diff --git a/flake.lock b/flake.lock index 2a3297a..f5cc9bc 100644 --- a/flake.lock +++ b/flake.lock @@ -44,16 +44,16 @@ ] }, "locked": { - "lastModified": 1744117652, - "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -158,16 +158,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744309437, - "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index a029f6c..d0929d6 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixos-wsl = { url = "github:nix-community/NixOS-WSL/main"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-generators = { diff --git a/nix/personal/default.nix b/nix/personal/default.nix index c8057f8..0d9afbe 100644 --- a/nix/personal/default.nix +++ b/nix/personal/default.nix @@ -72,6 +72,7 @@ in { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ + "anytype-heart" "vscode" "steam" "steam-run" diff --git a/nix/personal/graphical/default.nix b/nix/personal/graphical/default.nix index 8867bfd..cf24440 100644 --- a/nix/personal/graphical/default.nix +++ b/nix/personal/graphical/default.nix @@ -30,6 +30,6 @@ in { fira-code-nerdfont fira-code-symbols - (nerdfonts.override { fonts = [ "FiraCode" ]; }) + nerd-fonts.fira-code ]; } diff --git a/nix/personal/graphical/messengers.nix b/nix/personal/graphical/messengers.nix index 7f56200..e1a2498 100644 --- a/nix/personal/graphical/messengers.nix +++ b/nix/personal/graphical/messengers.nix @@ -7,22 +7,15 @@ }: let cfg = config.kp2pml30; - signalSuffix = if system == "x86_64-linux" then "amd64" else "arm64"; - discord-version = "0.0.160"; + signal-pkgs = import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/71cbb752aa36854eb4a7deb3685b9789256d643c.tar.gz"; + sha256 = "10dnjv2c28bjgplyj6nbk2q9lng6f95jf75i5yh541zngrr8b2qg"; + }) { + system = pkgs.system; + }; in lib.mkIf cfg.messengers.personal { users.users.${cfg.username}.packages = with pkgs; [ discord telegram-desktop -# (pkgs.callPackage "${pkgs.path}/pkgs/by-name/si/signal-desktop/generic.nix" { } rec { -# pname = "signal-desktop"; -# version = "7.65.0"; -# -# libdir = "opt/Signal"; -# bindir = libdir; -# extractPkg = "dpkg-deb -x $downloadedFile $out"; -# -# url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_${version}_amd64.deb"; -# hash = lib.fakeHash; -# }) - ]; + ] ++ [signal-pkgs.signal-desktop]; } diff --git a/nix/personal/graphical/opera.nix b/nix/personal/graphical/opera.nix index bb26e2f..5c3caa9 100644 --- a/nix/personal/graphical/opera.nix +++ b/nix/personal/graphical/opera.nix @@ -6,14 +6,35 @@ }: let cfg = config.kp2pml30; - version = "122.0.5643.51"; + version = "123.0.5669.23"; + legacy-nixpkgs = import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/refs/tags/24.11.tar.gz"; + sha256 = "1gx0hihb7kcddv5h0k7dysp2xhf1ny0aalxhjbpj2lmvj7h9g80a"; + }) { + system = pkgs.system; + config.allowUnfreePredicate = pkg: + builtins.elem (pkgs.lib.getName pkg) [ + "vscode" + "steam" + "steam-run" + "steam-original" + "steam-unwrapped" + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + "opera" + "discord" + "slack" + "anytype" + ]; + }; in lib.mkIf cfg.opera { home-manager.users.${cfg.username}.home = { - packages = with pkgs; [ + packages = with legacy-nixpkgs; [ ((opera.override { proprietaryCodecs = true; }).overrideAttrs (finalAttrs: previousAttrs: { src = fetchurl { url = "https://get.geo.opera.com/pub/opera/desktop/${version}/linux/opera-stable_${version}_amd64.deb"; - hash = "sha256-l/NG3UEI1MEu7yVte0wkxsMsIhpCsAT7292u/IsqUL0="; + hash = "sha256-j2kHdg8d60S9j3bLychjmH/cRAXHGIjOgGKqmNIhnHU="; }; })) ]; diff --git a/nix/personal/neovim.nix b/nix/personal/neovim.nix index 59839f3..027c1e0 100644 --- a/nix/personal/neovim.nix +++ b/nix/personal/neovim.nix @@ -27,7 +27,9 @@ in nerdtree tokyonight-nvim barbar-nvim - feline-nvim + ((fromGitHub "3587f57480b88e8009df7b36dc84e9c7ff8f2c49" "famiu/feline.nvim").overrideAttrs (old: { + doCheck = false; + })) (fromGitHub "d63c811337b2f75de52f16efee176695f31e7fbc" "timakro/vim-yadi") (fromGitHub "aafa5c187a15701a7299a392b907ec15d9a7075f" "nvim-tree/nvim-web-devicons") ]; diff --git a/nix/server/secrets.nix b/nix/server/secrets.nix index 1a093b9..cf9ad4f 100644 --- a/nix/server/secrets.nix +++ b/nix/server/secrets.nix @@ -26,29 +26,28 @@ let ${pkgs.openssl}/bin/openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -d -k "$KP2_DOTFILES_SECRET_KEY" -in "${./secrets.yaml}" | ${pkgs.yq}/bin/yq '.XRAY_UIDS[]' -r ''; - xray-config-pre = builtins.toFile "xray-pre.json" (builtins.readFile ./xray-pre.json); - xray-config-post = builtins.toFile "xray-post.json" (builtins.readFile ./xray-post.json); + xray-config-base = builtins.toFile "xray.json" (builtins.readFile ./xray.json); # Script to generate complete xray configuration generateXrayConfig = pkgs.writeShellScript "generate-xray-config" '' set -euo pipefail - cat ${xray-config-pre} + ALL_IDS="[" first=true while IFS= read -r uuid; do if [ "$first" = true ]; then first=false else - echo "," + ALL_IDS="$ALL_IDS," fi - echo " {" - echo " \"id\": \"$uuid\"," - echo " \"flow\": \"xtls-rprx-vision\"" - echo " }" + ALL_IDS="$ALL_IDS{\"id\":\"$uuid\",\"flow\": \"xtls-rprx-vision\"}" done < <(${decryptSecrets}) - cat ${xray-config-post} + ALL_IDS="$ALL_IDS]" + + cat "${xray-config-base}" | \ + jq --argjson val "$ALL_IDS" '.inbounds.[0].settings.clients = $val' ''; in { @@ -85,6 +84,8 @@ in { chown xray:xray /run/secrets/xray-config.json chmod 440 /run/secrets/xray-config.json ''; + + path = [ pkgs.jq ]; }; # Ensure secrets directory exists diff --git a/nix/server/stream.nginx b/nix/server/stream.nginx index eeb2a72..dcdcc95 100644 --- a/nix/server/stream.nginx +++ b/nix/server/stream.nginx @@ -12,6 +12,7 @@ map $ssl_preread_server_name $name { updates.signal.org updates; updates2.signal.org updates2; + www.microsoft.com xray-entrypoint; x.kp2pml30.moe xray-entrypoint; pr.kp2pml30.moe signal-proxy; diff --git a/nix/server/xray-client.json b/nix/server/xray-client.json new file mode 100644 index 0000000..a2989e0 --- /dev/null +++ b/nix/server/xray-client.json @@ -0,0 +1,103 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "domain": [ + "regexp:\\.ru$", + "regexp:\\.рф$", + "domain:vk.com" + ], + "outboundTag": "direct" + }, + { + "type": "field", + "domain": [ + "geosite:cn", + "geosite:private" + ], + "outboundTag": "direct" + }, + { + "type": "field", + "ip": [ + "geoip:cn", + "geoip:ru", + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 10808, + "protocol": "socks", + "settings": { + "udp": true + }, + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls" + ] + } + }, + { + "listen": "127.0.0.1", + "port": 10809, + "protocol": "http", + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls" + ] + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "x.kp2pml30.moe", + "port": 443, + "users": [ + { + "id": "", + "encryption": "none", + "flow": "xtls-rprx-vision" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "", + "allowInsecure": false, + "fingerprint": "chrome" + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/nix/server/xray-pre.json b/nix/server/xray-pre.json deleted file mode 100644 index 572d18b..0000000 --- a/nix/server/xray-pre.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "log": { - "loglevel": "warning" - }, - "routing": { - "domainStrategy": "IPIfNonMatch", - "rules": [ - { - "type": "field", - "ip": [ - "geoip:cn" - ], - "outboundTag": "block" - } - ] - }, - "inbounds": [ - { - "listen": "127.0.0.1", - "port": 8010, - "protocol": "vless", - "settings": { - "clients": [ diff --git a/nix/server/xray-reality-client.json b/nix/server/xray-reality-client.json new file mode 100644 index 0000000..4916a85 --- /dev/null +++ b/nix/server/xray-reality-client.json @@ -0,0 +1,81 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 1080, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + }, + { + "port": 1081, + "listen": "127.0.0.1", + "protocol": "http" + } + ], + "outbounds": [ + { + "tag": "proxy", + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "x.kp2pml30.moe", + "port": 443, + "users": [ + { + "id": "YOUR-UUID-HERE", + "encryption": "none", + "flow": "xtls-rprx-vision" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "reality", + "realitySettings": { + "show": false, + "fingerprint": "chrome", + "serverName": "www.microsoft.com", + "publicKey": "dRvlorHTupOukJ7aFZNPx-wXUMYJt3GQNrtSjMm9lAg", + "shortId": "deadbabe", + "spiderX": "/" + } + } + }, + { + "tag": "direct", + "protocol": "freedom" + }, + { + "tag": "block", + "protocol": "blackhole" + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "domain": [ + "regexp:\\.ru$", + "geosite:category-ru", + "regexp:\\.рф$", + "regexp:(^|\\.)vk\\.com$" + ], + "outboundTag": "block" + }, + { + "type": "field", + "network": "tcp,udp", + "outboundTag": "proxy" + } + ] + } +} diff --git a/nix/server/xray-reality.json b/nix/server/xray-reality.json new file mode 100644 index 0000000..4787277 --- /dev/null +++ b/nix/server/xray-reality.json @@ -0,0 +1,90 @@ +{ + "log": { + "loglevel": "debug" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "domain": [ + "regexp:\\.ru$", + "regexp:\\.рф$", + "domain:vk.com" + ], + "outboundTag": "block" + }, + { + "type": "field", + "ip": [ + "geoip:cn", + "geoip:ru" + ], + "outboundTag": "block" + }, + { + "type": "field", + "network": "tcp,udp", + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 8010, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "YOUR-UUID-HERE", + "flow": "xtls-rprx-vision" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "tcp", + "security": "reality", + "realitySettings": { + "show": true, + "dest": "www.microsoft.com:443", + "xver": 0, + "serverNames": [ + "www.microsoft.com" + ], + "privateKey": "", + "shortIds": [ + "deadbabe" + ], + "debug": true + } + }, + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls" + ] + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ], + "policy": { + "levels": { + "0": { + "handshake": 3, + "connIdle": 127 + } + } + } +} diff --git a/nix/server/xray-post.json b/nix/server/xray.json similarity index 64% rename from nix/server/xray-post.json rename to nix/server/xray.json index dbc38ef..24fe990 100644 --- a/nix/server/xray-post.json +++ b/nix/server/xray.json @@ -1,3 +1,36 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "domain": [ + "regexp:\\.ru$", + "regexp:\\.рф$", + "domain:vk.com" + ], + "outboundTag": "block" + }, + { + "type": "field", + "ip": [ + "geoip:cn", + "geoip:ru" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 8010, + "protocol": "vless", + "settings": { + "clients": [ ], "decryption": "none", "fallbacks": [