kp2pml30/dotfiles
1
0
Fork 0
mirror of https://github.com/kp2pml30/dotfiles.git synced 2026-02-16 23:34:42 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions

try to migrate to nix

Browse source
This commit is contained in:
kp2pml30 2025-01-11 20:48:22 +04:00
parent f2f4ead62f
commit 94da1ce936
26 changed files with 830 additions and 181 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/result

1
README.md
View file

@ -1 +0,0 @@
fish `scrap-default-tool-paths` to update paths and completions (persists after a restart)

12
default-configurations/.clang-format Normal file
View file

@ -0,0 +1,12 @@
BasedOnStyle: Mozilla
IndentWidth: 2
TabWidth: 2
UseTab: ForContinuationAndIndentation
AllowShortIfStatementsOnASingleLine: false
IndentCaseLabels: false
AlignAfterOpenBracket: BlockIndent
AlignArrayOfStructures: Right
AlignConsecutiveAssignments: Consecutive
AlignConsecutiveMacros: Consecutive
IndentExternBlock: NoIndent

7
.editorconfig → default-configurations/.editorconfig
View file

@ -4,13 +4,14 @@ root = true
end_of_line = lf end_of_line = lf
insert_final_newline = true insert_final_newline = true
charset = utf-8 charset = utf-8
trim_trailing_whitespace = true
indent_style = tab indent_style = tab
indent_size = 2 tab_width = 2
[*.yaml] [*.{json,yml}]
indent_style = space indent_style = space
indent_size = 2 indent_size = 2
[*.zig] [*.{toml,rs,zig}]
indent_style = space indent_style = space
indent_size = 4 indent_size = 4

40
default-configurations/.pre-commit-config.yaml Normal file
View file

@ -0,0 +1,40 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-added-large-files
- id: check-json
- id: check-yaml
- id: check-toml
- id: check-merge-conflict
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.6.9
hooks:
- id: ruff-format
- repo: https://github.com/pryorda/dockerfilelint-precommit-hooks
rev: v0.1.0
hooks:
- id: dockerfilelint
- repo: https://github.com/sirosen/check-jsonschema
rev: 0.28.2
hooks:
- id: check-github-actions
- id: check-github-workflows
- repo: https://github.com/pre-commit/mirrors-clang-format
rev: v19.1.0
hooks:
- id: clang-format
types_or: [c++, c]
exclude: ^runners/py-libs
- repo: https://github.com/editorconfig-checker/editorconfig-checker.python
rev: 3.0.3
hooks:
- id: editorconfig-checker
# exclude: <regex>

25
default-configurations/gitignore Normal file
View file

@ -0,0 +1,25 @@
# editors
.vscode/
.idea/
.godot/
# apple
.DS_Store
.AppleDouble
.LSOverride
# build related directories
/build
target
zig-out
zig-build
# secrets
.env
# py
__pycache__/
.pytest_cache
.mypy_cache
.ruff_cache
.coverage*

11
default-configurations/ruff.toml Normal file
View file

@ -0,0 +1,11 @@
exclude = [
]
indent-width = 2
[format]
indent-style = "tab"
quote-style = "single"
line-ending = "lf"
skip-magic-trailing-comma = false
docstring-code-format = true

88
flake.lock generated Normal file
View file

@ -0,0 +1,88 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736095716,
"narHash": "sha256-csysw/Szu98QDiA2lhWk9seYOyCebeVEWL89zh1cduM=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "63c3b4ed1712a3a0621002cd59bfdc80875ecbb0",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1736344531,
"narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

66
flake.nix Normal file
View file

@ -0,0 +1,66 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-wsl = {
url = "github:nix-community/NixOS-WSL/main";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, ... }:
let
rootPath = self;
additionalArgs = { inherit inputs rootPath; };
importArg = inputs // { pkgs = nixpkgs; lib = nixpkgs.lib; } // additionalArgs;
hostNameMod = name: { networking.hostName = "kp2pml30-${name}"; };
makeNamedSys = nameArg: arg: {
"${nameArg}" =
nixpkgs.lib.nixosSystem
((builtins.removeAttrs arg ["modules"]) // { specialArgs = additionalArgs; modules = arg.modules ++ [(hostNameMod nameArg)]; });
};
makeSys = { sys }: [
(makeNamedSys "server-${sys}" {
system = sys;
modules = [
./nix/common.nix
./nix/server.nix
];
})
(makeNamedSys "personal-${sys}" {
system = sys;
modules = [
./nix/common.nix
./nix/personal.nix
];
})
(makeNamedSys "personal-${sys}-wsl" {
system = sys;
modules = [
./nix/wsl.nix
./nix/common.nix
./nix/personal.nix
];
})
] ;
in
{
nixosConfigurations =
builtins.foldl'
(x: y: x // y)
{}
(builtins.concatMap makeSys [ { sys = "x86_64-linux"; } ])
;
};
}
# example
# + nix --extra-experimental-features 'nix-command flakes' build --out-link /tmp/nixos-rebuild.ydOEVb/nixos-rebuild '.#nixosConfigurations."wsl-amd64".config.system.build.nixos-rebuild' --show-trace
# ++ readlink -e /tmp/nixos-rebuild.ydOEVb/nixos-rebuild
# + p=/nix/store/rd18dwsifrcyghim695q18nhvyfykxxg-nixos-rebuild
# exec /nix/store/rd18dwsifrcyghim695q18nhvyfykxxg-nixos-rebuild/bin/nixos-rebuild switch --flake .#wsl-amd64

139
home-test/.config/fish/functions/fish_prompt.fish
View file

@ -1,139 +0,0 @@
# based on https://github.com/oh-my-fish/theme-eden/blob/master/LICENSE
function _git_branch_name
echo (command git symbolic-ref HEAD 2> /dev/null | sed -e 's|^refs/heads/||')
end
function _is_git_dirty
set resStr (timeout 0.2s git status -s --ignore-submodules=dirty 2> /dev/null)
set res $status
if [ $res = 0 ]
if [ "$resStr" = "" ]
echo "clean"
else
echo "dirty"
end
else if [ $res = 124 ]
echo "?"
else
echo "dirty"
end
end
## Function to show a segment
function _prompt_segment -d "Function to show a segment"
# Get colors
set -l bg $argv[1]
set -l fg $argv[2]
# Set 'em
set_color -b $bg
set_color $fg
# Print text
if [ -n "$argv[3]" ]
echo -n -s $argv[3]
end
# Reset
set_color -b normal
set_color normal
# Print padding
if [ (count $argv) = 4 ]
echo -n -s $argv[4]
end
end
function show_ssh_status -d "Function to show the ssh tag"
if test "$THEME_EDEN_HIDE_SSH_TAG" != 'yes'
if [ -n "$SSH_CLIENT" ]
if [ (id -u) = "0" ]
_prompt_segment red white "-SSH-" ' '
else
_prompt_segment blue white "-SSH-" ' '
end
end
end
end
function show_host -d "Show host & user name"
if [ (id -u) = "0" ]
echo -n (set_color red)
else
echo -n (set_color blue)
end
echo -n "$USER@"(hostname|cut -d . -f 1)' ' (set color normal)
end
function show_cwd -d "Function to show the current working directory"
if test "$theme_short_path" != 'yes' -a (prompt_pwd) != '~' -a (prompt_pwd) != '/'
set -l cwd (dirname (prompt_pwd))
test $cwd != '/'; and set cwd $cwd'/'
_prompt_segment normal cyan $cwd
end
set_color -o cyan
echo -n (basename (prompt_pwd))' '
set_color normal
end
function show_git_info -d "Show git branch and dirty state"
if [ (_git_branch_name) ]
set -l git_branch '['(_git_branch_name)']'
set_color -o
echo -ne " "
set dirty (_is_git_dirty)
switch "$dirty"
case "clean"
set_color -o green
echo -ne "$git_branch "
case "dirty"
set_color -o red
echo -ne "$git_branch× "
case '*'
set_color -o yellow
echo -ne "$git_branch? "
end
set_color normal
end
end
function show_times
if test $CMD_DURATION -ge 500
if test $CMD_DURATION -ge 60000
set -l duration_minutes (math "floor($CMD_DURATION / 60000)")
set -l duration_seconds (math "round(($CMD_DURATION % 60000) / 1000)")
printf "%02d:%02d " $duration_minutes $duration_seconds
else if test $CMD_DURATION -ge 1000
set -l duration_seconds (math "round($CMD_DURATION / 1000)")
echo -ns "$duration_seconds""s "
else
echo -ns "$CMD_DURATION""ms "
end
end
# Output the current time
echo -ne (date "+%H:%M:%S")
end
function show_prompt_char -d "Terminate with a nice prompt char"
echo ""
echo -n -s $normal '» '
end
function fish_prompt
set -l code $status
# use tput to move cursor to line start
echo -ne (tput cr)
show_ssh_status
show_host
show_cwd
show_git_info
show_times
if test $code != 0
echo -ns (set_color red) '[' $code ']'
end
show_prompt_char
end

37
home-test/.config/fish/functions/fish_right_prompt.fish
View file

@ -1,37 +0,0 @@
function fish_right_prompt
return
# Last command status
set -l code $status
# https://github.com/fish-shell/fish-shell/issues/3476#issuecomment-256058730
# Save the cursor position, move it up one line, and move it to the right two spaces
tput sc; tput cuf 2
#if test $code != 0
# echo -ns (set_color red) '-' $code '- '
#end
set_color $fish_color_autosuggestion 2> /dev/null; or set_color 555
# Output the duration of the last command
if test $CMD_DURATION -ge 500
if test $CMD_DURATION -ge 60000
set -l duration_minutes (math "floor($CMD_DURATION / 60000)")
set -l duration_seconds (math "round(($CMD_DURATION % 60000) / 1000)")
printf "%02d:%02d " $duration_minutes $duration_seconds
else if test $CMD_DURATION -ge 1000
set -l duration_seconds (math "round($CMD_DURATION / 1000)")
echo "$duration_seconds""s "
else
echo "$CMD_DURATION""ms "
end
end
# Output the current time
echo (date "+%H:%M:%S")
# Restores the cursor position
tput rc
end

75
home/.config/nvim/base.vim Normal file
View file

@ -0,0 +1,75 @@
set termguicolors
set nowrap
set nu rnu
set list
set listchars=tab:┆\ ,space,nbsp:␣
set tabstop=2
set shiftwidth=2
set noexpandtab
nmap <F2> :w<CR>
imap <F2> <C-O>:w<CR>
noremap <expr> <Home> (col('.') == matchend(getline('.'), '^\s*')+1 ? '0' : '^')
imap <Home> <C-o><Home>
vnoremap > >gv
vnoremap < <gv
let s:i = 1
while s:i < 10
execute printf('nmap <Space>%i %i<C-w><C-w>', s:i, s:i)
let s:i += 1
endwhile
set clipboard=unnamedplus
colorscheme tokyonight-night
if exists(':GuiRenderLigatures')
GuiRenderLigatures 1
endif
if exists(':GuiFont')
GuiFont FiraCode\ Nerd\ Font
endif
if exists(':NERDTreeToggle')
map <F3> :NERDTreeToggle<CR>
autocmd bufenter * if (winnr("$") == 1 && exists("b:NERDTree") && b:NERDTree.isTabTree()) | q | endif
endif
if exists(':BufferGoto')
let s:i = 1
while s:i < 10
execute printf('nmap <Leader>%i :BufferGoto %i<CR>', s:i, s:i)
let s:i += 1
endwhile
nmap <C-Right> :BufferNext<CR>
nmap <C-Left> :BufferPrevious<CR>
nmap <C-q> :BufferClose<CR>
endif
if exists(':DetectIndent')
autocmd BufRead * DetectIndent
endif
if exists(':CocInfo')
inoremap <silent><expr> <c-space> coc#refresh()
inoremap <silent><expr> <TAB>
\ coc#pum#visible() ? coc#pum#confirm() : "\<Tab>"
nmap <silent> <Space>ld <Plug>(coc-definition)
nmap <silent> <Space>lt <Plug>(coc-type-definition)
nmap <silent> <Space>li <Plug>(coc-implementation)
nmap <silent> <Space>lr <Plug>(coc-references)
endif
if exists(':LeaderGuide')
nnoremap <silent> <leader> :<c-u>LeaderGuide '\'<CR>
nnoremap <silent> <Space> :<c-u>LeaderGuide '<Space>'<CR>
let g:smap = get(g:, 'smap', {})
" let g:smap['<Space>'] = get(g:smap, '<Space>', {})
" let g:smap['<Space>'].l = 'language'
let g:smap.l = {'name' : 'language'}
call leaderGuide#register_prefix_descriptions("<Space>", "g:smap")
endif

2
home/.config/nvim/init.vim
View file

@ -3,6 +3,7 @@ call plug#begin()
Plug 'kyazdani42/nvim-web-devicons' Plug 'kyazdani42/nvim-web-devicons'
Plug 'romgrk/barbar.nvim' Plug 'romgrk/barbar.nvim'
Plug 'jiangmiao/auto-pairs' Plug 'jiangmiao/auto-pairs'
Plug 'RaafatTurki/hex.nvim'
if executable('node') if executable('node')
Plug 'neoclide/coc.nvim', {'branch': 'release'} Plug 'neoclide/coc.nvim', {'branch': 'release'}
endif endif
@ -73,3 +74,4 @@ let g:smap.l = {'name' : 'language'}
call leaderGuide#register_prefix_descriptions("<Space>", "g:smap") call leaderGuide#register_prefix_descriptions("<Space>", "g:smap")
lua require('feline').setup() lua require('feline').setup()
lua require('hex').setup()

56
nix/common.nix Normal file
View file

@ -0,0 +1,56 @@
{ pkgs
, ...
}:
{
system.stateVersion = "24.05";
users.mutableUsers = false;
nix.gc = {
automatic = true;
dates = "weekly";
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.systemPackages = with pkgs; [
curl
neovim
bash
git
zip unzip
xz
zstd
gnutar
diffutils
file
tree
gnused
gnugrep
stow
killall
gnupg
];
programs = {
neovim.enable = true;
neovim.defaultEditor = true;
git = {
enable = true;
lfs.enable = true;
config = {
init.defaultBranch = "main";
};
};
};
}

29
nix/personal.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs
, inputs
, ...
}@args:
{
imports = [
inputs.home-manager.nixosModules.home-manager
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.kp2pml30 = import ./personal/home.nix args;
users.users.kp2pml30 = import ./personal/user.nix args;
programs = {
fish.enable = true;
tmux.enable = true;
};
environment.systemPackages = with pkgs; [
fish
fishPlugins.grc
grc
fira-code
nerd-fonts.fira-code
];
}

50
nix/personal/home.nix Normal file
View file

@ -0,0 +1,50 @@
{ pkgs
, ...
}@args:
{
home.stateVersion = "24.05";
home = {
username = "kp2pml30";
homeDirectory = "/home/kp2pml30";
packages = with pkgs; [
starship
jq
];
};
nix.gc = {
automatic = true;
frequency = "weekly";
};
programs = {
git = {
enable = true;
userName = "kp2pml30";
userEmail = "kp2pml30@gmail.com";
lfs.enable = true;
extraConfig = {
init.defaultBranch = "main";
};
};
fish = {
enable = true;
};
starship = {
enable = true;
settings = {
add_newline = false;
format = "$cmd_duration$username$hostname$git_branch$git_commit$git_state$git_status$directory$status\n$character";
hostname.ssh_only = true;
cmd_duration.format = "took [$duration]($style)\n";
};
};
home-manager.enable = true;
neovim = import ./neovim.nix args;
};
}

33
nix/personal/neovim.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs
, lib
, rootPath
, ...
}:
let
fromGitHub = rev: repo: pkgs.vimUtils.buildVimPlugin {
pname = "${lib.strings.sanitizeDerivationName repo}";
version = rev;
src = builtins.fetchGit {
url = "https://github.com/${repo}.git";
rev = rev;
};
};
nvimConfig = builtins.readFile (rootPath + "/home/.config/nvim/base.vim");
in
{
enable = true;
defaultEditor = true;
plugins = with pkgs.vimPlugins; [
nvim-treesitter.withAllGrammars
nvim-autopairs
nerdtree
tokyonight-nvim
barbar-nvim
feline-nvim
(fromGitHub "d63c811337b2f75de52f16efee176695f31e7fbc" "timakro/vim-yadi")
(fromGitHub "aafa5c187a15701a7299a392b907ec15d9a7075f" "nvim-tree/nvim-web-devicons")
];
extraConfig = nvimConfig;
}

7
nix/personal/user.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.fish;
hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/";
}

45
nix/server.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, pkgs, ... }:
let
mhostname = "example.org" ;
in
{
services.openssh = {
enable = true;
ports = [ 22 ];
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AllowUsers = [ "kp2pml30-serv" ];
};
};
users.users.kp2pml30-serv = import ./user.nix;
users.users.nginx.extraGroups = [ "acme" ];
security.acme = {
acceptTerms = true;
defaults.email = "kp2pml30@gmail.com";
certs."${mhostname}" = {
serverAliases = [ "*.${mhostname}" ];
webroot = "/var/lib/acme/.challenges";
group = "nginx";
#extraDomainNames = [ "mail.example.org" ];
};
};
services.nginx = {
virtualHosts."${mhostname}" = {
enableACME = true;
listen = [
{ port = 80; }
];
locations."/.well-known/acme-challenge/" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = 404;
};
};
streamConfig = (builtins.readFile ./stream.nginx);
};
}

86
nix/server/stream.nginx Normal file
View file

@ -0,0 +1,86 @@
map $ssl_preread_server_name $name {
chat.signal.org signal-service;
ud-chat.signal.org signal-service;
storage.signal.org storage-service;
cdn.signal.org signal-cdn;
cdn2.signal.org signal-cdn2;
cdn3.signal.org signal-cdn3;
cdsi.signal.org cdsi;
contentproxy.signal.org content-proxy;
sfu.voip.signal.org sfu;
svr2.signal.org svr2;
updates.signal.org updates;
updates2.signal.org updates2;
backend1.svr3.signal.org svr31;
backend2.svr3.signal.org svr32;
backend3.svr3.signal.org svr33;
default deny;
}
upstream signal-service {
server chat.signal.org:443;
}
upstream storage-service {
server storage.signal.org:443;
}
upstream signal-cdn {
server cdn.signal.org:443;
}
upstream signal-cdn2 {
server cdn2.signal.org:443;
}
upstream signal-cdn3 {
server cdn3.signal.org:443;
}
upstream cdsi {
server cdsi.signal.org:443;
}
upstream content-proxy {
server contentproxy.signal.org:443;
}
upstream sfu {
server sfu.voip.signal.org:443;
}
upstream svr2 {
server svr2.signal.org:443;
}
upstream svr31 {
server backend1.svr3.signal.org:443;
}
upstream svr32 {
server backend2.svr3.signal.org:443;
}
upstream svr33 {
server backend3.svr3.signal.org:443;
}
upstream updates {
server updates.signal.org:443;
}
upstream updates2 {
server updates2.signal.org:443;
}
upstream deny {
server 127.0.0.1:9;
}
server {
listen 443;
proxy_pass $name;
ssl_preread on;
error_log /dev/null;
access_log off;
}

8
nix/server/user.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
];
extraGroups = [ "wheel" "networkmanager" ];
}

14
nix/wsl.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs
, inputs
, ...
}:
{
imports = [
inputs.nixos-wsl.nixosModules.default
];
wsl = {
enable = true;
defaultUser = "kp2pml30";
wslConf.interop.appendWindowsPath = false;
};
}

10
scripts/git-config.sh Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env bash
set -ex
git config --global init.defaultBranch main
git lfs install
git config --global user.email kp2pml30@gmail.com
git config --global user.name kp2pml30

2
set-symlinks.sh → scripts/set-config-symlinks.sh
View file

@ -4,6 +4,6 @@ set -ex
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
cd "$SCRIPT_DIR" cd "$SCRIPT_DIR/.."
stow --no-folding --target "$HOME" --dir "$SCRIPT_DIR" home stow --no-folding --target "$HOME" --dir "$SCRIPT_DIR" home

49
vps/iptables.erb Normal file
View file

@ -0,0 +1,49 @@
% # run it like this: `erb ports='[]' iptables.erb | iptables-restore`
% # NOTE: it discards docker iptable rules
*filter
-N DOCKER-USER
-N DOCKER-ISOLATION-STAGE-1
# don't restrict output at all
-A OUTPUT -j ACCEPT
# allow all loopback
-A INPUT -i lo -j ACCEPT
-A FORWARD -i lo -j ACCEPT
# allow all established
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# allow wireguard
-A INPUT -i wg0 -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
-A DOCKER-USER -i wg0 -j ACCEPT
# allow all docker
-A DOCKER-USER -i docker0 -j DOCKER-ISOLATION-STAGE-1
% require 'json'
% prts = [22, 80, 443] + JSON.parse(ports)
# apply it with `iptables-restore < ./iptables`
# allow all loopback
-A INPUT -i lo -j ACCEPT
# custom ports
% prts.each { |port|
% ['tcp', 'udp'].each { |proto|
-A FORWARD -p <%= proto %> --dport <%= port %> -j ACCEPT
-A INPUT -p <%= proto %> --dport <%= port %> -j ACCEPT
-A DOCKER-USER -p <%= proto %> -m conntrack --ctorigdstport <%= port %> --ctdir ORIGINAL -j ACCEPT
% }
% }
%
# disallow all other
-A INPUT -j DROP
-A FORWARD -j DROP
-A DOCKER-USER -j DROP
COMMIT

118
vps/vpn/make-server.sh Executable file
View file

@ -0,0 +1,118 @@
#!/usr/bin/env bash
set -e
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
HOST=""
PORT=""
GENKEY=false
function show_help {
echo "wireguard configurator"
echo " --host host-name"
echo " --port port"
echo " [--gen-key]"
}
while [ $# -ne 0 ]
do
ARG="$1"
shift
case "$ARG" in
--help)
show_help
exit 0
;;
--host)
HOST="$1"
shift
;;
--port)
PORT="$1"
shift
;;
--gen-keys)
GENKEY=true
;;
*)
echo "unknown argument $ARG"
show_help
exit 1
;;
esac
done
echo "Parsed:"
echo " --host $HOST"
echo " --port $PORTI"
if [ "$HOST" == "" ]
then
echo "host not set"
show_help
exit 1
fi
if [ "$PORT" == "" ]
then
echo "port not set"
show_help
exit 1
fi
if [ ! -f .gitignore ]
then
echo "INFO creating gitignore"
touch .gitignore
fi
if ! grep -Pq '^/key$' .gitignore
then
echo "INFO adding key to .gitignore"
echo "/key" >> .gitignore
fi
if ! grep -Pq '^/wg0\.conf$' .gitignore
then
echo "INFO adding wg0.conf to .gitignore"
echo "/wg0.conf" >> .gitignore
fi
if [ "$GENKEY" == "true" ]
then
touch key
chmod 600 key
wg genkey > key
wg pubkey < key > key.pub
fi
touch wg0.conf
chmod 600 wg0.conf
KEY="$(cat key)"
erb "private_key=$KEY" port="$PORT" "$SCRIPT_DIR/wg0.conf.erb" > wg0.conf
KEY=""
PUBKEY="$(cat key.pub)"
echo ""
echo "Run following to start wireguard:"
echo " wg-quick up ./wg0.conf"
echo "You can add peers as follows:"
echo " wg set wg0 peer <pub key> allowed-ips IP"
echo ""
echo "Client's configuration is"
echo "=================================="
cat <<-EOF
[Interface]
Address = 10.30.30.@@/32
PrivateKey = <Private key>
DNS = 10.30.30.1
[Peer]
PublicKey = $PUBKEY
Endpoint = $HOST:$PORT
AllowedIPs = 10.30.30.0/24
PersistentKeepalive = 25
EOF
echo "=================================="