calcite,dolomite: minor fixes

This commit is contained in:
xinyangli 2024-11-20 10:28:31 +08:00
parent 1b513bd869
commit 6d5436bbaa
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
8 changed files with 282 additions and 37 deletions

12
flake.lock generated
View file

@ -513,11 +513,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731815985,
"narHash": "sha256-PgX3UFz1YESfEeGmp2HYYBc/3Vp59bPbBLtNN4VMIgI=",
"lastModified": 1731819057,
"narHash": "sha256-nfqKsQhFCakM+eIKGf/JWu/g56rOPoGny10EZN8q7R0=",
"owner": "xinyangli",
"repo": "nixpkgs",
"rev": "5ddf4ef59567ff1e43adacde9f677f2cbd958287",
"rev": "b2644ed7258502987ad4a70cf8959bf5a26ce26d",
"type": "github"
},
"original": {
@ -555,11 +555,11 @@
},
"nur": {
"locked": {
"lastModified": 1731815686,
"narHash": "sha256-6HPZVrwQOZzeaW5QseyXnghK76a3aDnRoQf+L+cpNms=",
"lastModified": 1731819675,
"narHash": "sha256-GGp/rEfxRdi1BD9TlHoXxp2g9IuKDp0Jk7wYh1LacP8=",
"owner": "nix-community",
"repo": "NUR",
"rev": "4cde5b2ea07d8c05570d7305738a9870b1a14700",
"rev": "59740d792bea5caa547c9bc7ce366802ecfafb7f",
"type": "github"
},
"original": {

View file

@ -38,6 +38,8 @@ in
remmina
qq
wechat-uos
wpsoffice
ttf-wps-fonts
];
# Theme

View file

@ -16,6 +16,7 @@ in
];
commonSettings = {
auth.enable = true;
nix = {
enableMirrors = true;
signing.enable = true;
@ -114,13 +115,15 @@ in
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
pkgs.xdg-desktop-portal-gtk
];
configPackages = [ pkgs.niri ];
};
systemd.user.services.xdg-desktop-portal-gtk.after = [ "graphical-session.target" ];
systemd.user.services.xdg-desktop-portal-gnome.after = [ "graphical-session.target" ];
systemd.user.services.xdg-desktop-portal-gnome.wantedBy = [ "graphical-session.target" ];
services.greetd =
let
@ -281,7 +284,6 @@ in
# Writting
zotero
# onlyoffice-bin
wpsoffice
config.nur.repos.linyinfeng.wemeet

View file

@ -58,31 +58,8 @@ in
exporters.blackbox.enable = true;
};
custom.kanidm-client = {
enable = true;
uri = "https://auth.xinyang.life/";
asSSHAuth = {
enable = true;
allowedGroups = [ "linux_users" ];
};
sudoers = [ "xin@auth.xinyang.life" ];
};
services.openssh = {
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkForce "no";
GSSAPIAuthentication = "no";
KerberosAuthentication = "no";
};
};
services.fail2ban.enable = true;
programs.mosh.enable = true;
security.sudo = {
execWheelOnly = true;
wheelNeedsPassword = false;
custom.commonSettings = {
auth.enable = true;
};
services.sing-box =

View file

@ -84,8 +84,12 @@ in
enable = true;
timeouts = [
{
timeout = 900;
command = "/run/current-system/systemd/bin/systemctl suspend";
timeout = 600;
command = ''[ "$(${pkgs.tlp}/bin/tlp-stat -m)" == "battery" ] && /run/current-system/systemd/bin/systemctl suspend'';
}
{
timeout = 1200;
command = ''${getExe pkgs.niri} msg action power-off-monitors'';
}
];
events = [

View file

@ -0,0 +1,96 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.xdg.autoStart;
inherit (lib) hm types;
in
{
options.xdg.autoStart = {
packages = lib.mkOption {
description = ''
List of packages which should be autostarted.
This module tries to select the packages default desktop file,
which is either described by its .desktopItem attribute
or by its first entry of its .desktopItems attribute.
Users who want to specifically select a certain desktop file
or who want to write their own
can make use of the {option}`xdg.autoStart.desktopItems` option.
'';
type = types.listOf types.package;
default = [ ];
example = lib.literalExpression ''
with pkgs; [
pkgs.trilium-desktop
]
'';
};
desktopItems = lib.mkOption {
description = ''
List of desktop files which should be autostarted.
Users should prefer to use {option}`xdg.autoStart.packages`
and only use this option in case
they want to specifically
select a packages desktop item
or want to create their own desktop item.
Be warned, this may shadow entries of {option}`xdg.autoStart.packages`.
'';
type = types.attrsOf (types.unspecified); # TODO replace unspecified
default = { };
# TODO improve example, take one where it would make sense to use this option
example = lib.literalExpression ''
{
discord = pkgs.discord.desktopItem
firefox-custom = makeDesktopItem {
exec = "firefox -P custom";
};
}
'';
};
};
config =
let
# helpers
retrieveDesktopItem = (
pkg:
if pkg ? desktopItem then
pkg.desktopItem
else if pkg ? desktopItems && pkg.desktopItems != [ ] then
builtins.head pkg.desktopItems
else
abort "package '${pkg.pname}' is missing a desktop file"
);
emulateDesktopItem = (pkg: lib.nameValuePair pkg.pname (retrieveDesktopItem pkg));
embedDesktopItem = (
name: deskItem:
lib.nameValuePair "autostart/${name}.desktop" {
source = "${deskItem}/share/applications/${deskItem.name}";
}
);
# parse opts
desktopItemsPackages = builtins.listToAttrs (map emulateDesktopItem cfg.packages);
desktopItems = desktopItemsPackages // cfg.desktopItems;
in
{
assertions = [
(hm.assertions.assertPlatform "xdg.autoStart" pkgs lib.platforms.linux)
];
xdg.configFile = lib.attrsets.mapAttrs' embedDesktopItem desktopItems;
};
}

View file

@ -26,10 +26,9 @@ in
bind "Ctrl l" { MoveFocusOrTab "Right"; }
bind "Ctrl j" { MoveFocus "Down"; }
bind "Ctrl k" { MoveFocus "Up"; }
unbind "Alt h" "Alt l" "Alt j" "Alt k"
unbind "Alt h" "Alt l" "Alt j" "Alt k" "Alt f"
}
unbind "Ctrl p" "Ctrl n"
unbind "Alt f"
}
'';
};

View file

@ -0,0 +1,165 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.commonSettings.proxyServer;
singTls = {
enabled = true;
server_name = config.deployment.targetHost;
key_path = config.security.acme.certs.${config.deployment.targetHost}.directory + "/key.pem";
certificate_path =
config.security.acme.certs.${config.deployment.targetHost}.directory + "/cert.pem";
};
mkSingConfig =
{ uuid, password, ... }:
{
inbounds =
[
{
tag = "sg0";
type = "trojan";
listen = "::";
listen_port = 8080;
users = [
{
name = "proxy";
password = password;
}
];
tls = singTls;
}
]
++ lib.forEach (lib.range 6311 6314) (port: {
tag = "sg" + toString (port - 6310);
type = "tuic";
listen = "::";
listen_port = port;
congestion_control = "bbr";
users = [
{
name = "proxy";
uuid = uuid;
password = password;
}
];
tls = singTls;
});
outbounds = [
{
type = "wireguard";
tag = "wg-out";
private_key = {
_secret = config.sops.secrets.wg_private_key.path;
};
local_address = [
"172.16.0.2/32"
{ _secret = config.sops.secrets.wg_ipv6_local_addr.path; }
];
peers = [
{
public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=";
allowed_ips = [
"0.0.0.0/0"
"::/0"
];
server = "162.159.192.1";
server_port = 500;
}
];
}
{
type = "direct";
tag = "direct";
}
];
route = {
rules = [
{
inbound = "sg0";
outbound = "direct";
}
{
inbound = "sg4";
outbound = "direct";
}
];
};
};
in
{
options.commonSettings.proxyServer = {
enable = mkEnableOption "sing-box as a server";
uuidFile = mkOption {
type = types.path;
};
passwordFile = mkOption {
type = types.path;
};
};
config = mkIf cfg.enable {
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
networking.firewall.trustedInterfaces = [ "tun0" ];
sops = {
secrets = {
wg_private_key = {
owner = "root";
sopsFile = ./secrets + "/${config.networking.hostName}.yaml";
};
wg_ipv6_local_addr = {
owner = "root";
sopsFile = ./secrets + "/${config.networking.hostName}.yaml";
};
};
};
security.acme = {
acceptTerms = true;
certs.${config.deployment.targetHost} = {
email = "me@namely.icu";
# Avoid port conflict
listenHTTP = if config.services.caddy.enable then ":30310" else ":80";
};
};
services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = ''
reverse_proxy 127.0.0.1:30310
'';
networking.firewall.allowedTCPPorts = [
80
8080
];
networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314);
custom.prometheus = {
enable = true;
exporters.blackbox.enable = true;
};
services.sing-box = {
enable = true;
settings = mkSingConfig {
uuid = cfg.uuidFile;
password = cfg.passwordFile;
};
};
};
}