nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

treewide: alejandra -> nixfmt-rfc-style

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-25 19:09:09 +01:00
parent d64c02e3da
commit 6558fdb739
51 changed files with 1108 additions and 928 deletions
Download patch file Download diff file Expand all files Collapse all files

3
assets/default.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
options.assets = lib.mkOption {
type = lib.types.unspecified;
readOnly = true;

77
effects.nix
View file

@ -4,23 +4,28 @@
withSystem,
self,
...
}: let
collectFlakeOutputs = {
config,
pkgs,
}: let
}:
let
collectFlakeOutputs =
{ config, pkgs }:
let
inherit (pkgs) lib;
collectDrvs = prefix: attrs: let
collectDrvs =
prefix: attrs:
let
drvs = lib.pipe attrs [
(lib.filterAttrs (_: lib.isDerivation))
(lib.mapAttrsToList (name: drv: {
(lib.mapAttrsToList (
name: drv: {
name = lib.concatStringsSep "." (prefix ++ [ name ]);
inherit drv;
}))
}
))
];
recursed = lib.pipe attrs [
(lib.filterAttrs (_: val:
(!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)))
(lib.filterAttrs (
_: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)
))
(lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ])))
];
in
@ -28,7 +33,8 @@
rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ];
in
collectDrvs [ ] rootOutputs;
in {
in
{
defaultEffectSystem = "aarch64-linux";
hercules-ci = {
@ -41,25 +47,20 @@ in {
herculesCI = herculesCI: {
onPush.default = {
outputs.effects = {
pin-cache = withSystem config.defaultEffectSystem ({
pkgs,
hci-effects,
...
}: let
pin-cache = withSystem config.defaultEffectSystem (
{ pkgs, hci-effects, ... }:
let
collected = collectFlakeOutputs {
inherit (herculesCI) config;
inherit pkgs;
};
cachixCommands =
lib.concatMapStringsSep
"\n"
({
name,
drv,
}: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}")
lib.concatMapStringsSep "\n"
({ name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}")
collected;
in
hci-effects.runIf (herculesCI.config.repo.branch == "main") (hci-effects.mkEffect {
hci-effects.runIf (herculesCI.config.repo.branch == "main") (
hci-effects.mkEffect {
secretsMap."cachix-token" = "cachix-token";
inputs = [ pkgs.cachix ];
userSetupScript = ''
@ -69,17 +70,18 @@ in {
# They have already been built as part of this job,
# we only want to pin them to make sure cachix doesn't GC them.
effectScript = builtins.unsafeDiscardStringContext cachixCommands;
}));
}
)
);
};
};
};
perSystem = {
pkgs,
lib,
...
}: rec {
legacyPackages.outputsList = let
perSystem =
{ pkgs, lib, ... }:
rec {
legacyPackages.outputsList =
let
config = self.herculesCI {
primaryRepo = { };
herculesCI = { };
@ -87,14 +89,17 @@ in {
in
collectFlakeOutputs { inherit config pkgs; };
legacyPackages.github-matrix = let
legacyPackages.github-matrix =
let
systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList;
in
lib.concatMapStringsSep "\n" ({
name,
value,
}: ''
lib.concatMapStringsSep "\n"
(
{ name, value }:
''
${name}=${builtins.toJSON (map (d: d.name) value)}
'') (lib.attrsToList systems);
''
)
(lib.attrsToList systems);
};
}

14
flake.nix
View file

@ -1,5 +1,6 @@
{
outputs = inputs @ {flake-parts, ...}:
outputs =
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
@ -18,13 +19,15 @@
./pkgs
];
perSystem = {
perSystem =
{
inputs',
self',
pkgs,
lib,
...
}: {
}:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.agenix.packages.agenix
@ -45,7 +48,7 @@
# Re-export it for convenience and for caching
packages.attic = inputs'.attic.packages.attic;
formatter = pkgs.alejandra;
formatter = pkgs.nixfmt-rfc-style;
};
};
@ -126,8 +129,7 @@
};
};
/*
TODO: Uncomment once (if ever?) nixConfig makes sense in flakes
/* TODO: Uncomment once (if ever?) nixConfig makes sense in flakes
nixConfig = {
extra-substituters = [
"https://hyprland.cachix.org"

19
hosts/default.nix
View file

@ -3,7 +3,8 @@
self,
inputs,
...
}: {
}:
{
imports = [
./kazuki
./hijiri-vm
@ -15,15 +16,20 @@
./kogata
];
builders = let
builders =
let
sharedOptions = {
_file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // {settei = self;};
settei.flake-qol.inputs = inputs // {
settei = self;
};
in {
nixos = name: module:
};
in
{
nixos =
name: module:
inputs.nixpkgs.lib.nixosSystem {
modules = [
inputs.agenix.nixosModules.age
@ -40,7 +46,8 @@
specialArgs.configurationName = name;
};
darwin = name: module:
darwin =
name: module:
inputs.darwin.lib.darwinSystem {
modules = [
inputs.agenix.darwinModules.age

6
hosts/hijiri-vm/default.nix
View file

@ -1,10 +1,12 @@
{
configurations.nixos.hijiri-vm = {
configurations.nixos.hijiri-vm =
{
modulesPath,
lib,
username,
...
}: {
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix

17
hosts/hijiri-vm/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/vda";
in {
in
{
disko.devices.disk.bootDisk = {
type = "disk";
device = bootDevice;
@ -27,9 +29,14 @@ in {
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";

4
hosts/hijiri/default.nix
View file

@ -1,5 +1,7 @@
{
configurations.darwin.hijiri = {pkgs, ...}: {
configurations.darwin.hijiri =
{ pkgs, ... }:
{
imports = [
./skhd.nix
./yabai.nix

17
hosts/hijiri/skhd.nix
View file

@ -1,13 +1,22 @@
{lib, ...}: {
{ lib, ... }:
{
services.skhd = {
enable = true;
skhdConfig = let
skhdConfig =
let
spaceCount = 6;
spaceBindings =
lib.genList
(i: let num = toString (i + 1); in "cmd - ${num} : yabai -m space --focus ${num}")
(
i:
let
num = toString (i + 1);
in
"cmd - ${num} : yabai -m space --focus ${num}"
)
spaceCount;
in ''
in
''
cmd - return : wezterm
cmd + shift - return : qutebrowser

5
hosts/hijiri/yabai.nix
View file

@ -1,8 +1,5 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
services.yabai = {
enable = true;
enableScriptingAddition = true;

24
hosts/installer/default.nix
View file

@ -1,14 +1,26 @@
{lib, ...}: {
configurations.nixos = let
mkInstaller = system: ({pkgs, ...}: {
nixpkgs = {inherit system;};
{ lib, ... }:
{
configurations.nixos =
let
mkInstaller =
system:
(
{ pkgs, ... }:
{
nixpkgs = {
inherit system;
};
environment.systemPackages = [ pkgs.nixos-install-tools ];
# Make nixos-anywhere treat this as a installer iso
system.nixos.variant_id = "installer";
});
systems = ["aarch64-linux" "x86_64-linux"];
}
);
systems = [
"aarch64-linux"
"x86_64-linux"
];
installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems;
in
lib.listToAttrs installers;

15
hosts/kazuki/attic.nix
View file

@ -1,10 +1,8 @@
{
config,
lib,
...
}: let
{ config, lib, ... }:
let
atticPort = 9476;
in {
in
{
age.secrets.attic-creds = {
file = ../../secrets/attic-creds.age;
owner = config.services.atticd.user;
@ -58,7 +56,10 @@ in {
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;

17
hosts/kazuki/conduit.nix
View file

@ -3,10 +3,12 @@
pkgs,
inputs',
...
}: let
}:
let
formatJson = pkgs.formats.json { };
serverDomain = "matrix.nrab.lol";
in {
in
{
services.matrix-conduit = {
enable = true;
package = inputs'.settei.packages.conduit-next;
@ -24,7 +26,12 @@ in {
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = {
enable = true;
@ -35,9 +42,7 @@ in {
enableACME = true;
locations."=/.well-known/matrix/server" = {
alias = formatJson.generate "well-known-matrix-server" {
"m.server" = serverDomain;
};
alias = formatJson.generate "well-known-matrix-server" { "m.server" = serverDomain; };
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";

6
hosts/kazuki/default.nix
View file

@ -1,10 +1,12 @@
{
configurations.nixos.kazuki = {
configurations.nixos.kazuki =
{
config,
modulesPath,
lib,
...
}: {
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix

17
hosts/kazuki/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/sda";
in {
in
{
disko.devices.disk.bootDisk = {
type = "disk";
device = bootDevice;
@ -27,9 +29,14 @@ in {
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";

10
hosts/kazuki/mail.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
# nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
age.secrets = {
leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age;
@ -6,7 +7,12 @@
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
mailserver = {
enable = true;

8
hosts/kazuki/ntfy.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.nrab-lol-cf = {
file = ../../secrets/nrab-lol-cf.age;
owner = config.services.nginx.user;
@ -16,7 +17,10 @@
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;

3
hosts/kazuki/storage.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.storage-box-webdav = {
file = ../../secrets/storage-box-webdav.age;
};

10
hosts/kazuki/vault.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.vault-cert-env = {
file = ../../secrets/vault-cert-env.age;
owner = config.services.nginx.user;
@ -12,7 +13,12 @@
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = {
enable = true;

11
hosts/kogata/default.nix
View file

@ -1,16 +1,13 @@
{
configurations.darwin.kogata = {
pkgs,
lib,
...
}: {
configurations.darwin.kogata =
{ pkgs, lib, ... }:
{
nixpkgs.system = "aarch64-darwin";
settei.user.config.common.desktop.enable = true;
# TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) ["teams"];
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "teams" ];
environment.systemPackages = with pkgs; [ teams ];
common.hercules.enable = true;

6
hosts/legion/default.nix
View file

@ -1,10 +1,12 @@
{
configurations.nixos.legion = {
configurations.nixos.legion =
{
config,
lib,
username,
...
}: {
}:
{
imports = [
./hardware.nix
# ./disks.nix

19
hosts/legion/desktop.nix
View file

@ -5,13 +5,17 @@
lib,
username,
...
}: {
}:
{
# Needed for nvidia and steam
nixpkgs.config.allowUnfree = true;
settei.user.config = {
common.desktop.enable = true;
home.packages = with pkgs; [brightnessctl dmenu];
home.packages = with pkgs; [
brightnessctl
dmenu
];
xsession.windowManager.i3 = {
enable = true;
@ -39,7 +43,11 @@
services.logind =
lib.genAttrs
["lidSwitch" "lidSwitchDocked" "lidSwitchExternalPower"]
[
"lidSwitch"
"lidSwitchDocked"
"lidSwitchExternalPower"
]
(_: "ignore");
services.pipewire = {
@ -51,7 +59,10 @@
programs.dconf.enable = true;
services.dbus.enable = true;
users.users.${username}.extraGroups = ["video" "input"];
users.users.${username}.extraGroups = [
"video"
"input"
];
# NVIDIA stuff
services.xserver = {

3
hosts/legion/disks.nix
View file

@ -1,6 +1,5 @@
args:
/*
let
/* let
bootDevice = args.bootDevice or "/dev/nvme0n1";
in
*/

52
hosts/legion/hardware.nix
View file

@ -1,7 +1,19 @@
{config, ...}: {
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"];
{ config, ... }:
{
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"uas"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"];
boot.kernelModules = [
"kvm-intel"
"i2c-dev"
"acpi_call"
];
boot.blacklistedKernelModules = [ "nouveau" ];
# Needed for enableAllFirmware
@ -21,31 +33,51 @@
fileSystems."/" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
options = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
options = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/persist" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
options = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
options = [
"subvol=log"
"compress=zstd"
"noatime"
];
neededForBoot = true;
};
@ -54,7 +86,5 @@
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-label/SWAP";}
];
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
}

6
hosts/legion/msmtp.nix
View file

@ -4,13 +4,15 @@
config,
username,
...
}: let
}:
let
mail = "alert@nrab.lol";
aliases = pkgs.writeText "mail-aliases" ''
${username}: nikodem@rabulinski.com
root: ${mail}
'';
in {
in
{
age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
programs.msmtp = {

12
hosts/legion/nas/default.nix
View file

@ -3,12 +3,14 @@
lib,
username,
...
}: {
imports = [
./media.nix
];
}:
{
imports = [ ./media.nix ];
boot.supportedFilesystems = ["ext4" "zfs"];
boot.supportedFilesystems = [
"ext4"
"zfs"
];
boot.zfs.extraPools = [ "yottapool" ];
services.zfs = {

8
hosts/legion/nas/media.nix
View file

@ -1,4 +1,5 @@
{username, ...}: {
{ username, ... }:
{
services.jellyfin.enable = true;
services.radarr.enable = true;
services.sonarr.enable = true;
@ -10,7 +11,10 @@
};
users.users = {
jellyfin.extraGroups = ["radarr" "sonarr"];
jellyfin.extraGroups = [
"radarr"
"sonarr"
];
radarr.extraGroups = [ "deluge" ];
sonarr.extraGroups = [ "deluge" ];
${username}.extraGroups = [ "deluge" ];

6
hosts/ude/default.nix
View file

@ -1,10 +1,12 @@
{
configurations.nixos.ude = {
configurations.nixos.ude =
{
config,
modulesPath,
lib,
...
}: {
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix

17
hosts/ude/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/sda";
in {
in
{
disko.devices = {
disk = {
vdb = {
@ -25,9 +27,14 @@ in {
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
mountpoint = "/";
inherit mountOptions;

21
modules/flake/configurations.nix
View file

@ -2,13 +2,15 @@
nixpkgs,
darwin,
home-manager,
}: {
}:
{
config,
lib,
flake-parts-lib,
...
}:
with lib; {
with lib;
{
_file = ./configurations.nix;
options = {
@ -46,17 +48,8 @@ with lib; {
};
config.flake = {
nixosConfigurations =
mapAttrs
config.builders.nixos
config.configurations.nixos;
darwinConfigurations =
mapAttrs
config.builders.darwin
config.configurations.darwin;
homeConfigurations =
mapAttrs
config.builders.home
config.configurations.home;
nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos;
darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin;
homeConfigurations = mapAttrs config.builders.home config.configurations.home;
};
}

10
modules/flake/default.nix
View file

@ -3,13 +3,17 @@
lib,
inputs,
...
}: let
}:
let
inherit (flake-parts-lib) importApply;
flakeModules = {
configurations = importApply ./configurations.nix { inherit (inputs) nixpkgs darwin home-manager; };
};
in {
in
{
imports = lib.attrValues flakeModules;
flake = {inherit flakeModules;};
flake = {
inherit flakeModules;
};
}

11
modules/home/common/default.nix
View file

@ -6,13 +6,15 @@
inputs',
machineName,
...
} @ args: let
}@args:
let
# TODO: Conditionally define based on whether we're in a system configuration or not
fishOverlayModule = lib.mkIf (!args ? osConfig) {
# See modules/system/common/default.nix for reasoning.
nixpkgs.overlays = [ (_: _: { inherit (inputs'.settei.packages) fish; }) ];
};
in {
in
{
_file = ./default.nix;
imports = [
@ -49,7 +51,10 @@ in {
};
};
home.packages = [inputs'.settei.packages.base-packages pkgs.nh];
home.packages = [
inputs'.settei.packages.base-packages
pkgs.nh
];
home.sessionVariables.EDITOR = "hx";
}

10
modules/home/common/desktop/default.nix
View file

@ -5,7 +5,8 @@
inputs,
inputs',
...
}: {
}:
{
_file = ./default.nix;
options.common.desktop = {
@ -23,7 +24,8 @@
programs.firefox = {
enable = true;
package = let
package =
let
firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay;
in
lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin;
@ -32,9 +34,7 @@
programs.qutebrowser = {
enable = true;
package =
if pkgs.stdenv.isDarwin
then inputs'.niko-nur.packages.qutebrowser-bin
else pkgs.qutebrowser;
if pkgs.stdenv.isDarwin then inputs'.niko-nur.packages.qutebrowser-bin else pkgs.qutebrowser;
};
programs.zellij = {

9
modules/system/common/default.nix
View file

@ -1,4 +1,5 @@
{isLinux}: {
{ isLinux }:
{
config,
configurationName,
lib,
@ -7,7 +8,8 @@
inputs',
username,
...
}: let
}:
let
sharedConfig = {
settei = {
username = lib.mkDefault "niko";
@ -55,7 +57,8 @@
# Every macOS ARM machine can emulate x86.
nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 [ "x86_64-darwin" ];
};
in {
in
{
_file = ./default.nix;
imports = [

42
modules/system/common/github-runner.nix
View file

@ -1,9 +1,11 @@
{isLinux}: {
{ isLinux }:
{
config,
lib,
pkgs,
...
}: let
}:
let
inherit (lib) mkOption types;
github-runner-user = "github-runner";
@ -20,10 +22,10 @@
services.github-runners = lib.pipe cfg.runners [
(lib.mapAttrsToList (
name: cfg:
lib.genList (i:
lib.nameValuePair
"${name}-${toString i}"
{
lib.genList
(
i:
lib.nameValuePair "${name}-${toString i}" {
enable = true;
tokenFile = config.age.secrets.github-token.path;
inherit (cfg) url;
@ -33,7 +35,8 @@
DynamicUser = false;
};
extraLabels = [ "nix" ];
})
}
)
cfg.instances
))
lib.flatten
@ -52,34 +55,41 @@
darwinConfig = lib.optionalAttrs (!isLinux) {
warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet";
};
in {
in
{
_file = ./github-runner.nix;
options.common.github-runner = {
enable = lib.mkEnableOption "using this machine as a self-hosted github runner";
runners = mkOption {
type = with types;
attrsOf (submodule ({name, ...}: {
type =
with types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
name = mkOption {
type = types.str;
default = "${name}-${config.networking.hostName}";
};
url = mkOption {
type = types.str;
};
url = mkOption { type = types.str; };
instances = mkOption {
type = types.int;
default = 1;
};
};
}));
}
)
);
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
config = lib.mkIf cfg.enable (
lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]);
]
);
}

20
modules/system/common/hercules.nix
View file

@ -1,27 +1,29 @@
{isLinux}: {
{ isLinux }:
{
config,
pkgs,
lib,
...
}: let
}:
let
options = {
common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
};
herculesUser =
if isLinux
then config.systemd.services.hercules-ci-agent.serviceConfig.User
else config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in {
if isLinux then
config.systemd.services.hercules-ci-agent.serviceConfig.User
else
config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in
{
_file = ./hercules.nix;
inherit options;
config =
lib.mkIf false
/*
config.common.hercules.enable
*/
# config.common.hercules.enable
{
age.secrets.hercules-token = {
file = ../../../secrets/hercules-token.age;

15
modules/system/common/user.nix
View file

@ -1,15 +1,11 @@
{isLinux}: {
config,
lib,
...
}: let
{ isLinux }:
{ config, lib, ... }:
let
sharedConfig = {
settei.programs.podman.enable = true;
};
linuxConfig = lib.optionalAttrs isLinux {
boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0;
};
linuxConfig = lib.optionalAttrs isLinux { boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0; };
darwinConfig = lib.optionalAttrs (!isLinux) { };
@ -18,7 +14,8 @@
linuxConfig
darwinConfig
];
in {
in
{
_file = ./user.nix;
config = lib.mkIf config.settei.user.enable finalConfig;

25
modules/system/default.nix
View file

@ -1,17 +1,22 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
flake = lib.genAttrs ["nixosModules" "darwinModules"] (attr: let
flake =
lib.genAttrs
[
"nixosModules"
"darwinModules"
]
(
attr:
let
isLinux = lib.hasPrefix "nixos" attr;
in {
in
{
settei = import ./settei {
inherit (config) perInput;
inherit isLinux;
};
common = import ./common {
inherit isLinux;
};
});
common = import ./common { inherit isLinux; };
}
);
}

10
modules/system/settei/default.nix
View file

@ -2,13 +2,15 @@
perInput,
# TODO: Figure out a nicer way of doing this without infrec?
isLinux,
}: {
}:
{
lib,
pkgs,
config,
options,
...
}: {
}:
{
_file = ./default.nix;
imports = [
@ -19,8 +21,6 @@
];
options.settei = with lib; {
username = mkOption {
type = types.str;
};
username = mkOption { type = types.str; };
};
}

20
modules/system/settei/flake-qol.nix
View file

@ -1,11 +1,14 @@
{perInput}: {
{ perInput }:
{
config,
lib,
pkgs,
...
}: let
}:
let
cfg = config.settei.flake-qol;
in {
in
{
_file = ./flake-qol.nix;
options.settei.flake-qol = with lib; {
@ -14,9 +17,7 @@ in {
type = types.bool;
default = true;
};
inputs = mkOption {
type = types.unspecified;
};
inputs = mkOption { type = types.unspecified; };
inputs-flakes = mkOption {
type = types.attrs;
readOnly = true;
@ -27,10 +28,9 @@ in {
};
};
config = let
reexportedArgs = lib.mkIf cfg.reexportAsArgs {
inherit (cfg) inputs inputs-flakes inputs';
};
config =
let
reexportedArgs = lib.mkIf cfg.reexportAsArgs { inherit (cfg) inputs inputs-flakes inputs'; };
in
lib.mkIf cfg.enable {
settei.flake-qol = {

7
modules/system/settei/programs/default.nix
View file

@ -1,7 +1,6 @@
{isLinux}: {
{ isLinux }:
{
_file = ./default.nix;
imports = [
(import ./podman.nix {inherit isLinux;})
];
imports = [ (import ./podman.nix { inherit isLinux; }) ];
}

13
modules/system/settei/programs/podman.nix
View file

@ -1,9 +1,11 @@
{isLinux}: {
{ isLinux }:
{
config,
lib,
pkgs,
...
}: let
}:
let
sharedConfig = {
environment.systemPackages = [ pkgs.podman-compose ];
};
@ -16,16 +18,15 @@
};
};
darwinConfig = lib.optionalAttrs (!isLinux) {
environment.systemPackages = [pkgs.podman];
};
darwinConfig = lib.optionalAttrs (!isLinux) { environment.systemPackages = [ pkgs.podman ]; };
finalConfig = lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
];
in {
in
{
_file = ./podman.nix;
options.settei.programs.podman.enable = lib.mkEnableOption "Podman";

49
modules/system/settei/sane-defaults.nix
View file

@ -1,8 +1,6 @@
{isLinux}: {
config,
lib,
...
} @ args: let
{ isLinux }:
{ config, lib, ... }@args:
let
cfg = config.settei.sane-defaults;
inherit (config.settei) username;
@ -20,9 +18,11 @@
};
};
sharedConfig = let
sharedConfig =
let
adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword;
in {
in
{
_module.args = {
username = lib.mkDefault username;
};
@ -39,17 +39,24 @@
settei.user.config.programs.git.enable = lib.mkDefault true;
# FIXME: Move to common
users.users.${username}.openssh.authorizedKeys.keys = let
users.users.${username}.openssh.authorizedKeys.keys =
let
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself");
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself"
);
filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
in
lib.mkDefault (lib.attrValues filteredKeys);
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
experimental-features = [
"nix-command"
"flakes"
"repl-flake"
"auto-allocate-uids"
];
trusted-users = lib.optionals (!adminNeedsPassword) [ username ];
auto-allocate-uids = true;
extra-substituters = [
@ -72,9 +79,11 @@
};
};
linuxConfig = lib.optionalAttrs isLinux (let
linuxConfig = lib.optionalAttrs isLinux (
let
nmEnabled = config.networking.networkmanager.enable;
in {
in
{
hardware.enableRedistributableFirmware = true;
services.openssh.enable = true;
@ -108,10 +117,9 @@
};
# NetworkManager probably means desktop system so we don't want to slow down boot times
systemd.services = lib.mkIf nmEnabled {
NetworkManager-wait-online.enable = false;
};
});
systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; };
}
);
darwinConfig = lib.optionalAttrs (!isLinux) {
services.nix-daemon.enable = true;
@ -120,14 +128,17 @@
users.users.${username}.home = "/Users/${username}";
};
in {
in
{
_file = ./sane-defaults.nix;
inherit options;
config = lib.mkIf config.settei.sane-defaults.enable (lib.mkMerge [
config = lib.mkIf config.settei.sane-defaults.enable (
lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]);
]
);
}

21
modules/system/settei/user.nix
View file

@ -3,11 +3,13 @@
options,
lib,
...
} @ args: let
}@args:
let
hasHomeManager = options ? home-manager;
cfg = config.settei.user;
inherit (config.settei) username;
in {
in
{
_file = ./user.nix;
options.settei.user = with lib; {
@ -22,15 +24,14 @@ in {
};
};
config = let
config =
let
hmConfig = lib.optionalAttrs hasHomeManager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs =
{
home-manager.extraSpecialArgs = {
inherit (args) inputs inputs';
}
// cfg.extraArgs;
} // cfg.extraArgs;
home-manager.users.${username} = {
_file = ./user.nix;
@ -47,7 +48,8 @@ in {
};
};
in
lib.mkIf cfg.enable (lib.mkMerge [
lib.mkIf cfg.enable (
lib.mkMerge [
{
assertions = [
{
@ -57,5 +59,6 @@ in {
];
}
hmConfig
]);
]
);
}

6
pkgs/conduit/default.nix
View file

@ -8,8 +8,10 @@
rocksdb,
darwin,
rustPlatform,
}: let
rust = with fenix;
}:
let
rust =
with fenix;
combine [
stable.cargo
stable.rustc

9
pkgs/default.nix
View file

@ -1,10 +1,13 @@
{inputs, ...}: {
perSystem = {
{ inputs, ... }:
{
perSystem =
{
pkgs,
system,
inputs',
...
}: {
}:
{
packages.conduit-next = pkgs.callPackage ./conduit {
src = inputs.conduit-src;
crane = inputs.crane.lib.${system};

3
secrets/secrets.nix
View file

@ -1,6 +1,7 @@
let
keys = import ../assets/ssh.nix;
in {
in
{
"leet-nrab-lol-pass.age".publicKeys = [
keys.system.kazuki
keys.other.bootstrap

17
wrappers/default.nix
View file

@ -1,9 +1,8 @@
{inputs, ...}: {
perSystem = {
pkgs,
inputs',
...
}: let
{ inputs, ... }:
{
perSystem =
{ pkgs, inputs', ... }:
let
wrapped = inputs.wrapper-manager-hm-compat.lib {
inherit pkgs;
modules = [
@ -19,8 +18,8 @@
};
};
all-packages = wrapped.config.build.packages;
in {
packages =
all-packages;
in
{
packages = all-packages;
};
}

27
wrappers/fish/default.nix
View file

@ -1,20 +1,19 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
wrappers.fish = {
basePackage = pkgs.fish;
wrapByDefault = false;
programs.fish = {config, ...}: {
programs.fish =
{ config, ... }:
{
extraWrapperFlags = "--inherit-argv0";
prependFlags = let
prependFlags =
let
# Can't rely on pathAdd because fish used as login shell will ignore the variables the wrapper sets up
path-add-lines =
lib.concatMapStringsSep "\n"
(pkg: "fish_add_path --path --prepend '${lib.getExe' pkg ""}'")
lib.concatMapStringsSep "\n" (pkg: "fish_add_path --path --prepend '${lib.getExe' pkg ""}'")
config.pathAdd;
config-fish = pkgs.writeText "config.fish" ''
${path-add-lines}
@ -22,12 +21,20 @@
source ${./prompt.fish}
source ${./config.fish}
'';
in [
in
[
"-C"
"source ${config-fish}"
];
pathAdd = with pkgs; [eza bat fzf ripgrep zoxide direnv];
pathAdd = with pkgs; [
eza
bat
fzf
ripgrep
zoxide
direnv
];
};
};
}

3
wrappers/helix/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.helix = {
enable = true;
settings = {

17
wrappers/rash/default.nix
View file

@ -3,8 +3,10 @@
inputs',
config,
...
}: {
wrappers.rash = let
}:
{
wrappers.rash =
let
readlinePatched = pkgs.fetchFromGitHub {
owner = "nrabulinski";
repo = "readline";
@ -12,12 +14,10 @@
hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY=";
};
racket-with-libs = inputs'.racket.packages.racket.newLayer {
withRacketPackages = ps:
with ps; [
withRacketPackages =
ps: with ps; [
readline-gpl
(readline-lib.override {
src = "${readlinePatched}/readline-lib";
})
(readline-lib.override { src = "${readlinePatched}/readline-lib"; })
rash
threading
functional
@ -39,7 +39,8 @@
];
buildInputs = with pkgs; [ readline ];
};
in {
in
{
basePackage = pkgs.writeShellScriptBin "rash-repl" ''
exec "${racket-with-libs}/bin/rash-repl" "$@"
'';

3
wrappers/wezterm/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
wrappers.wezterm = {
basePackage = pkgs.wezterm;
env.WEZTERM_CONFIG_FILE.value = ./config.lua;