kp2pml30/dotfiles
1
0
Fork 0
mirror of https://github.com/kp2pml30/dotfiles.git synced 2026-02-16 23:34:42 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions

upd

Browse source
This commit is contained in:
kp2pml30 2025-11-13 21:04:21 +09:00
parent c2106ca1a6
commit 68a4779107
Signed by: kp2pml30
GPG key ID: CD6528BAC23E3E34
14 changed files with 364 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

16
flake.lock generated
View file

@ -44,16 +44,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744117652, "lastModified": 1758463745,
"narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11", "ref": "release-25.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -158,16 +158,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1744309437, "lastModified": 1761999846,
"narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

4
flake.nix
View file

@ -1,12 +1,12 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixos-wsl = { nixos-wsl = {
url = "github:nix-community/NixOS-WSL/main"; url = "github:nix-community/NixOS-WSL/main";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.11"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-generators = { nixos-generators = {

1
nix/personal/default.nix
View file

@ -72,6 +72,7 @@ in {
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (pkgs.lib.getName pkg) [ builtins.elem (pkgs.lib.getName pkg) [
"anytype-heart"
"vscode" "vscode"
"steam" "steam"
"steam-run" "steam-run"

2
nix/personal/graphical/default.nix
View file

@ -30,6 +30,6 @@ in {
fira-code-nerdfont fira-code-nerdfont
fira-code-symbols fira-code-symbols
(nerdfonts.override { fonts = [ "FiraCode" ]; }) nerd-fonts.fira-code
]; ];
} }

21
nix/personal/graphical/messengers.nix
View file

@ -7,22 +7,15 @@
}: }:
let let
cfg = config.kp2pml30; cfg = config.kp2pml30;
signalSuffix = if system == "x86_64-linux" then "amd64" else "arm64"; signal-pkgs = import (builtins.fetchTarball {
discord-version = "0.0.160"; url = "https://github.com/NixOS/nixpkgs/archive/71cbb752aa36854eb4a7deb3685b9789256d643c.tar.gz";
sha256 = "10dnjv2c28bjgplyj6nbk2q9lng6f95jf75i5yh541zngrr8b2qg";
}) {
system = pkgs.system;
};
in lib.mkIf cfg.messengers.personal { in lib.mkIf cfg.messengers.personal {
users.users.${cfg.username}.packages = with pkgs; [ users.users.${cfg.username}.packages = with pkgs; [
discord discord
telegram-desktop telegram-desktop
# (pkgs.callPackage "${pkgs.path}/pkgs/by-name/si/signal-desktop/generic.nix" { } rec { ] ++ [signal-pkgs.signal-desktop];
# pname = "signal-desktop";
# version = "7.65.0";
#
# libdir = "opt/Signal";
# bindir = libdir;
# extractPkg = "dpkg-deb -x $downloadedFile $out";
#
# url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_${version}_amd64.deb";
# hash = lib.fakeHash;
# })
];
} }

27
nix/personal/graphical/opera.nix
View file

@ -6,14 +6,35 @@
}: }:
let let
cfg = config.kp2pml30; cfg = config.kp2pml30;
version = "122.0.5643.51"; version = "123.0.5669.23";
legacy-nixpkgs = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/refs/tags/24.11.tar.gz";
sha256 = "1gx0hihb7kcddv5h0k7dysp2xhf1ny0aalxhjbpj2lmvj7h9g80a";
}) {
system = pkgs.system;
config.allowUnfreePredicate = pkg:
builtins.elem (pkgs.lib.getName pkg) [
"vscode"
"steam"
"steam-run"
"steam-original"
"steam-unwrapped"
"nvidia-x11"
"nvidia-settings"
"nvidia-persistenced"
"opera"
"discord"
"slack"
"anytype"
];
};
in lib.mkIf cfg.opera { in lib.mkIf cfg.opera {
home-manager.users.${cfg.username}.home = { home-manager.users.${cfg.username}.home = {
packages = with pkgs; [ packages = with legacy-nixpkgs; [
((opera.override { proprietaryCodecs = true; }).overrideAttrs (finalAttrs: previousAttrs: { ((opera.override { proprietaryCodecs = true; }).overrideAttrs (finalAttrs: previousAttrs: {
src = fetchurl { src = fetchurl {
url = "https://get.geo.opera.com/pub/opera/desktop/${version}/linux/opera-stable_${version}_amd64.deb"; url = "https://get.geo.opera.com/pub/opera/desktop/${version}/linux/opera-stable_${version}_amd64.deb";
hash = "sha256-l/NG3UEI1MEu7yVte0wkxsMsIhpCsAT7292u/IsqUL0="; hash = "sha256-j2kHdg8d60S9j3bLychjmH/cRAXHGIjOgGKqmNIhnHU=";
}; };
})) }))
]; ];

4
nix/personal/neovim.nix
View file

@ -27,7 +27,9 @@ in
nerdtree nerdtree
tokyonight-nvim tokyonight-nvim
barbar-nvim barbar-nvim
feline-nvim ((fromGitHub "3587f57480b88e8009df7b36dc84e9c7ff8f2c49" "famiu/feline.nvim").overrideAttrs (old: {
doCheck = false;
}))
(fromGitHub "d63c811337b2f75de52f16efee176695f31e7fbc" "timakro/vim-yadi") (fromGitHub "d63c811337b2f75de52f16efee176695f31e7fbc" "timakro/vim-yadi")
(fromGitHub "aafa5c187a15701a7299a392b907ec15d9a7075f" "nvim-tree/nvim-web-devicons") (fromGitHub "aafa5c187a15701a7299a392b907ec15d9a7075f" "nvim-tree/nvim-web-devicons")
]; ];

19
nix/server/secrets.nix
View file

@ -26,29 +26,28 @@ let
${pkgs.openssl}/bin/openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -d -k "$KP2_DOTFILES_SECRET_KEY" -in "${./secrets.yaml}" | ${pkgs.yq}/bin/yq '.XRAY_UIDS[]' -r ${pkgs.openssl}/bin/openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -d -k "$KP2_DOTFILES_SECRET_KEY" -in "${./secrets.yaml}" | ${pkgs.yq}/bin/yq '.XRAY_UIDS[]' -r
''; '';
xray-config-pre = builtins.toFile "xray-pre.json" (builtins.readFile ./xray-pre.json); xray-config-base = builtins.toFile "xray.json" (builtins.readFile ./xray.json);
xray-config-post = builtins.toFile "xray-post.json" (builtins.readFile ./xray-post.json);
# Script to generate complete xray configuration # Script to generate complete xray configuration
generateXrayConfig = pkgs.writeShellScript "generate-xray-config" '' generateXrayConfig = pkgs.writeShellScript "generate-xray-config" ''
set -euo pipefail set -euo pipefail
cat ${xray-config-pre} ALL_IDS="["
first=true first=true
while IFS= read -r uuid; do while IFS= read -r uuid; do
if [ "$first" = true ]; then if [ "$first" = true ]; then
first=false first=false
else else
echo "," ALL_IDS="$ALL_IDS,"
fi fi
echo " {" ALL_IDS="$ALL_IDS{\"id\":\"$uuid\",\"flow\": \"xtls-rprx-vision\"}"
echo " \"id\": \"$uuid\","
echo " \"flow\": \"xtls-rprx-vision\""
echo " }"
done < <(${decryptSecrets}) done < <(${decryptSecrets})
cat ${xray-config-post} ALL_IDS="$ALL_IDS]"
cat "${xray-config-base}" | \
jq --argjson val "$ALL_IDS" '.inbounds.[0].settings.clients = $val'
''; '';
in { in {
@ -85,6 +84,8 @@ in {
chown xray:xray /run/secrets/xray-config.json chown xray:xray /run/secrets/xray-config.json
chmod 440 /run/secrets/xray-config.json chmod 440 /run/secrets/xray-config.json
''; '';
path = [ pkgs.jq ];
}; };
# Ensure secrets directory exists # Ensure secrets directory exists

1
nix/server/stream.nginx
View file

@ -12,6 +12,7 @@ map $ssl_preread_server_name $name {
updates.signal.org updates; updates.signal.org updates;
updates2.signal.org updates2; updates2.signal.org updates2;
www.microsoft.com xray-entrypoint;
x.kp2pml30.moe xray-entrypoint; x.kp2pml30.moe xray-entrypoint;
pr.kp2pml30.moe signal-proxy; pr.kp2pml30.moe signal-proxy;

103
nix/server/xray-client.json Normal file
View file

@ -0,0 +1,103 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"regexp:\\.ru$",
"regexp:\\.рф$",
"domain:vk.com"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn",
"geosite:private"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:ru",
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"listen": "127.0.0.1",
"port": 10809,
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "x.kp2pml30.moe",
"port": 443,
"users": [
{
"id": "",
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "",
"allowInsecure": false,
"fingerprint": "chrome"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

23
nix/server/xray-pre.json
View file

@ -1,23 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 8010,
"protocol": "vless",
"settings": {
"clients": [

81
nix/server/xray-reality-client.json Normal file
View file

@ -0,0 +1,81 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 1081,
"listen": "127.0.0.1",
"protocol": "http"
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "x.kp2pml30.moe",
"port": 443,
"users": [
{
"id": "YOUR-UUID-HERE",
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false,
"fingerprint": "chrome",
"serverName": "www.microsoft.com",
"publicKey": "dRvlorHTupOukJ7aFZNPx-wXUMYJt3GQNrtSjMm9lAg",
"shortId": "deadbabe",
"spiderX": "/"
}
}
},
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
"regexp:\\.ru$",
"geosite:category-ru",
"regexp:\\.рф$",
"regexp:(^|\\.)vk\\.com$"
],
"outboundTag": "block"
},
{
"type": "field",
"network": "tcp,udp",
"outboundTag": "proxy"
}
]
}
}

90
nix/server/xray-reality.json Normal file
View file

@ -0,0 +1,90 @@
{
"log": {
"loglevel": "debug"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"regexp:\\.ru$",
"regexp:\\.рф$",
"domain:vk.com"
],
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:ru"
],
"outboundTag": "block"
},
{
"type": "field",
"network": "tcp,udp",
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 8010,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "YOUR-UUID-HERE",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": true,
"dest": "www.microsoft.com:443",
"xver": 0,
"serverNames": [
"www.microsoft.com"
],
"privateKey": "",
"shortIds": [
"deadbabe"
],
"debug": true
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 3,
"connIdle": 127
}
}
}
}

33
nix/server/xray-post.json → nix/server/xray.json
View file

@ -1,3 +1,36 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"regexp:\\.ru$",
"regexp:\\.рф$",
"domain:vk.com"
],
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:ru"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 8010,
"protocol": "vless",
"settings": {
"clients": [
], ],
"decryption": "none", "decryption": "none",
"fallbacks": [ "fallbacks": [