faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

added stuff

Browse source
This commit is contained in:
vali 2024-04-09 23:11:33 +02:00
commit 7d4f626b7d
907 changed files with 70990 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nyx/docs/.envrc Normal file
View file

@ -0,0 +1 @@
use nix

6
nyx/docs/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Ignore directories generated by our documentation scripts
out/
# Ignore compiled stylesheet
templates/style.css

395
nyx/docs/LICENSE Normal file
View file

@ -0,0 +1,395 @@
Attribution 4.0 International
=======================================================================
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
=======================================================================
Creative Commons Attribution 4.0 International Public License
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution 4.0 International Public License ("Public License"). To the
extent this Public License may be interpreted as a contract, You are
granted the Licensed Rights in consideration of Your acceptance of
these terms and conditions, and the Licensor grants You such rights in
consideration of benefits the Licensor receives from making the
Licensed Material available under these terms and conditions.
Section 1 -- Definitions.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
b. Adapter's License means the license You apply to Your Copyright
and Similar Rights in Your contributions to Adapted Material in
accordance with the terms and conditions of this Public License.
c. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
d. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
e. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
f. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
g. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
h. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
i. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
j. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
k. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
Section 2 -- Scope.
a. License grant.
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
a. reproduce and Share the Licensed Material, in whole or
in part; and
b. produce, reproduce, and Share Adapted Material.
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
3. Term. The term of this Public License is specified in Section
6(a).
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material (including in modified
form), You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
4. If You Share Adapted Material You produce, the Adapter's
License You apply must not prevent recipients of the Adapted
Material from complying with this Public License.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material; and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public licenses.
Notwithstanding, Creative Commons may elect to apply one of its public
licenses to material it publishes and in those instances will be
considered the “Licensor.” The text of the Creative Commons public
licenses is dedicated to the public domain under the CC0 Public Domain
Dedication. Except for the limited purpose of indicating that material
is shared under a Creative Commons public license or as otherwise
permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the public
licenses.
Creative Commons may be contacted at creativecommons.org.

249
nyx/docs/gen.sh Executable file
View file

@ -0,0 +1,249 @@
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
# Site Meta
title="NotAShelf/nyx"
site_url="https://nyx.notashelf.dev"
site_description="NotAShelf's notes on various topics"
# Directories
tmpdir="$(mktemp -d)"
workingdir="$(pwd)"
outdir="$workingdir"/out
posts_dir="$outdir/posts"
pages_dir="$outdir/pages"
# A list of posts
json_file="$posts_dir/posts.json"
create_directory() {
if [ ! -d "$1" ]; then
echo "Creating directory: $1"
mkdir -p "$1"
fi
}
compile_stylesheet() {
echo "Compiling stylesheet..."
sassc --style=compressed "$1"/"$2" "$1"/out/style.css
}
generate_posts_json() {
echo "Generating JSON..."
json='{"posts":['
first=true
for file in "$1"/notes/*.md; do
filename=$(basename "$file")
if [[ $filename != "README.md" ]]; then
if [[ $filename =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2} ]]; then
# Extract date from filename
date=$(echo "$filename" | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}')
# Sanitize title
sanitized_title=$(echo "$filename" | sed -E 's/^[0-9]{4}-[0-9]{2}-[0-9]{2}-//; s/\.md$//; s/-/ /g; s/\b\w/\u&/g')
if [ "$first" = true ]; then
first=false
else
json="$json,"
fi
# JSON object with data we may want to use like a json feed file
# this doesn't, however, actually follow jsonfeed spec
# that is done so by the generate_jsonfeed_spec function
json_object=$(jq -n \
--arg name "$filename" \
--arg url "$site_url/posts/$(basename "$file" .md).html" \
--arg date "$date" \
--arg title "$sanitized_title" \
--arg path "/posts/$(basename "$file" .md).html" \
'{name: $name, url: $url, date: $date, title: $title, path: $path}')
# Append JSON object to the array
json="$json$json_object"
fi
fi
done
json="$json]}"
# Format JSON with jq
formatted_json=$(echo "$json" | jq .)
echo "$formatted_json" >"$2"
}
generate_jsonfeed_spec() {
echo "Generating JSON Feed..."
json=$(jq -n \
--arg version "https://jsonfeed.org/version/1.1" \
--arg title "$title" \
--arg home_page_url "$site_url" \
--arg feed_url "$site_url/feed.json" \
'{version: $version, title: $title, home_page_url: $home_page_url, feed_url: $feed_url, items: []}')
# Initialize the ID counter to 0
id_counter=0
for file in "$1"/notes/*.md; do
filename=$(basename "$file")
if [[ $filename != "README.md" ]]; then
if [[ $filename =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2} ]]; then
# Extract date from filename
date=$(echo "$filename" | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}')
# Sanitize title
sanitized_title=$(echo "$filename" | sed -E 's/^[0-9]{4}-[0-9]{2}-[0-9]{2}-//; s/\.md$//; s/-/ /g; s/\b\w/\u&/g')
# Generate the URL for the post
url="$site_url/posts/$(basename "$file" .md).html"
content_raw="$(cat notes/"$(basename "$file" .md)".html)"
# Generate the JSON object for the item
json_object=$(jq -n \
--arg id "$id_counter" \
--arg url "$url" \
--arg title "$sanitized_title" \
--arg date "$date" \
--arg content_html "$content_raw" \
'{id: $id, url: $url, title: $title, date_published: $date, content_html: $content_raw}')
# Append the JSON object to the items array
json=$(echo "$json" | jq --argjson item "$json_object" '.items += [$item]')
# Increment the ID counter
id_counter=$((id_counter + 1))
fi
fi
done
# Format JSON with jq
formatted_json=$(echo "$json" | jq .)
echo "$formatted_json" >"$2"
}
# Index page refers to the "main" page generated
# from the README.md, which I would like to see on the front
generate_index_page() {
local templates="$1"/templates
echo "Generating index page..."
pandoc --from gfm --to html \
--standalone \
--template "$templates"/html/page.html \
--css /style.css \
--variable="index:true" \
--metadata title="$title" \
--metadata description="$site_description" \
"$1/notes/README.md" -o "$2/index.html"
}
generate_other_pages() {
local templates="$2"/templates
echo "Generating other pages..."
for file in "$1"/notes/*.md; do
filename=$(basename "$file")
if [[ $filename != "README.md" ]]; then
if [[ $filename =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2} ]]; then
# Date in filename imples a blogpost
# convert it to markdown and place it in the posts directory
# since this is a post, it can contain a table of contents
echo "Converting $filename..."
pandoc --from gfm --to html \
--standalone \
--template "$templates"/html/page.html \
--css /style.css \
--metadata title="$filename" \
--metadata description="$site_description" \
--table-of-contents \
--highlight-style="$templates"/pandoc/custom.theme \
"$file" -o "$3/posts/$(basename "$file" .md).html"
else
if [[ $filename != "*-md" ]]; then
echo "Converting $filename..."
# No date in filename, means this is a standalone page
# convert it to html and place it in the pages directory
pandoc --from gfm --to html \
--standalone \
--template "$templates"/html/page.html \
--css /style.css \
--metadata title="$filename" \
--metadata description="$site_description" \
"$file" -o "$3/pages/$(basename "$file" .md).html"
fi
fi
fi
done
for file in "$4"/*.md; do
filename=$(basename "$file")
pandoc --from gfm --to html \
--standalone \
--template "$templates"/html/page.html \
--css /style.css \
--metadata title="$filename" \
--metadata description="$site_description" \
--highlight-style="$templates"/pandoc/custom.theme \
"$file" -o "$3/pages/$(basename "$file" .md).html"
done
}
write_privacy_policy() {
# write privacy.md as notes/privacy.md
cat >"$1/privacy.md" <<EOF
# Privacy Policy
This site is hosted on Github Pages, their privacy policies apply at any given time.
The author of this site:
- does not set or use cookies.
- does not store data in the browser to be shared, sent, or sold to third-parties.
- does not collect, sell, send or otherwise share your private information with any third parties.
Effective as of April 5th, 2024.
EOF
}
write_about_page() {
# write about.md as notes/about.md
cat >"$1/about.md" <<-EOF
# About
I work with Nix quite often, and share some of the stuff I learn while I do so. This website contains various notes
on things that interested me, or things I thought was worth sharing. If you would like to contribute, or have any feedback
you think would be useful, please feel free to reach out to me via email, available at my GitHub profile or
[on my website](https://notashelf.dev)
EOF
}
cleanup() {
echo "Cleaning up..."
rm -rf "$tmpdir"
}
trap cleanup EXIT
# Create directories
create_directory "$outdir"
create_directory "$posts_dir"
create_directory "$pages_dir"
# Compile stylesheet
compile_stylesheet "$workingdir" "templates/scss/main.scss"
# Index page
generate_index_page "$workingdir" "$outdir"
# Other Pages
write_about_page "$tmpdir"
write_privacy_policy "$tmpdir"
generate_other_pages "$workingdir" "$workingdir" "$outdir" "$tmpdir"
# Post list and feed file
generate_posts_json "$workingdir" "$json_file"
generate_jsonfeed_spec "$workingdir" "$outdir"/feed.json
# Cleanup
cleanup
echo "All tasks completed successfully."

18
nyx/docs/notes/2023-01-22-system-backlight.md Normal file
View file

@ -0,0 +1,18 @@
# Notes for 22th of January, 2023
Following a system upgrade two days ago, my HP Pavillion laptop has stopped
registering the `intel_backlight` interface in `/sys/class/backlight`, which
is most often used to control backlight by tools such as `brightnessctl.`
Inspecting `dmesg` has given me nothing but aninsanely vague error message.
Only mentioning it is not being loaded (_very helpful, thanks!_)
After some research, on Google as every other confused Linux user, I have
come across [this article](https://www.linuxquestions.org/questions/slackware-14/brightness-keys-not-working-after-updating-to-kernel-version-6-a-4175720728/)
which mentions backlight behaviour has changed sometime after kernel 6.1.4.
Fortunately for me, the article also refers to the the ever so informative
ArchWiki, which instructs passing one of the [three kernel command-line options](https://wiki.archlinux.org/title/backlight#Kernel_command-line_options).
depending on our needs.
As I have upgraded from 6.1.3 to 6.1.6 with a flake update, the `acpi_backlight=none`
parameter has made it so that it would skip loading intel backlight entirely. Simply switching
this parameter to `acpi_backlight=native` as per the article above has fixed the issue.

355
nyx/docs/notes/2023-03-14-impermanence.md Normal file
View file

@ -0,0 +1,355 @@
# Notes for 14th of March, 2023
Today was the day I finally got to setting up both "erase your darlings"
and proper disk encryption. This general setup concept utilizes NixOS'
ability to boot off of a disk that contains only `/nix` and `/boot`, linking
appropriate devices and blocks during the boot process and deleting all state
that programs may have left over my system.
The end result, for me, was a fully encrypted that uses btrfs
snapshots to restore `/` to its original state on each boot.
## Resources
- [This discourse post](https://discourse.nixos.org/t/impermanence-vs-systemd-initrd-w-tpm-unlocking/25167)
- [This blog post](https://elis.nu/blog/2020/06/nixos-tmpfs-as-home)
- [This other blog post](https://guekka.github.io/nixos-server-1/)
- [And this post that the previous post is based on](https://mt-caret.github.io/blog/posts/2020-06-29-optin-state.html)
- [Impermanence](https://github.com/nix-community/impermanence)
## The actual set-up (and reproduction steps)
I've had to go through a few guides before I could figure out a set up that I
really like. The final decision was that I would have an encrypted disk that
restores itself to its former state during boot. Is it fast? Absolutely not.
But it sure as hell is cool. And stateless!
To return the root (and only the root) we use a systemd service that fires
shortly after the disk is encrypted but before the root is actually mounted.
That way, we can unlock the disk, restore the disk to its pristine state
using the snapshot we have taken during installation and mount the root to
go on with our day.
### Reproduction steps
#### Partitioning
First you want to format your disk. If you are really comfortable with
bringing parted to your pre-formatted disks, by all means feel free to skip
this section. I, however, choose to format a fresh disk.
Start by partitioning the sections of our disk (sda1, sda2 and sda3)
_Device names might change if you're using a nvme disk, i.e nvme0p1._
```bash
# Set the disk name to make it easier
DISK=/dev/sda # replace this with the name of the device you are using
# set up the boot partition
parted "$DISK" -- mklabel gpt
parted "$DISK" -- mkpart ESP fat32 1MiB 1GiB
parted "$DISK" -- set 1 boot on
mkfs.vfat -n BOOT "$DISK"1
```
```bash
# set up the swap partition
parted "$DISK" -- mkpart Swap linux-swap 1GiB 9GiB
mkswap -L SWAP "$DISK"2
swapon "$DISK"2
```
_I do in fact use swap in the civilized year of 2023[^1]. If I were a little
more advanced, and if I did not disable hibernation due to overly-hardened
kernel parameters, I would also be encrypting the swap to secure the hibernates...
but that is *currently* out of my scope. You may find this desirable, however, I
will not be providing instructions on that._
Encrypt your partition, and open it to make it available under `/dev/mapper/enc`.
```bash
cryptsetup --verify-passphrase -v luksFormat "$DISK"3 # /dev/sda3
cryptsetup open "$DISK"3 enc
```
Now partition the encrypted device block.
```bash
parted "$DISK" -- mkpart primary 9GiB 100%
mkfs.btrfs -L NIXOS /dev/mapper/enc
```
```bash
mount -t btrfs /dev/mapper/enc /mnt
# First we create the subvolumes, those may differ as per your preferences
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/persist # some people may choose to put /persist in /mnt/nix, I am not one of those people.
btrfs subvolume create /mnt/log
```
Now that we have created the btrfs subvolumes, it is time for the _readonly_
snapshot of the root subvolume.
```bash
btrfs subvolume snapshot -r /mnt/root /mnt/root-blank
# Make sure to unmount, or nixos-rebuild will try to remove /mnt and fail
umount /mnt
```
#### Mounting
After the subvolumes are created, we mount them with the options that we want.
Ideally, on NixOS, you want the `noatime` option [^2] and zstd
compression, especially on your `/nix` partition.
The following is my partition layout. If you have created any other subvolumes
in the step above, you will also want to mount them here. Below setup assumes
that you have been following the steps as is.
```bash
# /
mount -o subvol=root,compress=zstd,noatime /dev/mapper/enc /mnt
# /home
mkdir /mnt/home
mount -o subvol=home,compress=zstd,noatime /dev/mapper/enc /mnt/home
# /nix
mkdir /mnt/nix
mount -o subvol=nix,compress=zstd,noatime /dev/mapper/enc /mnt/nix
# /persist
mkdir /mnt/persist
mount -o subvol=persist,compress=zstd,noatime /dev/mapper/enc /mnt/persist
# /var/log
mkdir -p /mnt/var/log
mount -o subvol=log,compress=zstd,noatime /dev/mapper/enc /mnt/var/log
# do not forget to mount the boot partition
mkdir /mnt/boot
mount "$DISK"1 /mnt/boot
```
And finally let NixOS generate the hardware configuration.
```bash
nixos-generate-config --root /mnt
```
The genereated configuration will be available at `/mnt/etc/nixos`.
Before we move on, we need to add the `neededForBoot = true;` to some mounted
subvolumes in `hardware-configuration.nix`. It will look something like this:
```nix
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
fsType = "btrfs";
options = ["subvol=root"];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/82144284-cf1d-4d65-9999-2e7cdc3c75d4";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
fsType = "btrfs";
options = ["subvol=home"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true; # <- add this
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/b79d3c8b-d511-4d66-a5e0-641a75440ada";
fsType = "btrfs";
options = ["subvol=log"];
neededForBoot = true; # <- add this
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FDED-3BCF";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/0d1fc824-623b-4bb8-bf7b-63a3e657889d";}
# if you encrypt your swap, it'll also need to be configured here
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}
```
Do keep in mind that the NixOS hardware scanner **cannot** pick up your mount
options. Which means that you should specifiy the options (i.e `noatime`) for
each btrfs volume that you have created in `hardware-configuration.nix`. You
can simply add them in the `options = [ ]` list in quotation marks. I
recommend adding at least zstd compression, and optionally `noatime`.
### Closing Notes
And that should be all. By this point you are pretty much ready to install
with your existing config. I generally use my configuration flake to boot, so
there is no need to make any revisions. If you are starting from scratch, you
may consider tweaking your configuration.nix before you install the system.
An editor, such as Neovim, or your preferred DE/wm make good additions to your
configuration.
Once it's all done, take a deep breath and `nixos-install`. Once the
installation is done, you'll be prompted for the root password and after that
you can reboot. Now you are running NixOS on an encrypted disk. Nice!
Next up, if you are feeling _really_ fancy today, is to configure disk
erasure and impermanence.
#### Impermanence
For BTRFS snapshots, I use a systemd service that goes
```nix
boot.initrd.systemd = {
enable = true; # this enabled systemd support in stage1 - required for the below setup
services.rollback = {
description = "Rollback BTRFS root subvolume to a pristine state";
wantedBy = [
"initrd.target"
];
after = [
# LUKS/TPM process
"systemd-cryptsetup@enc.service"
];
before = [
"sysroot.mount"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
# We first mount the btrfs root to /mnt
# so we can manipulate btrfs subvolumes.
mount -o subvol=/ /dev/mapper/enc /mnt
# While we're tempted to just delete /root and create
# a new snapshot from /root-blank, /root is already
# populated at this point with a number of subvolumes,
# which makes `btrfs subvolume delete` fail.
# So, we remove them first.
#
# /root contains subvolumes:
# - /root/var/lib/portables
# - /root/var/lib/machines
btrfs subvolume list -o /mnt/root |
cut -f9 -d' ' |
while read subvolume; do
echo "deleting /$subvolume subvolume..."
btrfs subvolume delete "/mnt/$subvolume"
done &&
echo "deleting /root subvolume..." &&
btrfs subvolume delete /mnt/root
echo "restoring blank /root subvolume..."
btrfs subvolume snapshot /mnt/root-blank /mnt/root
# Once we're done rolling back to a blank snapshot,
# we can unmount /mnt and continue on the boot process.
umount /mnt
'';
};
};
```
> You may opt in for `boot.initrd.postDeviceCommands = lib.mkBefore ''`
> as [this blog post](https://mt-caret.github.io/blog/posts/2020-06-29-optin-state.html)
> suggests. I am not exactly sure how exactly those options actually
> compare, however, a systemd service means it will be accessible through the
> the systemd service interface, which is why I opt-in for a service.
##### Implications
What this implies is that certain files such as saved networks for
network-manager will be deleted on each reboot. While a little clunky,
[Impermanence](https://github.com/nix-community/impermanence) is a great
solution to our problem.
Impermanence exposes to our system an `environment.persistence."<dirName>"` option that we can use to make certain directories or files permanent.
My module goes like this:
```nix
imports = [inputs.impermanence.nixosModules.impermanence]; # the import will be different if flakes are not enabled on your system
environment.persistence."/persist" = {
directories = [
"/etc/nixos"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
"/var/db/sudo"
];
files = [
"/etc/machine-id"
# ssh stuff
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
# if you use docker or LXD, also persist their directories
];
};
```
And that is pretty much it. If everything went well, you should now be telling
your friends about your new system boasting full disk encryption _and_ root
rollbacks.
## Why?
Honestly, why not?
[^1]:
I could be using `tmpfs` for `/` at this point in time. Unfortunately, since I share this setup on some of my low-end laptops, I've got no RAM
to spare - which is exactly why I have opted out with BTRFS. It is a reliable filesystem that I am used to, and it allows for us to use a script
that we'll see later on.
[^2]: https://opensource.com/article/20/6/linux-noatime

145
nyx/docs/notes/2023-05-21-packaging-nextjs-webapps.md Normal file
View file

@ -0,0 +1,145 @@
# Notes for 21st of June, 2023
Recenty I have had to go through the misfortune of hosting some websites
written with _NextJS_ on my VPS running NixOS, this note entry shall document
my experience and the "easy" path I have chosen.
## Packaging
The websites I hosted were of two variety: those statically exported, and
those that cannot be statically exported.
### Statically Exported Webapps
Statically exported ones are easy to package, because it is a matter of
running `npm build` (or whatever your build script is) with the following
NextJS settings
```js
// next.config.js
module.exports = {
distDir: "dist", // an artitrary path for your export
output: "export",
};
```
This will export a static website with a bunch of html files that you can
then serve with nodePackages.serve or a webserver like nginx or apache.
And that is the end of your worries for a statically exported website! No
headache, just write a simple derivation, such as the one below
```nix
# default.nix
{
buildNpmPackage,
pkg-config,
python3,
...
}:
buildNpmPackage {
pname = "your-website";
version = "0.1";
src = ./.;
# needs to be updated everytime you update npm dependencies
npmDepsHash = "sha256-some-hash";
# some npm packages may need to be built from source, because nodejs is a *terrible* ecosystem
nativeBuildInputs = [pkg-config python3];
# move exported website to $out
postInstall = ''
cp -rf dist/* $out
'';
}
```
and serve its path with a simple tool after building the derivation, I find
nginx to be awfully convenient for doing so, but you may choose caddy if you
prefer.
### Webapps that cannot be statically exported
If your website depends on API routes for some reasons, then Next will not
allow you to do static export. Which means you need to run `next start` in
some shape or form. While a systemd service is certainly a way of doing it
(one that I do not recommend), a oci container works as well if not better.
You can write a "simple" docker image for your oci container to use, such as
the one below
```nix
# dockerImage.nix
{
pkgs,
inputs,
...
}: {
dockerImage = pkgs.dockerTools.buildImage {
config = {
WorkingDir = "/your-website";
Cmd = ["npm" "run" "serve"];
};
name = "your-website";
tag = "latest";
fromImage = pkgs.dockerTools.buildImage {
name = "node";
tag = "18-alpine";
};
copyToRoot = pkgs.buildEnv {
name = "image-root";
paths = with pkgs; [
# this package is called from a flake.nix alongside the derivation for the website
inputs.self.packages.${pkgs.system}.your-website
nodejs
bash
];
pathsToLink = [
"/bin"
"/your-website"
];
};
};
}
```
Then, configure oci-containers module option to pick up the Docker image that
you have built. This is a simplified version of my VPS' container setup.
An example can be found in my [server module](https://github.com/NotAShelf/nyx/blob/a9e129663ac91302f2fd935351a71cbbd2832f64/modules/core/roles/server/system/services/mkm.nix)
```nix
virtualisation.oci-containers = {
backend = "podman";
containers = {
"website-container" = {
autoStart = true;
ports = [
"3000:3000" # bind container's port 3000 to the outside port 3000 for NextJS
];
extraOptions = ["--network=host"];
image = "your-website";
imageFile = inputs.website-flake.packages.${pkgs.system}.dockerImage;
};
};
};
```
After a rebuild, your system will provision the container and start it on
port **3000**. You can access it with `your-server-ip:3000` in your
browser, and even configure nginx to set up a reverse proxy to assign
your domain.
```conf
"example.com" = {
locations."/".proxyPass = "http://127.0.0.1:3000";
};
```
This will assign your domain to your webserver, and allow outside
visitors to view your "awesome" NextJS webapp.

103
nyx/docs/notes/2023-06-07-extended-nixpkgs.md Normal file
View file

@ -0,0 +1,103 @@
# Notes for 7th of June, 2023
Those are my notes on extending nixpkgs with your own functions and
abstractions. There may be other ways of doing it, but this is the one I find
to be most ergonomic.
## What is `nixpkgs.lib`
In the context of the Nix package manager and NixOS, `nixpkgs.lib` refers to
a module within the Nixpkgs repository. The `nixpkgs.lib` module provides a
set of utility functions and definitions that are commonly used across the
Nixpkgs repository. It contains various helper functions and abstractions that
make it easier to write Nix expressions and define packages. We often use those
functions to simplify our configurations and the nix package build processes.
## Why would you need to extend `nixpkgs.lib`
While the library functions provided by nixpkgs is quite extensive and usually
suits my needs, I sometimes feel the need to define my own function or wrap an
existing function to complete a task. Normally we can handle the process of a
function inside a simple `let in` and be well off, but there may be times you
need to re-use the existing function across your configuration file.
In such times, you might want to either write your own lib and inherit it at
the source of your `flake.nix` to then inherit them across your configuration.
Today's notes document the process of doing exactly that.
## Extending `nixpkgs.lib`
I find the easiest way of extending nixpkgs.lib to be using an overlay.
```nix
# lib/default.nix
{
nixpkgs,
lib,
inputs,
...
}: nixpkgs.lib.extend (
final: prev: {
# your functions go here
}
)
```
The above structure takes the existing `lib` from `nixpkgs`, and appends your
own configurations to it. You may then import this library in your `flake.nix`
to pass it to other imports and definitions.
```nix
# flake.nix
flake = let
# extended nixpkgs lib, contains my custom functions
lib = import ./lib {inherit nixpkgs lib inputs;};
in {
# entry-point for nixos configurations
nixosConfigurations = import ./hosts {inherit nixpkgs self lib;};
};
```
In this example (see my `flake.nix` for the actual implementation) I import my
extended lib from `lib/default.nix`, where I defined the overlay. I then pass
the extended lib to my `nixosConfiguratiıns`, which is an entry-point for all
of my NixOS configurations. As such, I am able to re-use my own utility
functions across my system as I see fit.
The problem with this approach is that it may be confusing for other people
reviewing your configuration. With this approach, `lib.customFunction` looks
identical to any lib function, which may lead to people thinking the function
exists in nixpkgs itself while it is only provided by your configuration. The
solution for that is simple though, instead of extending `nixpkgs.lib`, you may
define your own lib that does not inherit from `nixpkgs.lib` and only contains
your functions. The process would be similar, and you would not need to define
an overlay.
```nix
# flake.nix
flake = let
# extended nixpkgs lib, contains my custom functions
lib' = import ./lib {inherit nixpkgs lib inputs;};
in {
# entry-point for nixos configurations
nixosConfigurations = import ./hosts {inherit nixpkgs self lib';};
};
```
where your `lib/default.nix` looks like
```nix
# lib/default.nix
{
nixpkgs,
lib,
inputs,
...
}: {
# your functions here
}
```
You can find a real life example of the alternative approach in
my [neovim-flake's lib](https://github.com/NotAShelf/neovim-flake/blob/main/lib/stdlib-extended.nix).

82
nyx/docs/notes/2023-07-14-openssh-custom-port.md Normal file
View file

@ -0,0 +1,82 @@
# Notes for 14th of July, 2023
My VPS, which hosts some of my infrastructure, has been running NixOS
for a while now. Although weak, I use it for distributed builds alongside the
rest of my NixOS machines on a Tailscale network.
This server, due to it hosting my infrastructure that communicates with the
rest of the internet (i.e my mailserver), is somewhat responsive to queries
from the public - which includes _very_ agressive portscans (thanks, skiddies!)
To mitigate that, I have decided to change the ssh port from the default **22**
to something different. While this is not exactly a pancea, it helps alleviate
the insane log spam I get from failed ssh requests.
## The OpenSSH Configuration
First thing we've done is to configure openssh to listen on the new port on
your server configuration
```nix
services.openssh = {
ports = [2222];
}
```
With this set, openssh on the server will now be listening on the port **2222**
instead of the default **22**. For the changes to take effect after a
rebuild, you might need to run `systemctl restart sshd.socket`.
Then we want to configure our client to use the correct port for our server
instead of the default **22**.
```nix
programs.ssh.extraConfig = ''
Host nix-builder
HostName nix-builder-hostname # if you are using Tailscale, this can just be the hostname of a device on your Tailscale network
Port 2222
'';
```
And done, that is all for the ssh side of things. Next up, we need to configure
out builder to use the correct host.
## Nix Builder Configuration
Assuming you already have a remote builder configured, you will only need to
patch the `hostName` with the one on your `openssh.extraConfig`.
```nix
nix.buildMachines = [{
hostName = "nix-builder-hostname";
sshUser = "nix-builder";
sshKey = "/path/to/key";
systems = ["x86_64-linux"];
maxJobs = 2;
speedFactor = 2;
supportedFeatures = ["kvm"];
}];
```
If you have added the correct `hostName` and `sshUser`, the builder will be
picked up automatically on the next rebuild.
### Home-Manager
If you are using Home-Manager, you might also want to configure your
declarative ~/.config/ssh/config to use the new port. That can be achieved
through `programs.ssh.matchBlocks` option under Home-Manager
```nix
programs.ssh.matchBlocks = {
"builder" = {
hostname = "nix-builder-hostname";
user = "nix-builder";
identityFile = "~/.ssh/builder-key";
port = 2222;
};
}
```
And that will be all. You are ready to use your new non-default port, mostly
safe from port scanners.

88
nyx/docs/notes/2023-11-11-using-headscale.md Normal file
View file

@ -0,0 +1,88 @@
# Notes for 11th of November, 2023
Today's main attraction is the Headscale setup on my VPS running NixOS, which
I've finally came around to self-host.
There has been much talk about this new product called Tailscale recently
around the web, especially in the last few years. Tailscale is a VPN
service that makes the devices and applications we own accessible anywhere
using the open source WireGuard protocol to establish encrypted point-to-point
connections. I have been using Tailscale for a while now, but in an effort
to move all of my services to self-owned hardware some of my services have
been moved over to my NixOS server over time.
Many of Tailscales components are open-source, especially its clients, but
the server remains closed-source. Tailscale is a SaaS product and monetization
naturally is a big concern, however, we care more about controlling our own data
than their attempts of monetization.
This is where the (very appropriately named) Headscale comes in; Headscale is
an open-source, self-hosted implementation of the Tailscale control server. The
configuration is extremely straightforward, as Headscale will handle everything
for us.
## Running Headscale
Below is a simple configuration for the Headscale module of NixOS.
```nix
services = let
domain = "example.com";
in {
headscale = {
enable = true;
address = "0.0.0.0";
port = 8085;
settings = {
server_url = "https://tailscale.${domain}";
dns_config = {
override_local_dns = true;
base_domain = "${domain}";
magic_dns = true;
domains = ["tailscale.${domain}"];
nameservers = [
"9.9.9.9" # no cloudflare, nice
];
};
ip_prefixes = [
"100.64.0.0/10"
"fd7a:115c:a1e0::/48"
];
};
};
};
```
## Using Headscale
We must first create a user, which we can do with
```console
headscale users create myUser
```
Then on the machine that will be our client, we need to login.
```console
tailscale up --login-server tailscale.example.com # replace this URL with your own as configured abovea
```
Followed by registering the machine.
```console
# machine key will be obtained visiting the URL that is returned from the above command
headscale --user myUser nodes register --key <MACHINE_KEY>
```
And finally logging into your Tailnet using the URL and your machine key.
```console
tailscale up --login-server https://tailscale.example.com --authkey <YOUR_AUTH_KEY>
```
And all done! Now try connecting to one of your machines using the hostname now
to test if the connection is actually working. If anything goes wrong, make
sure to check your DNS settings: remember, it's always the DNS.

29
nyx/docs/notes/README.md Normal file
View file

@ -0,0 +1,29 @@
# Notes
Howdy! Welcome to my collection of notes.
This is where I store my notes on topics and processes that I find particularly
difficult, obscure or otherwise interesting. Mostly on Linux and NixOS,
perhaps on programming in the future.
If those notes helped you in any way, that is great! That means my time writing
those notes were well spent. If you were already a Nix/NixOS expert who somehow
found their way in here, and got really bored reading my notes then I only ask
that you point out my mistakes where you spot them. Your time will be very much
appreciated.
If you are a reader looking for some pro tips, I would like to remind you that I
am not an expert in Nix or NixOS. My notes are limited by my own knowledge.
However, I would be happy to try and answer your questions nevertheless; and we
can try figuring out the answer together, should we both happen to be stuck.
If you spot a mistake, please let me know and I would be happy to learn from you.
Thanks!
| Date | Category | Description |
| ---------- | ---------- | -------------------------------------------------------------------------------------------------- |
| 22-01-2023 | Linux | My notes on a kernel parameter change affecting my backlight state |
| 14-03-2023 | Nix | Reproduction steps NixOS setup with ephemeral root using BTRFS subvolumes and full disk encryption |
| 07-06-2023 | Nix | Notes on extending or writing your own nixpkgs library to use in your configurations |
| 21-06-2023 | Nix/NextJS | A guide on serving statically exported and non-statically exported NextJS Webapps on NixOS |
| 14-07-2023 | Nix/NixOS | Notes on a potentially working distributed builds setup on NixOS with a non-default ssh port |

48
nyx/docs/notes/cheatsheet.md Normal file
View file

@ -0,0 +1,48 @@
# Cheat sheet
## Show GC roots
```sh
nix-store --gc --print-roots | grep -v "<hostName>" | column -t | sort -k3 -k1
```
## List all packages
```sh
nix-store -q --requisites /run/current-system | cut -d- -f2- | sort | uniq
```
You can add a `wc -l` at the end of the above command, but that will not be an accurate representation of
your package count, as the same package can be repeated with different versions.
## Find biggest packages
```sh
nix path-info -hsr /run/current-system/ | sort -hrk2 | head -n10
```
## Find biggest closures (packages including dependencies)
```sh
nix path-info -hSr /run/current-system/ | sort -hrk2 | head -n10
```
## Show package dependencies as tree
> Assuming `hello` is in PATH
```sh
nix-store -q --tree $(realpath $(which hello))
```
## Show package dependencies including size
```sh
nix path-info -hSr nixpkgs#hello
```
## Show the things that will change on reboot
```sh
diff <(nix-store -qR /run/current-system) <(nix-store -qR /run/booted-system)
```

8
nyx/docs/notes/yubikey-todo.md Normal file
View file

@ -0,0 +1,8 @@
# TODO
<!--- Yubikey gpg setup & disk encryption on Nixos -->
## Resources
- https://superuser.com/questions/1628782/gpg-signing-failed-no-pinentry
- https://superuser.com/questions/397149/can-you-gpg-sign-old-commits

8
nyx/docs/shell.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs ? import <nixpkgs> {}}:
pkgs.mkShell {
packages = with pkgs; [
pandoc
jq
sassc
];
}

127
nyx/docs/templates/html/page.html vendored Normal file
View file

@ -0,0 +1,127 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="generator" content="pandoc" />
<meta
name="viewport"
content="width=device-width, initial-scale=1.0, user-scalable=yes"
/>
$for(author-meta)$
<meta name="author" content="$author-meta$" />
$endfor$ $if(date-meta)$
<meta name="dcterms.date" content="$date-meta$" />
$endif$ $if(keywords)$
<meta
name="keywords"
content="$for(keywords)$$keywords$$sep$, $endfor$"
/>
$endif$ $if(description-meta)$
<meta name="description" content="$description-meta$" />
$endif$
<title>$title$</title>
<style>
$styles.html()$
</style>
$for(css)$
<link rel="stylesheet" href="$css$" />
$endfor$
<!-- Begin Google Fonts import -->
<link rel="preconnect" href="https://fonts.googleapis.com" />
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
<link
href="https://fonts.googleapis.com/css2?family=Courier+Prime:ital,wght@0,400;0,700;1,400;1,700&family=Roboto+Slab:wght@100..900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap"
rel="stylesheet"
/>
<!-- End Google Fonts import -->
<!-- Begin Lineicons import -->
<!--
<link
rel="stylesheet"
href="https://cdn.lineicons.com/4.0/lineicons.css"
/>
<!-- End Lineicons import-->
<link rel="stylesheet" href="/style.css" />
</head>
<body>
<header>
<nav class="primary-buttons">
<ul>
<li><a class="nav-button" href="/">Index</a></li>
</ul>
</nav>
<nav class="secondary-buttons">
<ul>
<li>
<div class="dropdown">
<button class="nav-button">Posts</button>
<div
class="dropdown-content"
id="dropdown-content"
></div>
</div>
<a class="nav-button" href="/pages/about.html">
About
</a>
<a class="nav-button" href="/pages/privacy.html">
Privacy
</a>
</li>
</ul>
</nav>
</header>
<main>
$if(toc)$
<nav id="$idprefix$TOC" role="doc-toc">
$if(toc-title)$
<h2 id="$idprefix$toc-title">$toc-title$</h2>
$endif$ $table-of-contents$
</nav>
$endif$ $body$ $for(include-after)$ $include-after$ $endfor$
</main>
<footer>
<div class="footer-divider"></div>
<p>&copy; 2024 NotAShelf</p>
<div class="footer-icons">
<a href="https://twitter.com/notashelf">
<i class="lni lni-twitter-original" title="Twitter"></i>
</a>
<a href="https://github.com/notashelf">
<i class="lni lni-github-original" title="GitHub"></i>
</a>
<a href="/feed.json">
<i class="lni lni-rss-feed" title="RSS Feed"></i>
</a>
</div>
</footer>
<script>
// Dropdown post listing
function fetchPosts() {
fetch("/posts/posts.json")
.then((response) => response.json())
.then((data) => {
const dropdownContent =
document.getElementById("dropdown-content");
data.posts.forEach((post) => {
const postLink = document.createElement("a");
postLink.textContent = post.title;
// we could use posts.url here, instead of posts.path
// but it messes with local serving, which prefers `/`
// to the actual URL, as it would point to the live site
// by path
postLink.href = post.path;
dropdownContent.appendChild(postLink);
});
})
.catch((error) =>
console.error("Error fetching posts:", error),
);
}
document.addEventListener("DOMContentLoaded", () => {
fetchPosts();
});
</script>
</body>
</html>

212
nyx/docs/templates/pandoc/custom.theme vendored Normal file
View file

@ -0,0 +1,212 @@
{
"text-color": "#C3CBE9",
"background-color": null,
"line-number-color": null,
"line-number-background-color": null,
"text-styles": {
"Alert": {
"text-color": "#ffcfaf",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Annotation": {
"text-color": "#7f9f7f",
"background-color": null,
"bold": true,
"italic": false,
"underline": false
},
"Attribute": {
"text-color": null,
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"BaseN": {
"text-color": "#dca3a3",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"BuiltIn": {
"text-color": null,
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Char": {
"text-color": "#dca3a3",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Comment": {
"text-color": "#7f9f7f",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"CommentVar": {
"text-color": "#7f9f7f",
"background-color": null,
"bold": true,
"italic": false,
"underline": false
},
"Constant": {
"text-color": "#dca3a3",
"background-color": null,
"bold": true,
"italic": false,
"underline": false
},
"ControlFlow": {
"text-color": "#f0dfaf",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"DataType": {
"text-color": "#dfdfbf",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"DecVal": {
"text-color": "#dcdccc",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Documentation": {
"text-color": "#7f9f7f",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Error": {
"text-color": "#c3bf9f",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Extension": {
"text-color": null,
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Float": {
"text-color": "#c0bed1",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Function": {
"text-color": "#efef8f",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Import": {
"text-color": null,
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Information": {
"text-color": "#7f9f7f",
"background-color": null,
"bold": true,
"italic": false,
"underline": false
},
"Keyword": {
"text-color": "#f0dfaf",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Operator": {
"text-color": "#f0efd0",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Other": {
"text-color": "#efef8f",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Preprocessor": {
"text-color": "#ffcfaf",
"background-color": null,
"bold": true,
"italic": false,
"underline": false
},
"SpecialChar": {
"text-color": "#dca3a3",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"SpecialString": {
"text-color": "#cc9393",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"String": {
"text-color": "#cc9393",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Variable": {
"text-color": null,
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"VerbatimString": {
"text-color": "#cc9393",
"background-color": null,
"bold": false,
"italic": false,
"underline": false
},
"Warning": {
"text-color": "#7f9f7f",
"background-color": null,
"bold": true,
"italic": false,
"underline": false
}
}
}

178
nyx/docs/templates/scss/base.scss vendored Normal file
View file

@ -0,0 +1,178 @@
*,
::before,
::after {
box-sizing: border-box;
}
// Base styles
h1 {
font-family: $font-family-secondary;
line-height: 1.15;
}
body {
font-size: 20px;
line-height: 1.5;
font-family: $font-family-primary;
margin: 0;
padding: 0;
background-color: $primary;
display: flex;
flex-direction: column;
min-height: 100vh;
@media (max-width: $screen-tablet) {
font-size: 18px;
}
}
header {
background-color: $primary;
color: $secondary;
padding: 10px 25px;
display: flex;
justify-content: space-between;
align-items: center;
max-width: 80ch;
width: 100%;
margin: 0 auto;
@media (max-width: $screen-tablet) {
font-size: 14px;
padding: 8px 4px;
}
}
nav {
ul {
list-style-type: none;
margin: 0;
padding: 0;
display: flex;
li {
a {
color: $secondary;
text-decoration: none;
}
}
}
}
main {
text-align: left;
color: $secondary;
padding: 10px 30px;
flex: 1;
margin: 0 auto;
max-width: Min(80ch, 100%);
a {
&:hover,
&:link,
&:visited,
&:active {
color: $hover-color;
text-decoration: none;
}
}
@media (max-width: $screen-tablet) {
padding: 12px;
}
}
// Buttons
/*
.primary-buttons,
.secondary-buttons,
*/
.dropbtn,
.nav-button {
font-weight: 800;
background-color: $primary;
color: $secondary;
cursor: pointer;
font-weight: 800;
background-color: $primary;
color: $secondary;
cursor: pointer;
font-weight: 800;
font-family: "Roboto Slab", Roboto, Arial, sans-serif;
font-size: 20px;
line-height: 1.5;
border: none;
align-items: center;
margin: 0px 5px;
&:hover {
color: lighten($secondary, 5%);
}
}
// Dropdown Button
.dropbtn:hover {
color: lighten($secondary, 5%);
}
.dropdown {
position: relative;
display: inline-block;
.dropdown-content {
display: none;
position: absolute;
background-color: $primary;
min-width: 240px;
box-shadow: 0px 8px 16px 0px rgba(0, 0, 0, 0.2);
z-index: 1;
a {
color: $secondary;
padding: 12px 16px;
text-decoration: none;
display: block;
&:hover {
background-color: #2b282d;
}
}
}
&:hover .dropdown-content {
display: block;
}
}
main aside {
overflow: scroll;
}
// Footer Styles
footer {
color: white;
padding: 7px 5px 7px 5px;
text-align: center;
margin-top: auto;
position: relative;
.footer-divider {
position: absolute;
top: 0;
left: 50%;
transform: translateX(-50%);
width: 20%;
height: 1px;
background-color: white;
}
.footer-icons {
margin: 15px 5px;
a {
color: white;
text-decoration: none;
margin-bottom: 5px;
}
}
}

9
nyx/docs/templates/scss/components/code.scss vendored Normal file
View file

@ -0,0 +1,9 @@
div.sourceCode {
border: 1px solid #3b373d;
padding: 8px;
text-align: left;
background-color: lighten($primary, 3%);
overflow: scroll;
max-width: 100%;
border-radius: 8px;
}

21
nyx/docs/templates/scss/components/table.scss vendored Normal file
View file

@ -0,0 +1,21 @@
table {
border-collapse: collapse;
width: 100%;
margin: 30px 0px;
th,
td {
border: 1px solid #3b373d;
padding: 8px;
text-align: left;
}
th {
background-color: #141215;
color: white;
}
tr:nth-child(even) {
background-color: #2b282d;
}
}

30
nyx/docs/templates/scss/components/toc.scss vendored Normal file
View file

@ -0,0 +1,30 @@
// Table Of Content element injected by Pandoc
#TOC {
// better spacing
margin: 20px;
padding: 10px;
// TOC elements are considered links
// so the below styling applies to all items
a {
text-decoration: none;
color: $secondary;
&:hover {
color: lighten($secondary, 5%);
}
}
// make sure all items are properly aligned in separate lines
li,
ul {
list-style-type: square;
margin-left: 20px;
display: block;
}
// hide the TOC on mobile devices
@media screen and (max-width: 768px) {
display: none;
}
}

6
nyx/docs/templates/scss/main.scss vendored Normal file
View file

@ -0,0 +1,6 @@
@import "modern-normalize.css";
@import "variables";
@import "base";
@import "components/toc";
@import "components/table";
@import "components/code";

7
nyx/docs/templates/scss/variables.scss vendored Normal file
View file

@ -0,0 +1,7 @@
// Define variables for colors and fonts
$primary: #17181c;
$secondary: #dee2e6;
$hover-color: #66b3ff;
$font-family-primary: "Roboto Slab", Roboto, Arial, sans-serif;
$font-family-secondary: "Courier Prime", Roboto, Arial, serif;
$screen-tablet: 768px;