Lit another Nix derivation

Bonfire is a slowly snowballing Nix flake with a collection of packages, NixOS modules and other cool things. Of course it contains personal NixOS configurations that use all of these stuff.

The main goal of this project is to keep the structure as simple as possible but use the power of Nix language on maximum (a huge field of experiments, huh?).

In any case, if you are already here, a great solution would be to first check the documentation for the project, where you can find useful information.

License

bonfire is licensed under the MIT License.

MIT license does not apply to the packages built by Nix, merely to the files in this repository. It also might not apply to patches included in Nix, which may be derivative works of the packages to which they apply. The aforementioned artifacts are all covered by the licenses of the respective packages.

Packages

First, you need to add this project to your flake inputs:

{
    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
        bonfire.url = "github:L-Nafaryus/bonfire";
    };
    outputs = { nixpkgs, bonfire, ... }:
    { ... }
}

After, you can use in a NixOS configuration like so

{
    nixosConfigurations.foo = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { bonPkgs = bonfire.packages.x86_64-linux; };
        modules = [
            { pkgs, bonPkgs, ... }: {
                environment.systemPackages = [
                    pkgs.bar 
                    bonPkgs.baz
                ];
            }
            ...
        ];
    };
    # or pass in your devShells, nixosModules, etc
}

blender

3D Creation/Animation/Publishing System (CUDA enabled)

Source | Homepage

Version: 4.2.1

Main program: blender

Outputs: out

License: GNU General Public License v2.0 or later, NVidia OptiX EULA

Maintainers: Andrew Marshall<andrew@johnandrewmarshall.com>, Dmitry Kalinkin<veprbl@gmail.com>

Platforms: x86_64-linux

bonfire-docs

Bonfire documentation.

Source

Version: unknown

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

bonvim

NixVim distribution for NeoVim with a customized collection of plugins inspired by the LazyVim distribution.

Source

Version: unknown

Main program: nvim

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

cargo-shuttle

A cargo command for the shuttle platform

Source | Homepage

Version: v0.47.0

Outputs: out

License: Apache License 2.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

dearpygui

Dear PyGui: A fast and powerful Graphical User Interface Toolkit for Python with minimal dependencies.

Source | Homepage

Version: 1.10.0

Outputs: out, dist

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

netgen

NETGEN is an automatic 3d tetrahedral mesh generator

Source | Homepage

Version: 6.2.2404

Outputs: out

License: GNU Lesser General Public License v2.1 only

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

nix-minimal

Minimal image with a Nix package manager

Source | Homepage

Tag: latest

Outputs: out

License: GNU Lesser General Public License v2.1 or later

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

nix-runner

Image for action runners with a Nix package manager

Source | Homepage

Tag: latest From: nix-minimal

Outputs: out

License: GNU Lesser General Public License v2.1 or later

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

openfoam

OpenFOAM is a free, open source CFD software released and developed by OpenFOAM Foundation

Source | Homepage

Version: 11.20240704

Outputs: out

License: GNU General Public License v3.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

postgresql

A powerful, open source object-relational database system.

Source | Homepage

Tag: latest

Outputs: out

License: PostgreSQL License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

redis

An open source, advanced key-value store.

Source | Homepage

Tag: latest

Outputs: out

License: BSD 3-clause "New" or "Revised" License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

spoofdpi

A simple and fast anti-censorship tool written in Go

Source | Homepage

Version: v0.10.0

Main program: spoof-dpi

Outputs: out

License: Apache License 2.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

ultimmc

Cracked Minecraft Launcher

Source | Homepage

Version: faf3c966c43465d6f6c245ed78556222240398ee

Outputs: out

License: Apache License 2.0

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

Platforms: x86_64-linux

wezterm

A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust

Source | Homepage

Version: abfc0b4

Main program: wezterm

Outputs: out

License: MIT License

Platforms: x86_64-linux

zapret

DPI bypass multi platform

Source | Homepage

Version: 9fcd8f830ebde2491719a5c698e22d1d5210e0fb

Main program: zapret

Outputs: out

License: MIT License

Maintainers: L-Nafaryus<l.nafaryus@elnafo.ru>

NixOS modules

First, you need to add this project to your flake inputs:

{
    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
        bonfire.url = "github:L-Nafaryus/bonfire";
    };
    outputs = { nixpkgs, bonfire, ... }:
    { ... }
}

After, you can use in a NixOS configuration like so

{
    nixosConfigurations.foo = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
            bonfire.nixosModules.bonfire
            # or default because bonfire is default module
            bonfire.nixosModules.default
            # or just standalone module 
            bonfire.nixosModules.bar
            ...
        ];
    };
}

bonfire.configDir

Path to Bonfire static configuration files

Type: path

Default: "/nix/store/w75d90x7krzs7p2h8xw7ywjqlav9agb1-w7i47c89j6mpbwzzv10jh9767x4cjww6-source/config"

Declared by:

bonfire.home

Bonfire root directory

Type: path

Default: /nix/store/w7i47c89j6mpbwzzv10jh9767x4cjww6-source

Declared by:

bonfire.secrets

Secrets will be here after evaluation

Type: attribute set

Default: { }

Declared by:

bonfire.withSecrets

Enables the Bonfire secrets

Type: boolean

Default: false

Declared by:

services.papermc.enable

Whether to enable PaperMC service.

Type: boolean

Default: false

Example: true

Declared by:

services.papermc.package

The papermc package to use.

Type: package

Default: pkgs.papermc

Declared by:

services.papermc.dataDir

Directory to store Minecraft database and other state/data files.

Type: path

Default: "/var/lib/papermc"

Declared by:

services.papermc.eula

Whether you agree to Mojangs EULA. This option must be set to true to run Minecraft server.

Type: boolean

Default: false

Declared by:

services.papermc.extraPreStart

Extra shell commands for service pre-start hook.

Type: strings concatenated with “\n”

Default: ""

Declared by:

services.papermc.jvmOpts

JVM options for the Minecraft server.

Type: strings concatenated with " "

Default: "-Xmx2048M -Xms2048M"

Example: "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"

Declared by:

services.papermc.openFirewall

Whether to open ports in the firewall for the server.

Type: boolean

Default: false

Declared by:

services.papermc.ops

Whitelist with players / operators.

Type: list of (attribute set)

Default: [ ]

Declared by:

services.papermc.rconPasswordFile

Path to file with rcon password.

Type: null or string

Default: null

Example: "/var/lib/secrets/papermc/rconpw"

Declared by:

services.papermc.serverProperties

Minecraft server properties for the server.properties file. See https://minecraft.gamepedia.com/Server.properties#Java_Edition_3 for documentation on these values.

Type: attribute set of (boolean or signed integer or string)

Default:

{
  "rcon.password" = {
    _type = "if";
    condition = false;
    content = "#rconpass#";
  };
}

Example:

{
    server-port = 43000;
    difficulty = 3;
    gamemode = 1;
    max-players = 5;
    motd = "NixOS Minecraft server!";
    white-list = true;
    enable-rcon = true;
    "rcon.password" = "hunter2";
}

Declared by:

services.papermc.whitelist

This is a mapping from Minecraft usernames to UUIDs.

Type: list of (attribute set)

Default: { }

Declared by:

services.qbittorrent-nox.enable

Whether to enable Enables the qbittorrent-nox services…

Type: boolean

Default: false

Example: true

Declared by:

services.qbittorrent-nox.package

The qbittorrent package to use.

Type: package

Default: pkgs.qbittorrent-nox

Declared by:

services.qbittorrent-nox.dataDir

Directory to store qbittorrent-nox data files.

Type: path

Default: "/var/lib/qbittorrent-nox"

Example: "/var/lib/qbittorrent-nox"

Declared by:

services.qbittorrent-nox.group

Group under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.openFirewall

Open services.qbittorrent-nox.port.

Type: boolean

Default: false

Declared by:

services.qbittorrent-nox.port

Torrenting port.

Type: signed integer

Default: 6969

Example: 6969

Declared by:

services.qbittorrent-nox.user

User account under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.webuiPort

WebUI port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.enable

Whether to enable SpoofDPI service.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.package

The package to use.

Type: package

Default: bonPkgs.spoofdpi

Declared by:

services.spoofdpi.address

Listen address.

Type: string

Default: "127.0.0.1"

Example: "127.0.0.1"

Declared by:

services.spoofdpi.bypassUrls

Bypass DPI only on this urls.

Type: list of string

Default: [ ]

Declared by:

services.spoofdpi.dns

DNS address.

Type: string

Default: "8.8.8.8"

Example: "8.8.8.8"

Declared by:

services.spoofdpi.dnsPort

DNS port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 53

Example: 53

Declared by:

services.spoofdpi.doh

Whether to enable DOH.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.openFirewall

Open services.spoofdpi.port.

Type: boolean

Default: false

Declared by:

services.spoofdpi.pattern

Bypass DPI only on packets matching this regex pattern.

Type: null or string

Default: null

Declared by:

services.spoofdpi.port

Port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.timeout

Timeout in milliseconds.

Type: signed integer

Default: 2000

Example: 2000

Declared by:

services.spoofdpi.windowSize

Window size for fragmented client hello.

Type: signed integer

Default: 50

Example: 50

Declared by:

services.zapret.enable

Whether to enable DPI bypass multi platform service.

Type: boolean

Default: false

Example: true

Declared by:

services.zapret.package

The package to use.

Type: package

Default: bonPkgs.zapret

Declared by:

services.zapret.disableIPV4

Enable usage of IpV4.

Type: boolean

Default: false

Declared by:

services.zapret.disableIPV6

Enable usage of IpV6.

Type: boolean

Default: true

Declared by:

services.zapret.filterAddresses

List of addresses to filter

Type: null or string

Default: null

Declared by:

services.zapret.firewallType

Which firewall zapret should use.

Type: one of “iptables”, “nftables”

Default: "nftables"

Declared by:

services.zapret.ignoreAddresses

List of addresses to ignore

Type: null or string

Default:

''
  10.0.0.0/8
  169.254.0.0/16
  172.16.0.0/12
  192.168.0.0/16
''

Declared by:

services.zapret.mode

Which mode zapret should use.

Type: one of “tpws”, “tpws-socks”, “nfqws”, “filter”, “custom”

Default: "tpws"

Declared by:

services.zapret.settings

Rules for zapret to work. Run nix-shell -p zapret --command blockcheck to get values to pass here.

Config example can be found here https://github.com/bol-van/zapret/blob/master/config.default

Type: strings concatenated with “\n”

Default: ""

Example:

''
  TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
  NFQWS_OPT_DESYNC="--dpi-desync-ttl=5"
''

Declared by:

services.papermc.enable

Whether to enable PaperMC service.

Type: boolean

Default: false

Example: true

Declared by:

services.papermc.package

The papermc package to use.

Type: package

Default: pkgs.papermc

Declared by:

services.papermc.dataDir

Directory to store Minecraft database and other state/data files.

Type: path

Default: "/var/lib/papermc"

Declared by:

services.papermc.eula

Whether you agree to Mojangs EULA. This option must be set to true to run Minecraft server.

Type: boolean

Default: false

Declared by:

services.papermc.extraPreStart

Extra shell commands for service pre-start hook.

Type: strings concatenated with “\n”

Default: ""

Declared by:

services.papermc.jvmOpts

JVM options for the Minecraft server.

Type: strings concatenated with " "

Default: "-Xmx2048M -Xms2048M"

Example: "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"

Declared by:

services.papermc.openFirewall

Whether to open ports in the firewall for the server.

Type: boolean

Default: false

Declared by:

services.papermc.ops

Whitelist with players / operators.

Type: list of (attribute set)

Default: [ ]

Declared by:

services.papermc.rconPasswordFile

Path to file with rcon password.

Type: null or string

Default: null

Example: "/var/lib/secrets/papermc/rconpw"

Declared by:

services.papermc.serverProperties

Minecraft server properties for the server.properties file. See https://minecraft.gamepedia.com/Server.properties#Java_Edition_3 for documentation on these values.

Type: attribute set of (boolean or signed integer or string)

Default:

{
  "rcon.password" = {
    _type = "if";
    condition = false;
    content = "#rconpass#";
  };
}

Example:

{
    server-port = 43000;
    difficulty = 3;
    gamemode = 1;
    max-players = 5;
    motd = "NixOS Minecraft server!";
    white-list = true;
    enable-rcon = true;
    "rcon.password" = "hunter2";
}

Declared by:

services.papermc.whitelist

This is a mapping from Minecraft usernames to UUIDs.

Type: list of (attribute set)

Default: { }

Declared by:

services.qbittorrent-nox.enable

Whether to enable Enables the qbittorrent-nox services…

Type: boolean

Default: false

Example: true

Declared by:

services.qbittorrent-nox.package

The qbittorrent package to use.

Type: package

Default: pkgs.qbittorrent-nox

Declared by:

services.qbittorrent-nox.dataDir

Directory to store qbittorrent-nox data files.

Type: path

Default: "/var/lib/qbittorrent-nox"

Example: "/var/lib/qbittorrent-nox"

Declared by:

services.qbittorrent-nox.group

Group under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.openFirewall

Open services.qbittorrent-nox.port.

Type: boolean

Default: false

Declared by:

services.qbittorrent-nox.port

Torrenting port.

Type: signed integer

Default: 6969

Example: 6969

Declared by:

services.qbittorrent-nox.user

User account under which qbittorrent-nox runs.

Type: string

Default: "qbittorrent-nox"

Declared by:

services.qbittorrent-nox.webuiPort

WebUI port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.enable

Whether to enable SpoofDPI service.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.package

The package to use.

Type: package

Default: bonPkgs.spoofdpi

Declared by:

services.spoofdpi.address

Listen address.

Type: string

Default: "127.0.0.1"

Example: "127.0.0.1"

Declared by:

services.spoofdpi.bypassUrls

Bypass DPI only on this urls.

Type: list of string

Default: [ ]

Declared by:

services.spoofdpi.dns

DNS address.

Type: string

Default: "8.8.8.8"

Example: "8.8.8.8"

Declared by:

services.spoofdpi.dnsPort

DNS port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 53

Example: 53

Declared by:

services.spoofdpi.doh

Whether to enable DOH.

Type: boolean

Default: false

Example: true

Declared by:

services.spoofdpi.openFirewall

Open services.spoofdpi.port.

Type: boolean

Default: false

Declared by:

services.spoofdpi.pattern

Bypass DPI only on packets matching this regex pattern.

Type: null or string

Default: null

Declared by:

services.spoofdpi.port

Port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 8080

Example: 8080

Declared by:

services.spoofdpi.timeout

Timeout in milliseconds.

Type: signed integer

Default: 2000

Example: 2000

Declared by:

services.spoofdpi.windowSize

Window size for fragmented client hello.

Type: signed integer

Default: 50

Example: 50

Declared by:

services.zapret.enable

Whether to enable DPI bypass multi platform service.

Type: boolean

Default: false

Example: true

Declared by:

services.zapret.package

The package to use.

Type: package

Default: bonPkgs.zapret

Declared by:

services.zapret.disableIPV4

Enable usage of IpV4.

Type: boolean

Default: false

Declared by:

services.zapret.disableIPV6

Enable usage of IpV6.

Type: boolean

Default: true

Declared by:

services.zapret.filterAddresses

List of addresses to filter

Type: null or string

Default: null

Declared by:

services.zapret.firewallType

Which firewall zapret should use.

Type: one of “iptables”, “nftables”

Default: "nftables"

Declared by:

services.zapret.ignoreAddresses

List of addresses to ignore

Type: null or string

Default:

''
  10.0.0.0/8
  169.254.0.0/16
  172.16.0.0/12
  192.168.0.0/16
''

Declared by:

services.zapret.mode

Which mode zapret should use.

Type: one of “tpws”, “tpws-socks”, “nfqws”, “filter”, “custom”

Default: "tpws"

Declared by:

services.zapret.settings

Rules for zapret to work. Run nix-shell -p zapret --command blockcheck to get values to pass here.

Config example can be found here https://github.com/bol-van/zapret/blob/master/config.default

Type: strings concatenated with “\n”

Default: ""

Example:

''
  TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
  NFQWS_OPT_DESYNC="--dpi-desync-ttl=5"
''

Declared by:

Side Notes

How to update and push flake inputs:

nix flake update 
nix flake archive --json \
    | jq -r '.path,(.inputs|to_entries[].value.path)' \
    | cachix push bonfire

How to build and push flake package:

nix build --json .#package \
    | jq -r '.[].outputs | to_entries[].value' \
    | cachix push bonfire

How to rebuild system with git submodules:

sudo nixos-rebuild switch --flake ".?submodules=1#astora"

How to rebuild remote system from local system with git submodules:

nixos-rebuild switch --flake ".?submodules=1#catarina" --build-host l-nafaryus@astora --target-host l.nafaryus@catarina --use-remote-sudo

How to repair corrupted links in nix-store:

nix-store --verify --check-contents --repair

How to get hash for package sources:

nix flake prefetch --json github:OpenFOAM/OpenFOAM-11/20240704

Contributing

Just contribute and maybe there will be a contribution policy, maybe not. Nothing complicated, the same rules as everyone else, just do it.

Bonfire's main source is Elnafo VCS, but you can also create issues on GitHub.