diff --git a/assets/default.nix b/assets/default.nix index 3a194b1..123d12c 100644 --- a/assets/default.nix +++ b/assets/default.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ options.assets = lib.mkOption { type = lib.types.unspecified; readOnly = true; diff --git a/effects.nix b/effects.nix index 06a5f75..ecc2081 100644 --- a/effects.nix +++ b/effects.nix @@ -4,31 +4,37 @@ withSystem, self, ... -}: let - collectFlakeOutputs = { - config, - pkgs, - }: let - inherit (pkgs) lib; - collectDrvs = prefix: attrs: let - drvs = lib.pipe attrs [ - (lib.filterAttrs (_: lib.isDerivation)) - (lib.mapAttrsToList (name: drv: { - name = lib.concatStringsSep "." (prefix ++ [name]); - inherit drv; - })) - ]; - recursed = lib.pipe attrs [ - (lib.filterAttrs (_: val: - (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true))) - (lib.mapAttrsToList (name: collectDrvs (prefix ++ [name]))) - ]; +}: +let + collectFlakeOutputs = + { config, pkgs }: + let + inherit (pkgs) lib; + collectDrvs = + prefix: attrs: + let + drvs = lib.pipe attrs [ + (lib.filterAttrs (_: lib.isDerivation)) + (lib.mapAttrsToList ( + name: drv: { + name = lib.concatStringsSep "." (prefix ++ [ name ]); + inherit drv; + } + )) + ]; + recursed = lib.pipe attrs [ + (lib.filterAttrs ( + _: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true) + )) + (lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ]))) + ]; + in + drvs ++ (lib.flatten recursed); + rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ]; in - drvs ++ (lib.flatten recursed); - rootOutputs = builtins.removeAttrs config.onPush.default.outputs ["effects"]; - in - collectDrvs [] rootOutputs; -in { + collectDrvs [ ] rootOutputs; +in +{ defaultEffectSystem = "aarch64-linux"; hercules-ci = { @@ -41,60 +47,59 @@ in { herculesCI = herculesCI: { onPush.default = { outputs.effects = { - pin-cache = withSystem config.defaultEffectSystem ({ - pkgs, - hci-effects, - ... - }: let - collected = collectFlakeOutputs { - inherit (herculesCI) config; - inherit pkgs; - }; - cachixCommands = - lib.concatMapStringsSep - "\n" - ({ - name, - drv, - }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}") - collected; - in - hci-effects.runIf (herculesCI.config.repo.branch == "main") (hci-effects.mkEffect { - secretsMap."cachix-token" = "cachix-token"; - inputs = [pkgs.cachix]; - userSetupScript = '' - cachix authtoken $(readSecretString cachix-token .token) - ''; - # Discarding the context is fine here because we don't actually want to build those derivations. - # They have already been built as part of this job, - # we only want to pin them to make sure cachix doesn't GC them. - effectScript = builtins.unsafeDiscardStringContext cachixCommands; - })); + pin-cache = withSystem config.defaultEffectSystem ( + { pkgs, hci-effects, ... }: + let + collected = collectFlakeOutputs { + inherit (herculesCI) config; + inherit pkgs; + }; + cachixCommands = + lib.concatMapStringsSep "\n" + ({ name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}") + collected; + in + hci-effects.runIf (herculesCI.config.repo.branch == "main") ( + hci-effects.mkEffect { + secretsMap."cachix-token" = "cachix-token"; + inputs = [ pkgs.cachix ]; + userSetupScript = '' + cachix authtoken $(readSecretString cachix-token .token) + ''; + # Discarding the context is fine here because we don't actually want to build those derivations. + # They have already been built as part of this job, + # we only want to pin them to make sure cachix doesn't GC them. + effectScript = builtins.unsafeDiscardStringContext cachixCommands; + } + ) + ); }; }; }; - perSystem = { - pkgs, - lib, - ... - }: rec { - legacyPackages.outputsList = let - config = self.herculesCI { - primaryRepo = {}; - herculesCI = {}; - }; - in - collectFlakeOutputs {inherit config pkgs;}; + perSystem = + { pkgs, lib, ... }: + rec { + legacyPackages.outputsList = + let + config = self.herculesCI { + primaryRepo = { }; + herculesCI = { }; + }; + in + collectFlakeOutputs { inherit config pkgs; }; - legacyPackages.github-matrix = let - systems = lib.groupBy ({drv, ...}: drv.system) legacyPackages.outputsList; - in - lib.concatMapStringsSep "\n" ({ - name, - value, - }: '' - ${name}=${builtins.toJSON (map (d: d.name) value)} - '') (lib.attrsToList systems); - }; + legacyPackages.github-matrix = + let + systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList; + in + lib.concatMapStringsSep "\n" + ( + { name, value }: + '' + ${name}=${builtins.toJSON (map (d: d.name) value)} + '' + ) + (lib.attrsToList systems); + }; } diff --git a/flake.nix b/flake.nix index 917e979..582045e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { - outputs = inputs @ {flake-parts, ...}: - flake-parts.lib.mkFlake {inherit inputs;} { + outputs = + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" @@ -18,35 +19,37 @@ ./pkgs ]; - perSystem = { - inputs', - self', - pkgs, - lib, - ... - }: { - devShells.default = pkgs.mkShellNoCC { - packages = [ - inputs'.agenix.packages.agenix - inputs'.attic.packages.attic - # TODO: Contribute darwin support to nh - pkgs.nh - ]; - }; + perSystem = + { + inputs', + self', + pkgs, + lib, + ... + }: + { + devShells.default = pkgs.mkShellNoCC { + packages = [ + inputs'.agenix.packages.agenix + inputs'.attic.packages.attic + # TODO: Contribute darwin support to nh + pkgs.nh + ]; + }; - packages.base-packages = pkgs.symlinkJoin { - name = "settei-base"; - paths = with self'.packages; [ - helix - fish - git-commit-last - ]; - }; - # Re-export it for convenience and for caching - packages.attic = inputs'.attic.packages.attic; + packages.base-packages = pkgs.symlinkJoin { + name = "settei-base"; + paths = with self'.packages; [ + helix + fish + git-commit-last + ]; + }; + # Re-export it for convenience and for caching + packages.attic = inputs'.attic.packages.attic; - formatter = pkgs.alejandra; - }; + formatter = pkgs.nixfmt-rfc-style; + }; }; inputs = { @@ -126,25 +129,24 @@ }; }; - /* - TODO: Uncomment once (if ever?) nixConfig makes sense in flakes - nixConfig = { - extra-substituters = [ - "https://hyprland.cachix.org" - "https://cache.garnix.io" - "https://nix-community.cachix.org" - "https://hercules-ci.cachix.org" - "https://nrabulinski.cachix.org" - "https://cache.nrab.lol" - ]; - extra-trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" - "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" - "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" - ]; - }; + /* TODO: Uncomment once (if ever?) nixConfig makes sense in flakes + nixConfig = { + extra-substituters = [ + "https://hyprland.cachix.org" + "https://cache.garnix.io" + "https://nix-community.cachix.org" + "https://hercules-ci.cachix.org" + "https://nrabulinski.cachix.org" + "https://cache.nrab.lol" + ]; + extra-trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" + "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" + "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" + ]; + }; */ } diff --git a/hosts/default.nix b/hosts/default.nix index 7fb602c..4ccfcac 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -3,7 +3,8 @@ self, inputs, ... -}: { +}: +{ imports = [ ./kazuki ./hijiri-vm @@ -15,42 +16,48 @@ ./kogata ]; - builders = let - sharedOptions = { - _file = ./default.nix; + builders = + let + sharedOptions = { + _file = ./default.nix; - settei.sane-defaults.allSshKeys = config.assets.sshKeys.user; - settei.flake-qol.inputs = inputs // {settei = self;}; + settei.sane-defaults.allSshKeys = config.assets.sshKeys.user; + settei.flake-qol.inputs = inputs // { + settei = self; + }; + }; + in + { + nixos = + name: module: + inputs.nixpkgs.lib.nixosSystem { + modules = [ + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.mailserver.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.nvidia-patch.nixosModules.nvidia-patch + inputs.attic.nixosModules.atticd + self.nixosModules.settei + self.nixosModules.common + sharedOptions + module + ]; + specialArgs.configurationName = name; + }; + + darwin = + name: module: + inputs.darwin.lib.darwinSystem { + modules = [ + inputs.agenix.darwinModules.age + inputs.home-manager.darwinModules.home-manager + self.darwinModules.settei + self.darwinModules.common + sharedOptions + module + ]; + specialArgs.configurationName = name; + }; }; - in { - nixos = name: module: - inputs.nixpkgs.lib.nixosSystem { - modules = [ - inputs.agenix.nixosModules.age - inputs.disko.nixosModules.disko - inputs.mailserver.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.nvidia-patch.nixosModules.nvidia-patch - inputs.attic.nixosModules.atticd - self.nixosModules.settei - self.nixosModules.common - sharedOptions - module - ]; - specialArgs.configurationName = name; - }; - - darwin = name: module: - inputs.darwin.lib.darwinSystem { - modules = [ - inputs.agenix.darwinModules.age - inputs.home-manager.darwinModules.home-manager - self.darwinModules.settei - self.darwinModules.common - sharedOptions - module - ]; - specialArgs.configurationName = name; - }; - }; } diff --git a/hosts/hijiri-vm/default.nix b/hosts/hijiri-vm/default.nix index 55c4cbd..8ef2489 100644 --- a/hosts/hijiri-vm/default.nix +++ b/hosts/hijiri-vm/default.nix @@ -1,24 +1,26 @@ { - configurations.nixos.hijiri-vm = { - modulesPath, - lib, - username, - ... - }: { - imports = [ - "${modulesPath}/profiles/qemu-guest.nix" - ./disks.nix - ]; + configurations.nixos.hijiri-vm = + { + modulesPath, + lib, + username, + ... + }: + { + imports = [ + "${modulesPath}/profiles/qemu-guest.nix" + ./disks.nix + ]; - nixpkgs.hostPlatform = "aarch64-linux"; + nixpkgs.hostPlatform = "aarch64-linux"; - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.configurationLimit = 1; - loader.efi.canTouchEfiVariables = true; + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.configurationLimit = 1; + loader.efi.canTouchEfiVariables = true; + }; + + networking.domain = "hijiri"; + networking.hostName = "vm"; }; - - networking.domain = "hijiri"; - networking.hostName = "vm"; - }; } diff --git a/hosts/hijiri-vm/disks.nix b/hosts/hijiri-vm/disks.nix index b98ed57..09a8db0 100644 --- a/hosts/hijiri-vm/disks.nix +++ b/hosts/hijiri-vm/disks.nix @@ -1,6 +1,8 @@ -args: let +args: +let bootDevice = args.bootDevice or "/dev/vda"; -in { +in +{ disko.devices.disk.bootDisk = { type = "disk"; device = bootDevice; @@ -26,19 +28,24 @@ in { end = "100%"; content = { type = "btrfs"; - extraArgs = ["-f"]; - subvolumes = let - mountOptions = ["compress=zstd" "noatime"]; - in { - "/root" = { - inherit mountOptions; - mountpoint = "/"; + extraArgs = [ "-f" ]; + subvolumes = + let + mountOptions = [ + "compress=zstd" + "noatime" + ]; + in + { + "/root" = { + inherit mountOptions; + mountpoint = "/"; + }; + "/nix" = { + inherit mountOptions; + mountpoint = "/nix"; + }; }; - "/nix" = { - inherit mountOptions; - mountpoint = "/nix"; - }; - }; }; } ]; diff --git a/hosts/hijiri/default.nix b/hosts/hijiri/default.nix index 69bf8e0..6acc8cf 100644 --- a/hosts/hijiri/default.nix +++ b/hosts/hijiri/default.nix @@ -1,54 +1,56 @@ { - configurations.darwin.hijiri = {pkgs, ...}: { - imports = [ - ./skhd.nix - ./yabai.nix - ]; - - nixpkgs.system = "aarch64-darwin"; - - settei.user.config = { - common.desktop.enable = true; - home.packages = with pkgs; [ - utm - qemu - anki-bin + configurations.darwin.hijiri = + { pkgs, ... }: + { + imports = [ + ./skhd.nix + ./yabai.nix ]; - programs.alacritty.settings.font.size = 14; - }; - system.defaults = { - ".GlobalPreferences" = { - "com.apple.mouse.scaling" = -1.0; + nixpkgs.system = "aarch64-darwin"; + + settei.user.config = { + common.desktop.enable = true; + home.packages = with pkgs; [ + utm + qemu + anki-bin + ]; + programs.alacritty.settings.font.size = 14; }; - dock = { - autohide = true; - largesize = 64; - minimize-to-application = true; - orientation = "right"; - show-process-indicators = false; - show-recents = false; + + system.defaults = { + ".GlobalPreferences" = { + "com.apple.mouse.scaling" = -1.0; + }; + dock = { + autohide = true; + largesize = 64; + minimize-to-application = true; + orientation = "right"; + show-process-indicators = false; + show-recents = false; + }; + CustomUserPreferences.".GlobalPreferences" = { + "com.apple.scrollwheel.scaling" = "-1"; + }; }; - CustomUserPreferences.".GlobalPreferences" = { - "com.apple.scrollwheel.scaling" = "-1"; + system.keyboard = { + enableKeyMapping = true; + remapCapsLockToEscape = true; + nonUS.remapTilde = true; + swapLeftCommandAndLeftAlt = true; + # swap right command and right alt too + userKeyMapping = [ + { + HIDKeyboardModifierMappingSrc = 30064771302; + HIDKeyboardModifierMappingDst = 30064771303; + } + { + HIDKeyboardModifierMappingSrc = 30064771303; + HIDKeyboardModifierMappingDst = 30064771302; + } + ]; }; }; - system.keyboard = { - enableKeyMapping = true; - remapCapsLockToEscape = true; - nonUS.remapTilde = true; - swapLeftCommandAndLeftAlt = true; - # swap right command and right alt too - userKeyMapping = [ - { - HIDKeyboardModifierMappingSrc = 30064771302; - HIDKeyboardModifierMappingDst = 30064771303; - } - { - HIDKeyboardModifierMappingSrc = 30064771303; - HIDKeyboardModifierMappingDst = 30064771302; - } - ]; - }; - }; } diff --git a/hosts/hijiri/skhd.nix b/hosts/hijiri/skhd.nix index 17f82f1..fb3afb7 100644 --- a/hosts/hijiri/skhd.nix +++ b/hosts/hijiri/skhd.nix @@ -1,29 +1,38 @@ -{lib, ...}: { +{ lib, ... }: +{ services.skhd = { enable = true; - skhdConfig = let - spaceCount = 6; - spaceBindings = - lib.genList - (i: let num = toString (i + 1); in "cmd - ${num} : yabai -m space --focus ${num}") - spaceCount; - in '' - cmd - return : wezterm - cmd + shift - return : qutebrowser + skhdConfig = + let + spaceCount = 6; + spaceBindings = + lib.genList + ( + i: + let + num = toString (i + 1); + in + "cmd - ${num} : yabai -m space --focus ${num}" + ) + spaceCount; + in + '' + cmd - return : wezterm + cmd + shift - return : qutebrowser - cmd - h : yabai -m window --focus west - cmd - j : yabai -m window --focus south - cmd - k : yabai -m window --focus north - cmd - l : yabai -m window --focus east + cmd - h : yabai -m window --focus west + cmd - j : yabai -m window --focus south + cmd - k : yabai -m window --focus north + cmd - l : yabai -m window --focus east - cmd + shift - h : yabai -m window --swap west - cmd + shift - j : yabai -m window --swap south - cmd + shift - k : yabai -m window --swap north - cmd + shift - l : yabai -m window --swap east + cmd + shift - h : yabai -m window --swap west + cmd + shift - j : yabai -m window --swap south + cmd + shift - k : yabai -m window --swap north + cmd + shift - l : yabai -m window --swap east - cmd + shift - space : yabai -m window --toggle float + cmd + shift - space : yabai -m window --toggle float - ${lib.concatStringsSep "\n" spaceBindings} - ''; + ${lib.concatStringsSep "\n" spaceBindings} + ''; }; } diff --git a/hosts/hijiri/yabai.nix b/hosts/hijiri/yabai.nix index 1fe212c..2cb2b11 100644 --- a/hosts/hijiri/yabai.nix +++ b/hosts/hijiri/yabai.nix @@ -1,8 +1,5 @@ +{ lib, pkgs, ... }: { - lib, - pkgs, - ... -}: { services.yabai = { enable = true; enableScriptingAddition = true; diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix index 4a46850..24bdef8 100644 --- a/hosts/installer/default.nix +++ b/hosts/installer/default.nix @@ -1,15 +1,27 @@ -{lib, ...}: { - configurations.nixos = let - mkInstaller = system: ({pkgs, ...}: { - nixpkgs = {inherit system;}; +{ lib, ... }: +{ + configurations.nixos = + let + mkInstaller = + system: + ( + { pkgs, ... }: + { + nixpkgs = { + inherit system; + }; - environment.systemPackages = [pkgs.nixos-install-tools]; + environment.systemPackages = [ pkgs.nixos-install-tools ]; - # Make nixos-anywhere treat this as a installer iso - system.nixos.variant_id = "installer"; - }); - systems = ["aarch64-linux" "x86_64-linux"]; - installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems; - in + # Make nixos-anywhere treat this as a installer iso + system.nixos.variant_id = "installer"; + } + ); + systems = [ + "aarch64-linux" + "x86_64-linux" + ]; + installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems; + in lib.listToAttrs installers; } diff --git a/hosts/kazuki/attic.nix b/hosts/kazuki/attic.nix index ce86e71..9ee44b7 100644 --- a/hosts/kazuki/attic.nix +++ b/hosts/kazuki/attic.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... -}: let +{ config, lib, ... }: +let atticPort = 9476; -in { +in +{ age.secrets.attic-creds = { file = ../../secrets/attic-creds.age; owner = config.services.atticd.user; @@ -48,7 +46,7 @@ in { }; systemd.services.atticd = { - after = ["storage\\x2dbox.mount"]; + after = [ "storage\\x2dbox.mount" ]; serviceConfig.DynamicUser = lib.mkForce false; }; @@ -57,8 +55,11 @@ in { defaults.email = "nikodem@rabulinski.com"; }; - users.users.nginx.extraGroups = ["acme"]; - networking.firewall.allowedTCPPorts = [80 443]; + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; services.nginx = { enable = true; @@ -94,7 +95,7 @@ in { }; upstreams."attic".servers = { - "localhost:${toString atticPort}" = {}; + "localhost:${toString atticPort}" = { }; }; appendHttpConfig = '' diff --git a/hosts/kazuki/conduit.nix b/hosts/kazuki/conduit.nix index 45e3d5f..65f5cea 100644 --- a/hosts/kazuki/conduit.nix +++ b/hosts/kazuki/conduit.nix @@ -3,10 +3,12 @@ pkgs, inputs', ... -}: let - formatJson = pkgs.formats.json {}; +}: +let + formatJson = pkgs.formats.json { }; serverDomain = "matrix.nrab.lol"; -in { +in +{ services.matrix-conduit = { enable = true; package = inputs'.settei.packages.conduit-next; @@ -23,8 +25,13 @@ in { defaults.email = "nikodem@rabulinski.com"; }; - users.users.nginx.extraGroups = ["acme"]; - networking.firewall.allowedTCPPorts = [80 443 8448 2222]; + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + 2222 + ]; services.nginx = { enable = true; @@ -35,9 +42,7 @@ in { enableACME = true; locations."=/.well-known/matrix/server" = { - alias = formatJson.generate "well-known-matrix-server" { - "m.server" = serverDomain; - }; + alias = formatJson.generate "well-known-matrix-server" { "m.server" = serverDomain; }; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin "*"; @@ -95,7 +100,7 @@ in { }; upstreams."backend_conduit".servers = { - "localhost:${toString config.services.matrix-conduit.settings.global.port}" = {}; + "localhost:${toString config.services.matrix-conduit.settings.global.port}" = { }; }; }; } diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 8995938..eabad0a 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -1,47 +1,49 @@ { - configurations.nixos.kazuki = { - config, - modulesPath, - lib, - ... - }: { - imports = [ - "${modulesPath}/profiles/qemu-guest.nix" - ./disks.nix + configurations.nixos.kazuki = + { + config, + modulesPath, + lib, + ... + }: + { + imports = [ + "${modulesPath}/profiles/qemu-guest.nix" + ./disks.nix - ./conduit.nix - ./mail.nix - ./vault.nix - ./storage.nix - ./attic.nix - ./ntfy.nix - ]; + ./conduit.nix + ./mail.nix + ./vault.nix + ./storage.nix + ./attic.nix + ./ntfy.nix + ]; - nixpkgs.hostPlatform = "aarch64-linux"; - # Not intended for interactive use - settei.user.enable = false; + nixpkgs.hostPlatform = "aarch64-linux"; + # Not intended for interactive use + settei.user.enable = false; - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.configurationLimit = 1; - loader.efi.canTouchEfiVariables = true; - }; - systemd.network.enable = true; - systemd.network.networks."10-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig.DHCP = "ipv4"; - address = ["2a01:4f8:c012:e5c::/64"]; - routes = [{routeConfig.Gateway = "fe80::1";}]; - }; - networking.useNetworkd = true; + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.configurationLimit = 1; + loader.efi.canTouchEfiVariables = true; + }; + systemd.network.enable = true; + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp1s0"; + networkConfig.DHCP = "ipv4"; + address = [ "2a01:4f8:c012:e5c::/64" ]; + routes = [ { routeConfig.Gateway = "fe80::1"; } ]; + }; + networking.useNetworkd = true; - common.hercules.enable = true; - common.github-runner = { - enable = true; - runners.settei = { - url = "https://github.com/nrabulinski/settei"; - instances = 2; + common.hercules.enable = true; + common.github-runner = { + enable = true; + runners.settei = { + url = "https://github.com/nrabulinski/settei"; + instances = 2; + }; }; }; - }; } diff --git a/hosts/kazuki/disks.nix b/hosts/kazuki/disks.nix index 86f5ba6..fb5a1e6 100644 --- a/hosts/kazuki/disks.nix +++ b/hosts/kazuki/disks.nix @@ -1,6 +1,8 @@ -args: let +args: +let bootDevice = args.bootDevice or "/dev/sda"; -in { +in +{ disko.devices.disk.bootDisk = { type = "disk"; device = bootDevice; @@ -26,19 +28,24 @@ in { end = "-4G"; content = { type = "btrfs"; - extraArgs = ["-f"]; - subvolumes = let - mountOptions = ["compress=zstd" "noatime"]; - in { - "/root" = { - inherit mountOptions; - mountpoint = "/"; + extraArgs = [ "-f" ]; + subvolumes = + let + mountOptions = [ + "compress=zstd" + "noatime" + ]; + in + { + "/root" = { + inherit mountOptions; + mountpoint = "/"; + }; + "/nix" = { + inherit mountOptions; + mountpoint = "/nix"; + }; }; - "/nix" = { - inherit mountOptions; - mountpoint = "/nix"; - }; - }; }; } { diff --git a/hosts/kazuki/mail.nix b/hosts/kazuki/mail.nix index d596559..4be5d1c 100644 --- a/hosts/kazuki/mail.nix +++ b/hosts/kazuki/mail.nix @@ -1,12 +1,18 @@ -{config, ...}: { +{ config, ... }: +{ # nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 age.secrets = { leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age; alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age; }; - users.users.nginx.extraGroups = ["acme"]; - networking.firewall.allowedTCPPorts = [80 443 8448 2222]; + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + 2222 + ]; mailserver = { enable = true; @@ -21,7 +27,7 @@ loginAccounts = { "1337@nrab.lol" = { hashedPasswordFile = config.age.secrets.leet-nrab-lol.path; - aliases = ["n@rab.lol"]; + aliases = [ "n@rab.lol" ]; }; "alert@nrab.lol" = { hashedPasswordFile = config.age.secrets.alert-nrab-lol.path; @@ -34,5 +40,5 @@ }; # TODO: Remove once SNM gets their shit together - services.dovecot2.sieve.extensions = ["fileinto"]; + services.dovecot2.sieve.extensions = [ "fileinto" ]; } diff --git a/hosts/kazuki/ntfy.nix b/hosts/kazuki/ntfy.nix index 4a08114..b6ae50d 100644 --- a/hosts/kazuki/ntfy.nix +++ b/hosts/kazuki/ntfy.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ age.secrets.nrab-lol-cf = { file = ../../secrets/nrab-lol-cf.age; owner = config.services.nginx.user; @@ -15,8 +16,11 @@ }; }; - users.users.nginx.extraGroups = ["acme"]; - networking.firewall.allowedTCPPorts = [80 443]; + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; services.nginx = { enable = true; @@ -35,7 +39,7 @@ }; upstreams.ntfy.servers = { - "localhost:9800" = {}; + "localhost:9800" = { }; }; }; diff --git a/hosts/kazuki/storage.nix b/hosts/kazuki/storage.nix index a6bfa2d..21d7bde 100644 --- a/hosts/kazuki/storage.nix +++ b/hosts/kazuki/storage.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ age.secrets.storage-box-webdav = { file = ../../secrets/storage-box-webdav.age; }; diff --git a/hosts/kazuki/vault.nix b/hosts/kazuki/vault.nix index defab69..f37ae5a 100644 --- a/hosts/kazuki/vault.nix +++ b/hosts/kazuki/vault.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ age.secrets.vault-cert-env = { file = ../../secrets/vault-cert-env.age; owner = config.services.nginx.user; @@ -11,8 +12,13 @@ }; }; - users.users.nginx.extraGroups = ["acme"]; - networking.firewall.allowedTCPPorts = [80 443 8448 2222]; + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + 2222 + ]; services.nginx = { enable = true; @@ -31,7 +37,7 @@ }; upstreams.vaultwarden.servers = { - "localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = {}; + "localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = { }; }; }; diff --git a/hosts/kogata/default.nix b/hosts/kogata/default.nix index e5dc94a..87a0954 100644 --- a/hosts/kogata/default.nix +++ b/hosts/kogata/default.nix @@ -1,22 +1,19 @@ { - configurations.darwin.kogata = { - pkgs, - lib, - ... - }: { - nixpkgs.system = "aarch64-darwin"; + configurations.darwin.kogata = + { pkgs, lib, ... }: + { + nixpkgs.system = "aarch64-darwin"; - settei.user.config.common.desktop.enable = true; + settei.user.config.common.desktop.enable = true; - # TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) ["teams"]; - environment.systemPackages = with pkgs; [teams]; + # TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "teams" ]; + environment.systemPackages = with pkgs; [ teams ]; - common.hercules.enable = true; - common.github-runner = { - enable = true; - runners.settei.url = "https://github.com/nrabulinski/settei"; + common.hercules.enable = true; + common.github-runner = { + enable = true; + runners.settei.url = "https://github.com/nrabulinski/settei"; + }; }; - }; } diff --git a/hosts/legion/default.nix b/hosts/legion/default.nix index 7f71d1b..849592f 100644 --- a/hosts/legion/default.nix +++ b/hosts/legion/default.nix @@ -1,49 +1,51 @@ { - configurations.nixos.legion = { - config, - lib, - username, - ... - }: { - imports = [ - ./hardware.nix - # ./disks.nix - ./msmtp.nix - ./desktop.nix - ]; + configurations.nixos.legion = + { + config, + lib, + username, + ... + }: + { + imports = [ + ./hardware.nix + # ./disks.nix + ./msmtp.nix + ./desktop.nix + ]; - nixpkgs.hostPlatform = "x86_64-linux"; + nixpkgs.hostPlatform = "x86_64-linux"; - specialisation = { - nas.configuration = ./nas; - }; + specialisation = { + nas.configuration = ./nas; + }; - boot = { - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; + boot = { + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; - networking = { - hostName = "legion"; - hostId = builtins.substring 0 8 (builtins.readFile ./machine-id); - networkmanager.enable = true; - firewall.trustedInterfaces = ["tailscale0"]; - }; - systemd.services.NetworkManager-wait-online.enable = false; + networking = { + hostName = "legion"; + hostId = builtins.substring 0 8 (builtins.readFile ./machine-id); + networkmanager.enable = true; + firewall.trustedInterfaces = [ "tailscale0" ]; + }; + systemd.services.NetworkManager-wait-online.enable = false; - powerManagement.cpuFreqGovernor = "performance"; + powerManagement.cpuFreqGovernor = "performance"; - age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age; - users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path; + age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age; + users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path; - common.hercules.enable = true; - common.github-runner = { - enable = true; - runners.settei = { - url = "https://github.com/nrabulinski/settei"; - instances = 4; + common.hercules.enable = true; + common.github-runner = { + enable = true; + runners.settei = { + url = "https://github.com/nrabulinski/settei"; + instances = 4; + }; }; }; - }; } diff --git a/hosts/legion/desktop.nix b/hosts/legion/desktop.nix index 785546f..a8e73a5 100644 --- a/hosts/legion/desktop.nix +++ b/hosts/legion/desktop.nix @@ -5,13 +5,17 @@ lib, username, ... -}: { +}: +{ # Needed for nvidia and steam nixpkgs.config.allowUnfree = true; settei.user.config = { common.desktop.enable = true; - home.packages = with pkgs; [brightnessctl dmenu]; + home.packages = with pkgs; [ + brightnessctl + dmenu + ]; xsession.windowManager.i3 = { enable = true; @@ -32,15 +36,19 @@ enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; - gamescopeSession = {}; + gamescopeSession = { }; }; hardware.steam-hardware.enable = true; services.logind = lib.genAttrs - ["lidSwitch" "lidSwitchDocked" "lidSwitchExternalPower"] - (_: "ignore"); + [ + "lidSwitch" + "lidSwitchDocked" + "lidSwitchExternalPower" + ] + (_: "ignore"); services.pipewire = { enable = true; @@ -51,13 +59,16 @@ programs.dconf.enable = true; services.dbus.enable = true; - users.users.${username}.extraGroups = ["video" "input"]; + users.users.${username}.extraGroups = [ + "video" + "input" + ]; # NVIDIA stuff services.xserver = { enable = true; - excludePackages = [pkgs.xterm]; - videoDrivers = ["nvidia"]; + excludePackages = [ pkgs.xterm ]; + videoDrivers = [ "nvidia" ]; xkb.layout = "pl"; displayManager.startx.enable = true; config = lib.mkForce '' diff --git a/hosts/legion/disks.nix b/hosts/legion/disks.nix index 5b1194d..89c0339 100644 --- a/hosts/legion/disks.nix +++ b/hosts/legion/disks.nix @@ -1,8 +1,7 @@ args: -/* -let - bootDevice = args.bootDevice or "/dev/nvme0n1"; -in +/* let + bootDevice = args.bootDevice or "/dev/nvme0n1"; + in */ { assertions = [ diff --git a/hosts/legion/hardware.nix b/hosts/legion/hardware.nix index 3b5b717..f1b8f71 100644 --- a/hosts/legion/hardware.nix +++ b/hosts/legion/hardware.nix @@ -1,8 +1,20 @@ -{config, ...}: { - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"]; - boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call]; - boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"]; - boot.blacklistedKernelModules = ["nouveau"]; +{ config, ... }: +{ + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "uas" + ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; + boot.kernelModules = [ + "kvm-intel" + "i2c-dev" + "acpi_call" + ]; + boot.blacklistedKernelModules = [ "nouveau" ]; # Needed for enableAllFirmware nixpkgs.config.allowUnfree = true; @@ -15,37 +27,57 @@ # TODO: Move to disko only # TODO: Actually set up impermanence - boot.supportedFilesystems = ["btrfs"]; + boot.supportedFilesystems = [ "btrfs" ]; boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS"; fileSystems."/" = { device = "/dev/disk/by-label/LINUX"; fsType = "btrfs"; - options = ["subvol=root" "compress=zstd" "noatime"]; + options = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; }; fileSystems."/home" = { device = "/dev/disk/by-label/LINUX"; fsType = "btrfs"; - options = ["subvol=home" "compress=zstd" "noatime"]; + options = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/LINUX"; fsType = "btrfs"; - options = ["subvol=nix" "compress=zstd" "noatime"]; + options = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; }; fileSystems."/persist" = { device = "/dev/disk/by-label/LINUX"; fsType = "btrfs"; - options = ["subvol=persist" "compress=zstd" "noatime"]; + options = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; }; fileSystems."/var/log" = { device = "/dev/disk/by-label/LINUX"; fsType = "btrfs"; - options = ["subvol=log" "compress=zstd" "noatime"]; + options = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; neededForBoot = true; }; @@ -54,7 +86,5 @@ fsType = "vfat"; }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; } diff --git a/hosts/legion/msmtp.nix b/hosts/legion/msmtp.nix index fea94f5..dc51c15 100644 --- a/hosts/legion/msmtp.nix +++ b/hosts/legion/msmtp.nix @@ -4,13 +4,15 @@ config, username, ... -}: let +}: +let mail = "alert@nrab.lol"; aliases = pkgs.writeText "mail-aliases" '' ${username}: nikodem@rabulinski.com root: ${mail} ''; -in { +in +{ age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age; programs.msmtp = { diff --git a/hosts/legion/nas/default.nix b/hosts/legion/nas/default.nix index f8fca2d..6dad8bc 100644 --- a/hosts/legion/nas/default.nix +++ b/hosts/legion/nas/default.nix @@ -3,19 +3,21 @@ lib, username, ... -}: { - imports = [ - ./media.nix +}: +{ + imports = [ ./media.nix ]; + + boot.supportedFilesystems = [ + "ext4" + "zfs" ]; - boot.supportedFilesystems = ["ext4" "zfs"]; - - boot.zfs.extraPools = ["yottapool"]; + boot.zfs.extraPools = [ "yottapool" ]; services.zfs = { autoScrub.enable = true; zed.settings = { ZED_DEBUG_LOG = "/tmp/zed.debug.log"; - ZED_EMAIL_ADDR = [username]; + ZED_EMAIL_ADDR = [ username ]; ZED_EMAIL_PROG = lib.getExe pkgs.msmtp; ZED_EMAIL_OPTS = "@ADDRESS@"; @@ -38,8 +40,8 @@ options = "bind,nofail"; what = "/media/data"; where = "/export/yotta-data"; - requires = ["zfs-mount.service"]; - wantedBy = ["multi-user.target"]; + requires = [ "zfs-mount.service" ]; + wantedBy = [ "multi-user.target" ]; } ]; diff --git a/hosts/legion/nas/media.nix b/hosts/legion/nas/media.nix index 84752ca..62aa92c 100644 --- a/hosts/legion/nas/media.nix +++ b/hosts/legion/nas/media.nix @@ -1,4 +1,5 @@ -{username, ...}: { +{ username, ... }: +{ services.jellyfin.enable = true; services.radarr.enable = true; services.sonarr.enable = true; @@ -10,9 +11,12 @@ }; users.users = { - jellyfin.extraGroups = ["radarr" "sonarr"]; - radarr.extraGroups = ["deluge"]; - sonarr.extraGroups = ["deluge"]; - ${username}.extraGroups = ["deluge"]; + jellyfin.extraGroups = [ + "radarr" + "sonarr" + ]; + radarr.extraGroups = [ "deluge" ]; + sonarr.extraGroups = [ "deluge" ]; + ${username}.extraGroups = [ "deluge" ]; }; } diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix index a6be5ef..4b7dd17 100644 --- a/hosts/ude/default.nix +++ b/hosts/ude/default.nix @@ -1,39 +1,41 @@ { - configurations.nixos.ude = { - config, - modulesPath, - lib, - ... - }: { - imports = [ - "${modulesPath}/profiles/qemu-guest.nix" - ./disks.nix - ]; + configurations.nixos.ude = + { + config, + modulesPath, + lib, + ... + }: + { + imports = [ + "${modulesPath}/profiles/qemu-guest.nix" + ./disks.nix + ]; - nixpkgs.hostPlatform = "aarch64-linux"; + nixpkgs.hostPlatform = "aarch64-linux"; - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.configurationLimit = 1; - loader.efi.canTouchEfiVariables = true; - }; - - common.hercules.enable = true; - services.hercules-ci-agent.settings.concurrentTasks = 6; - common.github-runner = { - enable = true; - runners.settei = { - url = "https://github.com/nrabulinski/settei"; - instances = 6; + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.configurationLimit = 1; + loader.efi.canTouchEfiVariables = true; }; - }; - services.nginx = { - enable = true; - appendHttpConfig = '' - include /impure/nginx/*.conf; - ''; + common.hercules.enable = true; + services.hercules-ci-agent.settings.concurrentTasks = 6; + common.github-runner = { + enable = true; + runners.settei = { + url = "https://github.com/nrabulinski/settei"; + instances = 6; + }; + }; + + services.nginx = { + enable = true; + appendHttpConfig = '' + include /impure/nginx/*.conf; + ''; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; }; - networking.firewall.allowedTCPPorts = [80]; - }; } diff --git a/hosts/ude/disks.nix b/hosts/ude/disks.nix index 9b0d955..bf7e8fd 100644 --- a/hosts/ude/disks.nix +++ b/hosts/ude/disks.nix @@ -1,6 +1,8 @@ -args: let +args: +let bootDevice = args.bootDevice or "/dev/sda"; -in { +in +{ disko.devices = { disk = { vdb = { @@ -24,19 +26,24 @@ in { size = "100%"; content = { type = "btrfs"; - extraArgs = ["-f"]; - subvolumes = let - mountOptions = ["compress=zstd" "noatime"]; - in { - "/root" = { - mountpoint = "/"; - inherit mountOptions; + extraArgs = [ "-f" ]; + subvolumes = + let + mountOptions = [ + "compress=zstd" + "noatime" + ]; + in + { + "/root" = { + mountpoint = "/"; + inherit mountOptions; + }; + "/nix" = { + mountpoint = "/nix"; + inherit mountOptions; + }; }; - "/nix" = { - mountpoint = "/nix"; - inherit mountOptions; - }; - }; }; }; }; diff --git a/modules/flake/configurations.nix b/modules/flake/configurations.nix index d65c9fa..b5ab71b 100644 --- a/modules/flake/configurations.nix +++ b/modules/flake/configurations.nix @@ -2,13 +2,15 @@ nixpkgs, darwin, home-manager, -}: { +}: +{ config, lib, flake-parts-lib, ... }: -with lib; { +with lib; +{ _file = ./configurations.nix; options = { @@ -32,31 +34,22 @@ with lib; { configurations = { nixos = mkOption { type = types.lazyAttrsOf types.deferredModule; - default = {}; + default = { }; }; darwin = mkOption { type = types.lazyAttrsOf types.deferredModule; - default = {}; + default = { }; }; home = mkOption { type = types.lazyAttrsOf types.deferredModule; - default = {}; + default = { }; }; }; }; config.flake = { - nixosConfigurations = - mapAttrs - config.builders.nixos - config.configurations.nixos; - darwinConfigurations = - mapAttrs - config.builders.darwin - config.configurations.darwin; - homeConfigurations = - mapAttrs - config.builders.home - config.configurations.home; + nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos; + darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin; + homeConfigurations = mapAttrs config.builders.home config.configurations.home; }; } diff --git a/modules/flake/default.nix b/modules/flake/default.nix index 7bd6926..a255829 100644 --- a/modules/flake/default.nix +++ b/modules/flake/default.nix @@ -3,13 +3,17 @@ lib, inputs, ... -}: let +}: +let inherit (flake-parts-lib) importApply; flakeModules = { - configurations = importApply ./configurations.nix {inherit (inputs) nixpkgs darwin home-manager;}; + configurations = importApply ./configurations.nix { inherit (inputs) nixpkgs darwin home-manager; }; }; -in { +in +{ imports = lib.attrValues flakeModules; - flake = {inherit flakeModules;}; + flake = { + inherit flakeModules; + }; } diff --git a/modules/home/common/default.nix b/modules/home/common/default.nix index 20ed538..e5bd18a 100644 --- a/modules/home/common/default.nix +++ b/modules/home/common/default.nix @@ -6,13 +6,15 @@ inputs', machineName, ... -} @ args: let +}@args: +let # TODO: Conditionally define based on whether we're in a system configuration or not fishOverlayModule = lib.mkIf (!args ? osConfig) { # See modules/system/common/default.nix for reasoning. - nixpkgs.overlays = [(_: _: {inherit (inputs'.settei.packages) fish;})]; + nixpkgs.overlays = [ (_: _: { inherit (inputs'.settei.packages) fish; }) ]; }; -in { +in +{ _file = ./default.nix; imports = [ @@ -49,7 +51,10 @@ in { }; }; - home.packages = [inputs'.settei.packages.base-packages pkgs.nh]; + home.packages = [ + inputs'.settei.packages.base-packages + pkgs.nh + ]; home.sessionVariables.EDITOR = "hx"; } diff --git a/modules/home/common/desktop/default.nix b/modules/home/common/desktop/default.nix index 4020b7c..4b763fd 100644 --- a/modules/home/common/desktop/default.nix +++ b/modules/home/common/desktop/default.nix @@ -5,7 +5,8 @@ inputs, inputs', ... -}: { +}: +{ _file = ./default.nix; options.common.desktop = { @@ -23,18 +24,17 @@ programs.firefox = { enable = true; - package = let - firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay; - in + package = + let + firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay; + in lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin; }; programs.qutebrowser = { enable = true; package = - if pkgs.stdenv.isDarwin - then inputs'.niko-nur.packages.qutebrowser-bin - else pkgs.qutebrowser; + if pkgs.stdenv.isDarwin then inputs'.niko-nur.packages.qutebrowser-bin else pkgs.qutebrowser; }; programs.zellij = { @@ -42,7 +42,7 @@ settings = { keybinds = { shared_except = { - _args = ["locked"]; + _args = [ "locked" ]; unbind = "Ctrl q"; }; }; diff --git a/modules/system/common/default.nix b/modules/system/common/default.nix index e8df39e..70e91b7 100644 --- a/modules/system/common/default.nix +++ b/modules/system/common/default.nix @@ -1,4 +1,5 @@ -{isLinux}: { +{ isLinux }: +{ config, configurationName, lib, @@ -7,7 +8,8 @@ inputs', username, ... -}: let +}: +let sharedConfig = { settei = { username = lib.mkDefault "niko"; @@ -20,7 +22,7 @@ enable = lib.mkDefault true; # TODO: Move to settei or leave here? extraArgs.machineName = configurationName; - config.imports = [inputs.settei.homeModules.common]; + config.imports = [ inputs.settei.homeModules.common ]; }; }; @@ -31,7 +33,7 @@ # NixOS' fish module doesn't allow setting what package to use for fish, # so I need to override the fish package. - nixpkgs.overlays = [(_: _: {inherit (inputs'.settei.packages) fish;})]; + nixpkgs.overlays = [ (_: _: { inherit (inputs'.settei.packages) fish; }) ]; nix.settings.allow-import-from-derivation = false; }; @@ -53,15 +55,16 @@ system.stateVersion = 4; # Every macOS ARM machine can emulate x86. - nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 ["x86_64-darwin"]; + nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 [ "x86_64-darwin" ]; }; -in { +in +{ _file = ./default.nix; imports = [ - (import ./hercules.nix {inherit isLinux;}) - (import ./user.nix {inherit isLinux;}) - (import ./github-runner.nix {inherit isLinux;}) + (import ./hercules.nix { inherit isLinux; }) + (import ./user.nix { inherit isLinux; }) + (import ./github-runner.nix { inherit isLinux; }) ]; config = lib.mkMerge [ diff --git a/modules/system/common/github-runner.nix b/modules/system/common/github-runner.nix index dd65051..058bea7 100644 --- a/modules/system/common/github-runner.nix +++ b/modules/system/common/github-runner.nix @@ -1,9 +1,11 @@ -{isLinux}: { +{ isLinux }: +{ config, lib, pkgs, ... -}: let +}: +let inherit (lib) mkOption types; github-runner-user = "github-runner"; @@ -20,10 +22,10 @@ services.github-runners = lib.pipe cfg.runners [ (lib.mapAttrsToList ( name: cfg: - lib.genList (i: - lib.nameValuePair - "${name}-${toString i}" - { + lib.genList + ( + i: + lib.nameValuePair "${name}-${toString i}" { enable = true; tokenFile = config.age.secrets.github-token.path; inherit (cfg) url; @@ -32,8 +34,9 @@ serviceOverrides = { DynamicUser = false; }; - extraLabels = ["nix"]; - }) + extraLabels = [ "nix" ]; + } + ) cfg.instances )) lib.flatten @@ -45,41 +48,48 @@ isSystemUser = true; group = github-runner-user; }; - groups.${github-runner-user} = {}; + groups.${github-runner-user} = { }; }; }; darwinConfig = lib.optionalAttrs (!isLinux) { warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet"; }; -in { +in +{ _file = ./github-runner.nix; options.common.github-runner = { enable = lib.mkEnableOption "using this machine as a self-hosted github runner"; runners = mkOption { - type = with types; - attrsOf (submodule ({name, ...}: { - options = { - name = mkOption { - type = types.str; - default = "${name}-${config.networking.hostName}"; - }; - url = mkOption { - type = types.str; - }; - instances = mkOption { - type = types.int; - default = 1; - }; - }; - })); + type = + with types; + attrsOf ( + submodule ( + { name, ... }: + { + options = { + name = mkOption { + type = types.str; + default = "${name}-${config.networking.hostName}"; + }; + url = mkOption { type = types.str; }; + instances = mkOption { + type = types.int; + default = 1; + }; + }; + } + ) + ); }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - sharedConfig - linuxConfig - darwinConfig - ]); + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + sharedConfig + linuxConfig + darwinConfig + ] + ); } diff --git a/modules/system/common/hercules.nix b/modules/system/common/hercules.nix index d084ba1..dd5b5f2 100644 --- a/modules/system/common/hercules.nix +++ b/modules/system/common/hercules.nix @@ -1,49 +1,51 @@ -{isLinux}: { +{ isLinux }: +{ config, pkgs, lib, ... -}: let +}: +let options = { common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration"; }; herculesUser = - if isLinux - then config.systemd.services.hercules-ci-agent.serviceConfig.User - else config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName; -in { + if isLinux then + config.systemd.services.hercules-ci-agent.serviceConfig.User + else + config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName; +in +{ _file = ./hercules.nix; inherit options; config = lib.mkIf false - /* - config.common.hercules.enable - */ - { - age.secrets.hercules-token = { - file = ../../../secrets/hercules-token.age; - owner = herculesUser; - }; - age.secrets.hercules-cache = { - file = ../../../secrets/hercules-cache.age; - owner = herculesUser; - }; - age.secrets.hercules-secrets = { - file = ../../../secrets/hercules-secrets.age; - owner = herculesUser; - }; + # config.common.hercules.enable + { + age.secrets.hercules-token = { + file = ../../../secrets/hercules-token.age; + owner = herculesUser; + }; + age.secrets.hercules-cache = { + file = ../../../secrets/hercules-cache.age; + owner = herculesUser; + }; + age.secrets.hercules-secrets = { + file = ../../../secrets/hercules-secrets.age; + owner = herculesUser; + }; - services.hercules-ci-agent = { - enable = true; - settings = { - clusterJoinTokenPath = config.age.secrets.hercules-token.path; - concurrentTasks = lib.mkDefault 4; - binaryCachesPath = config.age.secrets.hercules-cache.path; - secretsJsonPath = config.age.secrets.hercules-secrets.path; + services.hercules-ci-agent = { + enable = true; + settings = { + clusterJoinTokenPath = config.age.secrets.hercules-token.path; + concurrentTasks = lib.mkDefault 4; + binaryCachesPath = config.age.secrets.hercules-cache.path; + secretsJsonPath = config.age.secrets.hercules-secrets.path; + }; }; }; - }; } diff --git a/modules/system/common/user.nix b/modules/system/common/user.nix index 700cd1d..2c2fa4d 100644 --- a/modules/system/common/user.nix +++ b/modules/system/common/user.nix @@ -1,24 +1,21 @@ -{isLinux}: { - config, - lib, - ... -}: let +{ isLinux }: +{ config, lib, ... }: +let sharedConfig = { settei.programs.podman.enable = true; }; - linuxConfig = lib.optionalAttrs isLinux { - boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0; - }; + linuxConfig = lib.optionalAttrs isLinux { boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0; }; - darwinConfig = lib.optionalAttrs (!isLinux) {}; + darwinConfig = lib.optionalAttrs (!isLinux) { }; finalConfig = lib.mkMerge [ sharedConfig linuxConfig darwinConfig ]; -in { +in +{ _file = ./user.nix; config = lib.mkIf config.settei.user.enable finalConfig; diff --git a/modules/system/default.nix b/modules/system/default.nix index 324dabe..d0df531 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -1,17 +1,22 @@ +{ config, lib, ... }: { - config, - lib, - ... -}: { - flake = lib.genAttrs ["nixosModules" "darwinModules"] (attr: let - isLinux = lib.hasPrefix "nixos" attr; - in { - settei = import ./settei { - inherit (config) perInput; - inherit isLinux; - }; - common = import ./common { - inherit isLinux; - }; - }); + flake = + lib.genAttrs + [ + "nixosModules" + "darwinModules" + ] + ( + attr: + let + isLinux = lib.hasPrefix "nixos" attr; + in + { + settei = import ./settei { + inherit (config) perInput; + inherit isLinux; + }; + common = import ./common { inherit isLinux; }; + } + ); } diff --git a/modules/system/settei/default.nix b/modules/system/settei/default.nix index e0807da..7bfc464 100644 --- a/modules/system/settei/default.nix +++ b/modules/system/settei/default.nix @@ -2,25 +2,25 @@ perInput, # TODO: Figure out a nicer way of doing this without infrec? isLinux, -}: { +}: +{ lib, pkgs, config, options, ... -}: { +}: +{ _file = ./default.nix; imports = [ - (import ./sane-defaults.nix {inherit isLinux;}) - (import ./flake-qol.nix {inherit perInput;}) + (import ./sane-defaults.nix { inherit isLinux; }) + (import ./flake-qol.nix { inherit perInput; }) ./user.nix - (import ./programs {inherit isLinux;}) + (import ./programs { inherit isLinux; }) ]; options.settei = with lib; { - username = mkOption { - type = types.str; - }; + username = mkOption { type = types.str; }; }; } diff --git a/modules/system/settei/flake-qol.nix b/modules/system/settei/flake-qol.nix index b4b6636..73deec4 100644 --- a/modules/system/settei/flake-qol.nix +++ b/modules/system/settei/flake-qol.nix @@ -1,11 +1,14 @@ -{perInput}: { +{ perInput }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.settei.flake-qol; -in { +in +{ _file = ./flake-qol.nix; options.settei.flake-qol = with lib; { @@ -14,9 +17,7 @@ in { type = types.bool; default = true; }; - inputs = mkOption { - type = types.unspecified; - }; + inputs = mkOption { type = types.unspecified; }; inputs-flakes = mkOption { type = types.attrs; readOnly = true; @@ -27,11 +28,10 @@ in { }; }; - config = let - reexportedArgs = lib.mkIf cfg.reexportAsArgs { - inherit (cfg) inputs inputs-flakes inputs'; - }; - in + config = + let + reexportedArgs = lib.mkIf cfg.reexportAsArgs { inherit (cfg) inputs inputs-flakes inputs'; }; + in lib.mkIf cfg.enable { settei.flake-qol = { inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs; @@ -42,7 +42,7 @@ in { settei.user.extraArgs = reexportedArgs; nix = { - registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes; + registry = lib.mapAttrs (_: flake: { inherit flake; }) cfg.inputs-flakes; nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes; }; }; diff --git a/modules/system/settei/programs/default.nix b/modules/system/settei/programs/default.nix index 1c59d6e..e31ccc3 100644 --- a/modules/system/settei/programs/default.nix +++ b/modules/system/settei/programs/default.nix @@ -1,7 +1,6 @@ -{isLinux}: { +{ isLinux }: +{ _file = ./default.nix; - imports = [ - (import ./podman.nix {inherit isLinux;}) - ]; + imports = [ (import ./podman.nix { inherit isLinux; }) ]; } diff --git a/modules/system/settei/programs/podman.nix b/modules/system/settei/programs/podman.nix index ffb6e4c..6068879 100644 --- a/modules/system/settei/programs/podman.nix +++ b/modules/system/settei/programs/podman.nix @@ -1,11 +1,13 @@ -{isLinux}: { +{ isLinux }: +{ config, lib, pkgs, ... -}: let +}: +let sharedConfig = { - environment.systemPackages = [pkgs.podman-compose]; + environment.systemPackages = [ pkgs.podman-compose ]; }; linuxConfig = lib.optionalAttrs isLinux { @@ -16,16 +18,15 @@ }; }; - darwinConfig = lib.optionalAttrs (!isLinux) { - environment.systemPackages = [pkgs.podman]; - }; + darwinConfig = lib.optionalAttrs (!isLinux) { environment.systemPackages = [ pkgs.podman ]; }; finalConfig = lib.mkMerge [ sharedConfig linuxConfig darwinConfig ]; -in { +in +{ _file = ./podman.nix; options.settei.programs.podman.enable = lib.mkEnableOption "Podman"; diff --git a/modules/system/settei/sane-defaults.nix b/modules/system/settei/sane-defaults.nix index 30a1467..e25d87f 100644 --- a/modules/system/settei/sane-defaults.nix +++ b/modules/system/settei/sane-defaults.nix @@ -1,8 +1,6 @@ -{isLinux}: { - config, - lib, - ... -} @ args: let +{ isLinux }: +{ config, lib, ... }@args: +let cfg = config.settei.sane-defaults; inherit (config.settei) username; @@ -11,7 +9,7 @@ enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)"; allSshKeys = mkOption { type = types.attrsOf types.singleLineStr; - default = {}; + default = { }; }; tailnet = mkOption { type = types.nullOr types.str; @@ -20,98 +18,108 @@ }; }; - sharedConfig = let - adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword; - in { - _module.args = { - username = lib.mkDefault username; - }; - - # FIXME: Move to common - services.tailscale.enable = true; - - networking.hostName = lib.mkDefault ( - args.configurationName - or (throw "pass configurationName to module arguments or set networking.hostName yourself") - ); - - # Flakes are unusable without git present so pull it into the environment by default - settei.user.config.programs.git.enable = lib.mkDefault true; - - # FIXME: Move to common - users.users.${username}.openssh.authorizedKeys.keys = let - configName' = - args.configurationName - or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself"); - filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys; + sharedConfig = + let + adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword; in - lib.mkDefault (lib.attrValues filteredKeys); + { + _module.args = { + username = lib.mkDefault username; + }; - nix = { - settings = { - experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"]; - trusted-users = lib.optionals (!adminNeedsPassword) [username]; - auto-allocate-uids = true; - extra-substituters = [ - "https://hyprland.cachix.org" - "https://cache.garnix.io" - "https://nix-community.cachix.org" - "https://hercules-ci.cachix.org" - "https://nrabulinski.cachix.org" - "https://cache.nrab.lol" - ]; - extra-trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" - "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" - "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" - ]; + # FIXME: Move to common + services.tailscale.enable = true; + + networking.hostName = lib.mkDefault ( + args.configurationName + or (throw "pass configurationName to module arguments or set networking.hostName yourself") + ); + + # Flakes are unusable without git present so pull it into the environment by default + settei.user.config.programs.git.enable = lib.mkDefault true; + + # FIXME: Move to common + users.users.${username}.openssh.authorizedKeys.keys = + let + configName' = + args.configurationName + or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself" + ); + filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys; + in + lib.mkDefault (lib.attrValues filteredKeys); + + nix = { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "repl-flake" + "auto-allocate-uids" + ]; + trusted-users = lib.optionals (!adminNeedsPassword) [ username ]; + auto-allocate-uids = true; + extra-substituters = [ + "https://hyprland.cachix.org" + "https://cache.garnix.io" + "https://nix-community.cachix.org" + "https://hercules-ci.cachix.org" + "https://nrabulinski.cachix.org" + "https://cache.nrab.lol" + ]; + extra-trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" + "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" + "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" + ]; + }; }; }; - }; - linuxConfig = lib.optionalAttrs isLinux (let - nmEnabled = config.networking.networkmanager.enable; - in { - hardware.enableRedistributableFirmware = true; + linuxConfig = lib.optionalAttrs isLinux ( + let + nmEnabled = config.networking.networkmanager.enable; + in + { + hardware.enableRedistributableFirmware = true; - services.openssh.enable = true; - programs.mosh.enable = lib.mkDefault true; - programs.git.enable = lib.mkDefault true; + services.openssh.enable = true; + programs.mosh.enable = lib.mkDefault true; + programs.git.enable = lib.mkDefault true; - users = { - mutableUsers = false; - users.${username} = { - isNormalUser = true; - home = "/home/${username}"; - group = username; - extraGroups = ["wheel"]; + users = { + mutableUsers = false; + users.${username} = { + isNormalUser = true; + home = "/home/${username}"; + group = username; + extraGroups = [ "wheel" ]; + }; + groups.${username} = { }; }; - groups.${username} = {}; - }; - # TODO: Actually this should be extraRules which makes wheel users without any password set - # be able to use sudo with no password - security.sudo.wheelNeedsPassword = false; + # TODO: Actually this should be extraRules which makes wheel users without any password set + # be able to use sudo with no password + security.sudo.wheelNeedsPassword = false; - # When NetworkManager isn't in use, add tailscale DNS address manually - # FIXME: Move to common - networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) { - nameservers = [ - "100.100.100.100" - "1.1.1.1" - "1.0.0.1" - ]; - search = [cfg.tailnet]; - }; + # When NetworkManager isn't in use, add tailscale DNS address manually + # FIXME: Move to common + networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) { + nameservers = [ + "100.100.100.100" + "1.1.1.1" + "1.0.0.1" + ]; + search = [ cfg.tailnet ]; + }; - # NetworkManager probably means desktop system so we don't want to slow down boot times - systemd.services = lib.mkIf nmEnabled { - NetworkManager-wait-online.enable = false; - }; - }); + # NetworkManager probably means desktop system so we don't want to slow down boot times + systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; }; + } + ); darwinConfig = lib.optionalAttrs (!isLinux) { services.nix-daemon.enable = true; @@ -120,14 +128,17 @@ users.users.${username}.home = "/Users/${username}"; }; -in { +in +{ _file = ./sane-defaults.nix; inherit options; - config = lib.mkIf config.settei.sane-defaults.enable (lib.mkMerge [ - sharedConfig - linuxConfig - darwinConfig - ]); + config = lib.mkIf config.settei.sane-defaults.enable ( + lib.mkMerge [ + sharedConfig + linuxConfig + darwinConfig + ] + ); } diff --git a/modules/system/settei/user.nix b/modules/system/settei/user.nix index 30465dc..79856bc 100644 --- a/modules/system/settei/user.nix +++ b/modules/system/settei/user.nix @@ -3,59 +3,62 @@ options, lib, ... -} @ args: let +}@args: +let hasHomeManager = options ? home-manager; cfg = config.settei.user; inherit (config.settei) username; -in { +in +{ _file = ./user.nix; options.settei.user = with lib; { enable = mkEnableOption "User-specific configuration"; config = mkOption { type = types.deferredModule; - default = {}; + default = { }; }; extraArgs = mkOption { type = types.attrs; - default = {}; + default = { }; }; }; - config = let - hmConfig = lib.optionalAttrs hasHomeManager { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = - { + config = + let + hmConfig = lib.optionalAttrs hasHomeManager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit (args) inputs inputs'; - } - // cfg.extraArgs; + } // cfg.extraArgs; - home-manager.users.${username} = { - _file = ./user.nix; + home-manager.users.${username} = { + _file = ./user.nix; - imports = [cfg.config]; + imports = [ cfg.config ]; - home = { - inherit username; - homeDirectory = config.users.users.${username}.home; - stateVersion = "22.05"; + home = { + inherit username; + homeDirectory = config.users.users.${username}.home; + stateVersion = "22.05"; + }; + + programs.home-manager.enable = true; }; - - programs.home-manager.enable = true; }; - }; - in - lib.mkIf cfg.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = hasHomeManager; - message = "Home-manager module has to be imported before enabling settei.user"; - } - ]; - } - hmConfig - ]); + in + lib.mkIf cfg.enable ( + lib.mkMerge [ + { + assertions = [ + { + assertion = hasHomeManager; + message = "Home-manager module has to be imported before enabling settei.user"; + } + ]; + } + hmConfig + ] + ); } diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix index 56218dd..f5a8a4a 100644 --- a/pkgs/conduit/default.nix +++ b/pkgs/conduit/default.nix @@ -8,27 +8,29 @@ rocksdb, darwin, rustPlatform, -}: let - rust = with fenix; +}: +let + rust = + with fenix; combine [ stable.cargo stable.rustc ]; crane' = crane.overrideToolchain rust; in - crane'.buildPackage { - inherit src; - strictDeps = true; +crane'.buildPackage { + inherit src; + strictDeps = true; - nativeBuildInputs = [rustPlatform.bindgenHook]; + nativeBuildInputs = [ rustPlatform.bindgenHook ]; - buildInputs = lib.optionals stdenv.isDarwin [ - libiconv - darwin.apple_sdk.frameworks.Security - darwin.apple_sdk.frameworks.SystemConfiguration - ]; + buildInputs = lib.optionals stdenv.isDarwin [ + libiconv + darwin.apple_sdk.frameworks.Security + darwin.apple_sdk.frameworks.SystemConfiguration + ]; - # Use system RocksDB - ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; - ROCKSDB_LIB_DIR = "${rocksdb}/lib"; - } + # Use system RocksDB + ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; + ROCKSDB_LIB_DIR = "${rocksdb}/lib"; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index a75778d..5248953 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,22 +1,25 @@ -{inputs, ...}: { - perSystem = { - pkgs, - system, - inputs', - ... - }: { - packages.conduit-next = pkgs.callPackage ./conduit { - src = inputs.conduit-src; - crane = inputs.crane.lib.${system}; - fenix = inputs'.fenix.packages; - }; +{ inputs, ... }: +{ + perSystem = + { + pkgs, + system, + inputs', + ... + }: + { + packages.conduit-next = pkgs.callPackage ./conduit { + src = inputs.conduit-src; + crane = inputs.crane.lib.${system}; + fenix = inputs'.fenix.packages; + }; - packages.git-commit-last = pkgs.writeShellApplication { - name = "git-commit-last"; - text = '' - GITDIR="$(git rev-parse --git-dir)" - git commit -eF "$GITDIR/COMMIT_EDITMSG" - ''; + packages.git-commit-last = pkgs.writeShellApplication { + name = "git-commit-last"; + text = '' + GITDIR="$(git rev-parse --git-dir)" + git commit -eF "$GITDIR/COMMIT_EDITMSG" + ''; + }; }; - }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3c39069..9ebebd9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,7 @@ let keys = import ../assets/ssh.nix; -in { +in +{ "leet-nrab-lol-pass.age".publicKeys = [ keys.system.kazuki keys.other.bootstrap diff --git a/wrappers/default.nix b/wrappers/default.nix index a949595..8eba440 100644 --- a/wrappers/default.nix +++ b/wrappers/default.nix @@ -1,26 +1,25 @@ -{inputs, ...}: { - perSystem = { - pkgs, - inputs', - ... - }: let - wrapped = inputs.wrapper-manager-hm-compat.lib { - inherit pkgs; - modules = [ - # ./starship - ./helix - # TODO: Enable again - # ./rash - ./fish - ./wezterm - ]; - specialArgs = { - inherit inputs inputs'; +{ inputs, ... }: +{ + perSystem = + { pkgs, inputs', ... }: + let + wrapped = inputs.wrapper-manager-hm-compat.lib { + inherit pkgs; + modules = [ + # ./starship + ./helix + # TODO: Enable again + # ./rash + ./fish + ./wezterm + ]; + specialArgs = { + inherit inputs inputs'; + }; }; + all-packages = wrapped.config.build.packages; + in + { + packages = all-packages; }; - all-packages = wrapped.config.build.packages; - in { - packages = - all-packages; - }; } diff --git a/wrappers/fish/default.nix b/wrappers/fish/default.nix index 7451909..8b3167f 100644 --- a/wrappers/fish/default.nix +++ b/wrappers/fish/default.nix @@ -1,33 +1,40 @@ +{ lib, pkgs, ... }: { - lib, - pkgs, - ... -}: { wrappers.fish = { basePackage = pkgs.fish; wrapByDefault = false; - programs.fish = {config, ...}: { - extraWrapperFlags = "--inherit-argv0"; + programs.fish = + { config, ... }: + { + extraWrapperFlags = "--inherit-argv0"; - prependFlags = let - # Can't rely on pathAdd because fish used as login shell will ignore the variables the wrapper sets up - path-add-lines = - lib.concatMapStringsSep "\n" - (pkg: "fish_add_path --path --prepend '${lib.getExe' pkg ""}'") - config.pathAdd; - config-fish = pkgs.writeText "config.fish" '' - ${path-add-lines} + prependFlags = + let + # Can't rely on pathAdd because fish used as login shell will ignore the variables the wrapper sets up + path-add-lines = + lib.concatMapStringsSep "\n" (pkg: "fish_add_path --path --prepend '${lib.getExe' pkg ""}'") + config.pathAdd; + config-fish = pkgs.writeText "config.fish" '' + ${path-add-lines} - source ${./prompt.fish} - source ${./config.fish} - ''; - in [ - "-C" - "source ${config-fish}" - ]; + source ${./prompt.fish} + source ${./config.fish} + ''; + in + [ + "-C" + "source ${config-fish}" + ]; - pathAdd = with pkgs; [eza bat fzf ripgrep zoxide direnv]; - }; + pathAdd = with pkgs; [ + eza + bat + fzf + ripgrep + zoxide + direnv + ]; + }; }; } diff --git a/wrappers/helix/default.nix b/wrappers/helix/default.nix index c54d4ce..8aa3ce0 100644 --- a/wrappers/helix/default.nix +++ b/wrappers/helix/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.helix = { enable = true; settings = { @@ -25,8 +26,8 @@ { name = "koka"; scope = "scope.koka"; - file-types = ["kk"]; - roots = []; + file-types = [ "kk" ]; + roots = [ ]; indent = { tab-width = 4; unit = " "; @@ -43,5 +44,5 @@ }; }; - wrappers.helix.pathAdd = [pkgs.nil]; + wrappers.helix.pathAdd = [ pkgs.nil ]; } diff --git a/wrappers/rash/default.nix b/wrappers/rash/default.nix index 3390ac5..c142a0e 100644 --- a/wrappers/rash/default.nix +++ b/wrappers/rash/default.nix @@ -3,57 +3,58 @@ inputs', config, ... -}: { - wrappers.rash = let - readlinePatched = pkgs.fetchFromGitHub { - owner = "nrabulinski"; - repo = "readline"; - rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1"; - hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY="; - }; - racket-with-libs = inputs'.racket.packages.racket.newLayer { - withRacketPackages = ps: - with ps; [ - readline-gpl - (readline-lib.override { - src = "${readlinePatched}/readline-lib"; - }) - rash - threading - functional - racket-langserver - - # TODO: Remove once dependency resolution is fixed - slideshow-lib - r5rs-lib - data-enumerate-lib - plot-lib - plot-gui-lib - plot-compat - srfi-lib - typed-racket-compatibility - future-visualizer-pict - macro-debugger-text-lib - profile-lib - images-gui-lib - ]; - buildInputs = with pkgs; [readline]; - }; - in { - basePackage = pkgs.writeShellScriptBin "rash-repl" '' - exec "${racket-with-libs}/bin/rash-repl" "$@" - ''; - # TODO: Shell shouldn't overwrite this variable. Probably - env.XDG_CONFIG_HOME = { - value = pkgs.linkFarm "rash-config" { - "rash/rashrc" = ./rashrc; - "rash/rashrc.rkt" = ./rashrc.rkt; +}: +{ + wrappers.rash = + let + readlinePatched = pkgs.fetchFromGitHub { + owner = "nrabulinski"; + repo = "readline"; + rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1"; + hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY="; }; - force = true; + racket-with-libs = inputs'.racket.packages.racket.newLayer { + withRacketPackages = + ps: with ps; [ + readline-gpl + (readline-lib.override { src = "${readlinePatched}/readline-lib"; }) + rash + threading + functional + racket-langserver + + # TODO: Remove once dependency resolution is fixed + slideshow-lib + r5rs-lib + data-enumerate-lib + plot-lib + plot-gui-lib + plot-compat + srfi-lib + typed-racket-compatibility + future-visualizer-pict + macro-debugger-text-lib + profile-lib + images-gui-lib + ]; + buildInputs = with pkgs; [ readline ]; + }; + in + { + basePackage = pkgs.writeShellScriptBin "rash-repl" '' + exec "${racket-with-libs}/bin/rash-repl" "$@" + ''; + # TODO: Shell shouldn't overwrite this variable. Probably + env.XDG_CONFIG_HOME = { + value = pkgs.linkFarm "rash-config" { + "rash/rashrc" = ./rashrc; + "rash/rashrc.rkt" = ./rashrc.rkt; + }; + force = true; + }; + pathAdd = [ + racket-with-libs + config.wrappers.starship.wrapped + ]; }; - pathAdd = [ - racket-with-libs - config.wrappers.starship.wrapped - ]; - }; } diff --git a/wrappers/wezterm/default.nix b/wrappers/wezterm/default.nix index 2783696..1a333f4 100644 --- a/wrappers/wezterm/default.nix +++ b/wrappers/wezterm/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ wrappers.wezterm = { basePackage = pkgs.wezterm; env.WEZTERM_CONFIG_FILE.value = ./config.lua;