rust pobeda

2025-06-08 23:40:41 +00:00 · 2025-06-08 23:40:41 +00:00 · 5cd0ded292
commit 5cd0ded292
parent 1bc03bdb14
59 changed files with 1185 additions and 1389 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -0,0 +1,15 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+    inputs.home-manager.nixosModules.home-manager
+
+    ./vpn
+    ./net.nix
+    ./sops.nix
+    ./sound.nix
+    ./rust.nix
+    ./haskell.nix
+  ];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}
--- a/modules/haskell.nix
+++ b/modules/haskell.nix
@ -0,0 +1,9 @@
+{ config, lib, pkgs, ... }:
+
+{
+  #environment.systemPackages = with pkgs; [
+  #  haskell.compiler.ghc983
+  #  haskellPackages.cabal-install
+  #  haskellPackages.haskell-language-server
+  #];
+}
--- a/modules/net.nix
+++ b/modules/net.nix
@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.networkmanager.enable = true;
+}
--- a/modules/rust.nix
+++ b/modules/rust.nix
@ -0,0 +1,18 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  nixpkgs.overlays = [ inputs.fenix.overlays.default ];
+  environment.systemPackages = with pkgs; [
+    (fenix.complete.withComponents [
+      "rustc"
+      "cargo"
+      "rustfmt"
+      "rust-src"
+      "rust-analyzer"
+      "clippy"
+      "miri"
+    ])
+    sccache
+    cargo-edit
+  ];
+}
--- a/modules/sops.nix
+++ b/modules/sops.nix
@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+
+{
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+}
--- a/modules/sound.nix
+++ b/modules/sound.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    pavucontrol
+  ];
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}
--- a/modules/vpn/default.nix
+++ b/modules/vpn/default.nix
@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./hft.nix
+    ./shadowsocks.nix
+  ];
+}
--- a/modules/vpn/hft.nix
+++ b/modules/vpn/hft.nix
@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+let
+  secrets = config.sops.secrets;
+in
+{
+  sops.secrets."work/ovpn".sopsFile = ../../secrets/work.yaml;
+  sops.secrets."work/password".sopsFile = ../../secrets/work.yaml;
+
+  services.openvpn.servers.hft = {
+    autoStart = false;
+    updateResolvConf = true;
+
+    config = ''
+      config ${secrets."work/ovpn".path}
+      askpass ${secrets."work/password".path}
+    '';
+  };
+  systemd.services.openvpn-hft.requires = ["yor-proxy.service"];
+}
--- a/modules/vpn/shadowsocks.nix
+++ b/modules/vpn/shadowsocks.nix
@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+let
+  secrets = config.sops.secrets;
+  yorCfg = secrets."viendesu/shadowsocks/yor".path;
+in
+{
+  sops.secrets = {
+    "viendesu/shadowsocks/gneg".sopsFile = ../../secrets/viendesu.yaml;
+    "viendesu/shadowsocks/yor".sopsFile = ../../secrets/viendesu.yaml;
+  };
+
+  systemd.services.yor-proxy = {
+    after = [ "network.target" ];
+    description = "`Yor` shadowsocks";
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${yorCfg}'';
+    };
+  };
+}