xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: xun:19b47e19e2c2b014ee90dcf90c22a7f0982fd497
Branches Tags
xun:master
..
compare: xun:89153ffefe3cbb300a7bae1968a4f86a8654f11d
Branches Tags
xun:master

5 commits
19b47e19e2 ... 89153ffefe

Author SHA1 Message Date
xunuwu
89153ffefe
use krunker package from nixpkgs 2025-06-19 02:23:09 +02:00
xunuwu
f9a2243893
add wayland crosshair thing 2025-06-19 02:20:09 +02:00
xunuwu
ef0d4ee223
update Justfile to use new names for nixos-rebuild options 2025-06-19 00:57:42 +02:00
xunuwu
d1df4951ad
move wireguard peers list to vars thing 2025-06-19 00:37:54 +02:00
xunuwu
c1feb04fcc
update flake.lock 2025-06-18 23:06:57 +02:00
9 changed files with 224 additions and 146 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Justfile
View file

@ -1,9 +1,7 @@
hostname := `hostname`
local OPERATION *FLAGS:
nixos-rebuild \
--flake .#{{hostname}} \
--use-remote-sudo \
--flake .# \
--sudo \
{{FLAGS}} \
{{OPERATION}}
@ -12,9 +10,9 @@ updatekeys:
remote OPERATION HOST REMOTEHOST *FLAGS:
nixos-rebuild \
--fast \
--no-reexec \
--flake .#{{HOST}} \
--target-host {{REMOTEHOST}} \
--use-remote-sudo \
--sudo \
{{FLAGS}} \
{{OPERATION}}

159
flake.lock generated
View file

@ -68,6 +68,21 @@
}
},
"crane": {
"locked": {
"lastModified": 1750266157,
"narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=",
"owner": "ipetkov",
"repo": "crane",
"rev": "e37c943371b73ed87faf33f7583860f81f1d5a48",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1745454774,
"narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=",
@ -82,7 +97,7 @@
"type": "github"
}
},
"crane_2": {
"crane_3": {
"locked": {
"lastModified": 1742394900,
"narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=",
@ -97,6 +112,28 @@
"type": "github"
}
},
"crosshair-overlay": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1750290749,
"narHash": "sha256-Wd6BlAKF9h8cN+V0BYRXyhdIhoAWV9C0IX5y+RhiVZQ=",
"ref": "refs/heads/master",
"rev": "20693cdf66818e5644b538ccf9acacc82a2828e2",
"revCount": 6,
"type": "git",
"url": "https://git.xunuwu.xyz/xun/crosshair-overlay"
},
"original": {
"type": "git",
"url": "https://git.xunuwu.xyz/xun/crosshair-overlay"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -104,11 +141,11 @@
]
},
"locked": {
"lastModified": 1749436314,
"narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=",
"lastModified": 1750040002,
"narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=",
"owner": "nix-community",
"repo": "disko",
"rev": "dfa4d1b9c39c0342ef133795127a3af14598017a",
"rev": "7f1857b31522062a6a00f88cbccf86b43acceed1",
"type": "github"
},
"original": {
@ -125,11 +162,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1749441800,
"narHash": "sha256-bN4tccrmczfR4PUuepHpxNNmWG3cLZTFIt4BaD8YyvA=",
"lastModified": 1750219402,
"narHash": "sha256-b3y7V7db0VwLGtpcLRmT1Aa9dpAKoHQdem55UhgB/fw=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "fe13e6abfe72b39ad8381595c3c404849330c3cb",
"rev": "a00ce73b626ed274fbfe9f51627861e140b08f6d",
"type": "gitlab"
},
"original": {
@ -243,11 +280,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
@ -359,7 +396,25 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
@ -505,11 +560,11 @@
},
"hardware": {
"locked": {
"lastModified": 1749195551,
"narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=",
"lastModified": 1750083401,
"narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "4602f7e1d3f197b3cb540d5accf5669121629628",
"rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad",
"type": "github"
},
"original": {
@ -569,11 +624,11 @@
]
},
"locked": {
"lastModified": 1749400020,
"narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=",
"lastModified": 1750127463,
"narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f",
"rev": "28eef8722d1af18ca13e687dbf485e1c653a0402",
"type": "github"
},
"original": {
@ -648,11 +703,11 @@
]
},
"locked": {
"lastModified": 1749348095,
"narHash": "sha256-4KaUocEPNoU6gpFE6WPLMvMK5tmvJyc0qf84Mp8Chlw=",
"lastModified": 1750211919,
"narHash": "sha256-wmx5ci3SSR5QgrnA35ozjAQu6HiC5Vl8s5qRRCOTWmQ=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "4221d80488883c40003f0704af78699a583f0c9f",
"rev": "6a0dc614977835c664c3849a59303c3234f57808",
"type": "github"
},
"original": {
@ -668,11 +723,11 @@
]
},
"locked": {
"lastModified": 1749355504,
"narHash": "sha256-L17CdJMD+/FCBOHjREQLXbe2VUnc3rjffenBbu2Kwpc=",
"lastModified": 1749960154,
"narHash": "sha256-EWlr9MZDd+GoGtZB4QsDzaLyaDQPGnRY03MFp6u2wSg=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "40a6e15e44b11fbf8f2b1df9d64dbfc117625e94",
"rev": "424a40050cdc5f494ec45e46462d288f08c64475",
"type": "github"
},
"original": {
@ -684,17 +739,17 @@
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1749435098,
"narHash": "sha256-8U85+jkZGjQs0YZ4ryuIvPEjIY905AueoTqm104lUSU=",
"lastModified": 1750212369,
"narHash": "sha256-QXZc1il1KSGTtARN5ZI6wx1HxCXjEFZXsRZWl5+tOLc=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "8f383663f62afaaa79aec68a076c092da80f706f",
"rev": "886fbf6b49af5754ed096e04f97fd9d87f0fd7e0",
"type": "github"
},
"original": {
@ -705,11 +760,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1749285348,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"lastModified": 1750134718,
"narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c",
"type": "github"
},
"original": {
@ -819,7 +874,7 @@
},
"roblox-playtime": {
"inputs": {
"crane": "crane",
"crane": "crane_2",
"nixpkgs": [
"nixpkgs"
],
@ -841,6 +896,7 @@
},
"root": {
"inputs": {
"crosshair-overlay": "crosshair-overlay",
"disko": "disko",
"firefox-addons": "firefox-addons",
"flake-parts": "flake-parts",
@ -889,11 +945,11 @@
]
},
"locked": {
"lastModified": 1747603214,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"lastModified": 1750119275,
"narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
"type": "github"
},
"original": {
@ -920,7 +976,7 @@
"nixpkgs"
],
"nur": "nur",
"systems": "systems_3",
"systems": "systems_4",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -928,11 +984,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1749398498,
"narHash": "sha256-Usx6sGnT/D8ZnWiZg+J1OY3dp4ZssMQiN1XeXcsL/cs=",
"lastModified": 1750205637,
"narHash": "sha256-49wV81h1jnHJky1XNHfgwxNA0oCwSTLMz4hhrtWCM8A=",
"owner": "danth",
"repo": "stylix",
"rev": "5869510e48e64d916dc6905dc664a02b0f85f1bd",
"rev": "82323751bcd45579c8d3a5dd05531c3c2a78e347",
"type": "github"
},
"original": {
@ -1001,6 +1057,21 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
@ -1128,7 +1199,7 @@
},
"utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
@ -1146,11 +1217,11 @@
},
"vpn-confinement": {
"locked": {
"lastModified": 1743810720,
"narHash": "sha256-kbv/W4gizUSa6qH2rUQdgPj9AJaeN9k2XSWUYqj7IMU=",
"lastModified": 1749672087,
"narHash": "sha256-j8LG0s0QcvNkZZLcItl78lvTZemvsScir0dG3Ii4B1c=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "74ae51e6d18b972ecc918ab43e8bde60c21a65d8",
"rev": "880b3bd2c864dce4f6afc79f6580ca699294c011",
"type": "github"
},
"original": {
@ -1161,8 +1232,8 @@
},
"wayland-appusage": {
"inputs": {
"crane": "crane_2",
"flake-utils": "flake-utils_2",
"crane": "crane_3",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]

9
flake.nix
View file

@ -13,7 +13,11 @@
};
systemProfiles = _load ./sys/profiles;
homeProfiles = _load ./home;
vars = import ./vars;
vars = haumea.lib.load {
src = ./vars;
inputs.lib = nixpkgs.lib;
transformer = haumea.lib.transformers.liftDefault;
};
l = nixpkgs.lib;
b = builtins;
in
@ -108,5 +112,8 @@
own-website.url = "github:xunuwu/xunuwu.xyz";
own-website.inputs.nixpkgs.follows = "nixpkgs";
crosshair-overlay.url = "git+https://git.xunuwu.xyz/xun/crosshair-overlay";
crosshair-overlay.inputs.nixpkgs.follows = "nixpkgs";
};
}

1
hosts/nixdesk/default.nix
View file

@ -117,6 +117,7 @@
"rider"
"idea-ultimate"
"android-studio-stable"
"krunker"
"stremio-shell"
"stremio-server"

8
hosts/nixdesk/home.nix
View file

@ -155,7 +155,13 @@
rpcs3 # ps3 emu
prismlauncher
inputs.sobercookie.packages.${pkgs.system}.default
self.packages.${pkgs.system}.krunker
krunker
(writeScriptBin "crosshair-overlay" ''
${lib.getExe bubblewrap} \
--ro-bind / / \
--chdir "$XDG_PICTURES_DIR" \
-- ${inputs.crosshair-overlay.packages.${pkgs.system}.default}/bin/crosshair-overlay $@
'')
];
home = {

110
hosts/rackserv/profiles/wireguard-server.nix
View file

@ -1,58 +1,51 @@
{
pkgs,
config,
lib,
vars,
...
}: {
}: let
peers = vars.hosts.rackserv.wireguardPeers;
in {
networking.firewall = let
forwardPorts = {
"10.0.0.2" =
[24001 24002 24003]
|> map (n: {
protocols = ["tcp"];
port = n;
});
"10.0.0.3" =
lib.range 23000 23010
|> map (n: {
protocols = ["tcp" "udp"];
port = n;
});
"10.0.0.4" = [
{
protocols = ["tcp"];
port = 22000;
}
];
};
externalIp = "172.245.52.19";
b = builtins;
portsList = b.attrValues forwardPorts |> b.concatLists;
portsAndIpsList = lib.mapAttrsToList (n: v: map (x: x // {destinationIp = n;}) v) forwardPorts |> b.concatLists;
isIpv4 = ip: b.match "([0-9]{1,3}\.){3}[0-9]{1,3}" ip != null;
forPortIps = f:
lib.concatStrings (
b.concatMap (
peer:
lib.cartesianProduct {
IP = peer.IPs;
port = peer.OpenPorts;
}
|> b.filter (x: isIpv4 x.IP)
|> map f
)
peers
);
getPortsWithProtocol = protocol:
b.concatMap (peer:
peer.OpenPorts
|> b.filter (portInfo: portInfo.protocol == protocol)
|> map (portInfo: portInfo.port))
peers;
in {
allowedTCPPorts = b.filter (x: b.elem "tcp" x.protocols) portsList |> map (x: x.port);
allowedUDPPorts = [51820] ++ (b.filter (x: b.elem "udp" x.protocols) portsList |> map (x: x.port));
extraCommands =
portsAndIpsList
|> map (x:
x.protocols
|> map (protocol: ''
iptables -t nat -A PREROUTING -p ${protocol} -d ${externalIp} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp}
iptables -t nat -A POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19
''))
|> b.concatLists
|> b.concatStringsSep "\n";
extraStopCommands =
portsAndIpsList
|> map (x:
x.protocols
|> map (protocol: ''
iptables -t nat -D PREROUTING -p ${protocol} -d ${externalIp} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp} || true
iptables -t nat -D POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19
''))
|> b.concatLists
|> b.concatStringsSep "\n";
allowedTCPPorts = getPortsWithProtocol "tcp";
allowedUDPPorts = getPortsWithProtocol "udp";
extraCommands = forPortIps ({
IP,
port,
}: ''
iptables -t nat -A PREROUTING -p ${port.protocol} -d ${externalIp} --dport ${toString port.port} -j DNAT --to-destination ${IP}
iptables -t nat -A POSTROUTING -p ${port.protocol} -d ${IP} --dport ${toString port.port} -j SNAT --to-source ${externalIp}
'');
extraStopCommands = forPortIps ({
IP,
port,
}: ''
iptables -t nat -D PREROUTING -p ${port.protocol} -d ${externalIp} --dport ${toString port.port} -j DNAT --to-destination ${IP} || true
iptables -t nat -D POSTROUTING -p ${port.protocol} -d ${IP} --dport ${toString port.port} -j SNAT --to-source ${externalIp} || true
'');
interfaces.wg0 = {
allowedUDPPorts = [53];
@ -72,23 +65,12 @@
PrivateKeyFile = config.sops.secrets.wireguard-privatekey.path;
RouteTable = "main";
};
wireguardPeers = [
{
# hopper
PublicKey = "P5W5/m9VnWcbdR6e3rs4Yars4Qb2rPjkRmCAbgja4Ug=";
AllowedIPs = ["10.0.0.2" "fd12:1e51:ca23::2"];
}
{
# nixdesk
PublicKey = "DMauL/fv08yXvVtyStsUfg/OM+ZJwMNvguQ59X/KU2Q=";
AllowedIPs = ["10.0.0.3" "fd12:1e51:ca23::3"];
}
{
# alka
PublicKey = "Q90dKQtQTu8RLgkPau7/Y5fY3PVstP0bL6ey3zrdS18=";
AllowedIPs = ["10.0.0.4" "fd12:1e51:ca23::3"];
}
];
wireguardPeers =
map (peer: {
inherit (peer) PublicKey;
AllowedIPs = peer.IPs;
})
peers;
};
};

1
pkgs/default.nix
View file

@ -1,7 +1,6 @@
{pkgs, ...}: {
packages = {
binaryninja-personal = pkgs.qt6Packages.callPackage ./binaryninja-personal {};
krunker = pkgs.callPackage ./krunker {};
ida-pro = pkgs.callPackage ./ida-pro {};
cartograph-cf = pkgs.callPackage ./cartograph-cf {};
keyboard-state = pkgs.callPackage ./keyboard-state {};

29
pkgs/krunker/default.nix
View file

@ -1,29 +0,0 @@
{
appimageTools,
imagemagick,
fetchurl,
}: let
pname = "krunker";
version = "1626868370902057";
src = fetchurl {
url = "https://client2.krunker.io/setup.AppImage";
sha256 = "sha256-yG8E3a6AaX0TBK23TlBBLmiCfqzS8FldTfl7As4Dcvo=";
};
appimageContents = appimageTools.extract {
inherit pname src version;
};
in
appimageTools.wrapType2 {
inherit pname src version;
extraInstallCommands = ''
for i in 16 24 48 64 96 128 256 512; do
mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps
${imagemagick}/bin/convert -background none -resize ''${i}x ${appimageContents}/io.krunker.desktop.png $out/share/icons/hicolor/''${i}x''${i}/apps/io.krunker.desktop.png
done
install -m 444 -D ${appimageContents}/io.krunker.desktop.desktop $out/share/applications/krunker.desktop
substituteInPlace $out/share/applications/krunker.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}' \
--replace 'Name=Official Krunker.io Client' 'Name=Krunker.io'
'';
}

43
vars/hosts/rackserv.nix Normal file
View file

@ -0,0 +1,43 @@
{lib, ...}: {
wireguardPeers = [
{
# hopper
IPs = ["10.0.0.2" "fd12:1e51:ca23::2"];
PublicKey = ["P5W5/m9VnWcbdR6e3rs4Yars4Qb2rPjkRmCAbgja4Ug="];
OpenPorts =
[24001 24002 24003]
|> map (port: {
inherit port;
protocol = "tcp";
});
}
{
# nixdesk
IPs = ["10.0.0.3" "fd12:1e51:ca23::3"];
PublicKey = "DMauL/fv08yXvVtyStsUfg/OM+ZJwMNvguQ59X/KU2Q=";
OpenPorts =
lib.range 23000 23010
|> builtins.concatMap (port: [
{
inherit port;
protocol = "tcp";
}
{
inherit port;
protocol = "udp";
}
]);
}
{
# alka
IPs = ["10.0.0.4" "fd12:1e51:ca23::3"];
PublicKey = "Q90dKQtQTu8RLgkPau7/Y5fY3PVstP0bL6ey3zrdS18=";
OpenPorts = [
{
protocol = "tcp";
port = 22000;
}
];
}
];
}