nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

treewide: alejandra -> nixfmt-rfc-style

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-25 19:09:09 +01:00
parent d64c02e3da
commit 6558fdb739
51 changed files with 1108 additions and 928 deletions
Download patch file Download diff file Expand all files Collapse all files

3
assets/default.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: { { lib, ... }:
{
options.assets = lib.mkOption { options.assets = lib.mkOption {
type = lib.types.unspecified; type = lib.types.unspecified;
readOnly = true; readOnly = true;

155
effects.nix
View file

@ -4,31 +4,37 @@
withSystem, withSystem,
self, self,
... ...
}: let }:
collectFlakeOutputs = { let
config, collectFlakeOutputs =
pkgs, { config, pkgs }:
}: let let
inherit (pkgs) lib; inherit (pkgs) lib;
collectDrvs = prefix: attrs: let collectDrvs =
drvs = lib.pipe attrs [ prefix: attrs:
(lib.filterAttrs (_: lib.isDerivation)) let
(lib.mapAttrsToList (name: drv: { drvs = lib.pipe attrs [
name = lib.concatStringsSep "." (prefix ++ [name]); (lib.filterAttrs (_: lib.isDerivation))
inherit drv; (lib.mapAttrsToList (
})) name: drv: {
]; name = lib.concatStringsSep "." (prefix ++ [ name ]);
recursed = lib.pipe attrs [ inherit drv;
(lib.filterAttrs (_: val: }
(!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true))) ))
(lib.mapAttrsToList (name: collectDrvs (prefix ++ [name]))) ];
]; recursed = lib.pipe attrs [
(lib.filterAttrs (
_: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)
))
(lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ])))
];
in
drvs ++ (lib.flatten recursed);
rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ];
in in
drvs ++ (lib.flatten recursed); collectDrvs [ ] rootOutputs;
rootOutputs = builtins.removeAttrs config.onPush.default.outputs ["effects"]; in
in {
collectDrvs [] rootOutputs;
in {
defaultEffectSystem = "aarch64-linux"; defaultEffectSystem = "aarch64-linux";
hercules-ci = { hercules-ci = {
@ -41,60 +47,59 @@ in {
herculesCI = herculesCI: { herculesCI = herculesCI: {
onPush.default = { onPush.default = {
outputs.effects = { outputs.effects = {
pin-cache = withSystem config.defaultEffectSystem ({ pin-cache = withSystem config.defaultEffectSystem (
pkgs, { pkgs, hci-effects, ... }:
hci-effects, let
... collected = collectFlakeOutputs {
}: let inherit (herculesCI) config;
collected = collectFlakeOutputs { inherit pkgs;
inherit (herculesCI) config; };
inherit pkgs; cachixCommands =
}; lib.concatMapStringsSep "\n"
cachixCommands = ({ name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}")
lib.concatMapStringsSep collected;
"\n" in
({ hci-effects.runIf (herculesCI.config.repo.branch == "main") (
name, hci-effects.mkEffect {
drv, secretsMap."cachix-token" = "cachix-token";
}: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}") inputs = [ pkgs.cachix ];
collected; userSetupScript = ''
in cachix authtoken $(readSecretString cachix-token .token)
hci-effects.runIf (herculesCI.config.repo.branch == "main") (hci-effects.mkEffect { '';
secretsMap."cachix-token" = "cachix-token"; # Discarding the context is fine here because we don't actually want to build those derivations.
inputs = [pkgs.cachix]; # They have already been built as part of this job,
userSetupScript = '' # we only want to pin them to make sure cachix doesn't GC them.
cachix authtoken $(readSecretString cachix-token .token) effectScript = builtins.unsafeDiscardStringContext cachixCommands;
''; }
# Discarding the context is fine here because we don't actually want to build those derivations. )
# They have already been built as part of this job, );
# we only want to pin them to make sure cachix doesn't GC them.
effectScript = builtins.unsafeDiscardStringContext cachixCommands;
}));
}; };
}; };
}; };
perSystem = { perSystem =
pkgs, { pkgs, lib, ... }:
lib, rec {
... legacyPackages.outputsList =
}: rec { let
legacyPackages.outputsList = let config = self.herculesCI {
config = self.herculesCI { primaryRepo = { };
primaryRepo = {}; herculesCI = { };
herculesCI = {}; };
}; in
in collectFlakeOutputs { inherit config pkgs; };
collectFlakeOutputs {inherit config pkgs;};
legacyPackages.github-matrix = let legacyPackages.github-matrix =
systems = lib.groupBy ({drv, ...}: drv.system) legacyPackages.outputsList; let
in systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList;
lib.concatMapStringsSep "\n" ({ in
name, lib.concatMapStringsSep "\n"
value, (
}: '' { name, value }:
${name}=${builtins.toJSON (map (d: d.name) value)} ''
'') (lib.attrsToList systems); ${name}=${builtins.toJSON (map (d: d.name) value)}
}; ''
)
(lib.attrsToList systems);
};
} }

100
flake.nix
View file

@ -1,6 +1,7 @@
{ {
outputs = inputs @ {flake-parts, ...}: outputs =
flake-parts.lib.mkFlake {inherit inputs;} { inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
@ -18,35 +19,37 @@
./pkgs ./pkgs
]; ];
perSystem = { perSystem =
inputs', {
self', inputs',
pkgs, self',
lib, pkgs,
... lib,
}: { ...
devShells.default = pkgs.mkShellNoCC { }:
packages = [ {
inputs'.agenix.packages.agenix devShells.default = pkgs.mkShellNoCC {
inputs'.attic.packages.attic packages = [
# TODO: Contribute darwin support to nh inputs'.agenix.packages.agenix
pkgs.nh inputs'.attic.packages.attic
]; # TODO: Contribute darwin support to nh
}; pkgs.nh
];
};
packages.base-packages = pkgs.symlinkJoin { packages.base-packages = pkgs.symlinkJoin {
name = "settei-base"; name = "settei-base";
paths = with self'.packages; [ paths = with self'.packages; [
helix helix
fish fish
git-commit-last git-commit-last
]; ];
}; };
# Re-export it for convenience and for caching # Re-export it for convenience and for caching
packages.attic = inputs'.attic.packages.attic; packages.attic = inputs'.attic.packages.attic;
formatter = pkgs.alejandra; formatter = pkgs.nixfmt-rfc-style;
}; };
}; };
inputs = { inputs = {
@ -126,25 +129,24 @@
}; };
}; };
/* /* TODO: Uncomment once (if ever?) nixConfig makes sense in flakes
TODO: Uncomment once (if ever?) nixConfig makes sense in flakes nixConfig = {
nixConfig = { extra-substituters = [
extra-substituters = [ "https://hyprland.cachix.org"
"https://hyprland.cachix.org" "https://cache.garnix.io"
"https://cache.garnix.io" "https://nix-community.cachix.org"
"https://nix-community.cachix.org" "https://hercules-ci.cachix.org"
"https://hercules-ci.cachix.org" "https://nrabulinski.cachix.org"
"https://nrabulinski.cachix.org" "https://cache.nrab.lol"
"https://cache.nrab.lol" ];
]; extra-trusted-public-keys = [
extra-trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" ];
]; };
};
*/ */
} }

81
hosts/default.nix
View file

@ -3,7 +3,8 @@
self, self,
inputs, inputs,
... ...
}: { }:
{
imports = [ imports = [
./kazuki ./kazuki
./hijiri-vm ./hijiri-vm
@ -15,42 +16,48 @@
./kogata ./kogata
]; ];
builders = let builders =
sharedOptions = { let
_file = ./default.nix; sharedOptions = {
_file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user; settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // {settei = self;}; settei.flake-qol.inputs = inputs // {
settei = self;
};
};
in
{
nixos =
name: module:
inputs.nixpkgs.lib.nixosSystem {
modules = [
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
self.nixosModules.settei
self.nixosModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
darwin =
name: module:
inputs.darwin.lib.darwinSystem {
modules = [
inputs.agenix.darwinModules.age
inputs.home-manager.darwinModules.home-manager
self.darwinModules.settei
self.darwinModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
}; };
in {
nixos = name: module:
inputs.nixpkgs.lib.nixosSystem {
modules = [
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
self.nixosModules.settei
self.nixosModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
darwin = name: module:
inputs.darwin.lib.darwinSystem {
modules = [
inputs.agenix.darwinModules.age
inputs.home-manager.darwinModules.home-manager
self.darwinModules.settei
self.darwinModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
};
} }

40
hosts/hijiri-vm/default.nix
View file

@ -1,24 +1,26 @@
{ {
configurations.nixos.hijiri-vm = { configurations.nixos.hijiri-vm =
modulesPath, {
lib, modulesPath,
username, lib,
... username,
}: { ...
imports = [ }:
"${modulesPath}/profiles/qemu-guest.nix" {
./disks.nix imports = [
]; "${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1; loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
};
networking.domain = "hijiri";
networking.hostName = "vm";
}; };
networking.domain = "hijiri";
networking.hostName = "vm";
};
} }

35
hosts/hijiri-vm/disks.nix
View file

@ -1,6 +1,8 @@
args: let args:
let
bootDevice = args.bootDevice or "/dev/vda"; bootDevice = args.bootDevice or "/dev/vda";
in { in
{
disko.devices.disk.bootDisk = { disko.devices.disk.bootDisk = {
type = "disk"; type = "disk";
device = bootDevice; device = bootDevice;
@ -26,19 +28,24 @@ in {
end = "100%"; end = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = [ "-f" ];
subvolumes = let subvolumes =
mountOptions = ["compress=zstd" "noatime"]; let
in { mountOptions = [
"/root" = { "compress=zstd"
inherit mountOptions; "noatime"
mountpoint = "/"; ];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
}; };
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
}; };
} }
]; ];

94
hosts/hijiri/default.nix
View file

@ -1,54 +1,56 @@
{ {
configurations.darwin.hijiri = {pkgs, ...}: { configurations.darwin.hijiri =
imports = [ { pkgs, ... }:
./skhd.nix {
./yabai.nix imports = [
]; ./skhd.nix
./yabai.nix
nixpkgs.system = "aarch64-darwin";
settei.user.config = {
common.desktop.enable = true;
home.packages = with pkgs; [
utm
qemu
anki-bin
]; ];
programs.alacritty.settings.font.size = 14;
};
system.defaults = { nixpkgs.system = "aarch64-darwin";
".GlobalPreferences" = {
"com.apple.mouse.scaling" = -1.0; settei.user.config = {
common.desktop.enable = true;
home.packages = with pkgs; [
utm
qemu
anki-bin
];
programs.alacritty.settings.font.size = 14;
}; };
dock = {
autohide = true; system.defaults = {
largesize = 64; ".GlobalPreferences" = {
minimize-to-application = true; "com.apple.mouse.scaling" = -1.0;
orientation = "right"; };
show-process-indicators = false; dock = {
show-recents = false; autohide = true;
largesize = 64;
minimize-to-application = true;
orientation = "right";
show-process-indicators = false;
show-recents = false;
};
CustomUserPreferences.".GlobalPreferences" = {
"com.apple.scrollwheel.scaling" = "-1";
};
}; };
CustomUserPreferences.".GlobalPreferences" = { system.keyboard = {
"com.apple.scrollwheel.scaling" = "-1"; enableKeyMapping = true;
remapCapsLockToEscape = true;
nonUS.remapTilde = true;
swapLeftCommandAndLeftAlt = true;
# swap right command and right alt too
userKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771302;
HIDKeyboardModifierMappingDst = 30064771303;
}
{
HIDKeyboardModifierMappingSrc = 30064771303;
HIDKeyboardModifierMappingDst = 30064771302;
}
];
}; };
}; };
system.keyboard = {
enableKeyMapping = true;
remapCapsLockToEscape = true;
nonUS.remapTilde = true;
swapLeftCommandAndLeftAlt = true;
# swap right command and right alt too
userKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771302;
HIDKeyboardModifierMappingDst = 30064771303;
}
{
HIDKeyboardModifierMappingSrc = 30064771303;
HIDKeyboardModifierMappingDst = 30064771302;
}
];
};
};
} }

51
hosts/hijiri/skhd.nix
View file

@ -1,29 +1,38 @@
{lib, ...}: { { lib, ... }:
{
services.skhd = { services.skhd = {
enable = true; enable = true;
skhdConfig = let skhdConfig =
spaceCount = 6; let
spaceBindings = spaceCount = 6;
lib.genList spaceBindings =
(i: let num = toString (i + 1); in "cmd - ${num} : yabai -m space --focus ${num}") lib.genList
spaceCount; (
in '' i:
cmd - return : wezterm let
cmd + shift - return : qutebrowser num = toString (i + 1);
in
"cmd - ${num} : yabai -m space --focus ${num}"
)
spaceCount;
in
''
cmd - return : wezterm
cmd + shift - return : qutebrowser
cmd - h : yabai -m window --focus west cmd - h : yabai -m window --focus west
cmd - j : yabai -m window --focus south cmd - j : yabai -m window --focus south
cmd - k : yabai -m window --focus north cmd - k : yabai -m window --focus north
cmd - l : yabai -m window --focus east cmd - l : yabai -m window --focus east
cmd + shift - h : yabai -m window --swap west cmd + shift - h : yabai -m window --swap west
cmd + shift - j : yabai -m window --swap south cmd + shift - j : yabai -m window --swap south
cmd + shift - k : yabai -m window --swap north cmd + shift - k : yabai -m window --swap north
cmd + shift - l : yabai -m window --swap east cmd + shift - l : yabai -m window --swap east
cmd + shift - space : yabai -m window --toggle float cmd + shift - space : yabai -m window --toggle float
${lib.concatStringsSep "\n" spaceBindings} ${lib.concatStringsSep "\n" spaceBindings}
''; '';
}; };
} }

5
hosts/hijiri/yabai.nix
View file

@ -1,8 +1,5 @@
{ lib, pkgs, ... }:
{ {
lib,
pkgs,
...
}: {
services.yabai = { services.yabai = {
enable = true; enable = true;
enableScriptingAddition = true; enableScriptingAddition = true;

34
hosts/installer/default.nix
View file

@ -1,15 +1,27 @@
{lib, ...}: { { lib, ... }:
configurations.nixos = let {
mkInstaller = system: ({pkgs, ...}: { configurations.nixos =
nixpkgs = {inherit system;}; let
mkInstaller =
system:
(
{ pkgs, ... }:
{
nixpkgs = {
inherit system;
};
environment.systemPackages = [pkgs.nixos-install-tools]; environment.systemPackages = [ pkgs.nixos-install-tools ];
# Make nixos-anywhere treat this as a installer iso # Make nixos-anywhere treat this as a installer iso
system.nixos.variant_id = "installer"; system.nixos.variant_id = "installer";
}); }
systems = ["aarch64-linux" "x86_64-linux"]; );
installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems; systems = [
in "aarch64-linux"
"x86_64-linux"
];
installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems;
in
lib.listToAttrs installers; lib.listToAttrs installers;
} }

21
hosts/kazuki/attic.nix
View file

@ -1,10 +1,8 @@
{ { config, lib, ... }:
config, let
lib,
...
}: let
atticPort = 9476; atticPort = 9476;
in { in
{
age.secrets.attic-creds = { age.secrets.attic-creds = {
file = ../../secrets/attic-creds.age; file = ../../secrets/attic-creds.age;
owner = config.services.atticd.user; owner = config.services.atticd.user;
@ -48,7 +46,7 @@ in {
}; };
systemd.services.atticd = { systemd.services.atticd = {
after = ["storage\\x2dbox.mount"]; after = [ "storage\\x2dbox.mount" ];
serviceConfig.DynamicUser = lib.mkForce false; serviceConfig.DynamicUser = lib.mkForce false;
}; };
@ -57,8 +55,11 @@ in {
defaults.email = "nikodem@rabulinski.com"; defaults.email = "nikodem@rabulinski.com";
}; };
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -94,7 +95,7 @@ in {
}; };
upstreams."attic".servers = { upstreams."attic".servers = {
"localhost:${toString atticPort}" = {}; "localhost:${toString atticPort}" = { };
}; };
appendHttpConfig = '' appendHttpConfig = ''

23
hosts/kazuki/conduit.nix
View file

@ -3,10 +3,12 @@
pkgs, pkgs,
inputs', inputs',
... ...
}: let }:
formatJson = pkgs.formats.json {}; let
formatJson = pkgs.formats.json { };
serverDomain = "matrix.nrab.lol"; serverDomain = "matrix.nrab.lol";
in { in
{
services.matrix-conduit = { services.matrix-conduit = {
enable = true; enable = true;
package = inputs'.settei.packages.conduit-next; package = inputs'.settei.packages.conduit-next;
@ -23,8 +25,13 @@ in {
defaults.email = "nikodem@rabulinski.com"; defaults.email = "nikodem@rabulinski.com";
}; };
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443 8448 2222]; networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -35,9 +42,7 @@ in {
enableACME = true; enableACME = true;
locations."=/.well-known/matrix/server" = { locations."=/.well-known/matrix/server" = {
alias = formatJson.generate "well-known-matrix-server" { alias = formatJson.generate "well-known-matrix-server" { "m.server" = serverDomain; };
"m.server" = serverDomain;
};
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Origin "*";
@ -95,7 +100,7 @@ in {
}; };
upstreams."backend_conduit".servers = { upstreams."backend_conduit".servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = {}; "localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
}; };
}; };
} }

80
hosts/kazuki/default.nix
View file

@ -1,47 +1,49 @@
{ {
configurations.nixos.kazuki = { configurations.nixos.kazuki =
config, {
modulesPath, config,
lib, modulesPath,
... lib,
}: { ...
imports = [ }:
"${modulesPath}/profiles/qemu-guest.nix" {
./disks.nix imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
./conduit.nix ./conduit.nix
./mail.nix ./mail.nix
./vault.nix ./vault.nix
./storage.nix ./storage.nix
./attic.nix ./attic.nix
./ntfy.nix ./ntfy.nix
]; ];
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
# Not intended for interactive use # Not intended for interactive use
settei.user.enable = false; settei.user.enable = false;
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1; loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
}; };
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."10-wan" = { systemd.network.networks."10-wan" = {
matchConfig.Name = "enp1s0"; matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4"; networkConfig.DHCP = "ipv4";
address = ["2a01:4f8:c012:e5c::/64"]; address = [ "2a01:4f8:c012:e5c::/64" ];
routes = [{routeConfig.Gateway = "fe80::1";}]; routes = [ { routeConfig.Gateway = "fe80::1"; } ];
}; };
networking.useNetworkd = true; networking.useNetworkd = true;
common.hercules.enable = true; common.hercules.enable = true;
common.github-runner = { common.github-runner = {
enable = true; enable = true;
runners.settei = { runners.settei = {
url = "https://github.com/nrabulinski/settei"; url = "https://github.com/nrabulinski/settei";
instances = 2; instances = 2;
};
}; };
}; };
};
} }

35
hosts/kazuki/disks.nix
View file

@ -1,6 +1,8 @@
args: let args:
let
bootDevice = args.bootDevice or "/dev/sda"; bootDevice = args.bootDevice or "/dev/sda";
in { in
{
disko.devices.disk.bootDisk = { disko.devices.disk.bootDisk = {
type = "disk"; type = "disk";
device = bootDevice; device = bootDevice;
@ -26,19 +28,24 @@ in {
end = "-4G"; end = "-4G";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = [ "-f" ];
subvolumes = let subvolumes =
mountOptions = ["compress=zstd" "noatime"]; let
in { mountOptions = [
"/root" = { "compress=zstd"
inherit mountOptions; "noatime"
mountpoint = "/"; ];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
}; };
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
}; };
} }
{ {

16
hosts/kazuki/mail.nix
View file

@ -1,12 +1,18 @@
{config, ...}: { { config, ... }:
{
# nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 # nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
age.secrets = { age.secrets = {
leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age; leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age;
alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age; alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age;
}; };
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443 8448 2222]; networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
mailserver = { mailserver = {
enable = true; enable = true;
@ -21,7 +27,7 @@
loginAccounts = { loginAccounts = {
"1337@nrab.lol" = { "1337@nrab.lol" = {
hashedPasswordFile = config.age.secrets.leet-nrab-lol.path; hashedPasswordFile = config.age.secrets.leet-nrab-lol.path;
aliases = ["n@rab.lol"]; aliases = [ "n@rab.lol" ];
}; };
"alert@nrab.lol" = { "alert@nrab.lol" = {
hashedPasswordFile = config.age.secrets.alert-nrab-lol.path; hashedPasswordFile = config.age.secrets.alert-nrab-lol.path;
@ -34,5 +40,5 @@
}; };
# TODO: Remove once SNM gets their shit together # TODO: Remove once SNM gets their shit together
services.dovecot2.sieve.extensions = ["fileinto"]; services.dovecot2.sieve.extensions = [ "fileinto" ];
} }

12
hosts/kazuki/ntfy.nix
View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
age.secrets.nrab-lol-cf = { age.secrets.nrab-lol-cf = {
file = ../../secrets/nrab-lol-cf.age; file = ../../secrets/nrab-lol-cf.age;
owner = config.services.nginx.user; owner = config.services.nginx.user;
@ -15,8 +16,11 @@
}; };
}; };
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -35,7 +39,7 @@
}; };
upstreams.ntfy.servers = { upstreams.ntfy.servers = {
"localhost:9800" = {}; "localhost:9800" = { };
}; };
}; };

3
hosts/kazuki/storage.nix
View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
age.secrets.storage-box-webdav = { age.secrets.storage-box-webdav = {
file = ../../secrets/storage-box-webdav.age; file = ../../secrets/storage-box-webdav.age;
}; };

14
hosts/kazuki/vault.nix
View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
age.secrets.vault-cert-env = { age.secrets.vault-cert-env = {
file = ../../secrets/vault-cert-env.age; file = ../../secrets/vault-cert-env.age;
owner = config.services.nginx.user; owner = config.services.nginx.user;
@ -11,8 +12,13 @@
}; };
}; };
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443 8448 2222]; networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -31,7 +37,7 @@
}; };
upstreams.vaultwarden.servers = { upstreams.vaultwarden.servers = {
"localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = {}; "localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = { };
}; };
}; };

29
hosts/kogata/default.nix
View file

@ -1,22 +1,19 @@
{ {
configurations.darwin.kogata = { configurations.darwin.kogata =
pkgs, { pkgs, lib, ... }:
lib, {
... nixpkgs.system = "aarch64-darwin";
}: {
nixpkgs.system = "aarch64-darwin";
settei.user.config.common.desktop.enable = true; settei.user.config.common.desktop.enable = true;
# TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed # TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "teams" ];
builtins.elem (lib.getName pkg) ["teams"]; environment.systemPackages = with pkgs; [ teams ];
environment.systemPackages = with pkgs; [teams];
common.hercules.enable = true; common.hercules.enable = true;
common.github-runner = { common.github-runner = {
enable = true; enable = true;
runners.settei.url = "https://github.com/nrabulinski/settei"; runners.settei.url = "https://github.com/nrabulinski/settei";
};
}; };
};
} }

78
hosts/legion/default.nix
View file

@ -1,49 +1,51 @@
{ {
configurations.nixos.legion = { configurations.nixos.legion =
config, {
lib, config,
username, lib,
... username,
}: { ...
imports = [ }:
./hardware.nix {
# ./disks.nix imports = [
./msmtp.nix ./hardware.nix
./desktop.nix # ./disks.nix
]; ./msmtp.nix
./desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
specialisation = { specialisation = {
nas.configuration = ./nas; nas.configuration = ./nas;
}; };
boot = { boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
}; };
networking = { networking = {
hostName = "legion"; hostName = "legion";
hostId = builtins.substring 0 8 (builtins.readFile ./machine-id); hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
networkmanager.enable = true; networkmanager.enable = true;
firewall.trustedInterfaces = ["tailscale0"]; firewall.trustedInterfaces = [ "tailscale0" ];
}; };
systemd.services.NetworkManager-wait-online.enable = false; systemd.services.NetworkManager-wait-online.enable = false;
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";
age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age; age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path; users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
common.hercules.enable = true; common.hercules.enable = true;
common.github-runner = { common.github-runner = {
enable = true; enable = true;
runners.settei = { runners.settei = {
url = "https://github.com/nrabulinski/settei"; url = "https://github.com/nrabulinski/settei";
instances = 4; instances = 4;
};
}; };
}; };
};
} }

27
hosts/legion/desktop.nix
View file

@ -5,13 +5,17 @@
lib, lib,
username, username,
... ...
}: { }:
{
# Needed for nvidia and steam # Needed for nvidia and steam
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
settei.user.config = { settei.user.config = {
common.desktop.enable = true; common.desktop.enable = true;
home.packages = with pkgs; [brightnessctl dmenu]; home.packages = with pkgs; [
brightnessctl
dmenu
];
xsession.windowManager.i3 = { xsession.windowManager.i3 = {
enable = true; enable = true;
@ -32,15 +36,19 @@
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
gamescopeSession = {}; gamescopeSession = { };
}; };
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
services.logind = services.logind =
lib.genAttrs lib.genAttrs
["lidSwitch" "lidSwitchDocked" "lidSwitchExternalPower"] [
(_: "ignore"); "lidSwitch"
"lidSwitchDocked"
"lidSwitchExternalPower"
]
(_: "ignore");
services.pipewire = { services.pipewire = {
enable = true; enable = true;
@ -51,13 +59,16 @@
programs.dconf.enable = true; programs.dconf.enable = true;
services.dbus.enable = true; services.dbus.enable = true;
users.users.${username}.extraGroups = ["video" "input"]; users.users.${username}.extraGroups = [
"video"
"input"
];
# NVIDIA stuff # NVIDIA stuff
services.xserver = { services.xserver = {
enable = true; enable = true;
excludePackages = [pkgs.xterm]; excludePackages = [ pkgs.xterm ];
videoDrivers = ["nvidia"]; videoDrivers = [ "nvidia" ];
xkb.layout = "pl"; xkb.layout = "pl";
displayManager.startx.enable = true; displayManager.startx.enable = true;
config = lib.mkForce '' config = lib.mkForce ''

7
hosts/legion/disks.nix
View file

@ -1,8 +1,7 @@
args: args:
/* /* let
let bootDevice = args.bootDevice or "/dev/nvme0n1";
bootDevice = args.bootDevice or "/dev/nvme0n1"; in
in
*/ */
{ {
assertions = [ assertions = [

58
hosts/legion/hardware.nix
View file

@ -1,8 +1,20 @@
{config, ...}: { { config, ... }:
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"]; {
boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call]; boot.initrd.availableKernelModules = [
boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"]; "xhci_pci"
boot.blacklistedKernelModules = ["nouveau"]; "ahci"
"nvme"
"usbhid"
"usb_storage"
"uas"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
boot.kernelModules = [
"kvm-intel"
"i2c-dev"
"acpi_call"
];
boot.blacklistedKernelModules = [ "nouveau" ];
# Needed for enableAllFirmware # Needed for enableAllFirmware
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -15,37 +27,57 @@
# TODO: Move to disko only # TODO: Move to disko only
# TODO: Actually set up impermanence # TODO: Actually set up impermanence
boot.supportedFilesystems = ["btrfs"]; boot.supportedFilesystems = [ "btrfs" ];
boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS"; boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS";
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/LINUX"; device = "/dev/disk/by-label/LINUX";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"]; options = [
"subvol=root"
"compress=zstd"
"noatime"
];
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-label/LINUX"; device = "/dev/disk/by-label/LINUX";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"]; options = [
"subvol=home"
"compress=zstd"
"noatime"
];
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-label/LINUX"; device = "/dev/disk/by-label/LINUX";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"]; options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
}; };
fileSystems."/persist" = { fileSystems."/persist" = {
device = "/dev/disk/by-label/LINUX"; device = "/dev/disk/by-label/LINUX";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"]; options = [
"subvol=persist"
"compress=zstd"
"noatime"
];
}; };
fileSystems."/var/log" = { fileSystems."/var/log" = {
device = "/dev/disk/by-label/LINUX"; device = "/dev/disk/by-label/LINUX";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"]; options = [
"subvol=log"
"compress=zstd"
"noatime"
];
neededForBoot = true; neededForBoot = true;
}; };
@ -54,7 +86,5 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
{device = "/dev/disk/by-label/SWAP";}
];
} }

6
hosts/legion/msmtp.nix
View file

@ -4,13 +4,15 @@
config, config,
username, username,
... ...
}: let }:
let
mail = "alert@nrab.lol"; mail = "alert@nrab.lol";
aliases = pkgs.writeText "mail-aliases" '' aliases = pkgs.writeText "mail-aliases" ''
${username}: nikodem@rabulinski.com ${username}: nikodem@rabulinski.com
root: ${mail} root: ${mail}
''; '';
in { in
{
age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age; age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
programs.msmtp = { programs.msmtp = {

20
hosts/legion/nas/default.nix
View file

@ -3,19 +3,21 @@
lib, lib,
username, username,
... ...
}: { }:
imports = [ {
./media.nix imports = [ ./media.nix ];
boot.supportedFilesystems = [
"ext4"
"zfs"
]; ];
boot.supportedFilesystems = ["ext4" "zfs"]; boot.zfs.extraPools = [ "yottapool" ];
boot.zfs.extraPools = ["yottapool"];
services.zfs = { services.zfs = {
autoScrub.enable = true; autoScrub.enable = true;
zed.settings = { zed.settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log"; ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [username]; ZED_EMAIL_ADDR = [ username ];
ZED_EMAIL_PROG = lib.getExe pkgs.msmtp; ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
ZED_EMAIL_OPTS = "@ADDRESS@"; ZED_EMAIL_OPTS = "@ADDRESS@";
@ -38,8 +40,8 @@
options = "bind,nofail"; options = "bind,nofail";
what = "/media/data"; what = "/media/data";
where = "/export/yotta-data"; where = "/export/yotta-data";
requires = ["zfs-mount.service"]; requires = [ "zfs-mount.service" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
} }
]; ];

14
hosts/legion/nas/media.nix
View file

@ -1,4 +1,5 @@
{username, ...}: { { username, ... }:
{
services.jellyfin.enable = true; services.jellyfin.enable = true;
services.radarr.enable = true; services.radarr.enable = true;
services.sonarr.enable = true; services.sonarr.enable = true;
@ -10,9 +11,12 @@
}; };
users.users = { users.users = {
jellyfin.extraGroups = ["radarr" "sonarr"]; jellyfin.extraGroups = [
radarr.extraGroups = ["deluge"]; "radarr"
sonarr.extraGroups = ["deluge"]; "sonarr"
${username}.extraGroups = ["deluge"]; ];
radarr.extraGroups = [ "deluge" ];
sonarr.extraGroups = [ "deluge" ];
${username}.extraGroups = [ "deluge" ];
}; };
} }

66
hosts/ude/default.nix
View file

@ -1,39 +1,41 @@
{ {
configurations.nixos.ude = { configurations.nixos.ude =
config, {
modulesPath, config,
lib, modulesPath,
... lib,
}: { ...
imports = [ }:
"${modulesPath}/profiles/qemu-guest.nix" {
./disks.nix imports = [
]; "${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1; loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
};
common.hercules.enable = true;
services.hercules-ci-agent.settings.concurrentTasks = 6;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 6;
}; };
};
services.nginx = { common.hercules.enable = true;
enable = true; services.hercules-ci-agent.settings.concurrentTasks = 6;
appendHttpConfig = '' common.github-runner = {
include /impure/nginx/*.conf; enable = true;
''; runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 6;
};
};
services.nginx = {
enable = true;
appendHttpConfig = ''
include /impure/nginx/*.conf;
'';
};
networking.firewall.allowedTCPPorts = [ 80 ];
}; };
networking.firewall.allowedTCPPorts = [80];
};
} }

35
hosts/ude/disks.nix
View file

@ -1,6 +1,8 @@
args: let args:
let
bootDevice = args.bootDevice or "/dev/sda"; bootDevice = args.bootDevice or "/dev/sda";
in { in
{
disko.devices = { disko.devices = {
disk = { disk = {
vdb = { vdb = {
@ -24,19 +26,24 @@ in {
size = "100%"; size = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = [ "-f" ];
subvolumes = let subvolumes =
mountOptions = ["compress=zstd" "noatime"]; let
in { mountOptions = [
"/root" = { "compress=zstd"
mountpoint = "/"; "noatime"
inherit mountOptions; ];
in
{
"/root" = {
mountpoint = "/";
inherit mountOptions;
};
"/nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
}; };
"/nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
}; };
}; };
}; };

27
modules/flake/configurations.nix
View file

@ -2,13 +2,15 @@
nixpkgs, nixpkgs,
darwin, darwin,
home-manager, home-manager,
}: { }:
{
config, config,
lib, lib,
flake-parts-lib, flake-parts-lib,
... ...
}: }:
with lib; { with lib;
{
_file = ./configurations.nix; _file = ./configurations.nix;
options = { options = {
@ -32,31 +34,22 @@ with lib; {
configurations = { configurations = {
nixos = mkOption { nixos = mkOption {
type = types.lazyAttrsOf types.deferredModule; type = types.lazyAttrsOf types.deferredModule;
default = {}; default = { };
}; };
darwin = mkOption { darwin = mkOption {
type = types.lazyAttrsOf types.deferredModule; type = types.lazyAttrsOf types.deferredModule;
default = {}; default = { };
}; };
home = mkOption { home = mkOption {
type = types.lazyAttrsOf types.deferredModule; type = types.lazyAttrsOf types.deferredModule;
default = {}; default = { };
}; };
}; };
}; };
config.flake = { config.flake = {
nixosConfigurations = nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos;
mapAttrs darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin;
config.builders.nixos homeConfigurations = mapAttrs config.builders.home config.configurations.home;
config.configurations.nixos;
darwinConfigurations =
mapAttrs
config.builders.darwin
config.configurations.darwin;
homeConfigurations =
mapAttrs
config.builders.home
config.configurations.home;
}; };
} }

12
modules/flake/default.nix
View file

@ -3,13 +3,17 @@
lib, lib,
inputs, inputs,
... ...
}: let }:
let
inherit (flake-parts-lib) importApply; inherit (flake-parts-lib) importApply;
flakeModules = { flakeModules = {
configurations = importApply ./configurations.nix {inherit (inputs) nixpkgs darwin home-manager;}; configurations = importApply ./configurations.nix { inherit (inputs) nixpkgs darwin home-manager; };
}; };
in { in
{
imports = lib.attrValues flakeModules; imports = lib.attrValues flakeModules;
flake = {inherit flakeModules;}; flake = {
inherit flakeModules;
};
} }

13
modules/home/common/default.nix
View file

@ -6,13 +6,15 @@
inputs', inputs',
machineName, machineName,
... ...
} @ args: let }@args:
let
# TODO: Conditionally define based on whether we're in a system configuration or not # TODO: Conditionally define based on whether we're in a system configuration or not
fishOverlayModule = lib.mkIf (!args ? osConfig) { fishOverlayModule = lib.mkIf (!args ? osConfig) {
# See modules/system/common/default.nix for reasoning. # See modules/system/common/default.nix for reasoning.
nixpkgs.overlays = [(_: _: {inherit (inputs'.settei.packages) fish;})]; nixpkgs.overlays = [ (_: _: { inherit (inputs'.settei.packages) fish; }) ];
}; };
in { in
{
_file = ./default.nix; _file = ./default.nix;
imports = [ imports = [
@ -49,7 +51,10 @@ in {
}; };
}; };
home.packages = [inputs'.settei.packages.base-packages pkgs.nh]; home.packages = [
inputs'.settei.packages.base-packages
pkgs.nh
];
home.sessionVariables.EDITOR = "hx"; home.sessionVariables.EDITOR = "hx";
} }

16
modules/home/common/desktop/default.nix
View file

@ -5,7 +5,8 @@
inputs, inputs,
inputs', inputs',
... ...
}: { }:
{
_file = ./default.nix; _file = ./default.nix;
options.common.desktop = { options.common.desktop = {
@ -23,18 +24,17 @@
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = let package =
firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay; let
in firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay;
in
lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin; lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin;
}; };
programs.qutebrowser = { programs.qutebrowser = {
enable = true; enable = true;
package = package =
if pkgs.stdenv.isDarwin if pkgs.stdenv.isDarwin then inputs'.niko-nur.packages.qutebrowser-bin else pkgs.qutebrowser;
then inputs'.niko-nur.packages.qutebrowser-bin
else pkgs.qutebrowser;
}; };
programs.zellij = { programs.zellij = {
@ -42,7 +42,7 @@
settings = { settings = {
keybinds = { keybinds = {
shared_except = { shared_except = {
_args = ["locked"]; _args = [ "locked" ];
unbind = "Ctrl q"; unbind = "Ctrl q";
}; };
}; };

21
modules/system/common/default.nix
View file

@ -1,4 +1,5 @@
{isLinux}: { { isLinux }:
{
config, config,
configurationName, configurationName,
lib, lib,
@ -7,7 +8,8 @@
inputs', inputs',
username, username,
... ...
}: let }:
let
sharedConfig = { sharedConfig = {
settei = { settei = {
username = lib.mkDefault "niko"; username = lib.mkDefault "niko";
@ -20,7 +22,7 @@
enable = lib.mkDefault true; enable = lib.mkDefault true;
# TODO: Move to settei or leave here? # TODO: Move to settei or leave here?
extraArgs.machineName = configurationName; extraArgs.machineName = configurationName;
config.imports = [inputs.settei.homeModules.common]; config.imports = [ inputs.settei.homeModules.common ];
}; };
}; };
@ -31,7 +33,7 @@
# NixOS' fish module doesn't allow setting what package to use for fish, # NixOS' fish module doesn't allow setting what package to use for fish,
# so I need to override the fish package. # so I need to override the fish package.
nixpkgs.overlays = [(_: _: {inherit (inputs'.settei.packages) fish;})]; nixpkgs.overlays = [ (_: _: { inherit (inputs'.settei.packages) fish; }) ];
nix.settings.allow-import-from-derivation = false; nix.settings.allow-import-from-derivation = false;
}; };
@ -53,15 +55,16 @@
system.stateVersion = 4; system.stateVersion = 4;
# Every macOS ARM machine can emulate x86. # Every macOS ARM machine can emulate x86.
nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 ["x86_64-darwin"]; nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 [ "x86_64-darwin" ];
}; };
in { in
{
_file = ./default.nix; _file = ./default.nix;
imports = [ imports = [
(import ./hercules.nix {inherit isLinux;}) (import ./hercules.nix { inherit isLinux; })
(import ./user.nix {inherit isLinux;}) (import ./user.nix { inherit isLinux; })
(import ./github-runner.nix {inherit isLinux;}) (import ./github-runner.nix { inherit isLinux; })
]; ];
config = lib.mkMerge [ config = lib.mkMerge [

72
modules/system/common/github-runner.nix
View file

@ -1,9 +1,11 @@
{isLinux}: { { isLinux }:
{
config, config,
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
inherit (lib) mkOption types; inherit (lib) mkOption types;
github-runner-user = "github-runner"; github-runner-user = "github-runner";
@ -20,10 +22,10 @@
services.github-runners = lib.pipe cfg.runners [ services.github-runners = lib.pipe cfg.runners [
(lib.mapAttrsToList ( (lib.mapAttrsToList (
name: cfg: name: cfg:
lib.genList (i: lib.genList
lib.nameValuePair (
"${name}-${toString i}" i:
{ lib.nameValuePair "${name}-${toString i}" {
enable = true; enable = true;
tokenFile = config.age.secrets.github-token.path; tokenFile = config.age.secrets.github-token.path;
inherit (cfg) url; inherit (cfg) url;
@ -32,8 +34,9 @@
serviceOverrides = { serviceOverrides = {
DynamicUser = false; DynamicUser = false;
}; };
extraLabels = ["nix"]; extraLabels = [ "nix" ];
}) }
)
cfg.instances cfg.instances
)) ))
lib.flatten lib.flatten
@ -45,41 +48,48 @@
isSystemUser = true; isSystemUser = true;
group = github-runner-user; group = github-runner-user;
}; };
groups.${github-runner-user} = {}; groups.${github-runner-user} = { };
}; };
}; };
darwinConfig = lib.optionalAttrs (!isLinux) { darwinConfig = lib.optionalAttrs (!isLinux) {
warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet"; warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet";
}; };
in { in
{
_file = ./github-runner.nix; _file = ./github-runner.nix;
options.common.github-runner = { options.common.github-runner = {
enable = lib.mkEnableOption "using this machine as a self-hosted github runner"; enable = lib.mkEnableOption "using this machine as a self-hosted github runner";
runners = mkOption { runners = mkOption {
type = with types; type =
attrsOf (submodule ({name, ...}: { with types;
options = { attrsOf (
name = mkOption { submodule (
type = types.str; { name, ... }:
default = "${name}-${config.networking.hostName}"; {
}; options = {
url = mkOption { name = mkOption {
type = types.str; type = types.str;
}; default = "${name}-${config.networking.hostName}";
instances = mkOption { };
type = types.int; url = mkOption { type = types.str; };
default = 1; instances = mkOption {
}; type = types.int;
}; default = 1;
})); };
};
}
)
);
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
sharedConfig lib.mkMerge [
linuxConfig sharedConfig
darwinConfig linuxConfig
]); darwinConfig
]
);
} }

62
modules/system/common/hercules.nix
View file

@ -1,49 +1,51 @@
{isLinux}: { { isLinux }:
{
config, config,
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
options = { options = {
common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration"; common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
}; };
herculesUser = herculesUser =
if isLinux if isLinux then
then config.systemd.services.hercules-ci-agent.serviceConfig.User config.systemd.services.hercules-ci-agent.serviceConfig.User
else config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName; else
in { config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in
{
_file = ./hercules.nix; _file = ./hercules.nix;
inherit options; inherit options;
config = config =
lib.mkIf false lib.mkIf false
/* # config.common.hercules.enable
config.common.hercules.enable {
*/ age.secrets.hercules-token = {
{ file = ../../../secrets/hercules-token.age;
age.secrets.hercules-token = { owner = herculesUser;
file = ../../../secrets/hercules-token.age; };
owner = herculesUser; age.secrets.hercules-cache = {
}; file = ../../../secrets/hercules-cache.age;
age.secrets.hercules-cache = { owner = herculesUser;
file = ../../../secrets/hercules-cache.age; };
owner = herculesUser; age.secrets.hercules-secrets = {
}; file = ../../../secrets/hercules-secrets.age;
age.secrets.hercules-secrets = { owner = herculesUser;
file = ../../../secrets/hercules-secrets.age; };
owner = herculesUser;
};
services.hercules-ci-agent = { services.hercules-ci-agent = {
enable = true; enable = true;
settings = { settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path; clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4; concurrentTasks = lib.mkDefault 4;
binaryCachesPath = config.age.secrets.hercules-cache.path; binaryCachesPath = config.age.secrets.hercules-cache.path;
secretsJsonPath = config.age.secrets.hercules-secrets.path; secretsJsonPath = config.age.secrets.hercules-secrets.path;
};
}; };
}; };
};
} }

17
modules/system/common/user.nix
View file

@ -1,24 +1,21 @@
{isLinux}: { { isLinux }:
config, { config, lib, ... }:
lib, let
...
}: let
sharedConfig = { sharedConfig = {
settei.programs.podman.enable = true; settei.programs.podman.enable = true;
}; };
linuxConfig = lib.optionalAttrs isLinux { linuxConfig = lib.optionalAttrs isLinux { boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0; };
boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0;
};
darwinConfig = lib.optionalAttrs (!isLinux) {}; darwinConfig = lib.optionalAttrs (!isLinux) { };
finalConfig = lib.mkMerge [ finalConfig = lib.mkMerge [
sharedConfig sharedConfig
linuxConfig linuxConfig
darwinConfig darwinConfig
]; ];
in { in
{
_file = ./user.nix; _file = ./user.nix;
config = lib.mkIf config.settei.user.enable finalConfig; config = lib.mkIf config.settei.user.enable finalConfig;

35
modules/system/default.nix
View file

@ -1,17 +1,22 @@
{ config, lib, ... }:
{ {
config, flake =
lib, lib.genAttrs
... [
}: { "nixosModules"
flake = lib.genAttrs ["nixosModules" "darwinModules"] (attr: let "darwinModules"
isLinux = lib.hasPrefix "nixos" attr; ]
in { (
settei = import ./settei { attr:
inherit (config) perInput; let
inherit isLinux; isLinux = lib.hasPrefix "nixos" attr;
}; in
common = import ./common { {
inherit isLinux; settei = import ./settei {
}; inherit (config) perInput;
}); inherit isLinux;
};
common = import ./common { inherit isLinux; };
}
);
} }

16
modules/system/settei/default.nix
View file

@ -2,25 +2,25 @@
perInput, perInput,
# TODO: Figure out a nicer way of doing this without infrec? # TODO: Figure out a nicer way of doing this without infrec?
isLinux, isLinux,
}: { }:
{
lib, lib,
pkgs, pkgs,
config, config,
options, options,
... ...
}: { }:
{
_file = ./default.nix; _file = ./default.nix;
imports = [ imports = [
(import ./sane-defaults.nix {inherit isLinux;}) (import ./sane-defaults.nix { inherit isLinux; })
(import ./flake-qol.nix {inherit perInput;}) (import ./flake-qol.nix { inherit perInput; })
./user.nix ./user.nix
(import ./programs {inherit isLinux;}) (import ./programs { inherit isLinux; })
]; ];
options.settei = with lib; { options.settei = with lib; {
username = mkOption { username = mkOption { type = types.str; };
type = types.str;
};
}; };
} }

24
modules/system/settei/flake-qol.nix
View file

@ -1,11 +1,14 @@
{perInput}: { { perInput }:
{
config, config,
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
cfg = config.settei.flake-qol; cfg = config.settei.flake-qol;
in { in
{
_file = ./flake-qol.nix; _file = ./flake-qol.nix;
options.settei.flake-qol = with lib; { options.settei.flake-qol = with lib; {
@ -14,9 +17,7 @@ in {
type = types.bool; type = types.bool;
default = true; default = true;
}; };
inputs = mkOption { inputs = mkOption { type = types.unspecified; };
type = types.unspecified;
};
inputs-flakes = mkOption { inputs-flakes = mkOption {
type = types.attrs; type = types.attrs;
readOnly = true; readOnly = true;
@ -27,11 +28,10 @@ in {
}; };
}; };
config = let config =
reexportedArgs = lib.mkIf cfg.reexportAsArgs { let
inherit (cfg) inputs inputs-flakes inputs'; reexportedArgs = lib.mkIf cfg.reexportAsArgs { inherit (cfg) inputs inputs-flakes inputs'; };
}; in
in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
settei.flake-qol = { settei.flake-qol = {
inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs; inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs;
@ -42,7 +42,7 @@ in {
settei.user.extraArgs = reexportedArgs; settei.user.extraArgs = reexportedArgs;
nix = { nix = {
registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes; registry = lib.mapAttrs (_: flake: { inherit flake; }) cfg.inputs-flakes;
nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes; nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes;
}; };
}; };

7
modules/system/settei/programs/default.nix
View file

@ -1,7 +1,6 @@
{isLinux}: { { isLinux }:
{
_file = ./default.nix; _file = ./default.nix;
imports = [ imports = [ (import ./podman.nix { inherit isLinux; }) ];
(import ./podman.nix {inherit isLinux;})
];
} }

15
modules/system/settei/programs/podman.nix
View file

@ -1,11 +1,13 @@
{isLinux}: { { isLinux }:
{
config, config,
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
sharedConfig = { sharedConfig = {
environment.systemPackages = [pkgs.podman-compose]; environment.systemPackages = [ pkgs.podman-compose ];
}; };
linuxConfig = lib.optionalAttrs isLinux { linuxConfig = lib.optionalAttrs isLinux {
@ -16,16 +18,15 @@
}; };
}; };
darwinConfig = lib.optionalAttrs (!isLinux) { darwinConfig = lib.optionalAttrs (!isLinux) { environment.systemPackages = [ pkgs.podman ]; };
environment.systemPackages = [pkgs.podman];
};
finalConfig = lib.mkMerge [ finalConfig = lib.mkMerge [
sharedConfig sharedConfig
linuxConfig linuxConfig
darwinConfig darwinConfig
]; ];
in { in
{
_file = ./podman.nix; _file = ./podman.nix;
options.settei.programs.podman.enable = lib.mkEnableOption "Podman"; options.settei.programs.podman.enable = lib.mkEnableOption "Podman";

197
modules/system/settei/sane-defaults.nix
View file

@ -1,8 +1,6 @@
{isLinux}: { { isLinux }:
config, { config, lib, ... }@args:
lib, let
...
} @ args: let
cfg = config.settei.sane-defaults; cfg = config.settei.sane-defaults;
inherit (config.settei) username; inherit (config.settei) username;
@ -11,7 +9,7 @@
enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)"; enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)";
allSshKeys = mkOption { allSshKeys = mkOption {
type = types.attrsOf types.singleLineStr; type = types.attrsOf types.singleLineStr;
default = {}; default = { };
}; };
tailnet = mkOption { tailnet = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
@ -20,98 +18,108 @@
}; };
}; };
sharedConfig = let sharedConfig =
adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword; let
in { adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword;
_module.args = {
username = lib.mkDefault username;
};
# FIXME: Move to common
services.tailscale.enable = true;
networking.hostName = lib.mkDefault (
args.configurationName
or (throw "pass configurationName to module arguments or set networking.hostName yourself")
);
# Flakes are unusable without git present so pull it into the environment by default
settei.user.config.programs.git.enable = lib.mkDefault true;
# FIXME: Move to common
users.users.${username}.openssh.authorizedKeys.keys = let
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself");
filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
in in
lib.mkDefault (lib.attrValues filteredKeys); {
_module.args = {
username = lib.mkDefault username;
};
nix = { # FIXME: Move to common
settings = { services.tailscale.enable = true;
experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
trusted-users = lib.optionals (!adminNeedsPassword) [username]; networking.hostName = lib.mkDefault (
auto-allocate-uids = true; args.configurationName
extra-substituters = [ or (throw "pass configurationName to module arguments or set networking.hostName yourself")
"https://hyprland.cachix.org" );
"https://cache.garnix.io"
"https://nix-community.cachix.org" # Flakes are unusable without git present so pull it into the environment by default
"https://hercules-ci.cachix.org" settei.user.config.programs.git.enable = lib.mkDefault true;
"https://nrabulinski.cachix.org"
"https://cache.nrab.lol" # FIXME: Move to common
]; users.users.${username}.openssh.authorizedKeys.keys =
extra-trusted-public-keys = [ let
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" configName' =
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" args.configurationName
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself"
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" );
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" in
]; lib.mkDefault (lib.attrValues filteredKeys);
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
"repl-flake"
"auto-allocate-uids"
];
trusted-users = lib.optionals (!adminNeedsPassword) [ username ];
auto-allocate-uids = true;
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org"
"https://cache.nrab.lol"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
];
};
}; };
}; };
};
linuxConfig = lib.optionalAttrs isLinux (let linuxConfig = lib.optionalAttrs isLinux (
nmEnabled = config.networking.networkmanager.enable; let
in { nmEnabled = config.networking.networkmanager.enable;
hardware.enableRedistributableFirmware = true; in
{
hardware.enableRedistributableFirmware = true;
services.openssh.enable = true; services.openssh.enable = true;
programs.mosh.enable = lib.mkDefault true; programs.mosh.enable = lib.mkDefault true;
programs.git.enable = lib.mkDefault true; programs.git.enable = lib.mkDefault true;
users = { users = {
mutableUsers = false; mutableUsers = false;
users.${username} = { users.${username} = {
isNormalUser = true; isNormalUser = true;
home = "/home/${username}"; home = "/home/${username}";
group = username; group = username;
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
};
groups.${username} = { };
}; };
groups.${username} = {};
};
# TODO: Actually this should be extraRules which makes wheel users without any password set # TODO: Actually this should be extraRules which makes wheel users without any password set
# be able to use sudo with no password # be able to use sudo with no password
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# When NetworkManager isn't in use, add tailscale DNS address manually # When NetworkManager isn't in use, add tailscale DNS address manually
# FIXME: Move to common # FIXME: Move to common
networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) { networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) {
nameservers = [ nameservers = [
"100.100.100.100" "100.100.100.100"
"1.1.1.1" "1.1.1.1"
"1.0.0.1" "1.0.0.1"
]; ];
search = [cfg.tailnet]; search = [ cfg.tailnet ];
}; };
# NetworkManager probably means desktop system so we don't want to slow down boot times # NetworkManager probably means desktop system so we don't want to slow down boot times
systemd.services = lib.mkIf nmEnabled { systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; };
NetworkManager-wait-online.enable = false; }
}; );
});
darwinConfig = lib.optionalAttrs (!isLinux) { darwinConfig = lib.optionalAttrs (!isLinux) {
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
@ -120,14 +128,17 @@
users.users.${username}.home = "/Users/${username}"; users.users.${username}.home = "/Users/${username}";
}; };
in { in
{
_file = ./sane-defaults.nix; _file = ./sane-defaults.nix;
inherit options; inherit options;
config = lib.mkIf config.settei.sane-defaults.enable (lib.mkMerge [ config = lib.mkIf config.settei.sane-defaults.enable (
sharedConfig lib.mkMerge [
linuxConfig sharedConfig
darwinConfig linuxConfig
]); darwinConfig
]
);
} }

71
modules/system/settei/user.nix
View file

@ -3,59 +3,62 @@
options, options,
lib, lib,
... ...
} @ args: let }@args:
let
hasHomeManager = options ? home-manager; hasHomeManager = options ? home-manager;
cfg = config.settei.user; cfg = config.settei.user;
inherit (config.settei) username; inherit (config.settei) username;
in { in
{
_file = ./user.nix; _file = ./user.nix;
options.settei.user = with lib; { options.settei.user = with lib; {
enable = mkEnableOption "User-specific configuration"; enable = mkEnableOption "User-specific configuration";
config = mkOption { config = mkOption {
type = types.deferredModule; type = types.deferredModule;
default = {}; default = { };
}; };
extraArgs = mkOption { extraArgs = mkOption {
type = types.attrs; type = types.attrs;
default = {}; default = { };
}; };
}; };
config = let config =
hmConfig = lib.optionalAttrs hasHomeManager { let
home-manager.useGlobalPkgs = true; hmConfig = lib.optionalAttrs hasHomeManager {
home-manager.useUserPackages = true; home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = home-manager.useUserPackages = true;
{ home-manager.extraSpecialArgs = {
inherit (args) inputs inputs'; inherit (args) inputs inputs';
} } // cfg.extraArgs;
// cfg.extraArgs;
home-manager.users.${username} = { home-manager.users.${username} = {
_file = ./user.nix; _file = ./user.nix;
imports = [cfg.config]; imports = [ cfg.config ];
home = { home = {
inherit username; inherit username;
homeDirectory = config.users.users.${username}.home; homeDirectory = config.users.users.${username}.home;
stateVersion = "22.05"; stateVersion = "22.05";
};
programs.home-manager.enable = true;
}; };
programs.home-manager.enable = true;
}; };
}; in
in lib.mkIf cfg.enable (
lib.mkIf cfg.enable (lib.mkMerge [ lib.mkMerge [
{ {
assertions = [ assertions = [
{ {
assertion = hasHomeManager; assertion = hasHomeManager;
message = "Home-manager module has to be imported before enabling settei.user"; message = "Home-manager module has to be imported before enabling settei.user";
} }
]; ];
} }
hmConfig hmConfig
]); ]
);
} }

32
pkgs/conduit/default.nix
View file

@ -8,27 +8,29 @@
rocksdb, rocksdb,
darwin, darwin,
rustPlatform, rustPlatform,
}: let }:
rust = with fenix; let
rust =
with fenix;
combine [ combine [
stable.cargo stable.cargo
stable.rustc stable.rustc
]; ];
crane' = crane.overrideToolchain rust; crane' = crane.overrideToolchain rust;
in in
crane'.buildPackage { crane'.buildPackage {
inherit src; inherit src;
strictDeps = true; strictDeps = true;
nativeBuildInputs = [rustPlatform.bindgenHook]; nativeBuildInputs = [ rustPlatform.bindgenHook ];
buildInputs = lib.optionals stdenv.isDarwin [ buildInputs = lib.optionals stdenv.isDarwin [
libiconv libiconv
darwin.apple_sdk.frameworks.Security darwin.apple_sdk.frameworks.Security
darwin.apple_sdk.frameworks.SystemConfiguration darwin.apple_sdk.frameworks.SystemConfiguration
]; ];
# Use system RocksDB # Use system RocksDB
ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; ROCKSDB_INCLUDE_DIR = "${rocksdb}/include";
ROCKSDB_LIB_DIR = "${rocksdb}/lib"; ROCKSDB_LIB_DIR = "${rocksdb}/lib";
} }

41
pkgs/default.nix
View file

@ -1,22 +1,25 @@
{inputs, ...}: { { inputs, ... }:
perSystem = { {
pkgs, perSystem =
system, {
inputs', pkgs,
... system,
}: { inputs',
packages.conduit-next = pkgs.callPackage ./conduit { ...
src = inputs.conduit-src; }:
crane = inputs.crane.lib.${system}; {
fenix = inputs'.fenix.packages; packages.conduit-next = pkgs.callPackage ./conduit {
}; src = inputs.conduit-src;
crane = inputs.crane.lib.${system};
fenix = inputs'.fenix.packages;
};
packages.git-commit-last = pkgs.writeShellApplication { packages.git-commit-last = pkgs.writeShellApplication {
name = "git-commit-last"; name = "git-commit-last";
text = '' text = ''
GITDIR="$(git rev-parse --git-dir)" GITDIR="$(git rev-parse --git-dir)"
git commit -eF "$GITDIR/COMMIT_EDITMSG" git commit -eF "$GITDIR/COMMIT_EDITMSG"
''; '';
};
}; };
};
} }

3
secrets/secrets.nix
View file

@ -1,6 +1,7 @@
let let
keys = import ../assets/ssh.nix; keys = import ../assets/ssh.nix;
in { in
{
"leet-nrab-lol-pass.age".publicKeys = [ "leet-nrab-lol-pass.age".publicKeys = [
keys.system.kazuki keys.system.kazuki
keys.other.bootstrap keys.other.bootstrap

45
wrappers/default.nix
View file

@ -1,26 +1,25 @@
{inputs, ...}: { { inputs, ... }:
perSystem = { {
pkgs, perSystem =
inputs', { pkgs, inputs', ... }:
... let
}: let wrapped = inputs.wrapper-manager-hm-compat.lib {
wrapped = inputs.wrapper-manager-hm-compat.lib { inherit pkgs;
inherit pkgs; modules = [
modules = [ # ./starship
# ./starship ./helix
./helix # TODO: Enable again
# TODO: Enable again # ./rash
# ./rash ./fish
./fish ./wezterm
./wezterm ];
]; specialArgs = {
specialArgs = { inherit inputs inputs';
inherit inputs inputs'; };
}; };
all-packages = wrapped.config.build.packages;
in
{
packages = all-packages;
}; };
all-packages = wrapped.config.build.packages;
in {
packages =
all-packages;
};
} }

53
wrappers/fish/default.nix
View file

@ -1,33 +1,40 @@
{ lib, pkgs, ... }:
{ {
lib,
pkgs,
...
}: {
wrappers.fish = { wrappers.fish = {
basePackage = pkgs.fish; basePackage = pkgs.fish;
wrapByDefault = false; wrapByDefault = false;
programs.fish = {config, ...}: { programs.fish =
extraWrapperFlags = "--inherit-argv0"; { config, ... }:
{
extraWrapperFlags = "--inherit-argv0";
prependFlags = let prependFlags =
# Can't rely on pathAdd because fish used as login shell will ignore the variables the wrapper sets up let
path-add-lines = # Can't rely on pathAdd because fish used as login shell will ignore the variables the wrapper sets up
lib.concatMapStringsSep "\n" path-add-lines =
(pkg: "fish_add_path --path --prepend '${lib.getExe' pkg ""}'") lib.concatMapStringsSep "\n" (pkg: "fish_add_path --path --prepend '${lib.getExe' pkg ""}'")
config.pathAdd; config.pathAdd;
config-fish = pkgs.writeText "config.fish" '' config-fish = pkgs.writeText "config.fish" ''
${path-add-lines} ${path-add-lines}
source ${./prompt.fish} source ${./prompt.fish}
source ${./config.fish} source ${./config.fish}
''; '';
in [ in
"-C" [
"source ${config-fish}" "-C"
]; "source ${config-fish}"
];
pathAdd = with pkgs; [eza bat fzf ripgrep zoxide direnv]; pathAdd = with pkgs; [
}; eza
bat
fzf
ripgrep
zoxide
direnv
];
};
}; };
} }

9
wrappers/helix/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.helix = { programs.helix = {
enable = true; enable = true;
settings = { settings = {
@ -25,8 +26,8 @@
{ {
name = "koka"; name = "koka";
scope = "scope.koka"; scope = "scope.koka";
file-types = ["kk"]; file-types = [ "kk" ];
roots = []; roots = [ ];
indent = { indent = {
tab-width = 4; tab-width = 4;
unit = " "; unit = " ";
@ -43,5 +44,5 @@
}; };
}; };
wrappers.helix.pathAdd = [pkgs.nil]; wrappers.helix.pathAdd = [ pkgs.nil ];
} }

103
wrappers/rash/default.nix
View file

@ -3,57 +3,58 @@
inputs', inputs',
config, config,
... ...
}: { }:
wrappers.rash = let {
readlinePatched = pkgs.fetchFromGitHub { wrappers.rash =
owner = "nrabulinski"; let
repo = "readline"; readlinePatched = pkgs.fetchFromGitHub {
rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1"; owner = "nrabulinski";
hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY="; repo = "readline";
}; rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1";
racket-with-libs = inputs'.racket.packages.racket.newLayer { hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY=";
withRacketPackages = ps:
with ps; [
readline-gpl
(readline-lib.override {
src = "${readlinePatched}/readline-lib";
})
rash
threading
functional
racket-langserver
# TODO: Remove once dependency resolution is fixed
slideshow-lib
r5rs-lib
data-enumerate-lib
plot-lib
plot-gui-lib
plot-compat
srfi-lib
typed-racket-compatibility
future-visualizer-pict
macro-debugger-text-lib
profile-lib
images-gui-lib
];
buildInputs = with pkgs; [readline];
};
in {
basePackage = pkgs.writeShellScriptBin "rash-repl" ''
exec "${racket-with-libs}/bin/rash-repl" "$@"
'';
# TODO: Shell shouldn't overwrite this variable. Probably
env.XDG_CONFIG_HOME = {
value = pkgs.linkFarm "rash-config" {
"rash/rashrc" = ./rashrc;
"rash/rashrc.rkt" = ./rashrc.rkt;
}; };
force = true; racket-with-libs = inputs'.racket.packages.racket.newLayer {
withRacketPackages =
ps: with ps; [
readline-gpl
(readline-lib.override { src = "${readlinePatched}/readline-lib"; })
rash
threading
functional
racket-langserver
# TODO: Remove once dependency resolution is fixed
slideshow-lib
r5rs-lib
data-enumerate-lib
plot-lib
plot-gui-lib
plot-compat
srfi-lib
typed-racket-compatibility
future-visualizer-pict
macro-debugger-text-lib
profile-lib
images-gui-lib
];
buildInputs = with pkgs; [ readline ];
};
in
{
basePackage = pkgs.writeShellScriptBin "rash-repl" ''
exec "${racket-with-libs}/bin/rash-repl" "$@"
'';
# TODO: Shell shouldn't overwrite this variable. Probably
env.XDG_CONFIG_HOME = {
value = pkgs.linkFarm "rash-config" {
"rash/rashrc" = ./rashrc;
"rash/rashrc.rkt" = ./rashrc.rkt;
};
force = true;
};
pathAdd = [
racket-with-libs
config.wrappers.starship.wrapped
];
}; };
pathAdd = [
racket-with-libs
config.wrappers.starship.wrapped
];
};
} }

3
wrappers/wezterm/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
wrappers.wezterm = { wrappers.wezterm = {
basePackage = pkgs.wezterm; basePackage = pkgs.wezterm;
env.WEZTERM_CONFIG_FILE.value = ./config.lua; env.WEZTERM_CONFIG_FILE.value = ./config.lua;