added stuff

nyx/lib/helpers/default.nix

@@ -0,0 +1,15 @@
+{lib}: let
+  inherit (import ../core.nix {inherit lib;}) import';
+
+  systemd = import' ./systemd.nix;
+  fs = import' ./fs.nix;
+  types = import' ./types.nix;
+  themes = import' ./themes.nix;
+  modules = import' ./modules.nix;
+in {
+  inherit (systemd) hardenService;
+  inherit (fs) mkBtrfs;
+  inherit (types) filterNixFiles importNixFiles boolToNum fetchKeys containsStrings indexOf intListToStringList;
+  inherit (themes) serializeTheme compileSCSS;
+  inherit (modules) mkModule;
+}

nyx/lib/helpers/fs.nix

@@ -0,0 +1,5 @@
+_: let
+  mkBtrfs = list: list + ["compress=zstd" "noatime"];
+in {
+  inherit mkBtrfs;
+}

nyx/lib/helpers/modules.nix

@@ -0,0 +1,34 @@
+{lib}: let
+  inherit (lib) mkEnableOption mkOption;
+  inherit (lib.types) str int;
+
+  # mkModule takes a few arguments to generate a module for a service without
+  # repeating the same options over and over
+  # this is actually a horrendous abstractation
+  mkModule = {
+    name,
+    type ? "", # type being an empty string means it can be skipped, ommitted
+    host ? "127.0.0.1", # default to listening only on localhost
+    port ? 0, # don't set a port by default
+    extraOptions ? {}, # used to define additional modules
+  }: {
+    enable = mkEnableOption "${name} ${type} service";
+    settings =
+      {
+        host = mkOption {
+          type = str;
+          default = host;
+          description = "The host ${name} will listen on";
+        };
+
+        port = mkOption {
+          type = int;
+          default = port;
+          description = "The port ${name} will listen on";
+        };
+      }
+      // extraOptions;
+  };
+in {
+  inherit mkModule;
+}

nyx/lib/helpers/systemd.nix

@@ -0,0 +1,40 @@
+{lib, ...}: let
+  inherit (lib) mkOptionDefault mapAttrs;
+
+  hardenService = attrs:
+    attrs
+    // (mapAttrs (_: mkOptionDefault) {
+      AmbientCapabilities = "";
+      CapabilityBoundingSet = "";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      NoNewPrivileges = true;
+      PrivateDevices = true;
+      PrivateMounts = true;
+      PrivateTmp = true;
+      ProcSubset = "pid";
+      ProtectClock = true;
+      ProtectControlGroups = true;
+      ProtectHome = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      ProtectSystem = "strict";
+      RemoveIPC = true;
+      RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
+      RestrictNamespaces = true;
+      RestrictRealtime = true;
+      RestrictSUIDSGID = true;
+      SystemCallArchitectures = "native";
+      SystemCallErrorNumber = "EPERM";
+      SystemCallFilter = [
+        "@system-service"
+        # Route-chain and OpenJ9 requires @resources calls
+        "~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @swap"
+      ];
+    });
+in {
+  inherit hardenService;
+}

nyx/lib/helpers/themes.nix

@@ -0,0 +1,21 @@
+{lib}: let
+  # function to generate theme slugs from theme names
+  # "A String With Whitespaces" -> "a-string-with-whitespaces"
+  serializeTheme = inputString: lib.strings.toLower (builtins.replaceStrings [" "] ["-"] inputString);
+
+  # a function that takes a theme name and a source file and compiles it to CSS
+  # compileSCSS "theme-name" "path/to/theme.scss" -> "$out/theme-name.css"
+  # adapted from <https://github.com/spikespaz/dotfiles>
+  compileSCSS = pkgs: {
+    name,
+    source,
+    args ? "-t expanded",
+  }: "${
+    pkgs.runCommandLocal name {} ''
+      mkdir -p $out
+      ${lib.getExe pkgs.sassc} ${args} '${source}' > $out/${name}.css
+    ''
+  }/${name}.css";
+in {
+  inherit serializeTheme compileSCSS;
+}

nyx/lib/helpers/types.nix

@@ -0,0 +1,49 @@
+{lib, ...}: let
+  inherit (lib) lists mapAttrsToList filterAttrs hasSuffix;
+
+  # filter files that have the .nix suffix
+  filterNixFiles = k: v: v == "regular" && hasSuffix ".nix" k;
+
+  # import files that are selected by filterNixFiles
+  importNixFiles = path:
+    (lists.forEach (mapAttrsToList (name: _: path + ("/" + name))
+        (filterAttrs filterNixFiles (builtins.readDir path))))
+    import;
+
+  # return an int (1/0) based on boolean value
+  # `boolToNum true` -> 1
+  boolToNum = bool:
+    if bool
+    then 1
+    else 0;
+
+  # convert a list of integers to a list of string
+  # `intListToStringList [1 2 3]` -> ["1" "2" "3"]
+  intListToStringList = list: map (toString list);
+
+  # a basic function to fetch a specified user's public keys from github .keys url
+  # `fetchKeys "username` -> "ssh-rsa AAAA...== username@hostname"
+  fetchKeys = username: (builtins.fetchurl "https://github.com/${username}.keys");
+
+  # a helper function that checks if a list contains a list of given strings
+  # `containsStrings { targetStrings = ["foo" "bar"]; list = ["foo" "bar" "baz"]; }` -> true
+  containsStrings = {
+    list,
+    targetStrings,
+  }:
+    builtins.all (s: builtins.any (x: x == s) list) targetStrings;
+
+  # indexOf is a function that returns the index of an element in a list
+  # `indexOf ["foo" "bar" "baz"] "bar"` -> 1
+  indexOf = list: elem: let
+    f = f: i:
+      if i == (builtins.length list)
+      then null
+      else if (builtins.elemAt list i) == elem
+      then i
+      else f f (i + 1);
+  in
+    f f 0;
+in {
+  inherit filterNixFiles importNixFiles boolToNum fetchKeys containsStrings indexOf intListToStringList;
+}