Lit another Nix derivation

Bonfire is a slowly snowballing Nix flake with a collection of packages, NixOS modules and other cool things. Of course it contains personal NixOS configurations that use all of these stuff.

The main goal of this project is to keep the structure as simple as possible but use the power of Nix language on maximum (a huge field of experiments, huh?).

In any case, if you are already here, a great solution would be to first check the documentation for the project, where you can find useful information.

License

bonfire is licensed under the MIT License.

MIT license does not apply to the packages built by Nix, merely to the files in this repository. It also might not apply to patches included in Nix, which may be derivative works of the packages to which they apply. The aforementioned artifacts are all covered by the licenses of the respective packages.

Packages

First, you need to add this project to your flake inputs:

{
    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
        bonfire.url = "github:L-Nafaryus/bonfire";
    };
    outputs = { nixpkgs, bonfire, ... }:
    { ... }
}

After, you can use in a NixOS configuration like so

{
    nixosConfigurations.foo = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { bonPkgs = bonfire.packages.x86_64-linux; };
        modules = [
            { pkgs, bonPkgs, ... }: {
                environment.systemPackages = [
                    pkgs.bar 
                    bonPkgs.baz
                ];
            }
            ...
        ];
    };
    # or pass in your devShells, nixosModules, etc
}

bonfire-docs

Bonfire documentation.

Source

Version: unknown

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

bonvim

NixVim distribution for NeoVim with a customized collection of plugins inspired by the LazyVim distribution.

Source

Version: unknown

Main program: nvim

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

cargo-shuttle

A cargo command for the shuttle platform

Source | Homepage

Version: v0.47.0

Outputs: out

License: Apache License 2.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

dearpygui

Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies.

Source | Homepage

Version: 1.10.0

Outputs: out, dist

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

lego

Let's Encrypt client and ACME library written in Go

Source | Homepage

Version: bfe36067932e4594d3baf01cb6545c43b8e1f79c

Main program: lego

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

netgen

NETGEN is an automatic 3d tetrahedral mesh generator

Source | Homepage

Version: 6.2.2405

Outputs: out

License: GNU Lesser General Public License v2.1 only

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

nix-minimal

Minimal image with a Nix package manager

Source | Homepage

Tag: latest

Outputs: out

License: GNU Lesser General Public License v2.1 or later

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

nix-runner

Image for action runners with a Nix package manager

Source | Homepage

Tag: latest From: nix-minimal

Outputs: out

License: GNU Lesser General Public License v2.1 or later

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

openfoam

OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation

Source | Homepage

Version: 11.20240704

Outputs: out

License: GNU General Public License v3.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

postgresql

A powerful, open source object-relational database system.

Source | Homepage

Tag: latest

Outputs: out

License: PostgreSQL License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

redis

An open source, advanced key-value store.

Source | Homepage

Tag: latest

Outputs: out

License: BSD 3-clause "New" or "Revised" License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

spoofdpi

A simple and fast anti-censorship tool written in Go

Source | Homepage

Version: v0.10.0

Main program: spoof-dpi

Outputs: out

License: Apache License 2.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

ultimmc

Cracked Minecraft Launcher

Source | Homepage

Version: faf3c966c43465d6f6c245ed78556222240398ee

Outputs: out

License: Apache License 2.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

zapret

DPI bypass multi platform

Source | Homepage

Version: 9fcd8f830ebde2491719a5c698e22d1d5210e0fb

Main program: zapret

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

NixOS modules

First, you need to add this project to your flake inputs:

{
    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
        bonfire.url = "github:L-Nafaryus/bonfire";
    };
    outputs = { nixpkgs, bonfire, ... }:
    { ... }
}

After, you can use in a NixOS configuration like so

{
    nixosConfigurations.foo = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
            bonfire.nixosModules.bonfire
            # or default because bonfire is default module
            bonfire.nixosModules.default
            # or just standalone module 
            bonfire.nixosModules.bar
            ...
        ];
    };
}

bonfire.configDir

Path to Bonfire static configuration files

Type: path

Default: "/nix/store/34rz750mhsynmgdmdsv3pb0p44zwhd43-n8qp3h1vq0wg5gkr8p8jbdk8cpw0c05w-source/config"

Declared by:

bonfire.home

Bonfire root directory

Type: path

Default: /nix/store/n8qp3h1vq0wg5gkr8p8jbdk8cpw0c05w-source

Declared by:

bonfire.secrets

Secrets will be here after evaluation

Type: attribute set

Default: { }

Declared by:

bonfire.withSecrets

Enables the Bonfire secrets

Type: boolean

Default: false

Declared by:

services.conduit.enable

Whether to enable conduit.

Type: boolean

Default: false

Example: true

Declared by:

services.conduit.package

The package to use.

Type: package

Default: pkgs.matrix-conduit

Declared by:

services.conduit.extraEnvironment

Extra Environment variables to pass to the conduit server.

Type: attribute set of string

Default: { }

Example:

{
  RUST_BACKTRACE = "yes";
}

Declared by:

Generates the conduit.toml configuration file. Refer to https://docs.conduit.rs/configuration.html for details on supported values. Note that database_path can not be edited because the service’s reliance on systemd StateDir.

Type: submodule

Default: { }

Declared by:

services.conduit.settings.global.address

Address to listen on for connections by the reverse proxy/tls terminator.

Type: string

Default: "::1"

Declared by:

services.conduit.settings.global.allow_check_for_updates

Whether to allow Conduit to automatically contact https://conduit.rs hourly to check for important Conduit news.

Disabled by default because nixpkgs handles updates.

Type: boolean

Default: false

Declared by:

services.conduit.settings.global.allow_encryption

Whether new encrypted rooms can be created. Note: existing rooms will continue to work.

Type: boolean

Default: true

Declared by:

services.conduit.settings.global.allow_federation

Whether this server federates with other servers.

Type: boolean

Default: true

Declared by:

services.conduit.settings.global.allow_registration

Whether new users can register on this server.

Type: boolean

Default: false

Declared by:

services.conduit.settings.global.database_backend

The database backend for the service. Switching it on an existing instance will require manual migration of data.

Type: one of “sqlite”, “rocksdb”

Default: "sqlite"

Example: "rocksdb"

Declared by:

services.conduit.settings.global.database_path

Path to the conduit database, the directory where conduit will save its data. Note that due to using the DynamicUser feature of systemd, this value should not be changed and is set to be read only.

Type: string (read only)

Default: "/var/lib/conduit/"

Declared by:

services.conduit.settings.global.max_request_size

Max request size in bytes. Don’t forget to also change it in the proxy.

Type: positive integer, meaning >0

Default: 20000000

Declared by:

services.conduit.settings.global.port

The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 6167

Declared by:

services.conduit.settings.global.server_name

The server_name is the name of this server. It is used as a suffix for user # and room ids.

Type: string

Example: "example.com"

Declared by:

services.conduit.settings.global.trusted_servers

Servers trusted with signing server keys.

Type: list of string

Default:

[
  "matrix.org"
]

Declared by:

services.conduit.settings.global.turn_secret

The TURN secret.

Type: null or string

Default: null

Declared by:

services.conduit.settings.global.turn_ttl

The TURN TTL in seconds.

Type: signed integer

Default: 86400

Declared by:

services.conduit.settings.global.turn_uris

The TURN URIs.

Type: list of string

Default: [ ]

Declared by:

services.conduit.settings.global.well_known.client

The URL that clients should use to connect to Conduit.

Type: null or string

Default: null

Declared by:

services.conduit.settings.global.well_known.server

The hostname and port servers should use to connect to Conduit.

Type: null or string

Default: null

Declared by:

services.conduit.turn_secret_file

The path to the file with TURN secret.

Type: null or path

Default: null

Declared by:

services.papermc.enable

Whether to enable PaperMC service.

Type: boolean

Default: false

Example: true

Declared by:

services.papermc.package

The papermc package to use.

Type: package

Default: pkgs.papermc

Declared by:

services.papermc.dataDir

Directory to store Minecraft database and other state/data files.

Type: path

Default: "/var/lib/papermc"

Declared by:

services.papermc.eula

Whether you agree to Mojangs EULA. This option must be set to true to run Minecraft server.

Type: boolean

Default: false

Declared by:

services.papermc.extraPreStart

Extra shell commands for service pre-start hook.

Type: strings concatenated with “\n”

Default: ""

Declared by:

services.papermc.jvmOpts

JVM options for the Minecraft server.

Type: strings concatenated with " "

Default: "-Xmx2048M -Xms2048M"

Example: "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"

Declared by:

services.papermc.openFirewall

Whether to open ports in the firewall for the server.

Type: boolean

Default: false

Declared by:

services.papermc.ops

Whitelist with players / operators.

Type: list of (attribute set)

Default: [ ]

Declared by:

services.papermc.rconPasswordFile

Path to file with rcon password.

Type: null or string

Default: null

Example: "/var/lib/secrets/papermc/rconpw"

Declared by:

services.papermc.serverProperties

Minecraft server properties for the server.properties file. See https://minecraft.gamepedia.com/Server.properties#Java_Edition_3 for documentation on these values.

Type: attribute set of (boolean or signed integer or string)

Default:

{
  "rcon.password" = {
    _type = "if";
    condition = false;
    content = "#rconpass#";
  };
}

Example:

{
    server-port = 43000;
    difficulty = 3;
    gamemode = 1;
    max-players = 5;
    motd = "NixOS Minecraft server!";
    white-list = true;
    enable-rcon = true;
    "rcon.password" = "hunter2";
}

Declared by:

services.papermc.whitelist

This is a mapping from Minecraft usernames to UUIDs.

Type: list of (attribute set)

Default: { }

Declared by:

services.qbittorrent-nox.enable

Whether to enable Enables the qbittorrent-nox services…

Type: boolean

Default: false

Example: true

Declared by:

services.qbittorrent-nox.package

The qbittorrent package to use.

Type: package

Default: pkgs.qbittorrent-nox

Declared by:

services.qbittorrent-nox.dataDir

Directory to store qbittorrent-nox data files.

Type: path

Default: "/var/lib/qbittorrent-nox"

Example: "/var/lib/qbittorrent-nox"

Declared by:

services.qbittorrent-nox.group

Group under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.openFirewall

Open services.qbittorrent-nox.port.

Type: boolean

Default: false

Declared by:

services.qbittorrent-nox.port

Torrenting port.

Type: signed integer

Default: 6969

Example: 6969

Declared by:

services.qbittorrent-nox.user

User account under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.webuiPort

WebUI port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.enable

Whether to enable SpoofDPI service.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.package

The package to use.

Type: package

Default: bonPkgs.spoofdpi

Declared by:

services.spoofdpi.address

Listen address.

Type: string

Default: "127.0.0.1"

Example: "127.0.0.1"

Declared by:

services.spoofdpi.bypassUrls

Bypass DPI only on this urls.

Type: list of string

Default: [ ]

Declared by:

services.spoofdpi.dns

DNS address.

Type: string

Default: "8.8.8.8"

Example: "8.8.8.8"

Declared by:

services.spoofdpi.dnsPort

DNS port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 53

Example: 53

Declared by:

services.spoofdpi.doh

Whether to enable DOH.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.openFirewall

Open services.spoofdpi.port.

Type: boolean

Default: false

Declared by:

services.spoofdpi.pattern

Bypass DPI only on packets matching this regex pattern.

Type: null or string

Default: null

Declared by:

services.spoofdpi.port

Port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.timeout

Timeout in milliseconds.

Type: signed integer

Default: 2000

Example: 2000

Declared by:

services.spoofdpi.windowSize

Window size for fragmented client hello.

Type: signed integer

Default: 50

Example: 50

Declared by:

services.conduit.enable

Whether to enable conduit.

Type: boolean

Default: false

Example: true

Declared by:

services.conduit.package

The package to use.

Type: package

Default: pkgs.matrix-conduit

Declared by:

services.conduit.extraEnvironment

Extra Environment variables to pass to the conduit server.

Type: attribute set of string

Default: { }

Example:

{
  RUST_BACKTRACE = "yes";
}

Declared by:

services.conduit.settings

Type: submodule

Default: { }

Declared by:

services.conduit.settings.global.address

Address to listen on for connections by the reverse proxy/tls terminator.

Type: string

Default: "::1"

Declared by:

services.conduit.settings.global.allow_check_for_updates

Whether to allow Conduit to automatically contact https://conduit.rs hourly to check for important Conduit news.

Disabled by default because nixpkgs handles updates.

Type: boolean

Default: false

Declared by:

services.conduit.settings.global.allow_encryption

Whether new encrypted rooms can be created. Note: existing rooms will continue to work.

Type: boolean

Default: true

Declared by:

services.conduit.settings.global.allow_federation

Whether this server federates with other servers.

Type: boolean

Default: true

Declared by:

services.conduit.settings.global.allow_registration

Whether new users can register on this server.

Type: boolean

Default: false

Declared by:

services.conduit.settings.global.database_backend

The database backend for the service. Switching it on an existing instance will require manual migration of data.

Type: one of “sqlite”, “rocksdb”

Default: "sqlite"

Example: "rocksdb"

Declared by:

services.conduit.settings.global.database_path

Path to the conduit database, the directory where conduit will save its data. Note that due to using the DynamicUser feature of systemd, this value should not be changed and is set to be read only.

Type: string (read only)

Default: "/var/lib/conduit/"

Declared by:

services.conduit.settings.global.max_request_size

Max request size in bytes. Don’t forget to also change it in the proxy.

Type: positive integer, meaning >0

Default: 20000000

Declared by:

services.conduit.settings.global.port

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 6167

Declared by:

services.conduit.settings.global.server_name

The server_name is the name of this server. It is used as a suffix for user # and room ids.

Type: string

Example: "example.com"

Declared by:

services.conduit.settings.global.trusted_servers

Servers trusted with signing server keys.

Type: list of string

Default:

[
  "matrix.org"
]

Declared by:

services.conduit.settings.global.turn_secret

The TURN secret.

Type: null or string

Default: null

Declared by:

services.conduit.settings.global.turn_ttl

The TURN TTL in seconds.

Type: signed integer

Default: 86400

Declared by:

services.conduit.settings.global.turn_uris

The TURN URIs.

Type: list of string

Default: [ ]

Declared by:

services.conduit.settings.global.well_known.client

The URL that clients should use to connect to Conduit.

Type: null or string

Default: null

Declared by:

services.conduit.settings.global.well_known.server

The hostname and port servers should use to connect to Conduit.

Type: null or string

Default: null

Declared by:

services.conduit.turn_secret_file

The path to the file with TURN secret.

Type: null or path

Default: null

Declared by:

services.papermc.enable

Whether to enable PaperMC service.

Type: boolean

Default: false

Example: true

Declared by:

services.papermc.package

The papermc package to use.

Type: package

Default: pkgs.papermc

Declared by:

services.papermc.dataDir

Directory to store Minecraft database and other state/data files.

Type: path

Default: "/var/lib/papermc"

Declared by:

services.papermc.eula

Whether you agree to Mojangs EULA. This option must be set to true to run Minecraft server.

Type: boolean

Default: false

Declared by:

services.papermc.extraPreStart

Extra shell commands for service pre-start hook.

Type: strings concatenated with “\n”

Default: ""

Declared by:

services.papermc.jvmOpts

JVM options for the Minecraft server.

Type: strings concatenated with " "

Default: "-Xmx2048M -Xms2048M"

Example: "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"

Declared by:

services.papermc.openFirewall

Whether to open ports in the firewall for the server.

Type: boolean

Default: false

Declared by:

services.papermc.ops

Whitelist with players / operators.

Type: list of (attribute set)

Default: [ ]

Declared by:

services.papermc.rconPasswordFile

Path to file with rcon password.

Type: null or string

Default: null

Example: "/var/lib/secrets/papermc/rconpw"

Declared by:

services.papermc.serverProperties

Minecraft server properties for the server.properties file. See https://minecraft.gamepedia.com/Server.properties#Java_Edition_3 for documentation on these values.

Type: attribute set of (boolean or signed integer or string)

Default:

{
  "rcon.password" = {
    _type = "if";
    condition = false;
    content = "#rconpass#";
  };
}

Example:

{
    server-port = 43000;
    difficulty = 3;
    gamemode = 1;
    max-players = 5;
    motd = "NixOS Minecraft server!";
    white-list = true;
    enable-rcon = true;
    "rcon.password" = "hunter2";
}

Declared by:

services.papermc.whitelist

This is a mapping from Minecraft usernames to UUIDs.

Type: list of (attribute set)

Default: { }

Declared by:

services.qbittorrent-nox.enable

Whether to enable Enables the qbittorrent-nox services…

Type: boolean

Default: false

Example: true

Declared by:

services.qbittorrent-nox.package

The qbittorrent package to use.

Type: package

Default: pkgs.qbittorrent-nox

Declared by:

services.qbittorrent-nox.dataDir

Directory to store qbittorrent-nox data files.

Type: path

Default: "/var/lib/qbittorrent-nox"

Example: "/var/lib/qbittorrent-nox"

Declared by:

services.qbittorrent-nox.group

Group under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.openFirewall

Open services.qbittorrent-nox.port.

Type: boolean

Default: false

Declared by:

services.qbittorrent-nox.port

Torrenting port.

Type: signed integer

Default: 6969

Example: 6969

Declared by:

services.qbittorrent-nox.user

User account under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.webuiPort

WebUI port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.enable

Whether to enable SpoofDPI service.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.package

The package to use.

Type: package

Default: bonPkgs.spoofdpi

Declared by:

services.spoofdpi.address

Listen address.

Type: string

Default: "127.0.0.1"

Example: "127.0.0.1"

Declared by:

services.spoofdpi.bypassUrls

Bypass DPI only on this urls.

Type: list of string

Default: [ ]

Declared by:

services.spoofdpi.dns

DNS address.

Type: string

Default: "8.8.8.8"

Example: "8.8.8.8"

Declared by:

services.spoofdpi.dnsPort

DNS port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 53

Example: 53

Declared by:

services.spoofdpi.doh

Whether to enable DOH.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.openFirewall

Open services.spoofdpi.port.

Type: boolean

Default: false

Declared by:

services.spoofdpi.pattern

Bypass DPI only on packets matching this regex pattern.

Type: null or string

Default: null

Declared by:

services.spoofdpi.port

Port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.timeout

Timeout in milliseconds.

Type: signed integer

Default: 2000

Example: 2000

Declared by:

services.spoofdpi.windowSize

Window size for fragmented client hello.

Type: signed integer

Default: 50

Example: 50

Declared by:

Side Notes

How to update and push flake inputs:

nix flake update 
nix flake archive --json \
    | jq -r '.path,(.inputs|to_entries[].value.path)' \
    | cachix push bonfire

How to build and push flake package:

nix build --json .#package \
    | jq -r '.[].outputs | to_entries[].value' \
    | cachix push bonfire

How to rebuild system with git submodules:

sudo nixos-rebuild switch --flake ".?submodules=1#astora"

How to rebuild remote system from local system with git submodules:

nixos-rebuild switch --flake ".?submodules=1#catarina" --build-host l-nafaryus@astora --target-host l.nafaryus@catarina --use-remote-sudo

How to repair corrupted links in nix-store:

nix-store --verify --check-contents --repair

How to get hash for package sources:

nix flake prefetch --json github:OpenFOAM/OpenFOAM-11/20240704

Contributing

Just contribute and maybe there will be a contribution policy, maybe not. Nothing complicated, the same rules as everyone else, just do it.

Bonfire's main source is Elnafo VCS, but you can also create issues on GitHub.