nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: nrabulinski:6f1daeea46f166f4750e132fef95d944f59725f4
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla
..
compare: nrabulinski:e898b357f57c964cd231016adcfcc0c706be2fa8
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla

1 commit
6f1daeea46 ... e898b357f5

Author SHA1 Message Date
Nikodem Rabuliński
e898b357f5
services/kanidm: init
All checks were successful
/ check (pull_request) Successful in 33s
Details
2025-04-13 19:29:37 +02:00
75 changed files with 1064 additions and 1092 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1,2 +1 @@
use flake use flake
watch_file nilla.nix

4
.forgejo/workflows/build.yaml
View file

@ -1,6 +1,5 @@
on: on:
push: push:
branches: [main]
pull_request: pull_request:
types: [opened, synchronize, reopened] types: [opened, synchronize, reopened]
@ -9,5 +8,4 @@ jobs:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix-build -A ci.check - run: nix flake check --all-systems
- run: ./result

1
.gitignore vendored
View file

@ -1,2 +1 @@
.direnv .direnv
result

10
README.md
View file

@ -3,7 +3,7 @@
雪定<rp>(</rp><rt>せってい</rt><rp>)</rp> 雪定<rp>(</rp><rt>せってい</rt><rp>)</rp>
</ruby> </ruby>
</h1> </h1>
Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and nilla modules. Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and flake-parts modules.
> [!CAUTION] > [!CAUTION]
> I tried to make the modules in this repository useful to others without having > I tried to make the modules in this repository useful to others without having
@ -25,12 +25,13 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin,
- modules - options which in principle should be reusable by others - modules - options which in principle should be reusable by others
- system - my opinionated nixos/nix-darwin modules - system - my opinionated nixos/nix-darwin modules
- home - my opinionated home-manager modules - home - my opinionated home-manager modules
- nilla - nilla modules - flake - flake-parts modules
- services - configs for services I self-host - services - configs for services I self-host
- secrets - agenix secrets - secrets - agenix secrets
- wrappers - nix packages wrapped with my configs (see: - wrappers - nix packages wrapped with my configs (see:
[wrapper-manager](https://github.com/viperML/wrapper-manager)) [wrapper-manager](https://github.com/viperML/wrapper-manager))
- assets - miscellaneous values reused throughout my config - assets - miscellaneous values reused throughout my config
- effects.nix - hercules-ci configuration
## Code guidelines ## Code guidelines
@ -54,8 +55,9 @@ clean, maintainable, and reusable.
Sorted rougly by priority Sorted rougly by priority
- get rid of flakes completely
- bring back ci (sorta done) - bring back ci (sorta done)
- automatic deploys (either push or pull, to be decided) - hercules-ci effects for deploying machines on update (if configuration is
valid)
- fix disko
- make the configuration truly declarative (to a reasonable degree) - make the configuration truly declarative (to a reasonable degree)
- themeing solution - themeing solution

8
assets/default.nix
View file

@ -1,8 +1,8 @@
{ lib }: { lib, ... }:
{ {
options.assets = lib.options.create { options.assets = lib.mkOption {
type = lib.types.raw; type = lib.types.unspecified;
writable = false; readOnly = true;
}; };
config.assets = { config.assets = {

12
default.nix
View file

@ -1,12 +0,0 @@
let
nilla = import ./nilla.nix { };
getPackage = name: nilla.packages.${name}.result.${builtins.currentSystem};
in
{
ci.check = getPackage "ci-check";
formatter = getPackage "formatter";
systems = {
nixos = builtins.mapAttrs (_: system: system.result) nilla.systems.nixos;
darwin = builtins.mapAttrs (_: system: system.result) nilla.systems.darwin;
};
}

102
effects.nix Normal file
View file

@ -0,0 +1,102 @@
{
config,
lib,
withSystem,
self,
...
}:
let
collectFlakeOutputs =
{ config, pkgs }:
let
inherit (pkgs) lib;
collectDrvs =
prefix: attrs:
let
drvs = lib.pipe attrs [
(lib.filterAttrs (_: lib.isDerivation))
(lib.mapAttrsToList (
name: drv: {
name = lib.concatStringsSep "." (prefix ++ [ name ]);
inherit drv;
}
))
];
recursed = lib.pipe attrs [
(lib.filterAttrs (
_: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)
))
(lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ])))
];
in
drvs ++ (lib.flatten recursed);
rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ];
in
collectDrvs [ ] rootOutputs;
in
{
defaultEffectSystem = "aarch64-linux";
hercules-ci = {
flake-update = {
enable = true;
when.dayOfWeek = "Mon";
};
};
herculesCI = herculesCI: {
onPush.default = {
outputs.effects = {
pin-cache = withSystem config.defaultEffectSystem (
{ pkgs, hci-effects, ... }:
let
collected = collectFlakeOutputs {
inherit (herculesCI) config;
inherit pkgs;
};
cachixCommands = lib.concatMapStringsSep "\n" (
{ name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}"
) collected;
in
hci-effects.runIf (herculesCI.config.repo.branch == "main") (
hci-effects.mkEffect {
secretsMap."cachix-token" = "cachix-token";
inputs = [ pkgs.cachix ];
userSetupScript = ''
cachix authtoken $(readSecretString cachix-token .token)
'';
# Discarding the context is fine here because we don't actually want to build those derivations.
# They have already been built as part of this job,
# we only want to pin them to make sure cachix doesn't GC them.
effectScript = builtins.unsafeDiscardStringContext cachixCommands;
}
)
);
};
};
};
perSystem =
{ pkgs, lib, ... }:
rec {
legacyPackages.outputsList =
let
config = self.herculesCI {
primaryRepo = { };
herculesCI = { };
};
in
collectFlakeOutputs { inherit config pkgs; };
legacyPackages.github-matrix =
let
systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList;
in
lib.concatMapStringsSep "\n" (
{ name, value }:
''
${name}=${builtins.toJSON (map (d: d.name) value)}
''
) (lib.attrsToList systems);
};
}

493
flake.lock generated
View file

@ -1,21 +1,5 @@
{ {
"nodes": { "nodes": {
"__flake-compat": {
"flake": false,
"locked": {
"lastModified": 1748460212,
"narHash": "sha256-RBUseGlYAKOd8hnKVujiGzpdJoZWj5e3A+Ds2mKsv28=",
"ref": "refs/heads/main",
"rev": "88e58d66efad1b3e0edf8633ea0774f7105d37c9",
"revCount": 86,
"type": "git",
"url": "https://git.lix.systems/lix-project/flake-compat.git"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/flake-compat.git"
}
},
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": [ "darwin": [
@ -30,11 +14,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1747575206, "lastModified": 1736955230,
"narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1", "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -44,13 +28,30 @@
} }
}, },
"attic": { "attic": {
"flake": false, "inputs": {
"crane": [
"crane"
],
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"lix": [
"lix"
],
"lix-module": [
"lix-module"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": { "locked": {
"lastModified": 1748777195, "lastModified": 1742679462,
"narHash": "sha256-j3GQS4zm4zc1yo+5hCs0kpIGNDePj7ayRkbqsy3tyYs=", "narHash": "sha256-L9q9KDqiJEREM/GRnSo4vB9VCvclmdRT9vXuFwBmb9Y=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "ec24c04e345ab02ff35020d99e34f1eda0b82352", "rev": "087bfe9234f8dc682dbf1d8f96c0b712f587c466",
"revCount": 373, "revCount": 368,
"type": "git", "type": "git",
"url": "https://git.lix.systems/nrabulinski/attic.git" "url": "https://git.lix.systems/nrabulinski/attic.git"
}, },
@ -78,11 +79,11 @@
"conduit-src": { "conduit-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748702033, "lastModified": 1742005420,
"narHash": "sha256-W72vGS0qJow1O4jXkuE3px4eNyFJeZqjuMREs6Lb5bU=", "narHash": "sha256-v4LCx7VUZ+8Hy1+6ziREVY/QEADjZbo8c0h9eU7nMVY=",
"owner": "famedly", "owner": "famedly",
"repo": "conduit", "repo": "conduit",
"rev": "a1886a13967b0471b55428f7aed55087ad357491", "rev": "063d13a0e10619f17bc21f0dd291c5a733581394",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -93,28 +94,12 @@
} }
}, },
"crane": { "crane": {
"flake": false,
"locked": { "locked": {
"lastModified": 1748047550, "lastModified": 1742394900,
"narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=", "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "b718a78696060df6280196a6f992d04c87a16aef", "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1743700120,
"narHash": "sha256-8BjG/P0xnuCyVOXlYRwdI1B8nVtyYLf3oDwPSimqREY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "e316f19ee058e6db50075115783be57ac549c389",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -130,11 +115,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748354048, "lastModified": 1742382197,
"narHash": "sha256-BUUifoC7bipKczvpk8fq+UYrhiK95nt/zhMuPcelzWg=", "narHash": "sha256-5OtFbbdKAkWDVuzjs1J9KwdFuDxsEvz0FZX3xR2jEUM=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "eb1b636932ba2f19522d3687ba27c6adf3fd5978", "rev": "643b57fd32135769f809913663130a95fe6db49e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -151,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748225455, "lastModified": 1741786315,
"narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -164,14 +149,55 @@
"type": "github" "type": "github"
} }
}, },
"fenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1742452566,
"narHash": "sha256-sVuLDQ2UIWfXUBbctzrZrXM2X05YjX08K7XHMztt36E=",
"owner": "nix-community",
"repo": "fenix",
"rev": "7d9ba794daf5e8cc7ee728859bc688d8e26d5f06",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742432361,
"narHash": "sha256-FlqTrkzSn6oPR5iJTPsCQDd0ioMGzzxnPB+2wve9W2w=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "c868ff433ea5123e837a62ae689543045187d7a4",
"type": "github"
},
"original": {
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1733328505,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -180,6 +206,81 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@ -216,6 +317,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@ -231,67 +350,20 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [
"mailserver",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"mailserver",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"mailserver",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"helix": { "helix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1748702599, "lastModified": 1742479163,
"narHash": "sha256-cXzTGHrZsT4wSxlLvw2ZlHPVjC/MA2W0sI/KF1yStbY=", "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "2baff46b2578d78d817b9e128e8cc00345541f0b", "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -307,11 +379,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748737919, "lastModified": 1742501496,
"narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", "narHash": "sha256-LYwyZmhckDKK7i4avmbcs1pBROpOaHi98lbjX1fmVpU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5675a9686851d9626560052a032c4e14e533c1fa", "rev": "d725df5ad8cee60e61ee6fe3afb735e4fbc1ff41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -323,11 +395,11 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748588861, "lastModified": 1742411066,
"narHash": "sha256-bP9MHHCx/6Pi1TlO7Iq8X6AUoQHzyExQJNnSHSOqUUk=", "narHash": "sha256-8vXOKPQFRzTjapsRnTJ1nuFjUfC+AGI2ybdK5cAEHZ8=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "3815dd5e64fc374fa4dcc5064470cd7a7d77aaf3", "rev": "2491b7cc2128ee440d24768c4521c38b1859fc28",
"revCount": 17966, "revCount": 17705,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix.git" "url": "https://git.lix.systems/lix-project/lix.git"
}, },
@ -338,7 +410,7 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": [ "lix": [
"lix" "lix"
@ -348,11 +420,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747667424, "lastModified": 1741894565,
"narHash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=", "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700", "rev": "a6da43f8193d9e329bba1795c42590c27966082e",
"revCount": 144, "revCount": 136,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git" "url": "https://git.lix.systems/lix-project/nixos-module.git"
}, },
@ -364,19 +436,18 @@
"mailserver": { "mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"git-hooks": "git-hooks",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-25_05": "nixpkgs-25_05" "nixpkgs-24_11": "nixpkgs-24_11"
}, },
"locked": { "locked": {
"lastModified": 1748689589, "lastModified": 1742413977,
"narHash": "sha256-ltwdNAsto54HMQFdrCprWXPFhNBfEuiCkj+GS7ZHvww=", "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "c9f61e02aee97dc8c7d4f3739b012a992183508c", "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -385,45 +456,53 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"nh": { "niko-nur": {
"flake": false, "inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs"
},
"locked": { "locked": {
"lastModified": 1748096601, "lastModified": 1723663703,
"narHash": "sha256-ji/9z1pRbosyKVVAIGBazyz6PjWV8bc2Ux2RdQrVDWY=", "narHash": "sha256-ubPcnvjRQCzZgaYTWOKd82xXwJKmOaPjStUOUkyRTSs=",
"owner": "nix-community", "owner": "nrabulinski",
"repo": "nh", "repo": "nur-packages",
"rev": "1ea27e73a3dcbc9950258e9054377ee677d12b9e", "rev": "567fd42dc54f71ce1705180ad7f35f786f00ed9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nrabulinski",
"repo": "nh", "repo": "nur-packages",
"type": "github" "type": "github"
} }
}, },
"nilla": { "nix-github-actions": {
"flake": false, "inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1748686039, "lastModified": 1737420293,
"narHash": "sha256-7iLzbTLtgdFtm9em3xxHO9BunN2YpgYquMLKXh5hEpQ=", "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nilla-nix", "owner": "nix-community",
"repo": "nilla", "repo": "nix-github-actions",
"rev": "4e6038f4ebc89487194013af6a1e077dfeb00359", "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nilla-nix", "owner": "nix-community",
"repo": "nilla", "repo": "nix-github-actions",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748662220, "lastModified": 1723603349,
"narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", "narHash": "sha256-VMg6N7MryOuvSJ8Sj6YydarnUCkL7cvMdrMcnsJnJCE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", "rev": "daf7bb95821b789db24fc1ac21f613db0c1bf2cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -433,18 +512,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-25_05": { "nixpkgs-24_11": {
"locked": { "locked": {
"lastModified": 1747610100, "lastModified": 1734083684,
"narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1742395137,
"narHash": "sha256-WWNNjCSzQCtATpCFEijm81NNG1xqlLMVbIzXAiZysbs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2a725d40de138714db4872dc7405d86457aa17ad",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -471,21 +593,22 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"__flake-compat": "__flake-compat",
"agenix": "agenix", "agenix": "agenix",
"attic": "attic", "attic": "attic",
"conduit-src": "conduit-src", "conduit-src": "conduit-src",
"crane": "crane", "crane": "crane",
"darwin": "darwin", "darwin": "darwin",
"disko": "disko", "disko": "disko",
"fenix": "fenix",
"firefox-darwin": "firefox-darwin",
"flake-parts": "flake-parts_2",
"helix": "helix", "helix": "helix",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix": "lix", "lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"mailserver": "mailserver", "mailserver": "mailserver",
"nh": "nh", "niko-nur": "niko-nur",
"nilla": "nilla", "nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"racket": "racket", "racket": "racket",
"treefmt": "treefmt", "treefmt": "treefmt",
"wrapper-manager": "wrapper-manager", "wrapper-manager": "wrapper-manager",
@ -493,6 +616,23 @@
"zjstatus": "zjstatus" "zjstatus": "zjstatus"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1742296961,
"narHash": "sha256-gCpvEQOrugHWLimD1wTFOJHagnSEP6VYBDspq96Idu0=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "15d87419f1a123d8f888d608129c3ce3ff8f13d4",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -522,11 +662,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743682350, "lastModified": 1739240901,
"narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", "narHash": "sha256-YDtl/9w71m5WcZvbEroYoWrjECDhzJZLZ8E68S3BYok=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", "rev": "03473e2af8a4b490f4d2cdb2e4d3b75f82c8197c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -580,6 +720,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt": { "treefmt": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -587,11 +742,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748243702, "lastModified": 1742370146,
"narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -634,11 +789,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748551590, "lastModified": 1707430137,
"narHash": "sha256-SwTvZHFrPUxaWm1DFOmRMDP813sMhvKpd8onQBNJIeo=", "narHash": "sha256-QeYv+l7v5raFE5vpnxicFRK0LIRPvbpxsMKqwkRqtBc=",
"owner": "nrabulinski", "owner": "nrabulinski",
"repo": "wrapper-manager-hm-compat", "repo": "wrapper-manager-hm-compat",
"rev": "f4cffb7d2f9aa5c6fc652a065bea7dfea5856fee", "rev": "16b0cf2e5f157ffe79114927d6006dc71dbe2210",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -649,19 +804,21 @@
}, },
"zjstatus": { "zjstatus": {
"inputs": { "inputs": {
"crane": "crane_2", "crane": [
"flake-utils": "flake-utils_2", "crane"
],
"flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1745230073, "lastModified": 1741803511,
"narHash": "sha256-OER99U7MiqQ47myvbsiljsax7OsK19NMds4NBM9XXLs=", "narHash": "sha256-DcCGBWvAvt+OWI+EcPRO+/IXZHkFgPxZUmxf2VLl8no=",
"owner": "dj95", "owner": "dj95",
"repo": "zjstatus", "repo": "zjstatus",
"rev": "a819e3bfe6bfef0438d811cdbb1bcfdc29912c62", "rev": "df9c77718f7023de8406e593eda6b5b0bc09cddd",
"type": "github" "type": "github"
}, },
"original": { "original": {

134
flake.nix
View file

@ -1,8 +1,86 @@
{ {
outputs = inputs: (import ./nilla.nix { inherit inputs; }).flake; outputs =
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
imports = [
inputs.treefmt.flakeModule
./assets
./hosts
./modules
./wrappers
./pkgs
./services
];
perSystem =
{
inputs',
self',
pkgs,
...
}:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.agenix.packages.agenix
self'.packages.attic-client
# TODO: Contribute darwin support to nh
pkgs.nh
];
};
packages = {
# Re-export it for convenience and for caching
inherit (inputs'.attic.packages) attic-client attic-server;
base-packages = pkgs.symlinkJoin {
name = "settei-base";
paths = with self'.packages; [
helix
fish
git-commit-last
git-fixup
];
};
};
treefmt = {
programs.deadnix.enable = true;
programs.nixfmt.enable = true;
programs.statix.enable = true;
programs.fish_indent.enable = true;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.shfmt.enable = true;
settings.global.excludes = [
# agenix
"*.age"
# racket
"*.rkt"
"**/rashrc"
# custom assets
"*.png"
"*.svg"
];
settings.on-unmatched = "fatal";
};
};
};
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable";
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -47,13 +125,26 @@
url = "gitlab:famedly/conduit?ref=next"; url = "gitlab:famedly/conduit?ref=next";
flake = false; flake = false;
}; };
attic = { fenix = {
url = "git+https://git.lix.systems/nrabulinski/attic.git"; url = "github:nix-community/fenix";
flake = false; inputs.nixpkgs.follows = "nixpkgs";
}; };
crane = { crane = {
url = "github:ipetkov/crane"; url = "github:ipetkov/crane";
flake = false; };
firefox-darwin = {
url = "github:bandithedoge/nixpkgs-firefox-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
niko-nur = {
url = "github:nrabulinski/nur-packages";
};
attic = {
url = "git+https://git.lix.systems/nrabulinski/attic.git";
inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
inputs.lix.follows = "lix";
inputs.lix-module.follows = "lix-module";
}; };
helix = { helix = {
url = "github:helix-editor/helix"; url = "github:helix-editor/helix";
@ -62,6 +153,7 @@
zjstatus = { zjstatus = {
url = "github:dj95/zjstatus"; url = "github:dj95/zjstatus";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
}; };
lix = { lix = {
url = "git+https://git.lix.systems/lix-project/lix.git"; url = "git+https://git.lix.systems/lix-project/lix.git";
@ -76,17 +168,27 @@
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
__flake-compat = {
url = "git+https://git.lix.systems/lix-project/flake-compat.git";
flake = false;
};
nilla = {
url = "github:nilla-nix/nilla";
flake = false;
};
nh = {
url = "github:nix-community/nh";
flake = false;
}; };
/*
TODO: Uncomment once (if ever?) nixConfig makes sense in flakes
nixConfig = {
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org"
"https://cache.nrab.lol"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
];
}; };
*/
} }

42
hosts/default.nix
View file

@ -1,9 +1,11 @@
{ {
config, config,
self,
inputs, inputs,
...
}: }:
{ {
includes = [ imports = [
./kazuki ./kazuki
./hijiri-vm ./hijiri-vm
./hijiri ./hijiri
@ -14,40 +16,58 @@
./youko ./youko
]; ];
config.systems.builders = builders =
let let
sharedOptions = { sharedOptions = {
_file = ./default.nix; _file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user; settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // { settei.flake-qol.inputs = inputs // {
settei = inputs.self; settei = self;
}; };
}; };
baseNixos = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.combined
sharedOptions
];
specialArgs.configurationName = "base";
};
baseDarwin = inputs.darwin.lib.darwinSystem {
modules = [
self.darwinModules.combined
sharedOptions
];
specialArgs.configurationName = "base";
};
in in
{ {
nixos = nixos =
name: module: name: module:
inputs.nixpkgs.lib.nixosSystem { baseNixos.extendModules {
modules = [ modules = [
config.nixosModules.combined
sharedOptions
module module
config.extraHostConfigs.${name} or { } config.__extraHostConfigs.${name} or { }
]; ];
specialArgs.configurationName = name; specialArgs.configurationName = name;
}; };
darwin = darwin =
name: module: name: module:
inputs.darwin.lib.darwinSystem { let
eval = baseDarwin._module.args.extendModules {
modules = [ modules = [
config.darwinModules.combined
sharedOptions
module module
config.extraHostConfigs.${name} or { } config.__extraHostConfigs.${name} or { }
]; ];
specialArgs.configurationName = name; specialArgs.configurationName = name;
}; };
in
eval
// {
system = eval.config.system.build.toplevel;
};
}; };
} }

2
hosts/hijiri-vm/default.nix
View file

@ -1,5 +1,5 @@
{ {
config.systems.nixos.hijiri-vm.module = configurations.nixos.hijiri-vm =
{ {
modulesPath, modulesPath,
lib, lib,

2
hosts/hijiri/default.nix
View file

@ -1,5 +1,5 @@
{ {
config.systems.darwin.hijiri.module = configurations.darwin.hijiri =
{ {
config, config,
pkgs, pkgs,

2
hosts/hijiri/skhd.nix
View file

@ -4,7 +4,7 @@
enable = true; enable = true;
skhdConfig = skhdConfig =
let let
spaceCount = 9; spaceCount = 6;
spaceBindings = lib.genList ( spaceBindings = lib.genList (
i: i:
let let

2
hosts/installer/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }: { lib, ... }:
{ {
config.configurations.nixos = configurations.nixos =
let let
mkInstaller = mkInstaller =
system: system:

2
hosts/kazuki/default.nix
View file

@ -1,5 +1,5 @@
{ {
config.systems.nixos.kazuki.module = configurations.nixos.kazuki =
{ {
modulesPath, modulesPath,
... ...

2
hosts/kazuki/mail.nix
View file

@ -37,8 +37,6 @@
}; };
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
stateVersion = 2;
}; };
# TODO: Remove once SNM gets their shit together # TODO: Remove once SNM gets their shit together

2
hosts/kogata/default.nix
View file

@ -1,5 +1,5 @@
{ {
config.systems.darwin.kogata.module = configurations.darwin.kogata =
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs.system = "aarch64-darwin"; nixpkgs.system = "aarch64-darwin";

2
hosts/ude/default.nix
View file

@ -1,5 +1,5 @@
{ {
config.systems.nixos.ude.module = configurations.nixos.ude =
{ {
config, config,
modulesPath, modulesPath,

21
hosts/youko/default.nix
View file

@ -1,19 +1,5 @@
{ config, lib, ... }:
let
builderUsers = lib.fp.pipe [
(lib.attrs.filter (
name: _:
!builtins.elem name [
"youko"
"kazuki"
"ude"
]
))
builtins.attrValues
] config.assets.sshKeys.system;
in
{ {
config.systems.nixos.youko.module = configurations.nixos.youko =
{ {
config, config,
lib, lib,
@ -45,11 +31,6 @@ in
settei.desktop.enable = true; settei.desktop.enable = true;
}; };
settei.remote-builder = {
enable = true;
sshKeys = builderUsers;
};
services.udisks2.enable = true; services.udisks2.enable = true;
settei.incus.enable = true; settei.incus.enable = true;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;

16
inputs.nix
View file

@ -1,16 +0,0 @@
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.__flake-compat;
inherit (lock.nodes.${nodeName}.locked) narHash rev url;
flake-compat = builtins.fetchTarball {
url = "${url}/archive/${rev}.tar.gz";
sha256 = narHash;
};
flake = import flake-compat {
src = ./.;
copySourceTreeToStore = false;
useBuiltinsFetchTree = true;
};
in
# Workaround for https://github.com/nilla-nix/nilla/issues/14
builtins.mapAttrs (_: input: input // { type = "derivation"; }) flake.inputs

33
modules/default.nix
View file

@ -1,21 +1,29 @@
{ {
config, config,
inputs, inputs,
...
}: }:
let let
perInput = system: flake: { flakeModule = import ./flake { inherit (inputs) nixpkgs darwin home-manager; };
packages = flake.packages.${system};
};
in in
{ {
config.homeModules = rec { imports = [
flakeModule
];
flake.homeModules = rec {
settei = ./home; settei = ./home;
default = settei; default = settei;
}; };
config.nixosModules = rec { flake.flakeModules = rec {
settei = flakeModule;
default = settei;
};
flake.nixosModules = rec {
settei = import ./system { settei = import ./system {
inherit perInput; inherit (config) perInput;
isLinux = true; isLinux = true;
}; };
combined = { combined = {
@ -25,28 +33,21 @@ in
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
"${inputs.attic}/nixos/atticd.nix" inputs.attic.nixosModules.atticd
inputs.lix-module.nixosModules.default inputs.lix-module.nixosModules.default
{ {
disabledModules = [ disabledModules = [
"services/networking/atticd.nix" "services/networking/atticd.nix"
]; ];
services.atticd.useFlakeCompatOverlay = false;
nixpkgs.overlays = [
(final: _: {
attic-client = config.packages.attic-client.result.${final.system};
attic-server = config.packages.attic-server.result.${final.system};
})
];
} }
]; ];
}; };
default = combined; default = combined;
}; };
config.darwinModules = rec { flake.darwinModules = rec {
settei = import ./system { settei = import ./system {
inherit perInput; inherit (config) perInput;
isLinux = false; isLinux = false;
}; };
combined = { combined = {

54
modules/flake/configurations.nix Normal file
View file

@ -0,0 +1,54 @@
{
nixpkgs,
darwin,
home-manager,
}:
{
config,
lib,
...
}:
with lib;
{
_file = ./configurations.nix;
options = {
# Those functions take the final arguments and emit a valid configuration.
# Probably should hardly ever be overriden
builders = {
nixos = mkOption {
type = types.functionTo types.unspecified;
default = _name: nixpkgs.lib.nixosSystem;
};
darwin = mkOption {
type = types.functionTo types.unspecified;
default = _name: darwin.lib.darwinSystem;
};
home = mkOption {
type = types.functionTo types.unspecified;
default = _name: home-manager.lib.homeManagerConfiguration;
};
};
configurations = {
nixos = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
darwin = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
home = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
};
};
config.flake = {
nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos;
darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin;
homeConfigurations = mapAttrs config.builders.home config.configurations.home;
};
}

13
modules/flake/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
nixpkgs,
darwin,
home-manager,
}:
{
_file = ./default.nix;
imports = [
(import ./configurations.nix { inherit nixpkgs darwin home-manager; })
./services.nix
];
}

95
modules/flake/services.nix Normal file
View file

@ -0,0 +1,95 @@
# List of features I want this module to eventually have
# TODO: Automatic port allocation
# TODO: Making it possible to conveniently isolate services (running them in NixOS containers)
# TODO: Handling specializations
# TODO: Convenient http handling
# TODO: Automatic backup
{ config, lib, ... }:
let
serviceModule =
{ config, ... }:
{
options = {
host = lib.mkOption {
type = lib.types.str;
};
ports = lib.mkOption {
type = with lib.types; listOf port;
default = [ ];
};
hosts = lib.mkOption {
type = with lib.types; listOf str;
default = [ config.host ];
};
config = lib.mkOption {
type = lib.types.deferredModule;
default = { };
};
hostConfig = lib.mkOption {
type = with lib.types; attrsOf deferredModule;
default = { };
};
};
};
moduleToHostConfigs =
cfg:
lib.genAttrs cfg.hosts (host: {
imports = [
cfg.config
(cfg.hostConfig.${host} or { })
];
});
maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
in
{
_file = ./services.nix;
options = {
services = lib.mkOption {
type = with lib.types; attrsOf (submodule serviceModule);
default = { };
};
__extraHostConfigs = lib.mkOption {
type = with lib.types; attrsOf deferredModule;
readOnly = true;
};
};
config.__extraHostConfigs =
let
duplicatePorts = lib.pipe config.services [
lib.attrValues
(map (cfg: cfg.ports))
lib.flatten
(lib.groupBy' (cnt: _: cnt + 1) 0 toString)
(lib.filterAttrs (_: cnt: cnt > 1))
lib.attrNames
];
assertMsg =
let
plural = lib.length duplicatePorts > 1;
in
"\nBad service config:\nThe following port${if plural then "s" else ""} ${
if plural then "were" else "was"
} declared multiple times: ${lib.concatStringsSep ", " duplicatePorts}";
# Here I collect all the services.<name>.config into a flat
# __extraHostConfigs.<host>.imports = [
# ...
# ]
# so that I can easily import them in hosts/default.nix
hostConfigs = lib.pipe config.services [
lib.attrValues
(lib.foldl' (
acc: cfg:
acc
// lib.mapAttrs (host: c: {
imports = c.imports ++ (maybeGetPreviousConfigs acc host);
}) (moduleToHostConfigs cfg)
) { })
];
in
if duplicatePorts != [ ] then throw assertMsg else hostConfigs;
}

2
modules/home/default.nix
View file

@ -1,6 +1,7 @@
# TODO: Make this module not rely on OS config being present # TODO: Make this module not rely on OS config being present
{ {
osConfig, osConfig,
pkgs,
lib, lib,
inputs', inputs',
machineName, machineName,
@ -58,6 +59,7 @@ in
home.packages = [ home.packages = [
inputs'.settei.packages.base-packages inputs'.settei.packages.base-packages
pkgs.nh
]; ];
home.sessionVariables.EDITOR = "hx"; home.sessionVariables.EDITOR = "hx";

56
modules/home/desktop/default.nix
View file

@ -2,16 +2,14 @@
config, config,
lib, lib,
pkgs, pkgs,
inputs,
inputs', inputs',
... ...
}: }:
{ {
_file = ./default.nix; _file = ./default.nix;
imports = [ imports = [ ./zellij.nix ];
./zellij.nix
./qutebrowser.nix
];
options.settei.desktop = { options.settei.desktop = {
enable = lib.mkEnableOption "Common configuration for desktop machines"; enable = lib.mkEnableOption "Common configuration for desktop machines";
@ -23,12 +21,56 @@
nerd-fonts.iosevka nerd-fonts.iosevka
nerd-fonts.iosevka-term nerd-fonts.iosevka-term
fontconfig fontconfig
signal-desktop-bin signal-desktop
]; ];
settei.unfree.allowedPackages = [ "signal-desktop-bin" ]; settei.unfree.allowedPackages = [ "signal-desktop" ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
programs.firefox.enable = true; programs.firefox = {
enable = true;
package =
let
firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay;
in
lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin;
};
programs.qutebrowser = {
enable = true;
package =
if pkgs.stdenv.isDarwin then inputs'.niko-nur.packages.qutebrowser-bin else pkgs.qutebrowser;
searchEngines = {
r = "https://doc.rust-lang.org/stable/std/?search={}";
lib = "https://lib.rs/search?q={}";
nip = "https://jisho.org/search/{}";
};
settings = {
tabs = {
indicator.width = 3;
};
fonts = {
default_family = "IosevkaTerm Nerd Font";
default_size = "13px";
};
content = {
canvas_reading = true;
blocking.method = "both";
javascript.clipboard = "access";
};
};
# Workaround because the nix module doesn't properly handle options that expect a dict
extraConfig = ''
c.tabs.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
c.statusbar.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
'';
keyBindings = {
passthrough = {
"<Ctrl-Escape>" = "mode-leave";
};
};
};
}; };
} }

38
modules/home/desktop/qutebrowser.nix
View file

@ -1,38 +0,0 @@
{ pkgs, ... }:
{
programs.qutebrowser = {
# TODO: Enable again
enable = pkgs.stdenv.isLinux;
searchEngines = {
r = "https://doc.rust-lang.org/stable/std/?search={}";
lib = "https://lib.rs/search?q={}";
nip = "https://jisho.org/search/{}";
};
settings = {
tabs = {
indicator.width = 3;
};
fonts = {
default_family = "IosevkaTerm Nerd Font";
default_size = "13px";
};
content = {
canvas_reading = true;
blocking.method = "both";
javascript.clipboard = "access";
};
};
# Workaround because the nix module doesn't properly handle options that expect a dict
extraConfig = ''
c.tabs.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
c.statusbar.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 }
'';
keyBindings = {
passthrough = {
"<Ctrl-Escape>" = "mode-leave";
};
};
};
}

8
modules/nilla/builders/custom-load.nix
View file

@ -1,8 +0,0 @@
{ lib }:
{
config.builders.custom-load = {
settings.type = lib.types.submodule { };
settings.default = { };
build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; });
};
}

6
modules/nilla/builders/default.nix
View file

@ -1,6 +0,0 @@
{
includes = [
./nixpkgs-flake.nix
./custom-load.nix
];
}

21
modules/nilla/builders/nixpkgs-flake.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
inputs,
}:
{
config.builders.nixpkgs-flake = {
settings.type = lib.types.submodule {
options.args = lib.options.create {
type = lib.types.any;
default.value = { };
};
};
settings.default = { };
build =
pkg:
lib.attrs.generate pkg.systems (
system: inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package pkg.settings.args
);
};
}

9
modules/nilla/default.nix
View file

@ -1,9 +0,0 @@
{
includes = [
./builders
./services.nix
./systems.nix
./modules.nix
./flake.nix
];
}

32
modules/nilla/flake.nix
View file

@ -1,32 +0,0 @@
{ lib, config }:
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
transpose =
attrs: lib.attrs.generate systems (system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs);
in
{
options.flake = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
};
config.flake = {
inherit (config)
nixosModules
darwinModules
homeModules
;
nixosConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.nixos;
darwinConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.darwin;
homeConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.home;
devShells = transpose config.shells;
packages = transpose config.packages;
formatter = config.packages.formatter.result;
};
}

17
modules/nilla/modules.nix
View file

@ -1,17 +0,0 @@
{ lib }:
{
options = {
nixosModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
darwinModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
homeModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
};
}

95
modules/nilla/services.nix
View file

@ -1,95 +0,0 @@
{ lib, config }:
let
inherit (builtins)
attrNames
attrValues
concatStringsSep
mapAttrs
foldl'
groupBy
length
;
serviceModule =
{ config }:
{
options = {
host = lib.options.create {
type = lib.types.string;
};
ports = lib.options.create {
type = lib.types.list.of lib.types.port;
default.value = [ ];
};
hosts = lib.options.create {
type = lib.types.list.of lib.types.string;
default.value = [ config.host ];
};
module = lib.options.create {
type = lib.types.raw;
default.value = { };
};
hostModule = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
};
};
moduleToHostConfigs =
cfg:
lib.attrs.generate cfg.hosts (host: {
imports = [
cfg.module
(cfg.hostModule.${host} or { })
];
});
maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
# Copied from nixpkgs/lib/lists.nix
groupBy' =
op: nul: pred: lst:
mapAttrs (_name: foldl' op nul) (groupBy pred lst);
duplicatePorts = lib.fp.pipe [
attrValues
(map (cfg: cfg.ports))
lib.lists.flatten
(groupBy' (cnt: _: cnt + 1) 0 toString)
(lib.attrs.filter (_: cnt: cnt > 1))
attrNames
] config.services;
in
{
options.services = lib.options.create {
type = lib.types.attrs.of (lib.types.submodule serviceModule);
default.value = { };
};
options.extraHostConfigs = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
writable = false;
default.value = lib.fp.pipe [
attrValues
(foldl' (
acc: cfg:
acc
// mapAttrs (host: c: {
imports = c.imports ++ (maybeGetPreviousConfigs acc host);
}) (moduleToHostConfigs cfg)
) { })
] config.services;
};
config.assertions = [
{
assertion = duplicatePorts == [ ];
message =
let
plural = length duplicatePorts > 1;
in
"\nBad service config:\nThe following port${if plural then "s" else ""} ${
if plural then "were" else "was"
} declared multiple times: ${concatStringsSep ", " duplicatePorts}";
}
];
}

52
modules/nilla/systems.nix
View file

@ -1,52 +0,0 @@
{ config, lib }:
let
mkBuilderOption =
typ:
lib.options.create {
type = lib.types.function (lib.types.function lib.types.raw);
default.value = _name: _module: throw "Builder for systems.${typ} is not implemented";
};
inherit (config.systems) builders;
mkSystemModule =
typ:
{ config, name }:
{
options = {
name = lib.options.create {
type = lib.types.string;
default.value = name;
};
module = lib.options.create {
type = lib.types.raw;
default.value = { };
};
builder = lib.options.create {
type = lib.types.function (lib.types.function lib.types.raw);
default.value = builders.${typ};
};
result = lib.options.create {
type = lib.types.raw;
writable = false;
default.value = config.builder config.name config.module;
};
};
};
mkSystemOption =
typ:
lib.options.create {
type = lib.types.attrs.of (lib.types.submodule (mkSystemModule typ));
default.value = { };
};
in
{
options = {
systems = {
builders.nixos = mkBuilderOption "nixos";
builders.darwin = mkBuilderOption "darwin";
builders.home = mkBuilderOption "home";
nixos = mkSystemOption "nixos";
darwin = mkSystemOption "darwin";
home = mkSystemOption "home";
};
};
}

49
modules/system/builder.nix
View file

@ -1,49 +0,0 @@
{ isLinux }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.settei.remote-builder;
sharedConfig = {
users.users.${cfg.user} = {
shell = pkgs.bash;
openssh.authorizedKeys.keys = cfg.sshKeys;
};
nix.settings.trusted-users = [ cfg.user ];
};
linuxConfig = lib.optionalAttrs isLinux {
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.user;
};
users.groups.${cfg.user} = { };
};
mergedConfig = lib.mkMerge [
sharedConfig
linuxConfig
];
in
{
_file = ./builder.nix;
options.settei.remote-builder = {
enable = lib.mkEnableOption "configuring this machine as a remote builder";
user = lib.mkOption {
type = lib.types.str;
default = "nixremote";
};
sshKeys = lib.mkOption {
type = lib.types.listOf lib.types.singleLineStr;
default = [ ];
};
};
config = lib.mkIf cfg.enable mergedConfig;
}

2
modules/system/default.nix
View file

@ -22,10 +22,10 @@
(import ./tailscale.nix { inherit isLinux; }) (import ./tailscale.nix { inherit isLinux; })
(import ./containers.nix { inherit isLinux; }) (import ./containers.nix { inherit isLinux; })
./unfree.nix ./unfree.nix
(import ./hercules.nix { inherit isLinux; })
(import ./github-runner.nix { inherit isLinux; }) (import ./github-runner.nix { inherit isLinux; })
(import ./incus.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; })
(import ./monitoring.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; })
(import ./builder.nix { inherit isLinux; })
]; ];
options.settei = with lib; { options.settei = with lib; {

22
modules/system/flake-qol.nix
View file

@ -7,18 +7,6 @@
}: }:
let let
cfg = config.settei.flake-qol; cfg = config.settei.flake-qol;
nixpkgsInputToFlakeRef =
input:
if input._type or "" == "flake" then
{
type = "github";
owner = "NixOS";
repo = "nixpkgs";
inherit (input) lastModified narHash rev;
}
else
input;
in in
{ {
_file = ./flake-qol.nix; _file = ./flake-qol.nix;
@ -32,12 +20,6 @@ in
default = true; default = true;
}; };
inputs = mkOption { type = types.unspecified; }; inputs = mkOption { type = types.unspecified; };
nixpkgsRef = mkOption {
type = types.unspecified;
default = cfg.inputs.nixpkgs;
apply =
ref: if builtins.isString ref then builtins.parseFlakeRef ref else nixpkgsInputToFlakeRef ref;
};
inputs-flakes = mkOption { inputs-flakes = mkOption {
type = types.attrs; type = types.attrs;
readOnly = true; readOnly = true;
@ -62,8 +44,8 @@ in
settei.user.extraArgs = reexportedArgs; settei.user.extraArgs = reexportedArgs;
nix = { nix = {
registry.nixpkgs.to = cfg.nixpkgsRef; registry = lib.mapAttrs (_: flake: { inherit flake; }) cfg.inputs-flakes;
nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes;
}; };
}; };
} }

47
modules/system/hercules.nix Normal file
View file

@ -0,0 +1,47 @@
{ isLinux }:
{
config,
lib,
...
}:
let
options = {
settei.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
};
herculesUser =
if isLinux then
config.systemd.services.hercules-ci-agent.serviceConfig.User
else
config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in
{
_file = ./hercules.nix;
inherit options;
config = lib.mkIf config.settei.hercules.enable {
age.secrets.hercules-token = {
file = ../../../secrets/hercules-token.age;
owner = herculesUser;
};
age.secrets.hercules-cache = {
file = ../../../secrets/hercules-cache.age;
owner = herculesUser;
};
age.secrets.hercules-secrets = {
file = ../../../secrets/hercules-secrets.age;
owner = herculesUser;
};
services.hercules-ci-agent = {
enable = true;
settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4;
binaryCachesPath = config.age.secrets.hercules-cache.path;
secretsJsonPath = config.age.secrets.hercules-secrets.path;
};
};
};
}

6
modules/system/sane-defaults.nix
View file

@ -62,11 +62,15 @@ let
"https://cache.nrab.lol" "https://cache.nrab.lol"
"https://cache.garnix.io" "https://cache.garnix.io"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://hyprland.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org" "https://nrabulinski.cachix.org"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
]; ];
@ -112,8 +116,6 @@ let
darwinConfig = lib.optionalAttrs (!isLinux) { darwinConfig = lib.optionalAttrs (!isLinux) {
system.stateVersion = 4; system.stateVersion = 4;
# FIXME: Remove
system.primaryUser = username;
security.pam.services.sudo_local.touchIdAuth = true; security.pam.services.sudo_local.touchIdAuth = true;

136
nilla.nix
View file

@ -1,136 +0,0 @@
{
inputs ? import ./inputs.nix,
}:
(import inputs.nilla).create (
{ config, lib }:
{
includes = [
./modules/nilla
./pkgs
./wrappers
./hosts
./assets
./services
./modules
];
config.inputs = builtins.mapAttrs (_: src: {
inherit src;
loader = "raw";
}) inputs;
# Add inputs argument so modules can conveniently use it
config.__module__.args.dynamic.inputs = builtins.mapAttrs (
_name: input: input.result
) config.inputs;
config.packages =
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
mkPackage = package: {
builder = "nixpkgs-flake";
inherit systems package;
};
mkPackageFlakeOutput =
{
input,
output ? input,
}:
{
inherit systems;
builder = "custom-load";
package = { system }: inputs.${input}.packages.${system}.${output};
};
getPkgs = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages;
in
{
agenix = mkPackageFlakeOutput { input = "agenix"; };
base-packages = mkPackage (
{ symlinkJoin, system }:
symlinkJoin {
name = "settei-base";
paths = with (getPkgs system); [
helix
fish
git-commit-last
git-fixup
nh
];
}
);
formatter = {
inherit systems;
builder = "custom-load";
package =
{ system }:
let
eval = inputs.treefmt.lib.evalModule inputs.nixpkgs.legacyPackages.${system} ./treefmt.nix;
in
eval.config.build.wrapper;
};
__allPackages =
let
all-packages = builtins.attrValues (
builtins.removeAttrs config.packages [
"ci-check"
"__allPackages"
]
);
all-packages' = lib.lists.flatten (map (pkg: builtins.attrValues pkg.result) all-packages);
nixos-systems = builtins.attrValues config.systems.nixos;
nixos-systems' = map (system: system.result.config.system.build.toplevel) nixos-systems;
darwin-systems = builtins.attrValues config.systems.darwin;
darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems;
all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems';
all-drvs' = builtins.concatStringsSep "\n" all-drvs;
in
mkPackage (
{ runCommand }:
runCommand "eval-check" {
allDerivations = all-drvs';
passAsFile = [ "allDerivations" ];
} "touch $out"
);
ci-check = mkPackage (
{
writeShellScript,
lib,
system,
}:
writeShellScript "ci-check" ''
nix-instantiate --strict --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath
"${lib.getExe config.packages.formatter.result.${system}}" --ci
''
);
};
config.shells.default = {
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
builder = "nixpkgs-flake";
shell =
{
mkShellNoCC,
system,
nh,
}:
mkShellNoCC {
packages = [
config.packages.agenix.result.${system}
config.packages.attic-client.result.${system}
config.packages.nh.result.${system}
config.packages.formatter.result.${system}
];
};
};
}
)

41
pkgs/conduit/default.nix
View file

@ -1,26 +1,47 @@
{ {
lib,
stdenv,
fenix,
crane,
src, src,
libiconv,
rocksdb, rocksdb,
darwin,
rustPlatform, rustPlatform,
}: }:
let let
manifest = (builtins.fromTOML (builtins.readFile "${src}/Cargo.toml")).package; rust =
with fenix;
combine [
stable.cargo
stable.rustc
];
crane' = crane.overrideToolchain rust;
rocksdb' = rocksdb.overrideAttrs (
final: prev: {
version = "9.1.1";
src = prev.src.override {
rev = "v${final.version}";
hash = "sha256-/Xf0bzNJPclH9IP80QNaABfhj4IAR5LycYET18VFCXc=";
};
}
);
in in
rustPlatform.buildRustPackage { crane'.buildPackage {
pname = manifest.name;
inherit (manifest) version;
inherit src; inherit src;
strictDeps = true; strictDeps = true;
useFetchCargoVendor = true;
cargoHash = "sha256-gNcpB2LMZU18RIxVu+mJfa4+lB5rNIRcZ2DJPvZCdQo=";
nativeBuildInputs = [ rustPlatform.bindgenHook ]; nativeBuildInputs = [ rustPlatform.bindgenHook ];
buildInputs = lib.optionals stdenv.isDarwin [
libiconv
darwin.apple_sdk.frameworks.Security
darwin.apple_sdk.frameworks.SystemConfiguration
];
# Use system RocksDB # Use system RocksDB
ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include";
ROCKSDB_LIB_DIR = "${rocksdb}/lib"; ROCKSDB_LIB_DIR = "${rocksdb'}/lib";
NIX_OUTPATH_USED_AS_RANDOM_SEED = "randomseed"; NIX_OUTPATH_USED_AS_RANDOM_SEED = "randomseed";
CONDUIT_VERSION_EXTRA = src.shortRev; CONDUIT_VERSION_EXTRA = src.shortRev;
} }

69
pkgs/default.nix
View file

@ -1,78 +1,35 @@
{ inputs, ... }:
{ {
config, perSystem =
{
pkgs,
lib, lib,
inputs, inputs',
...
}: }:
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
builder = "nixpkgs-flake";
mkPackage = package: {
inherit systems package builder;
};
atticPkgs = lib.attrs.generate systems (
system:
let
pkgs = inputs.nixpkgs.legacyPackages.${system}.extend inputs.lix-module.overlays.default;
craneLib = import inputs.crane { inherit pkgs; };
in
pkgs.callPackage "${inputs.attic}/crane.nix" { inherit craneLib; }
);
in
{ {
config.packages.conduit-next = { packages.conduit-next = pkgs.callPackage ./conduit {
inherit systems builder;
package = import ./conduit;
settings.args = {
src = inputs.conduit-src; src = inputs.conduit-src;
}; crane = inputs.crane.mkLib pkgs;
fenix = inputs'.fenix.packages;
}; };
config.packages.git-commit-last = mkPackage ( packages.git-commit-last = pkgs.writeShellApplication {
{ writeShellApplication }:
writeShellApplication {
name = "git-commit-last"; name = "git-commit-last";
text = '' text = ''
GITDIR="$(git rev-parse --git-dir)" GITDIR="$(git rev-parse --git-dir)"
git commit -eF "$GITDIR/COMMIT_EDITMSG" git commit -eF "$GITDIR/COMMIT_EDITMSG"
''; '';
} };
);
config.packages.git-fixup = mkPackage ( packages.git-fixup = pkgs.writeShellApplication {
{
lib,
writeShellApplication,
fzf,
}:
writeShellApplication {
name = "git-fixup"; name = "git-fixup";
text = '' text = ''
git log -n 50 --pretty=format:'%h %s' --no-merges | \ git log -n 50 --pretty=format:'%h %s' --no-merges | \
${lib.getExe fzf} | \ ${lib.getExe pkgs.fzf} | \
cut -c -7 | \ cut -c -7 | \
xargs -o git commit --fixup xargs -o git commit --fixup
''; '';
}
);
config.packages.attic-client = {
inherit systems;
builder = "custom-load";
package = { system }: atticPkgs.${system}.attic-client;
}; };
config.packages.attic-server = {
inherit systems;
builder = "custom-load";
package = { system }: atticPkgs.${system}.attic-server;
};
config.packages.nh = {
inherit systems builder;
package = import "${inputs.nh}/package.nix";
settings.args.rev = inputs.nh.shortRev;
}; };
} }

BIN
secrets/alert-nrab-lol-pass.age
View file

Binary file not shown.

38
secrets/alert-plain-pass.age
View file

@ -1,20 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 GKhvwg /jQLcJCNx2g7rM8udm1ZyPDeqc0pJ95VpIsWObAG/xM -> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0
0QCmRI3pXNLmzIENjDyVNQLISQd6uyA/HOyXB1W47X0 OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4
-> ssh-ed25519 H0Rg/A r98Ge9hReVxBKmQuAfX63L8y9W2vQh2PC/VMtGnS/SE -> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ
itKOWkxTHsM/SlhW+AA037ns0XmOaLHWrEtguC5h5Pw h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg
-> ssh-ed25519 84j9mw FlKDqV1OxbxZ3s6mtYS6hzdOrMvY+GuYrXWoBk2Xo0Q -> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk
XqYK9dQXXx8eKlYhwQ5N+62GX/48VWQ51UyNialg5/E 7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18
-> ssh-ed25519 5A7peQ MIpjM9J/7wAVGuB5eRStLAAqLEE9Ff4E6eoWqEE4lk8 -> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE
J0o+kgUBuk0odbuLvuRns699wfY/LPHc9RZydpnyVc0 d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw
-> ssh-ed25519 g2vRWw eNdLCZX01DMm9nZgugFCXIoqANF4Um+xxKQQf8SOax0 -> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w
i7H34Lumyn5qtigixSRbaYf1bm92kQLCf+EZKJeYmlw +WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg
-> ssh-ed25519 B2veVw DvHqN4AUU1mjB++Qwz1vNYHxST/8qZTM+p9PfIyFsHw -> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI
BU+58wSWdknW6WbEr+uCenfaC1vLm3usdP1P8YBbn+8 AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI
-> ssh-ed25519 IFuY+w d3WEXFMgaOUSo3jwkOBzmqTqYyZLkIWnINFj7FZCHlE -> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE
u7KuKcjzTvCMJqiIzE2wNxNUjQuVaCcumnkNmVIg460 qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ
-> ssh-ed25519 rA7dkQ XjfR8WOE/ajNfI2PvtjccMWt4ZA5ZcQfRLaswf8o/BM -> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI
cjEt4pbJgoiqQYDMAeOEKO8IsGrutkbYiJt+s9v65+M vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w
--- Itt4v03PVRtcZ+msFBO6VKi3kDuK5+mjsQ0LZXQhWTk --- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk
3²qš°oß…nÉ/<2F>¦Þ3Ø$? <>_m8¼<38> ÿJi'ª©6£—&Ù&o
´:mj¥ŠËd|ôÅüw´r k4-hu¨š}ï2¥Ú|Î1DIl9Þíܦ¡—ýY•

12
secrets/attic-creds.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw NTO+6rjQ67mvDfLbkZNyuvxGXVlKjqnH5Wg0/qD8Zkk -> ssh-ed25519 84j9mw ZJAtY/6itD2g/hCRjxKrV1ZWQIzM/YgKGNa5CT71YBc
oIrs9tsRkEqIb9lLQnF61DefTWtF60iSJEfm2b4dkLU mMGp1ZjBx0qEugMAnixkVn88HqdNui/gyJt/okwRDP8
-> ssh-ed25519 GKhvwg 1URR/IKkYchQlxgQDK0Dh20KXTrulyJfnO3JXjECBjw -> ssh-ed25519 GKhvwg JbvduCfwAY610WxpitcGlScY98bGeNYDqKuxHkrqZDU
K2N7/b88tkEa8bTSRRWLChPN5GbbNip4qDx4HubEP9s 4aCApDeZnE/7xA3JzxqD5awQv9N5oa2TcHQOZx+CBpE
--- 4DdZ4N53a/aiMQcO0okbaeo3npYD+WrjoFYVnIMkmEk --- nGz8lBsZ79RPshiTTFlSTVsZP7lfaNKBZFC7TtZ2ves
ýº<C3BD>Ó(Æ5š/©[p+&.$*Z˜¬µªÞ*ÿçb~ìϤ>"&À› !ïÂ9R´ÓGšæ7Ýârª?Kr<1F>©ËÜDmEl~º1DѨCg¼Eþ?qŠ"­wÿ7Ìû¨ª:¹X˜á¸|Dp<E280BA>êægµ4°Y4ÇãbÄ©-.Ù`#wCÝä,—ÞôyÊ|ðõ[í"k<>*YF œ[ü'²³!‡¯ëö™eç÷ÔâUTRÞGÌ 1òdI{aìϪ+'?Á£ýµ’"ʵ&ûÒNxkÄ<6B>¢RÏ—Æ)¿¥<>˜\„a¼ƒ<12>~¬³Šo`hæ¸ùɧ¶ëtΦë-‡ë“Wð°rh‰x•E ÿ<>+'<27>]>“r9è‰ÿOð™Ža=+ïëÔW tå…}Ââ°

BIN
secrets/forgejo-token.age
View file

Binary file not shown.

BIN
secrets/github-token.age
View file

Binary file not shown.

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

BIN
secrets/hercules-secrets.age
View file

Binary file not shown.

BIN
secrets/hercules-token.age
View file

Binary file not shown.

12
secrets/leet-nrab-lol-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw 7HLXJ0FPIlK/5skZB7HsmzyMX3S7I41wPsEPZ7Jb/28 -> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA
MJ9oeQWZ9QlL6kuB8QUHoOjdXqOqqpA3kHpr2h/6A5A v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY
-> ssh-ed25519 GKhvwg oVRn1+ZoRU39ucM/It+cxfLEMjF0uSV1O7k0J/8DgnM -> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ
ATACnP4ASRJ1qhyrm8yhi2qtDftXMiQ91CbmuqIm2gI aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc
--- ucDElqkYHEoTy0c+vPsy2AQ3aqJmkDSBAADiKB71k2o --- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE
.ÿ¸ÆlCÆg„s.ˆãžüíI¡ÂžR² .qxL¡Î2 B NjFo9]9ögT®qNº©ÄiaØ]e ®a²Gœ¡»S¤kìY²$‘Ÿ¤¡<zöI hkdJwÓ|g¾~ºvà^Ëjq\<5C> ' ƒ™yöIícdW™YF?ÓNÍþâ/ä0ÄØý+h<>…=œ85±#Š ²‘\bm£~ŽäÇú1æïy"úqÌAT<41>

13
secrets/miyagi-niko-pass.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 g2vRWw btMiKwz3PwvUTHhz3eQU1PkMqSPJ9gpVZ9WC7u49xmQ -> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk
jhQgjo4Vt7e6Q9uERj9UG4AM/gMhMUexBWHI4ofrx7c zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88
-> ssh-ed25519 GKhvwg sZvZftsPUAjQ27PleicM9It+gpRjwPWOdxx85Mr5fxY -> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac
G3VOFsNg2p1/KTyACw9QlvfBsyNUG9v7LSkWJl8afrg 6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA
--- letALmlj/zH1GJl31nWXeURJHZI6UkToZiTIUgZLv8s --- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE
Õböxú­CI_· <0B>èƒó©Ñd:@÷–Æ@ØÎþ˜^ö o:]1ä¦s;©¤°i“v"‘à̽ãéøthTwlŠŒÿÉË •Óiü¶ø¬l—ã{<7B>àAÅn.v§[ÿîGØU0%ú) QÖ8cœV2ž ƈ<19>4Ü$h©+e…yÖ
0ç#¬aJ`ng{@½Ç.sªIgÏžåc*®Q'è&•¶˜‡k,CuI±†ý´w†™ɘ×Î +rEÔNîÕ·@FŽP€I¸¸?ÐÑ’

BIN
secrets/nrab-lol-cf.age
View file

Binary file not shown.

36
secrets/ntfy-alert-pass.age
View file

@ -1,19 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 H0Rg/A ti8Cilk/v+91Nckt/CuYl6qRuRb3W60gvhB43FW1znI -> ssh-ed25519 H0Rg/A Gu5zy+v+SITLh8SsiBXDnFDW007MNnWQ3Qo1XnKQVTM
EeLV+OccotivcRsN/aB/UdF89WiPlJ6R8PeKN6b+OQs 0OLIB6bgEHct3n4ev0HgfaUOl8t93DM3qInsrfBn4Vw
-> ssh-ed25519 84j9mw 5rRP84YZGBMCFStzc5aeOqBmsAmjSb3GkKl47Msuei8 -> ssh-ed25519 84j9mw XBb71lyuXkIGxSL+VHv4To64qjGv3tqGGMa5J414uE0
DLtAz8tWkLu3QBeR+M5ZlJH6c6+GKPwf+qy3NpdTCOo kuVmbLJ4ZyC6rmNUZOEXfrYHm89iXRqwP2Gv5lV4XSE
-> ssh-ed25519 5A7peQ d6JYwhySRN6B0eHl+JiZkxawZuMYuS7RDrSKMQYHLzI -> ssh-ed25519 5A7peQ Zby6NTv0q8OQ9qvo7DvE4OVOpShVKE8K7QWTson0DCo
/Yg5Hx948SBDD8shA49Bnv8hooPokYG7Fn9roswNIWI eMTfWLUUImhEfXlBl8gYoA1YK0gfpB8VyWa2L3RCA1w
-> ssh-ed25519 g2vRWw gltJGTfV+a8BKaAkBGXkiW57ymv0vPBQnCS2BWJ6fDc -> ssh-ed25519 g2vRWw W5ZMWxUBPvef4sWXhv2aMCLZKlW++4n78vjJ+UE8XFE
+yBjIKMdM4eUVJvjs/UedjTH6hLRs56hDUpjpLC/q84 0J4OEvtTaffnRHQdfzGOOtBdgmq9is63uSLNFfZ59Oo
-> ssh-ed25519 B2veVw GeSb9ZgzHNDDDa/X+HppmefkEelg6JaQr8uaaijjzFo -> ssh-ed25519 B2veVw tZ3sVtgqEJ5LbK3b2xcH+0z8LaNUPs4KZO9A/VLH71g
LRzUrcmZAEosn0Sf4/YOLhbtdgYhWMYe9/uhvAMwcRI MUuolaOws9FLq5MwrGKbseG5Xaok/gad6LQ5bxhN+ss
-> ssh-ed25519 IFuY+w gmfb2WEjP2BVhwnL+DzFcsM/ctbihlC6wOr7Bhn8r0o -> ssh-ed25519 IFuY+w sz83GwAlZD8Zp2kH+7pwnETPKSfXDRgSXzNteAAGXF0
k4IEjoNZSukZtz+rkOjk/BfaZkJ7T1jNrweKpmGDRZU 4ByeRXyTp9+XpOirDvPAfDqfxyQXXqdEtTSq/CqKP0o
-> ssh-ed25519 rA7dkQ EWcPrbtHeD6Rq0mlnoVhgVTZQ586QdRVsZa1K9YkQzk -> ssh-ed25519 rA7dkQ b7UcNJ+8UhrBnJieRvNxHXFBmr6uyh9q4ZtD9vpsTRI
EN5VG0U1KGdpcT64B6C7kVDwKM/h+gsiTgsKf11XP2s 2/jPFKnWvCwc+Ki9gWJ8sbGetH46DZMk7LyxmqSlAe8
-> ssh-ed25519 GKhvwg jVotsPuVgxUaZUg5U6QwZO9O6DPsYv5Mp1rfsP353hQ -> ssh-ed25519 GKhvwg 1HxU3yc2MfaW6N/zOg5ZRD+imMAIhIdKCp5FYR1BXjY
c8uSgREFANKYeaafurp47MQiGnQxHXkFR5TGAQ7Ykv4 LlmcWTkjbm9Ig5rECdKieEsbmPZiFenZnLZ4p8YbUbI
--- unx7yN4JzSSku/QUYEEUSPxyyLrWLG4zEMB/yRqvKwg --- 8E31okL3vgwlYthWyy+sshdJDHWGBjawZoS/3QaqjT0
ûEƒTAÍms°~_Œ'Ô‡§%…ÁÿrÚ=KÃxí—ÖÑ„Oè¿#Mqº'ëM_5FÇ%<25><50>â».Ÿ =uÈ\e‡œFcêHère ¾t[92Á#Y®w¬N~GfÓ· ‰x¡þG^0=ü”WÜ Ó“¬ŠEÝ&©

14
secrets/ntfy-niko-pass.age
View file

@ -1,9 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw ryWkCbg6qUwncq/HkEIN8qgMjPKVRv86y/gzJFtlS0U -> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg
G02X9Uacg0c5acyAmPHx5F6ImZQnjs45hH/tBFpP42I QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8
-> ssh-ed25519 GKhvwg LcIGEajShma720zp/yMndBnEOoZV9aYSsOFmN6yG9wQ -> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA
lox/ZbORF9HCKl4lCkTrRQ240JEGljqoAf8+I5q03Z4 eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I
--- 6a1rHleD/+yh+e+/0lm4TIvst9tjT7y6sr6ujApYuZQ --- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg
$Q~¯<>C7ß|»A{3]&£žÍX''Ì PÕÌý®ü$<24>N{èLrÿxS:=W²x•Òc¤(Jµ£|ÁÏúõ»48ÙäS
PRÜL6 ÑÏ
QÞYù¥<EFBFBD>ÍÆÂmhmÛ

7
secrets/paperless-pass.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ sXPoNSctxQL6Gh1JrsMuUGp5/PW/v7zFzGzdncnVYnQ
ETOeRcPPhV+RZSZEC2cGsKm2H6eAn8eKJTn1NkJqndQ
-> ssh-ed25519 GKhvwg DWV3js/l+CYRHGgf0NCZwBCigE9U5tf8mkGxVNAIVSY
dxHnQkWKB8+02j3zuaeGVq8+A5vA2ssTccTdFSn5FCw
--- pu5uE5bsrnA7KrZSRGaD6xMKjzsx0ezXn9BbNVsrgAw
éëÅë³Q ÷¦ÀB<DfK@w)GU¾/úÿ+b^)™5Áþ¨8s±

BIN
secrets/rab-lol-cf.age
View file

Binary file not shown.

BIN
secrets/rabulinski-com-cf.age
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -65,7 +65,6 @@ in
]; ];
"rab-lol-cf.age".publicKeys = [ "rab-lol-cf.age".publicKeys = [
keys.system.kazuki keys.system.kazuki
keys.system.youko
keys.other.bootstrap keys.other.bootstrap
]; ];
"rabulinski-com-cf.age".publicKeys = [ "rabulinski-com-cf.age".publicKeys = [
@ -89,10 +88,6 @@ in
keys.system.ude keys.system.ude
keys.other.bootstrap keys.other.bootstrap
]; ];
"paperless-pass.age".publicKeys = [
keys.system.youko
keys.other.bootstrap
];
"kanidm-admin-pass.age".publicKeys = [ "kanidm-admin-pass.age".publicKeys = [
keys.system.kazuki keys.system.kazuki
keys.other.bootstrap keys.other.bootstrap

13
secrets/storage-box-creds.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw MkIkHSzR3H+j9ul56t+CrVsoeGRgH2ocYRSBoH/z5SY -> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw
0LNQmCBPvS5NiS66HCQ1Yifr/GkIYxrDj2Kfg/ZOerM lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I
-> ssh-ed25519 GKhvwg xp5j84RKQ56OFSak3IvHRG9TAv0XVYLmWJLImgAjmws -> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc
gx1Ke3U3ngFsDswVVOnwbQUJNOUSdFgh/LUKkDH30Ug 2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8
--- lWb3NlBy8n+NWGQ+M75RmWElXXLWWpl38aRYTVMm5GY --- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk
qA ö[þVpŸ¬ýHêé Û0I† ¥*~ÓhÞ »¾­6û‡B˜<1E>ëZ±ikʤVý é9sÆÇ; !żlćxq*T,.ÄX˝k6ě^ů<†!żX5ŘČŢŁž‡‰·ÇŐáĄńô,`ßěY‰^đŮ›Čů.¬đÔÜ°úďe Wßěµ âOúyÖ
ªÆ³ˆMdÙ¬¥Õ¬=œ

13
secrets/storage-box-webdav.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw aSPnpUfj2PBYycEMzcENn30pzhrSEAatTOdoDhoPQVk -> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk
PzcdoYgIHJZqOHE36gynF7r1LgFjoX2hEfCf1Emb2gg 56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E
-> ssh-ed25519 GKhvwg HlibITP17XIxE8t8Kd9NtC6n696fQJu78lE3Yp4lFyg -> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4
hmPEscf5AzMWq7NJSX8WxuRZ3bV3nMDAZZnZ8/Xy+rg 6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M
--- gSATPThFb4g1a+5/hwps5NGAEsd3VUlYtzy0vTySXyM --- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8
<EFBFBD><EFBFBD>øÇw_0¿](t€9©ÌÂæñ%9šÒaWŠÍ¬ý@dWý©@µ÷S Óoˆ’€*&þàX¢-@Õö¬ª<><C2AA>ƒc~#f¶o<>†âx‰•°=;‡Ý ±(¯}¨{¬¤Ôœ2Ë“¿òi]UmiL­mÂvé>ke<7F>ã'6“AÀ̯¶XÔi<¯á:òùÓfÇU<>È~Ÿú&A¬Ë¡çj°
D·?_“E-éH

13
secrets/ude-deluge.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 IFuY+w YhrlFN7mVaYlDC0YyEYwHUw/Dn+AJS5LcdYH0CHNhHM -> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE
2Fh1Imyut/Fs3nAUQAYNHuR0DPRCnDDv0fuLI1hQc6k k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs
-> ssh-ed25519 GKhvwg Iuw+N1SD8On8HqpoinMoXFJ+QRS7CRyjVHhI7LE83hs -> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI
yTdsv1DKQUSG1hFyxanahMiagPumuuVH1S1uLwoX3aU QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM
--- fGCYe4oLn1ucgnXuuecwD4nHMkiqxy2kSTYp79y7sR4 --- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I
ÚÑ­ yâùZͪëú¶ M¹®ËXd識塸*ô5ð‡øj"‹¥¿íí*ÃÖZU³å Ñ„²|Ý•]¼ßa8 ð"Zœb<>][9S÷Uµ ù.
QýÉVCs`ËʦWG<57>#+K~˜!æ:â#ËÝ'¨¹jƒÀˆQDŒYŠzžƒ'­ ¾†‚%Š¯@Ïâ´ÊO±Õ`剒>

12
secrets/youko-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 rA7dkQ HZF6g+17SHv2P0Agh9/rJk5yQkjqxmOKF+F5dlcHkUI -> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU
WimAhXL0UU2JXUlruPnIwi7vkjQ7YDWsyK5yB006gWo RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA
-> ssh-ed25519 GKhvwg mYJ6EJxisRlPtWzBqAsQXF4sivQP86rr03qIQvJGumY -> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY
Y+dGZb/F1jddv04tFFPSSyTTJjsBTbQUocNg+FJuX/E gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU
--- mMUDr1Q6r/fEIejP+0yBj8D09REx3bj51XpaJiOO4ns --- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds
Íî<zA"¸ó³eÛû9µæ_þ<Õ<> b“¸ª…7wªt qî[£ë¿Ä‰ãkCýåt]Øh§ÕUY67^#PT#Aõ(ñµ#•€Tßú}˜œuæÍå f&¼Ë–à —/¶ <)Þ<>=´ xSæmL6îï9ÊŽÐîGŽ×3Ñ<áò4[ZÀ Œt»}å¶<OÓÃØdšÊcªYûé}>XQ^]<5D>ŠñK|B¶ÌwDmÓq×HïX©]FñeÄRt%¥`Ò¤0†»IVÂ×

BIN
secrets/zitadel-master.age
View file

Binary file not shown.

4
services/attic.nix
View file

@ -1,12 +1,12 @@
{ {
config.services.attic = services.attic =
let let
atticPort = 9476; atticPort = 9476;
in in
{ {
host = "kazuki"; host = "kazuki";
ports = [ atticPort ]; ports = [ atticPort ];
module = config =
{ config, ... }: { config, ... }:
{ {
age.secrets.attic-creds = { age.secrets.attic-creds = {

3
services/default.nix
View file

@ -1,9 +1,8 @@
{ {
includes = [ imports = [
./attic.nix ./attic.nix
./forgejo-runner.nix ./forgejo-runner.nix
./forgejo.nix ./forgejo.nix
./paperless.nix
./kanidm.nix ./kanidm.nix
]; ];
} }

4
services/forgejo-runner.nix
View file

@ -1,10 +1,10 @@
{ {
config.services.forgejo-runner = { services.forgejo-runner = {
hosts = [ hosts = [
"ude" "ude"
"youko" "youko"
]; ];
module = config =
{ {
config, config,
lib, lib,

4
services/forgejo.nix
View file

@ -1,8 +1,8 @@
{ {
config.services.forgejo = { services.forgejo = {
host = "kazuki"; host = "kazuki";
ports = [ 3000 ]; ports = [ 3000 ];
module = config =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
age.secrets.rab-lol-cf = { age.secrets.rab-lol-cf = {

61
services/paperless.nix
View file

@ -1,61 +0,0 @@
{
config.services.paperless = {
host = "youko";
ports = [ 28981 ];
module =
{ config, ... }:
{
age.secrets.rab-lol-cf = {
file = ../secrets/rab-lol-cf.age;
owner = config.services.nginx.user;
};
age.secrets.paperless-pass = {
file = ../secrets/paperless-pass.age;
owner = config.services.paperless.user;
};
services.paperless = {
enable = true;
dataDir = "/var/lib/paperless";
mediaDir = "/media/paperless/media";
consumptionDir = "/media/paperless/consume";
passwordFile = config.age.secrets.paperless-pass.path;
settings = {
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "pol+eng+jpn";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."paper.rab.lol" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/".proxyPass = "http://localhost:28981";
extraConfig = ''
client_max_body_size 24G;
'';
};
};
security.acme.acceptTerms = true;
security.acme.certs."paper.rab.lol" = {
email = "nikodem@rabulinski.com";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.rab-lol-cf.path;
};
};
};
}

1
shell.nix
View file

@ -1 +0,0 @@
(import ./nilla.nix { }).shells.default.result.${builtins.currentSystem}

23
treefmt.nix
View file

@ -1,23 +0,0 @@
{
projectRootFile = "nilla.nix";
programs.deadnix.enable = true;
programs.nixfmt.enable = true;
programs.statix.enable = true;
programs.fish_indent.enable = true;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.shfmt.enable = true;
settings.global.excludes = [
# agenix
"*.age"
# racket
"*.rkt"
"**/rashrc"
# custom assets
"*.png"
"*.svg"
];
settings.on-unmatched = "fatal";
}

35
wrappers/default.nix
View file

@ -1,18 +1,10 @@
{ inputs, ... }:
{ {
lib, perSystem =
config, { pkgs, inputs', ... }:
inputs,
}:
let let
systems = [ wrapped = inputs.wrapper-manager-hm-compat.lib {
"x86_64-linux" inherit pkgs;
"aarch64-linux"
"aarch64-darwin"
];
wrappedPerSystem = lib.attrs.generate systems (
system:
inputs.wrapper-manager-hm-compat.lib {
pkgs = inputs.nixpkgs.legacyPackages.${system};
modules = [ modules = [
./starship ./starship
./helix ./helix
@ -21,16 +13,13 @@ let
./fish ./fish
./wezterm ./wezterm
]; ];
specialArgs = { inherit inputs; }; specialArgs = {
} inherit inputs inputs';
); };
wrappedPerSystem' = builtins.mapAttrs (_: wrapped: wrapped.config.build.packages) wrappedPerSystem; };
wrapperNames = builtins.attrNames wrappedPerSystem'."x86_64-linux"; all-packages = wrapped.config.build.packages;
in in
{ {
config.packages = lib.attrs.generate wrapperNames (wrapper: { packages = all-packages;
inherit systems; };
builder = "custom-load";
package = { system }: wrappedPerSystem'.${system}.${wrapper};
});
} }

4
wrappers/helix/default.nix
View file

@ -1,8 +1,8 @@
{ pkgs, inputs, ... }: { pkgs, inputs', ... }:
{ {
programs.helix = { programs.helix = {
enable = true; enable = true;
package = inputs.helix.packages.${pkgs.system}.default; package = inputs'.helix.packages.default;
settings = { settings = {
theme = "base16_default_dark"; theme = "base16_default_dark";
editor = { editor = {

4
wrappers/rash/default.nix
View file

@ -1,6 +1,6 @@
{ {
pkgs, pkgs,
inputs, inputs',
config, config,
... ...
}: }:
@ -13,7 +13,7 @@
rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1"; rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1";
hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY="; hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY=";
}; };
racket-with-libs = inputs.racket.packages.${pkgs.system}.racket.newLayer { racket-with-libs = inputs'.racket.packages.racket.newLayer {
withRacketPackages = withRacketPackages =
ps: with ps; [ ps: with ps; [
readline-gpl readline-gpl