From 63f085f0b035bee67254918c7b17bcc31984580c Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Wed, 24 Aug 2022 13:46:57 +0300 Subject: 2022-08-24 --- modules/nixfiles/common/default.nix | 2 +- modules/nixfiles/common/nix.nix | 177 --------------------- modules/nixfiles/common/nix/default.nix | 158 ++++++++++++++++++ .../common/nix/patches/alejandra-no-ads.patch | 33 ++++ modules/nixfiles/emacs/default.nix | 18 +-- modules/nixfiles/games/minecraft.nix | 35 +++- modules/nixfiles/nmap.nix | 64 +++++--- .../nixfiles/profiles/dev/containers/default.nix | 14 +- 8 files changed, 280 insertions(+), 221 deletions(-) delete mode 100644 modules/nixfiles/common/nix.nix create mode 100644 modules/nixfiles/common/nix/default.nix create mode 100644 modules/nixfiles/common/nix/patches/alejandra-no-ads.patch (limited to 'modules') diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix index d73ac53..7f60f77 100644 --- a/modules/nixfiles/common/default.nix +++ b/modules/nixfiles/common/default.nix @@ -6,7 +6,7 @@ _: { ./kernel.nix ./locale.nix ./networking.nix - ./nix.nix + ./nix ./secrets.nix ./security.nix ./services.nix diff --git a/modules/nixfiles/common/nix.nix b/modules/nixfiles/common/nix.nix deleted file mode 100644 index 2447d96..0000000 --- a/modules/nixfiles/common/nix.nix +++ /dev/null @@ -1,177 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - pkgsPR, - pkgsRev, - this, - ... -}: -with lib; let - nixfilesSrc = "${config.my.home}/src/nixfiles"; -in { - _module.args = let - importNixpkgs = nixpkgs: - import nixpkgs { - inherit (config.nixpkgs) localSystem crossSystem config; - }; - in rec { - pkgsMaster = importNixpkgs inputs.nixpkgs-master; - pkgsStable = importNixpkgs inputs.nixpkgs-stable; - pkgsRev = rev: sha256: - importNixpkgs (pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - inherit rev sha256; - }); - pkgsPR = pr: pkgsRev "refs/pull/${toString pr}/head"; - pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; - }; - - nix = let - filteredInputs = filterAttrs (n: _: n != "self") inputs; - in { - # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc - extraOptions = '' - extra-experimental-features = ca-derivations - extra-experimental-features = flakes - extra-experimental-features = nix-command - extra-experimental-features = recursive-nix - flake-registry = ${inputs.flake-registry}/flake-registry.json - keep-derivations = true - keep-outputs = true - warn-dirty = false - ''; - - nixPath = - mapAttrsToList (n: v: "${n}=${v}") filteredInputs - ++ ["nixfiles=${nixfilesSrc}"]; - - registry = - mapAttrs (_: flake: {inherit flake;}) filteredInputs - // { - nixfiles.flake = inputs.self; - }; - - settings = { - trusted-users = ["root" "@wheel"]; - - substituters = [ - "https://azahi.cachix.org" - "https://cachix.cachix.org" - "https://mic92.cachix.org" - "https://nix-community.cachix.org" - "https://pre-commit-hooks.cachix.org" - ]; - trusted-public-keys = [ - "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" - ]; - }; - }; - - nixpkgs = { - overlays = with inputs; [ - self.overlays.default - (_: super: - { - # Splitting this into a separate package could be a good PR. - logcli = super.grafana-loki.overrideAttrs (_: _: { - subPackages = ["cmd/logcli"]; - preFixup = ""; - doCheck = false; - }); - - nix-bash-completions = - super.nix-bash-completions.overrideAttrs - (_: _: { - postPatch = '' - substituteInPlace _nix --replace 'nix nixos-option' 'nixos-option' - ''; - }); - - helm = super.kubernetes-helm-wrapped.override { - plugins = with super.kubernetes-helmPlugins; [ - helm-diff - helm-secrets - ]; - }; - - # https://github.com/matrix-org/dendrite/issues/2650 - # Wait till 0.9.4 - dendrite = super.dendrite.overrideAttrs (_: _: { - doCheck = false; - }); - } - // (with super; let - np = nodePackages; - in { - dockerfile-language-server = np.dockerfile-language-server-nodejs; - editorconfig = editorconfig-core-c; - inherit (np) bash-language-server; - inherit (np) vim-language-server; - inherit (np) yaml-language-server; - json-language-server = np.vscode-json-languageserver; - k3d = kube3d; - lua-language-server = sumneko-lua-language-server; - nix-language-server = rnix-lsp; - omnisharp = omnisharp-roslyn; - telepresence = telepresence2; - tor-browser = tor-browser-bundle-bin; - })) - agenix.overlay - emacs-overlay.overlay - nur.overlay - xmonad-ng.overlays.default - ]; - - config.allowUnfree = true; - }; - - environment = { - sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; - - etc = { - nixpkgs.source = inputs.nixpkgs; - - gc-roots.text = - concatMapStrings (x: x + "\n") - (with inputs; [nixpkgs nixpkgs-master nixpkgs-stable]); - }; - - systemPackages = with pkgs; - optionals config.profile.headful [ - (pkgs.nixfiles.override { - nix = config.nix.package; - inherit nixfilesSrc; - }) - nix-top - nix-tree - ]; - }; - - hm.home.file.".nix-defexpr/default.nix".text = - optionalString this.isHeadful - ( - let - hostname = strings.escapeNixIdentifier this.hostname; - in '' - let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - } // configurations // local._module.args - '' - ); -} diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix new file mode 100644 index 0000000..4213a29 --- /dev/null +++ b/modules/nixfiles/common/nix/default.nix @@ -0,0 +1,158 @@ +{ + config, + inputs, + lib, + pkgs, + pkgsPR, + pkgsRev, + this, + ... +}: +with lib; { + _module.args = let + importNixpkgs = nixpkgs: + import nixpkgs { + inherit (config.nixpkgs) localSystem crossSystem config; + }; + in rec { + pkgsMaster = importNixpkgs inputs.nixpkgs-master; + pkgsStable = importNixpkgs inputs.nixpkgs-stable; + pkgsRev = rev: sha256: + importNixpkgs (pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "nixpkgs"; + inherit rev sha256; + }); + pkgsPR = pr: pkgsRev "refs/pull/${toString pr}/head"; + pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; + }; + + nix = let + filteredInputs = filterAttrs (n: _: n != "self") inputs; + in { + # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc + extraOptions = '' + extra-experimental-features = ca-derivations + extra-experimental-features = flakes + extra-experimental-features = nix-command + extra-experimental-features = recursive-nix + flake-registry = ${inputs.flake-registry}/flake-registry.json + keep-derivations = true + keep-outputs = true + warn-dirty = false + ''; + + nixPath = + mapAttrsToList (n: v: "${n}=${v}") filteredInputs + ++ ["nixfiles=${config.my.home}/src/nixfiles"]; + + registry = + mapAttrs (_: flake: {inherit flake;}) filteredInputs + // { + nixfiles.flake = inputs.self; + }; + + settings = { + trusted-users = ["root" "@wheel"]; + + substituters = [ + "https://azahi.cachix.org" + "https://cachix.cachix.org" + "https://mic92.cachix.org" + "https://nix-community.cachix.org" + "https://pre-commit-hooks.cachix.org" + ]; + trusted-public-keys = [ + "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" + "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" + ]; + }; + }; + + nixpkgs = { + overlays = with inputs; [ + self.overlays.default + (_: super: + { + nix-bash-completions = super.nix-bash-completions.overrideAttrs (_: _: { + postPatch = '' + substituteInPlace _nix \ + --replace 'nix nixos-option' 'nixos-option' + ''; + }); + + alejandra = super.alejandra.overrideAttrs (_: _: { + patches = [./patches/alejandra-no-ads.patch]; + }); + + # FIXME https://github.com/NixOS/nixpkgs/pull/187519 + dendrite = super.dendrite.overrideAttrs (_: _: { + doCheck = false; + }); + } + // (with super; let + np = nodePackages; + in { + dockerfile-language-server = np.dockerfile-language-server-nodejs; + editorconfig = editorconfig-core-c; + inherit (np) bash-language-server; + inherit (np) vim-language-server; + inherit (np) yaml-language-server; + json-language-server = np.vscode-json-languageserver; + k3d = kube3d; + lua-language-server = sumneko-lua-language-server; + nix-language-server = rnix-lsp; + omnisharp = omnisharp-roslyn; + tor-browser = tor-browser-bundle-bin; + })) + agenix.overlay + emacs-overlay.overlay + nur.overlay + xmonad-ng.overlays.default + ]; + + config.allowUnfree = true; + }; + + environment = { + sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; + + etc = { + nixpkgs.source = inputs.nixpkgs; + + gc-roots.text = + concatMapStrings (x: x + "\n") + (with inputs; [nixpkgs nixpkgs-master nixpkgs-stable]); + }; + + systemPackages = with pkgs; + optionals config.profile.headful [ + nix-top + nix-tree + ]; + }; + + hm.home.file.".nix-defexpr/default.nix".text = + optionalString this.isHeadful + ( + let + hostname = strings.escapeNixIdentifier this.hostname; + in '' + let + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + } // configurations // local._module.args + '' + ); +} diff --git a/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch b/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch new file mode 100644 index 0000000..6eaac66 --- /dev/null +++ b/modules/nixfiles/common/nix/patches/alejandra-no-ads.patch @@ -0,0 +1,33 @@ +diff --git i/src/alejandra_cli/src/cli.rs w/src/alejandra_cli/src/cli.rs +index bab102c..b90bf1d 100644 +--- i/src/alejandra_cli/src/cli.rs ++++ w/src/alejandra_cli/src/cli.rs +@@ -7,7 +7,6 @@ use futures::future::RemoteHandle; + use futures::stream::FuturesUnordered; + use futures::task::SpawnExt; + +-use crate::ads::random_ad; + use crate::verbosity::Verbosity; + + /// The Uncompromising Nix Code Formatter. +@@ -203,11 +202,6 @@ pub fn main() -> std::io::Result<()> { + (true, false) => "requires formatting", + } + ); +- +- if in_place { +- eprintln!(); +- eprint!("{}", random_ad()); +- } + } + + std::process::exit(if in_place { 0 } else { 2 }); +@@ -218,8 +212,6 @@ pub fn main() -> std::io::Result<()> { + eprintln!( + "Congratulations! Your code complies with the Alejandra style." + ); +- eprintln!(); +- eprint!("{}", random_ad()); + } + + std::process::exit(0); diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index a972060..86db0f7 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -8,8 +8,7 @@ with lib; let cfg = config.nixfiles.modules.emacs; in { - options.nixfiles.modules.emacs.enable = - mkEnableOption "GNU Emacs"; + options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { # TODO Make magit-forge to work with this. @@ -33,16 +32,13 @@ in { programs.doom-emacs = { enable = true; doomPrivateDir = ./doom; - # NOTE NativeComp breaks non-latin fonts and takes a long time to - # perform updates while giving miniscule speed improvements. Emacs is - # still a laggy and slow piece of shit regardless of enabling this flag - # or not. - # emacsPackage = pkgs.emacs28.override {nativeComp = true;}; - emacsPackage = pkgs.emacs28; + emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises. extraPackages = with pkgs; [ mu # :email mu4e ]; extraConfig = let + # NOTE gopls will require a Go executable, which must be provided by + # the project's flake. extraBins = with pkgs; [ (aspellWithDicts (p: with p; [en ru])) # :checkers spell (+aspell) asmfmt # :editor format @@ -81,6 +77,7 @@ in { python3Packages.isort # :lang python python3Packages.pyflakes # :lang python ripgrep # core + rust-analyzer # :lang rust shellcheck # :lang sh shfmt # :lang sh :editor format sqlite # :lang (org +roam2) :tools lookup @@ -115,9 +112,8 @@ in { circe-default-realname "${my.fullname}" circe-default-user circe-default-nick) - (setq doom-font (font-spec - :family "${config.fontScheme.monospaceFont.family}" - :size ${toString config.fontScheme.monospaceFont.size}) + (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" + :size ${toString config.fontScheme.monospaceFont.size}) doom-unicode-font doom-font) ''; }; diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix index 4825a7b..3936eaa 100644 --- a/modules/nixfiles/games/minecraft.nix +++ b/modules/nixfiles/games/minecraft.nix @@ -10,7 +10,15 @@ with lib; let in { options.nixfiles.modules.games.minecraft = { client.enable = mkEnableOption "Minecraft client"; - server.enable = mkEnableOption "Minecraft server"; + server = { + enable = mkEnableOption "Minecraft server"; + + memory = mkOption { + description = "Amount of RAM to allocate."; + type = types.str; + default = "2G"; + }; + }; }; # Configurations, opslist, whitelist and plugins are managed imperatively. @@ -30,7 +38,30 @@ in { package = (pkgsPR "187458" "sha256-kOYkuXvcmqt8Lsh0yMr8reurzU1qTrzh0Z/Tjan0IF0=").papermc; # TODO Make PR fixing trailing whitespace on this. - jvmOpts = mkDefault "-Xmx4096M -Xms4096M "; + jvmOpts = + (concatStringsSep " " [ + "-Xmx${cfg.server.memory}" + "-Xms${cfg.server.memory}" + # "-XX:+AlwaysPreTouch" + # "-XX:+DisableExplicitGC" + # "-XX:+ParallelRefProcEnabled" + # "-XX:+PerfDisableSharedMem" + # "-XX:+UnlockExperimentalVMOptions" + # "-XX:+UseG1GC" + # "-XX:G1HeapRegionSize=8M" + # "-XX:G1HeapWastePercent=5" + # "-XX:G1MaxNewSizePercent=40" + # "-XX:G1MixedGCCountTarget=4" + # "-XX:G1MixedGCLiveThresholdPercent=90" + # "-XX:G1NewSizePercent=30" + # "-XX:G1RSetUpdatingPauseTimePercent=5" + # "-XX:G1ReservePercent=20" + # "-XX:InitiatingHeapOccupancyPercent=15" + # "-XX:MaxGCPauseMillis=200" + # "-XX:MaxTenuringThreshold=1" + # "-XX:SurvivorRatio=32" + ]) + + " "; openFirewall = true; }; diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 56ac88f..27a36bb 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -11,31 +11,49 @@ in { options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; config = mkIf cfg.enable { - hm.home = { - file = { - ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse"; - ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; + hm = { + home = { + file = { + ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse"; + ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; + }; + + packages = with pkgs; [nmap nmap-formatter]; + + activation.regenerateNmapScriptDatabase = with pkgs; '' + # TODO Add an update timestamp and pull files only when they are old. + # declare -a vulscandbs=( + # "cve" + # "exploitdb" + # "openvas" + # "osvdb" + # "scipvuldb" + # "securityfocus" + # "securitytracker" + # "xforce" + # ) + # for i in "''${vulscandbs[@]}"; do + # ${curl}/bin/curl \ + # -o "$HOME/.nmap/scripts/vulscan/$i.csv" \ + # "https://www.computec.ch/projekte/vulscan/download/$i.csv" + # done + + ${nmap}/bin/nmap --script-updatedb + ''; }; - packages = with pkgs; [nmap nmap-formatter]; - activation.regenerateNmapScriptDatabase = with pkgs; '' - # declare -a vulscandbs=( - # "cve" - # "exploitdb" - # "openvas" - # "osvdb" - # "scipvuldb" - # "securityfocus" - # "securitytracker" - # "xforce" - # ) - # for i in "''${vulscandbs[@]}"; do - # ${curl}/bin/curl \ - # -o "$HOME/.nmap/scripts/vulscan/$i.csv" \ - # "https://www.computec.ch/projekte/vulscan/download/$i.csv" - # done - ${nmap}/bin/nmap --script-updatedb - ''; + programs.bash = { + shellAliases = let + base = "${pkgs.nmap}/bin/nmap -sV"; + in { + nmap-vulscan = "${base} --script=vulscan/vulscan.nse"; + nmap-vulners = "${base} --script=vulners/vulners.nse"; + }; + initExtra = mkAfter '' + _complete_alias nmap-vulscan _nmap nmap + _complete_alias nmap-vulners _nmap nmap + ''; + }; }; }; } diff --git a/modules/nixfiles/profiles/dev/containers/default.nix b/modules/nixfiles/profiles/dev/containers/default.nix index 3196654..b533626 100644 --- a/modules/nixfiles/profiles/dev/containers/default.nix +++ b/modules/nixfiles/profiles/dev/containers/default.nix @@ -19,14 +19,14 @@ in { hm = { home = { sessionVariables = { - MINIKUBE_IN_STYLE = "false"; - WERF_DEV = "true"; - WERF_INSECURE_REGISTRY = "true"; - WERF_LOG_DEBUG = "true"; - WERF_LOG_PRETTY = "false"; - WERF_LOG_VERBOSE = "true"; + MINIKUBE_IN_STYLE = false; + WERF_DEV = true; + WERF_INSECURE_REGISTRY = true; + WERF_LOG_DEBUG = true; + WERF_LOG_PRETTY = false; + WERF_LOG_VERBOSE = true; WERF_SYNCHRONIZATION = ":local"; - WERF_TELEMETRY = 0; + WERF_TELEMETRY = false; }; file.".minikube/config/config.json".text = generators.toJSON {} { -- cgit 1.4.1