diff --git a/flake.lock b/flake.lock index 856e6c8..43f7338 100644 --- a/flake.lock +++ b/flake.lock @@ -26,7 +26,9 @@ "inputs": { "darwin": "darwin", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "systems": "systems" }, "locked": { @@ -78,7 +80,9 @@ }, "auto-cpufreq": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1761712534, @@ -167,7 +171,9 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_4", + "nixpkgs": [ + "nixpkgs" + ], "rust-overlay": "rust-overlay_2" }, "locked": { @@ -225,7 +231,9 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_5", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { @@ -264,7 +272,9 @@ }, "emacs-overlay": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -1350,7 +1360,9 @@ "crane": "crane", "fenix": "fenix", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_8" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1761489878, @@ -1427,7 +1439,9 @@ }, "nbfc-linux": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils_2" }, "locked": { @@ -1449,7 +1463,9 @@ "inputs": { "flake-parts": "flake-parts", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_11" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1762387511, @@ -1671,183 +1687,7 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1705957679, - "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", - "owner": "nixOS", - "repo": "nixpkgs", - "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", - "type": "github" - }, - "original": { - "owner": "nixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1762286042, - "narHash": "sha256-OD5HsZ+sN7VvNucbrjiCz7CHF5zf9gP51YVJvPwYIH8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "12c1f0253aa9a54fdf8ec8aecaafada64a111e24", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_12": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_13": { - "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_14": { - "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_15": { - "locked": { - "lastModified": 1704842529, - "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1754028485, - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1757967192, - "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { "locked": { "lastModified": 1759417375, "narHash": "sha256-O7eHcgkQXJNygY6AypkF9tFhsoDQjpNEojw3eFs73Ow=", @@ -1863,13 +1703,29 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_3": { "locked": { - "lastModified": 1760284886, - "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -1879,13 +1735,29 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_5": { "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1704842529, + "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", "type": "github" }, "original": { @@ -2001,7 +1873,9 @@ "flake-compat": "flake-compat_7", "flake-parts": "flake-parts_2", "mnw": "mnw", - "nixpkgs": "nixpkgs_13", + "nixpkgs": [ + "nixpkgs" + ], "systems": "systems_10" }, "locked": { @@ -2022,7 +1896,7 @@ "inputs": { "flake-compat": "flake-compat_4", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1762441963, @@ -2065,7 +1939,7 @@ "inputs": { "flake-compat": "flake-compat_6", "gitignore": "gitignore_4", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1760663237, @@ -2086,7 +1960,7 @@ "flake-compat": "flake-compat_8", "flake-utils": "flake-utils_6", "gitignore": "gitignore_5", - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { @@ -2124,7 +1998,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nix-on-droid": "nix-on-droid", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_4", "note": "note", "nvf": "nvf", "stylix": "stylix", @@ -2518,7 +2392,7 @@ "inputs": { "flake-utils": "flake-utils_5", "gomod2nix": "gomod2nix_2", - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { diff --git a/flake.nix b/flake.nix index 4154e93..1d8c5df 100644 --- a/flake.nix +++ b/flake.nix @@ -20,16 +20,19 @@ # NVF FOR SUPER NVIM nvf = { url = "github:notashelf/nvf"; + inputs.nixpkgs.follows = "nixpkgs"; }; # auto-cpufreq latest version, for optimizing my laptop's thermal's auto-cpufreq = { url = "github:AdnanHodzic/auto-cpufreq"; + inputs.nixpkgs.follows = "nixpkgs"; }; # use custom nbfc that has the config for my laptop nbfc-linux = { url = "github:cronyakatsuki/nbfc-linux/a715-41g"; + inputs.nixpkgs.follows = "nixpkgs"; }; # use prebuild nix-index ( crashes on me cause little ram ) @@ -47,6 +50,7 @@ # iamb, a matrix tui client. Latest possible version iamb = { url = "github:ulyssa/iamb"; + inputs.nixpkgs.follows = "nixpkgs"; }; # Support for android @@ -57,13 +61,21 @@ }; # Declare flatpak easilly - nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; + nix-flatpak = { + url = "github:gmodena/nix-flatpak/?ref=latest"; + }; # Neovim nightly - neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; + neovim-nightly-overlay = { + url = "github:nix-community/neovim-nightly-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # Deploy-rs - deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # Disko disko = { @@ -72,7 +84,10 @@ }; # secrets management - agenix.url = "github:ryantm/agenix"; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # My selfhosted service, inspired by 0x0.st upfast = { @@ -111,14 +126,20 @@ }; # Chaotic repo for some of their packages - chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; + chaotic = { + url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # AAGL aagl.url = "github:ezKEa/aagl-gtk-on-nix"; aagl.inputs.nixpkgs.follows = "nixpkgs"; # Emacs, my enemy let me try to learn you again - emacs-overlay.url = "github:nix-community/emacs-overlay"; + emacs-overlay = { + url = "github:nix-community/emacs-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # zen browser zen-browser = { diff --git a/modules/cross-platform/home-manager/neovim.nix b/modules/cross-platform/home-manager/neovim.nix index 2ea03f9..432dd15 100644 --- a/modules/cross-platform/home-manager/neovim.nix +++ b/modules/cross-platform/home-manager/neovim.nix @@ -4,24 +4,13 @@ pkgs, lib, ... -}: let - markdown-table-mode = pkgs.vimUtils.buildVimPlugin { - name = "markdown-table-mode"; - src = pkgs.fetchFromGitHub { - owner = "Kicamon"; - repo = "markdown-table-mode.nvim"; - rev = "fe207ea7cef615ccaf2c0f1257c58ffa0a50a9f5"; - hash = "sha256-JGc5L+7/eSBww1HaMl0AVcIwEJF/RFqoVRpR3DnP6+E="; - }; - }; -in { +}: { options = { crony.neovim.enable = lib.mkEnableOption "Enable neovim and apply a good config."; }; config = lib.mkIf config.crony.neovim.enable { # Disable stylix for nvf, I wan't to use a properly implemented theme sorry. - stylix.targets.nvf.enable = false; stylix.targets.neovim.enable = false; # Setup neovim with default home manager options @@ -48,282 +37,9 @@ in { pkgs.marksman # for yaml pkgs.yaml-language-server + # for shell scripts + pkgs.bash-language-server ]; }; - - # Setup neovim with nvf - programs.nvf = { - enable = false; - settings = { - vim = { - # Use the nighly package - package = inputs.neovim-nightly-overlay.packages.${pkgs.system}.default; - # Enable the aliases, I love them - viAlias = true; - vimAlias = true; - - # Changing some basic settings - options = { - tabstop = 2; - shiftwidth = 2; - expandtab = true; - softtabstop = 2; - updatetime = 50; - scrolloff = 5; - signcolumn = "no"; - ignorecase = true; - smartcase = true; - colorcolumn = "80"; - laststatus = 3; - }; - - # Enable the undo file - undoFile = { - enable = true; - }; - - binds = { - # Setup whichkey - whichKey.enable = true; - }; - - # Enable lsp - lsp = { - enable = true; - formatOnSave = false; - inlayHints.enable = true; - lightbulb.enable = true; - lspSignature.enable = true; - lspsaga.enable = true; - otter-nvim.enable = true; - trouble.enable = true; - }; - - # Enable diagnostics - diagnostics = { - enable = true; - nvim-lint = { - enable = true; - }; - }; - - # Enable formatting with conform-nvim - formatter = { - conform-nvim = { - enable = true; - }; - }; - - # Some git related stuff - git.git-conflict = { - enable = true; - }; - - # Autocompletion - autocomplete.nvim-cmp = { - enable = true; - mappings = { - close = ""; - complete = null; - confirm = ""; - next = ""; - previous = ""; - }; - }; - - # Setup lsp's and languages - languages = { - enableFormat = true; - enableTreesitter = true; - enableExtraDiagnostics = true; - - lua = { - enable = true; - lsp.lazydev.enable = true; - }; - python = { - enable = true; - format.type = "black-and-isort"; - }; - css.enable = true; - ts = { - enable = true; - extensions = { - ts-error-translator.enable = true; - }; - }; - nix = { - enable = true; - lsp = { - server = "nixd"; - options = { - nixos = { - expr = ''(builtins.getFlake "/home/crony/repos/nixos").nixosConfigurations.CONFIGNAME.options''; - }; - home_manager = { - expr = ''(builtins.getFlake "/home/crony/repos/nixos").homeConfigurations.CONFIGNAME.options''; - }; - }; - }; - }; - bash.enable = true; - go = { - enable = true; - - format = { - enable = true; - type = "gofumpt"; - }; - }; - markdown = { - enable = false; - extensions.render-markdown-nvim.enable = true; - }; - html.enable = true; - csharp.enable = true; - }; - - # utility related plugins - utility = { - direnv = { - enable = true; - }; - snacks-nvim = { - enable = true; - setupOpts = { - bigfile = {enabled = true;}; - quickfile = {enabled = true;}; - }; - }; - }; - - # Enable mini modules ( mini is amazing ) - mini = { - # Text editing - ai.enable = true; - comment.enable = true; - operators.enable = true; - pairs.enable = true; - surround.enable = true; - basics = { - enable = true; - setupOpts = { - mappings = { - windows = true; - move_with_alt = true; - }; - }; - }; - bracketed.enable = true; - bufremove.enable = true; - diff.enable = true; - files.enable = true; - git.enable = true; - sessions.enable = true; - visits.enable = true; - hipatterns = { - enable = true; - setupOpts = { - highlighters = { - fixme = lib.generators.mkLuaInline "{ pattern = '%f[%w]()FIXME()%f[%W]', group = 'MiniHipatternsFixme' }"; - hack = lib.generators.mkLuaInline "{ pattern = '%f[%w]()HACK()%f[%W]', group = 'MiniHipatternsHack' }"; - todo = lib.generators.mkLuaInline "{ pattern = '%f[%w]()TODO()%f[%W]', group = 'MiniHipatternsTodo' }"; - note = lib.generators.mkLuaInline "{ pattern = '%f[%w]()NOTE()%f[%W]', group = 'MiniHipatternsNote' }"; - hex_color = lib.generators.mkLuaInline "require('mini.hipatterns').gen_highlighter.hex_color()"; - }; - }; - }; - icons.enable = true; - indentscope.enable = true; - notify.enable = true; - starter.enable = true; - statusline.enable = true; - move.enable = true; - splitjoin.enable = true; - }; - - # Use telescope - telescope = { - enable = true; - extensions = [ - { - name = "fzf"; - packages = [pkgs.vimPlugins.telescope-fzf-native-nvim]; - setup = {fzf = {fuzzy = true;};}; - } - { - name = "ui-select"; - packages = [pkgs.vimPlugins.telescope-ui-select-nvim]; - } - ]; - }; - - # Theme - theme = { - enable = true; - name = "gruvbox"; - style = "dark"; - }; - - # Keymaps - keymaps = [ - { - key = "e"; - mode = ["n"]; - action = ":lua MiniFiles.open()"; - silent = true; - desc = "Open Mini.Files and manage the filesystem."; - } - { - key = ""; - mode = ["n"]; - action = "zz"; - silent = true; - } - { - key = ""; - mode = ["n"]; - action = "zz"; - silent = true; - } - { - key = ""; - mode = ["n"]; - action = "zz"; - silent = true; - } - { - key = ""; - mode = ["n"]; - action = "zz"; - silent = true; - } - ]; - - navigation.harpoon.enable = true; - - extraLuaFiles = [./nvim/autocommands.lua ./nvim/qmlls.lua]; - - extraPlugins = with pkgs.vimPlugins; { - friendly-snippets = { - package = friendly-snippets; - }; - markdown-table-mode-nvim = { - package = markdown-table-mode; - setup = '' - require('markdown-table-mode').setup() - ''; - }; - helpview-nvim.package = helpview-nvim; - }; - - treesitter.grammars = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [ - qmljs - kdl - regex - ]; - }; - }; - }; }; } diff --git a/modules/servers/odin/upfast-cleaner.sh b/modules/servers/odin/upfast-cleaner.sh new file mode 100755 index 0000000..f56bbec --- /dev/null +++ b/modules/servers/odin/upfast-cleaner.sh @@ -0,0 +1,21 @@ +instance="http://127.0.0.1:8383" + +files=$(curl -s "$instance"/files/) + +# Check for keygens on server +if echo "$files" | grep -i "keygen" >> /dev/null; then + for file in $(echo "$files" | grep -i "keygen"); do + echo "Deleting file $file" + curl -X DELETE "$instance/files/$file" + done +fi + +# Delete common php payloads +if echo "$files" | grep -i ".php" >> /dev/null; then + for file in $(echo "$files" | grep -i ".php"); do + if curl -s "$instance/files/$file" | grep -i "base64_decode" >> /dev/null; then + echo "Found payload, deleting file $file" + curl -X DELETE "$instance/files/$file" + fi + done +fi diff --git a/modules/servers/odin/upfast.nix b/modules/servers/odin/upfast.nix index 6e3d98a..486c6cc 100644 --- a/modules/servers/odin/upfast.nix +++ b/modules/servers/odin/upfast.nix @@ -1,4 +1,15 @@ -{inputs, ...}: { +{ + inputs, + pkgs, + lib, + ... +}: let + upfast-cleaner = pkgs.writeShellApplication { + name = "upfast-cleaner"; + runtimeInputs = with pkgs; [curl]; + text = ./upfast-cleaner.sh; + }; +in { fileSystems."/var/lib/upfast" = { device = "/root/10gb"; fsType = "ext4"; @@ -38,6 +49,31 @@ wantedBy = ["multi-user.target"]; }; + systemd.services.upfast-cleaner = { + description = "Script to automatically delete common types of payloads/keygens."; + + requires = ["upfast.service"]; + after = ["upfast.service"]; + + serviceConfig = { + Type = "oneshot"; + User = "upfast"; + Group = "upfast"; + WorkingDirectory = "/var/lib/upfast"; + }; + + script = "${lib.getExe upfast-cleaner}; 'http://localhost:8383'"; + }; + + systemd.timers.upfast-cleaner = { + enable = true; + timerConfig = { + OnBootSec = "1m"; + OnUnitActiveSec = "1m"; + }; + wantedBy = ["timers.target"]; + }; + services.traefik.dynamicConfigOptions.http = { services.upfast.loadBalancer.servers = [ {