diff --git a/config/common/default.nix b/config/common/default.nix index 8b00d296..ccef5818 100644 --- a/config/common/default.nix +++ b/config/common/default.nix @@ -15,6 +15,7 @@ in { "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixpkgs-unstable=${sources.nixpkgs-unstable}" "nixpkgs-mozilla=${sources.nixpkgs-mozilla}" + "NUR=${sources.NUR}" "arc=${sources.arc-nixexprs}" ]; gc.automatic = lib.mkDefault true; diff --git a/config/hosts/athame/bitwarden.nix b/config/hosts/athame/bitwarden.nix index fa3ec585..eaaa2017 100644 --- a/config/hosts/athame/bitwarden.nix +++ b/config/hosts/athame/bitwarden.nix @@ -12,4 +12,14 @@ in { domain = "https://vault.kittywit.ch"; }; }; + + services.nginx.virtualHosts."vault.kittywit.ch" = { + enableACME = true; + forceSSL = true; + locations = { + "/".proxyPass = "http://127.0.0.1:4000"; + "/notifications/hub".proxyPass = "http://127.0.0.1:3012"; + "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; + }; + }; } diff --git a/config/hosts/athame/fail2ban.nix b/config/hosts/athame/fail2ban.nix index b7834f76..f7f44c7c 100644 --- a/config/hosts/athame/fail2ban.nix +++ b/config/hosts/athame/fail2ban.nix @@ -5,7 +5,7 @@ enable = true; jails = { DEFAULT = '' - bantime = 3600 + bantime = 1d blocktype = DROP logpath = /var/log/auth.log ''; @@ -80,5 +80,5 @@ ''; }; - systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; + systemd.services.fail2ban.serviceConfig.LimitSTACK = 128 * 1024; } diff --git a/config/hosts/athame/gitea.nix b/config/hosts/athame/gitea.nix index f72dc462..47660590 100644 --- a/config/hosts/athame/gitea.nix +++ b/config/hosts/athame/gitea.nix @@ -7,4 +7,10 @@ domain = "git.kittywit.ch"; rootUrl = "https://git.kittywit.ch"; }; + + services.nginx.virtualHosts."git.kittywit.ch" = { + enableACME = true; + forceSSL = true; + locations = { "/".proxyPass = "http://127.0.0.1:3000"; }; + }; } diff --git a/config/hosts/athame/matrix.nix b/config/hosts/athame/matrix.nix index d2bad84d..70e9ac95 100644 --- a/config/hosts/athame/matrix.nix +++ b/config/hosts/athame/matrix.nix @@ -27,6 +27,7 @@ in { }]; }]; }; + services.mautrix-telegram = { enable = true; settings = { @@ -50,6 +51,7 @@ in { }; environmentFile = "/etc/secrets/mautrix-telegram.env"; }; + systemd.services.mx-puppet-discord = { serviceConfig = { Type = "simple"; @@ -71,6 +73,7 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; }; + systemd.services.mautrix-whatsapp = { serviceConfig = { Type = "simple"; @@ -92,4 +95,26 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; }; + + services.nginx.virtualHosts."kittywit.ch" = { + locations = { + "/_matrix" = { proxyPass = "http://[::1]:8008"; }; + "= /.well-known/matrix/server".extraConfig = + let server = { "m.server" = "kittywit.ch:443"; }; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + "= /.well-known/matrix/client".extraConfig = let + client = { + "m.homeserver" = { "base_url" = "https://kittywit.ch"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; + in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + }; + }; } diff --git a/config/hosts/athame/syncserver.nix b/config/hosts/athame/syncserver.nix new file mode 100644 index 00000000..d4647110 --- /dev/null +++ b/config/hosts/athame/syncserver.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + services.firefox.syncserver = { + enable = true; + listen.port = 5001; + allowNewUsers = false; + publicUrl = "https://sync.kittywit.ch"; + }; + + services.nginx.virtualHosts."sync.kittywit.ch" = { + enableACME = true; + forceSSL = true; + locations = { "/".proxyPass = "http://127.0.0.1:5001"; }; + }; +} diff --git a/config/hosts/athame/virtualhosts.nix b/config/hosts/athame/virtualhosts.nix index 339aa8d9..8a6cdf39 100644 --- a/config/hosts/athame/virtualhosts.nix +++ b/config/hosts/athame/virtualhosts.nix @@ -8,50 +8,7 @@ let secrets = (import ../../../secrets.nix); in { services.nginx.virtualHosts = { - "kittywit.ch" = { - root = "/var/www/kittywitch"; - locations = { - "/_matrix" = { proxyPass = "http://[::1]:8008"; }; - "= /.well-known/matrix/server".extraConfig = - let server = { "m.server" = "kittywit.ch:443"; }; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - "= /.well-known/matrix/client".extraConfig = let - client = { - "m.homeserver" = { "base_url" = "https://kittywit.ch"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - }; - } // common; + "kittywit.ch" = { root = "/var/www/kittywitch"; } // common; "athame.kittywit.ch" = { root = "/var/www/athame"; } // common; - "vault.kittywit.ch" = { - locations = { - "/".proxyPass = "http://127.0.0.1:4000"; - "/notifications/hub".proxyPass = "http://127.0.0.1:3012"; - "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; - }; - } // common; - "git.kittywit.ch" = { - locations = { "/".proxyPass = "http://127.0.0.1:3000"; }; - } // common; - "znc.kittywit.ch" = { - locations = { "/".proxyPass = "http://127.0.0.1:5000"; }; - } // common; - "irc.kittywit.ch" = { - locations = { - "/" = { root = pkgs.glowing-bear; }; - "^~ /weechat" = { - proxyPass = "http://127.0.0.1:9000"; - proxyWebsockets = true; - }; - }; - } // common; } // secrets.virtualHosts.athame; } diff --git a/config/hosts/athame/weechat.nix b/config/hosts/athame/weechat.nix index 8217d23e..b37f7861 100644 --- a/config/hosts/athame/weechat.nix +++ b/config/hosts/athame/weechat.nix @@ -24,4 +24,16 @@ in { multiuser on acladd kat ''; + + services.nginx.virtualHosts."irc.kittywit.ch" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { root = pkgs.glowing-bear; }; + "^~ /weechat" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; + }; + }; + }; } diff --git a/config/hosts/athame/znc.nix b/config/hosts/athame/znc.nix index ad0612de..39b10ec7 100644 --- a/config/hosts/athame/znc.nix +++ b/config/hosts/athame/znc.nix @@ -17,4 +17,10 @@ in { User = secrets.hosts.athame.znc; }; }; + + services.nginx.virtualHosts."znc.kittywit.ch" = { + enableACME = true; + forceSSL = true; + locations = { "/".proxyPass = "http://127.0.0.1:5000"; }; + }; } diff --git a/config/hosts/samhain/configuration.nix b/config/hosts/samhain/configuration.nix index 9affbfa1..20c695a3 100644 --- a/config/hosts/samhain/configuration.nix +++ b/config/hosts/samhain/configuration.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: -{ +let sources = (import ../../../nix/sources.nix); +in { imports = [ ../../services/zfs.nix ./hardware.nix @@ -51,14 +52,6 @@ modprobe -i vfio-pci ''; - # the nur is used for arc's packages, so we include it here - nixpkgs.config.packageOverrides = pkgs: { - nur = import (builtins.fetchTarball - "https://github.com/nix-community/NUR/archive/master.tar.gz") { - inherit pkgs; - }; - }; - # rules are for: # * monitor ddc/ci # * input for qemu @@ -73,7 +66,7 @@ environment.systemPackages = [ # pkgs.nur.repos.arc.packages.screenstub # for DDC/CI and input forwarding (currently disabled due to using changed source) - pkgs.nur.repos.arc.packages.scream-arc # for audio forwarding + pkgs.arc.pkgs.scream-arc # for audio forwarding pkgs.ddcutil # for diagnostics on DDC/CI pkgs.virt-manager # obvious reasons pkgs.cachix # arc caching @@ -92,8 +85,7 @@ wantedBy = [ "multi-user.target" ]; description = "Scream - Audio forwarding from the VM."; serviceConfig = { - ExecStart = - "${pkgs.nur.repos.arc.packages.scream-arc}/bin/scream -i virbr0 -o pulse"; + ExecStart = "${pkgs.arc.pkgs.scream-arc}/bin/scream -i virbr0 -o pulse"; Restart = "always"; }; }; diff --git a/config/users/kat/default.nix b/config/users/kat/default.nix index e26f5781..4074b5f8 100644 --- a/config/users/kat/default.nix +++ b/config/users/kat/default.nix @@ -6,7 +6,6 @@ ./gaming.nix ./network.nix ./sway.nix - ./waybar.nix ./kitty.nix ./emacs.nix ]; diff --git a/config/users/kat/desktop.nix b/config/users/kat/desktop.nix index f786af34..fbc18e74 100644 --- a/config/users/kat/desktop.nix +++ b/config/users/kat/desktop.nix @@ -3,9 +3,11 @@ let sources = import ../../../nix/sources.nix; unstable = import sources.nixpkgs-unstable { inherit (pkgs) config; }; + nur = import sources.NUR; in { - config = lib.mkIf (lib.elem "desktop" config.meta.deploy.profiles) { + imports = [ ./firefox ]; + config = lib.mkIf (lib.elem "desktop" config.meta.deploy.profiles) { nixpkgs.config = { mumble.speechdSupport = true; pulseaudio = true; @@ -16,6 +18,17 @@ in { programs.light.enable = true; services.tumbler.enable = true; + xdg = { + portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + gtkUsePortal = true; + }; + }; + users.users.kat = { packages = with pkgs; [ _1password @@ -67,6 +80,11 @@ in { }; home-manager.users.kat = { + home.sessionVariables = { + MOZ_ENABLE_WAYLAND = 1; + XDG_CURRENT_DESKTOP = "sway"; + XDG_SESSION_TYPE = "wayland"; + }; home.file.".gnupg/gpg-agent.conf".text = '' enable-ssh-support @@ -75,8 +93,6 @@ in { services.nextcloud-client.enable = true; - programs.firefox = { enable = true; }; - services.kdeconnect = { enable = true; indicator = true; diff --git a/config/users/kat/firefox/default.nix b/config/users/kat/firefox/default.nix new file mode 100644 index 00000000..3d74934a --- /dev/null +++ b/config/users/kat/firefox/default.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + sources = import ../../../../nix/sources.nix; + unstable = import sources.nixpkgs-unstable { inherit (pkgs) config; }; + nur = import sources.NUR { inherit pkgs; }; + commonSettings = { + "app.update.auto" = false; + "identity.fxaccounts.account.device.name" = config.networking.hostName; + "signon.rememberSignons" = false; + "browser.urlbar.placeholderName" = "DuckDuckGo"; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "identity.sync.tokenserver.uri" = + "https://sync.kittywit.ch/token/1.0/sync/1.5"; + }; +in { + home-manager.users.kat = { + programs.fish.shellAliases = { + ff-pm = "firefox --ProfileManager"; + ff-main = "firefox -P main"; + ff-work = "firefox -P work"; + ff-lewd = "firefox -P lewd"; + }; + + programs.firefox = { + enable = true; + extensions = with nur.repos.rycee.firefox-addons; [ + auto-tab-discard + bitwarden + darkreader + decentraleyes + foxyproxy-standard + google-search-link-fix + https-everywhere + #old-reddit-redirect # made unnecessary due to tridactylrc + privacy-badger + reddit-enhancement-suite + refined-github + stylus + terms-of-service-didnt-read + tabcenter-reborn + tridactyl + ublock-origin + violentmonkey + ]; + profiles = { + main = { + id = 0; + isDefault = true; + settings = commonSettings // { + + }; + userChrome = import ./userChrome.css.nix { profile = "main"; }; + }; + work = { + id = 1; + settings = commonSettings // { + + }; + userChrome = import ./userChrome.css.nix { profile = "work"; }; + }; + lewd = { + id = 2; + settings = commonSettings // { + + }; + userChrome = import ./userChrome.css.nix { profile = "lewd"; }; + }; + }; + package = + pkgs.wrapFirefox pkgs.firefox-unwrapped { forceWayland = true; }; + }; + + home.file.".config/tridactyl/tridactylrc".source = ./tridactylrc; + }; +} diff --git a/config/users/kat/firefox/tridactylrc b/config/users/kat/firefox/tridactylrc new file mode 100644 index 00000000..a19d1212 --- /dev/null +++ b/config/users/kat/firefox/tridactylrc @@ -0,0 +1,151 @@ +" bovine3dom's dogfood + +" WARNING: This file defines and runs a command called fixamo_quiet. If you +" also have a malicious addon that operates on `` installed this +" will allow it to steal your firefox account credentials! +" +" With those credentials, an attacker can read anything in your sync account, +" publish addons to the AMO, etc, etc. +" +" Without this command a malicious addon can steal credentials from any site +" that you visit that is not in the restrictedDomains list. +" +" You should comment out the fixamo lines unless you are entirely sure that +" they are what you want. +" +" The advantage of running the command is that you can use the tridactyl +" interface on addons.mozilla.org and other restricted sites. + +" Provided only as an example. +" Do not install/run without reading through as you may be surprised by some +" of the settings. + +" May require the latest beta builds. + +" Move this to $XDG_CONFIG_DIR/tridactyl/tridactylrc (that's +" ~/.config/tridactyl/tridactylrc to mere mortals) or ~/.tridactylrc and +" install the native messenger (:installnative in Tridactyl). Run :source to +" get it in the browser, or just restart. + + +" +" Binds +" + +" Comment toggler for Reddit, Hacker News and Lobste.rs +bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"] + +" GitHub pull request checkout command to clipboard (only works if you're a collaborator or above) +bind yp composite js document.getElementById("clone-help-step-1").textContent.replace("git checkout -b", "git checkout -B").replace("git pull ", "git fetch ") + "git reset --hard " + document.getElementById("clone-help-step-1").textContent.split(" ")[3].replace("-","/") | yank + +" Git{Hub,Lab} git clone via SSH yank +bind yg composite js "git clone " + document.location.href.replace(/https?:\/\//,"git@").replace("/",":").replace(/$/,".git") | clipboard yank + +" As above but execute it and open terminal in folder +bind ,g js let uri = document.location.href.replace(/https?:\/\//,"git@").replace("/",":").replace(/$/,".git"); tri.native.run("cd ~/projects; git clone " + uri + "; cd \"$(basename \"" + uri + "\" .git)\"; st") + + +" make d take you to the tab you were just on (I find it much less confusing) +bind d composite tab #; tabclose # +bind D tabclose + +" I like wikiwand but I don't like the way it changes URLs +bindurl wikiwand.com yy composite js document.location.href.replace("wikiwand.com/en","wikipedia.org/wiki") | clipboard yank + +" Make gu take you back to subreddit from comments +bindurl reddit.com gu urlparent 4 + +" Only hint search results on Google and DDG +bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a +bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a + + +bindurl ^https://duckduckgo.com f hint -Jc [class=result__a] +bindurl ^https://duckduckgo.com F hint -Jbc [class=result__a] + +" Allow Ctrl-a to select all in the commandline +unbind --mode=ex + +" Allow Ctrl-c to copy in the commandline +unbind --mode=ex + +" Handy multiwindow/multitasking binds +bind gd tabdetach +bind gD composite tabduplicate; tabdetach + +" Make yy use canonical / short links on the 5 websites that support them +bind yy clipboard yankcanon + +" Stupid workaround to let hint -; be used with composite which steals semi-colons +command hint_focus hint -; + +" Open right click menu on links +bind ;C composite hint_focus; !s xdotool key Menu + +" +" Misc settings +" + +" set editorcmd to suckless terminal, or use the defaults on other platforms +js tri.browserBg.runtime.getPlatformInfo().then(os=>{const editorcmd = os.os=="linux" ? "st vim" : "auto"; tri.config.set("editorcmd", editorcmd)}) + +" set profile dir on Windows +jsb browser.runtime.getPlatformInfo().then(os=>{const profiledir = os.os=="win" ? "C:\\Users\\olie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gwm76nmk.default" : "auto"; tri.config.set("profiledir", profiledir)}) + +" Sane hinting mode +set hintfiltermode vimperator-reflow +set hintnames numeric + +" Defaults to 300ms but I'm a 'move fast and close the wrong tabs' kinda chap +set hintdelay 100 + +" Add helper commands that Mozillians think make Firefox irredeemably +" insecure. For details, read the comment at the top of this file. +command fixamo_quiet jsb tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""')) +command fixamo js tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""').then(tri.excmds.fillcmdline_tmp(3000, "Permissions added to user.js. Please restart Firefox to make them take affect."))) + +" Make Tridactyl work on more sites at the expense of some security. For +" details, read the comment at the top of this file. +fixamo_quiet + +" Equivalent to `set csp clobber` before it was removed. This weakens your +" defences against cross-site-scripting attacks and other types of +" code-injection by reducing the strictness of Content Security Policy on +" every site in a couple of ways. +" +" You may not wish to run this. Mozilla strongly feels that you shouldn't. +" +" It allows Tridactyl to function on more pages, e.g. raw GitHub pages. +" +" We remove the sandbox directive +" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox +" which allows our iframe to run (and anyone else's) on any website. +" +" We weaken the style-src directive +" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src +" to allow us to theme our elements. This exposes you to 'cross site styling' +" attacks. +" +" Read https://wiki.mozilla.org/Security/CSP#Goals for more information. +jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:[""],types:["main_frame"]},["blocking","responseHeaders"]) + +" Make quickmarks for the sane Tridactyl issue view +quickmark t https://github.com/tridactyl/tridactyl/issues?utf8=%E2%9C%93&q=sort%3Aupdated-desc+ + +" Inject Google Translate +" This (clearly) is remotely hosted code. Google will be sent the whole +" contents of the page you are on if you run `:translate` +" From https://github.com/jeremiahlee/page-translator +command translate js let googleTranslateCallback = document.createElement('script'); googleTranslateCallback.innerHTML = "function googleTranslateElementInit(){ new google.translate.TranslateElement(); }"; document.body.insertBefore(googleTranslateCallback, document.body.firstChild); let googleTranslateScript = document.createElement('script'); googleTranslateScript.charset="UTF-8"; googleTranslateScript.src = "https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&tl=&sl=&hl="; document.body.insertBefore(googleTranslateScript, document.body.firstChild); + +" +" URL redirects +" + +" New reddit is bad +autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") +" Mosquito nets won't make themselves +autocmd DocStart ^http(s?)://www.amazon.co.uk js tri.excmds.urlmodify("-t", "www", "smile") + +" For syntax highlighting see https://github.com/tridactyl/vim-tridactyl +" vim: set filetype=tridactyl diff --git a/config/users/kat/firefox/userChrome.css.nix b/config/users/kat/firefox/userChrome.css.nix new file mode 100644 index 00000000..dd655c94 --- /dev/null +++ b/config/users/kat/firefox/userChrome.css.nix @@ -0,0 +1,15 @@ +{ profile }: + +'' + #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar > .toolbar-items { + opacity: 0; + pointer-events: none; + } + #main-window:not([tabsintitlebar="true"]) #TabsToolbar { + visibility: collapse !important; + } + + #sidebar-box[sidebarcommand="tabcenter-reborn_ariasuni-sidebar-action"] #sidebar-header { + visibility: collapse; + } +'' diff --git a/config/users/kat/sway.nix b/config/users/kat/sway.nix index f0c80756..f2786682 100644 --- a/config/users/kat/sway.nix +++ b/config/users/kat/sway.nix @@ -4,7 +4,10 @@ let style = import ./style.nix; secrets = import ../../../secrets.nix; in { + imports = [ ./waybar ]; + config = lib.mkIf (lib.elem "sway" config.meta.deploy.profiles) { + fonts.fonts = with pkgs; [ font-awesome nerdfonts diff --git a/config/users/kat/waybar.nix b/config/users/kat/waybar/default.nix similarity index 91% rename from config/users/kat/waybar.nix rename to config/users/kat/waybar/default.nix index e923706d..ee01af5c 100644 --- a/config/users/kat/waybar.nix +++ b/config/users/kat/waybar/default.nix @@ -1,10 +1,9 @@ { config, lib, pkgs, ... }: let - style = import ./style.nix; - secrets = import ../../../secrets.nix; + style = import ../style.nix; + secrets = import ../../../../secrets.nix; in { - config = lib.mkIf (lib.elem "sway" config.meta.deploy.profiles) { home-manager.users.kat = { programs.waybar = { enable = true; @@ -32,9 +31,9 @@ in { interval = 3600; on-click = "xdg-open 'https://google.com/search?q=weather'"; exec = "nix-shell --command 'python ${ - ../../../scripts/weather.py + ../../../../scripts/weather.py } ${secrets.profiles.sway.city} ${secrets.profiles.sway.api_key}' ${ - ../../../scripts/weather.nix + ../../../../scripts/weather.nix }"; }; cpu = { format = " {usage}%"; }; @@ -77,5 +76,4 @@ in { }]; }; }; - }; } diff --git a/config/users/kat/waybar.css.nix b/config/users/kat/waybar/waybar.css.nix similarity index 100% rename from config/users/kat/waybar.css.nix rename to config/users/kat/waybar/waybar.css.nix diff --git a/nix/sources.json b/nix/sources.json index f6c533d3..0f9dbf09 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -1,4 +1,16 @@ { + "NUR": { + "branch": "master", + "description": "Nix User Repository: User contributed nix packages [maintainer=@Mic92]", + "homepage": "https://nur.nix-community.org/", + "owner": "nix-community", + "repo": "NUR", + "rev": "edff1588e7923d718bd0bc739f5fb1a48e28ec0a", + "sha256": "1fip7mrz60rm488d0fxrhx6hih5g6ar00id9xgs0hcrx9hv0jd4x", + "type": "tarball", + "url": "https://github.com/nix-community/NUR/archive/edff1588e7923d718bd0bc739f5fb1a48e28ec0a.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, "arc-nixexprs": { "branch": "master", "description": "nix stuff", diff --git a/nyx b/nyx new file mode 100755 index 00000000..1fe45b11 --- /dev/null +++ b/nyx @@ -0,0 +1,33 @@ + +#!/usr/bin/env bash +set -eu + +usage() { + echo example: $0 build samhain boot +} + +build() { + HOST=$1 + if [ $# -gt 2 ]; then + METHOD=$2 + else + METHOD="switch" + fi + + nix build -f . deploy.$HOST && ./result $METHOD +} + +main() { + if [ $# -lt 2 ]; then + usage + else + CMD=$1 + shift + + if [[ $CMD == "build" ]]; then + build "$@" + fi + fi +} + +main "$@" \ No newline at end of file diff --git a/pkgs/default.nix b/pkgs/default.nix index d6f4e8d1..f9ef3d49 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -15,6 +15,8 @@ let arc = import sources.arc-nixexprs { inherit pkgs; }; + nur = import sources.NUR { inherit pkgs; }; + linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: { vendor-reset =