atagen/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

it is what it is

Browse source
This commit is contained in:
atagen 2023-01-09 12:55:33 +11:00
parent 06b48475d8
commit 2faec8579a
5 changed files with 100 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

41
flake.nix
View file

@ -1,41 +0,0 @@
{
description = "the fabled ryzen build";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { nixpkgs, home-manager, ... }@inputs:
let
inherit (nixpkgs) lib;
util = import ./lib {
inherit system pkgs home-manager lib; overlays = (pkgs.overlays);
};
inherit (util) user;
inherit (util) host;
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ ];
};
system = "x86_64-linux";
in
{
homeManagerConfigurations = {
bolt = user.mkHMUser {
};
};
nixosConfigurations = {
quiver = host.mkHost {
};
};
};
}

48
home/home.nix
View file

@ -63,7 +63,53 @@
(callPackage ./homepkgs/culr.nix { })
];
# bat nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium-url-handler.desktop
# nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium.desktop
# ───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
# │ File: nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium-url-handler.desktop
# ───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
# 1 │ [Desktop Entry]
# 2 │ Categories=Utility;TextEditor;Development;IDE
# 3 │ Comment=Code Editing. Redefined.
# 4 │ Exec=codium --open-url %U
# 5 │ GenericName=Text Editor
# 6 │ Icon=code
# 7 │ Keywords=vscode
# 8 │ MimeType=x-scheme-handler/vscode
# 9 │ Name=VSCodium - URL Handler
# 10 │ NoDisplay=true
# 11 │ StartupNotify=true
# 12 │ Type=Application
# 13 │ Version=1.4
# ───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
# zsh: permission denied: nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium.desktop
# bat nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium-url-handler.desktop
# nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium.deskt
# bat nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium.desktop
# ───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
# │ File: nix/store/101r0xh4c4y8hkcwx6vpbvp9d8nyg596-home-manager-path/share/applications/codium.desktop
# ───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
# 1 │ [Desktop Entry]
# 2 │ Actions=new-empty-window
# 3 │ Categories=Utility;TextEditor;Development;IDE
# 4 │ Comment=Code Editing. Redefined.
# 5 │ Exec=codium %F
# 6 │ GenericName=Text Editor
# 7 │ Icon=code
# 8 │ Keywords=vscode
# 9 │ MimeType=text/plain;inode/directory
# 10 │ Name=VSCodium
# 11 │ StartupNotify=true
# 12 │ StartupWMClass=vscodium
# 13 │ Type=Application
# 14 │ Version=1.4
# 15 │
# 16 │ [Desktop Action new-empty-window]
# 17 │ Exec=codium --new-window %F
# 18 │ Icon=code
# 19 │ Name=New Empty Window
# ───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
#
programs.direnv = {
enable = true;
nix-direnv = {

17
home/homepkgs/culr.nix
View file

@ -4,18 +4,19 @@ rustPlatform.buildRustPackage rec {
pname = "culr";
version = "0.1.0";
src = fetchFromGitea {
domain = "git.atagen.co";
owner = "atagen";
repo = pname;
rev = "d5a7fe6df6";
sha256 = "sha256-S2JwubuVFj/ZXemcJyZv9pAbM0rSi5CauE9vtJBgspw=";
};
src = /home/bolt/Code/culr;
# src = fetchFromGitea {
# domain = "git.atagen.co";
# owner = "atagen";
# repo = pname;
# rev = "d5a7fe6df6";
# sha256 = "sha256-S2JwubuVFj/ZXemcJyZv9pAbM0rSi5CauE9vtJBgspw=";
# };
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libX11 ];
cargoSha256 = "sha256-d8MshgH3EppKR80fULU5kraJzrkG57KApzcJM2muvIE=";
cargoSha256 = "sha256-Vnhni8tckrexlJ85gfSDEAVWhH6oVHn9/z2O2OIVR5o=";
meta = with lib; {
description = "colourise piped input";

84
system/configuration.nix
View file

@ -87,6 +87,7 @@
services.resolved = {
enable = true;
fallbackDns = [ "103.1.206.179" "168.138.8.38" "168.138.12.137" ];
dnssec = "false";
};
@ -110,15 +111,11 @@
services.tailscale.enable = true;
services.mullvad-vpn.enable = true;
environment.systemPackages = with pkgs; [
rnix-lsp
tailscale
mullvad
mullvad-vpn
cachix
@ -131,57 +128,46 @@
git
zsh
nix-index
comma
];
networking.nftables = {
enable = true;
ruleset = ''
table inet mullvad-ts {
chain exclude-outgoing {
type route hook output priority 0; policy accept;
ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
ip daddr 100.100.100.100 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
networking.wg-quick.interfaces = {
mullvad = {
address = [ "10.66.224.186/32" ];
dns = [ "10.64.0.1" ];
privateKey = "WD0CNYazB8D19SJvwz/TdPqoWgWCGfTwA7mim16q7UM=";
peers = [
{
publicKey = "kOpdNLq/ePrlc2wXGinRvbQWRhy755cZ4G4S7xwsKiw=";
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "43.245.162.234:51820";
persistentKeepalive = 25;
}
chain allow-incoming {
type filter hook input priority -10; policy accept;
iif "tailscale0" ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
chain exclude-dns {
type filter hook output priority -10; policy accept;
ip daddr 100.100.100.100 udp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
ip daddr 100.100.100.100 tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
}
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state invalid counter drop comment "early drop of invalid packets"
ct state {established, related} counter accept comment "accept all connections related to connections made by us"
iifname "tailscale0" accept comment "allow all tailscale packets"
iif lo accept comment "accept loopback"
ip protocol icmp counter accept comment "accept all ICMP types"
ip6 nexthdr icmpv6 counter accept comment "accept all ICMP types"
tcp dport 22 counter accept comment "accept SSH"
counter comment "count dropped packets"
}
chain forward {
type filter hook forward priority 0; policy drop;
}
}
'';
];
};
};
networking.firewall.enable = false;
# networking.firewall = {
# trustedInterfaces = [ "tailscale0" ];
# checkReversePath = "loose";
# };
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
systemd.services.fixNetworkingForTailscaleGodDamnit = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "wg-quick-mullvad.service" ];
description = "fix the damn routing table";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = ''${pkgs.bash}/bin/bash -c 'if [[ "$( ${pkgs.iproute2}/bin/ip rule | grep -e "62:.*52" | wc -l)" -eq 0 ]]; then ${pkgs.iproute2}/bin/ip rule add pref 62 table 52; fi'''';
# ExecStop = ''${pkgs.iproute2}/bin/ip rule del pref 62 table 52'';
};
};
system.stateVersion = "22.05"; # Did you read the comment?

9
system/quiver.nix
View file

@ -44,8 +44,17 @@
ExecStart = ''${pkgs.openrgb}/bin/openrgb -c 000000'';
};
};
services.ananicy = {
enable = true;
package = pkgs.ananicy-cpp;
settings = {
check_freq = 5;
};
};
hardware.ckb-next.enable = true;
environment.systemPackages = with pkgs; [
xdg-desktop-portal-kde
ckb-next