From ceffec93925f2068f8d89ef79fa86797b6b59077 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Wed, 29 Dec 2021 14:42:51 -0800 Subject: [PATCH 01/12] profiles/core: add comments for each option --- profiles/core/default.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index d2801d8..c1aed3f 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -2,12 +2,21 @@ let inherit (lib) fileContents; in { + # Sets nrdxp.cachix.org binary cache which just speeds up some builds imports = [ ../cachix ]; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + + # This is just a representation of the nix default nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; environment = { + # Selection of sysadmin tools that can come in handy systemPackages = with pkgs; [ binutils coreutils @@ -33,6 +42,8 @@ in whois ]; + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there shellInit = '' export STARSHIP_CONFIG=${ pkgs.writeText "starship.toml" @@ -113,18 +124,18 @@ in nix = { + # Improve nix store disk usage autoOptimiseStore = true; - gc.automatic = true; - optimise.automatic = true; + # Prevents impurities in builds useSandbox = true; - allowedUsers = [ "@wheel" ]; - + # give root and @wheel special privileges with nix trustedUsers = [ "root" "@wheel" ]; + # Generally useful nix option defaults extraOptions = '' min-free = 536870912 keep-outputs = true @@ -135,20 +146,17 @@ in }; programs.bash = { + # Enable starship promptInit = '' eval "$(${pkgs.starship}/bin/starship init bash)" ''; + # Enable direnv, a tool for managing shell environments interactiveShellInit = '' eval "$(${pkgs.direnv}/bin/direnv hook bash)" ''; }; - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault false; - }; - + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; } From a7fae1dbcc2ca5b2287611bce2ec5bc87d455acf Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Sun, 9 Jan 2022 00:14:24 -0800 Subject: [PATCH 02/12] Update secrets path See https://github.com/ryantm/agenix/commit/e5386644356a3f686f7fceac8645f0a9f94a2de6 --- doc/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/secrets.md b/doc/secrets.md index 996f418..47ca43d 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -90,7 +90,7 @@ In any profile that uses a NixOS module that requires a secret you can enable a ``` -Then you can just pass the path `/run/secrets/mysecret` to the module. +Then you can just pass the path `/run/agenix/mysecret` to the module. You can make use of the many options provided by the age module to customize where and how secrets get decrypted. You can learn about them by looking at the From fbfb84b96c899af918e72cf82016161f3b46a210 Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Mon, 4 Oct 2021 08:54:27 -0700 Subject: [PATCH 03/12] Fix outdated option name --- doc/concepts/users.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 3ab7c39..b2a6c2a 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -37,9 +37,10 @@ User profiles can be collected in a similar fashion as system ones into a `suite argument that gets passed to your home-manager users. ### Example +`flake.nix` ```nix { - home-manager.users.nixos = { suites, ... }: { + home.users.nixos = { suites, ... }: { imports = suites.base; }; } From 868818d4a4515f52ad38be8b60022154651ee4b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 16 Jan 2022 17:09:18 +0100 Subject: [PATCH 04/12] Fix mopidy jellyfin --- pkgs/mopidy-jellyfin.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/mopidy-jellyfin.nix b/pkgs/mopidy-jellyfin.nix index 8c99ac2..a3cde27 100644 --- a/pkgs/mopidy-jellyfin.nix +++ b/pkgs/mopidy-jellyfin.nix @@ -1,20 +1,20 @@ self: with self; let - websocket-client = python38.pkgs.buildPythonPackage rec { + websocket-client = python39.pkgs.buildPythonPackage rec { pname = "websocket-client"; - version = "1.0.0"; + version = "1.2.1"; doCheck = false; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; - sha256 = "sha256-UFGzii9MJ/vXygd+uyPsaWWmJt7VqVY382vhs1tsT4E="; + sha256 = "sha256-jftxXYqZL1cS//jIQ62ulOIrIqmbLF5rDsShqYHMTg0="; }; }; in -python38.pkgs.buildPythonPackage rec { +python39.pkgs.buildPythonPackage rec { pname = "Mopidy-Jellyfin"; version = "1.0.2"; doCheck = false; - propagatedBuildInputs = with python38.pkgs; [ + propagatedBuildInputs = with python39.pkgs; [ unidecode websocket-client requests @@ -22,7 +22,7 @@ python38.pkgs.buildPythonPackage rec { pykka mopidy ]; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g="; }; From 070664bb722d6af67b294a764eb5213798b9e75d Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Thu, 13 Jan 2022 19:57:34 -0800 Subject: [PATCH 05/12] README: Add more flakes to "in the wild" Remove the nrd branch, since that doesn't exist anymore --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 275714c..29d450d 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,9 @@ expected. There are unstable versions (0._x_._x_) to help users keep track of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave 😜 ## In the Wild -* The original [authors][please] +* @Pacman99: [Personal](https://gitlab.com/coffeetables/lower), [Server](https://gitlab.com/coffeetables/myrdd) +* [@danielphan2003](https://github.com/danielphan2003/flk) and make sure to also check out [devos-ext-lib][devos-ext-lib] +* [PubSolarOS](https://git.sr.ht/~b12f/pub-solar-os) ## Shoulders This work does not reinvent the wheel. It stands on the [shoulders of the @@ -89,3 +91,4 @@ DevOS is licensed under the [MIT License][mit]. [nvfetcher]: https://github.com/berberman/nvfetcher [please]: https://github.com/nrdxp/devos/tree/nrd [matrix]: https://matrix.to/#/#devos:nixos.org +[devos-ext-lib]: https://github.com/divnix/devos-ext-lib From adf005b5c83514fb572144aac851026360400156 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:57:55 -0800 Subject: [PATCH 06/12] flake: update digga, home, nixos, latest --- flake.lock | 120 +++++++++++++++++++++++------------------------------ 1 file changed, 52 insertions(+), 68 deletions(-) diff --git a/flake.lock b/flake.lock index 774055b..6770125 100644 --- a/flake.lock +++ b/flake.lock @@ -23,10 +23,7 @@ "beautysh": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "bud", - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -148,7 +145,6 @@ "deploy" ], "devshell": "devshell", - "flake-utils": "flake-utils_3", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" @@ -163,11 +159,11 @@ ] }, "locked": { - "lastModified": 1640031018, - "narHash": "sha256-ZzyS803XuCl99XE4581m0Suni+q1Hz+Mpw6A9bs7VKM=", + "lastModified": 1643510242, + "narHash": "sha256-9C9DyJhQ5bevk0CEEjGct+U9EqUgHg8T70nxz47zjMI=", "owner": "divnix", "repo": "digga", - "rev": "3157889810e51a1ae03f82bf6bf6657ba8cf93c6", + "rev": "33bfb05b8a148d8ad6a842de74e22209bf9fe5d7", "type": "github" }, "original": { @@ -178,7 +174,7 @@ }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { @@ -244,29 +240,29 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_4" + "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1638994888, - "narHash": "sha256-iz/ynGNZlvqKCOnFrEKqGA+BVKGQMG+g2JT+e3OOLN8=", - "owner": "divnix", + "lastModified": 1639385028, + "narHash": "sha256-oqorKz3mwf7UuDJwlbCEYCB2LfcWLL0DkeCWhRIL820=", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "b4f9f517574cb7bd6ee3f19c72c19634c9f536e1", + "rev": "be1be083af014720c14f3b574f57b6173b4915d0", "type": "github" }, "original": { - "owner": "divnix", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", "type": "github" } }, "flake-utils_2": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -291,21 +287,6 @@ } }, "flake-utils_4": { - "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { "locked": { "lastModified": 1631561581, "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", @@ -327,11 +308,11 @@ ] }, "locked": { - "lastModified": 1637917557, - "narHash": "sha256-3u5bLyGn5NUG3RJA7/v1Bqa/QCFGqp/01Bh/4REf9m4=", + "lastModified": 1642653493, + "narHash": "sha256-22mGPjiHUo2Jmze4IjXCJLjeK2mbvvCztHmUyUMr4yw=", "owner": "nix-community", "repo": "home-manager", - "rev": "4daff26495ca9ac67476cba8cf15c3e36d91ab18", + "rev": "28b9ae40c45c5e7711c353fee1b7af734e293979", "type": "github" }, "original": { @@ -359,11 +340,11 @@ }, "latest_2": { "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -395,11 +376,11 @@ }, "nixlib": { "locked": { - "lastModified": 1640478849, - "narHash": "sha256-S4lNc3fb9UpYgVtTa/mZZXphq7+xGy74YGIlOWB1ceE=", + "lastModified": 1641688481, + "narHash": "sha256-6L+EU12xLDHby7y8elgFtRKVBxix+7qV8DhVgXqrKZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c85a293f7d094a799dcf1197c31925bc44e94d6b", + "rev": "f697717b3d3a074ffc16c8c8227504f0db292886", "type": "github" }, "original": { @@ -410,11 +391,11 @@ }, "nixos": { "locked": { - "lastModified": 1638231428, - "narHash": "sha256-Sm5loBKdeusSvIAC+LtzRT6I7tAcqZdIPnHcxZt7NaE=", + "lastModified": 1643463207, + "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "393c5357a0071d51668bcdc69dfc25ddacbd5840", + "rev": "03098169624f487eef37186b3214c40e6b6e919d", "type": "github" }, "original": { @@ -427,7 +408,10 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "digga", + "blank" + ] }, "locked": { "lastModified": 1637655461, @@ -460,11 +444,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640831728, - "narHash": "sha256-KK5SKqqfAt+ev3bHLrVXJ6i4zx9YQW6k19oUInY8T2M=", + "lastModified": 1643428210, + "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d90841dd0179430db010dfc2c58b2a7de4371be", + "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1643513770, + "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", "type": "github" }, "original": { @@ -473,7 +473,7 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1636976544, "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", @@ -489,22 +489,6 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1640418986, - "narHash": "sha256-a8GGtxn2iL3WAkY5H+4E0s3Q7XJt6bTOvos9qqxT5OQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 1638231901, @@ -522,7 +506,7 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos" ] @@ -544,7 +528,7 @@ "poetry2nix": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1625240517, From 9fd3a1085e10e6272082c21cab6baad21e0ffeaa Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:49:16 -0800 Subject: [PATCH 07/12] bud: switch back to pulling devos as template --- shell/bud/get.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell/bud/get.bash b/shell/bud/get.bash index 7c10d1b..89e2af3 100644 --- a/shell/bud/get.bash +++ b/shell/bud/get.bash @@ -1 +1 @@ -git clone https://github.com/divnix/devos.git "${2:-devos}" + nix flake new -t "github:divnix/devos/main" "${2:-devos}" From 6de02a64be14a1109828f5989c8e726c8914db3a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 19:58:36 -0800 Subject: [PATCH 08/12] overrides: remove nix-direnv line --- overlays/overrides.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4b48b6d..e35ad7e 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -15,9 +15,6 @@ channels: final: prev: { deploy-rs ; - # nix is set to 2.3 in 21.11 - nix-direnv = prev.nix-direnv.override { nix = prev.nixUnstable; }; - haskellPackages = prev.haskellPackages.override (old: { overrides = prev.lib.composeExtensions (old.overrides or (_: _: { })) (hfinal: hprev: From 7becfcd913aac24f11d52a67884e5ab9b5da1a27 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 14:42:02 +0100 Subject: [PATCH 09/12] Fix last upstream merge, add back openssh service Dont't autoUpgrade by default --- profiles/core/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 87b7974..eca35b4 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -117,7 +117,11 @@ in ''; }; - system.autoUpgrade.enable = true; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; From a4dbe4fa785ac542382d5de9f61ae6090a8227c0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 16:19:36 +0100 Subject: [PATCH 10/12] Reference nix-dram package directly from inputs This should avoid patches not working because our pkgs follows nixos = release-21.11 and nix-dram follows nixos-unstable --- flake.nix | 1 - profiles/core/default.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index b50837b..26e442a 100644 --- a/flake.nix +++ b/flake.nix @@ -71,7 +71,6 @@ nur.overlay agenix.overlay nvfetcher.overlay - nix-dram.overlay ./pkgs/default.nix ]; }; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index eca35b4..dca063f 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -93,7 +93,7 @@ in nix = { # use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram - package = pkgs.nix-dram; + package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; # Improve nix store disk usage autoOptimiseStore = true; From 2748fbcdee0df2e6ef10fa849bd518385c8a1f40 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:09:49 +0100 Subject: [PATCH 11/12] wayland: use NIXOS_OZONE_WL instead of *-wayland packages --- modules/social/default.nix | 2 +- modules/sway/config/config.d/custom-keybindings.conf | 2 +- overlays/overrides.nix | 1 - profiles/base-user/session-variables.nix | 3 +++ 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/social/default.nix b/modules/social/default.nix index 90a23c3..f3aa63b 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -15,7 +15,7 @@ in #mySignalDesktop signal-desktop tdesktop - element-desktop-wayland + element-desktop irssi ]; }; diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 6218d90..5faddec 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland +bindsym $mod+Shift+F4 exec signal-desktop bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 5c11414..c0cb58a 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,7 +14,6 @@ channels: final: prev: { starship deploy-rs - element-desktop-wayland neovim-unwrapped tdesktop xdg-desktop-portal diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 264d787..cc3aa69 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -58,6 +58,9 @@ let # experimental wayland in firefox/thunderbird MOZ_ENABLE_WAYLAND = "1"; + # chromium / electron on wayland: enable ozone (native wayland mode) + NIXOS_OZONE_WL = "1"; + # Vagrant VAGRANT_HOME = "${xdg.dataHome}/vagrant"; VAGRANT_DEFAULT_PROVIDER = "libvirt"; From ad3fc6126da2dc47fa29abdb3f24c1dfe25d7cc3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:37:21 +0100 Subject: [PATCH 12/12] core: add missing argument inputs --- profiles/core/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index dca063f..f45e7a7 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,4 +1,4 @@ -{ self, config, lib, pkgs, ... }: +{ self, config, lib, pkgs, inputs, ... }: let inherit (lib) fileContents; in {