diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml
index 89693ab..ee97846 100644
--- a/.forgejo/workflows/build.yaml
+++ b/.forgejo/workflows/build.yaml
@@ -8,4 +8,4 @@ jobs:
runs-on: native
steps:
- uses: actions/checkout@v4
- - run: nix flake check --all-systems
+ - run: nix-build -A ci.check
diff --git a/assets/default.nix b/assets/default.nix
index 123d12c..4e3187c 100644
--- a/assets/default.nix
+++ b/assets/default.nix
@@ -1,8 +1,8 @@
-{ lib, ... }:
+{ lib }:
{
- options.assets = lib.mkOption {
- type = lib.types.unspecified;
- readOnly = true;
+ options.assets = lib.options.create {
+ type = lib.types.raw;
+ writable = false;
};
config.assets = {
diff --git a/assets/forgejo/apple-touch-icon.png b/assets/forgejo/apple-touch-icon.png
new file mode 100644
index 0000000..78da40f
Binary files /dev/null and b/assets/forgejo/apple-touch-icon.png differ
diff --git a/assets/forgejo/avatar_default.png b/assets/forgejo/avatar_default.png
new file mode 100644
index 0000000..ce6f772
Binary files /dev/null and b/assets/forgejo/avatar_default.png differ
diff --git a/assets/forgejo/favicon.png b/assets/forgejo/favicon.png
new file mode 100644
index 0000000..f6e48b9
Binary files /dev/null and b/assets/forgejo/favicon.png differ
diff --git a/assets/forgejo/favicon.svg b/assets/forgejo/favicon.svg
new file mode 100644
index 0000000..7cf10f5
--- /dev/null
+++ b/assets/forgejo/favicon.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/assets/forgejo/logo.png b/assets/forgejo/logo.png
new file mode 100644
index 0000000..ca1d390
Binary files /dev/null and b/assets/forgejo/logo.png differ
diff --git a/assets/forgejo/logo.svg b/assets/forgejo/logo.svg
new file mode 100644
index 0000000..7cf10f5
--- /dev/null
+++ b/assets/forgejo/logo.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..bb13b3b
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,8 @@
+let
+ nilla = import ./nilla.nix { };
+ getPackage = name: nilla.packages.${name}.result.${builtins.currentSystem};
+in
+{
+ ci.check = getPackage "ci-check";
+ formatter = getPackage "formatter";
+}
diff --git a/flake.lock b/flake.lock
index 3cd382a..32a92b1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,21 @@
{
"nodes": {
+ "__flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1743033641,
+ "narHash": "sha256-7L0/So1J21N4VHaZRzdK6Ywj3+NLdHfM8z0o5XVuPeo=",
+ "ref": "refs/heads/main",
+ "rev": "5bbdeaea85d5f396f01e8af94bcb6f29d5af22f7",
+ "revCount": 83,
+ "type": "git",
+ "url": "https://git.lix.systems/lix-project/flake-compat.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.lix.systems/lix-project/flake-compat.git"
+ }
+ },
"agenix": {
"inputs": {
"darwin": [
@@ -79,11 +95,11 @@
"conduit-src": {
"flake": false,
"locked": {
- "lastModified": 1742005420,
- "narHash": "sha256-v4LCx7VUZ+8Hy1+6ziREVY/QEADjZbo8c0h9eU7nMVY=",
+ "lastModified": 1742789401,
+ "narHash": "sha256-oZ8TPrtzPwXupsAfwMjLRI/s0/PokqL3q1ejeGVn5lE=",
"owner": "famedly",
"repo": "conduit",
- "rev": "063d13a0e10619f17bc21f0dd291c5a733581394",
+ "rev": "a7e6f60b41122761422df2b7bcc0c192416f9a28",
"type": "gitlab"
},
"original": {
@@ -115,11 +131,11 @@
]
},
"locked": {
- "lastModified": 1742382197,
- "narHash": "sha256-5OtFbbdKAkWDVuzjs1J9KwdFuDxsEvz0FZX3xR2jEUM=",
+ "lastModified": 1743359449,
+ "narHash": "sha256-unjpn5SCn55Ma+/grXuTybICgUa/bcPGKxJMt9lLoIg=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "643b57fd32135769f809913663130a95fe6db49e",
+ "rev": "fe625481e50d05aa452d684d5228e5059b4942d4",
"type": "github"
},
"original": {
@@ -177,11 +193,11 @@
]
},
"locked": {
- "lastModified": 1742432361,
- "narHash": "sha256-FlqTrkzSn6oPR5iJTPsCQDd0ioMGzzxnPB+2wve9W2w=",
+ "lastModified": 1743383039,
+ "narHash": "sha256-Palj4EeFRS3tLl2aK0FgE01SBWRbqD4vKE+SNBJaYo4=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
- "rev": "c868ff433ea5123e837a62ae689543045187d7a4",
+ "rev": "96f1d9e12f0efbbc4cea47c0a06a1667ed90e5f8",
"type": "github"
},
"original": {
@@ -244,26 +260,6 @@
}
},
"flake-parts_2": {
- "inputs": {
- "nixpkgs-lib": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1741352980,
- "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@@ -359,11 +355,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
- "lastModified": 1742479163,
- "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=",
+ "lastModified": 1743346877,
+ "narHash": "sha256-WczB9koq4xvdBZoMLW8VFT16RGaDrJXyA0rDTg2GFVU=",
"owner": "helix-editor",
"repo": "helix",
- "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c",
+ "rev": "e148d8b3110ace99505c0871714cd64391cc4ba3",
"type": "github"
},
"original": {
@@ -379,11 +375,11 @@
]
},
"locked": {
- "lastModified": 1742501496,
- "narHash": "sha256-LYwyZmhckDKK7i4avmbcs1pBROpOaHi98lbjX1fmVpU=",
+ "lastModified": 1743360001,
+ "narHash": "sha256-HtpS/ZdgWXw0y+aFdORcX5RuBGTyz3WskThspNR70SM=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "d725df5ad8cee60e61ee6fe3afb735e4fbc1ff41",
+ "rev": "b6fd653ef8fbeccfd4958650757e91767a65506d",
"type": "github"
},
"original": {
@@ -395,11 +391,11 @@
"lix": {
"flake": false,
"locked": {
- "lastModified": 1742411066,
- "narHash": "sha256-8vXOKPQFRzTjapsRnTJ1nuFjUfC+AGI2ybdK5cAEHZ8=",
+ "lastModified": 1743274305,
+ "narHash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=",
"ref": "refs/heads/main",
- "rev": "2491b7cc2128ee440d24768c4521c38b1859fc28",
- "revCount": 17705,
+ "rev": "d169c092fc28838a253be136d17fe7de1292c728",
+ "revCount": 17746,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix.git"
},
@@ -420,11 +416,11 @@
]
},
"locked": {
- "lastModified": 1741894565,
- "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=",
+ "lastModified": 1742945498,
+ "narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=",
"ref": "refs/heads/main",
- "rev": "a6da43f8193d9e329bba1795c42590c27966082e",
- "revCount": 136,
+ "rev": "fa69ae26cc32dda178117b46487c2165c0e08316",
+ "revCount": 138,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
},
@@ -458,7 +454,7 @@
},
"niko-nur": {
"inputs": {
- "flake-parts": "flake-parts_3",
+ "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs"
},
"locked": {
@@ -475,6 +471,22 @@
"type": "github"
}
},
+ "nilla": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1743409018,
+ "narHash": "sha256-fghnO1XmDnM0U6PdFu0GquNIRQNxH2IQ1AgifyZk6Wk=",
+ "owner": "nilla-nix",
+ "repo": "nilla",
+ "rev": "6747fe62879d7d15c96808bc370a52941287772c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nilla-nix",
+ "repo": "nilla",
+ "type": "github"
+ }
+ },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@@ -557,11 +569,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1742395137,
- "narHash": "sha256-WWNNjCSzQCtATpCFEijm81NNG1xqlLMVbIzXAiZysbs=",
+ "lastModified": 1743259260,
+ "narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "2a725d40de138714db4872dc7405d86457aa17ad",
+ "rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f",
"type": "github"
},
"original": {
@@ -593,6 +605,7 @@
},
"root": {
"inputs": {
+ "__flake-compat": "__flake-compat",
"agenix": "agenix",
"attic": "attic",
"conduit-src": "conduit-src",
@@ -601,13 +614,13 @@
"disko": "disko",
"fenix": "fenix",
"firefox-darwin": "firefox-darwin",
- "flake-parts": "flake-parts_2",
"helix": "helix",
"home-manager": "home-manager",
"lix": "lix",
"lix-module": "lix-module",
"mailserver": "mailserver",
"niko-nur": "niko-nur",
+ "nilla": "nilla",
"nixpkgs": "nixpkgs_2",
"racket": "racket",
"treefmt": "treefmt",
@@ -742,11 +755,11 @@
]
},
"locked": {
- "lastModified": 1742370146,
- "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
+ "lastModified": 1743081648,
+ "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=",
"owner": "numtide",
"repo": "treefmt-nix",
- "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
+ "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7",
"type": "github"
},
"original": {
@@ -814,11 +827,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
- "lastModified": 1741803511,
- "narHash": "sha256-DcCGBWvAvt+OWI+EcPRO+/IXZHkFgPxZUmxf2VLl8no=",
+ "lastModified": 1743151937,
+ "narHash": "sha256-SjfGN+3wrzgRvzpziowTQUIr/o6ac5iMniua0ra6elo=",
"owner": "dj95",
"repo": "zjstatus",
- "rev": "df9c77718f7023de8406e593eda6b5b0bc09cddd",
+ "rev": "2772e18d1bf57b5fe24c7e2c86a6cbec0475cd88",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index c49e260..ea0a9e0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,82 +1,8 @@
{
- outputs =
- inputs@{ flake-parts, ... }:
- flake-parts.lib.mkFlake { inherit inputs; } {
- systems = [
- "x86_64-linux"
- "aarch64-linux"
- "aarch64-darwin"
- ];
-
- imports = [
- inputs.treefmt.flakeModule
-
- ./assets
- ./hosts
- ./modules
- ./wrappers
- ./pkgs
- ./services
- ];
-
- perSystem =
- {
- inputs',
- self',
- pkgs,
- ...
- }:
- {
- devShells.default = pkgs.mkShellNoCC {
- packages = [
- inputs'.agenix.packages.agenix
- self'.packages.attic-client
- # TODO: Contribute darwin support to nh
- pkgs.nh
- ];
- };
-
- packages = {
- # Re-export it for convenience and for caching
- inherit (inputs'.attic.packages) attic-client attic-server;
- base-packages = pkgs.symlinkJoin {
- name = "settei-base";
- paths = with self'.packages; [
- helix
- fish
- git-commit-last
- git-fixup
- ];
- };
- };
-
- treefmt = {
- programs.deadnix.enable = true;
- programs.nixfmt.enable = true;
- programs.statix.enable = true;
- programs.fish_indent.enable = true;
- programs.deno.enable = true;
- programs.stylua.enable = true;
- programs.shfmt.enable = true;
- settings.global.excludes = [
- # agenix
- "*.age"
-
- # racket
- "*.rkt"
- "**/rashrc"
- ];
- settings.on-unmatched = "fatal";
- };
- };
- };
+ outputs = inputs: (import ./nilla.nix { inherit inputs; }).flake;
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable";
- flake-parts = {
- url = "github:hercules-ci/flake-parts";
- inputs.nixpkgs-lib.follows = "nixpkgs";
- };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
@@ -164,27 +90,13 @@
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
- };
-
- /*
- TODO: Uncomment once (if ever?) nixConfig makes sense in flakes
- nixConfig = {
- extra-substituters = [
- "https://hyprland.cachix.org"
- "https://cache.garnix.io"
- "https://nix-community.cachix.org"
- "https://hercules-ci.cachix.org"
- "https://nrabulinski.cachix.org"
- "https://cache.nrab.lol"
- ];
- extra-trusted-public-keys = [
- "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
- "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
- "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
- "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
- "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
- "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
- ];
+ __flake-compat = {
+ url = "git+https://git.lix.systems/lix-project/flake-compat.git";
+ flake = false;
};
- */
+ nilla = {
+ url = "github:nilla-nix/nilla";
+ flake = false;
+ };
+ };
}
diff --git a/hosts/default.nix b/hosts/default.nix
index d8ed8b3..843a8d1 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -1,11 +1,11 @@
{
config,
- self,
- inputs,
- ...
}:
+let
+ inputs = builtins.mapAttrs (_: input: input.result) config.inputs;
+in
{
- imports = [
+ includes = [
./kazuki
./hijiri-vm
./hijiri
@@ -16,58 +16,40 @@
./youko
];
- builders =
+ config.systems.builders =
let
sharedOptions = {
_file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // {
- settei = self;
+ settei = inputs.self;
};
};
-
- baseNixos = inputs.nixpkgs.lib.nixosSystem {
- modules = [
- self.nixosModules.combined
- sharedOptions
- ];
- specialArgs.configurationName = "base";
- };
-
- baseDarwin = inputs.darwin.lib.darwinSystem {
- modules = [
- self.darwinModules.combined
- sharedOptions
- ];
- specialArgs.configurationName = "base";
- };
in
{
nixos =
name: module:
- baseNixos.extendModules {
+ inputs.nixpkgs.lib.nixosSystem {
modules = [
+ config.nixosModules.combined
+ sharedOptions
module
- config.__extraHostConfigs.${name} or { }
+ config.extraHostConfigs.${name} or { }
];
specialArgs.configurationName = name;
};
darwin =
name: module:
- let
- eval = baseDarwin._module.args.extendModules {
- modules = [
- module
- config.__extraHostConfigs.${name} or { }
- ];
- specialArgs.configurationName = name;
- };
- in
- eval
- // {
- system = eval.config.system.build.toplevel;
+ inputs.darwin.lib.darwinSystem {
+ modules = [
+ config.darwinModules.combined
+ sharedOptions
+ module
+ config.extraHostConfigs.${name} or { }
+ ];
+ specialArgs.configurationName = name;
};
};
}
diff --git a/hosts/hijiri-vm/default.nix b/hosts/hijiri-vm/default.nix
index db26c63..94350be 100644
--- a/hosts/hijiri-vm/default.nix
+++ b/hosts/hijiri-vm/default.nix
@@ -1,5 +1,5 @@
{
- configurations.nixos.hijiri-vm =
+ config.systems.nixos.hijiri-vm.module =
{
modulesPath,
lib,
diff --git a/hosts/hijiri/default.nix b/hosts/hijiri/default.nix
index bb7db92..66defb4 100644
--- a/hosts/hijiri/default.nix
+++ b/hosts/hijiri/default.nix
@@ -1,5 +1,5 @@
{
- configurations.darwin.hijiri =
+ config.systems.darwin.hijiri.module =
{
config,
pkgs,
diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix
index 24bdef8..a1692c6 100644
--- a/hosts/installer/default.nix
+++ b/hosts/installer/default.nix
@@ -1,6 +1,6 @@
{ lib, ... }:
{
- configurations.nixos =
+ config.configurations.nixos =
let
mkInstaller =
system:
diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix
index df92f1c..e4a51ad 100644
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@@ -1,5 +1,5 @@
{
- configurations.nixos.kazuki =
+ config.systems.nixos.kazuki.module =
{
modulesPath,
...
@@ -15,7 +15,6 @@
./storage.nix
./ntfy.nix
./zitadel.nix
- ./forgejo.nix
./prometheus.nix
];
diff --git a/hosts/kazuki/forgejo.nix b/hosts/kazuki/forgejo.nix
deleted file mode 100644
index 9f200e2..0000000
--- a/hosts/kazuki/forgejo.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ config, ... }:
-{
- age.secrets.rab-lol-cf = {
- file = ../../secrets/rab-lol-cf.age;
- owner = config.services.nginx.user;
- };
-
- services.forgejo = {
- enable = true;
- settings = {
- server = {
- DOMAIN = "git.rab.lol";
- ROOT_URL = "https://git.rab.lol/";
- };
- oauth2_client = {
- REGISTER_EMAIL_CONFIRM = false;
- ENABLE_AUTO_REGISTRATION = true;
- ACCOUNT_LINKING = "auto";
- UPDATE_AVATAR = true;
- };
- service = {
- DISABLE_REGISTRATION = false;
- ALLOW_ONLY_INTERNAL_REGISTRATION = false;
- ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
- };
- federation.ENABLED = true;
- };
- repositoryRoot = "/storage-box/forgejo/repos";
- lfs = {
- enable = true;
- contentDir = "/storage-box/forgejo/lfs";
- };
- };
-
- services.nginx = {
- enable = true;
- recommendedProxySettings = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- virtualHosts."git.rab.lol" = {
- forceSSL = true;
- enableACME = true;
- acmeRoot = null;
- locations."/" = {
- proxyPass = "http://127.0.0.1:3000";
- extraConfig = ''
- proxy_set_header Connection $http_connection;
- proxy_set_header Upgrade $http_upgrade;
- '';
- };
- };
- };
-
- users.users.nginx.extraGroups = [ "acme" ];
- security.acme.acceptTerms = true;
- security.acme.certs."git.rab.lol" = {
- dnsProvider = "cloudflare";
- credentialsFile = config.age.secrets.rab-lol-cf.path;
- email = "nikodem@rabulinski.com";
- };
-}
diff --git a/hosts/kogata/default.nix b/hosts/kogata/default.nix
index 6bf9e2f..d5ac7cb 100644
--- a/hosts/kogata/default.nix
+++ b/hosts/kogata/default.nix
@@ -1,5 +1,5 @@
{
- configurations.darwin.kogata =
+ config.systems.darwin.kogata.module =
{ pkgs, ... }:
{
nixpkgs.system = "aarch64-darwin";
diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix
index d395fbd..62ffb2e 100644
--- a/hosts/ude/default.nix
+++ b/hosts/ude/default.nix
@@ -1,5 +1,5 @@
{
- configurations.nixos.ude =
+ config.systems.nixos.ude.module =
{
config,
modulesPath,
diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix
index 3a2fe49..7f39ac5 100644
--- a/hosts/youko/default.nix
+++ b/hosts/youko/default.nix
@@ -1,5 +1,5 @@
{
- configurations.nixos.youko =
+ config.systems.nixos.youko.module =
{
config,
lib,
diff --git a/inputs.nix b/inputs.nix
new file mode 100644
index 0000000..def1e3b
--- /dev/null
+++ b/inputs.nix
@@ -0,0 +1,15 @@
+let
+ lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+ inherit (lock.nodes.__flake-compat.locked) narHash rev url;
+ flake-compat = builtins.fetchTarball {
+ url = "${url}/archive/${rev}.tar.gz";
+ sha256 = narHash;
+ };
+ flake = import flake-compat {
+ src = ./.;
+ copySourceTreeToStore = false;
+ useBuiltinsFetchTree = true;
+ };
+in
+# Workaround for https://github.com/nilla-nix/nilla/issues/14
+builtins.mapAttrs (_: input: input // { type = "derivation"; }) flake.inputs
diff --git a/modules/default.nix b/modules/default.nix
index 24a8f46..2dc9115 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,29 +1,21 @@
{
config,
- inputs,
- ...
}:
let
- flakeModule = import ./flake { inherit (inputs) nixpkgs darwin home-manager; };
+ inputs = builtins.mapAttrs (_: input: input.result) config.inputs;
+ perInput = system: flake: {
+ packages = flake.packages.${system};
+ };
in
{
- imports = [
- flakeModule
- ];
-
- flake.homeModules = rec {
+ config.homeModules = rec {
settei = ./home;
default = settei;
};
- flake.flakeModules = rec {
- settei = flakeModule;
- default = settei;
- };
-
- flake.nixosModules = rec {
+ config.nixosModules = rec {
settei = import ./system {
- inherit (config) perInput;
+ inherit perInput;
isLinux = true;
};
combined = {
@@ -45,9 +37,9 @@ in
default = combined;
};
- flake.darwinModules = rec {
+ config.darwinModules = rec {
settei = import ./system {
- inherit (config) perInput;
+ inherit perInput;
isLinux = false;
};
combined = {
diff --git a/modules/flake/configurations.nix b/modules/flake/configurations.nix
deleted file mode 100644
index 67ccc1b..0000000
--- a/modules/flake/configurations.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{
- nixpkgs,
- darwin,
- home-manager,
-}:
-{
- config,
- lib,
- ...
-}:
-with lib;
-{
- _file = ./configurations.nix;
-
- options = {
- # Those functions take the final arguments and emit a valid configuration.
- # Probably should hardly ever be overriden
- builders = {
- nixos = mkOption {
- type = types.functionTo types.unspecified;
- default = _name: nixpkgs.lib.nixosSystem;
- };
- darwin = mkOption {
- type = types.functionTo types.unspecified;
- default = _name: darwin.lib.darwinSystem;
- };
- home = mkOption {
- type = types.functionTo types.unspecified;
- default = _name: home-manager.lib.homeManagerConfiguration;
- };
- };
-
- configurations = {
- nixos = mkOption {
- type = types.lazyAttrsOf types.deferredModule;
- default = { };
- };
- darwin = mkOption {
- type = types.lazyAttrsOf types.deferredModule;
- default = { };
- };
- home = mkOption {
- type = types.lazyAttrsOf types.deferredModule;
- default = { };
- };
- };
- };
-
- config.flake = {
- nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos;
- darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin;
- homeConfigurations = mapAttrs config.builders.home config.configurations.home;
- };
-}
diff --git a/modules/flake/default.nix b/modules/flake/default.nix
deleted file mode 100644
index 78bb73d..0000000
--- a/modules/flake/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- nixpkgs,
- darwin,
- home-manager,
-}:
-{
- _file = ./default.nix;
-
- imports = [
- (import ./configurations.nix { inherit nixpkgs darwin home-manager; })
- ./services.nix
- ];
-}
diff --git a/modules/flake/services.nix b/modules/flake/services.nix
deleted file mode 100644
index f2f07d4..0000000
--- a/modules/flake/services.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-# List of features I want this module to eventually have
-# TODO: Automatic port allocation
-# TODO: Making it possible to conveniently isolate services (running them in NixOS containers)
-# TODO: Handling specializations
-# TODO: Convenient http handling
-# TODO: Automatic backup
-{ config, lib, ... }:
-let
- serviceModule =
- { config, ... }:
- {
- options = {
- host = lib.mkOption {
- type = lib.types.str;
- };
- ports = lib.mkOption {
- type = with lib.types; listOf port;
- default = [ ];
- };
- hosts = lib.mkOption {
- type = with lib.types; listOf str;
- default = [ config.host ];
- };
- config = lib.mkOption {
- type = lib.types.deferredModule;
- default = { };
- };
- hostConfig = lib.mkOption {
- type = with lib.types; attrsOf deferredModule;
- default = { };
- };
- };
- };
-
- moduleToHostConfigs =
- cfg:
- lib.genAttrs cfg.hosts (host: {
- imports = [
- cfg.config
- (cfg.hostConfig.${host} or { })
- ];
- });
-
- maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
-in
-{
- _file = ./services.nix;
-
- options = {
- services = lib.mkOption {
- type = with lib.types; attrsOf (submodule serviceModule);
- default = { };
- };
-
- __extraHostConfigs = lib.mkOption {
- type = with lib.types; attrsOf deferredModule;
- readOnly = true;
- };
- };
-
- config.__extraHostConfigs =
- let
- duplicatePorts = lib.pipe config.services [
- lib.attrValues
- (map (cfg: cfg.ports))
- lib.flatten
- (lib.groupBy' (cnt: _: cnt + 1) 0 toString)
- (lib.filterAttrs (_: cnt: cnt > 1))
- lib.attrNames
- ];
- assertMsg =
- let
- plural = lib.length duplicatePorts > 1;
- in
- "\nBad service config:\nThe following port${if plural then "s" else ""} ${
- if plural then "were" else "was"
- } declared multiple times: ${lib.concatStringsSep ", " duplicatePorts}";
- # Here I collect all the services..config into a flat
- # __extraHostConfigs..imports = [
- # ...
- # ]
- # so that I can easily import them in hosts/default.nix
- hostConfigs = lib.pipe config.services [
- lib.attrValues
- (lib.foldl' (
- acc: cfg:
- acc
- // lib.mapAttrs (host: c: {
- imports = c.imports ++ (maybeGetPreviousConfigs acc host);
- }) (moduleToHostConfigs cfg)
- ) { })
- ];
- in
- if duplicatePorts != [ ] then throw assertMsg else hostConfigs;
-}
diff --git a/modules/nilla/builders/custom-load.nix b/modules/nilla/builders/custom-load.nix
new file mode 100644
index 0000000..b340dec
--- /dev/null
+++ b/modules/nilla/builders/custom-load.nix
@@ -0,0 +1,8 @@
+{ lib }:
+{
+ config.builders.custom-load = {
+ settings.type = lib.types.submodule { };
+ settings.default = { };
+ build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; });
+ };
+}
diff --git a/modules/nilla/builders/default.nix b/modules/nilla/builders/default.nix
new file mode 100644
index 0000000..fa73437
--- /dev/null
+++ b/modules/nilla/builders/default.nix
@@ -0,0 +1,6 @@
+{
+ includes = [
+ ./nixpkgs-flake.nix
+ ./custom-load.nix
+ ];
+}
diff --git a/modules/nilla/builders/nixpkgs-flake.nix b/modules/nilla/builders/nixpkgs-flake.nix
new file mode 100644
index 0000000..4b0115f
--- /dev/null
+++ b/modules/nilla/builders/nixpkgs-flake.nix
@@ -0,0 +1,21 @@
+{
+ config,
+ lib,
+}:
+{
+ config.builders.nixpkgs-flake = {
+ settings.type = lib.types.submodule {
+ options.args = lib.options.create {
+ type = lib.types.any;
+ default.value = { };
+ };
+ };
+ settings.default = { };
+ build =
+ pkg:
+ lib.attrs.generate pkg.systems (
+ system:
+ config.inputs.nixpkgs.result.legacyPackages.${system}.callPackage pkg.package pkg.settings.args
+ );
+ };
+}
diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix
new file mode 100644
index 0000000..0cab965
--- /dev/null
+++ b/modules/nilla/default.nix
@@ -0,0 +1,9 @@
+{
+ includes = [
+ ./builders
+ ./services.nix
+ ./systems.nix
+ ./modules.nix
+ ./flake.nix
+ ];
+}
diff --git a/modules/nilla/flake.nix b/modules/nilla/flake.nix
new file mode 100644
index 0000000..0193f2d
--- /dev/null
+++ b/modules/nilla/flake.nix
@@ -0,0 +1,32 @@
+{ lib, config }:
+let
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "aarch64-darwin"
+ ];
+ transpose =
+ attrs: lib.attrs.generate systems (system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs);
+in
+{
+ options.flake = lib.options.create {
+ type = lib.types.attrs.of lib.types.raw;
+ };
+
+ config.flake = {
+ inherit (config)
+ nixosModules
+ darwinModules
+ homeModules
+ ;
+
+ nixosConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.nixos;
+ darwinConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.darwin;
+ homeConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.home;
+
+ devShells = transpose config.shells;
+ packages = transpose config.packages;
+
+ formatter = config.packages.formatter.result;
+ };
+}
diff --git a/modules/nilla/modules.nix b/modules/nilla/modules.nix
new file mode 100644
index 0000000..7b8a6dc
--- /dev/null
+++ b/modules/nilla/modules.nix
@@ -0,0 +1,17 @@
+{ lib }:
+{
+ options = {
+ nixosModules = lib.options.create {
+ type = lib.types.attrs.of lib.types.raw;
+ default.value = { };
+ };
+ darwinModules = lib.options.create {
+ type = lib.types.attrs.of lib.types.raw;
+ default.value = { };
+ };
+ homeModules = lib.options.create {
+ type = lib.types.attrs.of lib.types.raw;
+ default.value = { };
+ };
+ };
+}
diff --git a/modules/nilla/services.nix b/modules/nilla/services.nix
new file mode 100644
index 0000000..1045a4a
--- /dev/null
+++ b/modules/nilla/services.nix
@@ -0,0 +1,95 @@
+{ lib, config }:
+let
+ inherit (builtins)
+ attrNames
+ attrValues
+ concatStringsSep
+ mapAttrs
+ foldl'
+ groupBy
+ length
+ ;
+ serviceModule =
+ { config }:
+ {
+ options = {
+ host = lib.options.create {
+ type = lib.types.string;
+ };
+ ports = lib.options.create {
+ type = lib.types.list.of lib.types.port;
+ default.value = [ ];
+ };
+ hosts = lib.options.create {
+ type = lib.types.list.of lib.types.string;
+ default.value = [ config.host ];
+ };
+ module = lib.options.create {
+ type = lib.types.raw;
+ default.value = { };
+ };
+ hostModule = lib.options.create {
+ type = lib.types.attrs.of lib.types.raw;
+ default.value = { };
+ };
+ };
+ };
+
+ moduleToHostConfigs =
+ cfg:
+ lib.attrs.generate cfg.hosts (host: {
+ imports = [
+ cfg.module
+ (cfg.hostModule.${host} or { })
+ ];
+ });
+
+ maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
+
+ # Copied from nixpkgs/lib/lists.nix
+ groupBy' =
+ op: nul: pred: lst:
+ mapAttrs (_name: foldl' op nul) (groupBy pred lst);
+ duplicatePorts = lib.fp.pipe [
+ attrValues
+ (map (cfg: cfg.ports))
+ lib.lists.flatten
+ (groupBy' (cnt: _: cnt + 1) 0 toString)
+ (lib.attrs.filter (_: cnt: cnt > 1))
+ attrNames
+ ] config.services;
+in
+{
+ options.services = lib.options.create {
+ type = lib.types.attrs.of (lib.types.submodule serviceModule);
+ default.value = { };
+ };
+
+ options.extraHostConfigs = lib.options.create {
+ type = lib.types.attrs.of lib.types.raw;
+ writable = false;
+ default.value = lib.fp.pipe [
+ attrValues
+ (foldl' (
+ acc: cfg:
+ acc
+ // mapAttrs (host: c: {
+ imports = c.imports ++ (maybeGetPreviousConfigs acc host);
+ }) (moduleToHostConfigs cfg)
+ ) { })
+ ] config.services;
+ };
+
+ config.assertions = [
+ {
+ assertion = duplicatePorts == [ ];
+ message =
+ let
+ plural = length duplicatePorts > 1;
+ in
+ "\nBad service config:\nThe following port${if plural then "s" else ""} ${
+ if plural then "were" else "was"
+ } declared multiple times: ${concatStringsSep ", " duplicatePorts}";
+ }
+ ];
+}
diff --git a/modules/nilla/systems.nix b/modules/nilla/systems.nix
new file mode 100644
index 0000000..63b349a
--- /dev/null
+++ b/modules/nilla/systems.nix
@@ -0,0 +1,52 @@
+{ config, lib }:
+let
+ mkBuilderOption =
+ typ:
+ lib.options.create {
+ type = lib.types.function (lib.types.function lib.types.raw);
+ default.value = _name: _module: throw "Builder for systems.${typ} is not implemented";
+ };
+ inherit (config.systems) builders;
+ mkSystemModule =
+ typ:
+ { config, name }:
+ {
+ options = {
+ name = lib.options.create {
+ type = lib.types.string;
+ default.value = name;
+ };
+ module = lib.options.create {
+ type = lib.types.raw;
+ default.value = { };
+ };
+ builder = lib.options.create {
+ type = lib.types.function (lib.types.function lib.types.raw);
+ default.value = builders.${typ};
+ };
+ result = lib.options.create {
+ type = lib.types.raw;
+ writable = false;
+ default.value = config.builder config.name config.module;
+ };
+ };
+ };
+ mkSystemOption =
+ typ:
+ lib.options.create {
+ type = lib.types.attrs.of (lib.types.submodule (mkSystemModule typ));
+ default.value = { };
+ };
+in
+{
+ options = {
+ systems = {
+ builders.nixos = mkBuilderOption "nixos";
+ builders.darwin = mkBuilderOption "darwin";
+ builders.home = mkBuilderOption "home";
+ nixos = mkSystemOption "nixos";
+ darwin = mkSystemOption "darwin";
+ home = mkSystemOption "home";
+ };
+ };
+}
diff --git a/modules/system/containers.nix b/modules/system/containers.nix
index a0942f9..26e7e7e 100644
--- a/modules/system/containers.nix
+++ b/modules/system/containers.nix
@@ -85,6 +85,12 @@ let
services.openssh.hostKeys = [ ];
system.stateVersion = lib.mkDefault config.system.stateVersion;
+
+ networking.useHostResolvConf = false;
+ networking.nameservers = [
+ "1.1.1.1"
+ "1.0.0.1"
+ ];
};
bindMounts = {
@@ -95,6 +101,11 @@ let
privateNetwork = lib.mkForce true;
}
) config.settei.containers;
+
+ networking.nat = lib.mkIf (config.settei.containers != { }) {
+ enable = true;
+ internalInterfaces = [ "ve-+" ];
+ };
};
darwinConfig = lib.optionalAttrs (!isLinux) {
diff --git a/nilla.nix b/nilla.nix
new file mode 100644
index 0000000..4379f29
--- /dev/null
+++ b/nilla.nix
@@ -0,0 +1,139 @@
+{
+ inputs ? import ./inputs.nix,
+}:
+(import inputs.nilla).create (
+ { config, lib }:
+ {
+ includes = [
+ ./modules/nilla
+ ./pkgs
+ ./wrappers
+ ./hosts
+ ./assets
+ ./services
+ ./modules
+ ];
+
+ config.inputs = builtins.mapAttrs (_: src: {
+ inherit src;
+ loader = "raw";
+ }) inputs;
+
+ config.packages =
+ let
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "aarch64-darwin"
+ ];
+ mkPackage = package: {
+ builder = "nixpkgs-flake";
+ inherit systems package;
+ };
+ mkPackageFlakeOutput =
+ {
+ input,
+ output ? input,
+ }:
+ {
+ inherit systems;
+ builder = "custom-load";
+ package = { system }: inputs.${input}.packages.${system}.${output};
+ };
+ getPkgs = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages;
+ in
+ {
+ # Re-export for convenience and for caching
+ attic-client = mkPackageFlakeOutput {
+ input = "attic";
+ output = "attic-client";
+ };
+ attic-server = mkPackageFlakeOutput {
+ input = "attic";
+ output = "attic-server";
+ };
+ agenix = mkPackageFlakeOutput { input = "agenix"; };
+ base-packages = mkPackage (
+ { symlinkJoin, system }:
+ symlinkJoin {
+ name = "settei-base";
+ paths = with (getPkgs system); [
+ # TODO: wrappers
+ helix
+ fish
+ git-commit-last
+ git-fixup
+ ];
+ }
+ );
+ formatter = {
+ inherit systems;
+ builder = "custom-load";
+ package =
+ { system }:
+ let
+ eval = inputs.treefmt.lib.evalModule inputs.nixpkgs.legacyPackages.${system} ./treefmt.nix;
+ in
+ eval.config.build.wrapper;
+ };
+ ci-check =
+ let
+ all-packages = builtins.attrValues (builtins.removeAttrs config.packages [ "ci-check" ]);
+ all-packages' = lib.lists.flatten (map (pkg: builtins.attrValues pkg.result) all-packages);
+
+ nixos-systems = builtins.attrValues config.systems.nixos;
+ nixos-systems' = map (system: system.result.config.system.build.toplevel) nixos-systems;
+
+ darwin-systems = builtins.attrValues config.systems.darwin;
+ darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems;
+
+ all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems';
+ all-drvs' = lib.strings.concatMapSep "\n" builtins.unsafeDiscardStringContext all-drvs;
+ in
+ mkPackage (
+ {
+ lib,
+ stdenvNoCC,
+ system,
+ }:
+ stdenvNoCC.mkDerivation {
+ name = "nilla-eval-check";
+ src = lib.cleanSource ./.;
+ doCheck = true;
+
+ allDerivations = all-drvs';
+ formatter = lib.getExe config.packages.formatter.result.${system};
+
+ passAsFile = [ "allDerivations" ];
+
+ installPhase = ''touch "$out"'';
+ checkPhase = ''
+ "$formatter" --ci
+ '';
+ }
+ );
+ };
+
+ config.shells.default = {
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "aarch64-darwin"
+ ];
+ builder = "nixpkgs-flake";
+ shell =
+ {
+ mkShellNoCC,
+ system,
+ nh,
+ }:
+ mkShellNoCC {
+ packages = [
+ config.packages.agenix.result.${system}
+ config.packages.attic-client.result.${system}
+ nh
+ ];
+ };
+ };
+ }
+)
diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix
index c2c44b4..2f1ccdd 100644
--- a/pkgs/conduit/default.nix
+++ b/pkgs/conduit/default.nix
@@ -1,6 +1,8 @@
{
lib,
stdenv,
+ pkgs,
+ system,
fenix,
crane,
src,
@@ -11,12 +13,12 @@
}:
let
rust =
- with fenix;
+ with fenix.${system};
combine [
stable.cargo
stable.rustc
];
- crane' = crane.overrideToolchain rust;
+ crane' = (crane pkgs).overrideToolchain rust;
rocksdb' = rocksdb.overrideAttrs (
final: prev: {
version = "9.1.1";
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 71a2d48..f5009d6 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,35 +1,52 @@
-{ inputs, ... }:
+{ config }:
+let
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "aarch64-darwin"
+ ];
+ builder = "nixpkgs-flake";
+ mkPackage = package: {
+ inherit systems package builder;
+ };
+
+in
{
- perSystem =
- {
- pkgs,
- lib,
- inputs',
- ...
- }:
- {
- packages.conduit-next = pkgs.callPackage ./conduit {
- src = inputs.conduit-src;
- crane = inputs.crane.mkLib pkgs;
- fenix = inputs'.fenix.packages;
- };
-
- packages.git-commit-last = pkgs.writeShellApplication {
- name = "git-commit-last";
- text = ''
- GITDIR="$(git rev-parse --git-dir)"
- git commit -eF "$GITDIR/COMMIT_EDITMSG"
- '';
- };
-
- packages.git-fixup = pkgs.writeShellApplication {
- name = "git-fixup";
- text = ''
- git log -n 50 --pretty=format:'%h %s' --no-merges | \
- ${lib.getExe pkgs.fzf} | \
- cut -c -7 | \
- xargs -o git commit --fixup
- '';
- };
+ config.packages.conduit-next = {
+ inherit systems builder;
+ package = import ./conduit;
+ settings.args = {
+ src = config.inputs.conduit-src.result;
+ crane = config.inputs.crane.result.mkLib;
+ fenix = config.inputs.fenix.result.packages;
};
+ };
+
+ config.packages.git-commit-last = mkPackage (
+ { writeShellApplication }:
+ writeShellApplication {
+ name = "git-commit-last";
+ text = ''
+ GITDIR="$(git rev-parse --git-dir)"
+ git commit -eF "$GITDIR/COMMIT_EDITMSG"
+ '';
+ }
+ );
+
+ config.packages.git-fixup = mkPackage (
+ {
+ lib,
+ writeShellApplication,
+ fzf,
+ }:
+ writeShellApplication {
+ name = "git-fixup";
+ text = ''
+ git log -n 50 --pretty=format:'%h %s' --no-merges | \
+ ${lib.getExe fzf} | \
+ cut -c -7 | \
+ xargs -o git commit --fixup
+ '';
+ }
+ );
}
diff --git a/services/attic.nix b/services/attic.nix
index 91d675f..f9d7501 100644
--- a/services/attic.nix
+++ b/services/attic.nix
@@ -1,12 +1,12 @@
{
- services.attic =
+ config.services.attic =
let
atticPort = 9476;
in
{
host = "kazuki";
ports = [ atticPort ];
- config =
+ module =
{ config, ... }:
{
age.secrets.attic-creds = {
diff --git a/services/default.nix b/services/default.nix
index 1837462..b92ec0f 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -1,6 +1,7 @@
{
- imports = [
+ includes = [
./attic.nix
./forgejo-runner.nix
+ ./forgejo.nix
];
}
diff --git a/services/forgejo-runner.nix b/services/forgejo-runner.nix
index 693d1d1..98574a1 100644
--- a/services/forgejo-runner.nix
+++ b/services/forgejo-runner.nix
@@ -1,10 +1,10 @@
{
- services.forgejo-runner = {
+ config.services.forgejo-runner = {
hosts = [
"ude"
"youko"
];
- config =
+ module =
{
config,
lib,
diff --git a/services/forgejo.nix b/services/forgejo.nix
new file mode 100644
index 0000000..a382d50
--- /dev/null
+++ b/services/forgejo.nix
@@ -0,0 +1,98 @@
+{
+ config.services.forgejo = {
+ host = "kazuki";
+ ports = [ 3000 ];
+ module =
+ { config, pkgs, ... }:
+ {
+ age.secrets.rab-lol-cf = {
+ file = ../secrets/rab-lol-cf.age;
+ owner = config.services.nginx.user;
+ };
+
+ services.forgejo = {
+ enable = true;
+ package = pkgs.forgejo;
+ settings = {
+ server = {
+ DOMAIN = "git.rab.lol";
+ ROOT_URL = "https://git.rab.lol/";
+ };
+ security = {
+ DISABLE_GIT_HOOKS = false;
+ };
+ oauth2_client = {
+ REGISTER_EMAIL_CONFIRM = false;
+ ENABLE_AUTO_REGISTRATION = true;
+ ACCOUNT_LINKING = "auto";
+ UPDATE_AVATAR = true;
+ };
+ service = {
+ DISABLE_REGISTRATION = false;
+ ALLOW_ONLY_INTERNAL_REGISTRATION = false;
+ ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+ };
+ session = {
+ SESSION_LIFE_TIME = 86400 * 30;
+ };
+ federation.ENABLED = true;
+ };
+ repositoryRoot = "/forgejo/repos";
+ lfs = {
+ enable = true;
+ contentDir = "/forgejo/lfs";
+ };
+ };
+
+ systemd.tmpfiles.rules =
+ let
+ cfg = config.services.forgejo;
+ imgDir = pkgs.runCommand "forgejo-img-dir" { } ''
+ cp -R ${../assets/forgejo} "$out"
+ '';
+ in
+ [
+ "d '${cfg.customDir}/public' 0750 ${cfg.user} ${cfg.group} - -"
+ "d '${cfg.customDir}/public/assets' 0750 ${cfg.user} ${cfg.group} - -"
+ "L+ '${cfg.customDir}/public/assets/img' - - - - ${imgDir}"
+ ];
+
+ services.nginx = {
+ enable = true;
+ recommendedProxySettings = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+ virtualHosts."git.rab.lol" = {
+ forceSSL = true;
+ enableACME = true;
+ acmeRoot = null;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:3000";
+ extraConfig = ''
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Upgrade $http_upgrade;
+ '';
+ };
+ };
+ };
+
+ users.users.nginx.extraGroups = [ "acme" ];
+ security.acme.acceptTerms = true;
+ security.acme.certs."git.rab.lol" = {
+ dnsProvider = "cloudflare";
+ credentialsFile = config.age.secrets.rab-lol-cf.path;
+ email = "nikodem@rabulinski.com";
+ };
+
+ fileSystems."/forgejo" = {
+ device = "/dev/disk/by-label/forgejo";
+ fsType = "btrfs";
+ options = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ };
+ };
+}
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..0cb2ef7
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1 @@
+(import ./nilla.nix { }).shells.default.result.${builtins.currentSystem}
diff --git a/treefmt.nix b/treefmt.nix
new file mode 100644
index 0000000..93590a2
--- /dev/null
+++ b/treefmt.nix
@@ -0,0 +1,23 @@
+{
+ projectRootFile = "nilla.nix";
+ programs.deadnix.enable = true;
+ programs.nixfmt.enable = true;
+ programs.statix.enable = true;
+ programs.fish_indent.enable = true;
+ programs.deno.enable = true;
+ programs.stylua.enable = true;
+ programs.shfmt.enable = true;
+ settings.global.excludes = [
+ # agenix
+ "*.age"
+
+ # racket
+ "*.rkt"
+ "**/rashrc"
+
+ # custom assets
+ "*.png"
+ "*.svg"
+ ];
+ settings.on-unmatched = "fatal";
+}
diff --git a/wrappers/default.nix b/wrappers/default.nix
index 95040ca..7701749 100644
--- a/wrappers/default.nix
+++ b/wrappers/default.nix
@@ -1,25 +1,32 @@
-{ inputs, ... }:
+{ lib, config }:
+let
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "aarch64-darwin"
+ ];
+ wrappedPerSystem = lib.attrs.generate systems (
+ system:
+ config.inputs.wrapper-manager-hm-compat.result.lib {
+ pkgs = config.inputs.nixpkgs.result.legacyPackages.${system};
+ modules = [
+ ./starship
+ ./helix
+ # TODO: Enable again
+ # ./rash
+ ./fish
+ ./wezterm
+ ];
+ specialArgs.inputs = builtins.mapAttrs (_: input: input.result) config.inputs;
+ }
+ );
+ wrappedPerSystem' = builtins.mapAttrs (_: wrapped: wrapped.config.build.packages) wrappedPerSystem;
+ wrapperNames = builtins.attrNames wrappedPerSystem'."x86_64-linux";
+in
{
- perSystem =
- { pkgs, inputs', ... }:
- let
- wrapped = inputs.wrapper-manager-hm-compat.lib {
- inherit pkgs;
- modules = [
- ./starship
- ./helix
- # TODO: Enable again
- # ./rash
- ./fish
- ./wezterm
- ];
- specialArgs = {
- inherit inputs inputs';
- };
- };
- all-packages = wrapped.config.build.packages;
- in
- {
- packages = all-packages;
- };
+ config.packages = lib.attrs.generate wrapperNames (wrapper: {
+ inherit systems;
+ builder = "custom-load";
+ package = { system }: wrappedPerSystem'.${system}.${wrapper};
+ });
}
diff --git a/wrappers/helix/default.nix b/wrappers/helix/default.nix
index 8bd476d..6703955 100644
--- a/wrappers/helix/default.nix
+++ b/wrappers/helix/default.nix
@@ -1,8 +1,8 @@
-{ pkgs, inputs', ... }:
+{ pkgs, inputs, ... }:
{
programs.helix = {
enable = true;
- package = inputs'.helix.packages.default;
+ package = inputs.helix.packages.${pkgs.system}.default;
settings = {
theme = "base16_default_dark";
editor = {
diff --git a/wrappers/rash/default.nix b/wrappers/rash/default.nix
index c142a0e..64c026c 100644
--- a/wrappers/rash/default.nix
+++ b/wrappers/rash/default.nix
@@ -1,6 +1,6 @@
{
pkgs,
- inputs',
+ inputs,
config,
...
}:
@@ -13,7 +13,7 @@
rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1";
hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY=";
};
- racket-with-libs = inputs'.racket.packages.racket.newLayer {
+ racket-with-libs = inputs.racket.packages.${pkgs.system}.racket.newLayer {
withRacketPackages =
ps: with ps; [
readline-gpl