From 5efb7d00a801389ebd4fe3297ab27fef50f66c85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 11:43:37 +0100 Subject: [PATCH 01/34] nilla: init --- flake.lock | 34 ++++++++++++++++++++++++++++++++++ flake.nix | 8 ++++++++ inputs.nix | 11 +++++++++++ nilla.nix | 37 +++++++++++++++++++++++++++++++++++++ shell.nix | 1 + 5 files changed, 91 insertions(+) create mode 100644 inputs.nix create mode 100644 nilla.nix create mode 100644 shell.nix diff --git a/flake.lock b/flake.lock index 3cd382a..eb64358 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "__flake-compat": { + "flake": false, + "locked": { + "lastModified": 1742412704, + "narHash": "sha256-mhazLo8DuZ3c6r5I7hDxxag8ftAM4W0aUjFjQuw8q5c=", + "ref": "refs/heads/main", + "rev": "f7a7752f237bbc59b868058f70cffd3e436b49b7", + "revCount": 69, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + } + }, "agenix": { "inputs": { "darwin": [ @@ -475,6 +491,22 @@ "type": "github" } }, + "nilla": { + "flake": false, + "locked": { + "lastModified": 1742722370, + "narHash": "sha256-MqdseA78bo2M3zfb0mjcBPYU2Qn9CF/KH5LZivWRtB0=", + "owner": "nilla-nix", + "repo": "nilla", + "rev": "b30b5a225843ab649a9b140eb3cbbcc8030a7eaf", + "type": "github" + }, + "original": { + "owner": "nilla-nix", + "repo": "nilla", + "type": "github" + } + }, "nix-github-actions": { "inputs": { "nixpkgs": [ @@ -593,6 +625,7 @@ }, "root": { "inputs": { + "__flake-compat": "__flake-compat", "agenix": "agenix", "attic": "attic", "conduit-src": "conduit-src", @@ -608,6 +641,7 @@ "lix-module": "lix-module", "mailserver": "mailserver", "niko-nur": "niko-nur", + "nilla": "nilla", "nixpkgs": "nixpkgs_2", "racket": "racket", "treefmt": "treefmt", diff --git a/flake.nix b/flake.nix index 821117f..e8eaec5 100644 --- a/flake.nix +++ b/flake.nix @@ -168,6 +168,14 @@ url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + __flake-compat = { + url = "git+https://git.lix.systems/lix-project/flake-compat.git"; + flake = false; + }; + nilla = { + url = "github:nilla-nix/nilla"; + flake = false; + }; }; /* diff --git a/inputs.nix b/inputs.nix new file mode 100644 index 0000000..80ba847 --- /dev/null +++ b/inputs.nix @@ -0,0 +1,11 @@ +let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + nodeName = lock.nodes.root.inputs.__flake-compat; + inherit (lock.nodes.${nodeName}.locked) narHash rev url; + flake-compat = builtins.fetchTarball { + url = "${url}/archive/${rev}.tar.gz"; + sha256 = narHash; + }; + flake = import flake-compat { src = ./.; }; +in +flake.inputs diff --git a/nilla.nix b/nilla.nix new file mode 100644 index 0000000..48729f7 --- /dev/null +++ b/nilla.nix @@ -0,0 +1,37 @@ +{ + inputs ? import ./inputs.nix, +}: +(import inputs.nilla).create ( + { lib }: + { + config.inputs = builtins.mapAttrs (_: src: { + inherit src; + loader = "raw"; + }) inputs; + + config.builders.nixpkgs-flake = { + settings.type = lib.types.submodule { + options.args = lib.options.create { + type = lib.types.any; + default.value = { }; + }; + }; + settings.default = { }; + build = + pkg: + lib.attrs.generate pkg.systems ( + system: inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package pkg.settings.args + ); + }; + + config.shells.default = { + systems = [ "x86_64-linux" ]; + builder = "nixpkgs-flake"; + shell = + { mkShell, hello }: + mkShell { + packages = [ hello ]; + }; + }; + } +) diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..0cb2ef7 --- /dev/null +++ b/shell.nix @@ -0,0 +1 @@ +(import ./nilla.nix { }).shells.default.result.${builtins.currentSystem} From 636adf8cf377df437b7c86e407822ef100841aa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 12:15:58 +0100 Subject: [PATCH 02/34] nilla: migrate devshells --- .envrc | 1 + flake.nix | 13 ++++----- nilla.nix | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 82 insertions(+), 14 deletions(-) diff --git a/.envrc b/.envrc index 3550a30..6cb4a53 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,2 @@ use flake +watch_file nilla.nix diff --git a/flake.nix b/flake.nix index e8eaec5..df7b0f7 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,9 @@ { outputs = inputs@{ flake-parts, ... }: + let + nilla = import ./nilla.nix { inherit inputs; }; + in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" @@ -24,17 +27,11 @@ inputs', self', pkgs, + system, ... }: { - devShells.default = pkgs.mkShellNoCC { - packages = [ - inputs'.agenix.packages.agenix - self'.packages.attic-client - # TODO: Contribute darwin support to nh - pkgs.nh - ]; - }; + devShells = builtins.mapAttrs (_: shell: shell.result.${system}) nilla.shells; packages = { # Re-export it for convenience and for caching diff --git a/nilla.nix b/nilla.nix index 48729f7..eb7bf6c 100644 --- a/nilla.nix +++ b/nilla.nix @@ -2,7 +2,7 @@ inputs ? import ./inputs.nix, }: (import inputs.nilla).create ( - { lib }: + { config, lib }: { config.inputs = builtins.mapAttrs (_: src: { inherit src; @@ -20,17 +20,87 @@ build = pkg: lib.attrs.generate pkg.systems ( - system: inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package pkg.settings.args + system: + inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package ( + { + self' = builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages; + } + // pkg.settings.args + ) ); }; + config.builders.custom-load = { + settings.type = lib.types.submodule { + options.args = lib.options.create { + type = lib.types.null; + default.value = null; + }; + }; + settings.default = { }; + build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; }); + }; + + config.packages = + let + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; + mkPackage = package: { + builder = "nixpkgs-flake"; + inherit systems package; + }; + mkPackageFlakeOutput = + { + input, + output ? input, + }: + { + inherit systems; + builder = "custom-load"; + package = { system }: inputs.${input}.packages.${system}.${output}; + }; + in + { + attic-client = mkPackageFlakeOutput { + input = "attic"; + output = "attic-client"; + }; + attic-server = mkPackageFlakeOutput { + input = "attic"; + output = "attic-server"; + }; + agenix = mkPackageFlakeOutput { input = "agenix"; }; + base-packages = mkPackage ( + { symlinkJoin }: + symlinkJoin { + name = "settei-base"; + paths = [ ]; + } + ); + }; + config.shells.default = { - systems = [ "x86_64-linux" ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; builder = "nixpkgs-flake"; shell = - { mkShell, hello }: - mkShell { - packages = [ hello ]; + { + mkShellNoCC, + nh, + self', + }: + mkShellNoCC { + packages = [ + self'.agenix + self'.attic-client + nh + ]; }; }; } From f401950470da53ffea37ac31154565d022fe2b9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 12:58:53 +0100 Subject: [PATCH 03/34] nilla: modularize --- modules/nilla/builders/custom-load.nix | 13 +++++++++ modules/nilla/builders/default.nix | 6 +++++ modules/nilla/builders/nixpkgs-flake.nix | 26 ++++++++++++++++++ modules/nilla/default.nix | 3 +++ nilla.nix | 34 ++---------------------- 5 files changed, 50 insertions(+), 32 deletions(-) create mode 100644 modules/nilla/builders/custom-load.nix create mode 100644 modules/nilla/builders/default.nix create mode 100644 modules/nilla/builders/nixpkgs-flake.nix create mode 100644 modules/nilla/default.nix diff --git a/modules/nilla/builders/custom-load.nix b/modules/nilla/builders/custom-load.nix new file mode 100644 index 0000000..b89bc36 --- /dev/null +++ b/modules/nilla/builders/custom-load.nix @@ -0,0 +1,13 @@ +{ lib }: +{ + config.builders.custom-load = { + settings.type = lib.types.submodule { + options.args = lib.options.create { + type = lib.types.null; + default.value = null; + }; + }; + settings.default = { }; + build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; }); + }; +} diff --git a/modules/nilla/builders/default.nix b/modules/nilla/builders/default.nix new file mode 100644 index 0000000..fa73437 --- /dev/null +++ b/modules/nilla/builders/default.nix @@ -0,0 +1,6 @@ +{ + includes = [ + ./nixpkgs-flake.nix + ./custom-load.nix + ]; +} diff --git a/modules/nilla/builders/nixpkgs-flake.nix b/modules/nilla/builders/nixpkgs-flake.nix new file mode 100644 index 0000000..a57b0e7 --- /dev/null +++ b/modules/nilla/builders/nixpkgs-flake.nix @@ -0,0 +1,26 @@ +{ + config, + lib, +}: +{ + config.builders.nixpkgs-flake = { + settings.type = lib.types.submodule { + options.args = lib.options.create { + type = lib.types.any; + default.value = { }; + }; + }; + settings.default = { }; + build = + pkg: + lib.attrs.generate pkg.systems ( + system: + config.inputs.nixpkgs.result.legacyPackages.${system}.callPackage pkg.package ( + { + self' = builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages; + } + // pkg.settings.args + ) + ); + }; +} diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix new file mode 100644 index 0000000..f9e4319 --- /dev/null +++ b/modules/nilla/default.nix @@ -0,0 +1,3 @@ +{ + includes = [ ./builders ]; +} diff --git a/nilla.nix b/nilla.nix index eb7bf6c..7fa2127 100644 --- a/nilla.nix +++ b/nilla.nix @@ -4,43 +4,13 @@ (import inputs.nilla).create ( { config, lib }: { + includes = [ ./modules/nilla ]; + config.inputs = builtins.mapAttrs (_: src: { inherit src; loader = "raw"; }) inputs; - config.builders.nixpkgs-flake = { - settings.type = lib.types.submodule { - options.args = lib.options.create { - type = lib.types.any; - default.value = { }; - }; - }; - settings.default = { }; - build = - pkg: - lib.attrs.generate pkg.systems ( - system: - inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package ( - { - self' = builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages; - } - // pkg.settings.args - ) - ); - }; - - config.builders.custom-load = { - settings.type = lib.types.submodule { - options.args = lib.options.create { - type = lib.types.null; - default.value = null; - }; - }; - settings.default = { }; - build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; }); - }; - config.packages = let systems = [ From 9a382947e3215335af54ce79b2581bc0a4531f02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 12:59:03 +0100 Subject: [PATCH 04/34] flake: start moving away from flake-parts --- flake.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index df7b0f7..b971223 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,23 @@ inputs@{ flake-parts, ... }: let nilla = import ./nilla.nix { inherit inputs; }; + transpose = + attrs: + let + inherit (inputs.nixpkgs) lib; + # maps an attrset of systems to packages to list of [ {name; system; value;} ] + pkgToListAll = + name: pkg: + map (system: { + inherit name system; + value = pkg.${system}; + }) (builtins.attrNames pkg); + pkgsToListAll = pkgs: map (name: pkgToListAll name pkgs.${name}) (builtins.attrNames pkgs); + # list of all packages in format [ {name; system; value;} ] + allPkgs = lib.flatten (pkgsToListAll attrs); + systems = builtins.groupBy (pkg: pkg.system) allPkgs; + in + builtins.mapAttrs (_: pkgs: lib.listToAttrs pkgs) systems; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -22,17 +39,16 @@ ./services ]; + flake.devShells = transpose (builtins.mapAttrs (_: shell: shell.result) nilla.shells); + perSystem = { inputs', self', pkgs, - system, ... }: { - devShells = builtins.mapAttrs (_: shell: shell.result.${system}) nilla.shells; - packages = { # Re-export it for convenience and for caching inherit (inputs'.attic.packages) attic-client attic-server; From b79769a5ea0ef0e01d9a5cd47bb5a0127679e63d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 13:17:56 +0100 Subject: [PATCH 05/34] pkgs: migrate to nilla --- flake.nix | 65 +++++++------------ modules/nilla/builders/nixpkgs-flake.nix | 7 +- nilla.nix | 23 +++++-- pkgs/conduit/default.nix | 6 +- pkgs/default.nix | 81 ++++++++++++++---------- 5 files changed, 93 insertions(+), 89 deletions(-) diff --git a/flake.nix b/flake.nix index b971223..a8bdb96 100644 --- a/flake.nix +++ b/flake.nix @@ -35,57 +35,36 @@ ./hosts ./modules ./wrappers - ./pkgs ./services ]; flake.devShells = transpose (builtins.mapAttrs (_: shell: shell.result) nilla.shells); + flake.packages = transpose (builtins.mapAttrs (_: pkg: pkg.result) nilla.packages); - perSystem = - { - inputs', - self', - pkgs, - ... - }: - { - packages = { - # Re-export it for convenience and for caching - inherit (inputs'.attic.packages) attic-client attic-server; - base-packages = pkgs.symlinkJoin { - name = "settei-base"; - paths = with self'.packages; [ - helix - fish - git-commit-last - git-fixup - ]; - }; - }; + perSystem = { + treefmt = { + programs.deadnix.enable = true; + programs.nixfmt.enable = true; + programs.statix.enable = true; + programs.fish_indent.enable = true; + programs.deno.enable = true; + programs.stylua.enable = true; + programs.shfmt.enable = true; + settings.global.excludes = [ + # agenix + "*.age" - treefmt = { - programs.deadnix.enable = true; - programs.nixfmt.enable = true; - programs.statix.enable = true; - programs.fish_indent.enable = true; - programs.deno.enable = true; - programs.stylua.enable = true; - programs.shfmt.enable = true; - settings.global.excludes = [ - # agenix - "*.age" + # racket + "*.rkt" + "**/rashrc" - # racket - "*.rkt" - "**/rashrc" - - # custom assets - "*.png" - "*.svg" - ]; - settings.on-unmatched = "fatal"; - }; + # custom assets + "*.png" + "*.svg" + ]; + settings.on-unmatched = "fatal"; }; + }; }; inputs = { diff --git a/modules/nilla/builders/nixpkgs-flake.nix b/modules/nilla/builders/nixpkgs-flake.nix index a57b0e7..4b0115f 100644 --- a/modules/nilla/builders/nixpkgs-flake.nix +++ b/modules/nilla/builders/nixpkgs-flake.nix @@ -15,12 +15,7 @@ pkg: lib.attrs.generate pkg.systems ( system: - config.inputs.nixpkgs.result.legacyPackages.${system}.callPackage pkg.package ( - { - self' = builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages; - } - // pkg.settings.args - ) + config.inputs.nixpkgs.result.legacyPackages.${system}.callPackage pkg.package pkg.settings.args ); }; } diff --git a/nilla.nix b/nilla.nix index 7fa2127..7a72441 100644 --- a/nilla.nix +++ b/nilla.nix @@ -4,7 +4,10 @@ (import inputs.nilla).create ( { config, lib }: { - includes = [ ./modules/nilla ]; + includes = [ + ./modules/nilla + ./pkgs + ]; config.inputs = builtins.mapAttrs (_: src: { inherit src; @@ -32,8 +35,10 @@ builder = "custom-load"; package = { system }: inputs.${input}.packages.${system}.${output}; }; + getPkgs = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages; in { + # Re-export for convenience and for caching attic-client = mkPackageFlakeOutput { input = "attic"; output = "attic-client"; @@ -44,10 +49,16 @@ }; agenix = mkPackageFlakeOutput { input = "agenix"; }; base-packages = mkPackage ( - { symlinkJoin }: + { symlinkJoin, system }: symlinkJoin { name = "settei-base"; - paths = [ ]; + paths = with (getPkgs system); [ + # TODO: wrappers + # helix + # fish + git-commit-last + git-fixup + ]; } ); }; @@ -62,13 +73,13 @@ shell = { mkShellNoCC, + system, nh, - self', }: mkShellNoCC { packages = [ - self'.agenix - self'.attic-client + config.packages.agenix.result.${system} + config.packages.attic-client.result.${system} nh ]; }; diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix index c2c44b4..2f1ccdd 100644 --- a/pkgs/conduit/default.nix +++ b/pkgs/conduit/default.nix @@ -1,6 +1,8 @@ { lib, stdenv, + pkgs, + system, fenix, crane, src, @@ -11,12 +13,12 @@ }: let rust = - with fenix; + with fenix.${system}; combine [ stable.cargo stable.rustc ]; - crane' = crane.overrideToolchain rust; + crane' = (crane pkgs).overrideToolchain rust; rocksdb' = rocksdb.overrideAttrs ( final: prev: { version = "9.1.1"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 71a2d48..395dc2c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,35 +1,52 @@ -{ inputs, ... }: +let + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; + builder = "nixpkgs-flake"; + mkPackage = package: { + inherit systems package builder; + }; + +in +{ config }: { - perSystem = - { - pkgs, - lib, - inputs', - ... - }: - { - packages.conduit-next = pkgs.callPackage ./conduit { - src = inputs.conduit-src; - crane = inputs.crane.mkLib pkgs; - fenix = inputs'.fenix.packages; - }; - - packages.git-commit-last = pkgs.writeShellApplication { - name = "git-commit-last"; - text = '' - GITDIR="$(git rev-parse --git-dir)" - git commit -eF "$GITDIR/COMMIT_EDITMSG" - ''; - }; - - packages.git-fixup = pkgs.writeShellApplication { - name = "git-fixup"; - text = '' - git log -n 50 --pretty=format:'%h %s' --no-merges | \ - ${lib.getExe pkgs.fzf} | \ - cut -c -7 | \ - xargs -o git commit --fixup - ''; - }; + config.packages.conduit-next = { + inherit systems builder; + package = import ./conduit; + settings.args = { + src = config.inputs.conduit-src.result; + crane = config.inputs.crane.result.mkLib; + fenix = config.inputs.fenix.result.packages; }; + }; + + config.packages.git-commit-last = mkPackage ( + { writeShellApplication }: + writeShellApplication { + name = "git-commit-last"; + text = '' + GITDIR="$(git rev-parse --git-dir)" + git commit -eF "$GITDIR/COMMIT_EDITMSG" + ''; + } + ); + + config.packages.git-fixup = mkPackage ( + { + lib, + writeShellApplication, + fzf, + }: + writeShellApplication { + name = "git-fixup"; + text = '' + git log -n 50 --pretty=format:'%h %s' --no-merges | \ + ${lib.getExe fzf} | \ + cut -c -7 | \ + xargs -o git commit --fixup + ''; + } + ); } From c88daff34318e71238bfeb3e0d9716d9e190ce35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 13:35:24 +0100 Subject: [PATCH 06/34] wrappers: migrate to nilla --- flake.nix | 1 - nilla.nix | 6 ++--- pkgs/default.nix | 2 +- wrappers/default.nix | 53 +++++++++++++++++++++----------------- wrappers/helix/default.nix | 4 +-- wrappers/rash/default.nix | 4 +-- 6 files changed, 38 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index a8bdb96..398bb91 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,6 @@ ./assets ./hosts ./modules - ./wrappers ./services ]; diff --git a/nilla.nix b/nilla.nix index 7a72441..70446e8 100644 --- a/nilla.nix +++ b/nilla.nix @@ -7,6 +7,7 @@ includes = [ ./modules/nilla ./pkgs + ./wrappers ]; config.inputs = builtins.mapAttrs (_: src: { @@ -53,9 +54,8 @@ symlinkJoin { name = "settei-base"; paths = with (getPkgs system); [ - # TODO: wrappers - # helix - # fish + helix + fish git-commit-last git-fixup ]; diff --git a/pkgs/default.nix b/pkgs/default.nix index 395dc2c..f5009d6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,4 @@ +{ config }: let systems = [ "x86_64-linux" @@ -10,7 +11,6 @@ let }; in -{ config }: { config.packages.conduit-next = { inherit systems builder; diff --git a/wrappers/default.nix b/wrappers/default.nix index 95040ca..7701749 100644 --- a/wrappers/default.nix +++ b/wrappers/default.nix @@ -1,25 +1,32 @@ -{ inputs, ... }: +{ lib, config }: +let + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; + wrappedPerSystem = lib.attrs.generate systems ( + system: + config.inputs.wrapper-manager-hm-compat.result.lib { + pkgs = config.inputs.nixpkgs.result.legacyPackages.${system}; + modules = [ + ./starship + ./helix + # TODO: Enable again + # ./rash + ./fish + ./wezterm + ]; + specialArgs.inputs = builtins.mapAttrs (_: input: input.result) config.inputs; + } + ); + wrappedPerSystem' = builtins.mapAttrs (_: wrapped: wrapped.config.build.packages) wrappedPerSystem; + wrapperNames = builtins.attrNames wrappedPerSystem'."x86_64-linux"; +in { - perSystem = - { pkgs, inputs', ... }: - let - wrapped = inputs.wrapper-manager-hm-compat.lib { - inherit pkgs; - modules = [ - ./starship - ./helix - # TODO: Enable again - # ./rash - ./fish - ./wezterm - ]; - specialArgs = { - inherit inputs inputs'; - }; - }; - all-packages = wrapped.config.build.packages; - in - { - packages = all-packages; - }; + config.packages = lib.attrs.generate wrapperNames (wrapper: { + inherit systems; + builder = "custom-load"; + package = { system }: wrappedPerSystem'.${system}.${wrapper}; + }); } diff --git a/wrappers/helix/default.nix b/wrappers/helix/default.nix index 8bd476d..6703955 100644 --- a/wrappers/helix/default.nix +++ b/wrappers/helix/default.nix @@ -1,8 +1,8 @@ -{ pkgs, inputs', ... }: +{ pkgs, inputs, ... }: { programs.helix = { enable = true; - package = inputs'.helix.packages.default; + package = inputs.helix.packages.${pkgs.system}.default; settings = { theme = "base16_default_dark"; editor = { diff --git a/wrappers/rash/default.nix b/wrappers/rash/default.nix index c142a0e..64c026c 100644 --- a/wrappers/rash/default.nix +++ b/wrappers/rash/default.nix @@ -1,6 +1,6 @@ { pkgs, - inputs', + inputs, config, ... }: @@ -13,7 +13,7 @@ rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1"; hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY="; }; - racket-with-libs = inputs'.racket.packages.racket.newLayer { + racket-with-libs = inputs.racket.packages.${pkgs.system}.racket.newLayer { withRacketPackages = ps: with ps; [ readline-gpl From cd8fab91741c9d21e6f8860b70bb7a9b874654c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 20:58:02 +0100 Subject: [PATCH 07/34] treefmt: migrate to nilla --- flake.nix | 28 +------------------------- modules/nilla/builders/custom-load.nix | 7 +------ nilla.nix | 10 +++++++++ treefmt.nix | 23 +++++++++++++++++++++ 4 files changed, 35 insertions(+), 33 deletions(-) create mode 100644 treefmt.nix diff --git a/flake.nix b/flake.nix index 398bb91..0d5e752 100644 --- a/flake.nix +++ b/flake.nix @@ -29,8 +29,6 @@ ]; imports = [ - inputs.treefmt.flakeModule - ./assets ./hosts ./modules @@ -39,31 +37,7 @@ flake.devShells = transpose (builtins.mapAttrs (_: shell: shell.result) nilla.shells); flake.packages = transpose (builtins.mapAttrs (_: pkg: pkg.result) nilla.packages); - - perSystem = { - treefmt = { - programs.deadnix.enable = true; - programs.nixfmt.enable = true; - programs.statix.enable = true; - programs.fish_indent.enable = true; - programs.deno.enable = true; - programs.stylua.enable = true; - programs.shfmt.enable = true; - settings.global.excludes = [ - # agenix - "*.age" - - # racket - "*.rkt" - "**/rashrc" - - # custom assets - "*.png" - "*.svg" - ]; - settings.on-unmatched = "fatal"; - }; - }; + flake.formatter = nilla.packages.formatter.result; }; inputs = { diff --git a/modules/nilla/builders/custom-load.nix b/modules/nilla/builders/custom-load.nix index b89bc36..b340dec 100644 --- a/modules/nilla/builders/custom-load.nix +++ b/modules/nilla/builders/custom-load.nix @@ -1,12 +1,7 @@ { lib }: { config.builders.custom-load = { - settings.type = lib.types.submodule { - options.args = lib.options.create { - type = lib.types.null; - default.value = null; - }; - }; + settings.type = lib.types.submodule { }; settings.default = { }; build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; }); }; diff --git a/nilla.nix b/nilla.nix index 70446e8..af9de9a 100644 --- a/nilla.nix +++ b/nilla.nix @@ -61,6 +61,16 @@ ]; } ); + formatter = { + inherit systems; + builder = "custom-load"; + package = + { system }: + let + eval = inputs.treefmt.lib.evalModule inputs.nixpkgs.legacyPackages.${system} ./treefmt.nix; + in + eval.config.build.wrapper; + }; }; config.shells.default = { diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..93590a2 --- /dev/null +++ b/treefmt.nix @@ -0,0 +1,23 @@ +{ + projectRootFile = "nilla.nix"; + programs.deadnix.enable = true; + programs.nixfmt.enable = true; + programs.statix.enable = true; + programs.fish_indent.enable = true; + programs.deno.enable = true; + programs.stylua.enable = true; + programs.shfmt.enable = true; + settings.global.excludes = [ + # agenix + "*.age" + + # racket + "*.rkt" + "**/rashrc" + + # custom assets + "*.png" + "*.svg" + ]; + settings.on-unmatched = "fatal"; +} From f9e4e25d358e6044562e4f8be879bc61fa516548 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 21:14:39 +0100 Subject: [PATCH 08/34] flake: simplify transpose logic --- flake.nix | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/flake.nix b/flake.nix index 0d5e752..714019f 100644 --- a/flake.nix +++ b/flake.nix @@ -3,31 +3,23 @@ inputs@{ flake-parts, ... }: let nilla = import ./nilla.nix { inherit inputs; }; - transpose = - attrs: - let - inherit (inputs.nixpkgs) lib; - # maps an attrset of systems to packages to list of [ {name; system; value;} ] - pkgToListAll = - name: pkg: - map (system: { - inherit name system; - value = pkg.${system}; - }) (builtins.attrNames pkg); - pkgsToListAll = pkgs: map (name: pkgToListAll name pkgs.${name}) (builtins.attrNames pkgs); - # list of all packages in format [ {name; system; value;} ] - allPkgs = lib.flatten (pkgsToListAll attrs); - systems = builtins.groupBy (pkg: pkg.system) allPkgs; - in - builtins.mapAttrs (_: pkgs: lib.listToAttrs pkgs) systems; - in - flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; - + # NOTE: Assumes every package is available for every system. + # For now let's say this is always the case. + transpose = + attrs: + let + inherit (inputs.nixpkgs) lib; + mappedForSystem = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs; + in + lib.genAttrs systems mappedForSystem; + in + flake-parts.lib.mkFlake { inherit inputs; } { + inherit systems; imports = [ ./assets ./hosts @@ -35,8 +27,8 @@ ./services ]; - flake.devShells = transpose (builtins.mapAttrs (_: shell: shell.result) nilla.shells); - flake.packages = transpose (builtins.mapAttrs (_: pkg: pkg.result) nilla.packages); + flake.devShells = transpose nilla.shells; + flake.packages = transpose nilla.packages; flake.formatter = nilla.packages.formatter.result; }; From 0d987e28f129f36f4a5f0e806528db2441fb02e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 22:02:20 +0100 Subject: [PATCH 09/34] services: prepare for migration --- modules/flake/services.nix | 8 ++++---- services/attic.nix | 4 ++-- services/forgejo-runner.nix | 4 ++-- services/forgejo.nix | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/flake/services.nix b/modules/flake/services.nix index f2f07d4..697b701 100644 --- a/modules/flake/services.nix +++ b/modules/flake/services.nix @@ -21,11 +21,11 @@ let type = with lib.types; listOf str; default = [ config.host ]; }; - config = lib.mkOption { + module = lib.mkOption { type = lib.types.deferredModule; default = { }; }; - hostConfig = lib.mkOption { + hostModule = lib.mkOption { type = with lib.types; attrsOf deferredModule; default = { }; }; @@ -36,8 +36,8 @@ let cfg: lib.genAttrs cfg.hosts (host: { imports = [ - cfg.config - (cfg.hostConfig.${host} or { }) + cfg.module + (cfg.hostModule.${host} or { }) ]; }); diff --git a/services/attic.nix b/services/attic.nix index 91d675f..f9d7501 100644 --- a/services/attic.nix +++ b/services/attic.nix @@ -1,12 +1,12 @@ { - services.attic = + config.services.attic = let atticPort = 9476; in { host = "kazuki"; ports = [ atticPort ]; - config = + module = { config, ... }: { age.secrets.attic-creds = { diff --git a/services/forgejo-runner.nix b/services/forgejo-runner.nix index 693d1d1..98574a1 100644 --- a/services/forgejo-runner.nix +++ b/services/forgejo-runner.nix @@ -1,10 +1,10 @@ { - services.forgejo-runner = { + config.services.forgejo-runner = { hosts = [ "ude" "youko" ]; - config = + module = { config, lib, diff --git a/services/forgejo.nix b/services/forgejo.nix index 4b9ea02..a382d50 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -1,8 +1,8 @@ { - services.forgejo = { + config.services.forgejo = { host = "kazuki"; ports = [ 3000 ]; - config = + module = { config, pkgs, ... }: { age.secrets.rab-lol-cf = { From c523ebe44b405b6a09ee0e49aaaf419462542fed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 22:02:59 +0100 Subject: [PATCH 10/34] services: migrate to nilla --- modules/nilla/default.nix | 5 +- modules/nilla/services.nix | 95 ++++++++++++++++++++++++++++++++++++++ nilla.nix | 4 ++ 3 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 modules/nilla/services.nix diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix index f9e4319..6f39646 100644 --- a/modules/nilla/default.nix +++ b/modules/nilla/default.nix @@ -1,3 +1,6 @@ { - includes = [ ./builders ]; + includes = [ + ./builders + ./services.nix + ]; } diff --git a/modules/nilla/services.nix b/modules/nilla/services.nix new file mode 100644 index 0000000..1b72eaf --- /dev/null +++ b/modules/nilla/services.nix @@ -0,0 +1,95 @@ +{ lib, config }: +let + inherit (builtins) + attrNames + attrValues + concatStringsSep + mapAttrs + foldl' + groupBy + length + ; + serviceModule = + { config }: + { + options = { + host = lib.options.create { + type = lib.types.str; + }; + ports = lib.options.create { + type = lib.types.list.of lib.types.port; + default.value = [ ]; + }; + hosts = lib.options.create { + type = lib.types.list.of lib.types.str; + default.value = [ config.host ]; + }; + module = lib.options.create { + type = lib.types.raw; + default.value = { }; + }; + hostModule = lib.options.create { + type = lib.types.attrs.of lib.types.raw; + default.value = { }; + }; + }; + }; + + moduleToHostConfigs = + cfg: + lib.attrs.generate cfg.hosts (host: { + imports = [ + cfg.module + (cfg.hostModule.${host} or { }) + ]; + }); + + maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports; + + # Copied from nixpkgs/lib/lists.nix + groupBy' = + op: nul: pred: lst: + mapAttrs (_name: foldl' op nul) (groupBy pred lst); + duplicatePorts = lib.fp.pipe [ + attrValues + (map (cfg: cfg.ports)) + lib.lists.flatten + (groupBy' (cnt: _: cnt + 1) 0 toString) + (lib.attrs.filter (_: cnt: cnt > 1)) + attrNames + ] config.services; +in +{ + options.services = lib.options.create { + type = lib.types.attrs.of (lib.types.submodule serviceModule); + default.value = { }; + }; + + options.extraHostConfigs = lib.options.create { + type = lib.types.attrs.of lib.types.raw; + writable = false; + default.value = lib.fp.pipe [ + attrValues + (foldl' ( + acc: cfg: + acc + // mapAttrs (host: c: { + imports = c.imports ++ (maybeGetPreviousConfigs acc host); + }) (moduleToHostConfigs cfg) + ) { }) + ] config.services; + }; + + config.assertions = [ + { + assertion = duplicatePorts == [ ]; + message = + let + plural = length duplicatePorts > 1; + in + "\nBad service config:\nThe following port${if plural then "s" else ""} ${ + if plural then "were" else "was" + } declared multiple times: ${concatStringsSep ", " duplicatePorts}"; + } + ]; +} diff --git a/nilla.nix b/nilla.nix index af9de9a..0aea0c5 100644 --- a/nilla.nix +++ b/nilla.nix @@ -8,6 +8,10 @@ ./modules/nilla ./pkgs ./wrappers + + ./services/attic.nix + ./services/forgejo-runner.nix + ./services/forgejo.nix ]; config.inputs = builtins.mapAttrs (_: src: { From ba23a8d7f55d881036770f160f746b210dca605a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 22:46:55 +0100 Subject: [PATCH 11/34] hosts: migrate to nilla --- assets/default.nix | 8 +-- flake.nix | 6 +- hosts/default.nix | 20 +++---- hosts/hijiri-vm/default.nix | 2 +- hosts/hijiri/default.nix | 2 +- hosts/installer/default.nix | 2 +- hosts/kazuki/default.nix | 2 +- hosts/kogata/default.nix | 2 +- hosts/ude/default.nix | 2 +- hosts/youko/default.nix | 2 +- modules/default.nix | 12 ---- modules/flake/configurations.nix | 54 ------------------ modules/flake/default.nix | 13 ----- modules/flake/services.nix | 95 -------------------------------- modules/nilla/configurations.nix | 47 ++++++++++++++++ modules/nilla/default.nix | 1 + modules/nilla/services.nix | 4 +- nilla.nix | 7 +-- services/default.nix | 2 +- 19 files changed, 78 insertions(+), 205 deletions(-) delete mode 100644 modules/flake/configurations.nix delete mode 100644 modules/flake/default.nix delete mode 100644 modules/flake/services.nix create mode 100644 modules/nilla/configurations.nix diff --git a/assets/default.nix b/assets/default.nix index 123d12c..4e3187c 100644 --- a/assets/default.nix +++ b/assets/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +{ lib }: { - options.assets = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; + options.assets = lib.options.create { + type = lib.types.raw; + writable = false; }; config.assets = { diff --git a/flake.nix b/flake.nix index 714019f..f42380a 100644 --- a/flake.nix +++ b/flake.nix @@ -21,12 +21,12 @@ flake-parts.lib.mkFlake { inherit inputs; } { inherit systems; imports = [ - ./assets - ./hosts ./modules - ./services ]; + flake.nixosConfigurations = nilla.nixosConfigurations; + flake.darwinConfigurations = nilla.darwinConfigurations; + flake.homeConfigurations = nilla.homeConfigurations; flake.devShells = transpose nilla.shells; flake.packages = transpose nilla.packages; flake.formatter = nilla.packages.formatter.result; diff --git a/hosts/default.nix b/hosts/default.nix index d8ed8b3..3c129f4 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,11 +1,11 @@ { config, - self, - inputs, - ... }: +let + inputs = builtins.mapAttrs (_: input: input.result) config.inputs; +in { - imports = [ + includes = [ ./kazuki ./hijiri-vm ./hijiri @@ -16,20 +16,20 @@ ./youko ]; - builders = + config.configBuilders = let sharedOptions = { _file = ./default.nix; settei.sane-defaults.allSshKeys = config.assets.sshKeys.user; settei.flake-qol.inputs = inputs // { - settei = self; + settei = inputs.self; }; }; baseNixos = inputs.nixpkgs.lib.nixosSystem { modules = [ - self.nixosModules.combined + inputs.self.nixosModules.combined sharedOptions ]; specialArgs.configurationName = "base"; @@ -37,7 +37,7 @@ baseDarwin = inputs.darwin.lib.darwinSystem { modules = [ - self.darwinModules.combined + inputs.self.darwinModules.combined sharedOptions ]; specialArgs.configurationName = "base"; @@ -49,7 +49,7 @@ baseNixos.extendModules { modules = [ module - config.__extraHostConfigs.${name} or { } + config.extraHostConfigs.${name} or { } ]; specialArgs.configurationName = name; }; @@ -60,7 +60,7 @@ eval = baseDarwin._module.args.extendModules { modules = [ module - config.__extraHostConfigs.${name} or { } + config.extraHostConfigs.${name} or { } ]; specialArgs.configurationName = name; }; diff --git a/hosts/hijiri-vm/default.nix b/hosts/hijiri-vm/default.nix index db26c63..5f6d088 100644 --- a/hosts/hijiri-vm/default.nix +++ b/hosts/hijiri-vm/default.nix @@ -1,5 +1,5 @@ { - configurations.nixos.hijiri-vm = + config.configurations.nixos.hijiri-vm = { modulesPath, lib, diff --git a/hosts/hijiri/default.nix b/hosts/hijiri/default.nix index bb7db92..a0e6857 100644 --- a/hosts/hijiri/default.nix +++ b/hosts/hijiri/default.nix @@ -1,5 +1,5 @@ { - configurations.darwin.hijiri = + config.configurations.darwin.hijiri = { config, pkgs, diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix index 24bdef8..a1692c6 100644 --- a/hosts/installer/default.nix +++ b/hosts/installer/default.nix @@ -1,6 +1,6 @@ { lib, ... }: { - configurations.nixos = + config.configurations.nixos = let mkInstaller = system: diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 8464cb5..64fc67f 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -1,5 +1,5 @@ { - configurations.nixos.kazuki = + config.configurations.nixos.kazuki = { modulesPath, ... diff --git a/hosts/kogata/default.nix b/hosts/kogata/default.nix index 6bf9e2f..3e7c21f 100644 --- a/hosts/kogata/default.nix +++ b/hosts/kogata/default.nix @@ -1,5 +1,5 @@ { - configurations.darwin.kogata = + config.configurations.darwin.kogata = { pkgs, ... }: { nixpkgs.system = "aarch64-darwin"; diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix index d395fbd..fd3e19b 100644 --- a/hosts/ude/default.nix +++ b/hosts/ude/default.nix @@ -1,5 +1,5 @@ { - configurations.nixos.ude = + config.configurations.nixos.ude = { config, modulesPath, diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix index 3a2fe49..b801507 100644 --- a/hosts/youko/default.nix +++ b/hosts/youko/default.nix @@ -1,5 +1,5 @@ { - configurations.nixos.youko = + config.configurations.nixos.youko = { config, lib, diff --git a/modules/default.nix b/modules/default.nix index 24a8f46..7ee30ef 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -3,24 +3,12 @@ inputs, ... }: -let - flakeModule = import ./flake { inherit (inputs) nixpkgs darwin home-manager; }; -in { - imports = [ - flakeModule - ]; - flake.homeModules = rec { settei = ./home; default = settei; }; - flake.flakeModules = rec { - settei = flakeModule; - default = settei; - }; - flake.nixosModules = rec { settei = import ./system { inherit (config) perInput; diff --git a/modules/flake/configurations.nix b/modules/flake/configurations.nix deleted file mode 100644 index 67ccc1b..0000000 --- a/modules/flake/configurations.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - nixpkgs, - darwin, - home-manager, -}: -{ - config, - lib, - ... -}: -with lib; -{ - _file = ./configurations.nix; - - options = { - # Those functions take the final arguments and emit a valid configuration. - # Probably should hardly ever be overriden - builders = { - nixos = mkOption { - type = types.functionTo types.unspecified; - default = _name: nixpkgs.lib.nixosSystem; - }; - darwin = mkOption { - type = types.functionTo types.unspecified; - default = _name: darwin.lib.darwinSystem; - }; - home = mkOption { - type = types.functionTo types.unspecified; - default = _name: home-manager.lib.homeManagerConfiguration; - }; - }; - - configurations = { - nixos = mkOption { - type = types.lazyAttrsOf types.deferredModule; - default = { }; - }; - darwin = mkOption { - type = types.lazyAttrsOf types.deferredModule; - default = { }; - }; - home = mkOption { - type = types.lazyAttrsOf types.deferredModule; - default = { }; - }; - }; - }; - - config.flake = { - nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos; - darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin; - homeConfigurations = mapAttrs config.builders.home config.configurations.home; - }; -} diff --git a/modules/flake/default.nix b/modules/flake/default.nix deleted file mode 100644 index 78bb73d..0000000 --- a/modules/flake/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - nixpkgs, - darwin, - home-manager, -}: -{ - _file = ./default.nix; - - imports = [ - (import ./configurations.nix { inherit nixpkgs darwin home-manager; }) - ./services.nix - ]; -} diff --git a/modules/flake/services.nix b/modules/flake/services.nix deleted file mode 100644 index 697b701..0000000 --- a/modules/flake/services.nix +++ /dev/null @@ -1,95 +0,0 @@ -# List of features I want this module to eventually have -# TODO: Automatic port allocation -# TODO: Making it possible to conveniently isolate services (running them in NixOS containers) -# TODO: Handling specializations -# TODO: Convenient http handling -# TODO: Automatic backup -{ config, lib, ... }: -let - serviceModule = - { config, ... }: - { - options = { - host = lib.mkOption { - type = lib.types.str; - }; - ports = lib.mkOption { - type = with lib.types; listOf port; - default = [ ]; - }; - hosts = lib.mkOption { - type = with lib.types; listOf str; - default = [ config.host ]; - }; - module = lib.mkOption { - type = lib.types.deferredModule; - default = { }; - }; - hostModule = lib.mkOption { - type = with lib.types; attrsOf deferredModule; - default = { }; - }; - }; - }; - - moduleToHostConfigs = - cfg: - lib.genAttrs cfg.hosts (host: { - imports = [ - cfg.module - (cfg.hostModule.${host} or { }) - ]; - }); - - maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports; -in -{ - _file = ./services.nix; - - options = { - services = lib.mkOption { - type = with lib.types; attrsOf (submodule serviceModule); - default = { }; - }; - - __extraHostConfigs = lib.mkOption { - type = with lib.types; attrsOf deferredModule; - readOnly = true; - }; - }; - - config.__extraHostConfigs = - let - duplicatePorts = lib.pipe config.services [ - lib.attrValues - (map (cfg: cfg.ports)) - lib.flatten - (lib.groupBy' (cnt: _: cnt + 1) 0 toString) - (lib.filterAttrs (_: cnt: cnt > 1)) - lib.attrNames - ]; - assertMsg = - let - plural = lib.length duplicatePorts > 1; - in - "\nBad service config:\nThe following port${if plural then "s" else ""} ${ - if plural then "were" else "was" - } declared multiple times: ${lib.concatStringsSep ", " duplicatePorts}"; - # Here I collect all the services..config into a flat - # __extraHostConfigs..imports = [ - # ... - # ] - # so that I can easily import them in hosts/default.nix - hostConfigs = lib.pipe config.services [ - lib.attrValues - (lib.foldl' ( - acc: cfg: - acc - // lib.mapAttrs (host: c: { - imports = c.imports ++ (maybeGetPreviousConfigs acc host); - }) (moduleToHostConfigs cfg) - ) { }) - ]; - in - if duplicatePorts != [ ] then throw assertMsg else hostConfigs; -} diff --git a/modules/nilla/configurations.nix b/modules/nilla/configurations.nix new file mode 100644 index 0000000..6f02f7e --- /dev/null +++ b/modules/nilla/configurations.nix @@ -0,0 +1,47 @@ +{ config, lib }: +{ + options = { + configBuilders = { + nixos = lib.options.create { + type = lib.types.function lib.types.raw; + default.value = _name: config.inputs.nixpkgs.result.lib.nixosSystem; + }; + darwin = lib.options.create { + type = lib.types.function lib.types.raw; + default.value = _name: config.inputs.darwin.result.lib.darwinSystem; + }; + home = lib.options.create { + type = lib.types.function lib.types.raw; + default.value = _name: config.inputs.home-manager.result.lib.homeManagerConfiguration; + }; + }; + + configurations = { + nixos = lib.options.create { + type = lib.types.attrs.lazy lib.types.raw; + default.value = { }; + }; + darwin = lib.options.create { + type = lib.types.attrs.lazy lib.types.raw; + default.value = { }; + }; + home = lib.options.create { + type = lib.types.attrs.lazy lib.types.raw; + default.value = { }; + }; + }; + + nixosConfigurations = lib.options.create { + type = lib.types.attrs.lazy lib.types.raw; + default.value = builtins.mapAttrs config.configBuilders.nixos config.configurations.nixos; + }; + darwinConfigurations = lib.options.create { + type = lib.types.attrs.lazy lib.types.raw; + default.value = builtins.mapAttrs config.configBuilders.darwin config.configurations.darwin; + }; + homeConfigurations = lib.options.create { + type = lib.types.attrs.lazy lib.types.raw; + default.value = builtins.mapAttrs config.configBuilders.home config.configurations.home; + }; + }; +} diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix index 6f39646..8a7dea6 100644 --- a/modules/nilla/default.nix +++ b/modules/nilla/default.nix @@ -2,5 +2,6 @@ includes = [ ./builders ./services.nix + ./configurations.nix ]; } diff --git a/modules/nilla/services.nix b/modules/nilla/services.nix index 1b72eaf..1045a4a 100644 --- a/modules/nilla/services.nix +++ b/modules/nilla/services.nix @@ -14,14 +14,14 @@ let { options = { host = lib.options.create { - type = lib.types.str; + type = lib.types.string; }; ports = lib.options.create { type = lib.types.list.of lib.types.port; default.value = [ ]; }; hosts = lib.options.create { - type = lib.types.list.of lib.types.str; + type = lib.types.list.of lib.types.string; default.value = [ config.host ]; }; module = lib.options.create { diff --git a/nilla.nix b/nilla.nix index 0aea0c5..7d4b4de 100644 --- a/nilla.nix +++ b/nilla.nix @@ -8,10 +8,9 @@ ./modules/nilla ./pkgs ./wrappers - - ./services/attic.nix - ./services/forgejo-runner.nix - ./services/forgejo.nix + ./hosts + ./assets + ./services ]; config.inputs = builtins.mapAttrs (_: src: { diff --git a/services/default.nix b/services/default.nix index dfee582..b92ec0f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,5 @@ { - imports = [ + includes = [ ./attic.nix ./forgejo-runner.nix ./forgejo.nix From 605ee21cf0ee941e88f0ed288e72f6ec70b6ef31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 22:58:55 +0100 Subject: [PATCH 12/34] modules: migrate to nilla --- flake.nix | 6 +++--- hosts/default.nix | 4 ++-- modules/default.nix | 18 +++++++++++------- modules/nilla/default.nix | 1 + modules/nilla/modules.nix | 17 +++++++++++++++++ nilla.nix | 1 + 6 files changed, 35 insertions(+), 12 deletions(-) create mode 100644 modules/nilla/modules.nix diff --git a/flake.nix b/flake.nix index f42380a..1468e8f 100644 --- a/flake.nix +++ b/flake.nix @@ -20,10 +20,10 @@ in flake-parts.lib.mkFlake { inherit inputs; } { inherit systems; - imports = [ - ./modules - ]; + flake.nixosModules = nilla.nixosModules; + flake.darwinModules = nilla.darwinModules; + flake.homeModules = nilla.homeModules; flake.nixosConfigurations = nilla.nixosConfigurations; flake.darwinConfigurations = nilla.darwinConfigurations; flake.homeConfigurations = nilla.homeConfigurations; diff --git a/hosts/default.nix b/hosts/default.nix index 3c129f4..4acc074 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -29,7 +29,7 @@ in baseNixos = inputs.nixpkgs.lib.nixosSystem { modules = [ - inputs.self.nixosModules.combined + config.nixosModules.combined sharedOptions ]; specialArgs.configurationName = "base"; @@ -37,7 +37,7 @@ in baseDarwin = inputs.darwin.lib.darwinSystem { modules = [ - inputs.self.darwinModules.combined + config.darwinModules.combined sharedOptions ]; specialArgs.configurationName = "base"; diff --git a/modules/default.nix b/modules/default.nix index 7ee30ef..2dc9115 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,17 +1,21 @@ { config, - inputs, - ... }: +let + inputs = builtins.mapAttrs (_: input: input.result) config.inputs; + perInput = system: flake: { + packages = flake.packages.${system}; + }; +in { - flake.homeModules = rec { + config.homeModules = rec { settei = ./home; default = settei; }; - flake.nixosModules = rec { + config.nixosModules = rec { settei = import ./system { - inherit (config) perInput; + inherit perInput; isLinux = true; }; combined = { @@ -33,9 +37,9 @@ default = combined; }; - flake.darwinModules = rec { + config.darwinModules = rec { settei = import ./system { - inherit (config) perInput; + inherit perInput; isLinux = false; }; combined = { diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix index 8a7dea6..bfcd452 100644 --- a/modules/nilla/default.nix +++ b/modules/nilla/default.nix @@ -3,5 +3,6 @@ ./builders ./services.nix ./configurations.nix + ./modules.nix ]; } diff --git a/modules/nilla/modules.nix b/modules/nilla/modules.nix new file mode 100644 index 0000000..7b8a6dc --- /dev/null +++ b/modules/nilla/modules.nix @@ -0,0 +1,17 @@ +{ lib }: +{ + options = { + nixosModules = lib.options.create { + type = lib.types.attrs.of lib.types.raw; + default.value = { }; + }; + darwinModules = lib.options.create { + type = lib.types.attrs.of lib.types.raw; + default.value = { }; + }; + homeModules = lib.options.create { + type = lib.types.attrs.of lib.types.raw; + default.value = { }; + }; + }; +} diff --git a/nilla.nix b/nilla.nix index 7d4b4de..f7ecedd 100644 --- a/nilla.nix +++ b/nilla.nix @@ -11,6 +11,7 @@ ./hosts ./assets ./services + ./modules ]; config.inputs = builtins.mapAttrs (_: src: { From bd86a75ec514b56b89f978c2e680a49bb18e9aff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 23 Mar 2025 23:02:23 +0100 Subject: [PATCH 13/34] flake: remove flake-parts --- flake.lock | 23 +---------------------- flake.nix | 28 +++++++++++----------------- 2 files changed, 12 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index eb64358..2011879 100644 --- a/flake.lock +++ b/flake.lock @@ -260,26 +260,6 @@ } }, "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -474,7 +454,7 @@ }, "niko-nur": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs" }, "locked": { @@ -634,7 +614,6 @@ "disko": "disko", "fenix": "fenix", "firefox-darwin": "firefox-darwin", - "flake-parts": "flake-parts_2", "helix": "helix", "home-manager": "home-manager", "lix": "lix", diff --git a/flake.nix b/flake.nix index 1468e8f..d54c0be 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { outputs = - inputs@{ flake-parts, ... }: + inputs: let nilla = import ./nilla.nix { inherit inputs; }; systems = [ @@ -18,26 +18,20 @@ in lib.genAttrs systems mappedForSystem; in - flake-parts.lib.mkFlake { inherit inputs; } { - inherit systems; - - flake.nixosModules = nilla.nixosModules; - flake.darwinModules = nilla.darwinModules; - flake.homeModules = nilla.homeModules; - flake.nixosConfigurations = nilla.nixosConfigurations; - flake.darwinConfigurations = nilla.darwinConfigurations; - flake.homeConfigurations = nilla.homeConfigurations; - flake.devShells = transpose nilla.shells; - flake.packages = transpose nilla.packages; - flake.formatter = nilla.packages.formatter.result; + { + inherit (nilla) nixosModules; + inherit (nilla) darwinModules; + inherit (nilla) homeModules; + inherit (nilla) nixosConfigurations; + inherit (nilla) darwinConfigurations; + inherit (nilla) homeConfigurations; + devShells = transpose nilla.shells; + packages = transpose nilla.packages; + formatter = nilla.packages.formatter.result; }; inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable"; - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; From 4538c346bc31d96456b26b83fcabc94b6fe55aab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Mon, 31 Mar 2025 18:34:38 +0200 Subject: [PATCH 14/34] flake.lock: update --- flake.lock | 78 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 2011879..32a92b1 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "__flake-compat": { "flake": false, "locked": { - "lastModified": 1742412704, - "narHash": "sha256-mhazLo8DuZ3c6r5I7hDxxag8ftAM4W0aUjFjQuw8q5c=", + "lastModified": 1743033641, + "narHash": "sha256-7L0/So1J21N4VHaZRzdK6Ywj3+NLdHfM8z0o5XVuPeo=", "ref": "refs/heads/main", - "rev": "f7a7752f237bbc59b868058f70cffd3e436b49b7", - "revCount": 69, + "rev": "5bbdeaea85d5f396f01e8af94bcb6f29d5af22f7", + "revCount": 83, "type": "git", "url": "https://git.lix.systems/lix-project/flake-compat.git" }, @@ -95,11 +95,11 @@ "conduit-src": { "flake": false, "locked": { - "lastModified": 1742005420, - "narHash": "sha256-v4LCx7VUZ+8Hy1+6ziREVY/QEADjZbo8c0h9eU7nMVY=", + "lastModified": 1742789401, + "narHash": "sha256-oZ8TPrtzPwXupsAfwMjLRI/s0/PokqL3q1ejeGVn5lE=", "owner": "famedly", "repo": "conduit", - "rev": "063d13a0e10619f17bc21f0dd291c5a733581394", + "rev": "a7e6f60b41122761422df2b7bcc0c192416f9a28", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742382197, - "narHash": "sha256-5OtFbbdKAkWDVuzjs1J9KwdFuDxsEvz0FZX3xR2jEUM=", + "lastModified": 1743359449, + "narHash": "sha256-unjpn5SCn55Ma+/grXuTybICgUa/bcPGKxJMt9lLoIg=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "643b57fd32135769f809913663130a95fe6db49e", + "rev": "fe625481e50d05aa452d684d5228e5059b4942d4", "type": "github" }, "original": { @@ -193,11 +193,11 @@ ] }, "locked": { - "lastModified": 1742432361, - "narHash": "sha256-FlqTrkzSn6oPR5iJTPsCQDd0ioMGzzxnPB+2wve9W2w=", + "lastModified": 1743383039, + "narHash": "sha256-Palj4EeFRS3tLl2aK0FgE01SBWRbqD4vKE+SNBJaYo4=", "owner": "bandithedoge", "repo": "nixpkgs-firefox-darwin", - "rev": "c868ff433ea5123e837a62ae689543045187d7a4", + "rev": "96f1d9e12f0efbbc4cea47c0a06a1667ed90e5f8", "type": "github" }, "original": { @@ -355,11 +355,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1742479163, - "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=", + "lastModified": 1743346877, + "narHash": "sha256-WczB9koq4xvdBZoMLW8VFT16RGaDrJXyA0rDTg2GFVU=", "owner": "helix-editor", "repo": "helix", - "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c", + "rev": "e148d8b3110ace99505c0871714cd64391cc4ba3", "type": "github" }, "original": { @@ -375,11 +375,11 @@ ] }, "locked": { - "lastModified": 1742501496, - "narHash": "sha256-LYwyZmhckDKK7i4avmbcs1pBROpOaHi98lbjX1fmVpU=", + "lastModified": 1743360001, + "narHash": "sha256-HtpS/ZdgWXw0y+aFdORcX5RuBGTyz3WskThspNR70SM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d725df5ad8cee60e61ee6fe3afb735e4fbc1ff41", + "rev": "b6fd653ef8fbeccfd4958650757e91767a65506d", "type": "github" }, "original": { @@ -391,11 +391,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1742411066, - "narHash": "sha256-8vXOKPQFRzTjapsRnTJ1nuFjUfC+AGI2ybdK5cAEHZ8=", + "lastModified": 1743274305, + "narHash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=", "ref": "refs/heads/main", - "rev": "2491b7cc2128ee440d24768c4521c38b1859fc28", - "revCount": 17705, + "rev": "d169c092fc28838a253be136d17fe7de1292c728", + "revCount": 17746, "type": "git", "url": "https://git.lix.systems/lix-project/lix.git" }, @@ -416,11 +416,11 @@ ] }, "locked": { - "lastModified": 1741894565, - "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", + "lastModified": 1742945498, + "narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", "ref": "refs/heads/main", - "rev": "a6da43f8193d9e329bba1795c42590c27966082e", - "revCount": 136, + "rev": "fa69ae26cc32dda178117b46487c2165c0e08316", + "revCount": 138, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -474,11 +474,11 @@ "nilla": { "flake": false, "locked": { - "lastModified": 1742722370, - "narHash": "sha256-MqdseA78bo2M3zfb0mjcBPYU2Qn9CF/KH5LZivWRtB0=", + "lastModified": 1743409018, + "narHash": "sha256-fghnO1XmDnM0U6PdFu0GquNIRQNxH2IQ1AgifyZk6Wk=", "owner": "nilla-nix", "repo": "nilla", - "rev": "b30b5a225843ab649a9b140eb3cbbcc8030a7eaf", + "rev": "6747fe62879d7d15c96808bc370a52941287772c", "type": "github" }, "original": { @@ -569,11 +569,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1742395137, - "narHash": "sha256-WWNNjCSzQCtATpCFEijm81NNG1xqlLMVbIzXAiZysbs=", + "lastModified": 1743259260, + "narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2a725d40de138714db4872dc7405d86457aa17ad", + "rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f", "type": "github" }, "original": { @@ -755,11 +755,11 @@ ] }, "locked": { - "lastModified": 1742370146, - "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", "type": "github" }, "original": { @@ -827,11 +827,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1741803511, - "narHash": "sha256-DcCGBWvAvt+OWI+EcPRO+/IXZHkFgPxZUmxf2VLl8no=", + "lastModified": 1743151937, + "narHash": "sha256-SjfGN+3wrzgRvzpziowTQUIr/o6ac5iMniua0ra6elo=", "owner": "dj95", "repo": "zjstatus", - "rev": "df9c77718f7023de8406e593eda6b5b0bc09cddd", + "rev": "2772e18d1bf57b5fe24c7e2c86a6cbec0475cd88", "type": "github" }, "original": { From 954b1b0b8d47fc5a6b471ba4c77c399ca99180d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Mon, 31 Mar 2025 20:06:15 +0200 Subject: [PATCH 15/34] inputs: lazy-trees at home --- inputs.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/inputs.nix b/inputs.nix index 80ba847..3df77fd 100644 --- a/inputs.nix +++ b/inputs.nix @@ -6,6 +6,11 @@ let url = "${url}/archive/${rev}.tar.gz"; sha256 = narHash; }; - flake = import flake-compat { src = ./.; }; + flake = import flake-compat { + src = ./.; + copySourceTreeToStore = false; + useBuiltinsFetchTree = true; + }; in -flake.inputs +# Workaround for https://github.com/nilla-nix/nilla/issues/14 +builtins.mapAttrs (_: input: input // { type = "derivation"; }) flake.inputs From cde03717416f28d8870e97319dfa23e70a61bfd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Mon, 31 Mar 2025 21:58:09 +0200 Subject: [PATCH 16/34] hosts: simplify builders --- hosts/default.nix | 40 +++++++++++----------------------------- 1 file changed, 11 insertions(+), 29 deletions(-) diff --git a/hosts/default.nix b/hosts/default.nix index 4acc074..3c8b713 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -26,28 +26,14 @@ in settei = inputs.self; }; }; - - baseNixos = inputs.nixpkgs.lib.nixosSystem { - modules = [ - config.nixosModules.combined - sharedOptions - ]; - specialArgs.configurationName = "base"; - }; - - baseDarwin = inputs.darwin.lib.darwinSystem { - modules = [ - config.darwinModules.combined - sharedOptions - ]; - specialArgs.configurationName = "base"; - }; in { nixos = name: module: - baseNixos.extendModules { + inputs.nixpkgs.lib.nixosSystem { modules = [ + config.nixosModules.combined + sharedOptions module config.extraHostConfigs.${name} or { } ]; @@ -56,18 +42,14 @@ in darwin = name: module: - let - eval = baseDarwin._module.args.extendModules { - modules = [ - module - config.extraHostConfigs.${name} or { } - ]; - specialArgs.configurationName = name; - }; - in - eval - // { - system = eval.config.system.build.toplevel; + inputs.darwin.lib.darwinSystem { + modules = [ + config.darwinModules.combined + sharedOptions + module + config.extraHostConfigs.${name} or { } + ]; + specialArgs.configurationName = name; }; }; } From 75ca1eb38f72d544a2cbc5375accabf5b4b224ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Mon, 31 Mar 2025 23:54:18 +0200 Subject: [PATCH 17/34] modules/nilla: flake compatibility module --- flake.nix | 53 +-------------------------------------- modules/nilla/default.nix | 1 + modules/nilla/flake.nix | 31 +++++++++++++++++++++++ 3 files changed, 33 insertions(+), 52 deletions(-) create mode 100644 modules/nilla/flake.nix diff --git a/flake.nix b/flake.nix index d54c0be..ea0a9e0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,34 +1,5 @@ { - outputs = - inputs: - let - nilla = import ./nilla.nix { inherit inputs; }; - systems = [ - "x86_64-linux" - "aarch64-linux" - "aarch64-darwin" - ]; - # NOTE: Assumes every package is available for every system. - # For now let's say this is always the case. - transpose = - attrs: - let - inherit (inputs.nixpkgs) lib; - mappedForSystem = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs; - in - lib.genAttrs systems mappedForSystem; - in - { - inherit (nilla) nixosModules; - inherit (nilla) darwinModules; - inherit (nilla) homeModules; - inherit (nilla) nixosConfigurations; - inherit (nilla) darwinConfigurations; - inherit (nilla) homeConfigurations; - devShells = transpose nilla.shells; - packages = transpose nilla.packages; - formatter = nilla.packages.formatter.result; - }; + outputs = inputs: (import ./nilla.nix { inherit inputs; }).flake; inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable"; @@ -128,26 +99,4 @@ flake = false; }; }; - - /* - TODO: Uncomment once (if ever?) nixConfig makes sense in flakes - nixConfig = { - extra-substituters = [ - "https://hyprland.cachix.org" - "https://cache.garnix.io" - "https://nix-community.cachix.org" - "https://hercules-ci.cachix.org" - "https://nrabulinski.cachix.org" - "https://cache.nrab.lol" - ]; - extra-trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" - "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" - "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" - ]; - }; - */ } diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix index bfcd452..71aed0d 100644 --- a/modules/nilla/default.nix +++ b/modules/nilla/default.nix @@ -4,5 +4,6 @@ ./services.nix ./configurations.nix ./modules.nix + ./flake.nix ]; } diff --git a/modules/nilla/flake.nix b/modules/nilla/flake.nix new file mode 100644 index 0000000..f3fe6f1 --- /dev/null +++ b/modules/nilla/flake.nix @@ -0,0 +1,31 @@ +{ lib, config }: +let + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; + transpose = + attrs: lib.attrs.generate systems (system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs); +in +{ + options.flake = lib.options.create { + type = lib.types.attrs.of lib.types.raw; + }; + + config.flake = { + inherit (config) + nixosModules + darwinModules + homeModules + nixosConfigurations + darwinConfigurations + homeConfigurations + ; + + devShells = transpose config.shells; + packages = transpose config.packages; + + formatter = config.packages.formatter.result; + }; +} From 696be4cadacc22feca2e09df742129094fa6f9e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Tue, 1 Apr 2025 17:48:58 +0200 Subject: [PATCH 18/34] modules/nilla: configurations -> systems --- hosts/default.nix | 2 +- hosts/hijiri-vm/default.nix | 2 +- hosts/hijiri/default.nix | 2 +- hosts/kazuki/default.nix | 2 +- hosts/kogata/default.nix | 2 +- hosts/ude/default.nix | 2 +- hosts/youko/default.nix | 2 +- modules/nilla/configurations.nix | 47 ----------------------------- modules/nilla/default.nix | 2 +- modules/nilla/flake.nix | 7 +++-- modules/nilla/systems.nix | 52 ++++++++++++++++++++++++++++++++ 11 files changed, 64 insertions(+), 58 deletions(-) delete mode 100644 modules/nilla/configurations.nix create mode 100644 modules/nilla/systems.nix diff --git a/hosts/default.nix b/hosts/default.nix index 3c8b713..843a8d1 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -16,7 +16,7 @@ in ./youko ]; - config.configBuilders = + config.systems.builders = let sharedOptions = { _file = ./default.nix; diff --git a/hosts/hijiri-vm/default.nix b/hosts/hijiri-vm/default.nix index 5f6d088..94350be 100644 --- a/hosts/hijiri-vm/default.nix +++ b/hosts/hijiri-vm/default.nix @@ -1,5 +1,5 @@ { - config.configurations.nixos.hijiri-vm = + config.systems.nixos.hijiri-vm.module = { modulesPath, lib, diff --git a/hosts/hijiri/default.nix b/hosts/hijiri/default.nix index a0e6857..66defb4 100644 --- a/hosts/hijiri/default.nix +++ b/hosts/hijiri/default.nix @@ -1,5 +1,5 @@ { - config.configurations.darwin.hijiri = + config.systems.darwin.hijiri.module = { config, pkgs, diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 64fc67f..e4a51ad 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -1,5 +1,5 @@ { - config.configurations.nixos.kazuki = + config.systems.nixos.kazuki.module = { modulesPath, ... diff --git a/hosts/kogata/default.nix b/hosts/kogata/default.nix index 3e7c21f..d5ac7cb 100644 --- a/hosts/kogata/default.nix +++ b/hosts/kogata/default.nix @@ -1,5 +1,5 @@ { - config.configurations.darwin.kogata = + config.systems.darwin.kogata.module = { pkgs, ... }: { nixpkgs.system = "aarch64-darwin"; diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix index fd3e19b..62ffb2e 100644 --- a/hosts/ude/default.nix +++ b/hosts/ude/default.nix @@ -1,5 +1,5 @@ { - config.configurations.nixos.ude = + config.systems.nixos.ude.module = { config, modulesPath, diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix index b801507..7f39ac5 100644 --- a/hosts/youko/default.nix +++ b/hosts/youko/default.nix @@ -1,5 +1,5 @@ { - config.configurations.nixos.youko = + config.systems.nixos.youko.module = { config, lib, diff --git a/modules/nilla/configurations.nix b/modules/nilla/configurations.nix deleted file mode 100644 index 6f02f7e..0000000 --- a/modules/nilla/configurations.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib }: -{ - options = { - configBuilders = { - nixos = lib.options.create { - type = lib.types.function lib.types.raw; - default.value = _name: config.inputs.nixpkgs.result.lib.nixosSystem; - }; - darwin = lib.options.create { - type = lib.types.function lib.types.raw; - default.value = _name: config.inputs.darwin.result.lib.darwinSystem; - }; - home = lib.options.create { - type = lib.types.function lib.types.raw; - default.value = _name: config.inputs.home-manager.result.lib.homeManagerConfiguration; - }; - }; - - configurations = { - nixos = lib.options.create { - type = lib.types.attrs.lazy lib.types.raw; - default.value = { }; - }; - darwin = lib.options.create { - type = lib.types.attrs.lazy lib.types.raw; - default.value = { }; - }; - home = lib.options.create { - type = lib.types.attrs.lazy lib.types.raw; - default.value = { }; - }; - }; - - nixosConfigurations = lib.options.create { - type = lib.types.attrs.lazy lib.types.raw; - default.value = builtins.mapAttrs config.configBuilders.nixos config.configurations.nixos; - }; - darwinConfigurations = lib.options.create { - type = lib.types.attrs.lazy lib.types.raw; - default.value = builtins.mapAttrs config.configBuilders.darwin config.configurations.darwin; - }; - homeConfigurations = lib.options.create { - type = lib.types.attrs.lazy lib.types.raw; - default.value = builtins.mapAttrs config.configBuilders.home config.configurations.home; - }; - }; -} diff --git a/modules/nilla/default.nix b/modules/nilla/default.nix index 71aed0d..0cab965 100644 --- a/modules/nilla/default.nix +++ b/modules/nilla/default.nix @@ -2,7 +2,7 @@ includes = [ ./builders ./services.nix - ./configurations.nix + ./systems.nix ./modules.nix ./flake.nix ]; diff --git a/modules/nilla/flake.nix b/modules/nilla/flake.nix index f3fe6f1..0193f2d 100644 --- a/modules/nilla/flake.nix +++ b/modules/nilla/flake.nix @@ -18,11 +18,12 @@ in nixosModules darwinModules homeModules - nixosConfigurations - darwinConfigurations - homeConfigurations ; + nixosConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.nixos; + darwinConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.darwin; + homeConfigurations = builtins.mapAttrs (_: system: system.result) config.systems.home; + devShells = transpose config.shells; packages = transpose config.packages; diff --git a/modules/nilla/systems.nix b/modules/nilla/systems.nix new file mode 100644 index 0000000..63b349a --- /dev/null +++ b/modules/nilla/systems.nix @@ -0,0 +1,52 @@ +{ config, lib }: +let + mkBuilderOption = + typ: + lib.options.create { + type = lib.types.function (lib.types.function lib.types.raw); + default.value = _name: _module: throw "Builder for systems.${typ} is not implemented"; + }; + inherit (config.systems) builders; + mkSystemModule = + typ: + { config, name }: + { + options = { + name = lib.options.create { + type = lib.types.string; + default.value = name; + }; + module = lib.options.create { + type = lib.types.raw; + default.value = { }; + }; + builder = lib.options.create { + type = lib.types.function (lib.types.function lib.types.raw); + default.value = builders.${typ}; + }; + result = lib.options.create { + type = lib.types.raw; + writable = false; + default.value = config.builder config.name config.module; + }; + }; + }; + mkSystemOption = + typ: + lib.options.create { + type = lib.types.attrs.of (lib.types.submodule (mkSystemModule typ)); + default.value = { }; + }; +in +{ + options = { + systems = { + builders.nixos = mkBuilderOption "nixos"; + builders.darwin = mkBuilderOption "darwin"; + builders.home = mkBuilderOption "home"; + nixos = mkSystemOption "nixos"; + darwin = mkSystemOption "darwin"; + home = mkSystemOption "home"; + }; + }; +} From ff4457c267d4cb9d87d61cbfa8b9830321bf99f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Tue, 1 Apr 2025 19:13:17 +0200 Subject: [PATCH 19/34] nilla: add ci.check --- .forgejo/workflows/build.yaml | 3 ++- .gitignore | 1 + default.nix | 8 ++++++++ nilla.nix | 37 +++++++++++++++++++++++++++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 default.nix diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 89693ab..1f13e6d 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -8,4 +8,5 @@ jobs: runs-on: native steps: - uses: actions/checkout@v4 - - run: nix flake check --all-systems + - run: nix-build -A ci.check + - run: ./result diff --git a/.gitignore b/.gitignore index 92b2793..2bbdbfe 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .direnv +result diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..bb13b3b --- /dev/null +++ b/default.nix @@ -0,0 +1,8 @@ +let + nilla = import ./nilla.nix { }; + getPackage = name: nilla.packages.${name}.result.${builtins.currentSystem}; +in +{ + ci.check = getPackage "ci-check"; + formatter = getPackage "formatter"; +} diff --git a/nilla.nix b/nilla.nix index f7ecedd..5562e23 100644 --- a/nilla.nix +++ b/nilla.nix @@ -75,6 +75,43 @@ in eval.config.build.wrapper; }; + __allPackages = + let + all-packages = builtins.attrValues ( + builtins.removeAttrs config.packages [ + "ci-check" + "__allPackages" + ] + ); + all-packages' = lib.lists.flatten (map (pkg: builtins.attrValues pkg.result) all-packages); + + nixos-systems = builtins.attrValues config.systems.nixos; + nixos-systems' = map (system: system.result.config.system.build.toplevel) nixos-systems; + + darwin-systems = builtins.attrValues config.systems.darwin; + darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems; + + all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems'; + all-drvs' = lib.strings.concatMapSep "\n" builtins.unsafeDiscardStringContext all-drvs; + in + mkPackage ( + { runCommand }: + runCommand "eval-check" { + allDerivations = all-drvs'; + passAsFile = [ "allDerivations" ]; + } "touch $out" + ); + ci-check = mkPackage ( + { + writeShellScript, + lib, + system, + }: + writeShellScript "ci-check" '' + nix-instantiate --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath + "${lib.getExe config.packages.formatter.result.${system}}" --ci + '' + ); }; config.shells.default = { From e809826dc8914f2f3df1530002eef7d717e89636 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 10:30:18 +0200 Subject: [PATCH 20/34] pkgs/conduit: remove dependency on fenix and crane --- flake.lock | 51 ++++------------------------------------ flake.nix | 10 +------- pkgs/conduit/default.nix | 33 ++++++++------------------ pkgs/default.nix | 2 -- 4 files changed, 16 insertions(+), 80 deletions(-) diff --git a/flake.lock b/flake.lock index 32a92b1..50d7464 100644 --- a/flake.lock +++ b/flake.lock @@ -45,9 +45,7 @@ }, "attic": { "inputs": { - "crane": [ - "crane" - ], + "crane": "crane", "flake-compat": "flake-compat", "flake-parts": "flake-parts", "lix": [ @@ -111,11 +109,11 @@ }, "crane": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1745454774, + "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "efd36682371678e2b6da3f108fdb5c613b3ec598", "type": "github" }, "original": { @@ -165,27 +163,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1742452566, - "narHash": "sha256-sVuLDQ2UIWfXUBbctzrZrXM2X05YjX08K7XHMztt36E=", - "owner": "nix-community", - "repo": "fenix", - "rev": "7d9ba794daf5e8cc7ee728859bc688d8e26d5f06", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "firefox-darwin": { "inputs": { "nixpkgs": [ @@ -609,10 +586,8 @@ "agenix": "agenix", "attic": "attic", "conduit-src": "conduit-src", - "crane": "crane", "darwin": "darwin", "disko": "disko", - "fenix": "fenix", "firefox-darwin": "firefox-darwin", "helix": "helix", "home-manager": "home-manager", @@ -629,23 +604,6 @@ "zjstatus": "zjstatus" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1742296961, - "narHash": "sha256-gCpvEQOrugHWLimD1wTFOJHagnSEP6VYBDspq96Idu0=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "15d87419f1a123d8f888d608129c3ce3ff8f13d4", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -818,6 +776,7 @@ "zjstatus": { "inputs": { "crane": [ + "attic", "crane" ], "flake-utils": "flake-utils_3", diff --git a/flake.nix b/flake.nix index ea0a9e0..d83b902 100644 --- a/flake.nix +++ b/flake.nix @@ -47,13 +47,6 @@ url = "gitlab:famedly/conduit?ref=next"; flake = false; }; - fenix = { - url = "github:nix-community/fenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - crane = { - url = "github:ipetkov/crane"; - }; firefox-darwin = { url = "github:bandithedoge/nixpkgs-firefox-darwin"; inputs.nixpkgs.follows = "nixpkgs"; @@ -64,7 +57,6 @@ attic = { url = "git+https://git.lix.systems/nrabulinski/attic.git"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.crane.follows = "crane"; inputs.lix.follows = "lix"; inputs.lix-module.follows = "lix-module"; }; @@ -75,7 +67,7 @@ zjstatus = { url = "github:dj95/zjstatus"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.crane.follows = "crane"; + inputs.crane.follows = "attic/crane"; }; lix = { url = "git+https://git.lix.systems/lix-project/lix.git"; diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix index 2f1ccdd..387cf2d 100644 --- a/pkgs/conduit/default.nix +++ b/pkgs/conduit/default.nix @@ -1,10 +1,6 @@ { lib, stdenv, - pkgs, - system, - fenix, - crane, src, libiconv, rocksdb, @@ -12,27 +8,18 @@ rustPlatform, }: let - rust = - with fenix.${system}; - combine [ - stable.cargo - stable.rustc - ]; - crane' = (crane pkgs).overrideToolchain rust; - rocksdb' = rocksdb.overrideAttrs ( - final: prev: { - version = "9.1.1"; - src = prev.src.override { - rev = "v${final.version}"; - hash = "sha256-/Xf0bzNJPclH9IP80QNaABfhj4IAR5LycYET18VFCXc="; - }; - } - ); + manifest = (builtins.fromTOML (builtins.readFile "${src}/Cargo.toml")).package; in -crane'.buildPackage { +rustPlatform.buildRustPackage { + pname = manifest.name; + inherit (manifest) version; + inherit src; strictDeps = true; + useFetchCargoVendor = true; + cargoHash = "sha256-wESDxtKRMm/jyCr4kc20UuHGcE2s+OCMjfL+l1XihnA="; + nativeBuildInputs = [ rustPlatform.bindgenHook ]; buildInputs = lib.optionals stdenv.isDarwin [ @@ -42,8 +29,8 @@ crane'.buildPackage { ]; # Use system RocksDB - ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include"; - ROCKSDB_LIB_DIR = "${rocksdb'}/lib"; + ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; + ROCKSDB_LIB_DIR = "${rocksdb}/lib"; NIX_OUTPATH_USED_AS_RANDOM_SEED = "randomseed"; CONDUIT_VERSION_EXTRA = src.shortRev; } diff --git a/pkgs/default.nix b/pkgs/default.nix index f5009d6..bd2f106 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -17,8 +17,6 @@ in package = import ./conduit; settings.args = { src = config.inputs.conduit-src.result; - crane = config.inputs.crane.result.mkLib; - fenix = config.inputs.fenix.result.packages; }; }; From 111d88a19397f694b1e78a6b61a0ad3d2081dd7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 12:41:41 +0200 Subject: [PATCH 21/34] nilla: add inputs argument --- hosts/default.nix | 4 +--- modules/default.nix | 2 +- modules/nilla/builders/nixpkgs-flake.nix | 4 ++-- nilla.nix | 4 ++++ pkgs/default.nix | 8 +++++--- wrappers/default.nix | 12 ++++++++---- 6 files changed, 21 insertions(+), 13 deletions(-) diff --git a/hosts/default.nix b/hosts/default.nix index 843a8d1..5f8d069 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,9 +1,7 @@ { config, + inputs, }: -let - inputs = builtins.mapAttrs (_: input: input.result) config.inputs; -in { includes = [ ./kazuki diff --git a/modules/default.nix b/modules/default.nix index 2dc9115..867871e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,8 +1,8 @@ { config, + inputs, }: let - inputs = builtins.mapAttrs (_: input: input.result) config.inputs; perInput = system: flake: { packages = flake.packages.${system}; }; diff --git a/modules/nilla/builders/nixpkgs-flake.nix b/modules/nilla/builders/nixpkgs-flake.nix index 4b0115f..e0dbcea 100644 --- a/modules/nilla/builders/nixpkgs-flake.nix +++ b/modules/nilla/builders/nixpkgs-flake.nix @@ -1,6 +1,7 @@ { config, lib, + inputs, }: { config.builders.nixpkgs-flake = { @@ -14,8 +15,7 @@ build = pkg: lib.attrs.generate pkg.systems ( - system: - config.inputs.nixpkgs.result.legacyPackages.${system}.callPackage pkg.package pkg.settings.args + system: inputs.nixpkgs.legacyPackages.${system}.callPackage pkg.package pkg.settings.args ); }; } diff --git a/nilla.nix b/nilla.nix index 5562e23..5ba3acc 100644 --- a/nilla.nix +++ b/nilla.nix @@ -18,6 +18,10 @@ inherit src; loader = "raw"; }) inputs; + # Add inputs argument so modules can conveniently use it + config.__module__.args.dynamic.inputs = builtins.mapAttrs ( + _name: input: input.result + ) config.inputs; config.packages = let diff --git a/pkgs/default.nix b/pkgs/default.nix index bd2f106..69c608f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,7 @@ -{ config }: +{ + config, + inputs, +}: let systems = [ "x86_64-linux" @@ -9,14 +12,13 @@ let mkPackage = package: { inherit systems package builder; }; - in { config.packages.conduit-next = { inherit systems builder; package = import ./conduit; settings.args = { - src = config.inputs.conduit-src.result; + src = inputs.conduit-src; }; }; diff --git a/wrappers/default.nix b/wrappers/default.nix index 7701749..89fdb9f 100644 --- a/wrappers/default.nix +++ b/wrappers/default.nix @@ -1,4 +1,8 @@ -{ lib, config }: +{ + lib, + config, + inputs, +}: let systems = [ "x86_64-linux" @@ -7,8 +11,8 @@ let ]; wrappedPerSystem = lib.attrs.generate systems ( system: - config.inputs.wrapper-manager-hm-compat.result.lib { - pkgs = config.inputs.nixpkgs.result.legacyPackages.${system}; + inputs.wrapper-manager-hm-compat.lib { + pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = [ ./starship ./helix @@ -17,7 +21,7 @@ let ./fish ./wezterm ]; - specialArgs.inputs = builtins.mapAttrs (_: input: input.result) config.inputs; + specialArgs = { inherit inputs; }; } ); wrappedPerSystem' = builtins.mapAttrs (_: wrapped: wrapped.config.build.packages) wrappedPerSystem; From 2ff9d98635c9dd585fdbf216d20b975ef20359f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 13:30:50 +0200 Subject: [PATCH 22/34] pkgs: build attic without relying on flakes --- flake.lock | 17 +++++++++++++++++ flake.nix | 4 ++++ nilla.nix | 9 --------- pkgs/default.nix | 20 ++++++++++++++++++++ 4 files changed, 41 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 50d7464..83eddda 100644 --- a/flake.lock +++ b/flake.lock @@ -122,6 +122,22 @@ "type": "github" } }, + "crane_2": { + "flake": false, + "locked": { + "lastModified": 1745454774, + "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "efd36682371678e2b6da3f108fdb5c613b3ec598", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -586,6 +602,7 @@ "agenix": "agenix", "attic": "attic", "conduit-src": "conduit-src", + "crane": "crane_2", "darwin": "darwin", "disko": "disko", "firefox-darwin": "firefox-darwin", diff --git a/flake.nix b/flake.nix index d83b902..15190f9 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,10 @@ inputs.lix.follows = "lix"; inputs.lix-module.follows = "lix-module"; }; + crane = { + url = "github:ipetkov/crane"; + flake = false; + }; helix = { url = "github:helix-editor/helix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nilla.nix b/nilla.nix index 5ba3acc..fcf00e4 100644 --- a/nilla.nix +++ b/nilla.nix @@ -47,15 +47,6 @@ getPkgs = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages; in { - # Re-export for convenience and for caching - attic-client = mkPackageFlakeOutput { - input = "attic"; - output = "attic-client"; - }; - attic-server = mkPackageFlakeOutput { - input = "attic"; - output = "attic-server"; - }; agenix = mkPackageFlakeOutput { input = "agenix"; }; base-packages = mkPackage ( { symlinkJoin, system }: diff --git a/pkgs/default.nix b/pkgs/default.nix index 69c608f..4e5cd0c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,6 @@ { config, + lib, inputs, }: let @@ -12,6 +13,14 @@ let mkPackage = package: { inherit systems package builder; }; + atticPkgs = lib.attrs.generate systems ( + system: + let + pkgs = inputs.nixpkgs.legacyPackages.${system}.extend inputs.lix-module.overlays.default; + craneLib = import inputs.crane { inherit pkgs; }; + in + pkgs.callPackage "${inputs.attic}/crane.nix" { inherit craneLib; } + ); in { config.packages.conduit-next = { @@ -49,4 +58,15 @@ in ''; } ); + + config.packages.attic-client = { + inherit systems; + builder = "custom-load"; + package = { system }: atticPkgs.${system}.attic-client; + }; + config.packages.attic-server = { + inherit systems; + builder = "custom-load"; + package = { system }: atticPkgs.${system}.attic-server; + }; } From a7e14fb69ae3a3f805d5251660847f3fa514addb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 22:02:11 +0200 Subject: [PATCH 23/34] modules/system/flake-qol: double copying nixpkgs is no more --- modules/system/flake-qol.nix | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/modules/system/flake-qol.nix b/modules/system/flake-qol.nix index 38a5228..d3e2f10 100644 --- a/modules/system/flake-qol.nix +++ b/modules/system/flake-qol.nix @@ -7,6 +7,18 @@ }: let cfg = config.settei.flake-qol; + + nixpkgsInputToFlakeRef = + input: + if input._type or "" == "flake" then + { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + inherit (input) lastModified narHash rev; + } + else + input; in { _file = ./flake-qol.nix; @@ -20,6 +32,12 @@ in default = true; }; inputs = mkOption { type = types.unspecified; }; + nixpkgsRef = mkOption { + type = types.unspecified; + default = cfg.inputs.nixpkgs; + apply = + ref: if builtins.isString ref then builtins.parseFlakeRef ref else nixpkgsInputToFlakeRef ref; + }; inputs-flakes = mkOption { type = types.attrs; readOnly = true; @@ -44,8 +62,8 @@ in settei.user.extraArgs = reexportedArgs; nix = { - registry = lib.mapAttrs (_: flake: { inherit flake; }) cfg.inputs-flakes; - nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes; + registry.nixpkgs.to = cfg.nixpkgsRef; + nixPath = [ "nixpkgs=flake:nixpkgs" ]; }; }; } From e89f83a559fa12a26a89778b095c3d0a892f9dc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 22:12:27 +0200 Subject: [PATCH 24/34] flake: move attic to flake=false --- flake.lock | 104 +++----------------------------------------- flake.nix | 5 +-- modules/default.nix | 9 +++- 3 files changed, 15 insertions(+), 103 deletions(-) diff --git a/flake.lock b/flake.lock index 83eddda..14086e8 100644 --- a/flake.lock +++ b/flake.lock @@ -44,22 +44,7 @@ } }, "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "lix": [ - "lix" - ], - "lix-module": [ - "lix-module" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, + "flake": false, "locked": { "lastModified": 1742679462, "narHash": "sha256-L9q9KDqiJEREM/GRnSo4vB9VCvclmdRT9vXuFwBmb9Y=", @@ -108,6 +93,7 @@ } }, "crane": { + "flake": false, "locked": { "lastModified": 1745454774, "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", @@ -123,7 +109,6 @@ } }, "crane_2": { - "flake": false, "locked": { "lastModified": 1745454774, "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", @@ -200,22 +185,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -232,27 +201,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -425,7 +373,7 @@ "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" ], @@ -447,7 +395,7 @@ }, "niko-nur": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "nixpkgs": "nixpkgs" }, "locked": { @@ -480,27 +428,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737420293, - "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1723603349, @@ -544,22 +471,6 @@ "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1735563628, - "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1743259260, @@ -602,7 +513,7 @@ "agenix": "agenix", "attic": "attic", "conduit-src": "conduit-src", - "crane": "crane_2", + "crane": "crane", "darwin": "darwin", "disko": "disko", "firefox-darwin": "firefox-darwin", @@ -792,10 +703,7 @@ }, "zjstatus": { "inputs": { - "crane": [ - "attic", - "crane" - ], + "crane": "crane_2", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 15190f9..4df88d5 100644 --- a/flake.nix +++ b/flake.nix @@ -56,9 +56,7 @@ }; attic = { url = "git+https://git.lix.systems/nrabulinski/attic.git"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.lix.follows = "lix"; - inputs.lix-module.follows = "lix-module"; + flake = false; }; crane = { url = "github:ipetkov/crane"; @@ -71,7 +69,6 @@ zjstatus = { url = "github:dj95/zjstatus"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.crane.follows = "attic/crane"; }; lix = { url = "git+https://git.lix.systems/lix-project/lix.git"; diff --git a/modules/default.nix b/modules/default.nix index 867871e..4b28fee 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -25,12 +25,19 @@ in inputs.disko.nixosModules.disko inputs.mailserver.nixosModules.default inputs.home-manager.nixosModules.home-manager - inputs.attic.nixosModules.atticd + "${inputs.attic}/nixos/atticd.nix" inputs.lix-module.nixosModules.default { disabledModules = [ "services/networking/atticd.nix" ]; + services.atticd.useFlakeCompatOverlay = false; + nixpkgs.overlays = [ + (final: _: { + attic-client = config.packages.attic-client.result.${final.system}; + attic-server = config.packages.attic-server.result.${final.system}; + }) + ]; } ]; }; From 46e631c8c5d46bed2caa0cd0ec6b2ddf7ff6bd77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 22:37:04 +0200 Subject: [PATCH 25/34] treewide: use nh from master instead of nixpkgs --- flake.lock | 17 +++++++++++++++++ flake.nix | 4 ++++ modules/home/default.nix | 2 -- nilla.nix | 3 ++- pkgs/default.nix | 6 ++++++ 5 files changed, 29 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 14086e8..f849df2 100644 --- a/flake.lock +++ b/flake.lock @@ -393,6 +393,22 @@ "type": "gitlab" } }, + "nh": { + "flake": false, + "locked": { + "lastModified": 1746032033, + "narHash": "sha256-BCD0tfDNlQHFM75THRtXM3GegMg/KbREsYllg7Az9ao=", + "owner": "nix-community", + "repo": "nh", + "rev": "894bb7ebf3adb58f76d1f7d9f6b33f58758d40f0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nh", + "type": "github" + } + }, "niko-nur": { "inputs": { "flake-parts": "flake-parts", @@ -522,6 +538,7 @@ "lix": "lix", "lix-module": "lix-module", "mailserver": "mailserver", + "nh": "nh", "niko-nur": "niko-nur", "nilla": "nilla", "nixpkgs": "nixpkgs_2", diff --git a/flake.nix b/flake.nix index 4df88d5..dddf8bd 100644 --- a/flake.nix +++ b/flake.nix @@ -91,5 +91,9 @@ url = "github:nilla-nix/nilla"; flake = false; }; + nh = { + url = "github:nix-community/nh"; + flake = false; + }; }; } diff --git a/modules/home/default.nix b/modules/home/default.nix index f11fcaa..cd62227 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,7 +1,6 @@ # TODO: Make this module not rely on OS config being present { osConfig, - pkgs, lib, inputs', machineName, @@ -59,7 +58,6 @@ in home.packages = [ inputs'.settei.packages.base-packages - pkgs.nh ]; home.sessionVariables.EDITOR = "hx"; diff --git a/nilla.nix b/nilla.nix index fcf00e4..3a1a09e 100644 --- a/nilla.nix +++ b/nilla.nix @@ -57,6 +57,7 @@ fish git-commit-last git-fixup + nh ]; } ); @@ -126,7 +127,7 @@ packages = [ config.packages.agenix.result.${system} config.packages.attic-client.result.${system} - nh + config.packages.nh.result.${system} ]; }; }; diff --git a/pkgs/default.nix b/pkgs/default.nix index 4e5cd0c..3efdd36 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -69,4 +69,10 @@ in builder = "custom-load"; package = { system }: atticPkgs.${system}.attic-server; }; + + config.packages.nh = { + inherit systems builder; + package = import "${inputs.nh}/package.nix"; + settings.args.rev = inputs.nh.shortRev; + }; } From 1f936258f251f4d8c71a10510ddcf7c58828763e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 1 May 2025 22:59:28 +0200 Subject: [PATCH 26/34] modules/home/desktop: use firefox from nixpkgs --- flake.lock | 21 --------------------- flake.nix | 4 ---- modules/home/desktop/default.nix | 7 +------ 3 files changed, 1 insertion(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index f849df2..2b4bac2 100644 --- a/flake.lock +++ b/flake.lock @@ -164,26 +164,6 @@ "type": "github" } }, - "firefox-darwin": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743383039, - "narHash": "sha256-Palj4EeFRS3tLl2aK0FgE01SBWRbqD4vKE+SNBJaYo4=", - "owner": "bandithedoge", - "repo": "nixpkgs-firefox-darwin", - "rev": "96f1d9e12f0efbbc4cea47c0a06a1667ed90e5f8", - "type": "github" - }, - "original": { - "owner": "bandithedoge", - "repo": "nixpkgs-firefox-darwin", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -532,7 +512,6 @@ "crane": "crane", "darwin": "darwin", "disko": "disko", - "firefox-darwin": "firefox-darwin", "helix": "helix", "home-manager": "home-manager", "lix": "lix", diff --git a/flake.nix b/flake.nix index dddf8bd..9786d64 100644 --- a/flake.nix +++ b/flake.nix @@ -47,10 +47,6 @@ url = "gitlab:famedly/conduit?ref=next"; flake = false; }; - firefox-darwin = { - url = "github:bandithedoge/nixpkgs-firefox-darwin"; - inputs.nixpkgs.follows = "nixpkgs"; - }; niko-nur = { url = "github:nrabulinski/nur-packages"; }; diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix index 825d69c..068c82c 100644 --- a/modules/home/desktop/default.nix +++ b/modules/home/desktop/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - inputs, inputs', ... }: @@ -29,11 +28,7 @@ programs.firefox = { enable = true; - package = - let - firefox-pkgs = pkgs.extend inputs.firefox-darwin.overlay; - in - lib.mkIf pkgs.stdenv.isDarwin firefox-pkgs.firefox-bin; + package = lib.mkIf pkgs.stdenv.isDarwin pkgs.firefox-unwrapped; }; programs.qutebrowser = { From c9c49bf12825dcc0334bd27082f69d177a759085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Wed, 28 May 2025 19:37:07 +0200 Subject: [PATCH 27/34] hosts/hijiri/skhd: more spaces --- hosts/hijiri/skhd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hijiri/skhd.nix b/hosts/hijiri/skhd.nix index fd7f9c3..4454cad 100644 --- a/hosts/hijiri/skhd.nix +++ b/hosts/hijiri/skhd.nix @@ -4,7 +4,7 @@ enable = true; skhdConfig = let - spaceCount = 6; + spaceCount = 9; spaceBindings = lib.genList ( i: let From 33d720abb66ae5e292197f3d5987bf705fc3d29d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 29 May 2025 20:43:34 +0200 Subject: [PATCH 28/34] treewide: hercules is no more --- README.md | 10 ++- effects.nix | 102 ------------------------------- modules/system/default.nix | 1 - modules/system/hercules.nix | 47 -------------- modules/system/sane-defaults.nix | 4 -- 5 files changed, 4 insertions(+), 160 deletions(-) delete mode 100644 effects.nix delete mode 100644 modules/system/hercules.nix diff --git a/README.md b/README.md index 8d5da60..4e21a30 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ 雪定(せってい) -Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and flake-parts modules. +Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and nilla modules. > [!CAUTION] > I tried to make the modules in this repository useful to others without having @@ -25,13 +25,12 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, - modules - options which in principle should be reusable by others - system - my opinionated nixos/nix-darwin modules - home - my opinionated home-manager modules - - flake - flake-parts modules + - nilla - nilla modules - services - configs for services I self-host - secrets - agenix secrets - wrappers - nix packages wrapped with my configs (see: [wrapper-manager](https://github.com/viperML/wrapper-manager)) - assets - miscellaneous values reused throughout my config -- effects.nix - hercules-ci configuration ## Code guidelines @@ -55,9 +54,8 @@ clean, maintainable, and reusable. Sorted rougly by priority +- get rid of flakes completely - bring back ci (sorta done) -- hercules-ci effects for deploying machines on update (if configuration is - valid) -- fix disko +- automatic deploys (either push or pull, to be decided) - make the configuration truly declarative (to a reasonable degree) - themeing solution diff --git a/effects.nix b/effects.nix deleted file mode 100644 index aa9906a..0000000 --- a/effects.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - config, - lib, - withSystem, - self, - ... -}: -let - collectFlakeOutputs = - { config, pkgs }: - let - inherit (pkgs) lib; - collectDrvs = - prefix: attrs: - let - drvs = lib.pipe attrs [ - (lib.filterAttrs (_: lib.isDerivation)) - (lib.mapAttrsToList ( - name: drv: { - name = lib.concatStringsSep "." (prefix ++ [ name ]); - inherit drv; - } - )) - ]; - recursed = lib.pipe attrs [ - (lib.filterAttrs ( - _: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true) - )) - (lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ]))) - ]; - in - drvs ++ (lib.flatten recursed); - rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ]; - in - collectDrvs [ ] rootOutputs; -in -{ - defaultEffectSystem = "aarch64-linux"; - - hercules-ci = { - flake-update = { - enable = true; - when.dayOfWeek = "Mon"; - }; - }; - - herculesCI = herculesCI: { - onPush.default = { - outputs.effects = { - pin-cache = withSystem config.defaultEffectSystem ( - { pkgs, hci-effects, ... }: - let - collected = collectFlakeOutputs { - inherit (herculesCI) config; - inherit pkgs; - }; - cachixCommands = lib.concatMapStringsSep "\n" ( - { name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}" - ) collected; - in - hci-effects.runIf (herculesCI.config.repo.branch == "main") ( - hci-effects.mkEffect { - secretsMap."cachix-token" = "cachix-token"; - inputs = [ pkgs.cachix ]; - userSetupScript = '' - cachix authtoken $(readSecretString cachix-token .token) - ''; - # Discarding the context is fine here because we don't actually want to build those derivations. - # They have already been built as part of this job, - # we only want to pin them to make sure cachix doesn't GC them. - effectScript = builtins.unsafeDiscardStringContext cachixCommands; - } - ) - ); - }; - }; - }; - - perSystem = - { pkgs, lib, ... }: - rec { - legacyPackages.outputsList = - let - config = self.herculesCI { - primaryRepo = { }; - herculesCI = { }; - }; - in - collectFlakeOutputs { inherit config pkgs; }; - - legacyPackages.github-matrix = - let - systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList; - in - lib.concatMapStringsSep "\n" ( - { name, value }: - '' - ${name}=${builtins.toJSON (map (d: d.name) value)} - '' - ) (lib.attrsToList systems); - }; -} diff --git a/modules/system/default.nix b/modules/system/default.nix index 4b82bd1..0c450a0 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -22,7 +22,6 @@ (import ./tailscale.nix { inherit isLinux; }) (import ./containers.nix { inherit isLinux; }) ./unfree.nix - (import ./hercules.nix { inherit isLinux; }) (import ./github-runner.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; }) diff --git a/modules/system/hercules.nix b/modules/system/hercules.nix deleted file mode 100644 index a5fba52..0000000 --- a/modules/system/hercules.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ isLinux }: -{ - config, - lib, - ... -}: -let - options = { - settei.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration"; - }; - - herculesUser = - if isLinux then - config.systemd.services.hercules-ci-agent.serviceConfig.User - else - config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName; -in -{ - _file = ./hercules.nix; - - inherit options; - - config = lib.mkIf config.settei.hercules.enable { - age.secrets.hercules-token = { - file = ../../../secrets/hercules-token.age; - owner = herculesUser; - }; - age.secrets.hercules-cache = { - file = ../../../secrets/hercules-cache.age; - owner = herculesUser; - }; - age.secrets.hercules-secrets = { - file = ../../../secrets/hercules-secrets.age; - owner = herculesUser; - }; - - services.hercules-ci-agent = { - enable = true; - settings = { - clusterJoinTokenPath = config.age.secrets.hercules-token.path; - concurrentTasks = lib.mkDefault 4; - binaryCachesPath = config.age.secrets.hercules-cache.path; - secretsJsonPath = config.age.secrets.hercules-secrets.path; - }; - }; - }; -} diff --git a/modules/system/sane-defaults.nix b/modules/system/sane-defaults.nix index ae4a097..20a4bab 100644 --- a/modules/system/sane-defaults.nix +++ b/modules/system/sane-defaults.nix @@ -62,15 +62,11 @@ let "https://cache.nrab.lol" "https://cache.garnix.io" "https://nix-community.cachix.org" - "https://hyprland.cachix.org" - "https://hercules-ci.cachix.org" "https://nrabulinski.cachix.org" ]; extra-trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" ]; From 39bde5a9b371ad897c6f80e4b4287498f51a093a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 29 May 2025 20:49:21 +0200 Subject: [PATCH 29/34] forgejo: no redundant CI --- .forgejo/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 1f13e6d..ac6058b 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -1,5 +1,6 @@ on: push: + branches: [main] pull_request: types: [opened, synchronize, reopened] From a4f914ef2b053b2e4f8f4e8575908c7e1e7acc77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 1 Jun 2025 18:29:03 +0200 Subject: [PATCH 30/34] flake.lock: update --- flake.lock | 238 +++++++++++++++++-------------- modules/home/desktop/default.nix | 9 +- modules/system/sane-defaults.nix | 2 + pkgs/conduit/default.nix | 13 +- 4 files changed, 133 insertions(+), 129 deletions(-) diff --git a/flake.lock b/flake.lock index 2b4bac2..6b5f720 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "__flake-compat": { "flake": false, "locked": { - "lastModified": 1743033641, - "narHash": "sha256-7L0/So1J21N4VHaZRzdK6Ywj3+NLdHfM8z0o5XVuPeo=", + "lastModified": 1748460212, + "narHash": "sha256-RBUseGlYAKOd8hnKVujiGzpdJoZWj5e3A+Ds2mKsv28=", "ref": "refs/heads/main", - "rev": "5bbdeaea85d5f396f01e8af94bcb6f29d5af22f7", - "revCount": 83, + "rev": "88e58d66efad1b3e0edf8633ea0774f7105d37c9", + "revCount": 86, "type": "git", "url": "https://git.lix.systems/lix-project/flake-compat.git" }, @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -46,11 +46,11 @@ "attic": { "flake": false, "locked": { - "lastModified": 1742679462, - "narHash": "sha256-L9q9KDqiJEREM/GRnSo4vB9VCvclmdRT9vXuFwBmb9Y=", + "lastModified": 1748777195, + "narHash": "sha256-j3GQS4zm4zc1yo+5hCs0kpIGNDePj7ayRkbqsy3tyYs=", "ref": "refs/heads/main", - "rev": "087bfe9234f8dc682dbf1d8f96c0b712f587c466", - "revCount": 368, + "rev": "ec24c04e345ab02ff35020d99e34f1eda0b82352", + "revCount": 373, "type": "git", "url": "https://git.lix.systems/nrabulinski/attic.git" }, @@ -78,11 +78,11 @@ "conduit-src": { "flake": false, "locked": { - "lastModified": 1742789401, - "narHash": "sha256-oZ8TPrtzPwXupsAfwMjLRI/s0/PokqL3q1ejeGVn5lE=", + "lastModified": 1748702033, + "narHash": "sha256-W72vGS0qJow1O4jXkuE3px4eNyFJeZqjuMREs6Lb5bU=", "owner": "famedly", "repo": "conduit", - "rev": "a7e6f60b41122761422df2b7bcc0c192416f9a28", + "rev": "a1886a13967b0471b55428f7aed55087ad357491", "type": "gitlab" }, "original": { @@ -95,11 +95,11 @@ "crane": { "flake": false, "locked": { - "lastModified": 1745454774, - "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", + "lastModified": 1748047550, + "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=", "owner": "ipetkov", "repo": "crane", - "rev": "efd36682371678e2b6da3f108fdb5c613b3ec598", + "rev": "b718a78696060df6280196a6f992d04c87a16aef", "type": "github" }, "original": { @@ -110,11 +110,11 @@ }, "crane_2": { "locked": { - "lastModified": 1745454774, - "narHash": "sha256-oLvmxOnsEKGtwczxp/CwhrfmQUG2ym24OMWowcoRhH8=", + "lastModified": 1743700120, + "narHash": "sha256-8BjG/P0xnuCyVOXlYRwdI1B8nVtyYLf3oDwPSimqREY=", "owner": "ipetkov", "repo": "crane", - "rev": "efd36682371678e2b6da3f108fdb5c613b3ec598", + "rev": "e316f19ee058e6db50075115783be57ac549c389", "type": "github" }, "original": { @@ -130,11 +130,11 @@ ] }, "locked": { - "lastModified": 1743359449, - "narHash": "sha256-unjpn5SCn55Ma+/grXuTybICgUa/bcPGKxJMt9lLoIg=", + "lastModified": 1748354048, + "narHash": "sha256-BUUifoC7bipKczvpk8fq+UYrhiK95nt/zhMuPcelzWg=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "fe625481e50d05aa452d684d5228e5059b4942d4", + "rev": "eb1b636932ba2f19522d3687ba27c6adf3fd5978", "type": "github" }, "original": { @@ -151,11 +151,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "type": "github" }, "original": { @@ -167,11 +167,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -234,24 +234,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -267,20 +249,67 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "mailserver", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "mailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "mailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "helix": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1743346877, - "narHash": "sha256-WczB9koq4xvdBZoMLW8VFT16RGaDrJXyA0rDTg2GFVU=", + "lastModified": 1748702599, + "narHash": "sha256-cXzTGHrZsT4wSxlLvw2ZlHPVjC/MA2W0sI/KF1yStbY=", "owner": "helix-editor", "repo": "helix", - "rev": "e148d8b3110ace99505c0871714cd64391cc4ba3", + "rev": "2baff46b2578d78d817b9e128e8cc00345541f0b", "type": "github" }, "original": { @@ -296,11 +325,11 @@ ] }, "locked": { - "lastModified": 1743360001, - "narHash": "sha256-HtpS/ZdgWXw0y+aFdORcX5RuBGTyz3WskThspNR70SM=", + "lastModified": 1748737919, + "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "b6fd653ef8fbeccfd4958650757e91767a65506d", + "rev": "5675a9686851d9626560052a032c4e14e533c1fa", "type": "github" }, "original": { @@ -312,11 +341,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1743274305, - "narHash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=", + "lastModified": 1748588861, + "narHash": "sha256-bP9MHHCx/6Pi1TlO7Iq8X6AUoQHzyExQJNnSHSOqUUk=", "ref": "refs/heads/main", - "rev": "d169c092fc28838a253be136d17fe7de1292c728", - "revCount": 17746, + "rev": "3815dd5e64fc374fa4dcc5064470cd7a7d77aaf3", + "revCount": 17966, "type": "git", "url": "https://git.lix.systems/lix-project/lix.git" }, @@ -327,7 +356,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "flakey-profile": "flakey-profile", "lix": [ "lix" @@ -337,11 +366,11 @@ ] }, "locked": { - "lastModified": 1742945498, - "narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", + "lastModified": 1747667424, + "narHash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=", "ref": "refs/heads/main", - "rev": "fa69ae26cc32dda178117b46487c2165c0e08316", - "revCount": 138, + "rev": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700", + "revCount": 144, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -354,17 +383,18 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", + "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-24_11": "nixpkgs-24_11" + "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1742413977, - "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", + "lastModified": 1748689589, + "narHash": "sha256-ltwdNAsto54HMQFdrCprWXPFhNBfEuiCkj+GS7ZHvww=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "b4fbffe79c00f19be94b86b4144ff67541613659", + "rev": "c9f61e02aee97dc8c7d4f3739b012a992183508c", "type": "gitlab" }, "original": { @@ -376,11 +406,11 @@ "nh": { "flake": false, "locked": { - "lastModified": 1746032033, - "narHash": "sha256-BCD0tfDNlQHFM75THRtXM3GegMg/KbREsYllg7Az9ao=", + "lastModified": 1748096601, + "narHash": "sha256-ji/9z1pRbosyKVVAIGBazyz6PjWV8bc2Ux2RdQrVDWY=", "owner": "nix-community", "repo": "nh", - "rev": "894bb7ebf3adb58f76d1f7d9f6b33f58758d40f0", + "rev": "1ea27e73a3dcbc9950258e9054377ee677d12b9e", "type": "github" }, "original": { @@ -411,11 +441,11 @@ "nilla": { "flake": false, "locked": { - "lastModified": 1743409018, - "narHash": "sha256-fghnO1XmDnM0U6PdFu0GquNIRQNxH2IQ1AgifyZk6Wk=", + "lastModified": 1748686039, + "narHash": "sha256-7iLzbTLtgdFtm9em3xxHO9BunN2YpgYquMLKXh5hEpQ=", "owner": "nilla-nix", "repo": "nilla", - "rev": "6747fe62879d7d15c96808bc370a52941287772c", + "rev": "4e6038f4ebc89487194013af6a1e077dfeb00359", "type": "github" }, "original": { @@ -440,19 +470,20 @@ "type": "github" } }, - "nixpkgs-24_11": { + "nixpkgs-25_05": { "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "lastModified": 1747610100, + "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-24.11", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-lib": { @@ -469,11 +500,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1743259260, - "narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=", + "lastModified": 1748662220, + "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", "owner": "nixos", "repo": "nixpkgs", - "rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f", + "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", "type": "github" }, "original": { @@ -557,11 +588,11 @@ ] }, "locked": { - "lastModified": 1739240901, - "narHash": "sha256-YDtl/9w71m5WcZvbEroYoWrjECDhzJZLZ8E68S3BYok=", + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "03473e2af8a4b490f4d2cdb2e4d3b75f82c8197c", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", "type": "github" }, "original": { @@ -615,21 +646,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt": { "inputs": { "nixpkgs": [ @@ -637,11 +653,11 @@ ] }, "locked": { - "lastModified": 1743081648, - "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", "type": "github" }, "original": { @@ -684,11 +700,11 @@ ] }, "locked": { - "lastModified": 1707430137, - "narHash": "sha256-QeYv+l7v5raFE5vpnxicFRK0LIRPvbpxsMKqwkRqtBc=", + "lastModified": 1748551590, + "narHash": "sha256-SwTvZHFrPUxaWm1DFOmRMDP813sMhvKpd8onQBNJIeo=", "owner": "nrabulinski", "repo": "wrapper-manager-hm-compat", - "rev": "16b0cf2e5f157ffe79114927d6006dc71dbe2210", + "rev": "f4cffb7d2f9aa5c6fc652a065bea7dfea5856fee", "type": "github" }, "original": { @@ -700,18 +716,18 @@ "zjstatus": { "inputs": { "crane": "crane_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1743151937, - "narHash": "sha256-SjfGN+3wrzgRvzpziowTQUIr/o6ac5iMniua0ra6elo=", + "lastModified": 1745230073, + "narHash": "sha256-OER99U7MiqQ47myvbsiljsax7OsK19NMds4NBM9XXLs=", "owner": "dj95", "repo": "zjstatus", - "rev": "2772e18d1bf57b5fe24c7e2c86a6cbec0475cd88", + "rev": "a819e3bfe6bfef0438d811cdbb1bcfdc29912c62", "type": "github" }, "original": { diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix index 068c82c..d01c4cd 100644 --- a/modules/home/desktop/default.nix +++ b/modules/home/desktop/default.nix @@ -20,16 +20,13 @@ nerd-fonts.iosevka nerd-fonts.iosevka-term fontconfig - signal-desktop + signal-desktop-bin ]; - settei.unfree.allowedPackages = [ "signal-desktop" ]; + settei.unfree.allowedPackages = [ "signal-desktop-bin" ]; fonts.fontconfig.enable = true; - programs.firefox = { - enable = true; - package = lib.mkIf pkgs.stdenv.isDarwin pkgs.firefox-unwrapped; - }; + programs.firefox.enable = true; programs.qutebrowser = { enable = true; diff --git a/modules/system/sane-defaults.nix b/modules/system/sane-defaults.nix index 20a4bab..2df8471 100644 --- a/modules/system/sane-defaults.nix +++ b/modules/system/sane-defaults.nix @@ -112,6 +112,8 @@ let darwinConfig = lib.optionalAttrs (!isLinux) { system.stateVersion = 4; + # FIXME: Remove + system.primaryUser = username; security.pam.services.sudo_local.touchIdAuth = true; diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix index 387cf2d..10775f7 100644 --- a/pkgs/conduit/default.nix +++ b/pkgs/conduit/default.nix @@ -1,10 +1,6 @@ { - lib, - stdenv, src, - libiconv, rocksdb, - darwin, rustPlatform, }: let @@ -17,17 +13,10 @@ rustPlatform.buildRustPackage { inherit src; strictDeps = true; - useFetchCargoVendor = true; - cargoHash = "sha256-wESDxtKRMm/jyCr4kc20UuHGcE2s+OCMjfL+l1XihnA="; + cargoLock.lockFile = "${src}/Cargo.lock"; nativeBuildInputs = [ rustPlatform.bindgenHook ]; - buildInputs = lib.optionals stdenv.isDarwin [ - libiconv - darwin.apple_sdk.frameworks.Security - darwin.apple_sdk.frameworks.SystemConfiguration - ]; - # Use system RocksDB ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; ROCKSDB_LIB_DIR = "${rocksdb}/lib"; From 33d9ec11108f4b55f8661e7a17bc4ba6742531c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Mon, 2 Jun 2025 15:00:52 +0200 Subject: [PATCH 31/34] flake.nix: remove niko-nur --- flake.lock | 74 ++-------------------------- flake.nix | 3 -- modules/home/desktop/default.nix | 42 ++-------------- modules/home/desktop/qutebrowser.nix | 38 ++++++++++++++ 4 files changed, 46 insertions(+), 111 deletions(-) create mode 100644 modules/home/desktop/qutebrowser.nix diff --git a/flake.lock b/flake.lock index 6b5f720..af46674 100644 --- a/flake.lock +++ b/flake.lock @@ -180,24 +180,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -419,25 +401,6 @@ "type": "github" } }, - "niko-nur": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1723663703, - "narHash": "sha256-ubPcnvjRQCzZgaYTWOKd82xXwJKmOaPjStUOUkyRTSs=", - "owner": "nrabulinski", - "repo": "nur-packages", - "rev": "567fd42dc54f71ce1705180ad7f35f786f00ed9a", - "type": "github" - }, - "original": { - "owner": "nrabulinski", - "repo": "nur-packages", - "type": "github" - } - }, "nilla": { "flake": false, "locked": { @@ -456,11 +419,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723603349, - "narHash": "sha256-VMg6N7MryOuvSJ8Sj6YydarnUCkL7cvMdrMcnsJnJCE=", + "lastModified": 1748662220, + "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", "owner": "nixos", "repo": "nixpkgs", - "rev": "daf7bb95821b789db24fc1ac21f613db0c1bf2cb", + "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", "type": "github" }, "original": { @@ -486,34 +449,6 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1748662220, - "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "racket": { "inputs": { "nixpkgs": [ @@ -549,9 +484,8 @@ "lix-module": "lix-module", "mailserver": "mailserver", "nh": "nh", - "niko-nur": "niko-nur", "nilla": "nilla", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "racket": "racket", "treefmt": "treefmt", "wrapper-manager": "wrapper-manager", diff --git a/flake.nix b/flake.nix index 9786d64..594009f 100644 --- a/flake.nix +++ b/flake.nix @@ -47,9 +47,6 @@ url = "gitlab:famedly/conduit?ref=next"; flake = false; }; - niko-nur = { - url = "github:nrabulinski/nur-packages"; - }; attic = { url = "git+https://git.lix.systems/nrabulinski/attic.git"; flake = false; diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix index d01c4cd..b25eca0 100644 --- a/modules/home/desktop/default.nix +++ b/modules/home/desktop/default.nix @@ -8,7 +8,10 @@ { _file = ./default.nix; - imports = [ ./zellij.nix ]; + imports = [ + ./zellij.nix + ./qutebrowser.nix + ]; options.settei.desktop = { enable = lib.mkEnableOption "Common configuration for desktop machines"; @@ -27,42 +30,5 @@ fonts.fontconfig.enable = true; programs.firefox.enable = true; - - programs.qutebrowser = { - enable = true; - package = - if pkgs.stdenv.isDarwin then inputs'.niko-nur.packages.qutebrowser-bin else pkgs.qutebrowser; - searchEngines = { - r = "https://doc.rust-lang.org/stable/std/?search={}"; - lib = "https://lib.rs/search?q={}"; - nip = "https://jisho.org/search/{}"; - }; - settings = { - tabs = { - indicator.width = 3; - }; - - fonts = { - default_family = "IosevkaTerm Nerd Font"; - default_size = "13px"; - }; - - content = { - canvas_reading = true; - blocking.method = "both"; - javascript.clipboard = "access"; - }; - }; - # Workaround because the nix module doesn't properly handle options that expect a dict - extraConfig = '' - c.tabs.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 } - c.statusbar.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 } - ''; - keyBindings = { - passthrough = { - "" = "mode-leave"; - }; - }; - }; }; } diff --git a/modules/home/desktop/qutebrowser.nix b/modules/home/desktop/qutebrowser.nix new file mode 100644 index 0000000..569e8e1 --- /dev/null +++ b/modules/home/desktop/qutebrowser.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: +{ + programs.qutebrowser = { + # TODO: Enable again + enable = pkgs.stdenv.isLinux; + searchEngines = { + r = "https://doc.rust-lang.org/stable/std/?search={}"; + lib = "https://lib.rs/search?q={}"; + nip = "https://jisho.org/search/{}"; + }; + settings = { + tabs = { + indicator.width = 3; + }; + + fonts = { + default_family = "IosevkaTerm Nerd Font"; + default_size = "13px"; + }; + + content = { + canvas_reading = true; + blocking.method = "both"; + javascript.clipboard = "access"; + }; + }; + # Workaround because the nix module doesn't properly handle options that expect a dict + extraConfig = '' + c.tabs.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 } + c.statusbar.padding = { 'top': 5, 'bottom': 5, 'right': 10, 'left': 10 } + ''; + keyBindings = { + passthrough = { + "" = "mode-leave"; + }; + }; + }; +} From a6f43b43b2d216186f209642db153a6bc8dcbfb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Mon, 2 Jun 2025 15:03:12 +0200 Subject: [PATCH 32/34] default.nix: reexport system configurations --- default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/default.nix b/default.nix index bb13b3b..6443a49 100644 --- a/default.nix +++ b/default.nix @@ -5,4 +5,8 @@ in { ci.check = getPackage "ci-check"; formatter = getPackage "formatter"; + systems = { + nixos = builtins.mapAttrs (_: system: system.result) nilla.systems.nixos; + darwin = builtins.mapAttrs (_: system: system.result) nilla.systems.darwin; + }; } From 4d21f49551b777d68137d1cc025aac4c7a5467d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Wed, 23 Apr 2025 16:09:30 +0200 Subject: [PATCH 33/34] modules/system/builder: init remote-builder module --- hosts/youko/default.nix | 19 +++++++++++++++ modules/system/builder.nix | 49 ++++++++++++++++++++++++++++++++++++++ modules/system/default.nix | 1 + 3 files changed, 69 insertions(+) create mode 100644 modules/system/builder.nix diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix index 7f39ac5..4553e2a 100644 --- a/hosts/youko/default.nix +++ b/hosts/youko/default.nix @@ -1,3 +1,17 @@ +{ config, lib, ... }: +let + builderUsers = lib.pipe config.assets.sshKeys.system [ + (lib.filterAttrs ( + name: _: + !lib.elem name [ + "youko" + "kazuki" + "ude" + ] + )) + lib.attrValues + ]; +in { config.systems.nixos.youko.module = { @@ -31,6 +45,11 @@ settei.desktop.enable = true; }; + settei.remote-builder = { + enable = true; + sshKeys = builderUsers; + }; + services.udisks2.enable = true; settei.incus.enable = true; virtualisation.podman.enable = true; diff --git a/modules/system/builder.nix b/modules/system/builder.nix new file mode 100644 index 0000000..c19b769 --- /dev/null +++ b/modules/system/builder.nix @@ -0,0 +1,49 @@ +{ isLinux }: +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.settei.remote-builder; + + sharedConfig = { + users.users.${cfg.user} = { + shell = pkgs.bash; + openssh.authorizedKeys.keys = cfg.sshKeys; + }; + + nix.settings.trusted-users = [ cfg.user ]; + }; + + linuxConfig = lib.optionalAttrs isLinux { + users.users.${cfg.user} = { + isSystemUser = true; + group = cfg.user; + }; + users.groups.${cfg.user} = { }; + }; + + mergedConfig = lib.mkMerge [ + sharedConfig + linuxConfig + ]; +in +{ + _file = ./builder.nix; + + options.settei.remote-builder = { + enable = lib.mkEnableOption "configuring this machine as a remote builder"; + user = lib.mkOption { + type = lib.types.str; + default = "nixremote"; + }; + sshKeys = lib.mkOption { + type = lib.types.listOf lib.types.singleLineStr; + default = [ ]; + }; + }; + + config = lib.mkIf cfg.enable mergedConfig; +} diff --git a/modules/system/default.nix b/modules/system/default.nix index 0c450a0..bb16c05 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -25,6 +25,7 @@ (import ./github-runner.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; }) + (import ./builder.nix { inherit isLinux; }) ]; options.settei = with lib; { From 1a4f685c16fdcc6a9e2383d9e1f6782ad7e41836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sat, 3 May 2025 11:08:24 +0200 Subject: [PATCH 34/34] services/paperless: init --- secrets/alert-nrab-lol-pass.age | Bin 384 -> 384 bytes secrets/alert-plain-pass.age | 38 ++++++++++---------- secrets/attic-creds.age | 12 +++---- secrets/forgejo-token.age | Bin 479 -> 479 bytes secrets/github-token.age | Bin 583 -> 583 bytes secrets/hercules-cache.age | Bin 869 -> 869 bytes secrets/hercules-secrets.age | Bin 813 -> 813 bytes secrets/hercules-token.age | Bin 778 -> 778 bytes secrets/leet-nrab-lol-pass.age | 12 +++---- secrets/miyagi-niko-pass.age | 13 ++++--- secrets/nrab-lol-cf.age | Bin 380 -> 380 bytes secrets/ntfy-alert-pass.age | 36 +++++++++---------- secrets/ntfy-niko-pass.age | 14 ++++---- secrets/paperless-pass.age | 7 ++++ secrets/rab-lol-cf.age | Bin 380 -> 490 bytes secrets/rabulinski-com-cf.age | Bin 380 -> 380 bytes secrets/secrets.nix | 5 +++ secrets/storage-box-creds.age | 13 +++---- secrets/storage-box-webdav.age | 13 ++++--- secrets/ude-deluge.age | 13 +++---- secrets/youko-niko-pass.age | 12 +++---- secrets/zitadel-master.age | Bin 354 -> 354 bytes services/default.nix | 1 + services/paperless.nix | 61 ++++++++++++++++++++++++++++++++ 24 files changed, 163 insertions(+), 87 deletions(-) create mode 100644 secrets/paperless-pass.age create mode 100644 services/paperless.nix diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index a5e31ca003669aa2da7141c27a01fc8aea40df94..3676a47bfc0223f11fa69918cb627e19244a6ca9 100644 GIT binary patch delta 349 zcmZo*ZeX6EQ}1ROqVFH+>XI8!l@#ipS7n-?XkJ=kWKxzB=>HlvVdRq*WE4?o!KG`bP+Xj$ zo0?)|YHDby;O?DKR-UeqAC&8oof_g-?ik{qn(XQvP+wt@8eC;qm6uoLXYTIglW*u% z=9lW7U6c{YRS=e!?h|5BmgSY}?4MYc6yW2Z=bcljT~!|G>t$4$7+O$};gzm!>J@Cj zrK_u}knK_KrEglIAC*_)<5Llmm|Rs>?pKsoQtlO+?G_Z06;_($m0#kfA8cX3Wv(ru zsrk-~H_VZ9gW24rx?8<}zl&%7ZoXz&R5sUS$6u=oMB46rHrMIS=y!(qL09tr{7XSbN delta 349 zcmZo*ZeX6EQy-dIp>Gjp9$u(#=~QKzSLPK|o|a?kW~LvQT9KKT=;E1?YG{(~SQws{ z&ZVDI7Ga)Tl^KzopAqh9;TCL>TA7rT;+PojlI~~ZS5{`EZ>;a)lIZM~&ZTRoP+Xj$ zo0?)|YHDby;O?DKR-UflmFsK~9_nNgoL%5rX_*)4UY~DSoR;qwP+?f$?^sw?Xb|aA zm|~J+QWjp$x;aqH<8krMNR;FF)lV4Wp=2(%Pm{Fu(V47Hv?4#|JnUj{y zrK_u}kZoELUk%e6n-fx(ku7>N8~ZXi5LEaT;Gv ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0 -OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4 --> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ -h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg --> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk -7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18 --> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE -d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw --> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w -+WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg --> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI -AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI --> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE -qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ --> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI -vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w ---- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk -Ji'6&&o -k4-hu}2|1DIl9ܦY \ No newline at end of file +-> ssh-ed25519 GKhvwg /jQLcJCNx2g7rM8udm1ZyPDeqc0pJ95VpIsWObAG/xM +0QCmRI3pXNLmzIENjDyVNQLISQd6uyA/HOyXB1W47X0 +-> ssh-ed25519 H0Rg/A r98Ge9hReVxBKmQuAfX63L8y9W2vQh2PC/VMtGnS/SE +itKOWkxTHsM/SlhW+AA037ns0XmOaLHWrEtguC5h5Pw +-> ssh-ed25519 84j9mw FlKDqV1OxbxZ3s6mtYS6hzdOrMvY+GuYrXWoBk2Xo0Q +XqYK9dQXXx8eKlYhwQ5N+62GX/48VWQ51UyNialg5/E +-> ssh-ed25519 5A7peQ MIpjM9J/7wAVGuB5eRStLAAqLEE9Ff4E6eoWqEE4lk8 +J0o+kgUBuk0odbuLvuRns699wfY/LPHc9RZydpnyVc0 +-> ssh-ed25519 g2vRWw eNdLCZX01DMm9nZgugFCXIoqANF4Um+xxKQQf8SOax0 +i7H34Lumyn5qtigixSRbaYf1bm92kQLCf+EZKJeYmlw +-> ssh-ed25519 B2veVw DvHqN4AUU1mjB++Qwz1vNYHxST/8qZTM+p9PfIyFsHw +BU+58wSWdknW6WbEr+uCenfaC1vLm3usdP1P8YBbn+8 +-> ssh-ed25519 IFuY+w d3WEXFMgaOUSo3jwkOBzmqTqYyZLkIWnINFj7FZCHlE +u7KuKcjzTvCMJqiIzE2wNxNUjQuVaCcumnkNmVIg460 +-> ssh-ed25519 rA7dkQ XjfR8WOE/ajNfI2PvtjccMWt4ZA5ZcQfRLaswf8o/BM +cjEt4pbJgoiqQYDMAeOEKO8IsGrutkbYiJt+s9v65+M +--- Itt4v03PVRtcZ+msFBO6VKi3kDuK5+mjsQ0LZXQhWTk +3qo߅n/3$? _m8 +v:mjd|wr \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index e901eb7..327f967 100644 --- a/secrets/attic-creds.age +++ b/secrets/attic-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw ZJAtY/6itD2g/hCRjxKrV1ZWQIzM/YgKGNa5CT71YBc -mMGp1ZjBx0qEugMAnixkVn88HqdNui/gyJt/okwRDP8 --> ssh-ed25519 GKhvwg JbvduCfwAY610WxpitcGlScY98bGeNYDqKuxHkrqZDU -4aCApDeZnE/7xA3JzxqD5awQv9N5oa2TcHQOZx+CBpE ---- nGz8lBsZ79RPshiTTFlSTVsZP7lfaNKBZFC7TtZ2ves -['!eUTRG̠1dI{aϪ+'?"ʵ&NxkāRϗ)\a~o`htΖ-WrhxE +']>r9Oa=+W t} \ No newline at end of file +-> ssh-ed25519 84j9mw NTO+6rjQ67mvDfLbkZNyuvxGXVlKjqnH5Wg0/qD8Zkk +oIrs9tsRkEqIb9lLQnF61DefTWtF60iSJEfm2b4dkLU +-> ssh-ed25519 GKhvwg 1URR/IKkYchQlxgQDK0Dh20KXTrulyJfnO3JXjECBjw +K2N7/b88tkEa8bTSRRWLChPN5GbbNip4qDx4HubEP9s +--- 4DdZ4N53a/aiMQcO0okbaeo3npYD+WrjoFYVnIMkmEk +(5/[p+&.$*Z*b~¤>"& !9RG7r?KrDmEl~1DѨCgE?q"w7:X|Dpg4Y4bĩ-.`#wC,y|["k*YF \ No newline at end of file diff --git a/secrets/forgejo-token.age b/secrets/forgejo-token.age index f16f8e1c0958e8ab2e39d408d457a5771b041714..4f8cba62e0bf056d69c18916e2fcbefeff8c02fb 100644 GIT binary patch delta 425 zcmcc5e4lxOPJO6JT25M`TT)b>OQNGiT3%peWxh+euc47)fv2T&h-H9xu9Ii3w{w6| zF_(#>TV9lQNKS60iC36&c1T9Dg-5w*l(wZ~VXjHAw~K#JsC!^~vWsJWIhU@TLUD11 zZfc5=si~o*f~Q+)q;|Q2w@a#VqJChur-4bOepOVukDFDKjPEl2&ccx!hcyU2xZm~sGx^YhO z#E;_jE7! z;V#;xhGvchK|V%anL)lT$yG*P-r-g59{R4O$@+OwSr!q=DQ@{(y1Kdw=^5Il{$5^T zQQD4y&d&a3VaAySVI_VQiS8MJ`l;DwIWB$?VWuV?M&-E{TtCm%Pns31S=KdYyUT^y zI}YtUbE)RW7l&u{6`jJ3YtH)5a25I^Aiv`@8~@B^b@mUM_Q@WWp}QQ+yfXgT V<=(X$S4bwgC+*gFd~<`#BmkbBnZE!4 delta 425 zcmcc5e4lxOPQ7bRab$^;uZf#~Qf6hLrCC^!cSKc|YlW+Eq+3{!L5N3Qdaz-5j!~7f z30J6dQI2t*M^><#cZFAEhFfJ?xQBLuu~$Y;R#I|!MUuW_dQ!4!PM&{-374*&LUD11 zZfc5=si~o*f~Q+)q;|PNfU8kSNM*84siKDTx)SrfDfzpqUT)X4TP2YX9ms{ld>fNVl zTI+U7o;ELVWH?;9?_t1c^_oo|ml^b^t(fHb)#<`|i`LLBI-0vaYH+Rg{~@`>vh|p9 V=#TwVrUWq5_5dq{AeW2UR0SxRAM zq(xeQi+)ZhS8j!Ouv?g0sIy;HZeFl!M3`e$R=SZvZoXlNZ>mRRp0|N^k#Ay^sacfc z#E;_PCN9ZQCRIrh&KX(0;reblA=+N9p@o&nq4^a>A?D#}`399{6(ynW<)PVJZpj8l z{zj(d?*2Z;89^3_h6WXB0jW7DNvQ>??)rWqp=SP7`h`{HCCRRn;~B;46HO{ZjDlQ4 zeFKW}3W_|-%R^HWBag!ws^zTyhc(!t(VU16(WJjrC2; zT?>O!-JCPivZ9PCqauyWtHR1nOiC)M98I#hbaizVii0yV^1_o#U2{T>O8iX>iz~EU zEL;stOT&vSDoO+N^NKx!g1oYV%`=_zxzr7g_}>s&&=$GGWbO7+g=Jl~R- z@ia@W2&}iSVo|scX?uFq-&0od!}nvNM2S%aB_NjxQVCd z#E;_P$&nsej`@k9WffHcZU+9wrH+Bc#f26*F8PsuZjs5Bk(ohho?%IbMOl$t7A}E- z=>~Zr5yna0fj<5gt_4+&0l|Uc$;Qr^Mvj4ru2E(YL8-pEVJ_*D;~B;4olHwiqx`cx zEQ%^kor{CL%lxC#f)m3-%p#LL4TGIslfrY$O7gOU!*U(D91UEZv(geveG5VoGqtmd z!z(MI$}Ce8i*pUV(~^pO!orG5++Fhx%|i0IbaizVD*Tg!Ez?s?9Nnu-ovR#8Je^8B zU7Sm^j6D6l-3nbIEA>NzLL!4aT_d9$xh$q_uk=(p`keFm)I-b@&F55?I5U{#w;tMG z=(PQ2!@R}&wOxJxe%_+F$tmW?g~BHv6Wb=_H9k3ZhHcd?^>cwqu2*N|9e8*AyD&EZ Dvs|_~ diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 48de2e92d78f71dc7278119e66b146191eada756..9ed43f736290d03c9afee6e5e91fad9fc11dada5 100644 GIT binary patch delta 799 zcmaFL_LOacPQ9^#c~EAVtGjD{WUg~zN~%$1q_a~-xKF-orn6VLPpM0>X;^x2aj|%TQF3afvxSedlUZm)PD*HYS#o7&ibYbIZ)R~+MNzq#xwf%eB$uw8LUD11 zZfc5=si~o*f~Q+)q;|PNL3(k7aj9uam3OYbd4Xwerkk&uYfxT5M6$bcX;fu~pHE?; zOGuWhVOgaKS9V!uaF~UQm#29_MzE{1L6Ld3rCW}^p}%9AL1aX6sh4GOh-Xe>NQJ4z z#E;_PMy?sz0hMlf#yP%`S!M~dzLsIxp_z%=$=RMRXN5%VHPGSIewvr*?FOp;~B;4iybSylahl& zi`@*o{M|h~j7`JCv;(V3oC?#DvI7l#Eww96BV0@U^CDci^j*zULJT9dgA%>{4TFrs zvfN6|Bi#$k^oui+%k%@2y$XCw3d#&KLn|Y>baizVLd{Y`vIEKjJ*qszv|ST(@x2;LAaR&40(lTsNsL(KCo+pay%@dERn$-4v<)?e6^trM{4GAXRT-Qd+<1J_x^f84c4}sYWtS#e{(`;`opxNTl|y!<%BQvtc<^_ z^zKXl3inSbH`Xl(&EMu zIy!UXzd19GzgQvfe{tsJlo>HSDVOhb*Uq=N`sqgK7H*4UYiAuWezg1Sd);R{?9aHE v?9g$P*LpK=l}nbSoVeiOzw#?IXZ;pfs@b}JTK)Qe!re#ZHU~8DggpQNp<+dS delta 799 zcmaFL_LOacPJLEoYH(6$wp)OqnPp13zkX7hTasIGT263Aaao2zep;@vg1?t$;lO=-i85{;ZDiU;clUMCb8Xwu z#;Iwc`o_*>xdr+KX@zN(u2J48E+)m!rs<(6$)=@g{?6KlsZ|z};~B;4vr;V6qP&bv z4J^yNl3hZ~Ttj?|a*WdRQUlGC%tP{gw0-?UOY&U8!b7sTvfPp^9D_oFJoCyeg3NOw zT`S!ELetZNvdnYRQnP)cJe|q{B62H&y&{vjbaizVaKh0 zD?jSh(bJ+e&g;{~ws;ra4qCibDF4ofyyffx{cn+>{Q)7Eu-;)yl0$Iih)^bM9cDs%^X2xdToTh$rQgmD4iLiq%tLr7ROg4S~ zX3V#sDyuVm08<3nWv})0=oI>^U@ma!?=dgxcU)OK`%icU7CS%U?%U`_f zz4Um$aA&dmx8JDKRXjPV2Ewe$TOS{qJZqwKhb*^_8DE*)c2iC!@fH8H)-zG+ITt>El0E|f-L6ID diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index b192321de227f9bd47d968ad85a2f80fbb0628bc..488a6507fc59d42dd147b540ae7965062dbfb228 100644 GIT binary patch delta 743 zcmZ3>ww7&zPQ8(_yP<_|uAi4hmUd85p;4f7UXHnTSV>e;S$U9usd-^lsf9^tqL*1^ zHkVseK)AM3cDYG*RGNQMRgj~oXv6qRluS;G?WrllXL}E!wiAk~N z#E;_PSuRG!K5i~amRZh8uBkpj+CfIa0f{b|CE;!?8T~hK5(mh;V{L3TUf+EY( zGThVBJ;Dvm-Ew@K^V~!0^DIp)EK)5!xe}_A@*Ec5sCjhozT}c+jJ;LHmlbo?M_!!x zne#wm(bLP4ldJvApKC2jE^#!=Ihi)4Io<2<_rQef3#b2|a9#RHZuN&4=ISS#F5EX; zvCZE`?arR^+Gkfhc4*#Gn0iM_@LcC({xUw-HM`%7E2}l}&t^+E`u9Wk^rCw06>JBd z#*4bw1zCxm{r>Wbx)RHA^@XP%f8^3K4?N`*{W{>0``Wl(##Q1xQ65!?J)(Ci?p-?X zieoqL`W-hm23h5w;?ca^`t-Bt`TK(L$ddZ^RoU<#Em*^I;J$~nB)mt(3#+>Se ns>od_6OH8GJSy!xbue)qL+H{Yt302^UtZ97+DlM9!|fCR;c6vO delta 743 zcmZ3>ww7&zPJL2&qIPL$MP+c7n@g5|qH|SHW>jTln0JmzLB3(6OQL_iOQ26-p?^}a zCs$%+M47phx0`8Bc9pMjVy1DChmS>OQ9x>mn~`5md45)=QJ6YuXk0jUxc@*PnuI+ii?w%XGn@!dWciHWr|mLW|5`q z#E;_PewBsZp}E=?8EGELUgl;7mBy|mB?T3g=@Auy5#DYQp+TV*1s>^!Nsi@QK^f+* zg?TQC>7j0Axt^}YZrNGcu0|zcRXG{qMega2e%_Uqp@F^zF6O?I;~B;4y^NEz)7^a& zQ*+(RgOkj&(o&sE(=C&dvm!#hl0q$`A(N^*UpBDD>IgCoN#qJn*0 z0$rWLog=HfLp?&mlH5EDGfOLzJSv^a@{26EbaizVLNg5gjE%y4LIRC)D>8~JN=*#h zl03@{QUbFJ15(nQvb78Ajq|+pD*~cSxU5%{+}QU1Va}PEEkW{?b24sD3lw*Xkf=JI zd7pjRziq5fRK5Hht}XxPCfDpzX0dCp-X)irlXdpWFN^n*S~TyjhK=C<0$rQEB90%^ zrsrs0{oy7MxN*waG`Yz?UUICG(4KDgF4v>?-`!0|_fLCXC-dQC(5(%YB0@EF=7<8n6EQF@f>Ry5=C8n(6-1CYLX3bg(u*@jmNNp5j}` zS*#k7;=ZmZd}c1c*AAgPhA=&zdMNtX6jZ=hJ)J zHcI*hFGyQy_FwS3&WVJ5-U=7H{$9A?@xW1;>UYB%!yU?zyBiHoC1?Hj@bKk>xH*EonjV0Uw diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index a7a66a7668c205a2f884bf56be0a0aac9004575e..7f2f655ef2798abf96a1797e6e34e3470265136f 100644 GIT binary patch delta 708 zcmeBT>tdUrQ=b!Qk(O%el9N-Jy z&J|?hR#jZ2U*?|S>|LCaY;0r^U|?bzl~w4KTIG>f;O-lgm1Y!NSy)o;$)#(jP+Xj$ zo0?)|YHDby;OSNxsa>v6Sz#QWR2-U_Ut*D79$}sp=~kTN>JyP}?wK9tpHfn6Vd!cU znCaqX6ycK26&g`d9_1S8pYLIA5$NPwY7v_1krI$m;p*q>7wHxrn3-*2nHKErYZ&D_ z@uPTnexysLOI31qR-v&`nQ3-Xl&5!~Yj$#mX?m$|zK2<*Z;E-AqoH{~erPtAiHo^= zsZnx8pl5nfwqd?Uno)3trXQjD`Q($Onm61thVwB0`ct-L1Y{!hO$nY@N ztc)~s^XyVDlZxEHh}@_spY-tTRFAAO!$NZ>=hEO5%ODf3WKYjxzvN)gGOvP^to&p* zPfMR5HzO}glkyT5N8`fCqyYCs?U0hlg6vQ(U0q!TXJg;UvJ8tv{lch_s6^lVWJi7H zv`81{j691Xw@^>h^sJEjvUCH-)KI5vF8*s(E%O}9Da_iyHt6@CVShRow4vC6ThFY$ro{nTl)TmY`=2_TPD;$_HKO1s!{)C-AjAz z*!%I#FJhm6$x~!3XlGWkzkf3$Uv+D&`^1(i#^0S=B6l56lra%pb!&^*qn{b23~e;1%6jKqz_KT<^`Ae4$m&ejGk>V^rdwY3>_N^; zPfNa7ooeq`CUas(`$ElcruQD@A6up+B<|L@!lRhA!Rl_San06?_FIqqYTNZO;s5|8 COc-$h delta 708 zcmeBT>tdUrQ}1P#s$Y_o=HyrAtL+h#Wgg&^TjcIjVp!}RSQuehmEjaz=I))JS6Sj1 z$Q4}TlvZl!8yxDL;%A&zn3S399b{(Y=2YqA7m=Zz7!>Lqkl~Y7m78Xo&ZTRoP+Xj$ zo0?)|YHDby;OSNxsa>vMXla;PWuzVK9F-g35@hUV;uaZ^S7Gj0Tx?NhmXwkh9PH|s z=bK_4>>lXIRh}K@lpLI8l;`4_lA4-tSeoTi73ydi=u;NqRg_|p>l7JQ98{5?lAD%1 z@uPTnxu<`gd7w*vc4S7rdzNoVWsZ@rVQ_$JLArK{VOEZNR%nKYqjrH~k#Rm(gs*YF ztC4Sox1WAlj)!+*cy@Y(XS#ENS9(OHM`}r4o=>KaOGJies7vwWct-L13}07m&m=>S zigfJ?&yw(rlANsI%*>EL{Q|dgSKp9;Dkqop$Y2-OoX~VG?~;6duk5e@Lz9Xkv#=D` zB11C+$AX};?6f@Bs9eW9x9sFdi#*5RC<9+EU0q#;(yEG_vQb(5nSHt485QC`ta3d36%hJL?uJ8r3f8BYY{&@wfcA>Vpz_Vtx1;G(-f^MZW z2$cNV7jWKNW}dlWsX@&@tJQy(q-M-BD!4Lt+MAsHANs|E16Q5ONKLYoKmWPv93Riu zJl)b#wbzF>sXI*iT<~e}oT(vRc9pNho^{2p(KM>(JTE!x-$v#KYmV<(6H;$8<&W)8 zofz(3`3H>ae_aVz?cd0Fe%;fZtX!Mb*{Vn zB|E`(cf|X<|Fp_IwT<;ZX}M@mz4Y4M`k21%>7JJS#ewhh=CPG`xUJL3Z9gsE^So+O z{mzH$mgcPs*|m1dt=1GqHn+n+xbE0Y5Rc$x6Bb(^nm4EA@pQJT*QeUk)Hl4DCI ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA -v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY --> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ -aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc ---- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE -hkdJw|g~v^jq\ ' yIcdWYF?N/0+h=85# \bm~1y"qAT \ No newline at end of file +-> ssh-ed25519 84j9mw 7HLXJ0FPIlK/5skZB7HsmzyMX3S7I41wPsEPZ7Jb/28 +MJ9oeQWZ9QlL6kuB8QUHoOjdXqOqqpA3kHpr2h/6A5A +-> ssh-ed25519 GKhvwg oVRn1+ZoRU39ucM/It+cxfLEMjF0uSV1O7k0J/8DgnM +ATACnP4ASRJ1qhyrm8yhi2qtDftXMiQ91CbmuqIm2gI +--- ucDElqkYHEoTy0c+vPsy2AQ3aqJmkDSBAADiKB71k2o +.ƛLlCgs.IžR .qxL2BNjFo9]9gTqNia]eaGSkY$ ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk -zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88 --> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac -6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA ---- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE -Q8cV2 ƈ4$h+ey -0#aJ`ng{@.sIgϞc*Q'&k,CuIwɘ +rENշ@FPI?ђ \ No newline at end of file +-> ssh-ed25519 g2vRWw btMiKwz3PwvUTHhz3eQU1PkMqSPJ9gpVZ9WC7u49xmQ +jhQgjo4Vt7e6Q9uERj9UG4AM/gMhMUexBWHI4ofrx7c +-> ssh-ed25519 GKhvwg sZvZftsPUAjQ27PleicM9It+gpRjwPWOdxx85Mr5fxY +G3VOFsNg2p1/KTyACw9QlvfBsyNUG9v7LSkWJl8afrg +--- letALmlj/zH1GJl31nWXeURJHZI6UkToZiTIUgZLv8s +lbxCI_ d:@@^ o:]1s;iv"̽thTwlˠil{An.v[GU0%) \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index bf3032b5b9c19ee0cdf3dbbb19a21c51e7570d32..f991709bfa6bebe37f6585b8ccaff938cb4aa4fb 100644 GIT binary patch delta 345 zcmeyv^oMDJPJLpPX=%D+Wl&j3MrvMKaB*P1S-M%4e`HdGSwvR3fpKZ6Uv`wGS4EOX zGFP^~NwRB3Vo{-AMQ)`_X`Vr#S(>GncDAEWa8X{BS6-2EnPZZBPI94zE0?aFLUD11 zZfc5=si~o*g1dJ{S$VpGbEdaPX#mS!RikQGI1vKtWJdMRs{+o?A|GMVVuv zS5lc#VQ`iOSGq}hc~V4KX{J-EtFvQ}u~AxRiG_J&R-TKgV`@N=Yj%p4mtUDtcyOR2 zm#(g^LU34sQDuRlMPyW{vrBN$PMFJ^uBEqoHqw{)-faoGJQ{r=r z$x7)v|ANZG!#(P@&HNmv6mun}=(hWAt(%?v3gTtzw|``FzpAsJ9aKNRyGg2Wk=p;G sw&B^yC*)4|D=;ulXK7(H^-gT}oRFS&)IsTPRMITZrqm0M4|$mb06H&wvH$=8 diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age index 4e997b6..4b28129 100644 --- a/secrets/ntfy-alert-pass.age +++ b/secrets/ntfy-alert-pass.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 H0Rg/A Gu5zy+v+SITLh8SsiBXDnFDW007MNnWQ3Qo1XnKQVTM -0OLIB6bgEHct3n4ev0HgfaUOl8t93DM3qInsrfBn4Vw --> ssh-ed25519 84j9mw XBb71lyuXkIGxSL+VHv4To64qjGv3tqGGMa5J414uE0 -kuVmbLJ4ZyC6rmNUZOEXfrYHm89iXRqwP2Gv5lV4XSE --> ssh-ed25519 5A7peQ Zby6NTv0q8OQ9qvo7DvE4OVOpShVKE8K7QWTson0DCo -eMTfWLUUImhEfXlBl8gYoA1YK0gfpB8VyWa2L3RCA1w --> ssh-ed25519 g2vRWw W5ZMWxUBPvef4sWXhv2aMCLZKlW++4n78vjJ+UE8XFE -0J4OEvtTaffnRHQdfzGOOtBdgmq9is63uSLNFfZ59Oo --> ssh-ed25519 B2veVw tZ3sVtgqEJ5LbK3b2xcH+0z8LaNUPs4KZO9A/VLH71g -MUuolaOws9FLq5MwrGKbseG5Xaok/gad6LQ5bxhN+ss --> ssh-ed25519 IFuY+w sz83GwAlZD8Zp2kH+7pwnETPKSfXDRgSXzNteAAGXF0 -4ByeRXyTp9+XpOirDvPAfDqfxyQXXqdEtTSq/CqKP0o --> ssh-ed25519 rA7dkQ b7UcNJ+8UhrBnJieRvNxHXFBmr6uyh9q4ZtD9vpsTRI -2/jPFKnWvCwc+Ki9gWJ8sbGetH46DZMk7LyxmqSlAe8 --> ssh-ed25519 GKhvwg 1HxU3yc2MfaW6N/zOg5ZRD+imMAIhIdKCp5FYR1BXjY -LlmcWTkjbm9Ig5rECdKieEsbmPZiFenZnLZ4p8YbUbI ---- 8E31okL3vgwlYthWyy+sshdJDHWGBjawZoS/3QaqjT0 -=u\eFcHret[92#YwN~Gfӷ xG^0=W ӓE& \ No newline at end of file +-> ssh-ed25519 H0Rg/A ti8Cilk/v+91Nckt/CuYl6qRuRb3W60gvhB43FW1znI +EeLV+OccotivcRsN/aB/UdF89WiPlJ6R8PeKN6b+OQs +-> ssh-ed25519 84j9mw 5rRP84YZGBMCFStzc5aeOqBmsAmjSb3GkKl47Msuei8 +DLtAz8tWkLu3QBeR+M5ZlJH6c6+GKPwf+qy3NpdTCOo +-> ssh-ed25519 5A7peQ d6JYwhySRN6B0eHl+JiZkxawZuMYuS7RDrSKMQYHLzI +/Yg5Hx948SBDD8shA49Bnv8hooPokYG7Fn9roswNIWI +-> ssh-ed25519 g2vRWw gltJGTfV+a8BKaAkBGXkiW57ymv0vPBQnCS2BWJ6fDc ++yBjIKMdM4eUVJvjs/UedjTH6hLRs56hDUpjpLC/q84 +-> ssh-ed25519 B2veVw GeSb9ZgzHNDDDa/X+HppmefkEelg6JaQr8uaaijjzFo +LRzUrcmZAEosn0Sf4/YOLhbtdgYhWMYe9/uhvAMwcRI +-> ssh-ed25519 IFuY+w gmfb2WEjP2BVhwnL+DzFcsM/ctbihlC6wOr7Bhn8r0o +k4IEjoNZSukZtz+rkOjk/BfaZkJ7T1jNrweKpmGDRZU +-> ssh-ed25519 rA7dkQ EWcPrbtHeD6Rq0mlnoVhgVTZQ586QdRVsZa1K9YkQzk +EN5VG0U1KGdpcT64B6C7kVDwKM/h+gsiTgsKf11XP2s +-> ssh-ed25519 GKhvwg jVotsPuVgxUaZUg5U6QwZO9O6DPsYv5Mp1rfsP353hQ +c8uSgREFANKYeaafurp47MQiGnQxHXkFR5TGAQ7Ykv4 +--- unx7yN4JzSSku/QUYEEUSPxyyLrWLG4zEMB/yRqvKwg +FETAms~_'%r=KxO#Mq'M_5F%P. \ No newline at end of file diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index c42dcd5..5802533 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg -QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8 --> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA -eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I ---- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg -P$N{LrxS:=Wxc(J|48S \ No newline at end of file +-> ssh-ed25519 84j9mw ryWkCbg6qUwncq/HkEIN8qgMjPKVRv86y/gzJFtlS0U +G02X9Uacg0c5acyAmPHx5F6ImZQnjs45hH/tBFpP42I +-> ssh-ed25519 GKhvwg LcIGEajShma720zp/yMndBnEOoZV9aYSsOFmN6yG9wQ +lox/ZbORF9HCKl4lCkTrRQ240JEGljqoAf8+I5q03Z4 +--- 6a1rHleD/+yh+e+/0lm4TIvst9tjT7y6sr6ujApYuZQ +$Q~C7|A{3]&X'' +PRL6 +QYmhm \ No newline at end of file diff --git a/secrets/paperless-pass.age b/secrets/paperless-pass.age new file mode 100644 index 0000000..049b54e --- /dev/null +++ b/secrets/paperless-pass.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 rA7dkQ sXPoNSctxQL6Gh1JrsMuUGp5/PW/v7zFzGzdncnVYnQ +ETOeRcPPhV+RZSZEC2cGsKm2H6eAn8eKJTn1NkJqndQ +-> ssh-ed25519 GKhvwg DWV3js/l+CYRHGgf0NCZwBCigE9U5tf8mkGxVNAIVSY +dxHnQkWKB8+02j3zuaeGVq8+A5vA2ssTccTdFSn5FCw +--- pu5uE5bsrnA7KrZSRGaD6xMKjzsx0ezXn9BbNVsrgAw +Q BV5D!Tt7nn1c1gI0sdI37M0r(+YjRnBxVC#` zGFMKbd0uW*fU9Xxo_?uQP?(8@hl{heQATJ$io3UeX+?--NqIr0kFQsf1(&X!LUD11 zZfc5=si~o*LXo3+N_L=vab$>*hl_iNSCU6@QB_r1a($XtRf)HWtAA-qxO+-~XGU^m zW`ReBo0D@fS4Npxj-P+Ac4eSjwntuRRYVPPLY+CRV9T%6{clLMcTQJT)Mit3MIvr zJ{}f6#m=S?`jH{U`sP*XQB{6Lp*~erNhVo^K?Om6z6JUwg+}g?T%8%0*uI{=bKx+n z#1ltH`6qUl88h#!P4xTjX!N(XNH1PA_4eFX*8crLZfb9v?@VXDzcgzC!>hYL-5Kjj lsvl;GZ#ZRs=TFM_S-p!*uYa8T*3BuV=6UgfwA2lE4FMPJsL}uc delta 325 zcmaFG{D*0RPIzIcV|I2yR+ei>rB9-PXH;5Ju0^GnQGS7olT&eCdQwr5UsidkfswmG zF;{khtG7#4xMx~%c6we^WRSK&PI`&6cVU@s^={rp zuI|MZrnvzb;dzCoWq#>y=@q^fhGu1EQI770W(Bz^rP-xU;Vv$rT!py-L1m6cNht>5 z#(_COW*HVvKF<37+7VeH1qKFXkr80H7>6#|YMYU?<;XZ-hwZJi(Db7Rxh z9XYXE#n%|vInS^4vf6Htw{OD+HfHBpuFsApK9+e9wxynB3A13*1zshll;7ewv{xS9nxjx<#f@rg^Surlng>NPvH2Zfb#XVO5g1QKoBYYN(5oX=s{bRaCYo zm#(g^LW*~Qhm(6qQlv?cYpGejbCrv6K~`i`Mx=?4nQNv+VQP?TvA#)4rDuRAm$9}X zW5T!MmY^?A%l@-icARa9`nYuQhT`u(@*MQF6v`BKy$Z3Lp74LynXAoAORBmRCrYi# td4AtJ(Eae_m`|7P-+OdoTf4K|#%K0RZPWj})cxJ{lA-f%*LhKg+W_zGg75$U delta 345 zcmeyv^oMDJPQAaWd1-dBdsU^gk$+NErMY8dwuPBXo~v7+Uqp$Cak{BdXsiD7dNrah^qnTq#Sz1+bu6I>#Myk1Gvaw69duTvWB$uw8LUD11 zZfc5=si~o*g1dJ{S$Vobv2l1*KxVc@iIIUxx`|UxMSX!sYH&fGkBPo#y05lZN@{k5 zS7e2`t6Nw;m!CmEWl^f3OL?Y`TfT`$sH;V=n@g@=Ubd@AgjY#&rAJzxnQ^jjPM}vl zm#(g^LU=$ETY~-@Yp0Z5y*#Blf3IN}cd^-RD diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b04e231..c36fbb5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -65,6 +65,7 @@ in ]; "rab-lol-cf.age".publicKeys = [ keys.system.kazuki + keys.system.youko keys.other.bootstrap ]; "rabulinski-com-cf.age".publicKeys = [ @@ -88,4 +89,8 @@ in keys.system.ude keys.other.bootstrap ]; + "paperless-pass.age".publicKeys = [ + keys.system.youko + keys.other.bootstrap + ]; } diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age index 31a18e7..8d11012 100644 --- a/secrets/storage-box-creds.age +++ b/secrets/storage-box-creds.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw -lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I --> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc -2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8 ---- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk -!lxq*T,.Xk6^ ssh-ed25519 84j9mw MkIkHSzR3H+j9ul56t+CrVsoeGRgH2ocYRSBoH/z5SY +0LNQmCBPvS5NiS66HCQ1Yifr/GkIYxrDj2Kfg/ZOerM +-> ssh-ed25519 GKhvwg xp5j84RKQ56OFSak3IvHRG9TAv0XVYLmWJLImgAjmws +gx1Ke3U3ngFsDswVVOnwbQUJNOUSdFgh/LUKkDH30Ug +--- lWb3NlBy8n+NWGQ+M75RmWElXXLWWpl38aRYTVMm5GY +qA [VpH 0I *~h 6BZikʤV 9s; +Ƴ8Md٬լ= \ No newline at end of file diff --git a/secrets/storage-box-webdav.age b/secrets/storage-box-webdav.age index 6019090..782f202 100644 --- a/secrets/storage-box-webdav.age +++ b/secrets/storage-box-webdav.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk -56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E --> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4 -6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M ---- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8 -(}{Ԝ2˓i]UmiLmv>ke'6A̯Xi<:fU)~&Aˡj# -D?_E-H \ No newline at end of file +-> ssh-ed25519 84j9mw aSPnpUfj2PBYycEMzcENn30pzhrSEAatTOdoDhoPQVk +PzcdoYgIHJZqOHE36gynF7r1LgFjoX2hEfCf1Emb2gg +-> ssh-ed25519 GKhvwg HlibITP17XIxE8t8Kd9NtC6n696fQJu78lE3Yp4lFyg +hmPEscf5AzMWq7NJSX8WxuRZ3bV3nMDAZZnZ8/Xy+rg +--- gSATPThFb4g1a+5/hwps5NGAEsd3VUlYtzy0vTySXyM +gۏlw_0](t9%9aWͬ@dW@S o*&X-@c~#fox=; \ No newline at end of file diff --git a/secrets/ude-deluge.age b/secrets/ude-deluge.age index f398be0..075061e 100644 --- a/secrets/ude-deluge.age +++ b/secrets/ude-deluge.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE -k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs --> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI -QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM ---- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I -yZͪ MXd塸*5j"*ZU ф|ݕ]a8 "Zb][9SU . \ No newline at end of file +-> ssh-ed25519 IFuY+w YhrlFN7mVaYlDC0YyEYwHUw/Dn+AJS5LcdYH0CHNhHM +2Fh1Imyut/Fs3nAUQAYNHuR0DPRCnDDv0fuLI1hQc6k +-> ssh-ed25519 GKhvwg Iuw+N1SD8On8HqpoinMoXFJ+QRS7CRyjVHhI7LE83hs +yTdsv1DKQUSG1hFyxanahMiagPumuuVH1S1uLwoX3aU +--- fGCYe4oLn1ucgnXuuecwD4nHMkiqxy2kSTYp79y7sR4 +ѭ +QVCs`ʦWG#u͑+K~!:#'jQDYz'%@AO`剒> \ No newline at end of file diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age index 6e910ff..18041a5 100644 --- a/secrets/youko-niko-pass.age +++ b/secrets/youko-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU -RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA --> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY -gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU ---- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds -xSmL69ʎG3<4[Z t}<OdcY}>XQ^]Ki|BwDmqHX]FeRt%`Ҥ0IV \ No newline at end of file +-> ssh-ed25519 rA7dkQ HZF6g+17SHv2P0Agh9/rJk5yQkjqxmOKF+F5dlcHkUI +WimAhXL0UU2JXUlruPnIwi7vkjQ7YDWsyK5yB006gWo +-> ssh-ed25519 GKhvwg mYJ6EJxisRlPtWzBqAsQXF4sivQP86rr03qIQvJGumY +Y+dGZb/F1jddv04tFFPSSyTTJjsBTbQUocNg+FJuX/E +--- mMUDr1Q6r/fEIejP+0yBj8D09REx3bj51XpaJiOO4ns +iFP)emsURqYNc~EYs zBbR<*zL9f!gtOTAfANO-PgRC#e|XqrV;K)HT; zrB`Bsr%!f1m!D~NWT8b;s9TwdZ@OtvRG42tN`_lug`dB7MZT-MlWTdAXH}}Nab`q0 zm#(g^LaJY8P*I?FW~o75c$jxpUa)C?m8nT&rmv}^XS%OnvA<=QhlyvHWuSXGSHY3# z&(cMAg<4DxiZjvs_IaI<>dZqDOQdFeJg0d|*L_Chrr0LyAPEEBuumr*-;iT{DevCy RqulX$o0@lw+iQWcZvdb?aQgrN delta 319 zcmaFF^oVJKPJKzPzrJgcab%!(VxG2HUW&hGc|cOJe}!3Tc5Y!*NP2Esa$%UGe^f?b zD3^aliIclWRhe^gmP@&xuWxx(xPe7^x^rb&Nls{vd3t(TXqbU>X{dQ=GMBEMLUD11 zZfc5=si~o*g1dJ{S$VpGlV3rlk-tSmiEma!Vs>^~cD<#cQ>sBpVo*SiW3XjPRfcv! zrk7)Zt52RMS4m`WhDDy4WoBeWYG|=`o=KodqPKr)po?*oS$Rrox|6?=d7yh}k!i3a zm#(g^g12FEVT6HWWtEwCu192fS%9BwVMUgkez|r*ZfLq&mZ`HrQJICWMTTE77iWlC z7>{@UTnp_p%q!T%OJv#SrLdi5o*z4Z{|5$<-OujFl&3bfTz%7j*UD0Ow%%@+(}|3G ROJy&FEIO^e&du+_T>$^^aMJ() diff --git a/services/default.nix b/services/default.nix index b92ec0f..ea3614e 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,5 +3,6 @@ ./attic.nix ./forgejo-runner.nix ./forgejo.nix + ./paperless.nix ]; } diff --git a/services/paperless.nix b/services/paperless.nix new file mode 100644 index 0000000..31838f9 --- /dev/null +++ b/services/paperless.nix @@ -0,0 +1,61 @@ +{ + services.paperless = { + host = "youko"; + ports = [ 28981 ]; + config = + { config, ... }: + { + age.secrets.rab-lol-cf = { + file = ../secrets/rab-lol-cf.age; + owner = config.services.nginx.user; + }; + age.secrets.paperless-pass = { + file = ../secrets/paperless-pass.age; + owner = config.services.paperless.user; + }; + + services.paperless = { + enable = true; + dataDir = "/var/lib/paperless"; + mediaDir = "/media/paperless/media"; + consumptionDir = "/media/paperless/consume"; + passwordFile = config.age.secrets.paperless-pass.path; + settings = { + PAPERLESS_CONSUMER_IGNORE_PATTERN = [ + ".DS_STORE/*" + "desktop.ini" + ]; + PAPERLESS_OCR_LANGUAGE = "pol+eng+jpn"; + PAPERLESS_OCR_USER_ARGS = { + optimize = 1; + pdfa_image_compression = "lossless"; + }; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."paper.rab.lol" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/".proxyPass = "http://localhost:28981"; + extraConfig = '' + client_max_body_size 24G; + ''; + }; + }; + + security.acme.acceptTerms = true; + security.acme.certs."paper.rab.lol" = { + email = "nikodem@rabulinski.com"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rab-lol-cf.path; + }; + }; + }; +}