diff --git a/Justfile b/Justfile index a736301..1bdd02d 100644 --- a/Justfile +++ b/Justfile @@ -1,7 +1,9 @@ +hostname := `hostname` + local OPERATION *FLAGS: nixos-rebuild \ - --flake .# \ - --sudo \ + --flake .#{{hostname}} \ + --use-remote-sudo \ {{FLAGS}} \ {{OPERATION}} @@ -10,9 +12,9 @@ updatekeys: remote OPERATION HOST REMOTEHOST *FLAGS: nixos-rebuild \ - --no-reexec \ + --fast \ --flake .#{{HOST}} \ --target-host {{REMOTEHOST}} \ - --sudo \ + --use-remote-sudo \ {{FLAGS}} \ {{OPERATION}} diff --git a/flake.lock b/flake.lock index 7e907ce..cd246d3 100644 --- a/flake.lock +++ b/flake.lock @@ -68,21 +68,6 @@ } }, "crane": { - "locked": { - "lastModified": 1750266157, - "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", - "owner": "ipetkov", - "repo": "crane", - "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "locked": { "lastModified": 1745454774, "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", @@ -97,7 +82,7 @@ "type": "github" } }, - "crane_3": { + "crane_2": { "locked": { "lastModified": 1742394900, "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", @@ -112,28 +97,6 @@ "type": "github" } }, - "crosshair-overlay": { - "inputs": { - "crane": "crane", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1750290749, - "narHash": "sha256-Wd6BlAKF9h8cN+V0BYRXyhdIhoAWV9C0IX5y+RhiVZQ=", - "ref": "refs/heads/master", - "rev": "20693cdf66818e5644b538ccf9acacc82a2828e2", - "revCount": 6, - "type": "git", - "url": "https://git.xunuwu.xyz/xun/crosshair-overlay" - }, - "original": { - "type": "git", - "url": "https://git.xunuwu.xyz/xun/crosshair-overlay" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -141,11 +104,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -162,11 +125,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750219402, - "narHash": "sha256-b3y7V7db0VwLGtpcLRmT1Aa9dpAKoHQdem55UhgB/fw=", + "lastModified": 1749441800, + "narHash": "sha256-bN4tccrmczfR4PUuepHpxNNmWG3cLZTFIt4BaD8YyvA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a00ce73b626ed274fbfe9f51627861e140b08f6d", + "rev": "fe13e6abfe72b39ad8381595c3c404849330c3cb", "type": "gitlab" }, "original": { @@ -280,11 +243,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", "type": "github" }, "original": { @@ -396,25 +359,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -560,11 +505,11 @@ }, "hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -624,11 +569,11 @@ ] }, "locked": { - "lastModified": 1750127463, - "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", + "lastModified": 1749400020, + "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", "owner": "nix-community", "repo": "home-manager", - "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", + "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", "type": "github" }, "original": { @@ -703,11 +648,11 @@ ] }, "locked": { - "lastModified": 1750211919, - "narHash": "sha256-wmx5ci3SSR5QgrnA35ozjAQu6HiC5Vl8s5qRRCOTWmQ=", + "lastModified": 1749348095, + "narHash": "sha256-4KaUocEPNoU6gpFE6WPLMvMK5tmvJyc0qf84Mp8Chlw=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "6a0dc614977835c664c3849a59303c3234f57808", + "rev": "4221d80488883c40003f0704af78699a583f0c9f", "type": "github" }, "original": { @@ -723,11 +668,11 @@ ] }, "locked": { - "lastModified": 1749960154, - "narHash": "sha256-EWlr9MZDd+GoGtZB4QsDzaLyaDQPGnRY03MFp6u2wSg=", + "lastModified": 1749355504, + "narHash": "sha256-L17CdJMD+/FCBOHjREQLXbe2VUnc3rjffenBbu2Kwpc=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "424a40050cdc5f494ec45e46462d288f08c64475", + "rev": "40a6e15e44b11fbf8f2b1df9d64dbfc117625e94", "type": "github" }, "original": { @@ -739,17 +684,17 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1750212369, - "narHash": "sha256-QXZc1il1KSGTtARN5ZI6wx1HxCXjEFZXsRZWl5+tOLc=", + "lastModified": 1749435098, + "narHash": "sha256-8U85+jkZGjQs0YZ4ryuIvPEjIY905AueoTqm104lUSU=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "886fbf6b49af5754ed096e04f97fd9d87f0fd7e0", + "rev": "8f383663f62afaaa79aec68a076c092da80f706f", "type": "github" }, "original": { @@ -760,11 +705,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -874,7 +819,7 @@ }, "roblox-playtime": { "inputs": { - "crane": "crane_2", + "crane": "crane", "nixpkgs": [ "nixpkgs" ], @@ -896,7 +841,6 @@ }, "root": { "inputs": { - "crosshair-overlay": "crosshair-overlay", "disko": "disko", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", @@ -945,11 +889,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -976,7 +920,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -984,11 +928,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1750205637, - "narHash": "sha256-49wV81h1jnHJky1XNHfgwxNA0oCwSTLMz4hhrtWCM8A=", + "lastModified": 1749398498, + "narHash": "sha256-Usx6sGnT/D8ZnWiZg+J1OY3dp4ZssMQiN1XeXcsL/cs=", "owner": "danth", "repo": "stylix", - "rev": "82323751bcd45579c8d3a5dd05531c3c2a78e347", + "rev": "5869510e48e64d916dc6905dc664a02b0f85f1bd", "type": "github" }, "original": { @@ -1057,21 +1001,6 @@ "type": "github" } }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tinted-foot": { "flake": false, "locked": { @@ -1199,7 +1128,7 @@ }, "utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -1217,11 +1146,11 @@ }, "vpn-confinement": { "locked": { - "lastModified": 1749672087, - "narHash": "sha256-j8LG0s0QcvNkZZLcItl78lvTZemvsScir0dG3Ii4B1c=", + "lastModified": 1743810720, + "narHash": "sha256-kbv/W4gizUSa6qH2rUQdgPj9AJaeN9k2XSWUYqj7IMU=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "880b3bd2c864dce4f6afc79f6580ca699294c011", + "rev": "74ae51e6d18b972ecc918ab43e8bde60c21a65d8", "type": "github" }, "original": { @@ -1232,8 +1161,8 @@ }, "wayland-appusage": { "inputs": { - "crane": "crane_3", - "flake-utils": "flake-utils_3", + "crane": "crane_2", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 6abc621..a8e522a 100644 --- a/flake.nix +++ b/flake.nix @@ -13,11 +13,7 @@ }; systemProfiles = _load ./sys/profiles; homeProfiles = _load ./home; - vars = haumea.lib.load { - src = ./vars; - inputs.lib = nixpkgs.lib; - transformer = haumea.lib.transformers.liftDefault; - }; + vars = import ./vars; l = nixpkgs.lib; b = builtins; in @@ -112,8 +108,5 @@ own-website.url = "github:xunuwu/xunuwu.xyz"; own-website.inputs.nixpkgs.follows = "nixpkgs"; - - crosshair-overlay.url = "git+https://git.xunuwu.xyz/xun/crosshair-overlay"; - crosshair-overlay.inputs.nixpkgs.follows = "nixpkgs"; }; } diff --git a/hosts/nixdesk/default.nix b/hosts/nixdesk/default.nix index c3e0f4f..751a2c5 100644 --- a/hosts/nixdesk/default.nix +++ b/hosts/nixdesk/default.nix @@ -117,7 +117,6 @@ "rider" "idea-ultimate" "android-studio-stable" - "krunker" "stremio-shell" "stremio-server" diff --git a/hosts/nixdesk/home.nix b/hosts/nixdesk/home.nix index cee21fd..63864d2 100644 --- a/hosts/nixdesk/home.nix +++ b/hosts/nixdesk/home.nix @@ -155,13 +155,7 @@ rpcs3 # ps3 emu prismlauncher inputs.sobercookie.packages.${pkgs.system}.default - krunker - (writeScriptBin "crosshair-overlay" '' - ${lib.getExe bubblewrap} \ - --ro-bind / / \ - --chdir "$XDG_PICTURES_DIR" \ - -- ${inputs.crosshair-overlay.packages.${pkgs.system}.default}/bin/crosshair-overlay $@ - '') + self.packages.${pkgs.system}.krunker ]; home = { diff --git a/hosts/rackserv/profiles/wireguard-server.nix b/hosts/rackserv/profiles/wireguard-server.nix index 38ac252..fc9fd81 100644 --- a/hosts/rackserv/profiles/wireguard-server.nix +++ b/hosts/rackserv/profiles/wireguard-server.nix @@ -1,51 +1,58 @@ { + pkgs, config, lib, - vars, ... -}: let - peers = vars.hosts.rackserv.wireguardPeers; -in { +}: { networking.firewall = let + forwardPorts = { + "10.0.0.2" = + [24001 24002 24003] + |> map (n: { + protocols = ["tcp"]; + port = n; + }); + "10.0.0.3" = + lib.range 23000 23010 + |> map (n: { + protocols = ["tcp" "udp"]; + port = n; + }); + "10.0.0.4" = [ + { + protocols = ["tcp"]; + port = 22000; + } + ]; + }; externalIp = "172.245.52.19"; b = builtins; - isIpv4 = ip: b.match "([0-9]{1,3}\.){3}[0-9]{1,3}" ip != null; - forPortIps = f: - lib.concatStrings ( - b.concatMap ( - peer: - lib.cartesianProduct { - IP = peer.IPs; - port = peer.OpenPorts; - } - |> b.filter (x: isIpv4 x.IP) - |> map f - ) - peers - ); - getPortsWithProtocol = protocol: - b.concatMap (peer: - peer.OpenPorts - |> b.filter (portInfo: portInfo.protocol == protocol) - |> map (portInfo: portInfo.port)) - peers; + portsList = b.attrValues forwardPorts |> b.concatLists; + portsAndIpsList = lib.mapAttrsToList (n: v: map (x: x // {destinationIp = n;}) v) forwardPorts |> b.concatLists; in { - allowedTCPPorts = getPortsWithProtocol "tcp"; - allowedUDPPorts = getPortsWithProtocol "udp"; - extraCommands = forPortIps ({ - IP, - port, - }: '' - iptables -t nat -A PREROUTING -p ${port.protocol} -d ${externalIp} --dport ${toString port.port} -j DNAT --to-destination ${IP} - iptables -t nat -A POSTROUTING -p ${port.protocol} -d ${IP} --dport ${toString port.port} -j SNAT --to-source ${externalIp} - ''); - extraStopCommands = forPortIps ({ - IP, - port, - }: '' - iptables -t nat -D PREROUTING -p ${port.protocol} -d ${externalIp} --dport ${toString port.port} -j DNAT --to-destination ${IP} || true - iptables -t nat -D POSTROUTING -p ${port.protocol} -d ${IP} --dport ${toString port.port} -j SNAT --to-source ${externalIp} || true - ''); + allowedTCPPorts = b.filter (x: b.elem "tcp" x.protocols) portsList |> map (x: x.port); + allowedUDPPorts = [51820] ++ (b.filter (x: b.elem "udp" x.protocols) portsList |> map (x: x.port)); + extraCommands = + portsAndIpsList + |> map (x: + x.protocols + |> map (protocol: '' + iptables -t nat -A PREROUTING -p ${protocol} -d ${externalIp} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp} + iptables -t nat -A POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19 + '')) + |> b.concatLists + |> b.concatStringsSep "\n"; + + extraStopCommands = + portsAndIpsList + |> map (x: + x.protocols + |> map (protocol: '' + iptables -t nat -D PREROUTING -p ${protocol} -d ${externalIp} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp} || true + iptables -t nat -D POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19 + '')) + |> b.concatLists + |> b.concatStringsSep "\n"; interfaces.wg0 = { allowedUDPPorts = [53]; @@ -65,12 +72,23 @@ in { PrivateKeyFile = config.sops.secrets.wireguard-privatekey.path; RouteTable = "main"; }; - wireguardPeers = - map (peer: { - inherit (peer) PublicKey; - AllowedIPs = peer.IPs; - }) - peers; + wireguardPeers = [ + { + # hopper + PublicKey = "P5W5/m9VnWcbdR6e3rs4Yars4Qb2rPjkRmCAbgja4Ug="; + AllowedIPs = ["10.0.0.2" "fd12:1e51:ca23::2"]; + } + { + # nixdesk + PublicKey = "DMauL/fv08yXvVtyStsUfg/OM+ZJwMNvguQ59X/KU2Q="; + AllowedIPs = ["10.0.0.3" "fd12:1e51:ca23::3"]; + } + { + # alka + PublicKey = "Q90dKQtQTu8RLgkPau7/Y5fY3PVstP0bL6ey3zrdS18="; + AllowedIPs = ["10.0.0.4" "fd12:1e51:ca23::3"]; + } + ]; }; }; diff --git a/pkgs/default.nix b/pkgs/default.nix index 6cce354..5c6bfd0 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,6 +1,7 @@ {pkgs, ...}: { packages = { binaryninja-personal = pkgs.qt6Packages.callPackage ./binaryninja-personal {}; + krunker = pkgs.callPackage ./krunker {}; ida-pro = pkgs.callPackage ./ida-pro {}; cartograph-cf = pkgs.callPackage ./cartograph-cf {}; keyboard-state = pkgs.callPackage ./keyboard-state {}; diff --git a/pkgs/krunker/default.nix b/pkgs/krunker/default.nix new file mode 100644 index 0000000..ad7da67 --- /dev/null +++ b/pkgs/krunker/default.nix @@ -0,0 +1,29 @@ +{ + appimageTools, + imagemagick, + fetchurl, +}: let + pname = "krunker"; + version = "1626868370902057"; + src = fetchurl { + url = "https://client2.krunker.io/setup.AppImage"; + sha256 = "sha256-yG8E3a6AaX0TBK23TlBBLmiCfqzS8FldTfl7As4Dcvo="; + }; + appimageContents = appimageTools.extract { + inherit pname src version; + }; +in + appimageTools.wrapType2 { + inherit pname src version; + extraInstallCommands = '' + for i in 16 24 48 64 96 128 256 512; do + mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps + ${imagemagick}/bin/convert -background none -resize ''${i}x ${appimageContents}/io.krunker.desktop.png $out/share/icons/hicolor/''${i}x''${i}/apps/io.krunker.desktop.png + done + + install -m 444 -D ${appimageContents}/io.krunker.desktop.desktop $out/share/applications/krunker.desktop + substituteInPlace $out/share/applications/krunker.desktop \ + --replace 'Exec=AppRun' 'Exec=${pname}' \ + --replace 'Name=Official Krunker.io Client' 'Name=Krunker.io' + ''; + } diff --git a/vars/hosts/rackserv.nix b/vars/hosts/rackserv.nix deleted file mode 100644 index 40f6781..0000000 --- a/vars/hosts/rackserv.nix +++ /dev/null @@ -1,43 +0,0 @@ -{lib, ...}: { - wireguardPeers = [ - { - # hopper - IPs = ["10.0.0.2" "fd12:1e51:ca23::2"]; - PublicKey = ["P5W5/m9VnWcbdR6e3rs4Yars4Qb2rPjkRmCAbgja4Ug="]; - OpenPorts = - [24001 24002 24003] - |> map (port: { - inherit port; - protocol = "tcp"; - }); - } - { - # nixdesk - IPs = ["10.0.0.3" "fd12:1e51:ca23::3"]; - PublicKey = "DMauL/fv08yXvVtyStsUfg/OM+ZJwMNvguQ59X/KU2Q="; - OpenPorts = - lib.range 23000 23010 - |> builtins.concatMap (port: [ - { - inherit port; - protocol = "tcp"; - } - { - inherit port; - protocol = "udp"; - } - ]); - } - { - # alka - IPs = ["10.0.0.4" "fd12:1e51:ca23::3"]; - PublicKey = "Q90dKQtQTu8RLgkPau7/Y5fY3PVstP0bL6ey3zrdS18="; - OpenPorts = [ - { - protocol = "tcp"; - port = 22000; - } - ]; - } - ]; -}