delete legacy stuff and reformat

2025-01-11 03:55:19 +01:00 · 2025-01-11 03:55:19 +01:00 · 62e2519639
commit 62e2519639
parent 595d4935de
51 changed files with 714 additions and 1056 deletions
--- a/flake.nix
+++ b/flake.nix
@ -32,15 +32,16 @@
  };
  outputs =
-    inputs@{ self
+    inputs@{
-    , flake-utils
+      self,
-    , lanzaboote
+      flake-utils,
-    , microvm
+      lanzaboote,
-    , nixos-hardware
+      microvm,
-    , nixpkgs-stable
+      nixos-hardware,
-    , nixpkgs-unstable
+      nixpkgs-stable,
-    , sops-nix
+      nixpkgs-unstable,
-    , ...
+      sops-nix,
      ...
    }:
    {
@ -100,8 +101,12 @@
      };
      hydraJobs =
        let
-          get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel);
+          get-toplevel = (
            host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel
          );
        in
        nixpkgs-stable.lib.mapAttrs get-toplevel self.nixosConfigurations;
      formatter.x86_64-linux = nixpkgs-stable.legacyPackages.x86_64-linux.nixfmt-rfc-style;
    };
 }
--- a/hosts/cloud/configuration.nix
+++ b/hosts/cloud/configuration.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./networking.nix
@ -9,6 +10,8 @@
  networking.hostName = "cloud";
  networking.domain = "oxapentane.com";
  services.openssh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK'' ];
+  users.users.root.openssh.authorizedKeys.keys = [
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK''
  ];
  system.stateVersion = "24.11";
 }
--- a/hosts/cloud/default.nix
+++ b/hosts/cloud/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
--- a/hosts/cloud/hardware-configuration.nix
+++ b/hosts/cloud/hardware-configuration.nix
@ -2,8 +2,16 @@
 {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot.loader.grub.device = "/dev/sda";
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.availableKernelModules = [
    "ata_piix"
    "uhci_hcd"
    "xen_blkfront"
    "vmw_pvscsi"
  ];
  boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+  fileSystems."/" = {
    device = "/dev/sda1";
    fsType = "ext4";
  };
 }
--- a/hosts/cloud/networking.nix
+++ b/hosts/cloud/networking.nix
@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
 {
  networking.dhcpcd.enable = false;
  networking.useNetworkd = true;
--- a/hosts/minime/configuration.nix
+++ b/hosts/minime/configuration.nix
@ -2,11 +2,16 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 {
-  imports =
+  imports = [
-    [ # Include the results of the hardware scan.
+    # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];
@ -14,11 +19,9 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  # Enable the X11 windowing system.
  services.xserver.enable = false;
  system.stateVersion = "24.11"; # Did you read the comment?
 }
--- a/hosts/minime/default.nix
+++ b/hosts/minime/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
--- a/hosts/minime/hardware-configuration.nix
+++ b/hosts/minime/hardware-configuration.nix
@ -1,59 +1,76 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
-  imports =
+  imports = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "thunderbolt"
    "nvme"
    "usbhid"
    "usb_storage"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "zpool/nixos/root";
+    device = "zpool/nixos/root";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/12CE-A600";
+    device = "/dev/disk/by-uuid/12CE-A600";
    fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    options = [
      "fmask=0022"
      "dmask=0022"
    ];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "zpool/nixos/nix";
+    device = "zpool/nixos/nix";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "zpool/data/home";
+    device = "zpool/data/home";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "zpool/data/var";
+    device = "zpool/data/var";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-  fileSystems."/var/lib" =
+  fileSystems."/var/lib" = {
-    { device = "zpool/data/var/lib";
+    device = "zpool/data/var/lib";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-  swapDevices =
+  swapDevices = [
-    [ {
+    {
      device = "/dev/disk/by-partuuid/7e7d0e0b-90b7-465c-a022-089b38e0f16d";
      randomEncryption = true;
-    } ];
+    }
  ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/hosts/minime/networking.nix
+++ b/hosts/minime/networking.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  networking.hostName = "minime"; # Define your hostname.
  networking.useNetworkd = true;
  networking.firewall.enable = true;
--- a/hosts/minime/zfs.nix
+++ b/hosts/minime/zfs.nix
@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
  pkgs,
  lib,
  config,
  ...
 }:
 {
  services.fstrim.enable = true;
  services.zfs = {
    autoSnapshot.enable = true;
@ -12,7 +18,8 @@
  };
  networking.hostId = "41ba28ff";
  boot = {
-    kernelPackages = let
+    kernelPackages =
      let
        zfsCompatibleKernelPackages = lib.filterAttrs (
          name: kernelPackages:
          (builtins.match "linux_[0-9]+_[0-9]+" name) != null
@ -24,7 +31,8 @@
            builtins.attrValues zfsCompatibleKernelPackages
          )
        );
-    in latestKernelPackage;
+      in
      latestKernelPackage;
    supportedFilesystems = [ "zfs" ];
    kernelParams = [ "nohibernate" ];
    plymouth.enable = false;
@ -38,7 +46,9 @@
      enable = true;
      port = 2222;
      hostKeys = [ /etc/secrets/initrd/ssh_host_rsa_key ];
-      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK 0xa@toaster 2024-12-31" ];
+      authorizedKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK 0xa@toaster 2024-12-31"
      ];
    };
    postCommands = ''
      zpool import -a
@ -46,6 +56,14 @@
    '';
  };
  # support for network
-  boot.initrd.kernelModules = [ "igc" "i40e" "mt7921e" ];
+  boot.initrd.kernelModules = [
-  boot.kernelModules = [ "igc" "i40e" "mt7921e" ];
+    "igc"
    "i40e"
    "mt7921e"
  ];
  boot.kernelModules = [
    "igc"
    "i40e"
    "mt7921e"
  ];
 }
--- a/hosts/toaster/amd.nix
+++ b/hosts/toaster/amd.nix
@ -1,4 +1,5 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, ... }:
 {
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
--- a/hosts/toaster/default.nix
+++ b/hosts/toaster/default.nix
@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  imports = [
    ./amd.nix
    ./hardware-configuration.nix
--- a/hosts/toaster/hardware-configuration.nix
+++ b/hosts/toaster/hardware-configuration.nix
@ -1,53 +1,69 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
-  imports =
+  imports = [
    [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-    boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.zfs.extraPools = [ "zpool" ];
-    fileSystems."/" =
+  fileSystems."/" = {
-      { device = "zpool/root";
+    device = "zpool/root";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-    fileSystems."/nix" =
+  fileSystems."/nix" = {
-      { device = "zpool/nix";
+    device = "zpool/nix";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-    fileSystems."/home" =
+  fileSystems."/home" = {
-      { device = "zpool/data/home";
+    device = "zpool/data/home";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-    fileSystems."/var" =
+  fileSystems."/var" = {
-      { device = "zpool/data/var";
+    device = "zpool/data/var";
    fsType = "zfs";
    options = [ "zfsutil" ];
  };
-    fileSystems."/boot" =
+  fileSystems."/boot" = {
-      { device = "/dev/disk/by-uuid/A170-F83D";
+    device = "/dev/disk/by-uuid/A170-F83D";
    fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    options = [
      "fmask=0022"
      "dmask=0022"
    ];
  };
-    swapDevices =
+  swapDevices = [
-      [ { device = "/dev/disk/by-partuuid/037518f2-9fa0-44f0-9550-745e27bf1c1f";
+    {
-      randomEncryption = true;}
+      device = "/dev/disk/by-partuuid/037518f2-9fa0-44f0-9550-745e27bf1c1f";
      randomEncryption = true;
    }
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/hosts/toaster/irc.nix
+++ b/hosts/toaster/irc.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
 {
  environment.systemPackages = [ pkgs.senpai ];
  sops.secrets = {
--- a/hosts/toaster/network/default.nix
+++ b/hosts/toaster/network/default.nix
@ -1,4 +1,5 @@
-{ lib, config, ... }: {
+{ lib, config, ... }:
 {
  imports = [
    ./mullvad.nix
    ./dumpdvb.nix
@ -8,7 +9,9 @@
  # Networkmanager shouldn't interfere with systemd managed interfaces
  networking.networkmanager.unmanaged =
    let
-      systemd_netdevs = lib.attrsets.attrValues (lib.attrsets.mapAttrs (_name: value: value.netdevConfig.Name) config.systemd.network.netdevs);
+      systemd_netdevs = lib.attrsets.attrValues (
        lib.attrsets.mapAttrs (_name: value: value.netdevConfig.Name) config.systemd.network.netdevs
      );
    in
    systemd_netdevs;
--- a/hosts/toaster/network/dumpdvb.nix
+++ b/hosts/toaster/network/dumpdvb.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
 {
  systemd.network = {
    # Wireguard
    # Dump-dvb
@ -27,7 +28,10 @@
        IPv6AcceptRA = true;
      };
      routes = [
-        { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24";  }
+        {
          Gateway = "10.13.37.1";
          Destination = "10.13.37.0/24";
        }
      ];
    };
  };
--- a/hosts/toaster/network/mullvad.nix
+++ b/hosts/toaster/network/mullvad.nix
@ -1,10 +1,14 @@
-{ config, lib, ... }: {
+{ config, lib, ... }:
 {
  systemd.network =
    let
      pubkey = "BChJDLOwZu9Q1oH0UcrxcHP6xxHhyRbjrBUsE0e07Vk=";
      endpoint = "169.150.196.15";
      port = "51820";
-      addr = [ "10.74.16.48/32" "fc00:bbbb:bbbb:bb01::b:102f/128" ];
+      addr = [
        "10.74.16.48/32"
        "fc00:bbbb:bbbb:bb01::b:102f/128"
      ];
    in
    {
      netdevs."10-wg-mullvad" = {
@ -21,7 +25,10 @@
          {
            PublicKey = pubkey;
            Endpoint = "${endpoint}:${port}";
-            AllowedIPs = [ "0.0.0.0/0" "::0/0" ];
+            AllowedIPs = [
              "0.0.0.0/0"
              "::0/0"
            ];
          }
        ];
      };
@ -33,16 +40,20 @@
          DNSDefaultRoute = true;
          Domains = [ "~." ];
        };
-        routes = map
+        routes =
          map
            (gate: {
              Gateway = gate;
              Table = 1000;
-        }) [
+            })
            [
              "0.0.0.0"
              "::"
            ];
-        routingPolicyRules = [ {
+        routingPolicyRules =
          [
            {
              Family = "both";
              FirewallMark = 34952; # 0x8888
              InvertRule = true;
@ -54,11 +65,15 @@
              SuppressPrefixLength = 0;
              Table = "main";
              Priority = 90;
-        } ] ++ map (net: {
+            }
          ]
          ++ map
            (net: {
              # only route global addresses over VPN
              Priority = 80;
              To = net;
-        }) [
+            })
            [
              # Mullvad endpoint
              "${endpoint}/32"
              # "10.0.0.0/8"
--- a/hosts/toaster/network/oxalab.nix
+++ b/hosts/toaster/network/oxalab.nix
--- a/hosts/toaster/network/zw.nix
+++ b/hosts/toaster/network/zw.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
 {
  # zentralwerk
  systemd.network = {
    netdevs."10-wg-zentralwerk" = {
@ -15,7 +16,11 @@
        {
          PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo=";
          Endpoint = "81.201.149.152:1337";
-            AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" "172.22.99.0/24" ];
+          AllowedIPs = [
            "172.20.72.0/21"
            "172.22.90.0/24"
            "172.22.99.0/24"
          ];
          PersistentKeepalive = 25;
        }
      ];
--- a/hosts/toaster/secure-boot.nix
+++ b/hosts/toaster/secure-boot.nix
@ -1,4 +1,5 @@
-{ pkgs, lib, ... }: {
+{ pkgs, lib, ... }:
 {
  boot = {
    bootspec.enable = true;
    loader.systemd-boot.enable = lib.mkForce false;
--- a/hosts/toaster/zfs.nix
+++ b/hosts/toaster/zfs.nix
@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
  pkgs,
  lib,
  config,
  ...
 }:
 {
  services.fstrim.enable = true;
  services.zfs = {
    autoSnapshot.enable = true;
@ -10,7 +16,8 @@
  };
  networking.hostId = "dca22577";
  boot = {
-    kernelPackages = let
+    kernelPackages =
      let
        zfsCompatibleKernelPackages = lib.filterAttrs (
          name: kernelPackages:
          (builtins.match "linux_[0-9]+_[0-9]+" name) != null
@ -22,7 +29,8 @@
            builtins.attrValues zfsCompatibleKernelPackages
          )
        );
-in latestKernelPackage;
+      in
      latestKernelPackage;
    supportedFilesystems = [ "zfs" ];
    kernelParams = [ "nohibernate" ];
    plymouth.enable = false;
--- a/microvms/dn42/default.nix
+++ b/microvms/dn42/default.nix
@ -1 +0,0 @@
 { config, pkgs, lib, ... }: { }
--- a/microvms/music/default.nix
+++ b/microvms/music/default.nix
@ -1,40 +0,0 @@
 { pkgs, lib, config, ... }: {
  imports = [
    ./navidrome.nix
    ./oxaproxy.nix
    ./upload-user.nix
  ];
  microvm = {
    hypervisor = "qemu";
    mem = 4 * 1024;
    vcpu = 3;
    shares = [{
      source = "/nix/store";
      mountPoint = "/nix/.ro-store";
      tag = "store";
      proto = "virtiofs";
      socket = "store.socket";
    }] ++ map
      (dir: {
        source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
        mountPoint = "/${dir}";
        tag = dir;
        proto = "virtiofs";
        socket = "${dir}.socket";
      }) [ "etc" "var" "home" ];
    interfaces = [{
      type = "tap";
      id = "vm-music";
      mac = "02:00:00:00:00:01";
    }];
  };
  networking = {
    hostName = "music";
  };
  system.stateVersion = "22.11";
 }
--- a/microvms/music/navidrome.nix
+++ b/microvms/music/navidrome.nix
@ -1,16 +0,0 @@
 { config, ... }: {
  networking.firewall.interfaces.oxaproxy.allowedTCPPorts = [ 4533 ];
  services.navidrome = {
    enable = true;
    settings = {
      Address = "10.34.45.101";
      BaseUrl = "/";
      EnableExternalServices = false;
      MusicFolder = "/var/lib/music";
      Port = 4533;
      ScanSchedule = "@every 11m";
      TranscondigCacheSize = "5GiB";
      ReverseProxyWhitelist = "10.34.45.1/24";
    };
  };
 }
--- a/microvms/music/oxaproxy.nix
+++ b/microvms/music/oxaproxy.nix
@ -1,68 +0,0 @@
 { config, ... }: {
  networking.wireguard.enable = true;
  networking.useNetworkd = true;
  #oxaproxy secret
  sops.defaultSopsFile = ../../secrets/music/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.secrets."wg/oxaproxy-seckey" = {
    owner = config.users.users.systemd-network.name;
  };
  systemd.network = {
    enable = true;
    netdevs."10-oxaproxy" = {
      netdevConfig = {
        Kind = "wireguard";
        Name = "oxaproxy";
        Description = "oxa's enterprise reverse-proxy network";
      };
      wireguardConfig = {
        PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;
        #own pubkey: vQNkp51S9qLsu97dLPj0/EqFwvVtRFZpMHufgKhxum0=
      };
      wireguardPeers = [
        {
          # cirrus
          wireguardPeerConfig = {
            PublicKey = "0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=";
            AllowedIPs = [ "10.34.45.0/24" ];
            Endpoint = [ "95.216.166.21:51821" ];
            PersistentKeepalive = 25;
          };
        }
      ];
    };
    networks."10-oxaproxy" = {
      matchConfig.Name = "oxaproxy";
      networkConfig = {
        Address = "10.34.45.101/24";
      };
    };
    networks."111-host" = {
      matchConfig.MACAddress = "02:00:00:00:00:01";
      networkConfig = {
        Address = "10.99.99.101/24";
      };
      routes = [
        {
          routeConfig = {
            Gateway = "10.99.99.1";
            Destination = "0.0.0.0/0";
            Metric = 1024;
          };
        }
        {
          routeConfig = {
            Gateway = "10.99.99.1";
            Destination = "10.99.99.0/24";
            Metric = 1024;
          };
        }
      ];
    };
  };
 }
--- a/microvms/music/upload-user.nix
+++ b/microvms/music/upload-user.nix
@ -1,21 +0,0 @@
 { config, ... }: {
  security.sudo.wheelNeedsPassword = false;
  users.users.caretaker = {
    isNormalUser = true;
    home = "/home/caretaker";
    createHome = true;
    extraGroups = [
      "wheel"
      "navidrome"
    ];
    openssh.authorizedKeys.keys = [
      # melo
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon"
      # revol-xut
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank"
      # 0xa gpg
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv82n6F6kwJ3/EMYlOoCc1/NaYFW7QHC5F8jKVzdlio gshipunov@toaster"
    ];
  };
 }
--- a/microvms/news/default.nix
+++ b/microvms/news/default.nix
@ -1,39 +0,0 @@
 { config, ... }: {
  imports = [
    ./miniflux.nix
    ./oxaproxy.nix
  ];
  microvm = {
    hypervisor = "qemu";
    mem = 1 * 1024;
    vcpu = 1;
    shares = [{
      source = "/nix/store";
      mountPoint = "/nix/.ro-store";
      tag = "store";
      proto = "virtiofs";
      socket = "store.socket";
    }] ++ map
      (dir: {
        source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
        mountPoint = "/${dir}";
        tag = dir;
        proto = "virtiofs";
        socket = "${dir}.socket";
      }) [ "etc" "var" "home" ];
    interfaces = [{
      type = "tap";
      id = "vm-news";
      mac = "02:00:00:00:00:02";
    }];
  };
  networking = {
    hostName = "news";
  };
  system.stateVersion = "22.11";
 }
--- a/microvms/news/miniflux.nix
+++ b/microvms/news/miniflux.nix
@ -1,18 +0,0 @@
 { config, ... }:
 let
  listenport = 8080;
 in
 {
  sops.secrets."miniflux-admin" = { };
  networking.firewall.interfaces.oxaproxy.allowedTCPPorts = [ listenport ];
  services.miniflux = {
    enable = true;
    config = {
      LISTEN_ADDR = "10.34.45.102:${toString listenport}";
      POLLING_FREQUENCY = "37";
      CREATE_ADMIN = "1";
    };
    adminCredentialsFile = config.sops.secrets."miniflux-admin".path;
  };
 }
--- a/microvms/news/oxaproxy.nix
+++ b/microvms/news/oxaproxy.nix
@ -1,68 +0,0 @@
 { config, ... }: {
  networking.wireguard.enable = true;
  networking.useNetworkd = true;
  #oxaproxy secret
  sops.defaultSopsFile = ../../secrets/news/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.secrets."oxaproxy-seckey" = {
    owner = config.users.users.systemd-network.name;
  };
  systemd.network = {
    enable = true;
    netdevs."10-oxaproxy" = {
      netdevConfig = {
        Kind = "wireguard";
        Name = "oxaproxy";
        Description = "oxa's enterprise reverse-proxy network";
      };
      wireguardConfig = {
        PrivateKeyFile = config.sops.secrets."oxaproxy-seckey".path;
        #own pubkey: guzNmsPcQw4EGSLU3X0SP+WPKAcoMc+xv9SLWdHV1V0=
      };
      wireguardPeers = [
        {
          # cirrus
          wireguardPeerConfig = {
            PublicKey = "0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=";
            AllowedIPs = [ "10.34.45.0/24" ];
            Endpoint = [ "95.216.166.21:51821" ];
            PersistentKeepalive = 25;
          };
        }
      ];
    };
    networks."10-oxaproxy" = {
      matchConfig.Name = "oxaproxy";
      networkConfig = {
        Address = "10.34.45.102/24";
      };
    };
    networks."111-host" = {
      matchConfig.MACAddress = (builtins.elemAt config.microvm.interfaces 0).mac;
      networkConfig = {
        Address = "10.99.99.102/24";
      };
      routes = [
        {
          routeConfig = {
            Gateway = "10.99.99.1";
            Destination = "0.0.0.0/0";
            Metric = 1024;
          };
        }
        {
          routeConfig = {
            Gateway = "10.99.99.1";
            Destination = "10.99.99.0/24";
            Metric = 1024;
          };
        }
      ];
    };
  };
 }
--- a/microvms/nextcloud/default.nix
+++ b/microvms/nextcloud/default.nix
@ -1,115 +0,0 @@
 { config, pkgs, ... }: {
  imports = [
    ./oxaproxy.nix
    ./secrets.nix
  ];
  # nextcloud goes here
  networking.firewall.interfaces.oxaproxy.allowedTCPPorts = [ 8080 ];
  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_14;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [{
      name = "nextcloud";
      ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
    }];
  };
  services.redis.servers.nextcloud.enable = true;
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    virtualHosts."nc.oxapentane.com" = {
      extraConfig = ''
        # HTTP response headers borrowed from Nextcloud .htaccess
        add_header Referrer-Policy                      "no-referrer"   always;
        #add_header X-Content-Type-Options               "nosniff"       always;
        add_header X-Download-Options                   "noopen"        always;
        #add_header X-Frame-Options                      "SAMEORIGIN"    always;
        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
        add_header X-Robots-Tag                         "none"          always;
        add_header X-XSS-Protection                     "1; mode=block" always;
        add_header Strict-Transport-Security            "max-age=31536000; includeSubDomains" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
      '';
      listen = [{
        # We are listening on wireguard interface only
        addr = "10.34.45.100";
        port = 8080;
        ssl = false;
      }];
    };
  };
  services.nextcloud = {
    enable = true;
    hostName = "nc.oxapentane.com";
    home = "/var/lib/nextcloud-oxa";
    package = pkgs.nextcloud28;
    maxUploadSize = "5000M";
    caching.redis = true;
    autoUpdateApps = {
      enable = true;
      startAt = "07:00:00";
    };
    config = {
      overwriteProtocol = "https";
      trustedProxies = [ "10.34.45.1" ];
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql";
      dbname = "nextcloud";
      adminuser = "admin";
      adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
    };
  };
  systemd.services."nextcloud-setup" = {
    requires = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
  };
  microvm = {
    hypervisor = "qemu";
    mem = 4 * 1024;
    vcpu = 3;
    shares = [{
      source = "/nix/store";
      mountPoint = "/nix/.ro-store";
      tag = "store";
      proto = "virtiofs";
      socket = "store.socket";
    }] ++ map
      (dir: {
        source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
        mountPoint = "/${dir}";
        tag = dir;
        proto = "virtiofs";
        socket = "${dir}.socket";
      }) [ "etc" "var" "home" ];
    interfaces = [{
      type = "tap";
      id = "vm-nextcloud";
      mac = "02:00:00:00:00:00";
    }];
  };
  networking = {
    hostName = "nextcloud";
  };
  system.stateVersion = "22.05";
 }
--- a/microvms/nextcloud/oxaproxy.nix
+++ b/microvms/nextcloud/oxaproxy.nix
@ -1,58 +0,0 @@
 { config, ... }: {
  networking.wireguard.enable = true;
  networking.useNetworkd = true;
  systemd.network = {
    enable = true;
    netdevs."10-oxaproxy" = {
      netdevConfig = {
        Kind = "wireguard";
        Name = "oxaproxy";
        Description = "oxa's enterprise reverse-proxy network";
      };
      wireguardConfig = {
        PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;
        #own pubkey: KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0=
      };
      wireguardPeers = [
        {
          # cirrus
          wireguardPeerConfig = {
            PublicKey = "0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=";
            AllowedIPs = [ "10.34.45.0/24" ];
            Endpoint = [ "95.216.166.21:51821" ];
            PersistentKeepalive = 25;
          };
        }
      ];
    };
    networks."10-oxaproxy" = {
      matchConfig.Name = "oxaproxy";
      networkConfig = {
        Address = "10.34.45.100/24";
      };
    };
    networks."111-host" = {
      matchConfig.MACAddress = "02:00:00:00:00:00";
      networkConfig = {
        Address = "10.99.99.100/24";
      };
      routes = [
        {
          routeConfig = {
            Gateway = "10.99.99.1";
            Destination = "0.0.0.0/0";
            Metric = 1024;
          };
        }
        {
          routeConfig = {
            Gateway = "10.99.99.1";
            Destination = "10.99.99.0/24";
            Metric = 1024;
          };
        }
      ];
    };
  };
 }
--- a/microvms/nextcloud/secrets.nix
+++ b/microvms/nextcloud/secrets.nix
@ -1,11 +0,0 @@
 { config, ... }: {
  sops.defaultSopsFile = ../../secrets/nextcloud/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.secrets."wg/oxaproxy-seckey" = {
    owner = config.users.users.systemd-network.name;
  };
  sops.secrets."nextcloud/adminpass" = {
    owner = config.users.users.nextcloud.name;
  };
 }
--- a/modules/basic-tools/default.nix
+++ b/modules/basic-tools/default.nix
@ -8,7 +8,9 @@
    ./nix-ld.nix
  ];
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages =
    with pkgs;
    [
      bat
      fd
      file
@ -23,7 +25,15 @@
      traceroute
      tcpdump
      tree
-    (aspellWithDicts (ps: with ps; [ en en-science en-computers ru nl ]))
+      (aspellWithDicts (
        ps: with ps; [
          en
          en-science
          en-computers
          ru
          nl
        ]
      ))
      exfatprogs
      nmap
      bind
@ -38,7 +48,8 @@
      sshfs
      whois
      mtr
-  ] ++ (if config.networking.hostName == "toaster" then [ gitFull ] else [ git ]);
+    ]
    ++ (if config.networking.hostName == "toaster" then [ gitFull ] else [ git ]);
  environment.variables =
    let
@ -53,7 +64,8 @@
    {
      PAGER = "less";
      LESS = "-X -R -F";
-    } // editorconf;
+    }
    // editorconf;
  environment.shellAliases = {
    ls = "ls --color=auto";
--- a/modules/basic-tools/fzf.nix
+++ b/modules/basic-tools/fzf.nix
@ -1,4 +1,10 @@
-{ lib, config, pkgs, ... }: {
+{
  lib,
  config,
  pkgs,
  ...
 }:
 {
  environment = {
    systemPackages = [ pkgs.fzf ];
@ -8,11 +14,15 @@
    };
  };
  # integrate fzf into shell, >23.05 only
-  programs = with lib;
+  programs =
-    if (toInt (elemAt (splitVersion config.system.nixos.release) 0) >= 23) then {
+    with lib;
    if (toInt (elemAt (splitVersion config.system.nixos.release) 0) >= 23) then
      {
        fzf = {
          keybindings = true;
          fuzzyCompletion = true;
        };
-    } else { };
+      }
    else
      { };
 }
--- a/modules/basic-tools/multiplexers.nix
+++ b/modules/basic-tools/multiplexers.nix
@ -1,4 +1,5 @@
-{ pkgs, inputs, ... }: {
+{ pkgs, inputs, ... }:
 {
  programs.tmux = {
    enable = true;
    keyMode = "vi";
--- a/modules/basic-tools/nix.nix
+++ b/modules/basic-tools/nix.nix
@ -1,4 +1,10 @@
-{ lib, pkgs, inputs, ... }: {
+{
  lib,
  pkgs,
  inputs,
  ...
 }:
 {
  nix = {
    extraOptions = ''
@ -12,8 +18,10 @@
  # override default nix shell nixpkgs# behaviour to use current flake lock
  nix.registry =
-    let flakes = lib.filterAttrs (_name: value: value ? outputs) inputs.self.inputs;
+    let
-    in builtins.mapAttrs (_name: v: { flake = v; }) flakes;
+      flakes = lib.filterAttrs (_name: value: value ? outputs) inputs.self.inputs;
    in
    builtins.mapAttrs (_name: v: { flake = v; }) flakes;
  nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value.outPath}") inputs.self.inputs;
--- a/modules/binary-caches.nix
+++ b/modules/binary-caches.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  nix = {
    extraOptions = ''
      builders-use-substitutes = true
--- a/modules/devtools.nix
+++ b/modules/devtools.nix
@ -1,9 +1,14 @@
-{ pkgs, inputs, ... }: {
+{ pkgs, inputs, ... }:
 {
-  environment.systemPackages = with pkgs;
+  environment.systemPackages =
    with pkgs;
    let
      kicad = pkgs.kicad.override {
-      addons = with pkgs.kicadAddons; [ kikit kikit-library ];
+        addons = with pkgs.kicadAddons; [
          kikit
          kikit-library
        ];
      };
    in
    [
--- a/modules/dvb-dump-nfs-automount.nix
+++ b/modules/dvb-dump-nfs-automount.nix
@ -4,23 +4,25 @@
  environment.systemPackages = with pkgs; [ nfs-utils ];
  services.rpcbind.enable = true;
-  systemd.mounts = [{
+  systemd.mounts = [
    {
      type = "nfs";
      mountConfig = {
        Options = "noatime";
      };
      what = "10.13.37.5:/";
      where = "/mnt/dvb";
-  }];
+    }
  ];
-  systemd.automounts = [{
+  systemd.automounts = [
    {
      wantedBy = [ "multi-user.target" ];
      requires = [ "wg-quick-wg-dvb.service" ];
      automountConfig = {
        TimeoutIdleSec = "600";
      };
      where = "/mnt/dvb";
  }];
    }
-
+  ];
-
+}
--- a/modules/gnome.nix
+++ b/modules/gnome.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
 {
  imports = [
    ./desktop-software.nix
--- a/modules/mail/default.nix
+++ b/modules/mail/default.nix
@ -82,13 +82,15 @@ in
    '';
  };
  systemd.user = {
    # Service and timer to sync imap to local maildir
    services.mbsync = {
      enable = true;
-      after = [ "graphical.target" "network-online.target" ];
+      after = [
        "graphical.target"
        "network-online.target"
      ];
      script = ''
        ${pkgs.isync}/bin/mbsync -q -a --config=${mbsyncConf}
      '';
@ -110,7 +112,10 @@ in
    # service and timer to flush the msmtp queue
    services.flush-msmtpq = {
      enable = true;
-      after = [ "graphical.target" "network-online.target" ];
+      after = [
        "graphical.target"
        "network-online.target"
      ];
      script = ''
        ${pkgs.msmtp}/bin/msmtp-queue -r
      '';
--- a/modules/sway.nix
+++ b/modules/sway.nix
@ -120,7 +120,9 @@
      wl-mirror
    ];
  };
-  environment.sessionVariables = { GTK_THEME = "Adwaita:dark"; };
+  environment.sessionVariables = {
    GTK_THEME = "Adwaita:dark";
  };
  xdg.portal = {
    enable = true;
    wlr.enable = true;
--- a/modules/virtualization.nix
+++ b/modules/virtualization.nix
@ -1,4 +1,9 @@
-{ config, pkgs, inputs, ... }:
+{
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  environment.systemPackages = with pkgs; [
    virt-manager
--- a/modules/wg/default.nix
+++ b/modules/wg/default.nix
@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
 {
  imports = [
    # module
    ./module.nix
--- a/modules/wg/mgmt.nix
+++ b/modules/wg/mgmt.nix
@ -4,11 +4,17 @@
  oxalab.wg = [
    {
      networkName = "0xa-mgmt";
-      CIDRs = [ "10.89.87.0/24" "fd31:185d:722e::/48" ];
+      CIDRs = [
        "10.89.87.0/24"
        "fd31:185d:722e::/48"
      ];
      hosts = {
        "cloud" = {
-          address = [ "10.89.87.1/24"  "fd31:185d:722e::1/48" ];
+          address = [
            "10.89.87.1/24"
            "fd31:185d:722e::1/48"
          ];
          publicKey = "zKSaw+SXzWgi/T7ByXHqPk1XNXXapoQYB8UPMTRmhm0=";
          privateKeyFile = config.sops.secrets."wg/0xa-mgmt".path;
          endpoint = {
@ -20,12 +26,18 @@
        };
        "toaster" = {
-          address = [ "10.89.87.100/24"  "fd31:185d:722e::100/48" ];
+          address = [
            "10.89.87.100/24"
            "fd31:185d:722e::100/48"
          ];
          publicKey = "H+WeYIBdX7ZHwkgm4BGnF0HF0JULkxyNMcvCviHhmks=";
          privateKeyFile = config.sops.secrets."wg/0xa-mgmt".path;
        };
        "minime" = {
-          address = [ "10.89.87.10/24"  "fd31:185d:722e::10/48" ];
+          address = [
            "10.89.87.10/24"
            "fd31:185d:722e::10/48"
          ];
          publicKey = "zN2Dr/ZGMh1Ftparszp22Qnbz2ISJU12iDVatebOHUE=";
          privateKeyFile = config.sops.secrets."wg/0xa-mgmt".path;
        };
--- a/modules/wg/module.nix
+++ b/modules/wg/module.nix
@ -1,8 +1,11 @@
-{ lib
+{
-, config
+  lib,
-, self
+  config,
-, registry
+  self,
-, ... }: {
+  registry,
  ...
 }:
 {
  config =
    let
@ -17,10 +20,20 @@
        name = "30-wg-${net.networkName}";
        value = {
          matchConfig.Name = "wg-${net.networkName}";
-          networkConfig = {
+          networkConfig =
            {
              Address = net.hosts.${currenthost}.address;
              IPv6AcceptRA = false; # for now static IPv6
-          } // (if net.hosts.${currenthost}.endpoint.enable then {IPv4Forwarding=true; IPv6Forwarding=true; } else {});
+            }
            // (
              if net.hosts.${currenthost}.endpoint.enable then
                {
                  IPv4Forwarding = true;
                  IPv6Forwarding = true;
                }
              else
                { }
            );
        };
      }) networks;
@ -45,8 +58,7 @@
          wireguardPeers =
            let
              endpoint = lib.attrsets.filterAttrs (_k: v: v.endpoint.enable) net.hosts;
-              wg-peers-attrs = lib.attrsets.mapAttrs (_k: v:
+              wg-peers-attrs = lib.attrsets.mapAttrs (_k: v: {
              {
                PersistentKeepalive = 29;
                PublicKey = v.publicKey;
                Endpoint = "${v.endpoint.endpoint}:${toString v.endpoint.port}";
@ -59,10 +71,15 @@
      }) net-client;
      netdev-client = builtins.listToAttrs netdev-client-list;
-        maskip = (net: hostattrs:
+      maskip = (
-        if hostattrs.endpoint.enable then hostattrs.address else map (baseaddr:
+        net: hostattrs:
-        if lib.strings.hasInfix "." baseaddr then "${baseaddr}/32" else "${baseaddr}/128"
+        if hostattrs.endpoint.enable then
-        ) (map (addr: builtins.elemAt (lib.strings.splitString "/" addr) 0) hostattrs.address));
+          hostattrs.address
        else
          map (baseaddr: if lib.strings.hasInfix "." baseaddr then "${baseaddr}/32" else "${baseaddr}/128") (
            map (addr: builtins.elemAt (lib.strings.splitString "/" addr) 0) hostattrs.address
          )
      );
      # endpoint
      # TODO: this requires bit more logic for allowedIPs if we have more then
      # 2 endpoints e.g. for routing client -> endpoint1 -> endpoint2 ->
@ -79,13 +96,21 @@
          wireguardPeers =
            let
              peers = lib.attrsets.filterAttrs (k: _v: k != currenthost) net.hosts;
-              wg-peers-attrs = lib.attrsets.mapAttrs (_k: v:
+              wg-peers-attrs = lib.attrsets.mapAttrs (
                _k: v:
                {
                  PersistentKeepalive = 29;
                  PublicKey = v.publicKey;
                  # only route to /32 or /128, i.e. single client
                  AllowedIPs = maskip net v;
-              } // (if !isNull v.endpoint.endpoint then { Endpoint = "${v.endpoint.endpoint}:${toString v.endpoint.port}"; } else {})) peers;
+                }
                // (
                  if !isNull v.endpoint.endpoint then
                    { Endpoint = "${v.endpoint.endpoint}:${toString v.endpoint.port}"; }
                  else
                    { }
                )
              ) peers;
              wg-peers = lib.attrsets.attrValues wg-peers-attrs;
            in
            wg-peers;
--- a/modules/wg/options.nix
+++ b/modules/wg/options.nix
@ -1,10 +1,14 @@
 { lib
 , ...}:
 {
-  options.oxalab.wg = with lib;
+  lib,
  ...
 }:
 {
  options.oxalab.wg =
    with lib;
    lib.mkOption {
      default = [ ];
-    type = types.listOf (types.submodule {
+      type = types.listOf (
        types.submodule {
          options = {
            # general network stuff
            networkName = mkOption {
@ -18,7 +22,8 @@
            hosts = mkOption {
              default = { };
-          type = types.attrsOf (types.submodule {
+              type = types.attrsOf (
                types.submodule {
                  options = {
                    enable = mkOption {
@ -57,7 +62,8 @@
                    endpoint.extraPeers = mkOption {
                      default = [ ];
-                type = types.listOf (types.submodule {
+                      type = types.listOf (
                        types.submodule {
                          options = {
                            address = mkOption {
                              type = types.listOf types.str;
@ -68,12 +74,15 @@
                              default = null;
                            };
                          };
-                });
+                        }
                      );
                    };
                  };
-          });
+                }
-        };
+              );
-      };
+            };
-    });
+          };
-  };
+        }
      );
    };
 }
--- a/pkgs/imhex.nix
+++ b/pkgs/imhex.nix
@ -1,75 +0,0 @@
 { gcc12Stdenv
 , lib
 , cmake
 , ccache
 , glfw
 , glm
 , magic-vlsi
 , mbedtls
 , freetype
 , dbus
 , capstone
 , openssl
 , pkg-config
 , lld
 , libGL
 , wrapQtAppsHook
 , fetchFromGitHub
 }:
 gcc12Stdenv.mkDerivation rec {
  pname = "imhex";
  version = "1.26.2";
  src = fetchFromGitHub {
    owner = "WerWolv";
    repo = "ImHex";
    rev = "v${version}";
    fetchSubmodules = true;
    sha256 = "sha256-H2bnRByCUAltngmVWgPW4vW8k5AWecOAzwtBKsjbpTw=";
  };
  nativeBuildInputs = [
    cmake
    pkg-config
    lld
  ];
  cmakeFlags = [
    "-DCMAKE_BUILD_TYPE=Release"
    # "-DCMAKE_INSTALL_PREFIX="/usr""
    "-DCMAKE_C_COMPILER_LAUNCHER=ccache"
    "-DCMAKE_CXX_COMPILER_LAUNCHER=ccache"
    "-DCMAKE_C_FLAGS=-fuse-ld=lld"
    "-DCMAKE_CXX_FLAGS=-fuse-ld=lld"
    "-DCMAKE_OBJC_COMPILER_LAUNCHER=ccache"
    "-DCMAKE_OBJCXX_COMPILER_LAUNCHER=ccache"
    # looks like the cmake here tries to be "helpful"...
    "-DFREETYPE_LIBRARY=${freetype.dev}"
    "-DFREETYPE_INCLUDE_DIRS=${freetype.dev}"
    "-DOPENGL_opengl_LIBRARY=${libGL.dev}"
    "-DOPENGL_glx_LIBRARY=${libGL.dev}"
    "-DOPENGL_INCLUDE_DIR=${libGL.dev}"
    "-DMBEDTLS_LIBRARY=${mbedtls}"
    "-DMBEDTLS_INCLUDE_DIRS=${mbedtls}"
    "-DMBEDX509_LIBRARY=${mbedtls}"
    "-DMBEDCRYPTO_LIBRARY=${mbedtls}"
    "-DCMAKE_PREFIX_PATH=${glfw}"
    "-DCMAKE_LIBRARY_PATH=${magic-vlsi}"
    "-DCMAKE_PREFIX_PATH=${dbus.dev}"
  ];
  BuildInputs = [
    ccache
    glfw
    glm
    magic-vlsi
    mbedtls
    freetype
    dbus
    openssl
    capstone
    libGL
  ];
 }
--- a/pkgs/slick.nix
+++ b/pkgs/slick.nix
@ -1,24 +0,0 @@
 { stdenv, lib, openssl, pkgconfig, fetchFromGitHub, rustPlatform }:
 rustPlatform.buildRustPackage rec {
  pname = "slick";
  version = "0.10.0";
  src = fetchFromGitHub {
    owner = "nbari";
    repo = pname;
    rev = version;
    sha256 = "sha256-GM9OHnySc3RVkfaK7yMf1LqpGdz3emq2H/3tSAph4jw=";
  };
  buildInputs = [ openssl pkgconfig ];
  nativeBuildInputs = [ pkgconfig ];
  cargoSha256 = "sha256-2WxFprq+AcXGXDMjMQvqKTkeWQEWM/z2Fz6qYPtSFGw=";
  meta = with lib; {
    description = "Async ZSH prompt";
    homepage = "https://github.com/nbari/slick";
    license = licenses.bsd3;
  };
 }