NixOS/FxNet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
derFenix
2025-09-01 14:21:12 +03:00
commit 5787dcd528
47 changed files with 3079 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.directory Normal file
View File

@@ -0,0 +1,2 @@
[Desktop Entry]
Icon=nix-snowflake

7
.envrc Normal file
View File

@@ -0,0 +1,7 @@
export DIRENV_WARN_TIMEOUT=20s
eval "$(devenv direnvrc)"
# The use_devenv function supports passing flags to the devenv command
# For example: use devenv --impure --option services.postgres.enable:bool true
use devenv

9
.gitignore vendored Normal file
View File

@@ -0,0 +1,9 @@
# Devenv
.devenv*
devenv.local.nix
# direnv
.direnv
# pre-commit
.pre-commit-config.yaml

103
devenv.lock Normal file
View File

@@ -0,0 +1,103 @@
{
"nodes": {
"devenv": {
"locked": {
"dir": "src/modules",
"lastModified": 1755355634,
"owner": "cachix",
"repo": "devenv",
"rev": "85e78cbe26467a2c23c9d34869235740132d749f",
"type": "github"
},
"original": {
"dir": "src/modules",
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754416808,
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754299112,
"owner": "cachix",
"repo": "devenv-nixpkgs",
"rev": "16c21c9f5c6fb978466e91182a248dd8ca1112ac",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "rolling",
"repo": "devenv-nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"devenv": "devenv",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": [
"git-hooks"
]
}
}
},
"root": "root",
"version": 7
}

42
devenv.nix Normal file
View File

@@ -0,0 +1,42 @@
{
pkgs,
...
}:
{
packages = [
pkgs.git
pkgs.nil
pkgs.nixfmt-rfc-style
];
languages.nix.enable = true;
enterShell = ''
git --version
nil --version
'';
# https://devenv.sh/tasks/
tasks = {
"nixos:dry-build".exec = "nixos-rebuild dry-build --flake .";
"nixos:build".exec = "nixos-rebuild build --flake .";
"nixos:switch" = {
exec = "sudo nixos-rebuild switch --flake .";
status = "nixos:dry-build";
};
};
# https://devenv.sh/tests/
enterTest = ''
echo "Running tests"
git --version | grep --color=auto "${pkgs.git.version}"
'';
git-hooks.hooks = {
nil.enable = true;
nixfmt-rfc-style.enable = true;
};
# See full reference at https://devenv.sh/reference/options/
}

15
devenv.yaml Normal file
View File

@@ -0,0 +1,15 @@
# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json
inputs:
nixpkgs:
url: github:cachix/devenv-nixpkgs/rolling
# If you're using non-OSS software, you can set allowUnfree to true.
# allowUnfree: true
# If you're willing to use a package that's vulnerable
# permittedInsecurePackages:
# - "openssl-1.1.1w"
# If you have more than one devenv you can merge them
#imports:
# - ./backend

86
flake.lock generated Normal file
View File

@@ -0,0 +1,86 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1756579987,
"narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1756469547,
"narHash": "sha256-YvtD2E7MYsQ3r7K9K2G7nCslCKMPShoSEAtbjHLtH0k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "41d292bfc37309790f70f4c120b79280ce40af16",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"photocatalog": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736278979,
"narHash": "sha256-xjwN0gY3SZQHvxxLgOAbL0wOquc5r6DeZVJjjpLKPFU=",
"owner": "derfenix",
"repo": "photocatalog",
"rev": "e66070383f71a0d62aa143b10cf9c8ddded79607",
"type": "github"
},
"original": {
"owner": "derfenix",
"repo": "photocatalog",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"photocatalog": "photocatalog"
}
}
},
"root": "root",
"version": 7
}

116
flake.nix Normal file
View File

@@ -0,0 +1,116 @@
{
description = "Fxnet system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
photocatalog = {
url = "github:derfenix/photocatalog";
inputs.nixpkgs.follows = "nixpkgs";
};
# disko = {
# url = "github:nix-community/disko/latest";
# inputs.nixpkgs.follows = "nixpkgs";
# };
};
outputs =
{
self,
nixpkgs,
nixpkgs-stable,
...
}@inputs:
let
lib = nixpkgs.lib;
timeZone = "Europe/Moscow";
stateVersion = "25.05";
hmModules = builtins.map (name: ./modules/hm + "/${name}") (
builtins.attrNames (builtins.readDir ./modules/hm)
);
sysModules = builtins.map (name: ./modules/sys + "/${name}") (
builtins.attrNames (builtins.readDir ./modules/sys)
);
pkgsSettings = (
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
}
);
pkgsStableSettings =
system:
import nixpkgs-stable {
inherit system;
config.allowUnfree = true;
};
hosts = import ./hosts.nix;
hostNames = builtins.attrNames hosts;
commonModules = [
(
{ lib, pkgs, ... }:
{
system.stateVersion = stateVersion;
time.timeZone = lib.mkDefault timeZone;
home-manager = {
backupFileExtension = ".bak";
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = hmModules ++ [
(
{ osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion;
}
)
];
extraSpecialArgs = {
inherit inputs;
pkgsStable = pkgsStableSettings pkgs.system;
hosts = hosts;
};
};
}
)
inputs.home-manager.nixosModules.home-manager
inputs.photocatalog.nixosModules.photocatalog
./options.nix
./nix.nix
]
++ sysModules;
in
{
nixosConfigurations = lib.genAttrs hostNames (
name:
let
host = hosts.${name};
in
if host ? system then
inputs.nixpkgs.lib.nixosSystem {
system = host.system;
specialArgs = {
inherit inputs;
pkgsStable = pkgsStableSettings host.system;
hosts = hosts;
ip = host.ip;
};
pkgs = pkgsSettings host.system;
modules = commonModules ++ [
./hosts/${name}
./hosts/${name}/hardware-configuration.nix
./roles/${host.role}.nix
];
}
else
{ }
);
};
}

29
hosts.nix Normal file
View File

@@ -0,0 +1,29 @@
{
fenixpc = {
system = "x86_64-linux";
role = "desktop";
ip = "192.168.1.2";
syncthing = "33GCONH-UYG4IA4-BQ4DW6V-3YANY6J-52G6M5X-B72NCPX-7I5GWX6-5BALDQI";
};
fenixbook = {
system = "x86_64-linux";
role = "laptop";
ip = "192.168.1.22";
syncthing = "6GUGJLB-UOILU3A-XF537IN-PKLWU7T-COHWKU4-AX3MBPU-V7VUTUY-DG4VFAW";
};
nas = {
system = "aarch64-linux";
role = "nas";
ip = "192.168.1.5";
syncthing = "JE6KQD6-U4BMVXU-NXXHD3A-XY2UEZU-JA6WWZB-K2JBBXI-UJ5WYXU-3VBHEQI";
};
srv0 = {
system = "aarch64-linux";
role = "server";
ip = "192.168.1.6";
};
s25 = {
ip = "192.168.1.23";
syncthing = "AX7VPTI-JPUDQIT-MWTKTFW-ZDCRAH3-ZBYKLRO-BBMBIV4-VBHFL7H-Z4FY3QP";
};
}

99
hosts/fenixbook/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{
config,
lib,
pkgs,
...
}:
let
users = [
"fenix"
];
in
{
imports = (
import ../../quirks {
quirks = [
"development"
"steam"
"32bit"
];
}
);
home-manager = {
users = lib.genAttrs users (user: import ./${user}.nix);
};
networking = {
hostName = "fenixbook";
networkmanager = {
plugins =
with pkgs;
lib.mkForce [
networkmanager-openvpn
];
};
};
systemd.oomd.extraConfig.DefaultMemoryPressureLimit = "15%";
programs = {
zsh.enable = true;
};
services = {
};
environment.systemPackages = with pkgs; [
microcode-intel
openvpn
];
users = {
mutableUsers = true;
users = lib.genAttrs users (user: {
shell = pkgs.zsh;
createHome = true;
isNormalUser = true;
initialPassword = "password";
group = "fenix";
extraGroups = [
"networkmanager"
"ssh"
"docker"
"video"
"pipewire"
"wheel"
];
});
groups = {
i2c = {
members = users;
};
}
// lib.genAttrs users (user: {
members = [
user
];
gid = config.users.users.${user}.uid;
});
};
virtualisation.vmVariant = {
virtualisation = {
memorySize = 16096;
cores = 8;
};
};
security.pam = {
services = lib.genAttrs users (user: {
gnupg.enable = true;
kwallet.enable = true;
});
};
}

58
hosts/fenixbook/fenix.nix Normal file
View File

@@ -0,0 +1,58 @@
{
pkgs,
lib,
config,
...
}:
let
userName = "fenix";
in
{
pt.enable = true;
home = {
username = userName;
homeDirectory = lib.mkForce "/home/${userName}";
packages = with pkgs; [
# Games
prismlauncher
(bottles.override { removeWarningPopup = true; })
#Development
devenv
direnv
yaml-language-server
plantuml
jetbrains.goland
gnumake
protobuf
];
};
programs = {
zsh.enable = true;
git.enable = true;
vscode.enable = true;
gpg.enable = true;
neovim.enable = true;
vivaldi = {
enable = true;
};
direnv = {
enableZshIntegration = config.programs.zsh.enable;
};
};
services = {
syncthing = {
enable = true;
settings.folders.Documents.enabled = true;
settings.folders.Music.enabled = true;
settings.folders.Obsidian.enabled = true;
settings.folders."Camera S25".enabled = true;
settings.folders.books.enabled = true;
};
};
}

89
hosts/fenixbook/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,89 @@
{ ... }:
{
swappiness = 10;
boot = {
resumeDevice = "/dev/disk/by-uuid/56ad966f-3268-4b59-999a-48a082bb8052";
initrd = {
verbose = true;
systemd = {
emergencyAccess = "$y$j9T$yu1NICt8J9IFQ3wmgViop1$8rCHUrMNN2dCQeSt8f4h73Wrw5oUKoojuhetYyV7yN";
enable = true;
};
luks.devices.cryptedroot.device = "/dev/disk/by-partlabel/disk-main-luks";
availableKernelModules = [
"xhci_pci"
"nvme"
"thunderbolt"
"usbhid"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [
"kvm-intel"
];
};
kernelModules = [
"kvm-intel"
"i2c-dev"
];
kernelParams = [
"usbcore.autosuspend=-1"
"quiet"
"modeset"
];
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/71AB-29E0";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/" = {
device = "/dev/disk/by-uuid/57df3204-a8c7-4842-957c-9752f996bc0f";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=/root"
"noatime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/57df3204-a8c7-4842-957c-9752f996bc0f";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=/home"
"noatime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/57df3204-a8c7-4842-957c-9752f996bc0f";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=/nix"
"noatime"
];
};
};
swapDevices = [
{
device = "/dev/disk/by-uuid/56ad966f-3268-4b59-999a-48a082bb8052";
priority = 100;
}
];
}

109
hosts/fenixpc/default.nix Normal file
View File

@@ -0,0 +1,109 @@
{
config,
lib,
pkgs,
pkgsStable,
...
}:
let
users = [
"fenix"
];
in
{
imports = (
import ../../quirks {
quirks = [
"development"
"steam"
"32bit"
];
}
);
home-manager = {
users = lib.genAttrs users (user: import ./${user}.nix);
};
networking = {
hostName = "fenixpc";
networkmanager = {
plugins =
with pkgs;
lib.mkForce [
networkmanager-openvpn
];
};
};
systemd.oomd.extraConfig.DefaultMemoryPressureLimit = "15%";
programs = {
zsh.enable = true;
};
services = {
printing.ricoh.enable = true;
calibre-web = {
enable = true;
listen.port = 8091;
listen.ip = "0.0.0.0";
package = pkgsStable.calibre-web;
options = {
enableBookUploading = true;
enableBookConversion = true;
};
user = "fenix";
};
};
environment.systemPackages = with pkgs; [
microcode-amd
openvpn
];
users = {
mutableUsers = true;
users = lib.genAttrs users (user: {
shell = pkgs.zsh;
createHome = true;
isNormalUser = true;
initialPassword = "password";
group = "fenix";
extraGroups = [
"networkmanager"
"ssh"
"docker"
"video"
"pipewire"
"wheel"
];
});
groups = {
i2c = {
members = users;
};
}
// lib.genAttrs users (user: {
members = [
user
];
gid = config.users.users.${user}.uid;
});
};
virtualisation.vmVariant = {
virtualisation = {
memorySize = 16096;
cores = 8;
};
};
security.pam = {
services = lib.genAttrs users (user: {
gnupg.enable = true;
kwallet.enable = true;
});
};
}

62
hosts/fenixpc/fenix.nix Normal file
View File

@@ -0,0 +1,62 @@
{
pkgs,
lib,
config,
...
}:
let
userName = "fenix";
in
{
pt.enable = true;
home = {
username = userName;
homeDirectory = lib.mkForce "/home/${userName}";
packages = with pkgs; [
# Games
steam
prismlauncher
(bottles.override { removeWarningPopup = true; })
warzone2100
sauerbraten
#Development
devenv
direnv
yaml-language-server
plantuml
jetbrains.goland
gnumake
protobuf
];
};
programs = {
zsh.enable = true;
git.enable = true;
vscode.enable = true;
gpg.enable = true;
neovim.enable = true;
vivaldi = {
enable = true;
};
direnv = {
enableZshIntegration = config.programs.zsh.enable;
};
};
services = {
syncthing = {
enable = true;
settings.folders.Documents.enabled = true;
settings.folders.Music.enabled = true;
settings.folders.Obsidian.enabled = true;
settings.folders."Camera S25".enabled = true;
settings.folders.PhotoArchive.enabled = true;
settings.folders.books.enabled = true;
};
};
}

153
hosts/fenixpc/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,153 @@
{ ... }:
{
swappiness = 10;
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
resumeDevice = "/dev/disk/by-uuid/56ad966f-3268-4b59-999a-48a082bb8052";
initrd = {
verbose = true;
systemd = {
emergencyAccess = "$y$j9T$yu1NICt8J9IFQ3wmgViop1$8rCHUrMNN2dCQeSt8f4h73Wrw5oUKoojuhetYyV7yN";
enable = true;
};
availableKernelModules = [
"thunderbolt"
"nvme"
"usbhid"
"usb_storage"
];
kernelModules = [
"kvm-amd"
"amdgpu"
];
};
kernelModules = [
"kvm-amd"
"amdgpu"
"i2c-dev"
];
kernelParams = [
"usbcore.autosuspend=-1"
"quiet"
"modeset"
];
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/71AB-29E0";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/" = {
device = "/dev/disk/by-uuid/57df3204-a8c7-4842-957c-9752f996bc0f";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=/root"
"noatime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/57df3204-a8c7-4842-957c-9752f996bc0f";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=/home"
"noatime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/57df3204-a8c7-4842-957c-9752f996bc0f";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=/nix"
"noatime"
];
};
"/mnt/steamapps" = {
device = "LABEL=garage";
fsType = "btrfs";
options = [
"subvol=steam"
"compress=zstd"
"noatime"
];
};
"/home/fenix/Downloads" = {
device = "LABEL=hddstorage";
fsType = "btrfs";
options = [
"subvol=downloads"
"compress=zstd"
"noatime"
];
};
"/home/fenix/Photos" = {
device = "LABEL=hddstorage";
fsType = "btrfs";
options = [
"subvol=photo"
"compress=zstd"
"noatime"
];
};
"/home/fenix/Music" = {
device = "LABEL=hddstorage";
fsType = "btrfs";
options = [
"subvol=music"
"compress=zstd"
"noatime"
];
};
"/mnt/hdd" = {
device = "LABEL=hddstorage";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
];
};
"/home/fenix/Videos" = {
device = "nas.fxnet:/mnt/raid/video";
fsType = "nfs";
options = [
"rw"
"soft"
"noauto"
"_netdev"
"x-systemd.automount"
];
};
"/mnt/nas/torrents" = {
device = "nas.fxnet:/mnt/raid/torrents";
fsType = "nfs";
options = [
"rw"
"soft"
"noauto"
"_netdev"
"x-systemd.automount"
];
};
};
swapDevices = [
{
device = "/dev/disk/by-uuid/56ad966f-3268-4b59-999a-48a082bb8052";
priority = 100;
}
];
}

16
modules/hm/docker.nix Normal file
View File

@@ -0,0 +1,16 @@
{
osConfig,
lib,
...
}:
{
home.file = lib.mkIf (osConfig.networking.hostName != "fenixpc") {
fenixpcDockerContext = {
enable = true;
target = ".docker/contexts/meta/02db303260eb60b1d5cf88ef7f50e894d1573f2beafe3551def02353d6982a0c/meta.json";
text = ''
{"Name":"fenixpc","Metadata":{},"Endpoints":{"docker":{"Host":"tcp://192.168.1.2:2375","SkipTLSVerify":true}}}
'';
};
};
}

38
modules/hm/git.nix Normal file
View File

@@ -0,0 +1,38 @@
{ lib, ... }:
{
programs = {
git = {
userName = lib.mkDefault "derfenix";
userEmail = lib.mkDefault "derfenix@gmail.com";
extraConfig = {
core = {
hookspath = "/home/fenix/.git_settings/hooks";
};
url = {
"git@git.derfenix.pro:" = {
insteadOf = "https://git.derfenix.pro";
};
};
init = {
defaultBranch = "master";
};
protocol = {
"git" = {
allow = "always";
};
};
extensions = {
objectFormat = "sha256";
};
};
signing = {
format = "openpgp";
signByDefault = lib.mkDefault true;
key = lib.mkDefault "DD89337AFABD013FDD57A0F133445FB510D677DF";
};
};
};
}

33
modules/hm/gpg.nix Normal file
View File

@@ -0,0 +1,33 @@
{
lib,
pkgs,
config,
osConfig,
...
}:
{
programs = {
gpg = {
mutableKeys = false;
mutableTrust = false;
publicKeys = [
];
};
};
services = {
gpg-agent = {
enable = config.programs.gpg.enable;
enableFishIntegration = true;
enableZshIntegration = true;
enableSshSupport = true;
enableScDaemon = true;
# pinentryPackage = pkgs.pinentry-qt;
extraConfig = lib.mkIf osConfig.services.desktopManager.plasma6.enable ''
pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
'';
};
};
}

41
modules/hm/neovim.nix Normal file
View File

@@ -0,0 +1,41 @@
{
pkgs,
...
}:
{
programs.neovim = {
defaultEditor = true;
viAlias = true;
vimAlias = true;
coc = {
enable = true;
settings = {
};
};
extraPackages = with pkgs; [
universal-ctags
];
extraConfig = ''
set number relativenumber
set list
set listchars=tab:\ ,space:·,nbsp:,trail:,eol:,precedes:«,extends:»
set ts=2
set softtabstop=2
set shiftwidth=2
set smarttab
set smartindent
set autoindent
colorscheme zaibatsu
'';
plugins = with pkgs.vimPlugins; [
vim-nix
nerdtree
neogit
mru
tagbar
];
};
}

77
modules/hm/pt.nix Normal file
View File

@@ -0,0 +1,77 @@
{
lib,
config,
pkgs,
...
}:
let
devFolder = "~/dev/PT";
conf = config.pt;
in
{
options = {
pt = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
};
config = lib.mkIf conf.enable {
home.packages = with pkgs; [
mattermost-desktop
];
programs = {
git = {
extraConfig = {
url = {
"git@gitlab.ptsecurity.com:" = {
insteadOf = "https://gitlab.ptsecurity.com";
};
};
};
includes = [
{
condition = "gitdir:${devFolder}";
contents = {
user = {
name = "Sergey Kostyuchenko";
email = "skostyuchenko@ptsecurity.com";
signingkey = "0x0574DBAF";
};
commit = {
gpgsign = true;
};
gpg = {
format = "x509";
};
};
}
];
};
};
home.file.ptDevStIgnore = {
enable = true;
target = lib.removePrefix "~/" (devFolder + "/.stignore");
text = ''
**/.devenv/
**/.direnv/
'';
};
services.syncthing.settings = {
folders = {
"PTDev" = {
id = "pt-dev";
type = "sendreceive";
enabled = true;
label = "PTDev";
path = devFolder;
};
};
};
};
}

73
modules/hm/ssh.nix Normal file
View File

@@ -0,0 +1,73 @@
{ ... }:
{
programs = {
ssh = {
matchBlocks = {
"router" = {
user = "admin";
hostname = "192.168.1.1";
port = 2222;
controlPersist = "10m";
addKeysToAgent = "9h";
compression = false;
forwardAgent = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "auto";
controlPath = "~/.ssh/master-%r@%n:%p";
};
"aur" = {
hostname = "aur.archlinux.org";
identityFile = "~/.ssh/id_rsa-aur";
user = "aur";
controlPersist = "10m";
addKeysToAgent = "9h";
compression = true;
forwardAgent = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "auto";
controlPath = "~/.ssh/master-%r@%n:%p";
};
"vpn1" = {
# https://bill.pq.hosting/billmgr
user = "root";
hostname = "45.120.178.159";
controlPersist = "10m";
addKeysToAgent = "9h";
compression = true;
forwardAgent = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "auto";
controlPath = "~/.ssh/master-%r@%n:%p";
};
"vpn2" = {
# https://my.msk.host/billing/my-services
user = "root";
hostname = "194.67.193.95";
controlPersist = "10m";
addKeysToAgent = "9h";
compression = true;
forwardAgent = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "auto";
controlPath = "~/.ssh/master-%r@%n:%p";
};
};
};
};
}

79
modules/hm/syncthing.nix Normal file
View File

@@ -0,0 +1,79 @@
{
lib,
hosts,
...
}:
{
services.syncthing = {
guiAddress = lib.mkDefault "127.0.0.1:8384";
overrideDevices = false;
overrideFolders = false;
cert = "~/.config/syncthing/cert";
key = "~/.config/syncthing/key";
settings = {
folders = {
"Sync" = {
id = "default";
type = "sendreceive";
enabled = lib.mkDefault true;
label = "Sync";
path = "~/Sync";
};
"Documents" = {
id = "ikwrq-ahv5a";
type = "sendreceive";
enabled = lib.mkDefault false;
label = "Documents";
path = "~/Documents";
};
"Music" = {
id = "6ytyt-ngvta";
type = "sendreceive";
enabled = lib.mkDefault false;
label = "Music";
path = "~/Music";
};
"Obsidian" = {
id = "hyeaf-ygups";
type = "sendreceive";
enabled = lib.mkDefault false;
label = "Obsidian";
path = "~/Obsidian";
};
"Camera S25" = {
id = "sm-s938b_9wbf-фото";
enabled = lib.mkDefault false;
type = "receiveonly";
label = "Camera S25";
path = "~/Photos/S25";
};
"PhotoArchive" = {
id = "6detn-xjbco";
type = "receiveonly";
enabled = lib.mkDefault false;
label = "PhotoArchive";
path = "~/Photos/archive";
ignorePerms = true;
};
"books" = {
id = "6st45-t9jej";
type = "sendreceive";
enabled = lib.mkDefault false;
label = "Books";
path = "/mnt/hdd/Books";
};
};
devices = lib.mapAttrs (
name: host:
lib.mkIf (host ? syncthing) {
addresses = [
"tcp://${host.ip}:22000"
];
id = host.syncthing;
}
) hosts;
};
};
}

77
modules/hm/vivaldi.nix Normal file
View File

@@ -0,0 +1,77 @@
{
pkgs,
lib,
config,
osConfig,
...
}:
let
conf = config.programs.vivaldi;
in
{
config = lib.mkIf conf.enable {
home.file.vivaldiKDEScript = {
target = ".local/bin/vivaldi-kde.sh";
text = ''
#!/bin/sh
vivaldi --profile-directory=$(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.ActivityName $(qdbus org.kde.ActivityManager /ActivityManager/Activities org.kde.ActivityManager.Activities.CurrentActivity)) "$@"
'';
executable = true;
};
programs.vivaldi = {
nativeMessagingHosts =
[ ]
++ lib.optionals (osConfig.services.desktopManager.plasma6.enable) [
pkgs.kdePackages.plasma-browser-integration
];
};
xdg.desktopEntries = {
vivaldi-stable-kde = {
name = "Vivaldi-KDE";
settings = {
OnlyShowIn = "KDE";
};
genericName = "Web Browser for KDE";
exec = "${config.home.file.vivaldiKDEScript.source} %U";
terminal = false;
actions = {
"newPrivateWindow" = {
name = "New Private Window";
exec = "${config.home.file.vivaldiKDEScript.source} --incognito --remote";
};
"newWindow" = {
name = "New Window";
exec = "${config.home.file.vivaldiKDEScript.source} --new-window";
};
};
icon = "vivaldi";
startupNotify = true;
categories = [
"Application"
"Network"
"WebBrowser"
];
mimeType = [
"application/pdf"
"application/rdf+xml"
"application/rss+xml"
"application/xhtml+xml"
"application/xhtml_xml"
"application/xml"
"image/gif"
"image/jpeg"
"image/png"
"image/webp"
"text/html"
"text/xml"
"x-scheme-handler/ftp"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/mailto"
];
};
};
};
}

64
modules/hm/vscode/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
pkgs,
lib,
config,
...
}:
{
programs.vscode = {
package = pkgs.vscodium;
profiles = {
default = {
extensions = (import ./extensions { inherit pkgs config lib; });
globalSnippets = {
fixme = {
body = [
"$LINE_COMMENT FIXME: $0"
];
description = "Insert a FIXME remark";
prefix = [
"fixme"
];
};
todo = {
body = [
"$LINE_COMMENT TODO: $0"
];
description = "Insert a TODO remark";
prefix = [
"todo"
];
};
};
languageSnippets = {
go = { };
};
keybindings = [
# {
# key = "ctrl+c";
# command = "editor.action.clipboardCopyAction";
# when = "textInputFocus";
# }
];
userTasks = { };
# userSettings = builtins.fromJSON (builtins.readFile ./settings.json);
};
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/vscodium" = [
"codium-url-handler.desktop"
];
"x-scheme-handler/codium" = [
"codium-url-handler.desktop"
];
"x-scheme-handler/vscode" = [
"codium-url-handler.desktop"
];
};
}

36
modules/hm/vscode/extensions/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{
pkgs,
lib,
go ? true,
nix ? true,
...
}:
with pkgs.vscode-extensions;
[
dracula-theme.theme-dracula
# vscodevim.vim
yzhang.markdown-all-in-one
(lib.optionals go golang.go)
(lib.optionals nix jnoortheen.nix-ide)
mkhl.direnv
gitlab.gitlab-workflow
(pkgs.vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-docker";
publisher = "ms-azuretools";
version = "1.29.4";
sha256 = "1nhrp43gh4pwsdy0d8prndx2l0mrczf1kirjl1figrmhcp7h4q4g";
};
})
(pkgs.vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "yandex-code-assist";
publisher = "yandex";
version = "0.11.17";
};
vsix = builtins.path {
path = ./yandex-code-assist.zip;
};
})
]

BIN
modules/hm/vscode/extensions/yandex-code-assist.zip Normal file
View File

Binary file not shown.

199
modules/hm/vscode/settings.json Normal file
View File

@@ -0,0 +1,199 @@
{
"files.autoSave": "afterDelay",
"chat.editor.fontSize": 16,
"window.autoDetectHighContrast": false,
"workbench.settings.applyToAllProfiles": [
"window.autoDetectColorScheme",
"editor.formatOnSave"
],
"git.autofetch": true,
"editor.formatOnSave": true,
"files.autoSaveWhenNoErrors": true,
"go.coverOnSingleTestFile": true,
"go.coverShowCounts": true,
"go.formatTool": "gofmt",
"go.installDependenciesWhenBuilding": true,
"go.lintTool": "golangci-lint",
"go.languageServerFlags": [],
"workbench.colorTheme": "Dracula Theme Soft",
"window.zoomLevel": 1.2,
"editor.minimap.showSlider": "always",
"editor.minimap.size": "fit",
"go.editorContextMenuCommands": {
"fillStruct": true,
"removeTags": true,
"testPackage": true,
"testFile": true,
"generateTestForFile": true,
"generateTestForPackage": true,
"benchmarkAtCursor": true
},
"go.testFlags": [
"-race",
"-v"
],
"go.toolsEnvVars": {},
"go.toolsGopath": "",
"gopls": {
"ui.codelenses": {
"tidy": true,
"generate": true,
"test": true,
"vulncheck": true,
"upgrade_dependency": true
},
"ui.completion.experimentalPostfixCompletions": true,
"ui.semanticTokens": true
},
"git.allowForcePush": true,
"git.branchPrefix": "sub-task/",
"git.enableSmartCommit": true,
"git.fetchOnPull": true,
"git.followTagsWhenSync": true,
"git.mergeEditor": true,
"git.timeline.showUncommitted": true,
"github.gitProtocol": "ssh",
"telemetry.telemetryLevel": "all",
"testing.coverageToolbarEnabled": true,
"go.testEnvVars": {},
"gitlab.duoCodeSuggestions.enabled": false,
"gitlab.duoCodeSuggestions.enabledSupportedLanguages": {
"c": false,
"cpp": false,
"csharp": false,
"go": false,
"handlebars": false,
"haml": false,
"java": false,
"javascript": false,
"javascriptreact": false,
"kotlin": false,
"python": false,
"php": false,
"ruby": false,
"rust": false,
"scala": false,
"shellscript": false,
"sql": false,
"swift": false,
"typescript": false,
"typescriptreact": false,
"svelte": false,
"terraform": false,
"terragrunt": false,
"vue": false
},
"redhat.telemetry.enabled": true,
"go.testTags": null,
"diffEditor.renderSideBySide": true,
"diffEditor.experimental.showMoves": true,
"docker.composeCommand": "docker compose",
"docker.contexts.showInStatusBar": true,
"workbench.editor.autoLockGroups": {
"mainThreadWebview-markdown.preview": true
},
"workbench.editor.pinnedTabsOnSeparateRow": true,
"workbench.editor.sharedViewState": true,
"workbench.editor.wrapTabs": true,
"window.menuBarVisibility": "toggle",
"window.density.editorTabHeight": "compact",
"workbench.tree.renderIndentGuides": "always",
"workbench.settings.openDefaultSettings": true,
"explorer.confirmDelete": false,
"git.confirmSync": false,
"gitlab.duoChat.enabled": false,
"gitlab.duoCodeSuggestions.openTabsContext": false,
"gitlab.duo.enabledWithoutGitlabProject": false,
"gitlab.customQueries": [
{
"name": "Issues assigned to me",
"type": "issues",
"scope": "assigned_to_me",
"state": "opened",
"noItemText": "No issues assigned to you."
},
{
"name": "Issues created by me",
"type": "issues",
"scope": "created_by_me",
"state": "opened",
"noItemText": "No issues created by you."
},
{
"name": "Merge requests assigned to me",
"type": "merge_requests",
"scope": "assigned_to_me",
"state": "opened",
"noItemText": "No merge requests assigned to you."
},
{
"name": "Merge requests I'm reviewing",
"type": "merge_requests",
"reviewer": "<current_user>",
"state": "opened",
"noItemText": "No merge requests for you to review."
},
{
"name": "Merge requests created by me",
"type": "merge_requests",
"scope": "created_by_me",
"state": "opened",
"noItemText": "No merge requests created by you."
},
{
"name": "All project merge requests",
"type": "merge_requests",
"scope": "all",
"state": "opened",
"noItemText": "The project has no merge requests"
}
],
"nix.serverPath": "/etc/profiles/per-user/fenix/bin/nil",
"nix.formatterPath": "/etc/profiles/per-user/fenix/bin/nixfmt",
"nix.serverSettings": {
"nil": {
"formatting": {
"command": [
"nixfmt"
]
}
}
},
"markdown-mermaid.lightModeTheme": "forest",
"extensions.experimental.affinity": {
"asvetliakov.vscode-neovim": 1
},
"workbench.preferredDarkColorTheme": "Catppuccin Macchiato",
"window.autoDetectColorScheme": true,
"go.diagnostic.vulncheck": "Imports",
"go.inlayHints.compositeLiteralFields": true,
"go.inlayHints.constantValues": true,
"editor.semanticHighlighting.enabled": true,
"regroupImports.organization": "gitlab.ptsecurity.com",
"go.coverMode": "atomic",
"nix.enableLanguageServer": true,
"window.newWindowProfile": "Default",
"protoc": {},
"go.buildTags": "integration",
"workbench.preferredLightColorTheme": "Catppuccin Latte",
"cSpell.userWords": [
"логгер",
"логгирования",
"Appender",
"fenix",
"Prepender",
"zaptest"
],
"cSpell.spellCheckOnlyWorkspaceFiles": true,
"chat.commandCenter.enabled": false,
"catppuccin.accentColor": "flamingo",
"rest-client.showResponseInDifferentTab": true,
"cSpell.language": "en,ru",
"cSpell.ignoreRegExpList": [
"/\\/\\/nolint:[a-z]+/g",
"/import \\([^)]+\\)/g"
],
"cSpell.enabledFileTypes": {
"ignore": false
}
}

62
modules/hm/zsh.nix Normal file
View File

@@ -0,0 +1,62 @@
{ lib, ... }:
{
programs.zsh = {
autosuggestion = {
enable = true;
strategy = [
"history"
"completion"
];
};
syntaxHighlighting.enable = lib.mkDefault true;
autocd = true;
# defaultKeymap = "vicmd";
dirHashes = { };
shellAliases = {
"ll" = "ls -l";
"sc" = "systemctl";
"ssc" = "sudo systemctl";
"scu" = "systemctl --user";
};
shellGlobalAliases = {
UUID = "$(uuidgen | tr -d \\n)";
G = "| grep";
};
zsh-abbr = {
enable = true;
abbreviations = {
};
globalAbbreviations = {
};
};
oh-my-zsh = {
enable = lib.mkDefault true;
plugins = [
"git"
"ssh"
"sudo"
"z"
"golang"
"direnv"
"kubectl"
"docker"
"docker-compose"
"helm"
"themes"
"aliases"
"alias-finder"
"rsync"
];
theme = lib.mkDefault "agnoster";
};
initContent = ''
zstyle ':omz:plugins:alias-finder' autoload yes
zstyle ':omz:plugins:alias-finder' longer no
zstyle ':omz:plugins:alias-finder' exact yes
zstyle ':omz:plugins:alias-finder' cheaper yes
'';
};
}

43
modules/sys/docker.nix Normal file
View File

@@ -0,0 +1,43 @@
{ pkgs, lib, ... }:
let
port = 2375;
in
{
environment.systemPackages = with pkgs; [
docker-credential-helpers
];
virtualisation.oci-containers.backend = "docker";
virtualisation.docker = {
enable = lib.mkDefault true;
storageDriver = lib.mkDefault "btrfs";
extraOptions = lib.mkDefault "";
extraPackages = with pkgs; [
docker-credential-helpers
docker-buildx
];
daemon.settings = {
"registry-mirrors" = [
"https://mirror.gcr.io"
"https://daocloud.io"
"https://c.163.com"
"https://registry.docker-cn.com"
];
"dns" = [
"192.168.1.1"
"8.8.8.8"
"10.100.10.100"
];
};
};
systemd.sockets.docker.listenStreams = [
("0.0.0.0:" + builtins.toString (port))
];
networking.firewall.allowedTCPPorts = [
port
];
}

14
modules/sys/printing/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM archlinux:latest
COPY ./ricoh-sp150-ppd-v1.0.22-1-x86_64.pkg.tar.zst /opt/
RUN pacman -Sy && pacman -S --noconfirm cups && pacman -U --noconfirm /opt/ricoh-sp150-ppd-v1.0.22-1-x86_64.pkg.tar.zst && pacman -Scc --noconfirm
RUN useradd -r -G root -M admin; \
sed -i 's%admin:!:20024%admin:$y$j9T$hw1G6LnWpCcLzXHTpxzxf0$GVeFQpWJ5X2pw7ZZqGzn2CPU/nS9aWAmD0wlEWYkGZ4:20024%g' /etc/shadow; \
ln -fs /usr/share/zoneinfo/EuropeMoscow /etc/localtime
COPY ./cupsd.conf /etc/cups/cupsd.conf
COPY ./printers.conf /etc/cups/printers.conf
COPY ./RICOH_SP_150SU.ppd /etc/cups/ppd/RICOH_SP_150SU.ppd
CMD ["/usr/bin/cupsd", "-f"]

536
modules/sys/printing/RICOH_SP_150SU.ppd Normal file
View File

@@ -0,0 +1,536 @@
*PPD-Adobe: "4.3"
*FileVersion: "1.022"
*FormatVersion: "4.3"
*LanguageEncoding: ISOLatin1
*LanguageVersion: English
*Manufacturer: "RICOH"
*PCFileName: "SP150.PPD"
*Product: "(RICOH SP 150)"
*PSVersion: "(3015.103) 1"
*ShortNickName: "RICOH SP 150"
*ModelName: "RICOH SP 150"
*NickName: "RICOH SP 150 v1.022"
*cupsFilter: "application/vnd.cups-raster 0 RICOH_SP_150Filter.app"
*%APPrinterIconPath: "/Library/Printers/RICOH/Icons/RICOH SP 150.icns"
*%APPrinterLowInkTool: "/Library/Printers/RICOH/Utility/TonerSupplyToolSP 150.app/Contents/MacOS/TonerSupplyToolSP 150"
*% == Constraints (Page Size vs. Paper Type) ==
*UIConstraints: *MediaType Plain *PageSize Env10
*UIConstraints: *MediaType Plain *PageSize EnvMonarch
*UIConstraints: *MediaType Plain *PageSize EnvC5
*UIConstraints: *MediaType Plain *PageSize EnvDL
*UIConstraints: *MediaType Plain-side2 *PageSize Env10
*UIConstraints: *MediaType Plain-side2 *PageSize EnvMonarch
*UIConstraints: *MediaType Plain-side2 *PageSize EnvC5
*UIConstraints: *MediaType Plain-side2 *PageSize EnvDL
*UIConstraints: *MediaType PlainThick *PageSize Env10
*UIConstraints: *MediaType PlainThick *PageSize EnvMonarch
*UIConstraints: *MediaType PlainThick *PageSize EnvC5
*UIConstraints: *MediaType PlainThick *PageSize EnvDL
*UIConstraints: *MediaType PlainThick-side2 *PageSize Env10
*UIConstraints: *MediaType PlainThick-side2 *PageSize EnvMonarch
*UIConstraints: *MediaType PlainThick-side2 *PageSize EnvC5
*UIConstraints: *MediaType PlainThick-side2 *PageSize EnvDL
*UIConstraints: *MediaType Recycled *PageSize Env10
*UIConstraints: *MediaType Recycled *PageSize EnvMonarch
*UIConstraints: *MediaType Recycled *PageSize EnvC5
*UIConstraints: *MediaType Recycled *PageSize EnvDL
*UIConstraints: *MediaType Recycled-side2 *PageSize Env10
*UIConstraints: *MediaType Recycled-side2 *PageSize EnvMonarch
*UIConstraints: *MediaType Recycled-side2 *PageSize EnvC5
*UIConstraints: *MediaType Recycled-side2 *PageSize EnvDL
*UIConstraints: *MediaType Label *PageSize Env10
*UIConstraints: *MediaType Label *PageSize EnvMonarch
*UIConstraints: *MediaType Label *PageSize EnvC5
*UIConstraints: *MediaType Label *PageSize EnvDL
*UIConstraints: *PageSize Env10 *MediaType Plain
*UIConstraints: *PageSize EnvMonarch *MediaType Plain
*UIConstraints: *PageSize EnvC5 *MediaType Plain
*UIConstraints: *PageSize EnvDL *MediaType Plain
*UIConstraints: *PageSize Env10 *MediaType Plain-side2
*UIConstraints: *PageSize EnvMonarch *MediaType Plain-side2
*UIConstraints: *PageSize EnvC5 *MediaType Plain-side2
*UIConstraints: *PageSize EnvDL *MediaType Plain-side2
*UIConstraints: *PageSize Env10 *MediaType PlainThick
*UIConstraints: *PageSize EnvMonarch *MediaType PlainThick
*UIConstraints: *PageSize EnvC5 *MediaType PlainThick
*UIConstraints: *PageSize EnvDL *MediaType PlainThick
*UIConstraints: *PageSize Env10 *MediaType PlainThick-side2
*UIConstraints: *PageSize EnvMonarch *MediaType PlainThick-side2
*UIConstraints: *PageSize EnvC5 *MediaType PlainThick-side2
*UIConstraints: *PageSize EnvDL *MediaType PlainThick-side2
*UIConstraints: *PageSize Env10 *MediaType Recycled
*UIConstraints: *PageSize EnvMonarch *MediaType Recycled
*UIConstraints: *PageSize EnvC5 *MediaType Recycled
*UIConstraints: *PageSize EnvDL *MediaType Recycled
*UIConstraints: *PageSize Env10 *MediaType Recycled-side2
*UIConstraints: *PageSize EnvMonarch *MediaType Recycled-side2
*UIConstraints: *PageSize EnvC5 *MediaType Recycled-side2
*UIConstraints: *PageSize EnvDL *MediaType Recycled-side2
*UIConstraints: *PageSize Env10 *MediaType Label
*UIConstraints: *PageSize EnvMonarch *MediaType Label
*UIConstraints: *PageSize EnvC5 *MediaType Label
*UIConstraints: *PageSize EnvDL *MediaType Label
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType Label
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType Label
*UIConstraints: *MediaType Label *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType Label *DrvDuplex DrvDuplexTumble
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType Envelope
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType Envelope
*UIConstraints: *MediaType Envelope *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType Envelope *DrvDuplex DrvDuplexTumble
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType Plain-side2
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType Plain-side2
*UIConstraints: *MediaType Plain-side2 *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType Plain-side2 *DrvDuplex DrvDuplexTumble
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType PlainThick-side2
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType PlainThick-side2
*UIConstraints: *MediaType PlainThick-side2 *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType PlainThick-side2 *DrvDuplex DrvDuplexTumble
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType Covers-side2
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType Covers-side2
*UIConstraints: *MediaType Covers-side2 *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType Covers-side2 *DrvDuplex DrvDuplexTumble
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType Coated-side2
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType Coated-side2
*UIConstraints: *MediaType Coated-side2 *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType Coated-side2 *DrvDuplex DrvDuplexTumble
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *MediaType Recycled-side2
*UIConstraints: *DrvDuplex DrvDuplexTumble *MediaType Recycled-side2
*UIConstraints: *MediaType Recycled-side2 *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *MediaType Recycled-side2 *DrvDuplex DrvDuplexTumble
*UIConstraints: *ImageType Photo *TonerMode 1
*UIConstraints: *ImageType Photo *TonerMode 2
*UIConstraints: *ImageType Photo *TonerMode 3
*UIConstraints: *ImageType Graphics *TonerMode 1
*UIConstraints: *ImageType Graphics *TonerMode 2
*UIConstraints: *ImageType Graphics *TonerMode 3
*UIConstraints: *ImageType WebPages *TonerMode 1
*UIConstraints: *ImageType WebPages *TonerMode 2
*UIConstraints: *ImageType WebPages *TonerMode 3
*UIConstraints: *ImageType POP *TonerMode 1
*UIConstraints: *ImageType POP *TonerMode 2
*UIConstraints: *ImageType POP *TonerMode 3
*UIConstraints: *DrvDuplex DrvDuplexNoTumble *RISaveBlankSheet True
*UIConstraints: *DrvDuplex DrvDuplexTumble *RISaveBlankSheet True
*UIConstraints: *RISaveBlankSheet True *DrvDuplex DrvDuplexNoTumble
*UIConstraints: *RISaveBlankSheet True *DrvDuplex DrvDuplexTumble
*UIConstraints: *TonerMode 1 *ImageType Photo
*UIConstraints: *TonerMode 2 *ImageType Photo
*UIConstraints: *TonerMode 3 *ImageType Photo
*UIConstraints: *TonerMode 1 *ImageType Graphics
*UIConstraints: *TonerMode 2 *ImageType Graphics
*UIConstraints: *TonerMode 3 *ImageType Graphics
*UIConstraints: *TonerMode 1 *ImageType WebPages
*UIConstraints: *TonerMode 2 *ImageType WebPages
*UIConstraints: *TonerMode 3 *ImageType WebPages
*UIConstraints: *TonerMode 1 *ImageType POP
*UIConstraints: *TonerMode 2 *ImageType POP
*UIConstraints: *TonerMode 3 *ImageType POP
*UIConstraints: *ColorModel Gray *IAM Complementary
*UIConstraints: *IAM Complementary *ColorModel Gray
*% ==== Device Capabilities ===============
*LanguageLevel: "3"
*Protocols: TBCP
*1284Modes Parallel: Compat Nibble ECP
*1284DeviceID: "MFG:RICOH;MDL:SP 150;DES:RICOH SP 150;CMD:GDI;CLS:PRINTER;"
*End
*ColorDevice: False
*DefaultColorSpace: Grayscale
*VariablePaperSize: True
*LandscapeOrientation: Plus90
*TTRasterizer: Type42
*?TTRasterizer: "
save
42 /FontType resourcestatus
{pop pop (Type42)}{(No Type42)} ifelse = flush
restore
"
*End
*FileSystem: True
*?FileSystem: "
save false
(%disk?%)
{ currentdevparams dup /Writeable known
{ /Writeable get {pop true} if } { pop } ifelse
} 10 string /IODevice resourceforall
{(True)}{(False)} ifelse = flush
restore
"
*End
*Throughput: "25"
*Password: "()"
*ExitServer: "
count 0 eq
{ false } { true exch startjob } ifelse
not {
(WARNING: Cannot modify initial VM.) =
(Missing or invalid password.) =
(Please contact the author of this software.) = flush quit
} if
"
*End
*Reset: "
count 0 eq
{ false } { true exch startjob } ifelse
not {
(WARNING: Cannot reset printer.) =
(Missing or invalid password.) =
(Please contact the author of this software.) = flush quit
} if
systemdict /quit get exec
(WARNING : Printer Reset Failed.) = flush
"
*End
*AccurateScreensSupport: True
*SuggestedJobTimeout: "0"
*SuggestedWaitTimeout: "300"
*PrintPSErrors: True
*APSupportsCustomColorMatching: true
*APDefaultCustomColorMatchingProfile: sRGB
*APCustomColorMatchingProfile: sRGB
*% Paper Handling ===================
*OpenUI *PageSize/Media Size: PickOne
*OrderDependency: 11 AnySetup *PageSize
*DefaultPageSize: Letter
*PageSize Letter/US Letter: "<</PageSize[612 792]/ImagingBBox null>>setpagedevice"
*PageSize A4/A4: "<</PageSize[595 842]/ImagingBBox null>>setpagedevice"
*PageSize A5/A5: "<</PageSize[420 595]/ImagingBBox null>>setpagedevice"
*PageSize A6/A6: "<</PageSize[297 420]/ImagingBBox null>>setpagedevice"
*PageSize B5/JIS B5: "<</PageSize[516 729]/ImagingBBox null>>setpagedevice"
*PageSize B6/JIS B6: "<</PageSize[363 516]/ImagingBBox null>>setpagedevice"
*PageSize Executive/Executive: "<</PageSize[522 756]/ImagingBBox null>>setpagedevice"
*PageSize 16K/16K: "<</PageSize[524 737]/ImagingBBox null>>setpagedevice"
*PageSize A5LEF/A5(LEF): "<</PageSize[595 420]/ImagingBBox null>>setpagedevice"
*PageSize B6LEF/JIS B6(LEF): "<</PageSize[516 363]/ImagingBBox null>>setpagedevice"
*PageSize Legal/Legal: "<</PageSize [612 1008]/ImagingBBox null>>setpagedevice"
*CloseUI: *PageSize
*OpenUI *PageRegion/Media Size: PickOne
*OrderDependency: 12 AnySetup *PageRegion
*DefaultPageRegion: Letter
*PageRegion Letter/US Letter: "<</PageSize[612 792]/ImagingBBox null>>setpagedevice"
*PageRegion A4/A4: "<</PageSize[595 842]/ImagingBBox null>>setpagedevice"
*PageRegion A5/A5: "<</PageSize[420 595]/ImagingBBox null>>setpagedevice"
*PageRegion A6/A6: "<</PageSize[297 420]/ImagingBBox null>>setpagedevice"
*PageRegion B5/JIS B5: "<</PageSize[516 729]/ImagingBBox null>>setpagedevice"
*PageRegion B6/JIS B6: "<</PageSize[363 516]/ImagingBBox null>>setpagedevice"
*PageRegion Executive/Executive: "<</PageSize[522 756]/ImagingBBox null>>setpagedevice"
*PageRegion 16K/16K: "<</PageSize[524 737]/ImagingBBox null>>setpagedevice"
*PageRegion A5LEF/A5(LEF): "<</PageSize[595 420]/ImagingBBox null>>setpagedevice"
*PageRegion B6LEF/JIS B6(LEF): "<</PageSize[516 363]/ImagingBBox null>>setpagedevice"
*PageRegion Legal/Legal: "<</PageSize [612 1008]/ImagingBBox null>>setpagedevice"
*CloseUI: *PageRegion
*DefaultImageableArea: Letter
*ImageableArea Letter/US Letter: "11.905511856079 11.905511856079 600.094482421875 780.094482421875"
*ImageableArea A4/A4: "11.905511856079 11.905511856079 583.094482421875 830.094482421875"
*ImageableArea A5/A5: "11.905511856079 11.905511856079 408.094482421875 583.094482421875"
*ImageableArea A6/A6: "11.905511856079 11.905511856079 285.094482421875 408.094482421875"
*ImageableArea B5/JIS B5: "11.905511856079 11.905511856079 504.094482421875 717.094482421875"
*ImageableArea B6/JIS B6: "11.905511856079 11.905511856079 351.094482421875 504.094482421875"
*ImageableArea Executive/Executive: "11.905511856079 11.905511856079 510.094482421875 744.094482421875"
*ImageableArea 16K/16K: "11.905511856079 11.905511856079 512.094482421875 725.094482421875"
*ImageableArea A5LEF/A5(LEF): "11.905511856079 11.905511856079 583.094482421875 408.094482421875"
*ImageableArea B6LEF/JIS B6(LEF): "11.905511856079 11.905511856079 504.094482421875 351.094482421875"
*ImageableArea Legal/Legal: "11.905511856079 11.905511856079 600.094482421875 996.09448818898"
*DefaultPaperDimension: Letter
*PaperDimension Letter/US Letter: "612 792"
*PaperDimension A4/A4: "595 842"
*PaperDimension A5/A5: "420 595"
*PaperDimension A6/A6: "297 420"
*PaperDimension B5/JIS B5: "516 729"
*PaperDimension B6/JIS B6: "363 516"
*PaperDimension Executive/Executive: "522 756"
*PaperDimension 16K/16K: "524 737"
*PaperDimension A5LEF/A5(LEF): "595 420"
*PaperDimension B6LEF/JIS B6(LEF): "516 363"
*PaperDimension Legal/Legal: "612 1008"
*MaxMediaWidth: "612.283508300781"
*MaxMediaHeight: "1152"
*HWMargins: 11.905511856079 11.905511856079 11.905511856079 11.905511856079
*CustomPageSize True: "pop pop pop <</PageSize[5 -2 roll]/ImagingBBox null>>setpagedevice"
*ParamCustomPageSize Width: 1 points 215.999 612.284
*ParamCustomPageSize Height: 2 points 328.817 1008.001
*ParamCustomPageSize WidthOffset: 3 points 0 0
*ParamCustomPageSize HeightOffset: 4 points 0 0
*ParamCustomPageSize Orientation: 5 int 0 0
*LeadingEdge Short: ""
*DefaultLeadingEdge: Short
*OpenGroup: Graphics/Detailed Settings
*% OutputMode Information ===================
*AccurateScreensSupport: True
*OpenUI *DrvResolution/Image Quality: PickOne
*OrderDependency: 10 AnySetup *DrvResolution
*DefaultDrvResolution: 600dpi
*DrvResolution 600dpi/600DPI: "<</HWResolution [600 600]>>setpagedevice"
*DrvResolution 1200dpi/1200DPI: "<</HWResolution [1200 600]>>setpagedevice"
*CloseUI: *DrvResolution
*AccurateScreensSupport: True
*OpenUI *ColorModel/Output Color: PickOne
*OrderDependency: 10 AnySetup *ColorModel
*DefaultColorModel: Gray
*ColorModel Gray/Black: "<</cupsBitsPerPixel 8/cupsBitsPerColor 8/cupsColorSpace 0/NegativePrint true>>setpagedevice"
*CloseUI: *ColorModel
*% Image Rotation ===============
*OpenUI *ImageRotation/Image Rotation: Boolean
*OrderDependency: 15.0 AnySetup *ImageRotation
*DefaultImageRotation: False
*ImageRotation False/Off: "<</ImageRotation false >>setpagedevice"
*ImageRotation True/On: "<</ImageRotation true >>setpagedevice"
*CloseUI: *ImageRotation
*% Toner Mode ===============
*OpenUI *TonerMode/Toner Saving Mode: PickOne
*OrderDependency: 15.0 AnySetup *TonerMode
*DefaultTonerMode: 0
*TonerMode 1/On: "<</TonerMode>>setpagedevice"
*TonerMode 0/Off: "<</TonerMode>>setpagedevice"
*CloseUI: *TonerMode
*ColorKeyWords: "StpBrightness"
*OpenUI *StpBrightness/Brightness: PickOne
*OrderDependency: 41.0 AnySetup *StpBrightness
*DefaultStpBrightness: 200
*StpBrightness 100/-100: "<</StpBrightness>>setpagedevice"
*StpBrightness 120/-80: "<</StpBrightness>>setpagedevice"
*StpBrightness 140/-60: "<</StpBrightness>>setpagedevice"
*StpBrightness 160/-40: "<</StpBrightness>>setpagedevice"
*StpBrightness 180/-20: "<</StpBrightness>>setpagedevice"
*StpBrightness 200/0: "<</StpBrightness>>setpagedevice"
*StpBrightness 220/20: "<</StpBrightness>>setpagedevice"
*StpBrightness 240/40: "<</StpBrightness>>setpagedevice"
*StpBrightness 260/60: "<</StpBrightness>>setpagedevice"
*StpBrightness 280/80: "<</StpBrightness>>setpagedevice"
*StpBrightness 300/100: "<</StpBrightness>>setpagedevice"
*CloseUI: *StpBrightness
*CloseGroup: Graphics
*OpenGroup: ColorBalanceGroup/Color Balance
*OpenUI *RIColorDensityBlackLow/Low Density (K): PickOne
*OrderDependency: 50.0 AnySetup *RIColorDensityBlackLow
*DefaultRIColorDensityBlackLow: 0
*RIColorDensityBlackLow 3/Darker (+3): "/Black/Low 3/Custom/ProcSet"
*RIColorDensityBlackLow 2/Darker (+2): "/Black/Low 2/Custom/ProcSet"
*RIColorDensityBlackLow 1/Darker (+1): "/Black/Low 1/Custom/ProcSet"
*RIColorDensityBlackLow 0/Normal (0): "/Black/Low 0/Custom/ProcSet"
*RIColorDensityBlackLow -1/Lighter (-1): "/Black/Low -1/Custom/ProcSet"
*RIColorDensityBlackLow -2/Lighter (-2): "/Black/Low -2/Custom/ProcSet"
*RIColorDensityBlackLow -3/Lighter (-3): "/Black/Low -3/Custom/ProcSet"
*CloseUI: *RIColorDensityBlackLow
*OpenUI *RIColorDensityBlackMid/Medium Density (K): PickOne
*OrderDependency: 51.0 AnySetup *RIColorDensityBlackMid
*DefaultRIColorDensityBlackMid: 0
*RIColorDensityBlackMid 3/Darker (+3): "/Black/Middle 3/Custom/ProcSet"
*RIColorDensityBlackMid 2/Darker (+2): "/Black/Middle 2/Custom/ProcSet"
*RIColorDensityBlackMid 1/Darker (+1): "/Black/Middle 1/Custom/ProcSet"
*RIColorDensityBlackMid 0/Normal (0): "/Black/Middle 0/Custom/ProcSet"
*RIColorDensityBlackMid -1/Lighter (-1): "/Black/Middle -1/Custom/ProcSet"
*RIColorDensityBlackMid -2/Lighter (-2): "/Black/Middle -2/Custom/ProcSet"
*RIColorDensityBlackMid -3/Lighter (-3): "/Black/Middle -3/Custom/ProcSet"
*CloseUI: *RIColorDensityBlackMid
*OpenUI *RIColorDensityBlackHigh/High Density (K): PickOne
*OrderDependency: 52.0 AnySetup *RIColorDensityBlackHigh
*DefaultRIColorDensityBlackHigh: 0
*RIColorDensityBlackHigh 3/Darker (+3): "/Black/High 3/Custom/ProcSet"
*RIColorDensityBlackHigh 2/Darker (+2): "/Black/High 2/Custom/ProcSet"
*RIColorDensityBlackHigh 1/Darker (+1): "/Black/High 1/Custom/ProcSet"
*RIColorDensityBlackHigh 0/Normal (0): "/Black/High 0/Custom/ProcSet"
*RIColorDensityBlackHigh -1/Lighter (-1): "/Black/High -1/Custom/ProcSet"
*RIColorDensityBlackHigh -2/Lighter (-2): "/Black/High -2/Custom/ProcSet"
*RIColorDensityBlackHigh -3/Lighter (-3): "/Black/High -3/Custom/ProcSet"
*CloseUI: *RIColorDensityBlackHigh
*CloseGroup: ColorBalanceGroup
*OpenGroup: AdvancedMedia/Paper Handling
*% Collate ===============
*OpenUI *Collate/Collated: Boolean
*OrderDependency: 15.0 AnySetup *Collate
*DefaultCollate: False
*Collate False/Off: "<</Collate false >>setpagedevice"
*Collate True/On: "<</Collate true >>setpagedevice"
*CloseUI: *Collate
*% MediaType ===============
*OpenUI *MediaType/Paper Type: PickOne
*OrderDependency: 13 AnySetup *MediaType
*DefaultMediaType: Plain
*MediaType Plain/Plain: "<</MediaType(Plain)/cupsMediaType 0>>setpagedevice"
*MediaType Recycled/Recycled: "<</MediaType(Recycled)/cupsMediaType 1>>setpagedevice"
*MediaType PlainThick/Plain Thick: "<</MediaType(Plain Thick)/cupsMediaType 2>>setpagedevice"
*MediaType PlainThin/Plain Thin: "<</MediaType(Plain Thin)/cupsMediaType 3>>setpagedevice"
*MediaType Label/Label: "<</MediaType(Label)/cupsMediaType 4>>setpagedevice"
*CloseUI: *MediaType
*OpenUI *DrvDuplex/Duplex: PickOne
*OrderDependency: 31 AnySetup *DrvDuplex
*DefaultDrvDuplex: None
*DrvDuplex None/1 Sided Print: ""
*DrvDuplex DrvDuplexNoTumble/Flip on Long Edge: "<</DrvDuplex true /Tumble false>>setpagedevice"
*DrvDuplex DrvDuplexTumble/Flip on Short Edge: "<</DrvDuplex true /Tumble true>>setpagedevice"
*CloseUI: *DrvDuplex
*CloseGroup: AdvancedMedia
*OpenGroup: PrinterFunction/Printer Specific Options
*% Color Control ===============
*OpenUI *RISaveBlankSheet/Skip Blank Pages: Boolean
*OrderDependency: 40.0 AnySetup *RISaveBlankSheet
*DefaultRISaveBlankSheet: False
*RISaveBlankSheet False/Off: "<</RISaveBlankSheet false >>setpagedevice"
*RISaveBlankSheet True/On: "<</RISaveBlankSheet true >>setpagedevice"
*CloseUI: *RISaveBlankSheet
*CloseGroup: PrinterFunction
*% Input Sources (format: %%[ status: <stat>; source: <one of these> ]%% )
*Source: "USB"
*Source: "EtherTalk"
*cupsLanguages: "ru"
*% === RU ===
*ru.Translation PageSize/Формат бумаги: ""
*ru.PageSize A4/A4: ""
*ru.PageSize A5/A5: ""
*ru.PageSize A6/A6: ""
*ru.PageSize B5/JIS B5: ""
*ru.PageSize B6/JIS B6: ""
*ru.PageSize Letter/US Letter: ""
*ru.PageSize Executive/Executive: ""
*ru.PageSize 16K/16K: ""
*ru.Translation PageRegion/PageRegion: ""
*ru.PageRegion A4/A4: ""
*ru.PageRegion A5/A5: ""
*ru.PageRegion A6/A6: ""
*ru.PageRegion B5/JIS B5: ""
*ru.PageRegion B6/JIS B6: ""
*ru.PageRegion Letter/US Letter: ""
*ru.PageRegion Executive/Executive: ""
*ru.PageRegion 16K/16K: ""
*ru.Translation Graphics/Подробные настройки: ""
*ru.Translation ColorModel/Цвет отпечатка: ""
*ru.ColorModel Gray/Черный: ""
*ru.Translation DrvResolution/Качество изображения: ""
*ru.DrvResolution 600dpi/600 т/д: ""
*ru.DrvResolution 1200dpi/1200 т/д: ""
*ru.Translation DrvDuplex/Двухсторонняя печать: ""
*ru.DrvDuplex None/Односторонняя печать: ""
*ru.DrvDuplex DrvDuplexNoTumble/Поворачивать по длинному краю: ""
*ru.DrvDuplex DrvDuplexTumble/Поворачивать по короткому краю: ""
*ru.Translation StpBrightness/Яркость: ""
*ru.Translation TonerMode/Режим экономии тонера: ""
*ru.TonerMode 0/Выкл.: ""
*ru.TonerMode 1/Вкл.: ""
*ru.Translation ImageRotation/Поворот изображения: ""
*ru.ImageRotation False/Выкл.: ""
*ru.ImageRotation True/Вкл.: ""
*ru.Translation ColorBalanceGroup/Цветовой баланс: ""
*ru.Translation RIColorDensityBlackLow/Низкая плотность (K): ""
*ru.RIColorDensityBlackLow 3/Темнее (+3): ""
*ru.RIColorDensityBlackLow 2/Темнее (+2): ""
*ru.RIColorDensityBlackLow 1/Темнее (+1): ""
*ru.RIColorDensityBlackLow 0/Стандартно (0): ""
*ru.RIColorDensityBlackLow -1/Светлее (-1): ""
*ru.RIColorDensityBlackLow -2/Светлее (-2): ""
*ru.RIColorDensityBlackLow -3/Светлее (-3): ""
*ru.Translation RIColorDensityBlackMid/Средняя плотность (K): ""
*ru.RIColorDensityBlackMid 3/Темнее (+3): ""
*ru.RIColorDensityBlackMid 2/Темнее (+2): ""
*ru.RIColorDensityBlackMid 1/Темнее (+1): ""
*ru.RIColorDensityBlackMid 0/Стандартно (0): ""
*ru.RIColorDensityBlackMid -1/Светлее (-1): ""
*ru.RIColorDensityBlackMid -2/Светлее (-2): ""
*ru.RIColorDensityBlackMid -3/Светлее (-3): ""
*ru.Translation RIColorDensityBlackHigh/Высокая плотность (K): ""
*ru.RIColorDensityBlackHigh 3/Темнее (+3): ""
*ru.RIColorDensityBlackHigh 2/Темнее (+2): ""
*ru.RIColorDensityBlackHigh 1/Темнее (+1): ""
*ru.RIColorDensityBlackHigh 0/Стандартно (0): ""
*ru.RIColorDensityBlackHigh -1/Светлее (-1): ""
*ru.RIColorDensityBlackHigh -2/Светлее (-2): ""
*ru.RIColorDensityBlackHigh -3/Светлее (-3): ""
*ru.Translation AdvancedMedia/Управление бумагой: ""
*ru.Translation Collate/Разобрать по копиям: ""
*ru.Collate False/Выкл.: ""
*ru.Collate True/Вкл.: ""
*ru.Translation MediaType/Тип бумаги: ""
*ru.MediaType Plain/Обычная: ""
*ru.MediaType PlainThick/Обычная толстая: ""
*ru.MediaType PlainThin/Обычная тонкая: ""
*ru.MediaType Label/Этикетка: ""
*ru.MediaType Recycled/Переработанная: ""
*ru.Translation PrinterFunction/Параметры принтера: ""
*ru.Translation RISaveBlankSheet/Пропускать пустые страницы: ""
*ru.RISaveBlankSheet False/Выкл.: ""
*ru.RISaveBlankSheet True/Вкл.: ""

135
modules/sys/printing/cupsd.conf Normal file
View File

@@ -0,0 +1,135 @@
LogLevel warn
MaxLogSize 0
ErrorPolicy stop-printer
# Allow remote access
Port 631
Listen /run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
WebInterface Yes
IdleExitTimeout 60
<Location />
# Allow shared printing...
Order allow,deny
Allow all
</Location>
<Location /admin>
AuthType Default
Require user @SYSTEM
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
</Location>
<Location /admin/log>
AuthType Default
Require user @SYSTEM
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy kerberos>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>

32
modules/sys/printing/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
config,
...
}:
{
options = with lib; {
services.printing = {
ricoh = {
enable = mkEnableOption "Enable Ricoh Printer";
};
};
};
config = lib.mkIf config.services.printing.enable {
virtualisation.oci-containers.containers = lib.mkIf config.services.printing.ricoh.enable {
ricoh = {
image = "ricoh-cups:latest";
autoStart = true;
extraOptions = [
"--device=/dev/bus/usb/005"
"--network=host"
];
};
};
networking.firewall.allowedTCPPorts = [
631
];
};
}

24
modules/sys/printing/printers.conf Normal file
View File

@@ -0,0 +1,24 @@
# Printer configuration file for CUPS v2.4.11
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
NextPrinterId 2
<Printer RICOH_SP_150SU>
PrinterId 1
UUID urn:uuid:6a1e1442-eced-3a35-69bc-92de4802890b
Info RICOH SP 150SU
Location
MakeModel RICOH SP 150 v1.022
DeviceURI usb://RICOH/SP%20150SU?serial=Y076M502861&interface=1
State Idle
StateTime 1738919335
ConfigTime 1738919327
Type 37060
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
</Printer>

BIN
modules/sys/printing/ricoh-sp150-ppd-v1.0.22-1-x86_64.pkg.tar.zst Normal file
View File

Binary file not shown.

40
nix.nix Normal file
View File

@@ -0,0 +1,40 @@
{ lib, ... }:
{
nix = {
gc = with lib; {
automatic = mkDefault true;
dates = mkDefault "19:00";
persistent = mkDefault true;
options = mkDefault "--delete-older-than 14d";
};
settings = with lib; {
substituters = lib.mkForce [
"https://nixos-cache-proxy.cofob.dev"
"https://nix-community.cachix.org"
"https://devenv.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
];
accept-flake-config = true;
auto-optimise-store = mkDefault true;
experimental-features = [
"nix-command"
"flakes"
];
log-lines = 30;
min-free = mkDefault "${toString (5 * 1024 * 1024 * 1024)}";
max-free = mkDefault "${toString (10 * 1024 * 1024 * 1024)}";
max-jobs = mkDefault 10;
trusted-users = [
"root"
"@wheel"
];
warn-dirty = true;
sandbox-dev-shm-size = "70%";
};
};
}

14
options.nix Normal file
View File

@@ -0,0 +1,14 @@
{ lib, ... }:
{
options = {
swappiness = lib.mkOption {
type = lib.types.int;
default = 10;
};
hm = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = { };
};
};
}

8
quirks/32bit.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
hardware = {
graphics = {
enable32Bit = true;
};
};
}

1
quirks/default.nix Normal file
View File

@@ -0,0 +1 @@
{ quirks, ... }: map (quirk: ./${quirk}.nix) quirks

6
quirks/development.nix Normal file
View File

@@ -0,0 +1,6 @@
{...}:
{
boot.kernel.sysctl = {
"fs.inotify.max_user_watches" = 1048576;
};
}

6
quirks/steam.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
hardware = {
steam-hardware.enable = true;
};
}

131
roles/default.nix Normal file
View File

@@ -0,0 +1,131 @@
{
pkgs,
config,
lib,
...
}:
{
systemd = {
oomd = {
enable = true;
enableUserSlices = lib.mkDefault true;
enableSystemSlice = lib.mkDefault true;
extraConfig = {
DefaultMemoryPressureDurationSec = lib.mkDefault "20s";
DefaultMemoryPressureLimit = lib.mkDefault "50%";
};
};
};
boot.kernel.sysctl = {
"vm.swappiness" = config.swappiness;
};
networking = {
domain = lib.mkDefault "fxnet";
search = [
config.networking.domain
];
hosts = {
"192.168.1.5" = [
"nas.fxnet"
"radicale.fxnet"
];
};
firewall = {
enable = lib.mkDefault true;
};
iproute2.enable = lib.mkDefault true;
};
services = {
openssh = {
enable = lib.mkDefault true;
settings = {
PermitRootLogin = lib.mkDefault "prohibit-password";
PasswordAuthentication = lib.mkDefault false;
AllowGroups = [
"ssh"
"root"
];
};
};
timesyncd.servers = [
"192.168.1.1"
"0.nixos.pool.ntp.org"
];
btrfs.autoScrub = {
enable = lib.mkDefault true;
interval = lib.mkDefault "monthly";
fileSystems = [
"/"
"/nix"
"/home"
];
};
};
programs = {
nix-index = {
enable = true;
enableFishIntegration = config.programs.fish.enable;
enableZshIntegration = config.programs.zsh.enable;
enableBashIntegration = config.programs.bash.enable;
};
};
environment.systemPackages = with pkgs; [
linux-firmware
git
wget
curl
htop
gnumake
neovim
# archives
zip
xz
unzip
p7zip
# utils
ripgrep # recursively searches directories for a regex pattern
jq # A lightweight and flexible command-line JSON processor
# networking tools
mtr # A network diagnostic tool
ldns # replacement of `dig`, it provide the command `drill`
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
file
which
tree
gnused
gnutar
gawk
zstd
gnupg
bc
# btop # replacement of htop/nmon
iotop # io monitoring
iftop # network monitoring
# system call monitoring
strace # system call monitoring
ltrace # library call monitoring
lsof # list open files
cifs-utils
age
sops
];
}

197
roles/desktop.nix Normal file
View File

@@ -0,0 +1,197 @@
{
pkgs,
lib,
config,
...
}:
let
specialisations = builtins.map (name: ../specialisations + "/${name}") (
builtins.attrNames (builtins.readDir ../specialisations)
);
in
{
imports = [
./default.nix
]
++ specialisations;
swappiness = lib.mkDefault 20;
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
tmp = {
cleanOnBoot = lib.mkDefault true;
tmpfsSize = lib.mkDefault "50%";
useTmpfs = lib.mkDefault true;
};
consoleLogLevel = lib.mkDefault 1;
loader = {
systemd-boot = {
enable = lib.mkDefault true;
configurationLimit = lib.mkDefault 10;
};
efi.canTouchEfiVariables = lib.mkDefault true;
};
};
hardware = {
enableRedistributableFirmware = lib.mkDefault true;
bluetooth = {
enable = lib.mkDefault true;
powerOnBoot = true;
settings = {
General = {
IdleTimeout = 0;
ControllerMode = "dual";
MultiProfile = "multiple";
FastConnectable = true;
};
};
};
};
networking = {
networkmanager = {
enable = lib.mkDefault true;
plugins = lib.mkForce [ ];
};
firewall = {
enable = false;
};
};
i18n = {
defaultLocale = "ru_RU.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
"ru_RU.UTF-8/UTF-8"
];
};
security = {
rtkit.enable = true;
sudo = {
enable = true;
extraConfig = ''
Defaults:root,%wheel env_keep=HTTPS_PROXY
Defaults:root,%wheel env_keep=no_proxy
'';
};
pam = {
yubico.enable = true;
yubico.mode = "challenge-response";
};
};
services = {
pulseaudio.enable = false;
pcscd.enable = true;
resolved = {
enable = true;
fallbackDns = [
# "192.168.1.5"
"1.1.1.1"
"8.8.8.8"
];
};
pipewire = {
wireplumber.enable = true;
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
libinput.enable = true;
btrfs.autoScrub.interval = "weekly";
flatpak.enable = true;
printing = {
enable = lib.mkDefault true;
openFirewall = true;
drivers = with pkgs; [
gutenprint
];
cups-pdf.enable = true;
browsing = lib.mkDefault true;
};
udev = {
extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
};
};
powerManagement = {
enable = true;
};
users.groups = {
ssh = {
name = "ssh";
};
};
environment.systemPackages = with pkgs; [
mesa
steam-run
obsidian
telegram-desktop
keepassxc
gimp
mpv
ffmpeg
yt-dlp
avidemux
krita
krita-plugin-gmic
# onlyoffice-desktopeditors
libreoffice-qt-fresh
thunderbird-latest
# Fonts
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
];
programs = {
nix-ld = {
enable = true;
libraries = [
];
};
yubikey-touch-detector = {
enable = config.security.pam.yubico.enable;
libnotify = true;
};
};
environment.pathsToLink = [
"/share/xdg-desktop-portal"
"/share/applications"
];
hardware = {
graphics = {
enable = true;
};
};
xdg.portal.enable = true;
}

8
roles/laptop.nix Normal file
View File

@@ -0,0 +1,8 @@
{...}:
{
imports = [
./desktop.nix
];
powerManagement.powertop.enable = true;
}

7
roles/server.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./default.nix
];
}

42
specialisations/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{
lib,
pkgs,
...
}:
{
services = {
desktopManager = {
plasma6.enable = true;
};
displayManager = {
sddm = {
enable = true;
enableHidpi = true;
};
};
};
environment.systemPackages = with pkgs.kdePackages; [
yakuake
spectacle
elisa
dolphin-plugins
xwaylandvideobridge
];
programs = {
zsh.enable = true;
kdeconnect.enable = true;
kde-pim.enable = false;
};
xdg.portal.config.common = {
default = lib.mkDefault [
"kde"
];
};
xdg.portal.extraPortals = lib.mkDefault [
pkgs.kdePackages.xdg-desktop-portal-kde
];
}

61
specialisations/gnome.nix Normal file
View File

@@ -0,0 +1,61 @@
{ pkgs, lib, ... }:
{
specialisation.gnome.configuration = {
system.nixos.tags = [ "gnome" ];
services = {
displayManager = {
defaultSession = lib.mkForce "gnome";
sddm.enable = lib.mkForce false;
gdm = {
enable = true;
wayland = true;
autoSuspend = true;
banner = ''
Оставь надежду
Всяк сюда входящий
'';
};
};
desktopManager = {
plasma6.enable = lib.mkForce false;
gnome.enable = true;
};
hardware.bolt.enable = true;
gnome = {
core-os-services.enable = true;
gnome-keyring.enable = true;
gnome-settings-daemon.enable = true;
core-shell.enable = true;
};
};
programs.evolution = {
enable = true;
plugins = [ pkgs.evolution-ews ];
};
environment = {
variables = {
XCURSOR_THEME = "Adwaita";
};
gnome.excludePackages = with pkgs; [
geary
epiphany
gnome-calendar
];
};
xdg.portal = {
config.common = {
default = lib.mkForce [
"gnome"
];
};
extraPortals = lib.mkForce [
pkgs.kdePackages.xdg-desktop-portal-kde
];
};
};
}