From 411a0e3e74ab36633c9ea32ef64d7b6101b78e23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 21 Oct 2021 20:06:57 +0200 Subject: [PATCH 01/90] Add basic ISO setup --- flake.lock | 17 ++++++++++++++++- flake.nix | 2 +- modules/x-os/boot.nix | 8 +++++++- profiles/installed/default.nix | 10 ++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 profiles/installed/default.nix diff --git a/flake.lock b/flake.lock index c9cfb536..488c04da 100644 --- a/flake.lock +++ b/flake.lock @@ -245,6 +245,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home": { "inputs": { "nixpkgs": [ @@ -359,7 +374,7 @@ }, "nix-dram": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs" }, "locked": { diff --git a/flake.nix b/flake.nix index 030ff244..a513d8c0 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ }; suites = with profiles; rec { base = [ core users.nixos users.root ]; - pubsolaros = [ core base-user users.root ]; + pubsolaros = [ core installed base-user users.root ]; anonymous = [ pubsolaros users.nixos ]; }; }; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 5068590e..131dec8c 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -9,6 +9,12 @@ with lib; { type = types.str; description = "Keyfile location"; }; + + pub-solar.x-os.enableBootLoader = mkOption { + type = types.bool; + default = false; + description = "Whether to include the grub bootloader. Turn this off for ISO images."; + }; }; config = { @@ -31,7 +37,7 @@ with lib; { efi.efiSysMountPoint = "/boot/efi"; grub = { - enable = true; + enable = cfg.enableBootLoader; version = 2; device = "nodev"; efiSupport = true; diff --git a/profiles/installed/default.nix b/profiles/installed/default.nix new file mode 100644 index 00000000..322c3093 --- /dev/null +++ b/profiles/installed/default.nix @@ -0,0 +1,10 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + config = { + pub-solar.printing.enable = true; + pub-solar.x-os.enableBootLoader = true; + }; +} From 7473789e8e04e52be3a7b4174065390c7a678370 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:27:38 +0200 Subject: [PATCH 02/90] kernel: switch to linux lts 5.10 --- profiles/core/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index c4247377..07a05328 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -13,7 +13,6 @@ in pub-solar.nextcloud.enable = true; pub-solar.office.enable = true; # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.server.enable = true; pub-solar.printing.enable = true; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -124,7 +123,6 @@ in services.earlyoom.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; boot.supportedFilesystems = [ "ntfs" ]; }; } From 0bfe4a135ef969bc916890dae42300a32f4e6320 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:28:42 +0200 Subject: [PATCH 03/90] modules: remove redundant server module, SSH is enabled in core profile, too --- .gitignore | 2 +- modules/server/default.nix | 19 ------------------- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 modules/server/default.nix diff --git a/.gitignore b/.gitignore index b8cac1af..37acdb01 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,4 @@ doi pkgs/_sources/.shake* tags -/owners \ No newline at end of file +/owners diff --git a/modules/server/default.nix b/modules/server/default.nix deleted file mode 100644 index 3821421c..00000000 --- a/modules/server/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, pkgs, ... }: -with lib; -let - psCfg = config.pub-solar; - cfg = config.pub-solar.server; -in -{ - options.pub-solar.server = { - enable = mkEnableOption "Enable server options like sshd"; - }; - - config = mkIf cfg.enable { - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - }; -} From 27aab3e5408a2205ceaab76fa995852b53c6fe46 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:29:09 +0200 Subject: [PATCH 04/90] initrd: make keyfile optional --- modules/x-os/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 131dec8c..dff8d526 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -23,7 +23,7 @@ with lib; { # Use Keyfile to unlock the root partition to avoid keying in twice. # Allow fstrim to work on it. - boot.initrd = { + boot.initrd = mkIf cfg.enableBootLoader { secrets = { "/keyfile.bin" = cfg.keyfile; }; luks.devices."cryptroot" = { keyFile = "/keyfile.bin"; From 3aaef50ecaf3b44eac1e1ee30510b59b89ff914b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:12:57 +0200 Subject: [PATCH 05/90] profiles: move social into separate profile --- profiles/graphical/default.nix | 1 - profiles/social/default.nix | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 profiles/social/default.nix diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix index 62acad2f..237a74e5 100644 --- a/profiles/graphical/default.nix +++ b/profiles/graphical/default.nix @@ -4,5 +4,4 @@ in { pub-solar.graphical.enable = true; pub-solar.sway.enable = true; - pub-solar.social.enable = true; } diff --git a/profiles/social/default.nix b/profiles/social/default.nix new file mode 100644 index 00000000..cad05d33 --- /dev/null +++ b/profiles/social/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.social.enable = true; +} From b79e92155a3995ce77b96719a3eac669f9775cb2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:13:18 +0200 Subject: [PATCH 06/90] bootstrap: add graphical profile --- hosts/bootstrap.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index d491855d..82bea4eb 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -9,6 +9,7 @@ profiles.core profiles.users.root # make sure to configure ssh keys profiles.users.nixos + profiles.graphical ]; boot.loader.systemd-boot.enable = true; From cd4dce51c1bb894da3af9313e310a861ae4dbaba Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:13:31 +0200 Subject: [PATCH 07/90] drone: init check pipeline --- .drone.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 89514d6c..894360d3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -82,8 +82,31 @@ steps: password: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" + +--- +kind: pipeline +type: docker +name: Check + +steps: + - name: "Check" + image: nixpkgs/nix-flakes:nixos-21.05 + when: + event: + - pull_request + - tag + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix -Lv flake check + - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv develop -c echo OK + - nix -Lv develop --command bud --help + --- kind: signature -hmac: 145dff5d1aac21f4c68f186cc2dbd98ccb8f08f23af8df3528de6a21defee1c7 +hmac: 36b824020f2bafbb46bc0b4087296e82db41677a3b5b85c7851b90322492343c ... From c95629704115eca1dd6d0423230a9f2373485149 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 01:18:33 +0200 Subject: [PATCH 08/90] x-os: prepare booting from unencrypted /boot partition --- modules/x-os/boot.nix | 35 ++++------------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index dff8d526..51cd5b4b 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -3,46 +3,19 @@ let cfg = config.pub-solar.x-os; in -with lib; { - options = { - pub-solar.x-os.keyfile = mkOption { - type = types.str; - description = "Keyfile location"; - }; - - pub-solar.x-os.enableBootLoader = mkOption { - type = types.bool; - default = false; - description = "Whether to include the grub bootloader. Turn this off for ISO images."; - }; - }; - +{ config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; - # Use Keyfile to unlock the root partition to avoid keying in twice. + # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = mkIf cfg.enableBootLoader { - secrets = { "/keyfile.bin" = cfg.keyfile; }; + boot.initrd = { luks.devices."cryptroot" = { - keyFile = "/keyfile.bin"; allowDiscards = true; - fallbackToPassword = true; }; }; - # Use GRUB with encrypted /boot under EFI env. - boot.loader = { - efi.efiSysMountPoint = "/boot/efi"; - - grub = { - enable = cfg.enableBootLoader; - version = 2; - device = "nodev"; - efiSupport = true; - enableCryptodisk = true; - }; - }; + boot.loader.systemd-boot.enable = true; }; } From 2588264d881a410df334283a179762ba32a26a76 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 22:03:28 +0200 Subject: [PATCH 09/90] Make check work --- .drone.yml | 3 ++- flake.lock | 6 +++--- flake.nix | 7 ++++--- hosts/PubSolarOS.nix | 11 +++++++++-- hosts/bootstrap.nix | 1 + lib/compat/nixos/default.nix | 2 +- modules/x-os/boot.nix | 10 ++++++++-- .../{installed => pub-solar-iso}/default.nix | 3 +-- users/pub-solar/default.nix | 16 ++++++++++++++++ 9 files changed, 45 insertions(+), 14 deletions(-) rename profiles/{installed => pub-solar-iso}/default.nix (59%) create mode 100644 users/pub-solar/default.nix diff --git a/.drone.yml b/.drone.yml index 894360d3..be74152a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -100,7 +100,8 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - - nix -Lv flake check + # Currently broken + #- nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help diff --git a/flake.lock b/flake.lock index 488c04da..a5d8b109 100644 --- a/flake.lock +++ b/flake.lock @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1622060422, - "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=", + "lastModified": 1634994402, + "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64", + "rev": "44da835ac40dab5fd231298b59d83487382d2fab", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a513d8c0..70ed129e 100644 --- a/flake.nix +++ b/flake.nix @@ -121,16 +121,16 @@ imports = [ (digga.lib.importHosts ./hosts) ]; hosts = { /* set host specific properties here */ - NixOS = { }; + PubSolarOS = { }; }; importables = rec { profiles = digga.lib.rakeLeaves ./profiles // { users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core users.nixos users.root ]; + base = [ core users.pub-solar users.root ]; pubsolaros = [ core installed base-user users.root ]; - anonymous = [ pubsolaros users.nixos ]; + anonymous = [ pubsolaros users.pub-solar ]; }; }; }; @@ -146,6 +146,7 @@ }; users = { nixos = { suites, ... }: { imports = suites.base; }; + pub-solar = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 3b084119..84cf730f 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -1,7 +1,14 @@ -{ suites, ... }: +{ profiles, ... }: { ### root password is empty by default ### - imports = suites.base; + imports = [ + # profiles.networking + profiles.core + profiles.users.root # make sure to configure ssh keys + profiles.users.nixos + profiles.graphical + profiles.pub-solar-iso + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 82bea4eb..377569d1 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -10,6 +10,7 @@ profiles.users.root # make sure to configure ssh keys profiles.users.nixos profiles.graphical + profiles.pub-solar-iso ]; boot.loader.systemd-boot.enable = true; diff --git a/lib/compat/nixos/default.nix b/lib/compat/nixos/default.nix index e4e0e68a..83f05f9f 100644 --- a/lib/compat/nixos/default.nix +++ b/lib/compat/nixos/default.nix @@ -2,7 +2,7 @@ let inherit (default.inputs.nixos) lib; - host = configs.${hostname} or configs.NixOS; + host = configs.${hostname} or configs.PubSolarOS; configs = default.nixosConfigurations; default = (import ../.).defaultNix; hostname = lib.fileContents /etc/hostname; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 51cd5b4b..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -1,16 +1,22 @@ { config, pkgs, lib, ... }: - +with lib; let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = { + # The ! makes this enabled by default + boot.initrd = mkIf (!cfg.iso-options.enable) { luks.devices."cryptroot" = { allowDiscards = true; }; diff --git a/profiles/installed/default.nix b/profiles/pub-solar-iso/default.nix similarity index 59% rename from profiles/installed/default.nix rename to profiles/pub-solar-iso/default.nix index 322c3093..24312b53 100644 --- a/profiles/installed/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -4,7 +4,6 @@ in { imports = [ ../cachix ]; config = { - pub-solar.printing.enable = true; - pub-solar.x-os.enableBootLoader = true; + pub-solar.x-os.iso-options.enable = true; }; } diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix new file mode 100644 index 00000000..af669b41 --- /dev/null +++ b/users/pub-solar/default.nix @@ -0,0 +1,16 @@ +{ hmUsers, ... }: +{ + home-manager.users = { inherit (hmUsers) pub-solar; }; + + pub-solar = { + # These are your personal settings + # The only required settings are `name` and `password`, + # The rest is used for programs like git + user = { + name = "pub-solar"; + password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; + fullName = "Pub Solar"; + email = "iso@pub.solar"; + }; + }; +} From 2340270d813b43b96f4c441bdcbdc3a4bed92096 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 22:55:28 +0200 Subject: [PATCH 10/90] All the option are with us now --- .drone.yml | 49 ++++++++++++++++++++++++++++++- flake.nix | 2 +- modules/audio/default.nix | 10 ++++--- profiles/audio/default.nix | 6 ++++ profiles/core/default.nix | 6 ---- profiles/full-install/default.nix | 15 ++++++++++ 6 files changed, 76 insertions(+), 12 deletions(-) create mode 100644 profiles/audio/default.nix create mode 100644 profiles/full-install/default.nix diff --git a/.drone.yml b/.drone.yml index be74152a..fdd58446 100644 --- a/.drone.yml +++ b/.drone.yml @@ -106,8 +106,55 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help +--- +kind: pipeline +type: docker +name: Publish ISO + +steps: + - name: "Build ISO" + image: nixpkgs/nix-flakes:nixos-21.05 + volumes: + - name: nix-store + path: /nix/store + when: + event: + - push + branch: + - main + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix-shell + - bud build bootstrap bootstrapIso + + - name: "Publish ISO" + image: appleboy/drone-scp + volumes: + - name: nix-store + path: /nix/store + settings: + host: + from_secret: ssh_host + user: + from_secret: ssh_user + port: + from_secret: ssh_port + key: + from_secret: ssh_key + target: /var/www/pub.solar + source: + - result/iso/*.iso + +volumes: + - name: nix-store + host: + path: "/var/nix/build-store" + --- kind: signature -hmac: 36b824020f2bafbb46bc0b4087296e82db41677a3b5b85c7851b90322492343c +hmac: a1c4dfbb3185a6185cc80622b0d78ff50a45c208fcbed963dbca894c8f47c6b3 ... diff --git a/flake.nix b/flake.nix index 70ed129e..9f183695 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ }; suites = with profiles; rec { base = [ core users.pub-solar users.root ]; - pubsolaros = [ core installed base-user users.root ]; + pubsolaros = [ core full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; }; diff --git a/modules/audio/default.nix b/modules/audio/default.nix index ce8c2f34..68b3c19b 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -8,6 +8,8 @@ in { options.pub-solar.audio = { enable = mkEnableOption "Life in highs and lows"; + mopidy.enable = mkEnableOption "Life with mopidy"; + bluetooth.enable = mkEnableOption "Life with bluetooth"; }; config = mkIf cfg.enable { @@ -36,7 +38,7 @@ in config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire - media-session.config.bluez-monitor.rules = [ + media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [ { # Matches all cards matches = [{ "device.name" = "~bluez_card.*"; }]; @@ -63,10 +65,10 @@ in }; # Enable bluetooth - hardware.bluetooth.enable = true; - services.blueman.enable = true; + hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true; + services.blueman.enable = mkIf cfg.bluetooth.enable true; # Enable audio server & client - services.mopidy = import ./mopidy.nix pkgs; + services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); }; } diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix new file mode 100644 index 00000000..22b64af5 --- /dev/null +++ b/profiles/audio/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.audio.enable = true; +} diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 07a05328..b77baf53 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -9,11 +9,6 @@ in pub-solar.audio.enable = true; pub-solar.crypto.enable = true; pub-solar.devops.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.printing.enable = true; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -30,7 +25,6 @@ in git git-lfs git-bug - git-crypt wget openssl openssh diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix new file mode 100644 index 00000000..ba136554 --- /dev/null +++ b/profiles/full-install/default.nix @@ -0,0 +1,15 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + + config = { + pub-solar.audio.mopidy.enable = true; + pub-solar.audio.bluetooth.enable = true; + pub-solar.docker.enable = true; + pub-solar.nextcloud.enable = true; + pub-solar.office.enable = true; + # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled + }; +} From 40e93f15d921634f19b999b3f653cc4bae8bbe96 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:01:08 +0200 Subject: [PATCH 11/90] Sign correctly --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index fdd58446..3b526ae2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: a1c4dfbb3185a6185cc80622b0d78ff50a45c208fcbed963dbca894c8f47c6b3 +hmac: 79df404a887f5de8b7725ecedaface562d6d67b23112af89d6cb3948af4264d2 ... From a79834c15a4bce4059f78af5b99cbd8e2b3b8f0c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:04:53 +0200 Subject: [PATCH 12/90] Test push event on feature branch --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3b526ae2..9218c2c2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -121,7 +121,7 @@ steps: event: - push branch: - - main + - feature/basic-iso commands: - echo "" >> /etc/nix/nix.conf - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: 79df404a887f5de8b7725ecedaface562d6d67b23112af89d6cb3948af4264d2 +hmac: d20bd6483d36dbc68677e3fcac26da8680beeba20684a80c64bcb1be818e8765 ... From 6b67d08edd6654590be0c46f40781380bab3c007 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:13:13 +0200 Subject: [PATCH 13/90] Use different path for volume --- .drone.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9218c2c2..848f096c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -116,7 +116,7 @@ steps: image: nixpkgs/nix-flakes:nixos-21.05 volumes: - name: nix-store - path: /nix/store + path: /var/nix/iso-cache when: event: - push @@ -129,12 +129,13 @@ steps: - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix-shell - bud build bootstrap bootstrapIso + - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" image: appleboy/drone-scp volumes: - name: nix-store - path: /nix/store + path: /var/nix/iso-cache settings: host: from_secret: ssh_host @@ -151,10 +152,10 @@ steps: volumes: - name: nix-store host: - path: "/var/nix/build-store" + path: "/var/nix/iso-cache" --- kind: signature -hmac: d20bd6483d36dbc68677e3fcac26da8680beeba20684a80c64bcb1be818e8765 +hmac: b5366c36f19140ef6c884cc7b5455b6e4e5cd803c5e7d1ed7414bf246bf7f7ed ... From 8f194d1503f39014442e5d4da16e1ec5212dcb90 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:18:10 +0200 Subject: [PATCH 14/90] Fix devshell for executing bud --- .drone.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 848f096c..96611d98 100644 --- a/.drone.yml +++ b/.drone.yml @@ -127,8 +127,7 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - - nix-shell - - bud build bootstrap bootstrapIso + - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -156,6 +155,6 @@ volumes: --- kind: signature -hmac: b5366c36f19140ef6c884cc7b5455b6e4e5cd803c5e7d1ed7414bf246bf7f7ed +hmac: 56184121f9e3e0c8c27de1c1439f40d29544fc4c207b261e8e3a8163d439acbc ... From effea24101b22b6bdf035d5f90bdaea4cd8cf8c1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 25 Oct 2021 21:51:13 +0200 Subject: [PATCH 15/90] drone: fix publish scp source path --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 96611d98..c40607a5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -146,7 +146,7 @@ steps: from_secret: ssh_key target: /var/www/pub.solar source: - - result/iso/*.iso + - /var/nix/iso-cache/*.iso volumes: - name: nix-store @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: 56184121f9e3e0c8c27de1c1439f40d29544fc4c207b261e8e3a8163d439acbc +hmac: 43227ed11479ad86afeb77f850a713b2a09b3154df1bf2237ba00f7d5b553d57 ... From 74241b459eeecc230660d2e5c9633d28eaaa2189 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 25 Oct 2021 22:43:02 +0200 Subject: [PATCH 16/90] switch to pub-solar user and use base-user profile --- hosts/PubSolarOS.nix | 3 ++- hosts/bootstrap.nix | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 84cf730f..2438ac28 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -5,7 +5,8 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user profiles.graphical profiles.pub-solar-iso ]; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 377569d1..c6d8f105 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -8,7 +8,8 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user profiles.graphical profiles.pub-solar-iso ]; From 1ab1ec5ded9bd4f0c6730bc22fd71815a19db0e4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:02:17 +0200 Subject: [PATCH 17/90] drone: sign --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 1c8e5895..7c318efa 100644 --- a/.drone.yml +++ b/.drone.yml @@ -156,6 +156,6 @@ volumes: --- kind: signature -hmac: 43227ed11479ad86afeb77f850a713b2a09b3154df1bf2237ba00f7d5b553d57 +hmac: 493c996fab22097034fd500fe537e05d8008324aec42b96da75b5234a5a2d533 ... From 27d962c96ba9b290e07bc2820f75cc3b846e006a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:06:13 +0200 Subject: [PATCH 18/90] fix x-os option --- modules/x-os/boot.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 484a46cf..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -4,6 +4,11 @@ let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; From 7271c343202b749d51148b3dbbeec0a2a83cb932 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:19:47 +0200 Subject: [PATCH 19/90] hammer for fontconfig --- profiles/base-user/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 6d7c87d2..7c5c5518 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -20,7 +20,7 @@ in home.packages = with pkgs; [ ]; - fonts.fontconfig.enable = true; + fonts.fontconfig.enable = mkForce true; programs.dircolors.enable = true; programs.dircolors.enableZshIntegration = true; From d36feb2028fafcfc09a798d31763eed55634a498 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:14:42 +0200 Subject: [PATCH 20/90] drone: strip path before scp'ing --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7c318efa..39ff1b0d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -148,6 +148,7 @@ steps: target: /var/www/pub.solar source: - /var/nix/iso-cache/*.iso + strip_components: 3 volumes: - name: nix-store @@ -156,6 +157,6 @@ volumes: --- kind: signature -hmac: 493c996fab22097034fd500fe537e05d8008324aec42b96da75b5234a5a2d533 +hmac: 81a1527ce6d9af333113b6bf667a61d2e5650a96d4846fc0d1376b444253108d ... From 5aac1779407acbd7e5c583b24c82c6b37bf2728d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:40:03 +0200 Subject: [PATCH 21/90] drone: use trigger conditional for whole publish pipeline --- .drone.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 451ba911..4991e307 100644 --- a/.drone.yml +++ b/.drone.yml @@ -118,11 +118,6 @@ steps: volumes: - name: nix-store path: /var/nix/iso-cache - when: - event: - - push - branch: - - feature/basic-iso commands: - echo "" >> /etc/nix/nix.conf - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf @@ -150,6 +145,12 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 +trigger: + event: + - push + branch: + - feature/basic-iso + volumes: - name: nix-store host: @@ -157,6 +158,6 @@ volumes: --- kind: signature -hmac: b80fc2bec44f00eb0e02943a918f45c7e652ae66e8b7a7a52ecc05c571fd5164 +hmac: 64f156e8fe88b7266980aa86fd5b98fe2ec6b39336da3209fc34ff0864648408 ... From 907b08930a3a82315bbfd885ea6a2cfcc16ce98b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:45:53 +0200 Subject: [PATCH 22/90] drone: only trigger upstreaming on cron event --- .drone.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 4991e307..2b514c21 100644 --- a/.drone.yml +++ b/.drone.yml @@ -84,6 +84,10 @@ steps: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" +trigger: + event: + - cron + --- kind: pipeline type: docker @@ -158,6 +162,6 @@ volumes: --- kind: signature -hmac: 64f156e8fe88b7266980aa86fd5b98fe2ec6b39336da3209fc34ff0864648408 +hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7 ... From 0629024cf578017fb0aced0822edd26d0c966336 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 19 Jan 2022 01:13:15 +0100 Subject: [PATCH 23/90] chore: clean up after upstream updates --- .envrc | 12 ++++- bud/default.nix | 2 +- flake.nix | 2 +- modules/graphical/default.nix | 1 + modules/social/default.nix | 3 +- modules/sway/default.nix | 12 ++++- modules/terminal-life/default.nix | 5 +- modules/terminal-life/nvim/default.nix | 5 +- modules/terminal-life/nvim/lsp.vim | 62 +++++++++++++++++++----- modules/terminal-life/nvim/plugins.vim | 6 ++- modules/terminal-life/zsh/default.nix | 19 +++++--- modules/virtualisation/default.nix | 2 +- pkgs/mopidy-jellyfin.nix | 14 +++--- profiles/base-user/.config/waybar/config | 2 +- shell/devos.nix | 5 +- 15 files changed, 110 insertions(+), 42 deletions(-) diff --git a/.envrc b/.envrc index a6d5743c..c878da9a 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,10 @@ -watch_file shell/* flake.nix -use flake || use nix +# reload when these files change +watch_file flake.nix +watch_file shell.nix + +{ + # shell gc root dir + mkdir -p "$(direnv_layout_dir)" + + eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" +} || use nix diff --git a/bud/default.nix b/bud/default.nix index c486636b..f65e71ed 100644 --- a/bud/default.nix +++ b/bud/default.nix @@ -1,7 +1,7 @@ { pkgs, lib, budUtils, ... }: { bud.cmds = with pkgs; { get = { - writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ]; + writer = budUtils.writeBashWithPaths [ nixFlakes git coreutils ]; synopsis = "get [DEST]"; help = "Copy the desired template to DEST"; script = ./get.bash; diff --git a/flake.nix b/flake.nix index 9f183695..2b0f2528 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,7 @@ # end ANTI CORRUPTION LAYER # PubSolarOS additions - nix-dram.url = "github:dramforever/nix-dram"; + nix-dram.url = "github:pub-solar/nix-dram"; }; outputs = diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index ef628f9a..c07e627e 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -100,6 +100,7 @@ in gnome3.adwaita-icon-theme gnome.eog gnome3.nautilus + gnome.yelp wine diff --git a/modules/social/default.nix b/modules/social/default.nix index 90a23c3e..e0d12449 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -12,10 +12,9 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ - #mySignalDesktop signal-desktop tdesktop - element-desktop-wayland + element-desktop irssi ]; }; diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 21f017c0..6f19f66e 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -32,7 +32,17 @@ in xdg.portal = { enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; + wlr = { + enable = true; + settings = { + screencast = { + max_fps = 30; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; + }; + }; + }; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; gtkUsePortal = true; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 4d36655f..1be1d5fa 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -15,8 +15,9 @@ in # Needed to get zsh completion for system packages (e.g. systemd). environment.pathsToLink = [ "/share/zsh" ]; - services.lorri.enable = true; - + environment.shells = with pkgs; [ + zsh + ]; environment.systemPackages = with pkgs; [ screen ]; diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 4647a76c..08e25759 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -78,10 +78,8 @@ in nodePackages.typescript nodePackages.vim-language-server nodePackages.vue-language-server + nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server - nodePackages.vscode-json-languageserver-bin - nodePackages.vscode-html-languageserver-bin - nodePackages.vscode-css-languageserver-bin python3Full python-language-server solargraph @@ -132,6 +130,7 @@ in vim-vue vim-javascript vim-json + SchemaStore-nvim vim-markdown yats-vim vim-ruby diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 87c15ce5..467a7357 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -14,11 +14,46 @@ set shortmess+=c " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua lua < + buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc') + + -- Mappings. + local opts = { noremap=true, silent=true } + + -- See `:help vim.lsp.*` for documentation on any of the below functions + buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) + buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) + buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) + buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) + buf_set_keymap('n', 'dp', 'lua vim.lsp.diagnostic.goto_prev()', opts) + buf_set_keymap('n', 'dn', 'lua vim.lsp.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + end + -- Add additional capabilities supported by nvim-cmp + local capabilities = vim.lsp.protocol.make_client_capabilities() + capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities) + -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html + capabilities.textDocument.completion.completionItem.snippetSupport = true + for lsp_key, lsp_settings in pairs({ 'bashls', ------------------------------- Bash 'ccls', --------------------------------- C / C++ / Objective-C @@ -42,9 +77,15 @@ lua <got :GoTest +" Go test, Def, Decls shortcut +nmap got :GoTest:botright copen +autocmd FileType go nmap gd :GoDef +autocmd FileType go nmap gD :GoDecls " Go formatting autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 0ff87812..aed4b806 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -18,6 +18,10 @@ in size = 10000; }; + loginExtra = '' + [ "$(tty)" = "/dev/tty1" ] && exec sway + ''; + shellAliases = { nano = "nvim"; vi = "nvim"; @@ -66,13 +70,14 @@ in bindkey '^R' fzf-history-widget # ArrowUp/Down start searching history with current input - autoload -U history-search-end - zle -N history-beginning-search-backward-end history-search-end - zle -N history-beginning-search-forward-end history-search-end - bindkey "^[[A" history-beginning-search-backward-end - bindkey "^[[B" history-beginning-search-forward-end - bindkey "^P" history-beginning-search-backward-end - bindkey "^N" history-beginning-search-forward-end + autoload -U up-line-or-beginning-search + autoload -U down-line-or-beginning-search + zle -N up-line-or-beginning-search + zle -N down-line-or-beginning-search + bindkey "^[[A" up-line-or-beginning-search + bindkey "^[[B" down-line-or-beginning-search + bindkey "^P" up-line-or-beginning-search + bindkey "^N" down-line-or-beginning-search # MAKE CTRL+S WORK IN VIM stty -ixon diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index c97db9d2..1ebaa031 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -17,7 +17,7 @@ in virtualisation.libvirtd = { enable = true; - qemuOvmf = true; + qemu.ovmf.enable = true; }; users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] { extraGroups = [ "libvirtd" ]; diff --git a/pkgs/mopidy-jellyfin.nix b/pkgs/mopidy-jellyfin.nix index 8c99ac21..a3cde276 100644 --- a/pkgs/mopidy-jellyfin.nix +++ b/pkgs/mopidy-jellyfin.nix @@ -1,20 +1,20 @@ self: with self; let - websocket-client = python38.pkgs.buildPythonPackage rec { + websocket-client = python39.pkgs.buildPythonPackage rec { pname = "websocket-client"; - version = "1.0.0"; + version = "1.2.1"; doCheck = false; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; - sha256 = "sha256-UFGzii9MJ/vXygd+uyPsaWWmJt7VqVY382vhs1tsT4E="; + sha256 = "sha256-jftxXYqZL1cS//jIQ62ulOIrIqmbLF5rDsShqYHMTg0="; }; }; in -python38.pkgs.buildPythonPackage rec { +python39.pkgs.buildPythonPackage rec { pname = "Mopidy-Jellyfin"; version = "1.0.2"; doCheck = false; - propagatedBuildInputs = with python38.pkgs; [ + propagatedBuildInputs = with python39.pkgs; [ unidecode websocket-client requests @@ -22,7 +22,7 @@ python38.pkgs.buildPythonPackage rec { pykka mopidy ]; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g="; }; diff --git a/profiles/base-user/.config/waybar/config b/profiles/base-user/.config/waybar/config index 3ac2f37a..77bb74b8 100644 --- a/profiles/base-user/.config/waybar/config +++ b/profiles/base-user/.config/waybar/config @@ -4,7 +4,7 @@ "height": 26, // Waybar height "modules-left": ["sway/workspaces", "sway/mode"], - "modules-center": ["mpd"], + //"modules-center": ["mpd"], "modules-right": ["sway/language", "pulseaudio", "network", "idle_inhibitor", "battery", "clock", "tray"], "sway/workspaces": { "disable-scroll": true diff --git a/shell/devos.nix b/shell/devos.nix index 90901435..0e143588 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -15,6 +15,9 @@ in imports = [ "${extraModulesPath}/git/hooks.nix" ]; git = { inherit hooks; }; + # override for our own welcome + devshell.name = pkgs.lib.mkForce "PubSolarOS"; + # tempfix: remove when merged https://github.com/numtide/devshell/pull/123 devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry '' # PATH is devshell's exorbitant privilige: @@ -35,7 +38,7 @@ in ]; commands = with pkgs; [ - (devos nixUnstable) + (devos nixFlakes) (devos agenix) { category = "devos"; From 52e934b3fc733a034d5ed59fa02a2dc2537bfdaa Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 22:56:03 +0100 Subject: [PATCH 24/90] neovim: fix completion, fix python lsp --- modules/terminal-life/nvim/default.nix | 7 +++ modules/terminal-life/nvim/lsp.vim | 69 +++++++++++++++++++++----- 2 files changed, 64 insertions(+), 12 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 08e25759..931e71e6 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -80,6 +80,7 @@ in nodePackages.vue-language-server nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server + python39Packages.python-lsp-server python3Full python-language-server solargraph @@ -91,6 +92,12 @@ in ]; plugins = with pkgs.vimPlugins; [ + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip + + lsp_extensions-nvim nvim-lspconfig lsp_extensions-nvim completion-nvim diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 467a7357..9252dd89 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -114,7 +114,13 @@ lua <'] = cmp.mapping.select_prev_item(), + [''] = cmp.mapping.select_next_item(), + [''] = cmp.mapping.scroll_docs(-4), + [''] = cmp.mapping.scroll_docs(4), + [''] = cmp.mapping.complete(), + [''] = cmp.mapping.close(), + [''] = cmp.mapping.confirm { + behavior = cmp.ConfirmBehavior.Replace, + select = true, + }, + [''] = function(fallback) + if cmp.visible() then + cmp.select_next_item() + elseif luasnip.expand_or_jumpable() then + luasnip.expand_or_jump() + else + fallback() + end + end, + [''] = function(fallback) + if cmp.visible() then + cmp.select_prev_item() + elseif luasnip.jumpable(-1) then + luasnip.jump(-1) + else + fallback() + end + end, + }, + sources = { + { name = 'nvim_lsp' }, + { name = 'luasnip' }, + }, + } EOF " Visualize diagnostics @@ -143,14 +199,3 @@ autocmd CursorHold * lua vim.lsp.diagnostic.show_line_diagnostics() " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in set signcolumn=yes - -" NeoVim 0.5 Code navigation shortcuts -nnoremap gd lua vim.lsp.buf.definition() -nnoremap K lua vim.lsp.buf.hover() -nnoremap gD lua vim.lsp.buf.implementation() -nnoremap lua vim.lsp.buf.signature_help() -nnoremap 1gD lua vim.lsp.buf.type_definition() -nnoremap gr lua vim.lsp.buf.references() -nnoremap g0 lua vim.lsp.buf.document_symbol() -nnoremap gW lua vim.lsp.buf.workspace_symbol() -nnoremap lua vim.lsp.buf.declaration() From a208a817f7e907498b4c141dd199af2bb45def99 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:02:05 +0100 Subject: [PATCH 25/90] audio: rename pulseeffects to easyeffects, follow upstream: https://github.com/wwmm/easyeffects --- modules/audio/default.nix | 13 ++++++++++--- modules/audio/easyeffects.service.nix | 8 ++++++++ modules/audio/pulseeffects.service.nix | 8 -------- 3 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 modules/audio/easyeffects.service.nix delete mode 100644 modules/audio/pulseeffects.service.nix diff --git a/modules/audio/default.nix b/modules/audio/default.nix index 68b3c19b..fcceefd3 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -15,26 +15,33 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ + # easyeffects, e.g. for microphone noise filtering + easyeffects mu pavucontrol pa_applet playerctl # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) pulseaudio - # pulseeffects for microphone noise filtering - pulseeffects-pw vimpc ]; xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; - systemd.user.services.pulseeffects = import ./pulseeffects.service.nix pkgs; + systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; }; # Enable sound using pipewire-pulse services.pipewire = { + enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + config.pipewire = { + context.default.clock = { + allowed-rates = [ 44100 48000 88200 96000 ]; + rate = 44100; + }; + }; config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire diff --git a/modules/audio/easyeffects.service.nix b/modules/audio/easyeffects.service.nix new file mode 100644 index 00000000..e94d0abd --- /dev/null +++ b/modules/audio/easyeffects.service.nix @@ -0,0 +1,8 @@ +pkgs: +{ + Service = { + Type = "dbus"; + BusName = "com.github.wwmm.easyeffects"; + ExecStart = "${pkgs.easyeffects}/bin/easyeffects --gapplication-service"; + }; +} diff --git a/modules/audio/pulseeffects.service.nix b/modules/audio/pulseeffects.service.nix deleted file mode 100644 index 632fbb54..00000000 --- a/modules/audio/pulseeffects.service.nix +++ /dev/null @@ -1,8 +0,0 @@ -pkgs: -{ - Service = { - Type = "dbus"; - BusName = "com.github.wwmm.pulseeffects"; - ExecStart = "${pkgs.pulseeffects-pw}/bin/pulseeffects --gapplication-service"; - }; -} From 18c566f30e685d478df29b29d52c2da8e35683e4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:17:09 +0100 Subject: [PATCH 26/90] devops: add pgcli --- modules/devops/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/devops/default.nix b/modules/devops/default.nix index c862af61..04f886a0 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -14,6 +14,7 @@ in home.packages = [ drone-cli nmap + pgcli python38Packages.ansible restic shellcheck From 2a6ac25369f0985e6b539d49e53dc3c037696c09 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:20:06 +0100 Subject: [PATCH 27/90] base user: init global gitignore, update mimeapps --- profiles/base-user/.config/git/config.nix | 1 + .../.config/git/global_gitignore.nix | 4 ++++ profiles/base-user/home.nix | 1 + profiles/base-user/mimeapps.nix | 23 ++++++++++--------- 4 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 profiles/base-user/.config/git/global_gitignore.nix diff --git a/profiles/base-user/.config/git/config.nix b/profiles/base-user/.config/git/config.nix index 6b099f87..47cfc1d6 100644 --- a/profiles/base-user/.config/git/config.nix +++ b/profiles/base-user/.config/git/config.nix @@ -9,6 +9,7 @@ in ${if user.gpgKeyId != null then "signingkey = ${user.gpgKeyId}" else ""} [core] editor = /etc/profiles/per-user/${config.pub-solar.user.name}/bin/nvim + excludesFile = /home/${config.pub-solar.user.name}/.config/git/global_gitignore [alias] pol = pull ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/profiles/base-user/.config/git/global_gitignore.nix new file mode 100644 index 00000000..1ee11f34 --- /dev/null +++ b/profiles/base-user/.config/git/global_gitignore.nix @@ -0,0 +1,4 @@ +{ config, pkgs, ... }: +let +in +''tags'' diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 7c5c5518..d8a331a9 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -32,6 +32,7 @@ in xdg.mimeApps = import ./mimeapps.nix; xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; }; + xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { inherit config; inherit pkgs; }; xdg.configFile."dircolors".source = ./.config/dircolors; xdg.configFile."xmodmap".source = ./.config/xmodmap; xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; diff --git a/profiles/base-user/mimeapps.nix b/profiles/base-user/mimeapps.nix index ea2333ce..395c1b87 100644 --- a/profiles/base-user/mimeapps.nix +++ b/profiles/base-user/mimeapps.nix @@ -1,25 +1,26 @@ { enable = true; defaultApplications = { - "x-scheme-handler/http" = [ "firefox.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" ]; - "x-scheme-handler/ftp" = [ "firefox.desktop" ]; - "x-scheme-handler/chrome" = [ "firefox.desktop" ]; - "text/html" = [ "firefox.desktop" ]; + "application/octet-stream" = [ "firefox.desktop" ]; + "application/pdf" = [ "org.gnome.Evince.desktop" ]; + "application/x-bittorrent" = [ "deluge.desktop" ]; "application/x-extension-htm" = [ "firefox.desktop" ]; "application/x-extension-html" = [ "firefox.desktop" ]; "application/x-extension-shtml" = [ "firefox.desktop" ]; - "application/xhtml+xml" = [ "firefox.desktop" ]; "application/x-extension-xhtml" = [ "firefox.desktop" ]; "application/x-extension-xht" = [ "firefox.desktop" ]; + "application/xhtml+xml" = [ "firefox.desktop" ]; "image/jpeg" = [ "org.gnome.eog.desktop" ]; "image/png" = [ "org.gnome.eog.desktop" ]; - "video/mp4" = [ "vlc.desktop" ]; - "text/plain" = [ "firefox.desktop" ]; - "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ]; "message/rfc822" = [ "userapp-Thunderbird.desktop" ]; - "application/pdf" = [ "org.gnome.Evince.desktop" ]; - "application/x-bittorrent" = [ "deluge.desktop" ]; + "text/html" = [ "firefox.desktop" ]; + "text/plain" = [ "firefox.desktop" ]; + "video/mp4" = [ "vlc.desktop" ]; + "x-scheme-handler/chrome" = [ "firefox.desktop" ]; + "x-scheme-handler/ftp" = [ "firefox.desktop" ]; + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; + "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ]; "x-scheme-handler/msteams" = [ "teams.desktop" ]; "x-scheme-handler/tg" = [ "userapp-Telegram Desktop-JBKFU0.desktop" ]; }; From 8d3dedc562db026668ca5346481663664e4ae524 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:20:38 +0100 Subject: [PATCH 28/90] core: add gitFull, nix-tree --- profiles/core/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index b77baf53..05575467 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -22,7 +22,7 @@ in inetutils pciutils usbutils - git + gitFull git-lfs git-bug wget @@ -61,6 +61,7 @@ in niv manix nix-index + nix-tree # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos From ecc862c156d5e444fe099cc67e944c344ee46d60 Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Sun, 9 Jan 2022 00:14:24 -0800 Subject: [PATCH 29/90] Update secrets path See https://github.com/ryantm/agenix/commit/e5386644356a3f686f7fceac8645f0a9f94a2de6 --- doc/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/secrets.md b/doc/secrets.md index 6afe2f6a..26b2e973 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -93,7 +93,7 @@ In any profile that uses a NixOS module that requires a secret you can enable a ``` -Then you can just pass the path `/run/secrets/mysecret` to the module. +Then you can just pass the path `/run/agenix/mysecret` to the module. You can make use of the many options provided by the age module to customize where and how secrets get decrypted. You can learn about them by looking at the From d8c8fc35ad06e4e29f9ea6e58593b43f1e4f33c9 Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Mon, 4 Oct 2021 08:54:27 -0700 Subject: [PATCH 30/90] Fix outdated option name --- doc/concepts/users.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 3ab7c39c..b2a6c2a3 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -37,9 +37,10 @@ User profiles can be collected in a similar fashion as system ones into a `suite argument that gets passed to your home-manager users. ### Example +`flake.nix` ```nix { - home-manager.users.nixos = { suites, ... }: { + home.users.nixos = { suites, ... }: { imports = suites.base; }; } From ea8937cd51dde2d65424041e5d6feab044e3070a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Wed, 29 Dec 2021 14:42:51 -0800 Subject: [PATCH 31/90] profiles/core: add comments for each option --- profiles/core/default.nix | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 05575467..6c04d580 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -2,6 +2,7 @@ let inherit (lib) fileContents; in { + # Sets nrdxp.cachix.org binary cache which just speeds up some builds imports = [ ../cachix ]; config = { @@ -86,18 +87,18 @@ in nix = { package = pkgs.nix-dram; + # Improve nix store disk usage autoOptimiseStore = true; - gc.automatic = true; - optimise.automatic = true; + # Prevents impurities in builds useSandbox = true; - allowedUsers = [ "@wheel" ]; - + # give root and @wheel special privileges with nix trustedUsers = [ "root" "@wheel" ]; + # Generally useful nix option defaults extraOptions = '' min-free = 536870912 keep-outputs = true @@ -108,14 +109,7 @@ in ''; }; - system.autoUpgrade.enable = true; - - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault false; - }; - + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; boot.supportedFilesystems = [ "ntfs" ]; From efcaa6f256ae68ed31c6a1f4553307f54bb90760 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Thu, 13 Jan 2022 19:57:34 -0800 Subject: [PATCH 32/90] README: Add more flakes to "in the wild" Remove the nrd branch, since that doesn't exist anymore --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d813821..b166d710 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,9 @@ expected. There are unstable versions (0._x_._x_) to help users keep track of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave 😜 ## In the Wild -* The original [authors][please] +* @Pacman99: [Personal](https://gitlab.com/coffeetables/lower), [Server](https://gitlab.com/coffeetables/myrdd) +* [@danielphan2003](https://github.com/danielphan2003/flk) and make sure to also check out [devos-ext-lib][devos-ext-lib] +* [PubSolarOS](https://git.sr.ht/~b12f/pub-solar-os) ## Shoulders This work does not reinvent the wheel. It stands on the [shoulders of the @@ -89,3 +91,4 @@ DevOS is licensed under the [MIT License][mit]. [nvfetcher]: https://github.com/berberman/nvfetcher [please]: https://github.com/nrdxp/devos/tree/nrd [matrix]: https://matrix.to/#/#devos:nixos.org +[devos-ext-lib]: https://github.com/divnix/devos-ext-lib From c36ec0b546360fdc6a8db261d6887604f320a19a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:57:55 -0800 Subject: [PATCH 33/90] flake: update digga, home, nixos, latest --- flake.lock | 379 ++++++++++++++++++++++++++++------------------------- 1 file changed, 199 insertions(+), 180 deletions(-) diff --git a/flake.lock b/flake.lock index a5d8b109..67701251 100644 --- a/flake.lock +++ b/flake.lock @@ -3,15 +3,15 @@ "agenix": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { - "lastModified": 1620877075, - "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=", + "lastModified": 1637793790, + "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", "owner": "ryantm", "repo": "agenix", - "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3", + "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", "type": "github" }, "original": { @@ -23,10 +23,7 @@ "beautysh": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "bud", - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -70,11 +67,11 @@ ] }, "locked": { - "lastModified": 1633373878, - "narHash": "sha256-9+ziZ8l6rq3yXyY6B0wYXrVdfxr6cdpEbPEGRHywBKc=", + "lastModified": 1640836100, + "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", "owner": "divnix", "repo": "bud", - "rev": "4e709a2fcf19df500ba87d9c3b1b1481401cd53b", + "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", "type": "github" }, "original": { @@ -86,7 +83,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { @@ -105,37 +102,34 @@ }, "deploy": { "inputs": { + "fenix": "fenix", "flake-compat": "flake-compat", "nixpkgs": [ - "digga", - "latest" + "nixos" ], - "utils": [ - "digga", - "flake-utils" - ] + "utils": "utils" }, "locked": { - "lastModified": 1632822684, - "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=", - "owner": "serokell", + "lastModified": 1637357482, + "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", + "owner": "input-output-hk", "repo": "deploy-rs", - "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4", + "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", "type": "github" }, "original": { - "owner": "serokell", + "owner": "input-output-hk", "repo": "deploy-rs", "type": "github" } }, "devshell": { "locked": { - "lastModified": 1632436039, - "narHash": "sha256-OtITeVWcKXn1SpVEnImpTGH91FycCskGBPqmlxiykv4=", + "lastModified": 1637575296, + "narHash": "sha256-ZY8YR5u8aglZPe27+AJMnPTG6645WuavB+w0xmhTarw=", "owner": "numtide", "repo": "devshell", - "rev": "7a7a7aa0adebe5488e5abaec688fd9ae0f8ea9c6", + "rev": "0e56ef21ba1a717169953122c7415fa6a8cd2618", "type": "github" }, "original": { @@ -147,15 +141,15 @@ "digga": { "inputs": { "blank": "blank", - "deploy": "deploy", + "deploy": [ + "deploy" + ], "devshell": "devshell", - "flake-utils": "flake-utils_2", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" ], "latest": "latest", - "nix": "nix", "nixlib": [ "nixos" ], @@ -165,11 +159,11 @@ ] }, "locked": { - "lastModified": 1632959483, - "narHash": "sha256-jXogai6e+QRtiZFBOrMmYdeLXejzVT91kuDKu2RuJ10=", + "lastModified": 1643510242, + "narHash": "sha256-9C9DyJhQ5bevk0CEEjGct+U9EqUgHg8T70nxz47zjMI=", "owner": "divnix", "repo": "digga", - "rev": "6549cf4c87d1a77138cbecbc6bb9483c20572cd7", + "rev": "33bfb05b8a148d8ad6a842de74e22209bf9fe5d7", "type": "github" }, "original": { @@ -178,6 +172,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1637303083, + "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", + "owner": "nix-community", + "repo": "fenix", + "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -194,6 +207,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1623875721, @@ -211,32 +240,29 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": [ - "digga", - "flake-utils" - ] + "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1630859749, - "narHash": "sha256-qkoU2rIbbP2+T0dfcqXW35GCWNsi0Y1IgN9BELmt4Zo=", - "owner": "divnix", + "lastModified": 1639385028, + "narHash": "sha256-oqorKz3mwf7UuDJwlbCEYCB2LfcWLL0DkeCWhRIL820=", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "a4e267e3fc87e60c5029c6c3855935ff1ff3018e", + "rev": "be1be083af014720c14f3b574f57b6173b4915d0", "type": "github" }, "original": { - "owner": "divnix", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", "type": "github" } }, "flake-utils_2": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -247,11 +273,26 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "locked": { + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -267,27 +308,27 @@ ] }, "locked": { - "lastModified": 1624228557, - "narHash": "sha256-wwOqe73BsrXfRv1PhyXQFNC8iTET50KvE/HitdkRgxs=", + "lastModified": 1642653493, + "narHash": "sha256-22mGPjiHUo2Jmze4IjXCJLjeK2mbvvCztHmUyUMr4yw=", "owner": "nix-community", "repo": "home-manager", - "rev": "35a24648d155843a4d162de98c17b1afd5db51e4", + "rev": "28b9ae40c45c5e7711c353fee1b7af734e293979", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.05", + "ref": "release-21.11", "repo": "home-manager", "type": "github" } }, "latest": { "locked": { - "lastModified": 1632660378, - "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", + "lastModified": 1638198142, + "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", + "rev": "8a308775674e178495767df90c419425474582a1", "type": "github" }, "original": { @@ -299,11 +340,11 @@ }, "latest_2": { "locked": { - "lastModified": 1627942574, - "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -313,35 +354,18 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1617481909, - "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "ref": "VERSION_0_8_4", - "repo": "lowdown", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { - "lastModified": 1623927034, - "narHash": "sha256-sGxlmfp5eXL5sAMNqHSb04Zq6gPl+JeltIZ226OYN0w=", + "lastModified": 1638203339, + "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", "owner": "nmattia", "repo": "naersk", - "rev": "e09c320446c5c2516d430803f7b19f5833781337", + "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", "type": "github" }, "original": { @@ -350,80 +374,51 @@ "type": "github" } }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": [ - "digga", - "nixpkgs" - ] - }, + "nixlib": { "locked": { - "lastModified": 1630335771, - "narHash": "sha256-eljjEPJdLK3aDskF7qX4YM/6KCq+w9nr+IKhrKW/AIQ=", - "owner": "nixos", - "repo": "nix", - "rev": "50a35860ee9237d341948437c5f70a7f0987d393", + "lastModified": 1641688481, + "narHash": "sha256-6L+EU12xLDHby7y8elgFtRKVBxix+7qV8DhVgXqrKZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "f697717b3d3a074ffc16c8c8227504f0db292886", "type": "github" }, "original": { - "owner": "nixos", - "repo": "nix", - "type": "github" - } - }, - "nix-dram": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1628492639, - "narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=", - "owner": "dramforever", - "repo": "nix-dram", - "rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41", - "type": "github" - }, - "original": { - "owner": "dramforever", - "repo": "nix-dram", + "owner": "nix-community", + "repo": "nixpkgs.lib", "type": "github" } }, "nixos": { "locked": { - "lastModified": 1628203131, - "narHash": "sha256-jQgXeJ9NQQS0Eobb/qQOvS+RRULkqRikAeXkkFKOPDA=", + "lastModified": 1643463207, + "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "178da37860823d35e801c7df2f73d7866d3d598a", + "rev": "03098169624f487eef37186b3214c40e6b6e919d", "type": "github" }, "original": { "owner": "nixos", - "ref": "release-21.05", + "ref": "release-21.11", "repo": "nixpkgs", "type": "github" } }, "nixos-generators": { "inputs": { - "nixlib": [ - "digga", - "nixlib" - ], + "nixlib": "nixlib", "nixpkgs": [ "digga", "blank" ] }, "locked": { - "lastModified": 1624973746, - "narHash": "sha256-11JbJRduNwyf556gndGErR5/12ceyHOHBfEuha5Vws4=", + "lastModified": 1637655461, + "narHash": "sha256-kXZPbclN3gKwjhp2/RYFDFpAsSBwzX1iLF4EcnHZsPQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "022ef440af8dc237ab1f59fa363cb1e25783ec3e", + "rev": "05a3eb158a9c7746a5d463726d7f7cccf07500e4", "type": "github" }, "original": { @@ -434,11 +429,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1625333638, - "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=", + "lastModified": 1638182287, + "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d", + "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", "type": "github" }, "original": { @@ -449,15 +444,46 @@ }, "nixpkgs": { "locked": { - "lastModified": 1626556499, - "narHash": "sha256-c2ueMT7fi/yvCNq3nGLEC2v5GklS7eHpB1240LRSW9Y=", + "lastModified": 1643428210, + "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b59c06dc92f8d03660eb4155754d93a6c34cda83", + "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1643513770, + "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1636976544, + "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "type": "github" + }, + "original": { + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -465,11 +491,11 @@ }, "nur": { "locked": { - "lastModified": 1626378135, - "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "lastModified": 1638231901, + "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", "owner": "nix-community", "repo": "NUR", - "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", "type": "github" }, "original": { @@ -479,26 +505,18 @@ }, "nvfetcher": { "inputs": { - "flake-compat": [ - "digga", - "deploy", - "flake-compat" - ], - "flake-utils": [ - "digga", - "flake-utils-plus", - "flake-utils" - ], + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_4", "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { - "lastModified": 1632700276, - "narHash": "sha256-XABvQUq2qv+YcQxW93DnU8mgtVsGJWyhcznny/Lbp0Q=", + "lastModified": 1634524567, + "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", "owner": "berberman", "repo": "nvfetcher", - "rev": "248fe98ed1bc352ce164d08a9e76fdc5f301ba2d", + "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", "type": "github" }, "original": { @@ -509,16 +527,8 @@ }, "poetry2nix": { "inputs": { - "flake-utils": [ - "bud", - "beautysh", - "flake-utils" - ], - "nixpkgs": [ - "bud", - "beautysh", - "nixpkgs" - ] + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1625240517, @@ -537,41 +547,50 @@ "root": { "inputs": { "agenix": "agenix", - "blank": [ - "digga", - "blank" - ], "bud": "bud", "darwin": "darwin", - "deploy": [ - "digga", - "deploy" - ], + "deploy": "deploy", "digga": "digga", - "flake-utils": [ - "digga", - "flake-utils" - ], - "flake-utils-plus": [ - "digga", - "flake-utils-plus" - ], "home": "home", "latest": "latest_2", "naersk": "naersk", - "nix-dram": "nix-dram", - "nixlib": [ - "digga", - "nixlib" - ], "nixos": "nixos", "nixos-hardware": "nixos-hardware", - "nixpkgs": [ - "nixos" - ], "nur": "nur", "nvfetcher": "nvfetcher" } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1637268320, + "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", + "owner": "rust-analyzer", + "repo": "rust-analyzer", + "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", + "type": "github" + }, + "original": { + "owner": "rust-analyzer", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", From 7d67ba1cafde7577ea07f161b4e811e8eab5682a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:49:16 -0800 Subject: [PATCH 34/90] bud: switch back to pulling devos as template --- shell/bud/get.bash | 1 + 1 file changed, 1 insertion(+) create mode 100644 shell/bud/get.bash diff --git a/shell/bud/get.bash b/shell/bud/get.bash new file mode 100644 index 00000000..89e2af3d --- /dev/null +++ b/shell/bud/get.bash @@ -0,0 +1 @@ + nix flake new -t "github:divnix/devos/main" "${2:-devos}" From 0534c731e23943153ac1c21b7294811cea78c84c Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 19:58:36 -0800 Subject: [PATCH 35/90] overrides: remove nix-direnv line Use correct overrides for nix 2.4 --- overlays/overrides.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 1c5070db..4f94b6a9 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -16,6 +16,8 @@ channels: final: prev: { deploy-rs ; + # nix is set to 2.3 in 21.11 + nix-direnv = prev.nix-direnv.override { nix_2_4 = true; }; haskellPackages = prev.haskellPackages.override (old: { From 3cb0cd2e2ee87b156b5d1c7a94cdb859c2a7003f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 14:42:02 +0100 Subject: [PATCH 36/90] Fix last upstream merge, add back openssh service Dont't autoUpgrade by default --- profiles/core/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 6c04d580..31d765e0 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -109,6 +109,12 @@ in ''; }; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; From f07010445eb26b269e044929f7ce8b75d1ea5458 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 16:19:36 +0100 Subject: [PATCH 37/90] Reference nix-dram package directly from inputs This should avoid patches not working because our pkgs follows nixos = release-21.11 and nix-dram follows nixos-unstable --- flake.nix | 1 - profiles/core/default.nix | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 2b0f2528..e0415b07 100644 --- a/flake.nix +++ b/flake.nix @@ -81,7 +81,6 @@ nur.overlay agenix.overlay nvfetcher.overlay - nix-dram.overlay ./pkgs/default.nix ]; }; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 31d765e0..1d3d6c45 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -85,7 +85,8 @@ in }; nix = { - package = pkgs.nix-dram; + # use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram + package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; # Improve nix store disk usage autoOptimiseStore = true; From 6da0f503e187fada0b6f8c9c255493c1823d91a8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:09:49 +0100 Subject: [PATCH 38/90] wayland: use NIXOS_OZONE_WL instead of *-wayland packages --- modules/sway/config/config.d/custom-keybindings.conf | 2 +- overlays/overrides.nix | 9 +++++++++ profiles/base-user/session-variables.nix | 3 +++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 2b7ba20d..d5887e3e 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland +bindsym $mod+Shift+F4 exec signal-desktop bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4f94b6a9..4c5964ff 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,6 +14,15 @@ channels: final: prev: { signal-desktop starship deploy-rs + + neovim-unwrapped + tdesktop + xdg-desktop-portal + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr + obs-studio + obs-studio-plugins + looking-glass-client ; # nix is set to 2.3 in 21.11 diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 4e745bba..a180da6e 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -58,6 +58,9 @@ let # experimental wayland in firefox/thunderbird MOZ_ENABLE_WAYLAND = "1"; + # chromium / electron on wayland: enable ozone (native wayland mode) + NIXOS_OZONE_WL = "1"; + # Vagrant VAGRANT_HOME = "${xdg.dataHome}/vagrant"; VAGRANT_DEFAULT_PROVIDER = "libvirt"; From c85cb99a15709e1533043f7d9b70a5f21fd9ad42 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:34:08 +0100 Subject: [PATCH 39/90] Use newer ansible version instead of pythonPackages one --- modules/devops/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/devops/default.nix b/modules/devops/default.nix index 04f886a0..9c0d9a9e 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -15,7 +15,8 @@ in drone-cli nmap pgcli - python38Packages.ansible + ansible + ansible-lint restic shellcheck terraform_0_15 From 7589360e6d835eaf4ac511f016d3e43e34b4bace Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:34:32 +0100 Subject: [PATCH 40/90] terminal-life: add asciinema --- modules/terminal-life/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 1be1d5fa..84e39c4c 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -26,6 +26,7 @@ in home.packages = [ ag ack + asciinema bat exa gh From fa03692511a7f32792e9f52d36074740da1a37a2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:35:00 +0100 Subject: [PATCH 41/90] modules: user: add publicKeys option --- modules/user/default.nix | 5 +++++ profiles/base-user/default.nix | 1 + 2 files changed, 6 insertions(+) diff --git a/modules/user/default.nix b/modules/user/default.nix index d2edd476..74c1d915 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -16,6 +16,11 @@ in type = types.nullOr types.str; default = null; }; + publicKeys = mkOption { + description = "User SSH public keys"; + type = types.listOf types.path; + default = [ ]; + }; fullName = mkOption { description = "User full name"; type = types.nullOr types.str; diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index e327a736..1ec8f13d 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -19,6 +19,7 @@ in extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ]; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else []; }; }; } From e1b4ec65e097a4cb33d9cd822e413eb9f23ec345 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:35:52 +0100 Subject: [PATCH 42/90] pkgs: lgcl: fix nix flake check for aarch64-linux --- pkgs/lgcl.nix | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 pkgs/lgcl.nix diff --git a/pkgs/lgcl.nix b/pkgs/lgcl.nix new file mode 100644 index 00000000..1d973e81 --- /dev/null +++ b/pkgs/lgcl.nix @@ -0,0 +1,9 @@ +self: with self; +let + looking-glass-client = self.looking-glass-client.overrideAttrs (old: { + meta.platforms = [ "x86_64-linux" "aarch64-linux" ]; + }); +in +'' + ${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no +'' From e2a15bf8170118c3a5d9b6cc11dbb82377e7dade Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:37:21 +0100 Subject: [PATCH 43/90] core: add missing argument inputs --- profiles/core/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 1d3d6c45..da22dba0 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,4 +1,4 @@ -{ self, config, lib, pkgs, ... }: +{ self, config, lib, pkgs, inputs, ... }: let inherit (lib) fileContents; in { From bc4ca4557e46ff4a394acd9545a69b163cec0b8b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:43:05 +0100 Subject: [PATCH 44/90] core: add ncd, useful for comparing versions of pkgs that will be upgraded, see: https://discourse.nixos.org/t/nvd-simple-nix-nixos-version-diff-tool/12397 --- profiles/core/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index da22dba0..3dc8ea42 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -66,6 +66,7 @@ in # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos + nvd # Fun neofetch From 0cf1c0e9b02c1c27fb8e2bd0424176746bee141a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:45:26 +0100 Subject: [PATCH 45/90] iso: default user nixos becomes pub-solar --- flake.nix | 1 - users/pub-solar/default.nix | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e0415b07..7a28ba99 100644 --- a/flake.nix +++ b/flake.nix @@ -144,7 +144,6 @@ }; }; users = { - nixos = { suites, ... }: { imports = suites.base; }; pub-solar = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index af669b41..7289f717 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -5,12 +5,14 @@ pub-solar = { # These are your personal settings # The only required settings are `name` and `password`, + # for convenience, use publicKeys to add your SSH keys # The rest is used for programs like git user = { name = "pub-solar"; password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; + publicKeys = [ ../../secrets/teutat3s-yubikey.pub ]; }; }; } From 1d2eb2edd0b27d563d63a5379fc33877aa4c71bd Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:47:45 +0100 Subject: [PATCH 46/90] iso: use iso suite in PubSolarOS host fae: boots PubSolarOS --- flake.nix | 3 +++ hosts/PubSolarOS.nix | 15 +++++---------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 7a28ba99..88112919 100644 --- a/flake.nix +++ b/flake.nix @@ -73,6 +73,8 @@ channelsConfig = { allowUnfree = true; }; + supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; + channels = { nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; @@ -128,6 +130,7 @@ }; suites = with profiles; rec { base = [ core users.pub-solar users.root ]; + iso = base ++ [ base-user graphical pub-solar-iso ]; pubsolaros = [ core full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 2438ac28..70cf7a08 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -1,15 +1,10 @@ -{ profiles, ... }: +{ suites, ... }: { ### root password is empty by default ### - imports = [ - # profiles.networking - profiles.core - profiles.users.root # make sure to configure ssh keys - profiles.users.pub-solar - profiles.base-user - profiles.graphical - profiles.pub-solar-iso - ]; + ### default password: pub-solar, optional: add your SSH keys + imports = + suites.iso + ; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; From f99159df93a21b4a19fea32f9df801eb71418eac Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:52:56 +0100 Subject: [PATCH 47/90] chore: bump flake lock --- flake.lock | 196 +++++++++++++++++++++++++++-------------- flake.nix | 11 ++- overlays/overrides.nix | 2 - 3 files changed, 136 insertions(+), 73 deletions(-) diff --git a/flake.lock b/flake.lock index 67701251..f9d9b519 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1637793790, - "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", + "lastModified": 1641576265, + "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=", "owner": "ryantm", "repo": "agenix", - "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", + "rev": "08b9c96878b2f9974fc8bde048273265ad632357", "type": "github" }, "original": { @@ -27,11 +27,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1630693543, - "narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=", + "lastModified": 1641830469, + "narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=", "owner": "lovesegfault", "repo": "beautysh", - "rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd", + "rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1640836100, - "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", + "lastModified": 1642035816, + "narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=", "owner": "divnix", "repo": "bud", - "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", + "rev": "a789d710851441ba7e7cd59be378623b1fe05688", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1634994402, - "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", + "lastModified": 1642495030, + "narHash": "sha256-u1ZlFbLWzkM6zOfuZ1tr0tzTuDWucOYwALPWDWLorkE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44da835ac40dab5fd231298b59d83487382d2fab", + "rev": "bcdb6022b3a300abf59cb5d0106c158940f5120e", "type": "github" }, "original": { @@ -110,11 +110,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1637357482, - "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", + "lastModified": 1639771334, + "narHash": "sha256-4hgZmsCPaL5QlcEijHmzaYYrEwHtUFqraCUrCqLGJOo=", "owner": "input-output-hk", "repo": "deploy-rs", - "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", + "rev": "7267eab9139ca4476fd8ed49e2e8652bba4c037f", "type": "github" }, "original": { @@ -178,11 +178,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1637303083, - "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", + "lastModified": 1639117493, + "narHash": "sha256-67H9uXUdauaqMfkcKzpgHR3GeOKPAwOs6G3C1VpT67o=", "owner": "nix-community", "repo": "fenix", - "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", + "rev": "94b5686cad2ed210da106b0b7e1e212dab43fbf2", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -288,11 +288,26 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -324,11 +339,11 @@ }, "latest": { "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -354,6 +369,22 @@ "type": "github" } }, + "master": { + "locked": { + "lastModified": 1643636025, + "narHash": "sha256-pGU2qvKLMJ7jUbPdcWcdE8jSujy5iBI6ZFejpVHazUw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "be41b14875ff8d0fbcf80c13ace036a3fa4a96c3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "naersk": { "inputs": { "nixpkgs": [ @@ -361,11 +392,11 @@ ] }, "locked": { - "lastModified": 1638203339, - "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", + "lastModified": 1639947939, + "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=", "owner": "nmattia", "repo": "naersk", - "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", + "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653", "type": "github" }, "original": { @@ -374,6 +405,27 @@ "type": "github" } }, + "nix-dram": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1643638527, + "narHash": "sha256-NoRwXgTk3zHaTM4egk4MbEnV7RTXWUTon3OiG0GHjhE=", + "owner": "dramforever", + "repo": "nix-dram", + "rev": "86350dcada08e6f41fedd20f8c25a3a199a3be7d", + "type": "github" + }, + "original": { + "owner": "dramforever", + "repo": "nix-dram", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1641688481, @@ -391,11 +443,11 @@ }, "nixos": { "locked": { - "lastModified": 1643463207, - "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", + "lastModified": 1643630271, + "narHash": "sha256-0H+50Ys/8/rjE+64vpFRjwnDwthDfHh45IDpZ2BiECg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "03098169624f487eef37186b3214c40e6b6e919d", + "rev": "83a53b4adf04607af34060b2f7699a412fc9bc3d", "type": "github" }, "original": { @@ -408,10 +460,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1637655461, @@ -429,11 +478,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1638182287, - "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", + "lastModified": 1641965797, + "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", + "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", "type": "github" }, "original": { @@ -444,11 +493,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1643428210, - "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "type": "github" }, "original": { @@ -460,11 +509,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1643513770, - "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "lastModified": 1643634174, + "narHash": "sha256-LpfTneNuLmXuTyR4hPXtr92g1YAZymJUQxdHjTCi79w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", + "rev": "589235201f2e0717bee4915bffff5330fa00ff41", "type": "github" }, "original": { @@ -475,11 +524,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "lastModified": 1638986258, + "narHash": "sha256-OceRdctKZRSgqQxVRvvNB0MaEnFMzQqjUffecoDE9eI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", "type": "github" }, "original": { @@ -489,14 +538,29 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1643381941, + "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { - "lastModified": 1638231901, - "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", - "owner": "nix-community", - "repo": "NUR", - "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", - "type": "github" + "lastModified": 1626378135, + "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source", + "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "type": "path" }, "original": { "id": "nur", @@ -506,17 +570,17 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixos" ] }, "locked": { - "lastModified": 1634524567, - "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", + "lastModified": 1643518077, + "narHash": "sha256-FHhKjrPxvCv1aywLeqJi3kARDql7cwaj2jcpWp42Xhw=", "owner": "berberman", "repo": "nvfetcher", - "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", + "rev": "1b4adc9dac4c5f2c3ce14fdaf2702f9ce6bec491", "type": "github" }, "original": { @@ -531,11 +595,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1625240517, - "narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=", + "lastModified": 1633382856, + "narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021", + "rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e", "type": "github" }, "original": { @@ -553,7 +617,9 @@ "digga": "digga", "home": "home", "latest": "latest_2", + "master": "master", "naersk": "naersk", + "nix-dram": "nix-dram", "nixos": "nixos", "nixos-hardware": "nixos-hardware", "nur": "nur", @@ -563,11 +629,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1637268320, - "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", + "lastModified": 1639071661, + "narHash": "sha256-4YySLORuK0qGGIEJj78S7CZ4jy4GIHJ5ks17k5AWblo=", "owner": "rust-analyzer", "repo": "rust-analyzer", - "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", + "rev": "2534b7db1a093543d5bd759b3a1ca9e34418fa31", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 88112919..1a2823f8 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ { nixos.url = "github:nixos/nixpkgs/release-21.05"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; + master.url = "github:nixos/nixpkgs/master"; digga.url = "github:divnix/digga"; digga.inputs.nixpkgs.follows = "nixos"; @@ -50,7 +51,8 @@ # end ANTI CORRUPTION LAYER # PubSolarOS additions - nix-dram.url = "github:pub-solar/nix-dram"; + nix-dram.url = "github:dramforever/nix-dram"; + nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = @@ -86,11 +88,7 @@ ./pkgs/default.nix ]; }; - latest = { - overlays = [ - deploy.overlay - ]; - }; + latest = { }; }; lib = import ./lib { lib = digga.lib // nixos.lib; }; @@ -148,6 +146,7 @@ }; users = { pub-solar = { suites, ... }: { imports = suites.base; }; + teutat3s = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4c5964ff..c44eb891 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -25,8 +25,6 @@ channels: final: prev: { looking-glass-client ; - # nix is set to 2.3 in 21.11 - nix-direnv = prev.nix-direnv.override { nix_2_4 = true; }; haskellPackages = prev.haskellPackages.override (old: { From dca27eda2e9e1e36d0e7b583217012cd2b661452 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 04:15:24 +0100 Subject: [PATCH 48/90] Fix up rebase --- flake.lock | 52 +++++++------------ flake.nix | 33 ++++-------- overlays/overrides.nix | 3 +- shell/devos.nix | 7 +-- users/pub-solar/default.nix | 2 +- .../public-keys/teutat3s-yubikey.pub | 1 + 6 files changed, 33 insertions(+), 65 deletions(-) create mode 100644 users/pub-solar/public-keys/teutat3s-yubikey.pub diff --git a/flake.lock b/flake.lock index f9d9b519..6a0d01c0 100644 --- a/flake.lock +++ b/flake.lock @@ -339,11 +339,11 @@ }, "latest": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1638198142, + "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "8a308775674e178495767df90c419425474582a1", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "latest_2": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1643524588, + "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", "type": "github" }, "original": { @@ -369,22 +369,6 @@ "type": "github" } }, - "master": { - "locked": { - "lastModified": 1643636025, - "narHash": "sha256-pGU2qvKLMJ7jUbPdcWcdE8jSujy5iBI6ZFejpVHazUw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "be41b14875ff8d0fbcf80c13ace036a3fa4a96c3", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ @@ -408,9 +392,7 @@ "nix-dram": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": [ - "latest" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1643638527, @@ -443,11 +425,11 @@ }, "nixos": { "locked": { - "lastModified": 1643630271, - "narHash": "sha256-0H+50Ys/8/rjE+64vpFRjwnDwthDfHh45IDpZ2BiECg=", + "lastModified": 1643760485, + "narHash": "sha256-GcsRA8tc+LN7vDPLrRdFNSJEig5q+O6MIUTycc5YETI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "83a53b4adf04607af34060b2f7699a412fc9bc3d", + "rev": "8f7bb8841aa25e34cbbee891acd8a7a3e9e384db", "type": "github" }, "original": { @@ -460,7 +442,10 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_4" + "nixpkgs": [ + "digga", + "blank" + ] }, "locked": { "lastModified": 1637655461, @@ -540,16 +525,16 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1643381941, - "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "lastModified": 1643524588, + "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -617,7 +602,6 @@ "digga": "digga", "home": "home", "latest": "latest_2", - "master": "master", "naersk": "naersk", "nix-dram": "nix-dram", "nixos": "nixos", diff --git a/flake.nix b/flake.nix index 1a2823f8..0089a3ba 100644 --- a/flake.nix +++ b/flake.nix @@ -1,58 +1,47 @@ { description = "A highly structured configuration database."; - nixConfig.extra-experimental-features = "nix-command flakes ca-references"; + nixConfig.extra-experimental-features = "nix-command flakes"; nixConfig.extra-substituters = "https://nrdxp.cachix.org https://nix-community.cachix.org"; nixConfig.extra-trusted-public-keys = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; inputs = { - nixos.url = "github:nixos/nixpkgs/release-21.05"; + nixos.url = "github:nixos/nixpkgs/release-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; - master.url = "github:nixos/nixpkgs/master"; digga.url = "github:divnix/digga"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; + digga.inputs.deploy.follows = "deploy"; bud.url = "github:divnix/bud"; bud.inputs.nixpkgs.follows = "nixos"; bud.inputs.devshell.follows = "digga/devshell"; - home.url = "github:nix-community/home-manager/release-21.05"; + home.url = "github:nix-community/home-manager/release-21.11"; home.inputs.nixpkgs.follows = "nixos"; darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "latest"; + darwin.inputs.nixpkgs.follows = "nixos"; - deploy.follows = "digga/deploy"; + deploy.url = "github:input-output-hk/deploy-rs"; + deploy.inputs.nixpkgs.follows = "nixos"; agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "latest"; + agenix.inputs.nixpkgs.follows = "nixos"; nvfetcher.url = "github:berberman/nvfetcher"; - nvfetcher.inputs.nixpkgs.follows = "latest"; - nvfetcher.inputs.flake-compat.follows = "digga/deploy/flake-compat"; - nvfetcher.inputs.flake-utils.follows = "digga/flake-utils-plus/flake-utils"; + nvfetcher.inputs.nixpkgs.follows = "nixos"; naersk.url = "github:nmattia/naersk"; - naersk.inputs.nixpkgs.follows = "latest"; + naersk.inputs.nixpkgs.follows = "nixos"; nixos-hardware.url = "github:nixos/nixos-hardware"; - # start ANTI CORRUPTION LAYER - # remove after https://github.com/NixOS/nix/pull/4641 - nixpkgs.follows = "nixos"; - nixlib.follows = "digga/nixlib"; - blank.follows = "digga/blank"; - flake-utils-plus.follows = "digga/flake-utils-plus"; - flake-utils.follows = "digga/flake-utils"; - # end ANTI CORRUPTION LAYER - # PubSolarOS additions nix-dram.url = "github:dramforever/nix-dram"; - nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = @@ -81,7 +70,6 @@ nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; overlays = [ - digga.overlays.patchedNix nur.overlay agenix.overlay nvfetcher.overlay @@ -146,7 +134,6 @@ }; users = { pub-solar = { suites, ... }: { imports = suites.base; }; - teutat3s = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/overlays/overrides.nix b/overlays/overrides.nix index c44eb891..c0cb58ad 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -6,9 +6,8 @@ channels: final: prev: { cachix dhall discord - element-desktop-wayland + element-desktop rage - neovim-unwrapped nixpkgs-fmt qutebrowser signal-desktop diff --git a/shell/devos.nix b/shell/devos.nix index 0e143588..64815288 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -1,4 +1,4 @@ -{ pkgs, extraModulesPath, ... }: +{ pkgs, extraModulesPath, inputs, ... }: let hooks = import ./hooks; @@ -50,12 +50,9 @@ in (linter editorconfig-checker) # (docs python3Packages.grip) too many deps (docs mdbook) + (devos inputs.deploy.packages.${pkgs.system}.deploy-rs) ] - ++ lib.optional - (pkgs ? deploy-rs) - (devos deploy-rs.deploy-rs) - ++ lib.optional (system != "i686-linux") (devos cachix) diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index 7289f717..6bd0403c 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -12,7 +12,7 @@ password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; - publicKeys = [ ../../secrets/teutat3s-yubikey.pub ]; + publicKeys = [ ./public-keys/teutat3s-yubikey.pub ]; }; }; } diff --git a/users/pub-solar/public-keys/teutat3s-yubikey.pub b/users/pub-solar/public-keys/teutat3s-yubikey.pub new file mode 100644 index 00000000..0462fc12 --- /dev/null +++ b/users/pub-solar/public-keys/teutat3s-yubikey.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a From 8442a936e503448ebebf94828c10d7d141f18bf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:36:56 +0200 Subject: [PATCH 49/90] Remove git crypt, update docs --- doc/secrets.md | 6 +----- shell/devos.nix | 4 ---- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/doc/secrets.md b/doc/secrets.md index 26b2e973..47ca43d4 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,11 +1,8 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +Secrets are managed using [agenix][agenix] so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data. -By default, everything in the secrets folder is automatically encrypted. Just -be sure to run `git-crypt init` before putting anything in here. - ## Agenix Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets within the nix store because it is world-readable. @@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the > You can take a look at the [agenix repository][agenix] for more information > about the tool. -[git-crypt]: https://github.com/AGWA/git-crypt [agenix]: https://github.com/ryantm/agenix [age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/shell/devos.nix b/shell/devos.nix index 64815288..8702740a 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -33,10 +33,6 @@ in unset _PATH ''); - packages = with pkgs; [ - git-crypt - ]; - commands = with pkgs; [ (devos nixFlakes) (devos agenix) From e9e53147d8bfdd5c8ef288a8c4d62a61d809403c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 04:47:08 +0100 Subject: [PATCH 50/90] Fix up rebase --- profiles/core/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 6ccd540f..eecae628 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -22,6 +22,7 @@ in progress dnsutils inetutils + mtr pciutils usbutils gitFull @@ -121,6 +122,9 @@ in # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; + # Use latest LTS linux kernel by default + boot.kernelPackages = pkgs.linuxPackages_5_15; + boot.supportedFilesystems = [ "ntfs" ]; }; } From 821565aea41126ff7ad3b2d5d3226602c5f0140e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 05:13:01 +0100 Subject: [PATCH 51/90] Fix up rebase --- flake.lock | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 6a0d01c0..fd689987 100644 --- a/flake.lock +++ b/flake.lock @@ -339,11 +339,11 @@ }, "latest": { "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "latest_2": { "locked": { - "lastModified": 1643524588, - "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -392,7 +392,7 @@ "nix-dram": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1643638527, @@ -425,11 +425,11 @@ }, "nixos": { "locked": { - "lastModified": 1643760485, - "narHash": "sha256-GcsRA8tc+LN7vDPLrRdFNSJEig5q+O6MIUTycc5YETI=", + "lastModified": 1643630271, + "narHash": "sha256-0H+50Ys/8/rjE+64vpFRjwnDwthDfHh45IDpZ2BiECg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f7bb8841aa25e34cbbee891acd8a7a3e9e384db", + "rev": "83a53b4adf04607af34060b2f7699a412fc9bc3d", "type": "github" }, "original": { @@ -442,10 +442,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1637655461, @@ -524,6 +521,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1643381941, + "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1643524588, "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", From be9ce55f58a8ed61c4b087ce2da4ab0bdbb3ed36 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 13:27:56 +0100 Subject: [PATCH 52/90] Nix flake check works --- .drone.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index efeeac92..f67a32f5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -104,8 +104,7 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - # Currently broken - #- nix -Lv flake check + - nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help @@ -161,6 +160,6 @@ volumes: --- kind: signature -hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7 +hmac: d05f4e192ceb055bde34889d5303a0925aac9105bed6f77631abe6fccffbc3f1 ... From 29bea44c6c0e082f435db3c82938affb6beef2f8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 14:12:24 +0100 Subject: [PATCH 53/90] Use nixos-21.11 as base image tag, benefiting from recent change to get nixConfig from the projects flake.nix, for details, see: https://github.com/nix-community/docker-nixpkgs/commit/c52fdf233bde8857e9463d1bd504e6bd9bd72921 --- .drone.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.drone.yml b/.drone.yml index f67a32f5..b0b5965c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -94,16 +94,12 @@ name: Check steps: - name: "Check" - image: nixpkgs/nix-flakes:nixos-21.05 + image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 when: event: - pull_request - tag commands: - - echo "" >> /etc/nix/nix.conf - - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK @@ -116,15 +112,11 @@ name: Publish ISO steps: - name: "Build ISO" - image: nixpkgs/nix-flakes:nixos-21.05 + image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 volumes: - name: nix-store path: /var/nix/iso-cache commands: - - echo "" >> /etc/nix/nix.conf - - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -160,6 +152,6 @@ volumes: --- kind: signature -hmac: d05f4e192ceb055bde34889d5303a0925aac9105bed6f77631abe6fccffbc3f1 +hmac: 346cb05688f3b2aee03820aff82f0b16bb04759cd3948109f6496f87a5f18319 ... From 1bd3019ca5f6a98ea443916772de44b34fbb4bcb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 15:08:24 +0100 Subject: [PATCH 54/90] Follow nixos-unstable in check / build base image, to get nix version 2.5+ with accept-flake-config flag, see: https://github.com/NixOS/nix/commit/30496af5980fd03706f587eef014e630e9d9d318 https://github.com/nix-community/docker-nixpkgs/blob/c52fdf233bde8857e9463d1bd504e6bd9bd72921/images/nix-flakes/default.nix#L7 https://github.com/NixOS/nixpkgs/blob/release-21.11/pkgs/top-level/aliases.nix#L603 https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/top-level/aliases.nix#L665 https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L66 --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index b0b5965c..6aa9dac5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -94,7 +94,7 @@ name: Check steps: - name: "Check" - image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 + image: docker.nix-community.org/nixpkgs/nix-flakes:latest when: event: - pull_request @@ -112,7 +112,7 @@ name: Publish ISO steps: - name: "Build ISO" - image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 + image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - name: nix-store path: /var/nix/iso-cache @@ -152,6 +152,6 @@ volumes: --- kind: signature -hmac: 346cb05688f3b2aee03820aff82f0b16bb04759cd3948109f6496f87a5f18319 +hmac: c25dac3dfd8dd9b46394fb3cd0313c3bccc81cbee10ab9f281a15eb4ac455cd0 ... From a039ce09432421bcf8612f2d45ab537ac145c579 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 15:18:12 +0100 Subject: [PATCH 55/90] Only build ISO on tag event --- .drone.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6aa9dac5..d0b1d2f8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -141,9 +141,7 @@ steps: trigger: event: - - push - branch: - - feature/basic-iso + - tag volumes: - name: nix-store @@ -152,6 +150,6 @@ volumes: --- kind: signature -hmac: c25dac3dfd8dd9b46394fb3cd0313c3bccc81cbee10ab9f281a15eb4ac455cd0 +hmac: 958eac73155e8944a40eae326524a497e4170038444cf03b36ba649567372001 ... From 0a1cd6bf40ad7dcab949edfb425cebc0d3cb59d7 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 21:23:35 +0100 Subject: [PATCH 56/90] Remove SSH public key, add comment about default password --- users/pub-solar/default.nix | 3 ++- users/pub-solar/public-keys/teutat3s-yubikey.pub | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 users/pub-solar/public-keys/teutat3s-yubikey.pub diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index 6bd0403c..e80b64dd 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -9,10 +9,11 @@ # The rest is used for programs like git user = { name = "pub-solar"; + # default password = pub-solar password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; - publicKeys = [ ./public-keys/teutat3s-yubikey.pub ]; + publicKeys = [ ]; }; }; } diff --git a/users/pub-solar/public-keys/teutat3s-yubikey.pub b/users/pub-solar/public-keys/teutat3s-yubikey.pub deleted file mode 100644 index 0462fc12..00000000 --- a/users/pub-solar/public-keys/teutat3s-yubikey.pub +++ /dev/null @@ -1 +0,0 @@ -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a From 82c92836397c9366346e494000cfa2bead4fff92 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 00:33:21 +0100 Subject: [PATCH 57/90] Follow upstream devshell with nixUnstable, important fixes for docker needed, see: https://github.com/NixOS/nix/issues/5777 https://github.com/NixOS/nix/pull/5787 --- shell/bud/default.nix | 2 +- shell/devos.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/shell/bud/default.nix b/shell/bud/default.nix index f65e71ed..c486636b 100644 --- a/shell/bud/default.nix +++ b/shell/bud/default.nix @@ -1,7 +1,7 @@ { pkgs, lib, budUtils, ... }: { bud.cmds = with pkgs; { get = { - writer = budUtils.writeBashWithPaths [ nixFlakes git coreutils ]; + writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ]; synopsis = "get [DEST]"; help = "Copy the desired template to DEST"; script = ./get.bash; diff --git a/shell/devos.nix b/shell/devos.nix index 8702740a..db04ceb5 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -34,7 +34,7 @@ in ''); commands = with pkgs; [ - (devos nixFlakes) + (devos nixUnstable) (devos agenix) { category = "devos"; From 58efdd35285f1262f16e2a43d2708c3041196e4f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:14:21 +0100 Subject: [PATCH 58/90] Use nixUnstable from latest channel, aka nixos-unstable this is required because 2.5.1 with a required fix for nix docker didn't get backported to release-21.11 yet --- overlays/overrides.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index c0cb58ad..3678264e 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,6 +14,7 @@ channels: final: prev: { starship deploy-rs + nixUnstable neovim-unwrapped tdesktop xdg-desktop-portal From 2bddc9c7000b4328e1f7c23d9ee82e3b0dc3684b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:22:36 +0100 Subject: [PATCH 59/90] Make Build ISO step depend on Check step --- .drone.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index d0b1d2f8..e879f3d8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -139,6 +139,9 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 +depends_on: + - Check + trigger: event: - tag @@ -150,6 +153,6 @@ volumes: --- kind: signature -hmac: 958eac73155e8944a40eae326524a497e4170038444cf03b36ba649567372001 +hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 ... From d551045ac5d2265d3c56866637358f10404a6c69 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:34:01 +0100 Subject: [PATCH 60/90] services.getty.autologinUser wants a lib.mkForce hammer --- modules/graphical/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index f2e2ffcf..e1cad6c3 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -49,7 +49,7 @@ in }; }; - services.getty.autologinUser = "${psCfg.user.name}"; + services.getty.autologinUser = mkForce "${psCfg.user.name}"; qt5 = { enable = true; @@ -81,7 +81,7 @@ in source-sans-pro ]; - home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + home-manager = with pkgs; setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ alacritty chromium From ae8f39b89ac93492aa1ee1f6a19f768a529fb7fb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:59:42 +0100 Subject: [PATCH 61/90] Use drone host volume for /nix/store to speed up build times --- .drone.yml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index e879f3d8..439814a3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,6 +95,9 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + volumes: + - name: nix-store-cache + path: /nix/store when: event: - pull_request @@ -105,6 +108,11 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help +volumes: + - name: nix-store-cache + host: + path: "/var/nix/build-store" + --- kind: pipeline type: docker @@ -114,8 +122,10 @@ steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache + - name: nix-store-cache + path: /nix/store commands: - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -123,7 +133,7 @@ steps: - name: "Publish ISO" image: appleboy/drone-scp volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache settings: host: @@ -147,12 +157,14 @@ trigger: - tag volumes: - - name: nix-store + - name: file-exchange + temp: {} + - name: nix-store-cache host: - path: "/var/nix/iso-cache" + path: "/var/nix/build-store" --- kind: signature -hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 +hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab ... From 2c9fef6cbdf90c01c2f9927baff2b796df0a2e2f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 02:01:05 +0100 Subject: [PATCH 62/90] sway: add foot, make sway.terminal an option this helps getting a working terminal in VMs where 3D acceleration is limited --- modules/graphical/default.nix | 1 + modules/sway/config/config | 212 ---------------------------- modules/sway/config/config.nix | 214 +++++++++++++++++++++++++++++ modules/sway/default.nix | 7 +- profiles/pub-solar-iso/default.nix | 1 + 5 files changed, 222 insertions(+), 213 deletions(-) delete mode 100644 modules/sway/config/config create mode 100644 modules/sway/config/config.nix diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index e1cad6c3..15042a22 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -84,6 +84,7 @@ in home-manager = with pkgs; setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ alacritty + foot chromium firefox-wayland diff --git a/modules/sway/config/config b/modules/sway/config/config deleted file mode 100644 index 752a96c5..00000000 --- a/modules/sway/config/config +++ /dev/null @@ -1,212 +0,0 @@ -# Default config for sway -# -# Copy this to ~/.config/sway/config and edit it to your liking. -# -# Read `man 5 sway` for a complete reference. - -### Variables -# -# Logo key. Use Mod1 for Alt. -set $mod Mod4 -# Home row direction keys, like vim -set $left j -set $down k -set $up i -set $right l -# Your preferred terminal emulator -set $term alacritty -# Your preferred application launcher -# Note: pass the final command to swaymsg so that the resulting window can be opened -# on the original workspace that the command was run on. -#set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap - -default_border pixel 1 - -### Output configuration -# -# Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/) -output * bg ~/.config/wallpaper.jpg fill - -### Key bindings -# -# Basics: -# - # Start a terminal - bindsym $mod+Return exec $term - - # Start a terminal - bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)' - - # Kill focused window - bindsym $mod+Shift+q kill - - # Drag floating windows by holding down $mod and left mouse button. - # Resize them with right mouse button + $mod. - # Despite the name, also works for non-floating windows. - # Change normal to inverse to use left mouse button for resizing and right - # mouse button for dragging. - floating_modifier $mod normal - - # Reload the configuration file - bindsym $mod+Ctrl+r reload - -# -# Moving around: -# - # Move your focus around - bindsym $mod+$left focus left - bindsym $mod+$down focus down - bindsym $mod+$up focus up - bindsym $mod+$right focus right - # Or use $mod+[up|down|left|right] - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # Move the focused window with the same, but add Shift - bindsym $mod+Shift+$left move left - bindsym $mod+Shift+$down move down - bindsym $mod+Shift+$up move up - bindsym $mod+Shift+$right move right - # Ditto, with arrow keys - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right -# -# Workspaces: -# - - - # Workspace names - # to display names or symbols instead of plain workspace numbers you can use - # something like: set $ws1 1:mail - # set $ws2 2: - set $ws1 1 - set $ws2 2 - set $ws3 3 - set $ws4 4 - set $ws5 5 - set $ws6 6 - set $ws7 7 - set $ws8 8 - set $ws9 9 - - # Switch to workspace - bindsym $mod+1 workspace 1 - bindsym $mod+2 workspace 2 - bindsym $mod+3 workspace 3 - bindsym $mod+4 workspace 4 - bindsym $mod+5 workspace 5 - bindsym $mod+6 workspace 6 - bindsym $mod+7 workspace 7 - bindsym $mod+8 workspace 8 - bindsym $mod+9 workspace 9 - # Move focused container to workspace - bindsym $mod+Ctrl+1 move container to workspace $ws1 - bindsym $mod+Ctrl+2 move container to workspace $ws2 - bindsym $mod+Ctrl+3 move container to workspace $ws3 - bindsym $mod+Ctrl+4 move container to workspace $ws4 - bindsym $mod+Ctrl+5 move container to workspace $ws5 - bindsym $mod+Ctrl+6 move container to workspace $ws6 - bindsym $mod+Ctrl+7 move container to workspace $ws7 - bindsym $mod+Ctrl+8 move container to workspace $ws8 - bindsym $mod+Ctrl+9 move container to workspace $ws9 - # Move focused container to workspace and move focus with it - bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1 - bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2 - bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3 - bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4 - bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5 - bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6 - bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7 - bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8 - bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9 - # Note: workspaces can have any name you want, not just numbers. - # We just use 1-10 as the default. - - #navigate workspaces next / previous - bindsym $mod+Ctrl+Right workspace next - bindsym $mod+Ctrl+Left workspace prev - - # workspace back and forth (with/without active container) - workspace_auto_back_and_forth yes - bindsym $mod+b workspace back_and_forth - bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth - -# -# Layout stuff: -# - # Configure border style - default_border pixel 1 - default_floating_border normal - - # Hide borders - hide_edge_borders none - - # Font for window titles. Will also be used by the bar unless a different font - # is used in the bar {} block below. - font xft:Hack 16 - - # You can "split" the current object of your focus with - # $mod+b or $mod+v, for horizontal and vertical splits - # respectively. - bindsym $mod+h splith; exec notify-send 'tile horizontally' - bindsym $mod+v splitv; exec notify-send 'tile vertically' - - # Switch the current container between different layout styles - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # Make the current focus fullscreen - bindsym $mod+f fullscreen - - # Toggle the current focus between tiling and floating mode - bindsym $mod+Shift+space floating toggle - - # Swap focus between the tiling area and the floating area - bindsym $mod+t focus mode_toggle - - # Move focus to the parent container - bindsym $mod+a focus parent - bindsym $mod+d focus child -# -# Scratchpad: -# - # Sway has a "scratchpad", which is a bag of holding for windows. - # You can send windows there and get them back later. - - # Move the currently focused window to the scratchpad - bindsym $mod+Shift+minus move scratchpad - - # Show the next scratchpad window or hide the focused scratchpad window. - # If there are multiple scratchpad windows, this command cycles through them. - bindsym $mod+minus scratchpad show -# -# Resizing containers: -# -mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - - # Ditto, with arrow keys - bindsym Left resize shrink width 10px - bindsym Down resize grow height 10px - bindsym Up resize shrink height 10px - bindsym Right resize grow width 10px - - # Return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -include ~/.config/sway/config.d/* diff --git a/modules/sway/config/config.nix b/modules/sway/config/config.nix new file mode 100644 index 00000000..8e21ec02 --- /dev/null +++ b/modules/sway/config/config.nix @@ -0,0 +1,214 @@ +{ config, pkgs, ... }: +'' + # Default config for sway + # + # Copy this to ~/.config/sway/config and edit it to your liking. + # + # Read `man 5 sway` for a complete reference. + + ### Variables + # + # Logo key. Use Mod1 for Alt. + set $mod Mod4 + # Home row direction keys, like vim + set $left j + set $down k + set $up i + set $right l + # Your preferred terminal emulator + set $term ${config.pub-solar.sway.terminal} + # Your preferred application launcher + # Note: pass the final command to swaymsg so that the resulting window can be opened + # on the original workspace that the command was run on. + #set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap + + default_border pixel 1 + + ### Output configuration + # + # Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/) + output * bg ~/.config/wallpaper.jpg fill + + ### Key bindings + # + # Basics: + # + # Start a terminal + bindsym $mod+Return exec $term + + # Start a terminal + bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)' + + # Kill focused window + bindsym $mod+Shift+q kill + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Reload the configuration file + bindsym $mod+Ctrl+r reload + + # + # Moving around: + # + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right + # + # Workspaces: + # + + + # Workspace names + # to display names or symbols instead of plain workspace numbers you can use + # something like: set $ws1 1:mail + # set $ws2 2: + set $ws1 1 + set $ws2 2 + set $ws3 3 + set $ws4 4 + set $ws5 5 + set $ws6 6 + set $ws7 7 + set $ws8 8 + set $ws9 9 + + # Switch to workspace + bindsym $mod+1 workspace 1 + bindsym $mod+2 workspace 2 + bindsym $mod+3 workspace 3 + bindsym $mod+4 workspace 4 + bindsym $mod+5 workspace 5 + bindsym $mod+6 workspace 6 + bindsym $mod+7 workspace 7 + bindsym $mod+8 workspace 8 + bindsym $mod+9 workspace 9 + # Move focused container to workspace + bindsym $mod+Ctrl+1 move container to workspace $ws1 + bindsym $mod+Ctrl+2 move container to workspace $ws2 + bindsym $mod+Ctrl+3 move container to workspace $ws3 + bindsym $mod+Ctrl+4 move container to workspace $ws4 + bindsym $mod+Ctrl+5 move container to workspace $ws5 + bindsym $mod+Ctrl+6 move container to workspace $ws6 + bindsym $mod+Ctrl+7 move container to workspace $ws7 + bindsym $mod+Ctrl+8 move container to workspace $ws8 + bindsym $mod+Ctrl+9 move container to workspace $ws9 + # Move focused container to workspace and move focus with it + bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1 + bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2 + bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3 + bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4 + bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5 + bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6 + bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7 + bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8 + bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. + + #navigate workspaces next / previous + bindsym $mod+Ctrl+Right workspace next + bindsym $mod+Ctrl+Left workspace prev + + # workspace back and forth (with/without active container) + workspace_auto_back_and_forth yes + bindsym $mod+b workspace back_and_forth + bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth + + # + # Layout stuff: + # + # Configure border style + default_border pixel 1 + default_floating_border normal + + # Hide borders + hide_edge_borders none + + # Font for window titles. Will also be used by the bar unless a different font + # is used in the bar {} block below. + font xft:Hack 16 + + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+h splith; exec notify-send 'tile horizontally' + bindsym $mod+v splitv; exec notify-send 'tile vertically' + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+t focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent + bindsym $mod+d focus child + # + # Scratchpad: + # + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show + # + # Resizing containers: + # + mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" + } + bindsym $mod+r mode "resize" + + include ~/.config/sway/config.d/*'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index b690d9c0..83f407e4 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -8,6 +8,11 @@ in options.pub-solar.sway = { enable = mkEnableOption "Life in boxes"; }; + options.pub-solar.sway.terminal = mkOption { + type = types.nullOr types.str; + default = "alacritty"; + description = "Choose sway's default terminal"; + }; options.pub-solar.sway.v4l2loopback.enable = mkOption { type = types.bool; default = true; @@ -86,7 +91,7 @@ in systemd.user.services.waybar = import ./waybar.service.nix pkgs; systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; - xdg.configFile."sway/config".source = ./config/config; + xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix index 24312b53..53fe0317 100644 --- a/profiles/pub-solar-iso/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -5,5 +5,6 @@ in imports = [ ../cachix ]; config = { pub-solar.x-os.iso-options.enable = true; + pub-solar.sway.terminal = "foot"; }; } From 741c0863ed51d65ce2c60a660630701706f3b87e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 02:47:00 +0100 Subject: [PATCH 63/90] graphical: make wayland use the software renderer pixman optionally, https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md#wlroots-specific This should help run sway in VMs --- modules/graphical/default.nix | 5 +++++ profiles/base-user/session-variables.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index 15042a22..5da7f4f6 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -26,6 +26,11 @@ in default = { }; }; }; + wayland.software-renderer.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag enabling wlroots software renderer, useful in VMs"; + }; }; config = mkIf cfg.enable { diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index cc3aa69f..5bbfa8ee 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let psCfg = config.pub-solar; + wlroots = psCfg.graphical.wayland; xdg = config.home-manager.users."${psCfg.user.name}".xdg; variables = { XDG_CONFIG_HOME = xdg.configHome; @@ -15,6 +16,7 @@ let ECORE_EVAS_ENGINE = "wayland_egl"; ELM_ENGINE = "wayland_egl"; SDL_VIDEODRIVER = "wayland"; + WLR_RENDERER = if wlroots.software-renderer.enable then "pixman" else "gles2"; EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; From af96a74b95dd6d264079ef4c9098f0c40c5e4220 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 03:37:40 +0100 Subject: [PATCH 64/90] Revert "Use drone host volume for /nix/store to speed up build times" This reverts commit ae8f39b89ac93492aa1ee1f6a19f768a529fb7fb. --- .drone.yml | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/.drone.yml b/.drone.yml index 439814a3..e879f3d8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,9 +95,6 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest - volumes: - - name: nix-store-cache - path: /nix/store when: event: - pull_request @@ -108,11 +105,6 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help -volumes: - - name: nix-store-cache - host: - path: "/var/nix/build-store" - --- kind: pipeline type: docker @@ -122,10 +114,8 @@ steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - - name: file-exchange + - name: nix-store path: /var/nix/iso-cache - - name: nix-store-cache - path: /nix/store commands: - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -133,7 +123,7 @@ steps: - name: "Publish ISO" image: appleboy/drone-scp volumes: - - name: file-exchange + - name: nix-store path: /var/nix/iso-cache settings: host: @@ -157,14 +147,12 @@ trigger: - tag volumes: - - name: file-exchange - temp: {} - - name: nix-store-cache + - name: nix-store host: - path: "/var/nix/build-store" + path: "/var/nix/iso-cache" --- kind: signature -hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab +hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 ... From db2ffe63f517598cde0cdcf346762b926ff6e03f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 03:41:42 +0100 Subject: [PATCH 65/90] pub-solar-iso: enable wlroots software renderer pixman --- profiles/pub-solar-iso/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix index 53fe0317..24b5e1b3 100644 --- a/profiles/pub-solar-iso/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -4,7 +4,8 @@ in { imports = [ ../cachix ]; config = { - pub-solar.x-os.iso-options.enable = true; + pub-solar.graphical.wayland.software-renderer.enable = true; pub-solar.sway.terminal = "foot"; + pub-solar.x-os.iso-options.enable = true; }; } From 96dde2315d0c26f4163eb94e1af2f2ae081ad802 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 11:24:02 +0100 Subject: [PATCH 66/90] Use drone host volume for /nix/store to speed up build times --- .drone.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/.drone.yml b/.drone.yml index e879f3d8..6a89b45b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,15 +95,23 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + volumes: + - name: nix-store-cache + path: /tmp/build-store when: event: - pull_request - tag commands: - - nix -Lv flake check - - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix -Lv develop -c echo OK - - nix -Lv develop --command bud --help + - nix -Lv --store /tmp/build-store flake check + - nix -Lv --store /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv --store /tmp/build-store develop -c echo OK + - nix -Lv --store /tmp/build-store develop --command bud --help + +volumes: + - name: nix-store-cache + host: + path: "/var/nix/build-store" --- kind: pipeline @@ -114,16 +122,18 @@ steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache + - name: nix-store-cache + path: /tmp/build-store commands: - - nix -Lv develop --command bud build bootstrap bootstrapIso + - nix -Lv --store /tmp/build-store develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" image: appleboy/drone-scp volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache settings: host: @@ -147,12 +157,14 @@ trigger: - tag volumes: - - name: nix-store + - name: file-exchange + temp: {} + - name: nix-store-cache host: - path: "/var/nix/iso-cache" + path: "/var/nix/build-store" --- kind: signature -hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 +hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab ... From 135dc20dc495a08f441d5b37cc9850476eea6983 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 11:31:28 +0100 Subject: [PATCH 67/90] sign .drone.yml --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 6a89b45b..6a21ba57 100644 --- a/.drone.yml +++ b/.drone.yml @@ -165,6 +165,6 @@ volumes: --- kind: signature -hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab +hmac: 86b05ea45f65210a3bf5c7599fb959f7755bd97fa4c8e280eb34e9ead9c2b392 ... From 67d48485d009467174dd77496f0490b9611f71a2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 11:44:40 +0100 Subject: [PATCH 68/90] add --eval-store local flag to nix CI commands see https://github.com/nix-community/naersk/issues/217 and https://kevincox.ca/2022/01/02/nix-in-docker-caching/ --- .drone.yml | 12 ++++++------ shell/bud/get.bash | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6a21ba57..59c8b036 100644 --- a/.drone.yml +++ b/.drone.yml @@ -103,10 +103,10 @@ steps: - pull_request - tag commands: - - nix -Lv --store /tmp/build-store flake check - - nix -Lv --store /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix -Lv --store /tmp/build-store develop -c echo OK - - nix -Lv --store /tmp/build-store develop --command bud --help + - nix -Lv --store --eval-store local /tmp/build-store flake check + - nix -Lv --store --eval-store local /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv --store --eval-store local /tmp/build-store develop -c echo OK + - nix -Lv --store --eval-store local /tmp/build-store develop --command bud --help volumes: - name: nix-store-cache @@ -127,7 +127,7 @@ steps: - name: nix-store-cache path: /tmp/build-store commands: - - nix -Lv --store /tmp/build-store develop --command bud build bootstrap bootstrapIso + - nix -Lv --store --eval-store local /tmp/build-store develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -165,6 +165,6 @@ volumes: --- kind: signature -hmac: 86b05ea45f65210a3bf5c7599fb959f7755bd97fa4c8e280eb34e9ead9c2b392 +hmac: 3d4da439d9dc5cd81ea31f1c137ca82d6196341278434770348f5e258256cbec ... diff --git a/shell/bud/get.bash b/shell/bud/get.bash index 89e2af3d..b88081b4 100644 --- a/shell/bud/get.bash +++ b/shell/bud/get.bash @@ -1 +1 @@ - nix flake new -t "github:divnix/devos/main" "${2:-devos}" +nix flake new -t "github:divnix/devos/main" "${2:-devos}" From d33aef6060bceae373535c19f8be2bca65bc225a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:01:39 +0100 Subject: [PATCH 69/90] factor out nix command flags into NIX_FLAGS env var for better readability --- .drone.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 59c8b036..6d8f9cb0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -102,11 +102,13 @@ steps: event: - pull_request - tag + environment: + NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" commands: - - nix -Lv --store --eval-store local /tmp/build-store flake check - - nix -Lv --store --eval-store local /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix -Lv --store --eval-store local /tmp/build-store develop -c echo OK - - nix -Lv --store --eval-store local /tmp/build-store develop --command bud --help + - nix $$NIX_FLAGS flake check + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop -c echo OK + - nix $$NIX_FLAGS develop --command bud --help volumes: - name: nix-store-cache @@ -126,8 +128,10 @@ steps: path: /var/nix/iso-cache - name: nix-store-cache path: /tmp/build-store + environment: + NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" commands: - - nix -Lv --store --eval-store local /tmp/build-store develop --command bud build bootstrap bootstrapIso + - nix $$NIX_FLAGS develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -165,6 +169,6 @@ volumes: --- kind: signature -hmac: 3d4da439d9dc5cd81ea31f1c137ca82d6196341278434770348f5e258256cbec +hmac: 7816fae517d6d949f53aaafc80ba9847c788856d89749ec40418331db2b4b2b6 ... From 07ecc4bdaebc58b4539a90c4c38407a274d54652 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:13:56 +0100 Subject: [PATCH 70/90] fix nix flags, only use NIX_FLAGS where we would repeat ourselfes way too much --- .drone.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6d8f9cb0..bb3f30f1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -103,12 +103,13 @@ steps: - pull_request - tag environment: - NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" + NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" commands: - - nix $$NIX_FLAGS flake check - - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop -c echo OK - - nix $$NIX_FLAGS develop --command bud --help + - echo "NIX_FLAGS: $$NIX_FLAGS" + - nix $$NIX_FLAGS flake --eval-store local check + - nix $$NIX_FLAGS build --eval-store local ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop --eval-store local --command echo OK + - nix $$NIX_FLAGS develop --eval-store local --command bud --help volumes: - name: nix-store-cache @@ -128,10 +129,11 @@ steps: path: /var/nix/iso-cache - name: nix-store-cache path: /tmp/build-store - environment: - NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" commands: - - nix $$NIX_FLAGS develop --command bud build bootstrap bootstrapIso + - | + nix --store /tmp/build-store --print-build-logs --verbose \ + develop --eval-store local --command \ + bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -169,6 +171,6 @@ volumes: --- kind: signature -hmac: 7816fae517d6d949f53aaafc80ba9847c788856d89749ec40418331db2b4b2b6 +hmac: 50dcb2111c8bee1aedd337028cd2f082b8a1948044e3bd7970a03c31c5fc0fdc ... From c7a0811200871bd4d01c90079c73910fa2c3b5cb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:16:48 +0100 Subject: [PATCH 71/90] make the yaml parser happy --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index bb3f30f1..64a2708b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -105,7 +105,7 @@ steps: environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" commands: - - echo "NIX_FLAGS: $$NIX_FLAGS" + - 'echo NIX_FLAGS: $$NIX_FLAGS' - nix $$NIX_FLAGS flake --eval-store local check - nix $$NIX_FLAGS build --eval-store local ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --eval-store local --command echo OK @@ -171,6 +171,6 @@ volumes: --- kind: signature -hmac: 50dcb2111c8bee1aedd337028cd2f082b8a1948044e3bd7970a03c31c5fc0fdc +hmac: a1412a5be78c44f176af32d63f2716c95c0d3992f4809b192166dfa7dd7e3c28 ... From ec8c0dae4543a482e3760e745ed9992e05c5e7c3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:22:07 +0100 Subject: [PATCH 72/90] use SUBCMD_FLAGS env var --- .drone.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 64a2708b..9bf713ee 100644 --- a/.drone.yml +++ b/.drone.yml @@ -104,12 +104,14 @@ steps: - tag environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" + SUBCMD_FLAGS: "--eval-store local" commands: - - 'echo NIX_FLAGS: $$NIX_FLAGS' - - nix $$NIX_FLAGS flake --eval-store local check - - nix $$NIX_FLAGS build --eval-store local ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --eval-store local --command echo OK - - nix $$NIX_FLAGS develop --eval-store local --command bud --help + - 'echo NIX_FLAGS: $NIX_FLAGS' + - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' + - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help volumes: - name: nix-store-cache @@ -171,6 +173,6 @@ volumes: --- kind: signature -hmac: a1412a5be78c44f176af32d63f2716c95c0d3992f4809b192166dfa7dd7e3c28 +hmac: ad51a3555d52db391d510571e2e26435b8b105145d18034a453ab653fd9e7bd3 ... From f5c07c2e493c8691664836a8cebd333653130b98 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 14:25:38 +0100 Subject: [PATCH 73/90] DEBUG: try if nix build work with cached store --- .drone.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9bf713ee..4ed04221 100644 --- a/.drone.yml +++ b/.drone.yml @@ -108,7 +108,8 @@ steps: commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' - - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + # DEBUG: try if nix build works with build store as cache + #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help @@ -173,6 +174,6 @@ volumes: --- kind: signature -hmac: ad51a3555d52db391d510571e2e26435b8b105145d18034a453ab653fd9e7bd3 +hmac: 08d22b1fc998a8272677ef55574126b3d2fc389825b91ee36bd7d3cd9e0022a1 ... From d157e71a7279cc2040665fb0053fdb0e0aff115d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 15:32:16 +0100 Subject: [PATCH 74/90] DEBUG: try build without eval-store --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4ed04221..73f6637c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -110,7 +110,7 @@ steps: - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' # DEBUG: try if nix build works with build store as cache #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help @@ -174,6 +174,6 @@ volumes: --- kind: signature -hmac: 08d22b1fc998a8272677ef55574126b3d2fc389825b91ee36bd7d3cd9e0022a1 +hmac: 74162ec46f0cc1e66132a159c4a55472268cb880c8ba43fb477dd8befc6021d9 ... From 0b7f1019af6fe085903d24cb3204cc9bf3c52a42 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 8 Feb 2022 14:21:57 +0100 Subject: [PATCH 75/90] Try nix store cache docker volume with privileged mode --- .drone.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index 73f6637c..7e6348ed 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,6 +95,7 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + privileged: true volumes: - name: nix-store-cache path: /tmp/build-store @@ -104,15 +105,12 @@ steps: - tag environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" - SUBCMD_FLAGS: "--eval-store local" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' - # DEBUG: try if nix build works with build store as cache - #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help + - nix $$NIX_FLAGS develop --command echo OK + - nix $$NIX_FLAGS develop --command bud --help volumes: - name: nix-store-cache @@ -127,6 +125,7 @@ name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + privileged: true volumes: - name: file-exchange path: /var/nix/iso-cache @@ -135,7 +134,7 @@ steps: commands: - | nix --store /tmp/build-store --print-build-logs --verbose \ - develop --eval-store local --command \ + develop --command \ bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -174,6 +173,6 @@ volumes: --- kind: signature -hmac: 74162ec46f0cc1e66132a159c4a55472268cb880c8ba43fb477dd8befc6021d9 +hmac: 82ee8582e7225b968e92dfd585d3d2e12205af1bd2946e915532d421d5ee50c6 ... From e970370f38677b724b9d54a539b6cbab10b1280f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 8 Feb 2022 14:34:58 +0100 Subject: [PATCH 76/90] Try with eval-store=local --- .drone.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 7e6348ed..321b069d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -105,12 +105,13 @@ steps: - tag environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" + SUBCMD_FLAGS: "--eval-store local" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check - - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --command echo OK - - nix $$NIX_FLAGS develop --command bud --help + - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help volumes: - name: nix-store-cache @@ -134,7 +135,7 @@ steps: commands: - | nix --store /tmp/build-store --print-build-logs --verbose \ - develop --command \ + develop --eval-store local --command \ bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -173,6 +174,6 @@ volumes: --- kind: signature -hmac: 82ee8582e7225b968e92dfd585d3d2e12205af1bd2946e915532d421d5ee50c6 +hmac: 2b930d7f9abddb31d0f514259d78d6b01693f5a17fb681da69e5a6e116cf30fb ... From 98be94a4db6feee1fc20cc92b0e01422e0521d17 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 8 Feb 2022 19:09:53 +0100 Subject: [PATCH 77/90] DEBUG: try if nix build work with cached store --- .drone.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 321b069d..31101c07 100644 --- a/.drone.yml +++ b/.drone.yml @@ -108,7 +108,9 @@ steps: SUBCMD_FLAGS: "--eval-store local" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' + # DEBUG: try if nix build works with build store as cache + #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help @@ -174,6 +176,6 @@ volumes: --- kind: signature -hmac: 2b930d7f9abddb31d0f514259d78d6b01693f5a17fb681da69e5a6e116cf30fb +hmac: 59c209d1d10a52b4c0d3eb88645b915532b877700226523e8e44d62182e2786c ... From 67504a2560df4ef073fc70113214613b98242c8c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 9 Feb 2022 17:17:08 +0100 Subject: [PATCH 78/90] DEBUG: try if nix build work with cached store --- .drone.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 31101c07..2493d68f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -111,9 +111,9 @@ steps: - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' # DEBUG: try if nix build works with build store as cache #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop --command echo OK + - nix $$NIX_FLAGS develop --command bud --help volumes: - name: nix-store-cache @@ -176,6 +176,6 @@ volumes: --- kind: signature -hmac: 59c209d1d10a52b4c0d3eb88645b915532b877700226523e8e44d62182e2786c +hmac: 7ed23abadfcd0a30de070d90bb898a9b61b87a9547d9ccbb36ccca4d390db256 ... From d0e972f85f3c45904368ebdf9bfe2e4a006300c8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 25 Feb 2022 13:59:04 +0100 Subject: [PATCH 79/90] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/.drone.yml b/.drone.yml index 2493d68f..53d665a7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,31 +95,19 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest - privileged: true - volumes: - - name: nix-store-cache - path: /tmp/build-store when: event: - pull_request - tag environment: - NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" - SUBCMD_FLAGS: "--eval-store local" + NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' - # DEBUG: try if nix build works with build store as cache - #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --command echo OK - nix $$NIX_FLAGS develop --command bud --help -volumes: - - name: nix-store-cache - host: - path: "/var/nix/build-store" - --- kind: pipeline type: docker @@ -132,12 +120,10 @@ steps: volumes: - name: file-exchange path: /var/nix/iso-cache - - name: nix-store-cache - path: /tmp/build-store commands: - | - nix --store /tmp/build-store --print-build-logs --verbose \ - develop --eval-store local --command \ + nix --print-build-logs --verbose \ + develop --command \ bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -170,12 +156,9 @@ trigger: volumes: - name: file-exchange temp: {} - - name: nix-store-cache - host: - path: "/var/nix/build-store" --- kind: signature -hmac: 7ed23abadfcd0a30de070d90bb898a9b61b87a9547d9ccbb36ccca4d390db256 +hmac: f39ee287ccf3c8cbc66a939f4a37cc9ecae986321448ec88992c4dbaeb551a24 ... From 5a0078be8d1db39f926473cc83466a70ae25de12 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Feb 2022 17:06:24 +0100 Subject: [PATCH 80/90] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 53d665a7..c1e67c32 100644 --- a/.drone.yml +++ b/.drone.yml @@ -116,7 +116,6 @@ name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest - privileged: true volumes: - name: file-exchange path: /var/nix/iso-cache From 94b63041402c22fddfd51700ebb1e687adc5625f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Feb 2022 17:07:43 +0100 Subject: [PATCH 81/90] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.drone.yml b/.drone.yml index c1e67c32..e21f65e0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -87,26 +87,26 @@ trigger: event: - cron ---- -kind: pipeline -type: docker -name: Check - -steps: - - name: "Check" - image: docker.nix-community.org/nixpkgs/nix-flakes:latest - when: - event: - - pull_request - - tag - environment: - NIX_FLAGS: "--print-build-logs --verbose" - commands: - - 'echo NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check - - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --command echo OK - - nix $$NIX_FLAGS develop --command bud --help +#--- +#kind: pipeline +#type: docker +#name: Check +# +#steps: +# - name: "Check" +# image: docker.nix-community.org/nixpkgs/nix-flakes:latest +# when: +# event: +# - pull_request +# - tag +# environment: +# NIX_FLAGS: "--print-build-logs --verbose" +# commands: +# - 'echo NIX_FLAGS: $NIX_FLAGS' +# - nix $$NIX_FLAGS flake check +# - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" +# - nix $$NIX_FLAGS develop --command echo OK +# - nix $$NIX_FLAGS develop --command bud --help --- kind: pipeline @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: f39ee287ccf3c8cbc66a939f4a37cc9ecae986321448ec88992c4dbaeb551a24 +hmac: 32d5f2a2df812967aeeaa781f44e06549bc83802608478cfa89a2424b1ab6426 ... From 4e9786442b7efa4df1e8dfb5434c1ced221bdeff Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Feb 2022 17:09:06 +0100 Subject: [PATCH 82/90] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index e21f65e0..8d6ccf6a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -145,8 +145,8 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 -depends_on: - - Check +#depends_on: +# - Check trigger: event: @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: 32d5f2a2df812967aeeaa781f44e06549bc83802608478cfa89a2424b1ab6426 +hmac: e87b38b90d8b247719f395fd1f15df7ef534d036a5bc5efe140cee8e3a8643da ... From a7215fa101160c6167568903fb4191163b7fbe73 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Apr 2022 11:31:50 +0200 Subject: [PATCH 83/90] neovim: add template for shell.nix files --- modules/terminal-life/nvim/lsp.vim | 8 ++++++++ profiles/base-user/home.nix | 14 ++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 1b4a4d31..2c132414 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -8,6 +8,14 @@ set completeopt=menuone,noinsert,noselect " Avoid showing extra messages when using completion set shortmess+=c +function AddTemplate(tmpl_file) + exe "0read " . a:tmpl_file + set nomodified + 6 +endfunction + +autocmd BufNewFile shell.nix call AddTemplate("$XDG_DATA_HOME/nvim/templates/shell.nix.tmpl") + " Configure neovim 0.6+ experimental LSPs " https://github.com/neovim/nvim-lspconfig " https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 4becfab3..0736b6d4 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -54,6 +54,20 @@ in # Ensure nvim backup directory gets created # Workaround for E510: Can't make backup file (add ! to override) xdg.dataFile."nvim/backup/.keep".text = ""; + xdg.dataFile."nvim/templates/.keep".text = ""; + xdg.dataFile."shell.nix.tmpl" = { + text = '' + let + unstable = import (fetchTarball https://github.com/nixos/nixpkgs/archive/nixos-unstable.tar.gz) { }; + in + { nixpkgs ? import {} }: + with nixpkgs; mkShell { + buildInputs = [ + ]; + } + ''; + target = "nvim/templates/shell.nix.tmpl"; + }; # Allow unfree packages only on a user basis, not on a system-wide basis xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } "; From af67e0d15f87399c14fb6e165a1d460d38a4a933 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 15:12:26 +0200 Subject: [PATCH 84/90] neovim: don't show diagnostics when in insert mode --- modules/terminal-life/nvim/lsp.vim | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 2c132414..10231631 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -54,6 +54,22 @@ lua <ca', 'lua vim.lsp.buf.code_action()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) + -- Show diagnostic popup on cursor hold + vim.api.nvim_create_autocmd("CursorHold", { + buffer = bufnr, + callback = function() + local opts = { + focusable = false, + close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" }, + border = 'rounded', + source = 'always', + prefix = ' ', + scope = 'cursor', + } + vim.diagnostic.open_float(nil, opts) + end + }) + end -- Add additional capabilities supported by nvim-cmp @@ -198,8 +214,7 @@ for type, icon in pairs(signs) do end EOF -" Show diagnostic popup on cursor hold -autocmd CursorHold,CursorHoldI * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) +"autocmd CursorHold * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in From 6f2c137c06ea995cb2a1eaa4eb29dd9592b930c4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 15:58:00 +0200 Subject: [PATCH 85/90] direnv: update envrc --- .envrc | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.envrc b/.envrc index c878da9a..7f6e3ecd 100644 --- a/.envrc +++ b/.envrc @@ -1,10 +1,3 @@ # reload when these files change -watch_file flake.nix -watch_file shell.nix - -{ - # shell gc root dir - mkdir -p "$(direnv_layout_dir)" - - eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" -} || use nix +watch_file shell/* flake.nix +use flake || use nix From e956a69abfd9a0e79f42fee11c6f841fb49857a6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 16:38:19 +0200 Subject: [PATCH 86/90] Re-enable CI Check step --- .drone.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8d6ccf6a..aa614c4a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -87,26 +87,26 @@ trigger: event: - cron -#--- -#kind: pipeline -#type: docker -#name: Check -# -#steps: -# - name: "Check" -# image: docker.nix-community.org/nixpkgs/nix-flakes:latest -# when: -# event: -# - pull_request -# - tag -# environment: -# NIX_FLAGS: "--print-build-logs --verbose" -# commands: -# - 'echo NIX_FLAGS: $NIX_FLAGS' -# - nix $$NIX_FLAGS flake check -# - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" -# - nix $$NIX_FLAGS develop --command echo OK -# - nix $$NIX_FLAGS develop --command bud --help +--- +kind: pipeline +type: docker +name: Check + +steps: + - name: "Check" + image: docker.nix-community.org/nixpkgs/nix-flakes:latest + when: + event: + - pull_request + - tag + environment: + NIX_FLAGS: "--print-build-logs --verbose" + commands: + - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' + - nix $$NIX_FLAGS flake check + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop --command echo OK + - nix $$NIX_FLAGS develop --command bud --help --- kind: pipeline @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: e87b38b90d8b247719f395fd1f15df7ef534d036a5bc5efe140cee8e3a8643da +hmac: 84b008b7e96a6407fec3dd387032b30ecbb1dd7558ceb94bbb51c9ac115948a2 ... From d23376f7fb337f1b5823b41c6aef619b6b0ddd75 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 16:45:51 +0200 Subject: [PATCH 87/90] Workaround ps-signal-desktop is not supported on aarch64-linux using fake metadata --- pkgs/ps-signal-desktop.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/ps-signal-desktop.nix b/pkgs/ps-signal-desktop.nix index c1d3967a..ff615639 100644 --- a/pkgs/ps-signal-desktop.nix +++ b/pkgs/ps-signal-desktop.nix @@ -1,3 +1,9 @@ -self: with self; '' +self: with self; +let + signal-desktop = self.signal-desktop.overrideAttrs (old: { + meta.platforms = [ "x86_64-linux" "aarch64-linux" ]; + }); +in +'' exec ${signal-desktop}/bin/signal-desktop --disable-gpu -- "$@" '' From 47ed302f7abba50ca010de919feb4dc663011f59 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 17:03:00 +0200 Subject: [PATCH 88/90] drone: add check step --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index aa614c4a..f683f2af 100644 --- a/.drone.yml +++ b/.drone.yml @@ -145,8 +145,8 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 -#depends_on: -# - Check +depends_on: + - Check trigger: event: @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: 84b008b7e96a6407fec3dd387032b30ecbb1dd7558ceb94bbb51c9ac115948a2 +hmac: e806a6980afdc1bf451be231db1a61e7917822a1f78afe3f2136eadfd632d521 ... From cf5dd8c72cb8505f9606c2f6e845eb9ba0b6f738 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 17:03:13 +0200 Subject: [PATCH 89/90] clean up bud --- shell/bud/get.bash | 1 - 1 file changed, 1 deletion(-) delete mode 100644 shell/bud/get.bash diff --git a/shell/bud/get.bash b/shell/bud/get.bash deleted file mode 100644 index b88081b4..00000000 --- a/shell/bud/get.bash +++ /dev/null @@ -1 +0,0 @@ -nix flake new -t "github:divnix/devos/main" "${2:-devos}" From ed26820593f402aab306a70ef70c10524822fcb5 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 18:11:43 +0200 Subject: [PATCH 90/90] neovim: remove unneeded autocmd CursorHold --- modules/terminal-life/nvim/lsp.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 10231631..35c065a6 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -214,8 +214,6 @@ for type, icon in pairs(signs) do end EOF -"autocmd CursorHold * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) - " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in set signcolumn=yes:2