/codespaces"], /* Absolute cringe... */ - button[data-testid="copilot-popover-button"], - details[id^="funding-links-modal"], - footer { + .flex-order-1.flex-md-order-none, /* Follow button. */ + .js-user-status-item, + .protip, + .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ + .user-status-circle-badge-container, + .user-status-container, + a[href^="/account/choose?action=upgrade"], + a[href^="/collections"], + a[href^="/contact/report-content"], + a[href^="/events"], + a[href^="/explore"], + a[href^="/github-copilot"], + a[href^="/organizations/enterprise"], + a[href^="/settings/enterprises"], + a[href^="/sponsors"], + a[href^="/topics"], + a[href^="/trending"], + a[href^="https://github.com/codespaces"], /* Absolute cringe... */ + button[data-testid="copilot-popover-button"], + details[id^="funding-links-modal"], + footer { display: none !important; } diff --git a/modules/git/default.nix b/modules/git/default.nix index eb0021d..27c07c4 100644 --- a/modules/git/default.nix +++ b/modules/git/default.nix @@ -73,7 +73,7 @@ in package = if this.isHeadful then pkgs.gitFull else pkgs.gitMinimal; - userName = my.fullname; + userName = my.username; userEmail = my.email; signing = { inherit (my.pgp) key; @@ -134,6 +134,7 @@ in "nixca" = "gitlab.nixca.dev"; "notabug" = "notabug.org"; "opencode" = "opencode.net"; + "syndicate" = "git.syndicate-lang.org"; "torproject" = "gitlab.torproject.org"; "videolan" = "code.videolan.org"; }; @@ -192,7 +193,6 @@ in { ark.directories = [ config.services.gitolite.dataDir ]; - # FIXME Plausible, go-import, custom favicon, etc. nixfiles.modules.nginx = { enable = true; virtualHosts.${domain}.locations = { }; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index 9f6bff5..841f56a 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -50,7 +50,7 @@ in ''; packages = with pkgs; [ - # element-desktop + element-desktop fd imv libreoffice-fresh @@ -125,12 +125,15 @@ in environment.systemPackages = with pkgs; [ arping dnsutils + eaglemode inetutils ldns lm_sensors socat tcpdump usbutils + anki + audacity ]; my.extraGroups = [ diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix index f739206..5d42df0 100644 --- a/modules/profiles/headless.nix +++ b/modules/profiles/headless.nix @@ -30,13 +30,7 @@ in ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - boot = { - # Pin version to prevent any surprises. Try keeping this up-to-date[1] - # with the latest LTS release + hardened patches (just in case). - # - # [1]: https://kernel.org - kernelPackages = pkgs.linuxPackages_6_6_hardened; # EOL Dec, 2026 - }; + boot.kernelPackages = pkgs.linuxPackages_hardened; nix = { gc = { diff --git a/modules/sing-box.nix b/modules/sing-box.nix new file mode 100644 index 0000000..9fc86eb --- /dev/null +++ b/modules/sing-box.nix @@ -0,0 +1,82 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.sing-box; +in +{ + options.nixfiles.modules.sing-box = { + enable = mkEnableOption ""; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.nixfiles.modules.nginx.enable; + message = "VLESS requires binding to 443"; + } + ]; + + secrets = { + sing-box-shadowsocks-password.file = "${inputs.self}/secrets/sing-box-shadowsocks-password"; + sing-box-shadowsocks-users.file = "${inputs.self}/secrets/sing-box-shadowsocks-users"; + sing-box-vless-tls.file = "${inputs.self}/secrets/sing-box-vless-tls"; + sing-box-vless-users.file = "${inputs.self}/secrets/sing-box-vless-users"; + }; + + services.sing-box = { + enable = true; + settings = { + log = { + level = "warn"; + timestamp = false; + }; + inbounds = [ + { + tag = "shadowsocks"; + type = "shadowsocks"; + listen = "::"; + listen_port = 21515; + method = "2022-blake3-aes-128-gcm"; + password = { + _secret = config.secrets.sing-box-shadowsocks-password.path; + quote = true; + }; + users = { + _secret = config.secrets.sing-box-shadowsocks-users.path; + quote = false; + }; + multiplex.enabled = true; + } + { + tag = "vless"; + type = "vless"; + listen = "::"; + listen_port = 443; + users = { + _secret = config.secrets.sing-box-vless-users.path; + quote = false; + }; + tls = { + _secret = config.secrets.sing-box-vless-tls.path; + quote = false; + }; + } + ]; + outbounds = [ + { + type = "direct"; + } + ]; + }; + }; + + networking.firewall.allowedTCPPorts = map ( + a: a.listen_port + ) config.services.sing-box.settings.inbounds; + }; +} diff --git a/modules/soju.nix b/modules/soju.nix index 58bb271..2060eca 100644 --- a/modules/soju.nix +++ b/modules/soju.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - this, ... }: with lib; @@ -16,7 +15,7 @@ in address = mkOption { description = "Address."; type = with types; str; - default = this.wireguard.ipv4.address; + default = ""; }; port = mkOption { diff --git a/modules/vscode.nix b/modules/vscode.nix index 586a817..393b32f 100644 --- a/modules/vscode.nix +++ b/modules/vscode.nix @@ -77,7 +77,6 @@ in tamasfe.even-better-toml # task.vscode-task # vscode-org-mode.org-mode - ziglang.vscode-zig ] ++ optional cfg.vim.enable vscodevim.vim; @@ -228,11 +227,6 @@ in useSystemClipboard = true; }; - zig.zls = { - checkForUpdate = false; - path = getExe' pkgs.zls "zls"; - }; - redhat.telemetry.enabled = false; }; }; diff --git a/modules/wireguard.nix b/modules/wireguard.nix index f408731..8547f70 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -11,6 +11,15 @@ let cfg = config.nixfiles.modules.wireguard; in { + disabledModules = [ + "services/networking/wireguard.nix" + "services/networking/wg-quick.nix" + ]; + imports = [ + "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wireguard.nix" + "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wg-quick.nix" + ]; + options.nixfiles.modules.wireguard = { client = { enable = mkEnableOption "WireGuard client"; @@ -64,8 +73,8 @@ in _: attr: with attr; { inherit (wireguard) publicKey; allowedIPs = with wireguard; [ - "${ipv4.address}/32" "${ipv6.address}/128" + "${ipv4.address}/32" ]; } ) @@ -123,11 +132,17 @@ in (mkIf cfg.client.enable { networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ (with this.wireguard; { + type = "amneziawg"; privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; address = [ "${ipv4.address}/16" "${ipv6.address}/16" ]; + extraInterfaceConfig = mkIf this.isHeadful '' + Jc = 4 + Jmin = 40 + Jmax = 70 + ''; }) (with cfg.server; { peers = [ @@ -137,21 +152,28 @@ in allowedIPs = if cfg.client.enableTrafficRouting then [ - "0.0.0.0/0" "::/0" + "0.0.0.0/0" ] else [ - cfg.ipv4.subnet cfg.ipv6.subnet + cfg.ipv4.subnet ]; - persistentKeepalive = 25; } ]; dns = [ - ipv4.address ipv6.address - ]; # This assumes that the host has Unbound running. + ipv4.address + ]; + postUp = + let + resolvectl = "${config.systemd.package}/bin/resolvectl"; + in + '' + ${resolvectl} dns ${cfg.interface} ${ipv6.address} ${ipv4.address} + ${resolvectl} domain ${cfg.interface} ${concatStringsSep " " (mapAttrsToList (_: v: v) my.domain)} + ''; }) ]; @@ -159,9 +181,9 @@ in (writeShellApplication { name = "wg-toggle"; runtimeInputs = [ + amneziawg-tools iproute2 jq - wireguard-tools ]; text = '' ip46() { @@ -169,13 +191,13 @@ in sudo ip -6 "$@" } - fwmark=$(sudo wg show ${cfg.interface} fwmark) || exit + fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then - ip46 rule del lookup main suppress_prefixlength 0 - ip46 rule del lookup "$fwmark" + ip46 rule del lookup main suppress_prefixlength 0 + ip46 rule del lookup "$fwmark" else - ip46 rule add not fwmark "$fwmark" lookup "$fwmark" - ip46 rule add lookup main suppress_prefixlength 0 + ip46 rule add not fwmark "$fwmark" lookup "$fwmark" + ip46 rule add lookup main suppress_prefixlength 0 fi ''; }) @@ -185,11 +207,12 @@ in networking = { wireguard = { enable = true; + type = "amneziawg"; interfaces.${cfg.interface} = with cfg.server; { privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; ips = [ - "${ipv4.address}/16" "${ipv6.address}/16" + "${ipv4.address}/16" ]; listenPort = port; inherit peers; |