nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: nrabulinski:084bf3eb177fd76174bc1f8ab8cfcbc765c08ac3
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla
...
compare: nrabulinski:1a4f685c16fdcc6a9e2383d9e1f6782ad7e41836
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla

34 commits
084bf3eb17 ... 1a4f685c16

Author SHA1 Message Date
Nikodem Rabuliński
1a4f685c16
services/paperless: init
Some checks failed
/ check (pull_request) Failing after 2s
Details
2025-06-02 19:40:24 +02:00
Nikodem Rabuliński
4d21f49551
modules/system/builder: init remote-builder module 2025-06-02 19:40:24 +02:00
Nikodem Rabuliński
a6f43b43b2
default.nix: reexport system configurations
All checks were successful
/ check (pull_request) Successful in 31s
Details
/ check (push) Successful in 1m15s
Details
2025-06-02 15:03:12 +02:00
Nikodem Rabuliński
33d9ec1110
flake.nix: remove niko-nur 2025-06-02 15:00:52 +02:00
Nikodem Rabuliński
a4f914ef2b
flake.lock: update 2025-06-02 14:41:29 +02:00
Nikodem Rabuliński
39bde5a9b3
forgejo: no redundant CI
All checks were successful
/ check (pull_request) Successful in 1m27s
Details
2025-05-29 20:49:21 +02:00
Nikodem Rabuliński
33d720abb6
treewide: hercules is no more
All checks were successful
/ check (push) Successful in 37s
Details
/ check (pull_request) Successful in 3m19s
Details
2025-05-29 20:43:34 +02:00
Nikodem Rabuliński
c9c49bf128
hosts/hijiri/skhd: more spaces 2025-05-28 19:37:07 +02:00
Nikodem Rabuliński
1f936258f2
modules/home/desktop: use firefox from nixpkgs
All checks were successful
/ check (push) Successful in 36s
Details
/ check (pull_request) Successful in 1m31s
Details
2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
46e631c8c5
treewide: use nh from master instead of nixpkgs 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
e89f83a559
flake: move attic to flake=false 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
a7e14fb69a
modules/system/flake-qol: double copying nixpkgs is no more 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
2ff9d98635
pkgs: build attic without relying on flakes 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
111d88a193
nilla: add inputs argument 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
e809826dc8
pkgs/conduit: remove dependency on fenix and crane 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
ff4457c267
nilla: add ci.check 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
696be4cada
modules/nilla: configurations -> systems 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
75ca1eb38f
modules/nilla: flake compatibility module 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
cde0371741
hosts: simplify builders 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
954b1b0b8d
inputs: lazy-trees at home 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
4538c346bc
flake.lock: update 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
bd86a75ec5
flake: remove flake-parts 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
605ee21cf0
modules: migrate to nilla 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
ba23a8d7f5
hosts: migrate to nilla 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
c523ebe44b
services: migrate to nilla 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
0d987e28f1
services: prepare for migration 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
f9e4e25d35
flake: simplify transpose logic 2025-05-01 23:01:24 +02:00
Nikodem Rabuliński
cd8fab9174
treefmt: migrate to nilla 2025-05-01 23:01:22 +02:00
Nikodem Rabuliński
c88daff343
wrappers: migrate to nilla 2025-05-01 23:00:30 +02:00
Nikodem Rabuliński
b79769a5ea
pkgs: migrate to nilla 2025-05-01 22:59:59 +02:00
Nikodem Rabuliński
9a382947e3
flake: start moving away from flake-parts 2025-05-01 22:59:58 +02:00
Nikodem Rabuliński
f401950470
nilla: modularize 2025-05-01 22:59:58 +02:00
Nikodem Rabuliński
636adf8cf3
nilla: migrate devshells 2025-05-01 22:59:58 +02:00
Nikodem Rabuliński
5efb7d00a8
nilla: init 2025-05-01 22:17:20 +02:00
74 changed files with 1092 additions and 1068 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1 +1,2 @@
use flake use flake
watch_file nilla.nix

4
.forgejo/workflows/build.yaml
View file

@ -1,5 +1,6 @@
on: on:
push: push:
branches: [main]
pull_request: pull_request:
types: [opened, synchronize, reopened] types: [opened, synchronize, reopened]
@ -8,4 +9,5 @@ jobs:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --all-systems - run: nix-build -A ci.check
- run: ./result

1
.gitignore vendored
View file

@ -1 +1,2 @@
.direnv .direnv
result

10
README.md
View file

@ -3,7 +3,7 @@
雪定<rp>(</rp><rt>せってい</rt><rp>)</rp> 雪定<rp>(</rp><rt>せってい</rt><rp>)</rp>
</ruby> </ruby>
</h1> </h1>
Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and flake-parts modules. Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and nilla modules.
> [!CAUTION] > [!CAUTION]
> I tried to make the modules in this repository useful to others without having > I tried to make the modules in this repository useful to others without having
@ -25,13 +25,12 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin,
- modules - options which in principle should be reusable by others - modules - options which in principle should be reusable by others
- system - my opinionated nixos/nix-darwin modules - system - my opinionated nixos/nix-darwin modules
- home - my opinionated home-manager modules - home - my opinionated home-manager modules
- flake - flake-parts modules - nilla - nilla modules
- services - configs for services I self-host - services - configs for services I self-host
- secrets - agenix secrets - secrets - agenix secrets
- wrappers - nix packages wrapped with my configs (see: - wrappers - nix packages wrapped with my configs (see:
[wrapper-manager](https://github.com/viperML/wrapper-manager)) [wrapper-manager](https://github.com/viperML/wrapper-manager))
- assets - miscellaneous values reused throughout my config - assets - miscellaneous values reused throughout my config
- effects.nix - hercules-ci configuration
## Code guidelines ## Code guidelines
@ -55,9 +54,8 @@ clean, maintainable, and reusable.
Sorted rougly by priority Sorted rougly by priority
- get rid of flakes completely
- bring back ci (sorta done) - bring back ci (sorta done)
- hercules-ci effects for deploying machines on update (if configuration is - automatic deploys (either push or pull, to be decided)
valid)
- fix disko
- make the configuration truly declarative (to a reasonable degree) - make the configuration truly declarative (to a reasonable degree)
- themeing solution - themeing solution

8
assets/default.nix
View file

@ -1,8 +1,8 @@
{ lib, ... }: { lib }:
{ {
options.assets = lib.mkOption { options.assets = lib.options.create {
type = lib.types.unspecified; type = lib.types.raw;
readOnly = true; writable = false;
}; };
config.assets = { config.assets = {

12
default.nix Normal file
View file

@ -0,0 +1,12 @@
let
nilla = import ./nilla.nix { };
getPackage = name: nilla.packages.${name}.result.${builtins.currentSystem};
in
{
ci.check = getPackage "ci-check";
formatter = getPackage "formatter";
systems = {
nixos = builtins.mapAttrs (_: system: system.result) nilla.systems.nixos;
darwin = builtins.mapAttrs (_: system: system.result) nilla.systems.darwin;
};
}

102
effects.nix
View file

@ -1,102 +0,0 @@
{
config,
lib,
withSystem,
self,
...
}:
let
collectFlakeOutputs =
{ config, pkgs }:
let
inherit (pkgs) lib;
collectDrvs =
prefix: attrs:
let
drvs = lib.pipe attrs [
(lib.filterAttrs (_: lib.isDerivation))
(lib.mapAttrsToList (
name: drv: {
name = lib.concatStringsSep "." (prefix ++ [ name ]);
inherit drv;
}
))
];
recursed = lib.pipe attrs [
(lib.filterAttrs (
_: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)
))
(lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ])))
];
in
drvs ++ (lib.flatten recursed);
rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ];
in
collectDrvs [ ] rootOutputs;
in
{
defaultEffectSystem = "aarch64-linux";
hercules-ci = {
flake-update = {
enable = true;
when.dayOfWeek = "Mon";
};
};
herculesCI = herculesCI: {
onPush.default = {
outputs.effects = {
pin-cache = withSystem config.defaultEffectSystem (
{ pkgs, hci-effects, ... }:
let
collected = collectFlakeOutputs {
inherit (herculesCI) config;
inherit pkgs;
};
cachixCommands = lib.concatMapStringsSep "\n" (
{ name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}"
) collected;
in
hci-effects.runIf (herculesCI.config.repo.branch == "main") (
hci-effects.mkEffect {
secretsMap."cachix-token" = "cachix-token";
inputs = [ pkgs.cachix ];
userSetupScript = ''
cachix authtoken $(readSecretString cachix-token .token)
'';
# Discarding the context is fine here because we don't actually want to build those derivations.
# They have already been built as part of this job,
# we only want to pin them to make sure cachix doesn't GC them.
effectScript = builtins.unsafeDiscardStringContext cachixCommands;
}
)
);
};
};
};
perSystem =
{ pkgs, lib, ... }:
rec {
legacyPackages.outputsList =
let
config = self.herculesCI {
primaryRepo = { };
herculesCI = { };
};
in
collectFlakeOutputs { inherit config pkgs; };
legacyPackages.github-matrix =
let
systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList;
in
lib.concatMapStringsSep "\n" (
{ name, value }:
''
${name}=${builtins.toJSON (map (d: d.name) value)}
''
) (lib.attrsToList systems);
};
}

493
flake.lock generated
View file

@ -1,5 +1,21 @@
{ {
"nodes": { "nodes": {
"__flake-compat": {
"flake": false,
"locked": {
"lastModified": 1748460212,
"narHash": "sha256-RBUseGlYAKOd8hnKVujiGzpdJoZWj5e3A+Ds2mKsv28=",
"ref": "refs/heads/main",
"rev": "88e58d66efad1b3e0edf8633ea0774f7105d37c9",
"revCount": 86,
"type": "git",
"url": "https://git.lix.systems/lix-project/flake-compat.git"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/flake-compat.git"
}
},
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": [ "darwin": [
@ -14,11 +30,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1736955230, "lastModified": 1747575206,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -28,30 +44,13 @@
} }
}, },
"attic": { "attic": {
"inputs": { "flake": false,
"crane": [
"crane"
],
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"lix": [
"lix"
],
"lix-module": [
"lix-module"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": { "locked": {
"lastModified": 1742679462, "lastModified": 1748777195,
"narHash": "sha256-L9q9KDqiJEREM/GRnSo4vB9VCvclmdRT9vXuFwBmb9Y=", "narHash": "sha256-j3GQS4zm4zc1yo+5hCs0kpIGNDePj7ayRkbqsy3tyYs=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "087bfe9234f8dc682dbf1d8f96c0b712f587c466", "rev": "ec24c04e345ab02ff35020d99e34f1eda0b82352",
"revCount": 368, "revCount": 373,
"type": "git", "type": "git",
"url": "https://git.lix.systems/nrabulinski/attic.git" "url": "https://git.lix.systems/nrabulinski/attic.git"
}, },
@ -79,11 +78,11 @@
"conduit-src": { "conduit-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1742005420, "lastModified": 1748702033,
"narHash": "sha256-v4LCx7VUZ+8Hy1+6ziREVY/QEADjZbo8c0h9eU7nMVY=", "narHash": "sha256-W72vGS0qJow1O4jXkuE3px4eNyFJeZqjuMREs6Lb5bU=",
"owner": "famedly", "owner": "famedly",
"repo": "conduit", "repo": "conduit",
"rev": "063d13a0e10619f17bc21f0dd291c5a733581394", "rev": "a1886a13967b0471b55428f7aed55087ad357491",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -94,12 +93,28 @@
} }
}, },
"crane": { "crane": {
"flake": false,
"locked": { "locked": {
"lastModified": 1742394900, "lastModified": 1748047550,
"narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "rev": "b718a78696060df6280196a6f992d04c87a16aef",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1743700120,
"narHash": "sha256-8BjG/P0xnuCyVOXlYRwdI1B8nVtyYLf3oDwPSimqREY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "e316f19ee058e6db50075115783be57ac549c389",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -115,11 +130,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742382197, "lastModified": 1748354048,
"narHash": "sha256-5OtFbbdKAkWDVuzjs1J9KwdFuDxsEvz0FZX3xR2jEUM=", "narHash": "sha256-BUUifoC7bipKczvpk8fq+UYrhiK95nt/zhMuPcelzWg=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "643b57fd32135769f809913663130a95fe6db49e", "rev": "eb1b636932ba2f19522d3687ba27c6adf3fd5978",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -136,11 +151,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741786315, "lastModified": 1748225455,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -149,55 +164,14 @@
"type": "github" "type": "github"
} }
}, },
"fenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1742452566,
"narHash": "sha256-sVuLDQ2UIWfXUBbctzrZrXM2X05YjX08K7XHMztt36E=",
"owner": "nix-community",
"repo": "fenix",
"rev": "7d9ba794daf5e8cc7ee728859bc688d8e26d5f06",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742432361,
"narHash": "sha256-FlqTrkzSn6oPR5iJTPsCQDd0ioMGzzxnPB+2wve9W2w=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "c868ff433ea5123e837a62ae689543045187d7a4",
"type": "github"
},
"original": {
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1747046372,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -206,81 +180,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@ -317,24 +216,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@ -350,20 +231,67 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [
"mailserver",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"mailserver",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"mailserver",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"helix": { "helix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1742479163, "lastModified": 1748702599,
"narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=", "narHash": "sha256-cXzTGHrZsT4wSxlLvw2ZlHPVjC/MA2W0sI/KF1yStbY=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c", "rev": "2baff46b2578d78d817b9e128e8cc00345541f0b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -379,11 +307,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742501496, "lastModified": 1748737919,
"narHash": "sha256-LYwyZmhckDKK7i4avmbcs1pBROpOaHi98lbjX1fmVpU=", "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d725df5ad8cee60e61ee6fe3afb735e4fbc1ff41", "rev": "5675a9686851d9626560052a032c4e14e533c1fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -395,11 +323,11 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1742411066, "lastModified": 1748588861,
"narHash": "sha256-8vXOKPQFRzTjapsRnTJ1nuFjUfC+AGI2ybdK5cAEHZ8=", "narHash": "sha256-bP9MHHCx/6Pi1TlO7Iq8X6AUoQHzyExQJNnSHSOqUUk=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "2491b7cc2128ee440d24768c4521c38b1859fc28", "rev": "3815dd5e64fc374fa4dcc5064470cd7a7d77aaf3",
"revCount": 17705, "revCount": 17966,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix.git" "url": "https://git.lix.systems/lix-project/lix.git"
}, },
@ -410,7 +338,7 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": [ "lix": [
"lix" "lix"
@ -420,11 +348,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741894565, "lastModified": 1747667424,
"narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", "narHash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a6da43f8193d9e329bba1795c42590c27966082e", "rev": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700",
"revCount": 136, "revCount": 144,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git" "url": "https://git.lix.systems/lix-project/nixos-module.git"
}, },
@ -436,18 +364,19 @@
"mailserver": { "mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-24_11": "nixpkgs-24_11" "nixpkgs-25_05": "nixpkgs-25_05"
}, },
"locked": { "locked": {
"lastModified": 1742413977, "lastModified": 1748689589,
"narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", "narHash": "sha256-ltwdNAsto54HMQFdrCprWXPFhNBfEuiCkj+GS7ZHvww=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "b4fbffe79c00f19be94b86b4144ff67541613659", "rev": "c9f61e02aee97dc8c7d4f3739b012a992183508c",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -456,53 +385,45 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"niko-nur": { "nh": {
"inputs": { "flake": false,
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs"
},
"locked": { "locked": {
"lastModified": 1723663703, "lastModified": 1748096601,
"narHash": "sha256-ubPcnvjRQCzZgaYTWOKd82xXwJKmOaPjStUOUkyRTSs=", "narHash": "sha256-ji/9z1pRbosyKVVAIGBazyz6PjWV8bc2Ux2RdQrVDWY=",
"owner": "nrabulinski", "owner": "nix-community",
"repo": "nur-packages", "repo": "nh",
"rev": "567fd42dc54f71ce1705180ad7f35f786f00ed9a", "rev": "1ea27e73a3dcbc9950258e9054377ee677d12b9e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nrabulinski", "owner": "nix-community",
"repo": "nur-packages", "repo": "nh",
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": { "nilla": {
"inputs": { "flake": false,
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1737420293, "lastModified": 1748686039,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", "narHash": "sha256-7iLzbTLtgdFtm9em3xxHO9BunN2YpgYquMLKXh5hEpQ=",
"owner": "nix-community", "owner": "nilla-nix",
"repo": "nix-github-actions", "repo": "nilla",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", "rev": "4e6038f4ebc89487194013af6a1e077dfeb00359",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nilla-nix",
"repo": "nix-github-actions", "repo": "nilla",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1723603349, "lastModified": 1748662220,
"narHash": "sha256-VMg6N7MryOuvSJ8Sj6YydarnUCkL7cvMdrMcnsJnJCE=", "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "daf7bb95821b789db24fc1ac21f613db0c1bf2cb", "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -512,61 +433,18 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-24_11": { "nixpkgs-25_05": {
"locked": { "locked": {
"lastModified": 1734083684, "lastModified": 1747610100,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1742395137,
"narHash": "sha256-WWNNjCSzQCtATpCFEijm81NNG1xqlLMVbIzXAiZysbs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2a725d40de138714db4872dc7405d86457aa17ad",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -593,22 +471,21 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"__flake-compat": "__flake-compat",
"agenix": "agenix", "agenix": "agenix",
"attic": "attic", "attic": "attic",
"conduit-src": "conduit-src", "conduit-src": "conduit-src",
"crane": "crane", "crane": "crane",
"darwin": "darwin", "darwin": "darwin",
"disko": "disko", "disko": "disko",
"fenix": "fenix",
"firefox-darwin": "firefox-darwin",
"flake-parts": "flake-parts_2",
"helix": "helix", "helix": "helix",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix": "lix", "lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"mailserver": "mailserver", "mailserver": "mailserver",
"niko-nur": "niko-nur", "nh": "nh",
"nixpkgs": "nixpkgs_2", "nilla": "nilla",
"nixpkgs": "nixpkgs",
"racket": "racket", "racket": "racket",
"treefmt": "treefmt", "treefmt": "treefmt",
"wrapper-manager": "wrapper-manager", "wrapper-manager": "wrapper-manager",
@ -616,23 +493,6 @@
"zjstatus": "zjstatus" "zjstatus": "zjstatus"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1742296961,
"narHash": "sha256-gCpvEQOrugHWLimD1wTFOJHagnSEP6VYBDspq96Idu0=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "15d87419f1a123d8f888d608129c3ce3ff8f13d4",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -662,11 +522,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1739240901, "lastModified": 1743682350,
"narHash": "sha256-YDtl/9w71m5WcZvbEroYoWrjECDhzJZLZ8E68S3BYok=", "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "03473e2af8a4b490f4d2cdb2e4d3b75f82c8197c", "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -720,21 +580,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt": { "treefmt": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -742,11 +587,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742370146, "lastModified": 1748243702,
"narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=", "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "adc195eef5da3606891cedf80c0d9ce2d3190808", "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -789,11 +634,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1707430137, "lastModified": 1748551590,
"narHash": "sha256-QeYv+l7v5raFE5vpnxicFRK0LIRPvbpxsMKqwkRqtBc=", "narHash": "sha256-SwTvZHFrPUxaWm1DFOmRMDP813sMhvKpd8onQBNJIeo=",
"owner": "nrabulinski", "owner": "nrabulinski",
"repo": "wrapper-manager-hm-compat", "repo": "wrapper-manager-hm-compat",
"rev": "16b0cf2e5f157ffe79114927d6006dc71dbe2210", "rev": "f4cffb7d2f9aa5c6fc652a065bea7dfea5856fee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -804,21 +649,19 @@
}, },
"zjstatus": { "zjstatus": {
"inputs": { "inputs": {
"crane": [ "crane": "crane_2",
"crane" "flake-utils": "flake-utils_2",
],
"flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1741803511, "lastModified": 1745230073,
"narHash": "sha256-DcCGBWvAvt+OWI+EcPRO+/IXZHkFgPxZUmxf2VLl8no=", "narHash": "sha256-OER99U7MiqQ47myvbsiljsax7OsK19NMds4NBM9XXLs=",
"owner": "dj95", "owner": "dj95",
"repo": "zjstatus", "repo": "zjstatus",
"rev": "df9c77718f7023de8406e593eda6b5b0bc09cddd", "rev": "a819e3bfe6bfef0438d811cdbb1bcfdc29912c62",
"type": "github" "type": "github"
}, },
"original": { "original": {

136
flake.nix
View file

@ -1,86 +1,8 @@
{ {
outputs = outputs = inputs: (import ./nilla.nix { inherit inputs; }).flake;
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
imports = [
inputs.treefmt.flakeModule
./assets
./hosts
./modules
./wrappers
./pkgs
./services
];
perSystem =
{
inputs',
self',
pkgs,
...
}:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.agenix.packages.agenix
self'.packages.attic-client
# TODO: Contribute darwin support to nh
pkgs.nh
];
};
packages = {
# Re-export it for convenience and for caching
inherit (inputs'.attic.packages) attic-client attic-server;
base-packages = pkgs.symlinkJoin {
name = "settei-base";
paths = with self'.packages; [
helix
fish
git-commit-last
git-fixup
];
};
};
treefmt = {
programs.deadnix.enable = true;
programs.nixfmt.enable = true;
programs.statix.enable = true;
programs.fish_indent.enable = true;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.shfmt.enable = true;
settings.global.excludes = [
# agenix
"*.age"
# racket
"*.rkt"
"**/rashrc"
# custom assets
"*.png"
"*.svg"
];
settings.on-unmatched = "fatal";
};
};
};
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable";
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -125,26 +47,13 @@
url = "gitlab:famedly/conduit?ref=next"; url = "gitlab:famedly/conduit?ref=next";
flake = false; flake = false;
}; };
fenix = { attic = {
url = "github:nix-community/fenix"; url = "git+https://git.lix.systems/nrabulinski/attic.git";
inputs.nixpkgs.follows = "nixpkgs"; flake = false;
}; };
crane = { crane = {
url = "github:ipetkov/crane"; url = "github:ipetkov/crane";
}; flake = false;
firefox-darwin = {
url = "github:bandithedoge/nixpkgs-firefox-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
niko-nur = {
url = "github:nrabulinski/nur-packages";
};
attic = {
url = "git+https://git.lix.systems/nrabulinski/attic.git";
inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
inputs.lix.follows = "lix";
inputs.lix-module.follows = "lix-module";
}; };
helix = { helix = {
url = "github:helix-editor/helix"; url = "github:helix-editor/helix";
@ -153,7 +62,6 @@
zjstatus = { zjstatus = {
url = "github:dj95/zjstatus"; url = "github:dj95/zjstatus";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
}; };
lix = { lix = {
url = "git+https://git.lix.systems/lix-project/lix.git"; url = "git+https://git.lix.systems/lix-project/lix.git";
@ -168,27 +76,17 @@
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; __flake-compat = {
url = "git+https://git.lix.systems/lix-project/flake-compat.git";
/* flake = false;
TODO: Uncomment once (if ever?) nixConfig makes sense in flakes
nixConfig = {
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org"
"https://cache.nrab.lol"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
];
}; };
*/ nilla = {
url = "github:nilla-nix/nilla";
flake = false;
};
nh = {
url = "github:nix-community/nh";
flake = false;
};
};
} }

50
hosts/default.nix
View file

@ -1,11 +1,9 @@
{ {
config, config,
self,
inputs, inputs,
...
}: }:
{ {
imports = [ includes = [
./kazuki ./kazuki
./hijiri-vm ./hijiri-vm
./hijiri ./hijiri
@ -16,58 +14,40 @@
./youko ./youko
]; ];
builders = config.systems.builders =
let let
sharedOptions = { sharedOptions = {
_file = ./default.nix; _file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user; settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // { settei.flake-qol.inputs = inputs // {
settei = self; settei = inputs.self;
}; };
}; };
baseNixos = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.combined
sharedOptions
];
specialArgs.configurationName = "base";
};
baseDarwin = inputs.darwin.lib.darwinSystem {
modules = [
self.darwinModules.combined
sharedOptions
];
specialArgs.configurationName = "base";
};
in in
{ {
nixos = nixos =
name: module: name: module:
baseNixos.extendModules { inputs.nixpkgs.lib.nixosSystem {
modules = [ modules = [
config.nixosModules.combined
sharedOptions
module module
config.__extraHostConfigs.${name} or { } config.extraHostConfigs.${name} or { }
]; ];
specialArgs.configurationName = name; specialArgs.configurationName = name;
}; };
darwin = darwin =
name: module: name: module:
let inputs.darwin.lib.darwinSystem {
eval = baseDarwin._module.args.extendModules { modules = [
modules = [ config.darwinModules.combined
module sharedOptions
config.__extraHostConfigs.${name} or { } module
]; config.extraHostConfigs.${name} or { }
specialArgs.configurationName = name; ];
}; specialArgs.configurationName = name;
in
eval
// {
system = eval.config.system.build.toplevel;
}; };
}; };
} }

2
hosts/hijiri-vm/default.nix
View file

@ -1,5 +1,5 @@
{ {
configurations.nixos.hijiri-vm = config.systems.nixos.hijiri-vm.module =
{ {
modulesPath, modulesPath,
lib, lib,

2
hosts/hijiri/default.nix
View file

@ -1,5 +1,5 @@
{ {
configurations.darwin.hijiri = config.systems.darwin.hijiri.module =
{ {
config, config,
pkgs, pkgs,

2
hosts/hijiri/skhd.nix
View file

@ -4,7 +4,7 @@
enable = true; enable = true;
skhdConfig = skhdConfig =
let let
spaceCount = 6; spaceCount = 9;
spaceBindings = lib.genList ( spaceBindings = lib.genList (
i: i:
let let

2
hosts/installer/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }: { lib, ... }:
{ {
configurations.nixos = config.configurations.nixos =
let let
mkInstaller = mkInstaller =
system: system:

2
hosts/kazuki/default.nix
View file

@ -1,5 +1,5 @@
{ {
configurations.nixos.kazuki = config.systems.nixos.kazuki.module =
{ {
modulesPath, modulesPath,
... ...

2
hosts/kogata/default.nix
View file

@ -1,5 +1,5 @@
{ {
configurations.darwin.kogata = config.systems.darwin.kogata.module =
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs.system = "aarch64-darwin"; nixpkgs.system = "aarch64-darwin";

2
hosts/ude/default.nix
View file

@ -1,5 +1,5 @@
{ {
configurations.nixos.ude = config.systems.nixos.ude.module =
{ {
config, config,
modulesPath, modulesPath,

21
hosts/youko/default.nix
View file

@ -1,5 +1,19 @@
{ config, lib, ... }:
let
builderUsers = lib.pipe config.assets.sshKeys.system [
(lib.filterAttrs (
name: _:
!lib.elem name [
"youko"
"kazuki"
"ude"
]
))
lib.attrValues
];
in
{ {
configurations.nixos.youko = config.systems.nixos.youko.module =
{ {
config, config,
lib, lib,
@ -31,6 +45,11 @@
settei.desktop.enable = true; settei.desktop.enable = true;
}; };
settei.remote-builder = {
enable = true;
sshKeys = builderUsers;
};
services.udisks2.enable = true; services.udisks2.enable = true;
settei.incus.enable = true; settei.incus.enable = true;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;

16
inputs.nix Normal file
View file

@ -0,0 +1,16 @@
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.__flake-compat;
inherit (lock.nodes.${nodeName}.locked) narHash rev url;
flake-compat = builtins.fetchTarball {
url = "${url}/archive/${rev}.tar.gz";
sha256 = narHash;
};
flake = import flake-compat {
src = ./.;
copySourceTreeToStore = false;
useBuiltinsFetchTree = true;
};
in
# Workaround for https://github.com/nilla-nix/nilla/issues/14
builtins.mapAttrs (_: input: input // { type = "derivation"; }) flake.inputs

33
modules/default.nix
View file

@ -1,29 +1,21 @@
{ {
config, config,
inputs, inputs,
...
}: }:
let let
flakeModule = import ./flake { inherit (inputs) nixpkgs darwin home-manager; }; perInput = system: flake: {
packages = flake.packages.${system};
};
in in
{ {
imports = [ config.homeModules = rec {
flakeModule
];
flake.homeModules = rec {
settei = ./home; settei = ./home;
default = settei; default = settei;
}; };
flake.flakeModules = rec { config.nixosModules = rec {
settei = flakeModule;
default = settei;
};
flake.nixosModules = rec {
settei = import ./system { settei = import ./system {
inherit (config) perInput; inherit perInput;
isLinux = true; isLinux = true;
}; };
combined = { combined = {
@ -33,21 +25,28 @@ in
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.attic.nixosModules.atticd "${inputs.attic}/nixos/atticd.nix"
inputs.lix-module.nixosModules.default inputs.lix-module.nixosModules.default
{ {
disabledModules = [ disabledModules = [
"services/networking/atticd.nix" "services/networking/atticd.nix"
]; ];
services.atticd.useFlakeCompatOverlay = false;
nixpkgs.overlays = [
(final: _: {
attic-client = config.packages.attic-client.result.${final.system};
attic-server = config.packages.attic-server.result.${final.system};
})
];
} }
]; ];
}; };
default = combined; default = combined;
}; };
flake.darwinModules = rec { config.darwinModules = rec {
settei = import ./system { settei = import ./system {
inherit (config) perInput; inherit perInput;
isLinux = false; isLinux = false;
}; };
combined = { combined = {

54
modules/flake/configurations.nix
View file

@ -1,54 +0,0 @@
{
nixpkgs,
darwin,
home-manager,
}:
{
config,
lib,
...
}:
with lib;
{
_file = ./configurations.nix;
options = {
# Those functions take the final arguments and emit a valid configuration.
# Probably should hardly ever be overriden
builders = {
nixos = mkOption {
type = types.functionTo types.unspecified;
default = _name: nixpkgs.lib.nixosSystem;
};
darwin = mkOption {
type = types.functionTo types.unspecified;
default = _name: darwin.lib.darwinSystem;
};
home = mkOption {
type = types.functionTo types.unspecified;
default = _name: home-manager.lib.homeManagerConfiguration;
};
};
configurations = {
nixos = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
darwin = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
home = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
};
};
config.flake = {
nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos;
darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin;
homeConfigurations = mapAttrs config.builders.home config.configurations.home;
};
}

13
modules/flake/default.nix
View file

@ -1,13 +0,0 @@
{
nixpkgs,
darwin,
home-manager,
}:
{
_file = ./default.nix;
imports = [
(import ./configurations.nix { inherit nixpkgs darwin home-manager; })
./services.nix
];
}

95
modules/flake/services.nix
View file

@ -1,95 +0,0 @@
# List of features I want this module to eventually have
# TODO: Automatic port allocation
# TODO: Making it possible to conveniently isolate services (running them in NixOS containers)
# TODO: Handling specializations
# TODO: Convenient http handling
# TODO: Automatic backup
{ config, lib, ... }:
let
serviceModule =
{ config, ... }:
{
options = {
host = lib.mkOption {
type = lib.types.str;
};
ports = lib.mkOption {
type = with lib.types; listOf port;
default = [ ];
};
hosts = lib.mkOption {
type = with lib.types; listOf str;
default = [ config.host ];
};
config = lib.mkOption {
type = lib.types.deferredModule;
default = { };
};
hostConfig = lib.mkOption {
type = with lib.types; attrsOf deferredModule;
default = { };
};
};
};
moduleToHostConfigs =
cfg:
lib.genAttrs cfg.hosts (host: {
imports = [
cfg.config
(cfg.hostConfig.${host} or { })
];
});
maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
in
{
_file = ./services.nix;
options = {
services = lib.mkOption {
type = with lib.types; attrsOf (submodule serviceModule);
default = { };
};
__extraHostConfigs = lib.mkOption {
type = with lib.types; attrsOf deferredModule;
readOnly = true;
};
};
config.__extraHostConfigs =
let
duplicatePorts = lib.pipe config.services [
lib.attrValues
(map (cfg: cfg.ports))
lib.flatten
(lib.groupBy' (cnt: _: cnt + 1) 0 toString)
(lib.filterAttrs (_: cnt: cnt > 1))
lib.attrNames
];
assertMsg =
let
plural = lib.length duplicatePorts > 1;
in
"\nBad service config:\nThe following port${if plural then "s" else ""} ${
if plural then "were" else "was"
} declared multiple times: ${lib.concatStringsSep ", " duplicatePorts}";
# Here I collect all the services.<name>.config into a flat
# __extraHostConfigs.<host>.imports = [
# ...
# ]
# so that I can easily import them in hosts/default.nix
hostConfigs = lib.pipe config.services [
lib.attrValues
(lib.foldl' (
acc: cfg:
acc
// lib.mapAttrs (host: c: {
imports = c.imports ++ (maybeGetPreviousConfigs acc host);
}) (moduleToHostConfigs cfg)
) { })
];
in
if duplicatePorts != [ ] then throw assertMsg else hostConfigs;
}

2
modules/home/default.nix
View file

@ -1,7 +1,6 @@
# TODO: Make this module not rely on OS config being present # TODO: Make this module not rely on OS config being present
{ {
osConfig, osConfig,
pkgs,
lib, lib,
inputs', inputs',
machineName, machineName,
@ -59,7 +58,6 @@ in
home.packages = [ home.packages = [
inputs'.settei.packages.base-packages inputs'.settei.packages.base-packages
pkgs.nh
]; ];
home.sessionVariables.EDITOR = "hx"; home.sessionVariables.EDITOR = "hx";

56
modules/home/desktop/default.nix
View file

@ -2,14 +2,16 @@
config, config,
lib, lib,
pkgs, pkgs,
inputs,
inputs', inputs',
... ...
}: }:
{ {
_file = ./default.nix; _file = ./default.nix;
imports = [ ./zellij.nix ]; imports = [
./zellij.nix
./qutebrowser.nix
];
options.settei.desktop = { options.settei.desktop = {
enable = lib.mkEnableOption "Common configuration for desktop machines"; enable = lib.mkEnableOption "Common configuration for desktop machines";
@ -21,56 +23,12 @@
nerd-fonts.iosevka nerd-fonts.iosevka
nerd-fonts.iosevka-term nerd-fonts.iosevka-term
fontconfig fontconfig
signal-desktop signal-desktop-bin
]; ];
settei.unfree.allowedPackages = [ "signal-desktop" ]; settei.unfree.allowedPackages = [ "signal-desktop-bin" ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
programs.firefox = { programs.firefox.enable = true;
enable = true;
package =
let
firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay;
in
lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin;
};
programs.qutebrowser = {
enable = true;
package =
if pkgs.stdenv.isDarwin then inputs'.niko-nur.packages.qutebrowser-bin else pkgs.qutebrowser;
searchEngines = {
r = "https://doc.rust-lang.org/stable/std/?search={}";
lib = "https://lib.rs/search?q={}";
nip = "https://jisho.org/search/{}";
};
settings = {
tabs = {
indicator.width = 3;
};
fonts = {
default_family = "IosevkaTerm Nerd Font";
default_size = "13px";
};
content = {
canvas_reading = true;
blocking.method = "both";
javascript.clipboard = "access";
};
};
# Workaround because the nix module doesn't properly handle options that expect a dict
extraConfig = ''
c.tabs.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
c.statusbar.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
'';
keyBindings = {
passthrough = {
"<Ctrl-Escape>" = "mode-leave";
};
};
};
}; };
} }

38
modules/home/desktop/qutebrowser.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, ... }:
{
programs.qutebrowser = {
# TODO: Enable again
enable = pkgs.stdenv.isLinux;
searchEngines = {
r = "https://doc.rust-lang.org/stable/std/?search={}";
lib = "https://lib.rs/search?q={}";
nip = "https://jisho.org/search/{}";
};
settings = {
tabs = {
indicator.width = 3;
};
fonts = {
default_family = "IosevkaTerm Nerd Font";
default_size = "13px";
};
content = {
canvas_reading = true;
blocking.method = "both";
javascript.clipboard = "access";
};
};
# Workaround because the nix module doesn't properly handle options that expect a dict
extraConfig = ''
c.tabs.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
c.statusbar.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
'';
keyBindings = {
passthrough = {
"<Ctrl-Escape>" = "mode-leave";
};
};
};
}

8
modules/nilla/builders/custom-load.nix Normal file
View file

@ -0,0 +1,8 @@
{ lib }:
{
config.builders.custom-load = {
settings.type = lib.types.submodule { };
settings.default = { };
build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; });
};
}

6
modules/nilla/builders/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
includes = [
./nixpkgs-flake.nix
./custom-load.nix
];
}

21
modules/nilla/builders/nixpkgs-flake.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
inputs,
}:
{
config.builders.nixpkgs-flake = {
settings.type = lib.types.submodule {
options.args = lib.options.create {
type = lib.types.any;
default.value = { };
};
};
settings.default = { };
build =
pkg:
lib.attrs.generate pkg.systems (
system: inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package pkg.settings.args
);
};
}

9
modules/nilla/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
includes = [
./builders
./services.nix
./systems.nix
./modules.nix
./flake.nix
];
}

32
modules/nilla/flake.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, config }:
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
transpose =
attrs: lib.attrs.generate systems (system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs);
in
{
options.flake = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
};
config.flake = {
inherit (config)
nixosModules
darwinModules
homeModules
;
nixosConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.nixos;
darwinConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.darwin;
homeConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.home;
devShells = transpose config.shells;
packages = transpose config.packages;
formatter = config.packages.formatter.result;
};
}

17
modules/nilla/modules.nix Normal file
View file

@ -0,0 +1,17 @@
{ lib }:
{
options = {
nixosModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
darwinModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
homeModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
};
}

95
modules/nilla/services.nix Normal file
View file

@ -0,0 +1,95 @@
{ lib, config }:
let
inherit (builtins)
attrNames
attrValues
concatStringsSep
mapAttrs
foldl'
groupBy
length
;
serviceModule =
{ config }:
{
options = {
host = lib.options.create {
type = lib.types.string;
};
ports = lib.options.create {
type = lib.types.list.of lib.types.port;
default.value = [ ];
};
hosts = lib.options.create {
type = lib.types.list.of lib.types.string;
default.value = [ config.host ];
};
module = lib.options.create {
type = lib.types.raw;
default.value = { };
};
hostModule = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
};
};
moduleToHostConfigs =
cfg:
lib.attrs.generate cfg.hosts (host: {
imports = [
cfg.module
(cfg.hostModule.${host} or { })
];
});
maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
# Copied from nixpkgs/lib/lists.nix
groupBy' =
op: nul: pred: lst:
mapAttrs (_name: foldl' op nul) (groupBy pred lst);
duplicatePorts = lib.fp.pipe [
attrValues
(map (cfg: cfg.ports))
lib.lists.flatten
(groupBy' (cnt: _: cnt + 1) 0 toString)
(lib.attrs.filter (_: cnt: cnt > 1))
attrNames
] config.services;
in
{
options.services = lib.options.create {
type = lib.types.attrs.of (lib.types.submodule serviceModule);
default.value = { };
};
options.extraHostConfigs = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
writable = false;
default.value = lib.fp.pipe [
attrValues
(foldl' (
acc: cfg:
acc
// mapAttrs (host: c: {
imports = c.imports ++ (maybeGetPreviousConfigs acc host);
}) (moduleToHostConfigs cfg)
) { })
] config.services;
};
config.assertions = [
{
assertion = duplicatePorts == [ ];
message =
let
plural = length duplicatePorts > 1;
in
"\nBad service config:\nThe following port${if plural then "s" else ""} ${
if plural then "were" else "was"
} declared multiple times: ${concatStringsSep ", " duplicatePorts}";
}
];
}

52
modules/nilla/systems.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, lib }:
let
mkBuilderOption =
typ:
lib.options.create {
type = lib.types.function (lib.types.function lib.types.raw);
default.value = _name: _module: throw "Builder for systems.${typ} is not implemented";
};
inherit (config.systems) builders;
mkSystemModule =
typ:
{ config, name }:
{
options = {
name = lib.options.create {
type = lib.types.string;
default.value = name;
};
module = lib.options.create {
type = lib.types.raw;
default.value = { };
};
builder = lib.options.create {
type = lib.types.function (lib.types.function lib.types.raw);
default.value = builders.${typ};
};
result = lib.options.create {
type = lib.types.raw;
writable = false;
default.value = config.builder config.name config.module;
};
};
};
mkSystemOption =
typ:
lib.options.create {
type = lib.types.attrs.of (lib.types.submodule (mkSystemModule typ));
default.value = { };
};
in
{
options = {
systems = {
builders.nixos = mkBuilderOption "nixos";
builders.darwin = mkBuilderOption "darwin";
builders.home = mkBuilderOption "home";
nixos = mkSystemOption "nixos";
darwin = mkSystemOption "darwin";
home = mkSystemOption "home";
};
};
}

49
modules/system/builder.nix Normal file
View file

@ -0,0 +1,49 @@
{ isLinux }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.settei.remote-builder;
sharedConfig = {
users.users.${cfg.user} = {
shell = pkgs.bash;
openssh.authorizedKeys.keys = cfg.sshKeys;
};
nix.settings.trusted-users = [ cfg.user ];
};
linuxConfig = lib.optionalAttrs isLinux {
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.user;
};
users.groups.${cfg.user} = { };
};
mergedConfig = lib.mkMerge [
sharedConfig
linuxConfig
];
in
{
_file = ./builder.nix;
options.settei.remote-builder = {
enable = lib.mkEnableOption "configuring this machine as a remote builder";
user = lib.mkOption {
type = lib.types.str;
default = "nixremote";
};
sshKeys = lib.mkOption {
type = lib.types.listOf lib.types.singleLineStr;
default = [ ];
};
};
config = lib.mkIf cfg.enable mergedConfig;
}

2
modules/system/default.nix
View file

@ -22,10 +22,10 @@
(import ./tailscale.nix { inherit isLinux; }) (import ./tailscale.nix { inherit isLinux; })
(import ./containers.nix { inherit isLinux; }) (import ./containers.nix { inherit isLinux; })
./unfree.nix ./unfree.nix
(import ./hercules.nix { inherit isLinux; })
(import ./github-runner.nix { inherit isLinux; }) (import ./github-runner.nix { inherit isLinux; })
(import ./incus.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; })
(import ./monitoring.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; })
(import ./builder.nix { inherit isLinux; })
]; ];
options.settei = with lib; { options.settei = with lib; {

22
modules/system/flake-qol.nix
View file

@ -7,6 +7,18 @@
}: }:
let let
cfg = config.settei.flake-qol; cfg = config.settei.flake-qol;
nixpkgsInputToFlakeRef =
input:
if input._type or "" == "flake" then
{
type = "github";
owner = "NixOS";
repo = "nixpkgs";
inherit (input) lastModified narHash rev;
}
else
input;
in in
{ {
_file = ./flake-qol.nix; _file = ./flake-qol.nix;
@ -20,6 +32,12 @@ in
default = true; default = true;
}; };
inputs = mkOption { type = types.unspecified; }; inputs = mkOption { type = types.unspecified; };
nixpkgsRef = mkOption {
type = types.unspecified;
default = cfg.inputs.nixpkgs;
apply =
ref: if builtins.isString ref then builtins.parseFlakeRef ref else nixpkgsInputToFlakeRef ref;
};
inputs-flakes = mkOption { inputs-flakes = mkOption {
type = types.attrs; type = types.attrs;
readOnly = true; readOnly = true;
@ -44,8 +62,8 @@ in
settei.user.extraArgs = reexportedArgs; settei.user.extraArgs = reexportedArgs;
nix = { nix = {
registry = lib.mapAttrs (_: flake: { inherit flake; }) cfg.inputs-flakes; registry.nixpkgs.to = cfg.nixpkgsRef;
nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes; nixPath = [ "nixpkgs=flake:nixpkgs" ];
}; };
}; };
} }

47
modules/system/hercules.nix
View file

@ -1,47 +0,0 @@
{ isLinux }:
{
config,
lib,
...
}:
let
options = {
settei.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
};
herculesUser =
if isLinux then
config.systemd.services.hercules-ci-agent.serviceConfig.User
else
config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in
{
_file = ./hercules.nix;
inherit options;
config = lib.mkIf config.settei.hercules.enable {
age.secrets.hercules-token = {
file = ../../../secrets/hercules-token.age;
owner = herculesUser;
};
age.secrets.hercules-cache = {
file = ../../../secrets/hercules-cache.age;
owner = herculesUser;
};
age.secrets.hercules-secrets = {
file = ../../../secrets/hercules-secrets.age;
owner = herculesUser;
};
services.hercules-ci-agent = {
enable = true;
settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4;
binaryCachesPath = config.age.secrets.hercules-cache.path;
secretsJsonPath = config.age.secrets.hercules-secrets.path;
};
};
};
}

6
modules/system/sane-defaults.nix
View file

@ -62,15 +62,11 @@ let
"https://cache.nrab.lol" "https://cache.nrab.lol"
"https://cache.garnix.io" "https://cache.garnix.io"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://hyprland.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org" "https://nrabulinski.cachix.org"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
]; ];
@ -116,6 +112,8 @@ let
darwinConfig = lib.optionalAttrs (!isLinux) { darwinConfig = lib.optionalAttrs (!isLinux) {
system.stateVersion = 4; system.stateVersion = 4;
# FIXME: Remove
system.primaryUser = username;
security.pam.services.sudo_local.touchIdAuth = true; security.pam.services.sudo_local.touchIdAuth = true;

135
nilla.nix Normal file
View file

@ -0,0 +1,135 @@
{
inputs ? import ./inputs.nix,
}:
(import inputs.nilla).create (
{ config, lib }:
{
includes = [
./modules/nilla
./pkgs
./wrappers
./hosts
./assets
./services
./modules
];
config.inputs = builtins.mapAttrs (_: src: {
inherit src;
loader = "raw";
}) inputs;
# Add inputs argument so modules can conveniently use it
config.__module__.args.dynamic.inputs = builtins.mapAttrs (
_name: input: input.result
) config.inputs;
config.packages =
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
mkPackage = package: {
builder = "nixpkgs-flake";
inherit systems package;
};
mkPackageFlakeOutput =
{
input,
output ? input,
}:
{
inherit systems;
builder = "custom-load";
package = { system }: inputs.${input}.packages.${system}.${output};
};
getPkgs = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages;
in
{
agenix = mkPackageFlakeOutput { input = "agenix"; };
base-packages = mkPackage (
{ symlinkJoin, system }:
symlinkJoin {
name = "settei-base";
paths = with (getPkgs system); [
helix
fish
git-commit-last
git-fixup
nh
];
}
);
formatter = {
inherit systems;
builder = "custom-load";
package =
{ system }:
let
eval = inputs.treefmt.lib.evalModule inputs.nixpkgs.legacyPackages.${system} ./treefmt.nix;
in
eval.config.build.wrapper;
};
__allPackages =
let
all-packages = builtins.attrValues (
builtins.removeAttrs config.packages [
"ci-check"
"__allPackages"
]
);
all-packages' = lib.lists.flatten (map (pkg: builtins.attrValues pkg.result) all-packages);
nixos-systems = builtins.attrValues config.systems.nixos;
nixos-systems' = map (system: system.result.config.system.build.toplevel) nixos-systems;
darwin-systems = builtins.attrValues config.systems.darwin;
darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems;
all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems';
all-drvs' = lib.strings.concatMapSep "\n" builtins.unsafeDiscardStringContext all-drvs;
in
mkPackage (
{ runCommand }:
runCommand "eval-check" {
allDerivations = all-drvs';
passAsFile = [ "allDerivations" ];
} "touch $out"
);
ci-check = mkPackage (
{
writeShellScript,
lib,
system,
}:
writeShellScript "ci-check" ''
nix-instantiate --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath
"${lib.getExe config.packages.formatter.result.${system}}" --ci
''
);
};
config.shells.default = {
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
builder = "nixpkgs-flake";
shell =
{
mkShellNoCC,
system,
nh,
}:
mkShellNoCC {
packages = [
config.packages.agenix.result.${system}
config.packages.attic-client.result.${system}
config.packages.nh.result.${system}
];
};
};
}
)

40
pkgs/conduit/default.nix
View file

@ -1,47 +1,25 @@
{ {
lib,
stdenv,
fenix,
crane,
src, src,
libiconv,
rocksdb, rocksdb,
darwin,
rustPlatform, rustPlatform,
}: }:
let let
rust = manifest = (builtins.fromTOML (builtins.readFile "${src}/Cargo.toml")).package;
with fenix;
combine [
stable.cargo
stable.rustc
];
crane' = crane.overrideToolchain rust;
rocksdb' = rocksdb.overrideAttrs (
final: prev: {
version = "9.1.1";
src = prev.src.override {
rev = "v${final.version}";
hash = "sha256-/Xf0bzNJPclH9IP80QNaABfhj4IAR5LycYET18VFCXc=";
};
}
);
in in
crane'.buildPackage { rustPlatform.buildRustPackage {
pname = manifest.name;
inherit (manifest) version;
inherit src; inherit src;
strictDeps = true; strictDeps = true;
cargoLock.lockFile = "${src}/Cargo.lock";
nativeBuildInputs = [ rustPlatform.bindgenHook ]; nativeBuildInputs = [ rustPlatform.bindgenHook ];
buildInputs = lib.optionals stdenv.isDarwin [
libiconv
darwin.apple_sdk.frameworks.Security
darwin.apple_sdk.frameworks.SystemConfiguration
];
# Use system RocksDB # Use system RocksDB
ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include"; ROCKSDB_INCLUDE_DIR = "${rocksdb}/include";
ROCKSDB_LIB_DIR = "${rocksdb'}/lib"; ROCKSDB_LIB_DIR = "${rocksdb}/lib";
NIX_OUTPATH_USED_AS_RANDOM_SEED = "randomseed"; NIX_OUTPATH_USED_AS_RANDOM_SEED = "randomseed";
CONDUIT_VERSION_EXTRA = src.shortRev; CONDUIT_VERSION_EXTRA = src.shortRev;
} }

107
pkgs/default.nix
View file

@ -1,35 +1,78 @@
{ inputs, ... }:
{ {
perSystem = config,
{ lib,
pkgs, inputs,
lib, }:
inputs', let
... systems = [
}: "x86_64-linux"
{ "aarch64-linux"
packages.conduit-next = pkgs.callPackage ./conduit { "aarch64-darwin"
src = inputs.conduit-src; ];
crane = inputs.crane.mkLib pkgs; builder = "nixpkgs-flake";
fenix = inputs'.fenix.packages; mkPackage = package: {
}; inherit systems package builder;
};
packages.git-commit-last = pkgs.writeShellApplication { atticPkgs = lib.attrs.generate systems (
name = "git-commit-last"; system:
text = '' let
GITDIR="$(git rev-parse --git-dir)" pkgs = inputs.nixpkgs.legacyPackages.${system}.extend inputs.lix-module.overlays.default;
git commit -eF "$GITDIR/COMMIT_EDITMSG" craneLib = import inputs.crane { inherit pkgs; };
''; in
}; pkgs.callPackage "${inputs.attic}/crane.nix" { inherit craneLib; }
);
packages.git-fixup = pkgs.writeShellApplication { in
name = "git-fixup"; {
text = '' config.packages.conduit-next = {
git log -n 50 --pretty=format:'%h %s' --no-merges | \ inherit systems builder;
${lib.getExe pkgs.fzf} | \ package = import ./conduit;
cut -c -7 | \ settings.args = {
xargs -o git commit --fixup src = inputs.conduit-src;
'';
};
}; };
};
config.packages.git-commit-last = mkPackage (
{ writeShellApplication }:
writeShellApplication {
name = "git-commit-last";
text = ''
GITDIR="$(git rev-parse --git-dir)"
git commit -eF "$GITDIR/COMMIT_EDITMSG"
'';
}
);
config.packages.git-fixup = mkPackage (
{
lib,
writeShellApplication,
fzf,
}:
writeShellApplication {
name = "git-fixup";
text = ''
git log -n 50 --pretty=format:'%h %s' --no-merges | \
${lib.getExe fzf} | \
cut -c -7 | \
xargs -o git commit --fixup
'';
}
);
config.packages.attic-client = {
inherit systems;
builder = "custom-load";
package = { system }: atticPkgs.${system}.attic-client;
};
config.packages.attic-server = {
inherit systems;
builder = "custom-load";
package = { system }: atticPkgs.${system}.attic-server;
};
config.packages.nh = {
inherit systems builder;
package = import "${inputs.nh}/package.nix";
settings.args.rev = inputs.nh.shortRev;
};
} }

BIN
secrets/alert-nrab-lol-pass.age
View file

Binary file not shown.

38
secrets/alert-plain-pass.age
View file

@ -1,20 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0 -> ssh-ed25519 GKhvwg /jQLcJCNx2g7rM8udm1ZyPDeqc0pJ95VpIsWObAG/xM
OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4 0QCmRI3pXNLmzIENjDyVNQLISQd6uyA/HOyXB1W47X0
-> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ -> ssh-ed25519 H0Rg/A r98Ge9hReVxBKmQuAfX63L8y9W2vQh2PC/VMtGnS/SE
h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg itKOWkxTHsM/SlhW+AA037ns0XmOaLHWrEtguC5h5Pw
-> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk -> ssh-ed25519 84j9mw FlKDqV1OxbxZ3s6mtYS6hzdOrMvY+GuYrXWoBk2Xo0Q
7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18 XqYK9dQXXx8eKlYhwQ5N+62GX/48VWQ51UyNialg5/E
-> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE -> ssh-ed25519 5A7peQ MIpjM9J/7wAVGuB5eRStLAAqLEE9Ff4E6eoWqEE4lk8
d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw J0o+kgUBuk0odbuLvuRns699wfY/LPHc9RZydpnyVc0
-> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w -> ssh-ed25519 g2vRWw eNdLCZX01DMm9nZgugFCXIoqANF4Um+xxKQQf8SOax0
+WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg i7H34Lumyn5qtigixSRbaYf1bm92kQLCf+EZKJeYmlw
-> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI -> ssh-ed25519 B2veVw DvHqN4AUU1mjB++Qwz1vNYHxST/8qZTM+p9PfIyFsHw
AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI BU+58wSWdknW6WbEr+uCenfaC1vLm3usdP1P8YBbn+8
-> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE -> ssh-ed25519 IFuY+w d3WEXFMgaOUSo3jwkOBzmqTqYyZLkIWnINFj7FZCHlE
qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ u7KuKcjzTvCMJqiIzE2wNxNUjQuVaCcumnkNmVIg460
-> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI -> ssh-ed25519 rA7dkQ XjfR8WOE/ajNfI2PvtjccMWt4ZA5ZcQfRLaswf8o/BM
vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w cjEt4pbJgoiqQYDMAeOEKO8IsGrutkbYiJt+s9v65+M
--- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk --- Itt4v03PVRtcZ+msFBO6VKi3kDuK5+mjsQ0LZXQhWTk
ÿJi'ª©6£—&Ù&o 3²qš°oß…nÉ/<2F>¦Þ3Ø$? <>_m8¼<38>
k4-hu¨š}ï2¥Ú|Î1DIl9Þíܦ¡—ýY• ´:mj¥ŠËd|ôÅüw´r

12
secrets/attic-creds.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw ZJAtY/6itD2g/hCRjxKrV1ZWQIzM/YgKGNa5CT71YBc -> ssh-ed25519 84j9mw NTO+6rjQ67mvDfLbkZNyuvxGXVlKjqnH5Wg0/qD8Zkk
mMGp1ZjBx0qEugMAnixkVn88HqdNui/gyJt/okwRDP8 oIrs9tsRkEqIb9lLQnF61DefTWtF60iSJEfm2b4dkLU
-> ssh-ed25519 GKhvwg JbvduCfwAY610WxpitcGlScY98bGeNYDqKuxHkrqZDU -> ssh-ed25519 GKhvwg 1URR/IKkYchQlxgQDK0Dh20KXTrulyJfnO3JXjECBjw
4aCApDeZnE/7xA3JzxqD5awQv9N5oa2TcHQOZx+CBpE K2N7/b88tkEa8bTSRRWLChPN5GbbNip4qDx4HubEP9s
--- nGz8lBsZ79RPshiTTFlSTVsZP7lfaNKBZFC7TtZ2ves --- 4DdZ4N53a/aiMQcO0okbaeo3npYD+WrjoFYVnIMkmEk
œ[ü'²³!‡¯ëö™eç÷ÔâUTRÞGÌ 1òdI{aìϪ+'?Á£ýµ’"ʵ&ûÒNxkÄ<6B>¢RÏ—Æ)¿¥<>˜\„a¼ƒ<12>~¬³Šo`hæ¸ùɧ¶ëtΦë-‡ë“Wð°rh‰x•E ÿ<>+'<27>]>“r9è‰ÿOð™Ža=+ïëÔW tå…}Ââ° ýº<C3BD>Ó(Æ5š/©[p+&.$*Z˜¬µªÞ*ÿçb~ìϤ>"&À› !ïÂ9R´ÓGšæ7Ýârª?Kr<1F>©ËÜDmEl~º1DѨCg¼Eþ?qŠ"­wÿ7Ìû¨ª:¹X˜á¸|Dp<E280BA>êægµ4°Y4ÇãbÄ©-.Ù`#wCÝä,—ÞôyÊ|ðõ[í"k<>*YF

BIN
secrets/forgejo-token.age
View file

Binary file not shown.

BIN
secrets/github-token.age
View file

Binary file not shown.

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

BIN
secrets/hercules-secrets.age
View file

Binary file not shown.

BIN
secrets/hercules-token.age
View file

Binary file not shown.

12
secrets/leet-nrab-lol-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA -> ssh-ed25519 84j9mw 7HLXJ0FPIlK/5skZB7HsmzyMX3S7I41wPsEPZ7Jb/28
v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY MJ9oeQWZ9QlL6kuB8QUHoOjdXqOqqpA3kHpr2h/6A5A
-> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ -> ssh-ed25519 GKhvwg oVRn1+ZoRU39ucM/It+cxfLEMjF0uSV1O7k0J/8DgnM
aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc ATACnP4ASRJ1qhyrm8yhi2qtDftXMiQ91CbmuqIm2gI
--- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE --- ucDElqkYHEoTy0c+vPsy2AQ3aqJmkDSBAADiKB71k2o
hkdJwÓ|g¾~ºvà^Ëjq\<5C> ' ƒ™yöIícdW™YF?ÓNÍþâ/ä0ÄØý+h<>…=œ85±#Š ²‘\bm£~ŽäÇú1æïy"úqÌAT<41> .ÿ¸ÆlCÆg„s.ˆãžüíI¡ÂžR² .qxL¡Î2 B NjFo9]9ögT®qNº©ÄiaØ]e ®a²Gœ¡»S¤kìY²$‘Ÿ¤¡<zöI

13
secrets/miyagi-niko-pass.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk -> ssh-ed25519 g2vRWw btMiKwz3PwvUTHhz3eQU1PkMqSPJ9gpVZ9WC7u49xmQ
zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88 jhQgjo4Vt7e6Q9uERj9UG4AM/gMhMUexBWHI4ofrx7c
-> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac -> ssh-ed25519 GKhvwg sZvZftsPUAjQ27PleicM9It+gpRjwPWOdxx85Mr5fxY
6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA G3VOFsNg2p1/KTyACw9QlvfBsyNUG9v7LSkWJl8afrg
--- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE --- letALmlj/zH1GJl31nWXeURJHZI6UkToZiTIUgZLv8s
QÖ8cœV2ž ƈ<19>4Ü$h©+e…yÖ Õböxú­CI_· <0B>èƒó©Ñd:@÷–Æ@ØÎþ˜^ö o:]1ä¦s;©¤°i“v"‘à̽ãéøthTwlŠŒÿÉË •Óiü¶ø¬l—ã{<7B>àAÅn.v§[ÿîGØU0%ú)
0ç#¬aJ`ng{@½Ç.sªIgÏžåc*®Q'è&•¶˜‡k,CuI±†ý´w†™ɘ×Î +rEÔNîÕ·@FŽP€I¸¸?ÐÑ’

BIN
secrets/nrab-lol-cf.age
View file

Binary file not shown.

36
secrets/ntfy-alert-pass.age
View file

@ -1,19 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 H0Rg/A Gu5zy+v+SITLh8SsiBXDnFDW007MNnWQ3Qo1XnKQVTM -> ssh-ed25519 H0Rg/A ti8Cilk/v+91Nckt/CuYl6qRuRb3W60gvhB43FW1znI
0OLIB6bgEHct3n4ev0HgfaUOl8t93DM3qInsrfBn4Vw EeLV+OccotivcRsN/aB/UdF89WiPlJ6R8PeKN6b+OQs
-> ssh-ed25519 84j9mw XBb71lyuXkIGxSL+VHv4To64qjGv3tqGGMa5J414uE0 -> ssh-ed25519 84j9mw 5rRP84YZGBMCFStzc5aeOqBmsAmjSb3GkKl47Msuei8
kuVmbLJ4ZyC6rmNUZOEXfrYHm89iXRqwP2Gv5lV4XSE DLtAz8tWkLu3QBeR+M5ZlJH6c6+GKPwf+qy3NpdTCOo
-> ssh-ed25519 5A7peQ Zby6NTv0q8OQ9qvo7DvE4OVOpShVKE8K7QWTson0DCo -> ssh-ed25519 5A7peQ d6JYwhySRN6B0eHl+JiZkxawZuMYuS7RDrSKMQYHLzI
eMTfWLUUImhEfXlBl8gYoA1YK0gfpB8VyWa2L3RCA1w /Yg5Hx948SBDD8shA49Bnv8hooPokYG7Fn9roswNIWI
-> ssh-ed25519 g2vRWw W5ZMWxUBPvef4sWXhv2aMCLZKlW++4n78vjJ+UE8XFE -> ssh-ed25519 g2vRWw gltJGTfV+a8BKaAkBGXkiW57ymv0vPBQnCS2BWJ6fDc
0J4OEvtTaffnRHQdfzGOOtBdgmq9is63uSLNFfZ59Oo +yBjIKMdM4eUVJvjs/UedjTH6hLRs56hDUpjpLC/q84
-> ssh-ed25519 B2veVw tZ3sVtgqEJ5LbK3b2xcH+0z8LaNUPs4KZO9A/VLH71g -> ssh-ed25519 B2veVw GeSb9ZgzHNDDDa/X+HppmefkEelg6JaQr8uaaijjzFo
MUuolaOws9FLq5MwrGKbseG5Xaok/gad6LQ5bxhN+ss LRzUrcmZAEosn0Sf4/YOLhbtdgYhWMYe9/uhvAMwcRI
-> ssh-ed25519 IFuY+w sz83GwAlZD8Zp2kH+7pwnETPKSfXDRgSXzNteAAGXF0 -> ssh-ed25519 IFuY+w gmfb2WEjP2BVhwnL+DzFcsM/ctbihlC6wOr7Bhn8r0o
4ByeRXyTp9+XpOirDvPAfDqfxyQXXqdEtTSq/CqKP0o k4IEjoNZSukZtz+rkOjk/BfaZkJ7T1jNrweKpmGDRZU
-> ssh-ed25519 rA7dkQ b7UcNJ+8UhrBnJieRvNxHXFBmr6uyh9q4ZtD9vpsTRI -> ssh-ed25519 rA7dkQ EWcPrbtHeD6Rq0mlnoVhgVTZQ586QdRVsZa1K9YkQzk
2/jPFKnWvCwc+Ki9gWJ8sbGetH46DZMk7LyxmqSlAe8 EN5VG0U1KGdpcT64B6C7kVDwKM/h+gsiTgsKf11XP2s
-> ssh-ed25519 GKhvwg 1HxU3yc2MfaW6N/zOg5ZRD+imMAIhIdKCp5FYR1BXjY -> ssh-ed25519 GKhvwg jVotsPuVgxUaZUg5U6QwZO9O6DPsYv5Mp1rfsP353hQ
LlmcWTkjbm9Ig5rECdKieEsbmPZiFenZnLZ4p8YbUbI c8uSgREFANKYeaafurp47MQiGnQxHXkFR5TGAQ7Ykv4
--- 8E31okL3vgwlYthWyy+sshdJDHWGBjawZoS/3QaqjT0 --- unx7yN4JzSSku/QUYEEUSPxyyLrWLG4zEMB/yRqvKwg
=uÈ\e‡œFcêHère ¾t[92Á#Y®w¬N~GfÓ· ‰x¡þG^0=ü”WÜ Ó“¬ŠEÝ&© ûEƒTAÍms°~_Œ'Ô‡§%…ÁÿrÚ=KÃxí—ÖÑ„Oè¿#Mqº'ëM_5FÇ%<25><50>â».Ÿ

14
secrets/ntfy-niko-pass.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg -> ssh-ed25519 84j9mw ryWkCbg6qUwncq/HkEIN8qgMjPKVRv86y/gzJFtlS0U
QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8 G02X9Uacg0c5acyAmPHx5F6ImZQnjs45hH/tBFpP42I
-> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA -> ssh-ed25519 GKhvwg LcIGEajShma720zp/yMndBnEOoZV9aYSsOFmN6yG9wQ
eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I lox/ZbORF9HCKl4lCkTrRQ240JEGljqoAf8+I5q03Z4
--- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg --- 6a1rHleD/+yh+e+/0lm4TIvst9tjT7y6sr6ujApYuZQ
PÕÌý®ü$<24>N{èLrÿxS:=W²x•Òc¤(Jµ£|ÁÏúõ»48ÙäS $Q~¯<>C7ß|»A{3]&£žÍX''Ì
PRÜL6 ÑÏ
QÞYù¥<EFBFBD>ÍÆÂmhmÛ

7
secrets/paperless-pass.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ sXPoNSctxQL6Gh1JrsMuUGp5/PW/v7zFzGzdncnVYnQ
ETOeRcPPhV+RZSZEC2cGsKm2H6eAn8eKJTn1NkJqndQ
-> ssh-ed25519 GKhvwg DWV3js/l+CYRHGgf0NCZwBCigE9U5tf8mkGxVNAIVSY
dxHnQkWKB8+02j3zuaeGVq8+A5vA2ssTccTdFSn5FCw
--- pu5uE5bsrnA7KrZSRGaD6xMKjzsx0ezXn9BbNVsrgAw
éëÅë³Q ÷¦ÀB<DfK@w)GU¾/úÿ+b^)™5Áþ¨8s±

BIN
secrets/rab-lol-cf.age
View file

Binary file not shown.

BIN
secrets/rabulinski-com-cf.age
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -65,6 +65,7 @@ in
]; ];
"rab-lol-cf.age".publicKeys = [ "rab-lol-cf.age".publicKeys = [
keys.system.kazuki keys.system.kazuki
keys.system.youko
keys.other.bootstrap keys.other.bootstrap
]; ];
"rabulinski-com-cf.age".publicKeys = [ "rabulinski-com-cf.age".publicKeys = [
@ -88,4 +89,8 @@ in
keys.system.ude keys.system.ude
keys.other.bootstrap keys.other.bootstrap
]; ];
"paperless-pass.age".publicKeys = [
keys.system.youko
keys.other.bootstrap
];
} }

13
secrets/storage-box-creds.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw -> ssh-ed25519 84j9mw MkIkHSzR3H+j9ul56t+CrVsoeGRgH2ocYRSBoH/z5SY
lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I 0LNQmCBPvS5NiS66HCQ1Yifr/GkIYxrDj2Kfg/ZOerM
-> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc -> ssh-ed25519 GKhvwg xp5j84RKQ56OFSak3IvHRG9TAv0XVYLmWJLImgAjmws
2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8 gx1Ke3U3ngFsDswVVOnwbQUJNOUSdFgh/LUKkDH30Ug
--- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk --- lWb3NlBy8n+NWGQ+M75RmWElXXLWWpl38aRYTVMm5GY
!żlćxq*T,.ÄX˝k6ě^ů<†!żX5ŘČŢŁž‡‰·ÇŐáĄńô,`ßěY‰^đŮ›Čů.¬đÔÜ°úďe Wßěµ âOúyÖ qA ö[þVpŸ¬ýHêé Û0I† ¥*~ÓhÞ »¾­6û‡B˜<1E>ëZ±ikʤVý é9sÆÇ;
ªÆ³ˆMdÙ¬¥Õ¬=œ

13
secrets/storage-box-webdav.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk -> ssh-ed25519 84j9mw aSPnpUfj2PBYycEMzcENn30pzhrSEAatTOdoDhoPQVk
56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E PzcdoYgIHJZqOHE36gynF7r1LgFjoX2hEfCf1Emb2gg
-> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4 -> ssh-ed25519 GKhvwg HlibITP17XIxE8t8Kd9NtC6n696fQJu78lE3Yp4lFyg
6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M hmPEscf5AzMWq7NJSX8WxuRZ3bV3nMDAZZnZ8/Xy+rg
--- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8 --- gSATPThFb4g1a+5/hwps5NGAEsd3VUlYtzy0vTySXyM
±(¯}¨{¬¤Ôœ2Ë“¿òi]UmiL­mÂvé>ke<7F>ã'6“AÀ̯¶XÔi<¯á:òùÓfÇU<>È~Ÿú&A¬Ë¡çj° <EFBFBD><EFBFBD>øÇw_0¿](t€9©ÌÂæñ%9šÒaWŠÍ¬ý@dWý©@µ÷S Óoˆ’€*&þàX¢-@Õö¬ª<><C2AA>ƒc~#f¶o<>†âx‰•°=;‡Ý
D·?_“E-éH

13
secrets/ude-deluge.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE -> ssh-ed25519 IFuY+w YhrlFN7mVaYlDC0YyEYwHUw/Dn+AJS5LcdYH0CHNhHM
k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs 2Fh1Imyut/Fs3nAUQAYNHuR0DPRCnDDv0fuLI1hQc6k
-> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI -> ssh-ed25519 GKhvwg Iuw+N1SD8On8HqpoinMoXFJ+QRS7CRyjVHhI7LE83hs
QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM yTdsv1DKQUSG1hFyxanahMiagPumuuVH1S1uLwoX3aU
--- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I --- fGCYe4oLn1ucgnXuuecwD4nHMkiqxy2kSTYp79y7sR4
yâùZͪëú¶ M¹®ËXd識塸*ô5ð‡øj"‹¥¿íí*ÃÖZU³å Ñ„²|Ý•]¼ßa8 ð"Zœb<>][9S÷Uµ ù. ÚÑ­
QýÉVCs`ËʦWG<57>#+K~˜!æ:â#ËÝ'¨¹jƒÀˆQDŒYŠzžƒ'­ ¾†‚%Š¯@Ïâ´ÊO±Õ`剒>

12
secrets/youko-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU -> ssh-ed25519 rA7dkQ HZF6g+17SHv2P0Agh9/rJk5yQkjqxmOKF+F5dlcHkUI
RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA WimAhXL0UU2JXUlruPnIwi7vkjQ7YDWsyK5yB006gWo
-> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY -> ssh-ed25519 GKhvwg mYJ6EJxisRlPtWzBqAsQXF4sivQP86rr03qIQvJGumY
gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU Y+dGZb/F1jddv04tFFPSSyTTJjsBTbQUocNg+FJuX/E
--- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds --- mMUDr1Q6r/fEIejP+0yBj8D09REx3bj51XpaJiOO4ns
xSæmL6îï9ÊŽÐîGŽ×3Ñ<áò4[ZÀ Œt»}å¶<OÓÃØdšÊcªYûé}>XQ^]<5D>ŠñK|B¶ÌwDmÓq×HïX©]FñeÄRt%¥`Ò¤0†»IVÂ× Íî<zA"¸ó³eÛû9µæ_þ<Õ<> b“¸ª…7wªt qî[£ë¿Ä‰ãkCýåt]Øh§ÕUY67^#PT#Aõ(ñµ#•€Tßú}˜œuæÍå f&¼Ë–à —/¶ <)Þ<>=´

BIN
secrets/zitadel-master.age
View file

Binary file not shown.

4
services/attic.nix
View file

@ -1,12 +1,12 @@
{ {
services.attic = config.services.attic =
let let
atticPort = 9476; atticPort = 9476;
in in
{ {
host = "kazuki"; host = "kazuki";
ports = [ atticPort ]; ports = [ atticPort ];
config = module =
{ config, ... }: { config, ... }:
{ {
age.secrets.attic-creds = { age.secrets.attic-creds = {

3
services/default.nix
View file

@ -1,7 +1,8 @@
{ {
imports = [ includes = [
./attic.nix ./attic.nix
./forgejo-runner.nix ./forgejo-runner.nix
./forgejo.nix ./forgejo.nix
./paperless.nix
]; ];
} }

4
services/forgejo-runner.nix
View file

@ -1,10 +1,10 @@
{ {
services.forgejo-runner = { config.services.forgejo-runner = {
hosts = [ hosts = [
"ude" "ude"
"youko" "youko"
]; ];
config = module =
{ {
config, config,
lib, lib,

4
services/forgejo.nix
View file

@ -1,8 +1,8 @@
{ {
services.forgejo = { config.services.forgejo = {
host = "kazuki"; host = "kazuki";
ports = [ 3000 ]; ports = [ 3000 ];
config = module =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
age.secrets.rab-lol-cf = { age.secrets.rab-lol-cf = {

61
services/paperless.nix Normal file
View file

@ -0,0 +1,61 @@
{
services.paperless = {
host = "youko";
ports = [ 28981 ];
config =
{ config, ... }:
{
age.secrets.rab-lol-cf = {
file = ../secrets/rab-lol-cf.age;
owner = config.services.nginx.user;
};
age.secrets.paperless-pass = {
file = ../secrets/paperless-pass.age;
owner = config.services.paperless.user;
};
services.paperless = {
enable = true;
dataDir = "/var/lib/paperless";
mediaDir = "/media/paperless/media";
consumptionDir = "/media/paperless/consume";
passwordFile = config.age.secrets.paperless-pass.path;
settings = {
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "pol+eng+jpn";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."paper.rab.lol" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/".proxyPass = "http://localhost:28981";
extraConfig = ''
client_max_body_size 24G;
'';
};
};
security.acme.acceptTerms = true;
security.acme.certs."paper.rab.lol" = {
email = "nikodem@rabulinski.com";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.rab-lol-cf.path;
};
};
};
}

1
shell.nix Normal file
View file

@ -0,0 +1 @@
(import ./nilla.nix { }).shells.default.result.${builtins.currentSystem}

23
treefmt.nix Normal file
View file

@ -0,0 +1,23 @@
{
projectRootFile = "nilla.nix";
programs.deadnix.enable = true;
programs.nixfmt.enable = true;
programs.statix.enable = true;
programs.fish_indent.enable = true;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.shfmt.enable = true;
settings.global.excludes = [
# agenix
"*.age"
# racket
"*.rkt"
"**/rashrc"
# custom assets
"*.png"
"*.svg"
];
settings.on-unmatched = "fatal";
}

57
wrappers/default.nix
View file

@ -1,25 +1,36 @@
{ inputs, ... }:
{ {
perSystem = lib,
{ pkgs, inputs', ... }: config,
let inputs,
wrapped = inputs.wrapper-manager-hm-compat.lib { }:
inherit pkgs; let
modules = [ systems = [
./starship "x86_64-linux"
./helix "aarch64-linux"
# TODO: Enable again "aarch64-darwin"
# ./rash ];
./fish wrappedPerSystem = lib.attrs.generate systems (
./wezterm system:
]; inputs.wrapper-manager-hm-compat.lib {
specialArgs = { pkgs = inputs.nixpkgs.legacyPackages.${system};
inherit inputs inputs'; modules = [
}; ./starship
}; ./helix
all-packages = wrapped.config.build.packages; # TODO: Enable again
in # ./rash
{ ./fish
packages = all-packages; ./wezterm
}; ];
specialArgs = { inherit inputs; };
}
);
wrappedPerSystem' = builtins.mapAttrs (_: wrapped: wrapped.config.build.packages) wrappedPerSystem;
wrapperNames = builtins.attrNames wrappedPerSystem'."x86_64-linux";
in
{
config.packages = lib.attrs.generate wrapperNames (wrapper: {
inherit systems;
builder = "custom-load";
package = { system }: wrappedPerSystem'.${system}.${wrapper};
});
} }

4
wrappers/helix/default.nix
View file

@ -1,8 +1,8 @@
{ pkgs, inputs', ... }: { pkgs, inputs, ... }:
{ {
programs.helix = { programs.helix = {
enable = true; enable = true;
package = inputs'.helix.packages.default; package = inputs.helix.packages.${pkgs.system}.default;
settings = { settings = {
theme = "base16_default_dark"; theme = "base16_default_dark";
editor = { editor = {

4
wrappers/rash/default.nix
View file

@ -1,6 +1,6 @@
{ {
pkgs, pkgs,
inputs', inputs,
config, config,
... ...
}: }:
@ -13,7 +13,7 @@
rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1"; rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1";
hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY="; hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY=";
}; };
racket-with-libs = inputs'.racket.packages.racket.newLayer { racket-with-libs = inputs.racket.packages.${pkgs.system}.racket.newLayer {
withRacketPackages = withRacketPackages =
ps: with ps; [ ps: with ps; [
readline-gpl readline-gpl