diff --git a/.gitignore b/.gitignore index 773271c..c50c560 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,12 @@ up hosts/up-* .direnv doc/index.html +<<<<<<< HEAD tags +======= + +# Result of flk commands +vm +iso +doi +>>>>>>> devos/core diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index bb480ae..f721069 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,5 +1,8 @@ # Pull Requests -If making a change to core, or adding a feature, please be sure to update the +All development is done in the `develop` branch. Only minor bug-fixes and release +PRs should target `master`. + +If making a change to the template, or adding a feature, please be sure to update the relevant docs. Each directory contains its own README.md, which will automatically be pulled into the [mdbook](https://devos.divnix.com). The book is rendered on every change, so the docs should always be up to date. diff --git a/doc/SUMMARY.md b/doc/SUMMARY.md index f35bf37..e2b6e9a 100644 --- a/doc/SUMMARY.md +++ b/doc/SUMMARY.md @@ -24,6 +24,7 @@ - [up](./flk/up.md) - [update](./flk/update.md) - [get](./flk/get.md) + - [doi](./flk/doi.md) - [iso](./flk/iso.md) - [install](./flk/install.md) - [home](./flk/home.md) diff --git a/doc/concepts/hosts.md b/doc/concepts/hosts.md index 37130f3..1c3c3fa 100644 --- a/doc/concepts/hosts.md +++ b/doc/concepts/hosts.md @@ -6,13 +6,14 @@ of these hosts, devos automatically imports every _.nix_ file inside this directory to the mentioned attribute set, applying the projects defaults to each. The only hard requirement is that the file contain a valid NixOS module. -As an example, a file `hosts/system.nix` will be available via the flake -output `nixosConfigurations.system`. You can have as many hosts as you want -and all of them will be automatically imported based on their name. +As an example, a file `hosts/system.nix` or `hosts/system/default.nix` will +be available via the flake output `nixosConfigurations.system`. You can have +as many hosts as you want and all of them will be automatically imported based +on their name. For each host, the configuration automatically sets the `networking.hostName` -attribute to the name of the file minus the _.nix_ extension. This is for -convenience, since `nixos-rebuild` automatically searches for a configuration +attribute to the folder name or name of the file minus the _.nix_ extension. This +is for convenience, since `nixos-rebuild` automatically searches for a configuration matching the current systems hostname if one is not specified explicitly. You can set channels, systems, and add extra modules to each host by editing the diff --git a/doc/concepts/overrides.md b/doc/concepts/overrides.md index 303108c..610fde0 100644 --- a/doc/concepts/overrides.md +++ b/doc/concepts/overrides.md @@ -27,10 +27,11 @@ You can also pull modules from other channels. All modules have access to the `modulesPath` for each channel as `ModulesPath`. And you can use `disabledModules` to remove modules from the current channel. -Pulling the zsh module from the `latest` channel: +To pull zsh module from the `latest` channel this code can be placed in any module, whether its your host file, a profile, or a module in ./modules etc: ```nix -{ latestModulesPath }: { - modules = [ "${latestModulesPath}/programs/zsh/zsh.nix" ]; +{ latestModulesPath }: +{ + imports = [ "${latestModulesPath}/programs/zsh/zsh.nix" ]; disabledModules = [ "programs/zsh/zsh.nix" ]; } ``` diff --git a/doc/concepts/profiles.md b/doc/concepts/profiles.md index 1c8f416..b4ff0a1 100644 --- a/doc/concepts/profiles.md +++ b/doc/concepts/profiles.md @@ -8,34 +8,29 @@ separation of concerns. If you need guidance, a community [branch](https://github.com/divnix/devos/tree/community/profiles) is maintained to help get up to speed on their usage. -## Constraints -For the sake of consistency, a profile should always be defined in a -___default.nix___ containing a [nixos module config][config]. -A profile's directory is used for quick modularization of -[interelated bits](./profiles.md#subprofiles). +## Creation +Profiles are created with the `rakeLeaves` function which recursively collects +`.nix` files from within a folder. The recursion stops at folders with a `default.nix` +in them. You end up with an attribute set with leaves(paths to profiles) or +nodes(attrsets leading to more nodes or leaves). + +A profile is used for quick modularization of [interelated bits](./profiles.md#subprofiles). > ##### _Notes:_ > * For _declaring_ module options, there's the [modules](../outputs/modules.md) directory. > * This directory takes inspiration from > [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles) > . -> * Sticking to a simple [spec][spec] has refreshing advantages. -> [hercules-ci](../integrations/hercules.md) expects all profiles to be -> defined in a ___default.nix___, allowing them to be built automatically when -> added. Congruently, [suites](suites.md) expect ___default.nix___ to avoid -> having to manage their paths manually. -## Subprofiles -Profiles can also define subprofiles. They follow the same constraints outlined -above. A good top level profile should be a high level concern, such as your -personal development environment while the subprofiles should be more focused -program configurations such as your text editor, and shell configs. This way, -you can either pull in the whole development profile, or pick and choose -individual programs. +### Nested profiles +Profiles can be nested in attribute sets due to the recursive nature of `rakeLeaves`. +This can be useful to have a set of profiles created for a specific purpose. It is +sometimes useful to have a `common` profile that has high level concerns related +to all its sister profiles. ### Example -profiles/develop/default.nix: +profiles/develop/common.nix: ```nix { imports = [ ./zsh ]; @@ -43,7 +38,7 @@ profiles/develop/default.nix: } ``` -profiles/develop/zsh/default.nix: +profiles/develop/zsh.nix: ```nix { ... }: { @@ -52,6 +47,16 @@ profiles/develop/zsh/default.nix: } ``` +The examples above will end up with a profiles set like this: +```nix +{ + develop = { + common = ./profiles/develop/common.nix; + zsh = ./profiles/develop/zsh.nix; + }; +} +``` + ## Conclusion Profiles are the most important concept in DevOS. They allow us to keep our Nix expressions self contained and modular. This way we can maximize reuse diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md index 5c0d590..e120ad6 100644 --- a/doc/concepts/suites.md +++ b/doc/concepts/suites.md @@ -1,18 +1,11 @@ # Suites Suites provide a mechanism for users to easily combine and name collecitons of -profiles. For good examples, check out the suites defined in the community -[branch](https://github.com/divnix/devos/blob/community/suites/default.nix). +profiles. For good examples, check out the suites defined in the community branch. -In the future, we will use suites as a mechanism for deploying various machine -types which don't depend on hardware, such as vm's and containers. - -They are defined with the `suites` argument in either `home` or `nixos` namespace. -Suites should be passed as a function that take profiles as an argument. - -The profiles are passed based on the folder names and list passed to the relevant -`profiles` argument. In the template's flake.nix `profiles` is set as -`[ ./profiles ./users ]` and that corresponds to the `{ profiles, users }` argument -pattern. +`suites` are defined in the `importables` argument in either the `home` or `nixos` +namespace. They are a special case of an `importable` which get passed as a special +argument (one that can be use in an `imports` line) to your hosts. All lists defined +in `suites` are flattened and type-checked as paths. ## Definition ```nix diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 235884a..20f371d 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -23,11 +23,23 @@ your users. For a fully fleshed out example, check out the developers personal ``` ## Home Manager -Home Manager support follows the same principles as regular nixos configurations. +Home Manager support follows the same principles as regular nixos configurations, +it even gets its own namespace in your `flake.nix` as `home`. + All modules defined in [user modules][modules-list] will be imported to -Home Manager. All profiles are availabe in [suites][suites] as userProfiles. -The `userSuites` output will be available in your Home Manager Configuration as -the special argument, `suites`. +Home Manager. +User profiles can be collected in a similar fashion as system ones into a `suites` +argument that gets passed to your home-manager users. + +### Example +```nix +{ + home-manager.users.nixos = { suites, ... }: { + imports = suites.base; + }; +} +``` + ## External Usage You can easily use the defined home-manager configurations outside of NixOS @@ -56,5 +68,4 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac ``` [home-manager]: https://nix-community.github.io/home-manager -[suites]: https://github.com/divnix/devos/tree/core/suites/default.nix -[modules-list]: https://github.com/divnix/devos/tree/core/modules/module-list.nix +[modules-list]: https://github.com/divnix/devos/tree/core/users/modules/module-list.nix diff --git a/doc/flk/doi.md b/doc/flk/doi.md new file mode 100644 index 0000000..fc522cd --- /dev/null +++ b/doc/flk/doi.md @@ -0,0 +1,10 @@ +# DigitalOcean + +Now you can [create a droplet](https://cloud.digitalocean.com/droplets/new) using your custom image. + +Making a DigitalOcean compatible image for `hosts/NixOS.nix` is as simple as: +```sh +flk doi NixOS +``` + +This works for any file matching `hosts/*.nix` excluding `default.nix`. diff --git a/doc/lib.md b/doc/lib.md deleted file mode 100644 index ee402eb..0000000 --- a/doc/lib.md +++ /dev/null @@ -1,87 +0,0 @@ -# Lib -The lib directory mirrors the upstream concepts of [`nixpkgs:./lib`][nixpkgs-lib], -[`nixpkgs:./nixos/lib`][nixpkgs-nixos-lib] and [`nixpkgs:./pkgs/pkgs-lib`][nixpkgs-pkgs-lib], -but also occasionally [`nixpkgs:./pkgs/build-support`][nixpkgs-pkgs-build-support]. - -All functions defined in lib can be accessed in modules and packages as `ourlib`. - -For example: - -- you want to add a library function that depends on some packages -and use it throughout your devos environment: place it into `./lib` -as if you would place it into [`nixpkgs:./pkgs/pkgs-lib`][nixpkgs-pkgs-lib]. - -- you want to add library functions that don't depend on `pkgs`: place -them into `./lib` as if you would place them into [`nixpkgs:./lib`][nixpkgs-lib]. - -- need to try out a newish custom build support: place it here before -upstreaming into [`nixpkgs:./pkgs/build-support`][nixpkgs-pkgs-build-support]. - -- you want to reutilize certain module configuration functions or helpers: -place them into `./lib` as if you would place them into [`nixpkgs:./nixos/lib`][nixpkgs-nixos-lib]. - -Once your library grows, we recoomend you start organizing them into subfolders -analogous `nixpkgs`: - -| `nixpkgs` | `devos` | -| ---------------------- | ------------------ | -| `./lib` | `./lib` | -| `./pkgs/pkgs-lib` | `./lib/pkgs-lib` | -| `./nixos/lib` | `./lib/nixos-lib` | -| `./pkgs/build-support` | `./lib/pkgs-build` | - - -## Example -lib/nixos-lib/mkCustomI3BindSym/default.nix: -```nix -{ pkgs, writers, ... }: -{ name, cmd, workspace, baseKey }: -let - isWorkspaceEmpty = writers.writePython3 "is-workspace-empty" { - libraries = [ pkgs.python3Packages.i3ipc ]; - } (builtins.readFile ./is-workspace-empty.py); - - ws = builtins.toString workspace; -in -'' - - # ${name} - #bindsym ${baseKey}+${ws} workspace ${ws}; exec ${cmd} - bindsym ${baseKey}+${ws} workspace ${ws}; exec bash -c "${isWorkspaceEmpty} && ${cmd}" -'' -``` - -lib/nixos-lib/mkCustomI3BindSym/is-workspace-empty.py: -```python -# returns 0/1 if current workspace is empty/non-empty - -import i3ipc - -i3 = i3ipc.Connection() -tree = i3.get_tree() - - -def current_workspace(): - return tree.find_focused().workspace() - - -if current_workspace().leaves(): - print("Error current workspace is not empty") - exit(1) -exit(0) -``` - -lib/default.nix: -```nix -{ nixos, pkgs, ... }: -# ... -{ - # ... - mkCustomI3BindSym = pkgs.callPackage ./nixos-lib/mkCustomI3BindSym { }; -} -``` - -[nixpkgs-lib]: https://github.com/NixOS/nixpkgs/tree/master/lib -[nixpkgs-pkgs-lib]: https://github.com/NixOS/nixpkgs/tree/master/pkgs/pkgs-lib -[nixpkgs-pkgs-build-support]: https://github.com/NixOS/nixpkgs/tree/master/pkgs/build-support -[nixpkgs-nixos-lib]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib diff --git a/doc/mkFlakeOptions.md b/doc/mkFlakeOptions.md index 90719ba..dbc7abc 100644 --- a/doc/mkFlakeOptions.md +++ b/doc/mkFlakeOptions.md @@ -40,7 +40,7 @@ nix flake *_Default_* ``` -"inputs." +"self.inputs." ``` @@ -81,6 +81,56 @@ attribute set or path convertible to it +## devshell +Modules to include in your devos shell. the `modules` argument +will be exported under the `devshellModules` output + + +*_Type_*: +submodule + + +*_Default_* +``` +{} +``` + + + + +## devshell.externalModules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid module or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## devshell.modules +modules to include in all hosts and export to devshellModules output + + +*_Type_*: +list of path to a modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + ## home hosts, modules, suites, and profiles for home-manager @@ -103,7 +153,7 @@ meant importing modules from external flakes *_Type_*: -list of valid module or path convertible to its +list of valid module or path convertible to its or anything convertible to it *_Default_* @@ -114,6 +164,34 @@ list of valid module or path convertible to its +## home.importables +Packages of paths to be passed to modules as `specialArgs`. + + +*_Type_*: +attribute set + + +*_Default_* +``` +{} +``` + + + + +## home.importables.suites +collections of profiles + + +*_Type_*: +attribute set of list of paths or anything convertible to its + + + + + + ## home.modules modules to include in all hosts and export to homeModules output @@ -131,10 +209,17 @@ list of path to a modules or anything convertible to it or path convertible to i ## home.profiles -profile folders that can be collected into suites -the name of the argument passed to suites is based -on the folder name. -[ ./profiles ] => { profiles }: +WARNING: The 'suites' and `profiles` options have been deprecated, you can now create +both with the importables option. `rakeLeaves` can be used to create profiles and +by passing a module or `rec` set to `importables`, suites can access profiles. +Example: +``` +importables = rec { + profiles = digga.lib.importers.rakeLeaves ./profiles; + suites = with profiles; { }; +} +``` +See https://github.com/divnix/digga/pull/30 for more details *_Type_*: @@ -150,31 +235,23 @@ list of paths ## home.suites -Function that takes profiles and returns suites for this config system -These can be accessed through the 'suites' special argument. +WARNING: The 'suites' and `profiles` options have been deprecated, you can now create +both with the importables option. `rakeLeaves` can be used to create profiles and +by passing a module or `rec` set to `importables`, suites can access profiles. +Example: +``` +importables = rec { + profiles = digga.lib.importers.rakeLeaves ./profiles; + suites = with profiles; { }; +} +``` +See https://github.com/divnix/digga/pull/30 for more details *_Type_*: function that evaluates to a(n) attrs or path convertible to it -*_Default_* -``` -"" -``` - - - - -## inputs -inputs for this flake -used to set channel defaults and create registry - - -*_Type_*: -attribute set of nix flakes - - @@ -236,7 +313,7 @@ meant importing modules from external flakes *_Type_*: -list of valid module or path convertible to its +list of valid module or path convertible to its or anything convertible to it *_Default_* @@ -343,11 +420,46 @@ null +## nixos.importables +Packages of paths to be passed to modules as `specialArgs`. + + +*_Type_*: +attribute set + + +*_Default_* +``` +{} +``` + + + + +## nixos.importables.suites +collections of profiles + + +*_Type_*: +attribute set of list of paths or anything convertible to its + + + + + + ## nixos.profiles -profile folders that can be collected into suites -the name of the argument passed to suites is based -on the folder name. -[ ./profiles ] => { profiles }: +WARNING: The 'suites' and `profiles` options have been deprecated, you can now create +both with the importables option. `rakeLeaves` can be used to create profiles and +by passing a module or `rec` set to `importables`, suites can access profiles. +Example: +``` +importables = rec { + profiles = digga.lib.importers.rakeLeaves ./profiles; + suites = with profiles; { }; +} +``` +See https://github.com/divnix/digga/pull/30 for more details *_Type_*: @@ -363,17 +475,39 @@ list of paths ## nixos.suites -Function that takes profiles and returns suites for this config system -These can be accessed through the 'suites' special argument. +WARNING: The 'suites' and `profiles` options have been deprecated, you can now create +both with the importables option. `rakeLeaves` can be used to create profiles and +by passing a module or `rec` set to `importables`, suites can access profiles. +Example: +``` +importables = rec { + profiles = digga.lib.importers.rakeLeaves ./profiles; + suites = with profiles; { }; +} +``` +See https://github.com/divnix/digga/pull/30 for more details *_Type_*: function that evaluates to a(n) attrs or path convertible to it + + + + +## outputsBuilder +builder for flake system-spaced outputs +The builder gets passed an attrset of all channels + + +*_Type_*: +function that evaluates to a(n) attrs + + *_Default_* ``` -"" +"channels: { }" ``` diff --git a/doc/outputs/pkgs.md b/doc/outputs/pkgs.md index 99684b5..58ce52b 100644 --- a/doc/outputs/pkgs.md +++ b/doc/outputs/pkgs.md @@ -7,8 +7,7 @@ The only minor difference is that, instead of adding the `callPackage` call to `all-packages.nix`, you just add it the the _default.nix_ in this directory, which is defined as a simple overlay. -This overlay is set as the default `overlay` output attribute for the flake. -And all the packages are exported via `packages..`, for all +All the packages are exported via `packages..`, for all the supported systems listed in the package's `meta.platforms` attribute. And, as usual, every package in the overlay is also available to any NixOS diff --git a/doc/secrets.md b/doc/secrets.md index de77c5b..6afe2f6 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,18 +1,110 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] so you can keep your flake in -a public repository like GitHub without exposing your password or other -sensitive data. +Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +so you can keep your flake in a public repository like GitHub without +exposing your password or other sensitive data. By default, everything in the secrets folder is automatically encrypted. Just be sure to run `git-crypt init` before putting anything in here. +## Agenix +Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets +within the nix store because it is world-readable. + +Most NixOS modules have the ability to set options to files in the system, outside +the nix store, that contain sensitive information. You can use [agenix][agenix] +to easily setup those secret files declaratively. + +[agenix][agenix] encrypts secrets and stores them as .age files in your repository. +Age files are encrypted with multiple ssh public keys, so any host or user with a +matching ssh private key can read the data. The [age module][age module] will add those +encrypted files to the nix store and decrypt them on activation to `/run/secrets`. + +### Setup +All hosts must have openssh enabled, this is done by default in the core profile. + +You need to populate your `secrets/secrets.nix` with the proper ssh public keys. +Be extra careful to make sure you only add public keys, you should never share a +private key!! + +secrets/secrets.nix: +```nix +let + system = ""; + user = ""; + allKeys = [ system user ]; +in +``` + +On most systems, you can get your systems ssh public key from `/etc/ssh/ssh_host_ed25519_key.pub`. If +this file doesn't exist you likely need to enable openssh and rebuild your system. + +Your users ssh public key is probably stored in `~/.ssh/id_ed25519.pub` or +`~/.ssh/id_rsa.pub`. If you haven't generated a ssh key yet, be sure do so: +```sh +ssh-keygen -t ed25519 +``` + > ##### _Note:_ -> Currently, there is [no mechanism][secrets-issue] in nix to deploy secrets -> within the nix/store so, if they end up in the nix/store after deployment, they -> will be world readable on that machine. -> -> The author of devos intends to implement a workaround for this situation in -> the near future, but for the time being, simple be aware of this. +> The underlying tool used by agenix, rage, doesn't work well with password protected +> ssh keys. So if you have lots of secrets you might have to type in your password many +> times. + + +### Secrets +You will need the `agenix` command to create secrets. DevOS conveniently provides that +in the devShell, so just run `nix develop` whenever you want to edit secrets. Make sure +to always run `agenix` while in the `secrets/` folder, so it can pick up your `secrets.nix`. + +To create secrets, simply add lines to your `secrets/secrets.nix`: +``` +let + ... + allKeys = [ system user ]; +in +{ + "secret.age".publicKeys = allKeys; +} +``` +That would tell agenix to create a `secret.age` file that is encrypted with the `system` +and `user` ssh public key. + +Then go into the `secrets` folder and run: +```sh +agenix -e secret.age +``` +This will create the `secret.age`, if it doesn't already exist, and allow you to edit it. + +If you ever change the `publicKeys` entry of any secret make sure to rekey the secrets: +```sh +agenix --rekey +``` + +### Usage +Once you have your secret file encrypted and ready to use, you can utilize the [age module][age module] +to ensure that your secrets end up in `/run/secrets`. + +In any profile that uses a NixOS module that requires a secret you can enable a particular secret like so: + +```nix +{ self, ... }: +{ + age.secrets.mysecret.file = "${self}/secrets/mysecret.age"; +} +``` + + +Then you can just pass the path `/run/secrets/mysecret` to the module. + +You can make use of the many options provided by the age module to customize where and how +secrets get decrypted. You can learn about them by looking at the +[age module][age module]. + + +> ##### _Note:_ +> You can take a look at the [agenix repository][agenix] for more information +> about the tool. [git-crypt]: https://github.com/AGWA/git-crypt +[agenix]: https://github.com/ryantm/agenix +[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/doc/tests.md b/doc/tests.md index f6fd7fe..1d7b65e 100644 --- a/doc/tests.md +++ b/doc/tests.md @@ -5,22 +5,19 @@ NixOS offers some incredibly powerful tools to write tests for your configuration, and, optionally, run them in [CI](./integrations/hercules.md). -## Lib Tests -You can easily write tests for your own library functions in the -lib/___tests/lib.nix___ file and they will be run on every `nix flake check` or -during a CI run. - ## Unit Tests -Unit tests are can be created from regular derivations, and they can do +Unit tests can be created from regular derivations, and they can do almost anything you can imagine. By convention, it is best to test your packages during their [check phase][check]. All packages and their tests will be built during CI. ## Integration Tests +All your profiles defined in suites will be tested in a NixOS VM. + You can write integration tests for one or more NixOS VMs that can, optionally, be networked together, and yes, it's as awesome as it sounds! -Be sure to use the `mkTest` function, in the [___tests/default.nix___][default] +Be sure to use the `mkTest` function from digga, `digga.lib.pkgs-lib.mkTest` which wraps the official [testing-python][testing-python] function to ensure that the system is setup exactly as it is for a bare DevOS system. There are already great resources for learning how to use these tests effectively, diff --git a/flake.lock b/flake.lock index 56d0bca..f5c35cb 100644 --- a/flake.lock +++ b/flake.lock @@ -1,22 +1,23 @@ { "nodes": { - "b12f-nix-fonts": { + "agenix": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "latest" + ] }, "locked": { - "lastModified": 1622483595, - "narHash": "sha256-h3x/N2m6hqdaHyHRQh3celkg9A+0Zn+8U/IGnq6rugQ=", - "ref": "main", - "rev": "2d0f4e56712c01d8a31aacbc58f2bba2a160e9b6", - "revCount": 3, - "type": "git", - "url": "https://git.b12f.io/b12f/nix-fonts" + "lastModified": 1620877075, + "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3", + "type": "github" }, "original": { - "ref": "main", - "type": "git", - "url": "https://git.b12f.io/b12f/nix-fonts" + "owner": "ryantm", + "repo": "agenix", + "type": "github" } }, "ci-agent": { @@ -71,7 +72,7 @@ "inputs": { "flake-compat": "flake-compat_2", "naersk": "naersk", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { @@ -90,11 +91,11 @@ }, "devshell": { "locked": { - "lastModified": 1618523768, - "narHash": "sha256-Gev9da35pHUey3kGz/zrJFc/9ICs++vPCho7qB1mqd8=", + "lastModified": 1622013274, + "narHash": "sha256-mK/Lv0lCbl07dI5s7tR/7nb79HunKnJik3KyR6yeI2k=", "owner": "numtide", "repo": "devshell", - "rev": "709fe4d04a9101c9d224ad83f73416dce71baf21", + "rev": "e7faf69e6bf8546517cc936c7f6d31c7eb3abcb2", "type": "github" }, "original": { @@ -108,19 +109,20 @@ "deploy": "deploy", "devshell": "devshell", "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "utils": "utils_2" }, "locked": { - "lastModified": 1622093678, - "narHash": "sha256-WLD1RXE351WlYTwGmadXH7EGLGNOpnqgUFuJgYuhbQk=", + "lastModified": 1623197477, + "narHash": "sha256-2Qk/uIHb1nXre2rRlGonAJmpuamBs7RRfgXhMmS5JkU=", "owner": "divnix", "repo": "digga", - "rev": "1b366811824635d249befa8bb046ac4c5f9f3494", + "rev": "f69703abc33f221b676966a8435c4f09ef70ff49", "type": "github" }, "original": { "owner": "divnix", + "ref": "master", "repo": "digga", "type": "github" } @@ -225,11 +227,11 @@ ] }, "locked": { - "lastModified": 1622482341, - "narHash": "sha256-qNTi74De8iTyCQiDqOKRRNOk1pu++BpxvbmKSeqg8es=", + "lastModified": 1623623251, + "narHash": "sha256-Aku5PTg4zk+XaiIOvDuRLzQmybGg3StaEmAl/NZlKdU=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a4ab0d891a59fd3a0fc09e9805aad5a8f82dfac", + "rev": "25bf3d79531ce45fd36866205bf07a24bb3be2b9", "type": "github" }, "original": { @@ -240,11 +242,11 @@ }, "latest": { "locked": { - "lastModified": 1622480250, - "narHash": "sha256-uYUEKsTE9Dm2mml7icr0zgdgFDo9NbiiFjX/II7Ifik=", + "lastModified": 1623692505, + "narHash": "sha256-2WnyKaMBPmkHgWXzyMc73ehsKrIUgumZQ+GuHL2OjSM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4335222fd5119562f37028ad18df05cc94329222", + "rev": "16cd0e70fe5a1b9fdbe8b4d8a3d6b258c5f885da", "type": "github" }, "original": { @@ -280,11 +282,11 @@ ] }, "locked": { - "lastModified": 1620316130, - "narHash": "sha256-sU0VS5oJS1FsHsZsLELAXc7G2eIelVuucRw+q5B1x9k=", + "lastModified": 1623324658, + "narHash": "sha256-TjWmZPH/xbUi7Xuj2EigB9sTOpqsiFmnv7m6+QgTDrA=", "owner": "nmattia", "repo": "naersk", - "rev": "a3f40fe42cc6d267ff7518fa3199e99ff1444ac4", + "rev": "4f7426c362809e472d03c369d3674317c32b6863", "type": "github" }, "original": { @@ -302,11 +304,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1622347770, - "narHash": "sha256-reuhbVHdVGwvxyGq8fo/i1fVwqsoswQDb/YasgSPJ8k=", + "lastModified": 1623622151, + "narHash": "sha256-IkBOtKnytI4/CxrB8TgFcUeSmf39sLDHABcwMmhbMQY=", "owner": "neovim", "repo": "neovim", - "rev": "3cd688ff775a50808eb7d260e540038cc32b4a40", + "rev": "2f0e5e7e67faa469f5d12a66ec084ab9c35d8c6b", "type": "github" }, "original": { @@ -320,14 +322,14 @@ "inputs": { "flake-compat": "flake-compat_3", "neovim-flake": "neovim-flake", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1622451818, - "narHash": "sha256-JGL1kzVXhkVMHl0UA/FW3zJ6BncJnwJ4YKOnGLjNnjk=", + "lastModified": 1623658603, + "narHash": "sha256-7R3BNOYXh51up/vo+o4CunTVe/MhHZ/jwGJzJBJZ+4Y=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "381238fc989d4790b70417c22b682bb1aa5ea0af", + "rev": "54eaff5f5f1080ec8d4320e5259ae404604fe014", "type": "github" }, "original": { @@ -339,7 +341,7 @@ "nix-dram": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1620663773, @@ -372,11 +374,11 @@ }, "nixos": { "locked": { - "lastModified": 1622282707, - "narHash": "sha256-+GOrUDsdneUqrOm9d+9bHXjEVoVcU8tm14WGVzbt6gg=", + "lastModified": 1623324058, + "narHash": "sha256-Jm9GUTXdjXz56gWDKy++EpFfjrBaxqXlLvTLfgEi8lo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6933d068c5d2fcff398e802f7c4e271bbdab6705", + "rev": "432fc2d9a67f92e05438dff5fdc2b39d33f77997", "type": "github" }, "original": { @@ -387,11 +389,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1622475342, - "narHash": "sha256-c08illT/TUfI2oeLlN8YP4kcGtXLsJOcoq9CNzoRQhM=", + "lastModified": 1623569835, + "narHash": "sha256-Mg+FN1JkEQ91Zff0+ot/ndRgD9BB+uDBLN12AcBYkSA=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "d38958a6aa5bdbf3239f26a04689f3d9ae7da0c0", + "rev": "7305b276c90cfd3ad0a2452101a49c0b52c784c0", "type": "github" }, "original": { @@ -401,21 +403,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1622059058, - "narHash": "sha256-t1/ZMtyxClVSfcV4Pt5C1YpkeJ/UwFF3oitLD7Ch/UA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "84aa23742f6c72501f9cc209f29c438766f5352d", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixpkgs-unstable", - "type": "indirect" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1610942247, "narHash": "sha256-PKo1ATAlC6BmfYSRmX0TVmNoFbrec+A5OKcabGEu2yU=", @@ -431,7 +418,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { "lastModified": 1620962350, "narHash": "sha256-9ASW4d4/Z8HmRvuJI8rxbEOTbXTBpQ8y+CmFYBwtXzE=", @@ -446,13 +433,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1622282707, - "narHash": "sha256-+GOrUDsdneUqrOm9d+9bHXjEVoVcU8tm14WGVzbt6gg=", + "lastModified": 1623324058, + "narHash": "sha256-Jm9GUTXdjXz56gWDKy++EpFfjrBaxqXlLvTLfgEi8lo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6933d068c5d2fcff398e802f7c4e271bbdab6705", + "rev": "432fc2d9a67f92e05438dff5fdc2b39d33f77997", "type": "github" }, "original": { @@ -462,7 +449,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1620340338, "narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=", @@ -478,13 +465,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1622480250, - "narHash": "sha256-uYUEKsTE9Dm2mml7icr0zgdgFDo9NbiiFjX/II7Ifik=", + "lastModified": 1623692505, + "narHash": "sha256-2WnyKaMBPmkHgWXzyMc73ehsKrIUgumZQ+GuHL2OjSM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4335222fd5119562f37028ad18df05cc94329222", + "rev": "16cd0e70fe5a1b9fdbe8b4d8a3d6b258c5f885da", "type": "github" }, "original": { @@ -494,11 +481,11 @@ }, "nur": { "locked": { - "lastModified": 1622483169, - "narHash": "sha256-uEHHS2pZRcyXBRUtynugr5FPhiRW4IVNaEbWqPI7tC0=", + "lastModified": 1623691985, + "narHash": "sha256-ujUDfpOjjK4jvk16kRnsOoHamoh1dg8KOcz+1YoC368=", "owner": "nix-community", "repo": "NUR", - "rev": "3022dd625fbdaee8cfa7aeb5a4fdff345b2738c6", + "rev": "633cfde3ed8f7a095a75413c1a214e27f8117f86", "type": "github" }, "original": { @@ -540,7 +527,7 @@ }, "root": { "inputs": { - "b12f-nix-fonts": "b12f-nix-fonts", + "agenix": "agenix", "ci-agent": "ci-agent", "darwin": "darwin", "digga": "digga", @@ -551,7 +538,7 @@ "nix-dram": "nix-dram", "nixos": "nixos", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nur": "nur", "pkgs": "pkgs" } @@ -576,11 +563,11 @@ "flake-utils": "flake-utils" }, "locked": { - "lastModified": 1620801141, - "narHash": "sha256-XPJ+/nP/s218E11R+4LJyvkrQXvdT3D6TzNjfWVYZnI=", + "lastModified": 1622583383, + "narHash": "sha256-2DFx619SNfjzYwqx1ryae8zHnTh+N7VsZkbtAbrYIIA=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "1a742047f3f7c97b22768ba7738ac5a01052099e", + "rev": "6b2ea4b02cad77fac581c6a9ec4f822ba87dce5c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c531585..9f33fd4 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ { nixos.url = "nixpkgs/nixos-unstable"; latest.url = "nixpkgs"; - digga.url = "github:divnix/digga"; + digga.url = "github:divnix/digga/master"; ci-agent = { url = "github:hercules-ci/hercules-ci-agent"; @@ -17,6 +17,8 @@ home.inputs.nixpkgs.follows = "nixos"; naersk.url = "github:nmattia/naersk"; naersk.inputs.nixpkgs.follows = "latest"; + agenix.url = "github:ryantm/agenix"; + agenix.inputs.nixpkgs.follows = "latest"; nixos-hardware.url = "github:nixos/nixos-hardware"; pkgs.url = "path:./pkgs"; @@ -31,7 +33,7 @@ neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; # b12f additions - b12f-nix-fonts.url = "git+https://git.b12f.io/b12f/nix-fonts?ref=main"; + # b12f-nix-fonts.url = "git+https://git.b12f.io/b12f/nix-fonts?ref=main"; }; outputs = @@ -42,10 +44,11 @@ , ci-agent , home , nixos-hardware - , nix-dram + , agenix , nur + , nix-dram , neovim-nightly - , b12f-nix-fonts + # , b12f-nix-fonts , ... }: digga.lib.mkFlake { inherit self inputs; @@ -59,9 +62,10 @@ ./pkgs/default.nix pkgs.overlay # for `srcs` nur.overlay + agenix.overlay nix-dram.overlay neovim-nightly.overlay - b12f-nix-fonts.overlay + # b12f-nix-fonts.overlay ]; }; latest = { }; @@ -86,6 +90,7 @@ { _module.args.ourLib = self.lib; } ci-agent.nixosModules.agent-profile home.nixosModules.home-manager + agenix.nixosModules.age ./modules/customBuilds.nix ]; }; @@ -95,25 +100,35 @@ /* set host specific properties here */ NixOS = { }; }; - profiles = [ ./profiles ./users ]; - suites = { profiles, users, ... }: with profiles; rec { - base = [ core users.nixos users.root ]; - pubsolaros = [ core base-user users.root ]; - anonymous = [ pubsolaros users.nixos ]; - b12f = [ pubsolaros users.ben ]; - biolimo = [ b12f graphical ]; + importables = rec { + profiles = digga.lib.importers.rakeLeaves ./profiles // { + users = digga.lib.importers.rakeLeaves ./users; + }; + suites = with profiles; rec { + base = [ core users.nixos users.root ]; + pubsolaros = [ core base-user users.root ]; + anonymous = pubsolaros ++ [ users.nixos ]; + b12f = pubsolaros ++ [ users.ben ]; + biolimo = b12f ++ [ graphical ]; + }; }; }; home = { modules = ./users/modules/module-list.nix; externalModules = [ ]; - profiles = [ ./users/profiles ]; - suites = { profiles, ... }: with profiles; rec { - base = [ direnv git ]; + importables = rec { + profiles = digga.lib.importers.rakeLeaves ./users/profiles; + suites = with profiles; rec { + base = [ direnv git ]; + }; }; }; + devshell.externalModules = { pkgs, ... }: { + packages = [ pkgs.agenix ]; + }; + homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; diff --git a/hosts/biolimo.nix b/hosts/biolimo.nix deleted file mode 100644 index 64fd4b3..0000000 --- a/hosts/biolimo.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ suites, ... }: -{ - imports = [ - ./biolimo - ] ++ suites.biolimo; -} diff --git a/hosts/biolimo/base.nix b/hosts/biolimo/base.nix new file mode 100644 index 0000000..51f2e76 --- /dev/null +++ b/hosts/biolimo/base.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + imports = [ + ./configuration.nix + ]; + + config = { + pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin"; + + hardware.cpu.intel.updateMicrocode = true; + + networking.firewall.allowedTCPPorts = [ + 5000 + ]; + + home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + }; + }; +} diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index 51f2e76..4f014a2 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -1,28 +1,6 @@ -{ config, pkgs, lib, ... }: -with lib; -let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in +{ suites, ... }: { imports = [ - ./configuration.nix - ]; - - config = { - pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin"; - - hardware.cpu.intel.updateMicrocode = true; - - networking.firewall.allowedTCPPorts = [ - 5000 - ]; - - home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - }; - }; + ./base.nix + ] ++ suites.biolimo; } diff --git a/modules/customBuilds.nix b/modules/customBuilds.nix index 875d23a..7181f65 100644 --- a/modules/customBuilds.nix +++ b/modules/customBuilds.nix @@ -10,7 +10,6 @@ in system.build = { iso = (mkBuild (diggaLib.modules.isoConfig { inherit self; - inherit (self) inputs; fullHostConfig = config; })).config.system.build.isoImage; @@ -26,5 +25,9 @@ in } ]; })).config.home-manager.users; + + digitalOcean = (mkBuild ({ modulesPath, ... }: { + imports = [ "${modulesPath}/virtualisation/digital-ocean-image.nix" ]; + })).config.system.build.digitalOceanImage; }; } diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 59516b3..629f44b 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -8,6 +8,7 @@ channels: final: prev: { discord element-desktop manix + rage nixpkgs-fmt qutebrowser signal-desktop diff --git a/overlays/pub-solar.nix b/overlays/pub-solar.nix deleted file mode 100644 index e121579..0000000 --- a/overlays/pub-solar.nix +++ /dev/null @@ -1 +0,0 @@ -import ./pub-solar diff --git a/overlays/pub-solar/default.nix b/overlays/pub-solar/default.nix deleted file mode 100644 index 8825777..0000000 --- a/overlays/pub-solar/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -final: prev: -with final; { - import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); - mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final); - mu = writeShellScriptBin "mu" (import ./mu.nix final); - mopidy-jellyfin = import ./mopidy-jellyfin.nix final; - psos = writeShellScriptBin "psos" (import ./psos.nix final); - s = writeShellScriptBin "s" (import ./s.nix final); - swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); - sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); - sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); - toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); - uhk-agent = import ./uhk-agent.nix final; - wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); -} diff --git a/overlays/pub-solar/image-gpu-rom.nix b/overlays/pub-solar/image-gpu-rom.nix deleted file mode 100644 index a472ee5..0000000 --- a/overlays/pub-solar/image-gpu-rom.nix +++ /dev/null @@ -1,7 +0,0 @@ -GPU_VGA_PORT="0000:01:00.0" - -echo 1 > "/sys/bus/pci/devices/$GPU_VGA_PORT/rom" -cat "/sys/bus/pci/devices/$GPU_VGA_PORT/rom" > \ -"/usr/share/qemu/gpu-1060.rom" -echo 0 > "/sys/bus/pci/devices/$GPU_VGA_PORT/rom" - diff --git a/overlays/pub-solar/import-gtk-settings.nix b/overlays/pub-solar/import-gtk-settings.nix deleted file mode 100644 index f4b12b9..0000000 --- a/overlays/pub-solar/import-gtk-settings.nix +++ /dev/null @@ -1,11 +0,0 @@ -self: with self; '' - # usage: import-gsettings : : ... - - expression="" - for pair in "$@"; do - IFS=:; set -- $pair - expressions="$expressions -e 's/^$2=(.*)$/gsettings set org.gnome.desktop.interface $1 \1/e'" - done - IFS= - eval exec sed -E $expressions "$XDG_CONFIG_HOME"/gtk-3.0/settings.ini >/dev/null -'' diff --git a/overlays/pub-solar/iommu-test.nix b/overlays/pub-solar/iommu-test.nix deleted file mode 100644 index e2439bf..0000000 --- a/overlays/pub-solar/iommu-test.nix +++ /dev/null @@ -1,9 +0,0 @@ -shopt - s nullglob - for - g in /sys/kernel/iommu_groups/*; do -echo "IOMMU Group ${g##*/}:" -for d in $g/devices/*; do -echo -e "\t$(lspci -nns ${d##*/})" -done; -done; - diff --git a/overlays/pub-solar/mailto-mutt.nix b/overlays/pub-solar/mailto-mutt.nix deleted file mode 100644 index a17d240..0000000 --- a/overlays/pub-solar/mailto-mutt.nix +++ /dev/null @@ -1,5 +0,0 @@ -self: with self; '' - echo "$@" >> $XDG_CACHE_HOME/log/mailto.log - - exec ${alacritty}/bin/alacritty -e neomutt -- "$@" -'' diff --git a/overlays/pub-solar/mopidy-jellyfin.nix b/overlays/pub-solar/mopidy-jellyfin.nix deleted file mode 100644 index 8c99ac2..0000000 --- a/overlays/pub-solar/mopidy-jellyfin.nix +++ /dev/null @@ -1,29 +0,0 @@ -self: with self; -let - websocket-client = python38.pkgs.buildPythonPackage rec { - pname = "websocket-client"; - version = "1.0.0"; - doCheck = false; - src = python38.pkgs.fetchPypi { - inherit pname version; - sha256 = "sha256-UFGzii9MJ/vXygd+uyPsaWWmJt7VqVY382vhs1tsT4E="; - }; - }; -in -python38.pkgs.buildPythonPackage rec { - pname = "Mopidy-Jellyfin"; - version = "1.0.2"; - doCheck = false; - propagatedBuildInputs = with python38.pkgs; [ - unidecode - websocket-client - requests - setuptools - pykka - mopidy - ]; - src = python38.pkgs.fetchPypi { - inherit pname version; - sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g="; - }; -} diff --git a/overlays/pub-solar/mu.nix b/overlays/pub-solar/mu.nix deleted file mode 100644 index 90afaa4..0000000 --- a/overlays/pub-solar/mu.nix +++ /dev/null @@ -1,3 +0,0 @@ -self: with self; '' - exec ${alacritty}/bin/alacritty --class mu_vimpc --option dimensions.columns=120 --option dimensions.lines=80 -e vimpc -- "$@" -'' diff --git a/overlays/pub-solar/overlay.nix b/overlays/pub-solar/overlay.nix deleted file mode 100644 index 5378b91..0000000 --- a/overlays/pub-solar/overlay.nix +++ /dev/null @@ -1,5 +0,0 @@ -# You can use this file as a nixpkgs overlay. This is useful in the -# case where you don't want to add the whole NUR namespace to your -# configuration. - -self: super: import ./default.nix { pkgs = super; } diff --git a/overlays/pub-solar/psos.nix b/overlays/pub-solar/psos.nix deleted file mode 100644 index a60bad6..0000000 --- a/overlays/pub-solar/psos.nix +++ /dev/null @@ -1,29 +0,0 @@ -self: with self; '' - case $1 in - rebuild) - shift; - exec sudo nixos-rebuild switch --flake "/etc/nixos#installed-host" $@ - ;; - update) - shift; - cd /etc/nixos - git pull - exec nix flake update - ;; - option) - shift; - exec nixos-option -I nixpkgs=/etc/nixos/lib/compat $@ - ;; - *) - if [[ "$@" != "" ]]; then - echo "Unknown command: psos $@" - echo "" - fi - echo "Usage: psos [COMMAND]" - echo " rebuild Rebuild the configuration and switch to it" - echo " update Pull git and update flake.lock" - echo " option [path] See the current value for an option in the flake config. Example: psos option nix.nixPath" - exit 1 - ;; - esac -'' diff --git a/overlays/pub-solar/s.nix b/overlays/pub-solar/s.nix deleted file mode 100644 index 668d555..0000000 --- a/overlays/pub-solar/s.nix +++ /dev/null @@ -1,39 +0,0 @@ -self: with self; '' - case $1 in - d) - shift; - URL="https://duckduckgo.com?q=$@" - ;; - no) - shift; - URL="https://search.nixos.org/options?query=$@" - ;; - np) - shift; - URL="https://search.nixos.org/packages?query=$@" - ;; - rs) - shift; - URL="https://doc.rust-lang.org/std/index.html?search=$@" - ;; - rsc) - shift; - URL="https://docs.rs/releases/search?query=$@" - ;; - mdn) - shift; - URL="https://developer.mozilla.org/en-US/search?q=$@" - ;; - w) - shift; - URL="https://en.wikipedia.org/w/index.php?search=$@" - ;; - *) - URL="https://search.b12f.io?q=$@" - ;; - esac - - - ${firefox-wayland}/bin/firefox --new-tab "$URL" - ${sway}/bin/swaymsg '[app_id="firefox"]' focus -'' diff --git a/overlays/pub-solar/sway-launcher.nix b/overlays/pub-solar/sway-launcher.nix deleted file mode 100644 index afa09d0..0000000 --- a/overlays/pub-solar/sway-launcher.nix +++ /dev/null @@ -1,64 +0,0 @@ -self: with self; '' - #!/usr/bin/env zsh - # terminal application launcher for sway, using fzf - # original command: - # Based on: https://github.com/swaywm/sway/issues/1367 - # bindsym $altkey+space exec termite --name=launcher -e \ - # "bash -c 'compgen -c | sort -u | fzf --no-extended --print-query | \ - # tail -n1 | xargs -r swaymsg -t command exec'" - - HIST_FILE="''${XDG_CACHE_HOME:-$HOME/.cache}/sway-launcher-history.txt" - - # Get shell command list - # This may include the occasional non-executable file - command_list=$({ whence -wm '*' | sed 's/:[^:]*$//' }) - - # read existing command history - if [ -f "$HIST_FILE" ]; then - command_history=$(cat "$HIST_FILE") - else - command_history="" - fi - - # search command list - command_str=$(printf "%s\n" "''${command_history}" "''${command_list}" | \ - sed -E 's/^[0-9]+ (.+)$/\1/' | \ - fzf --exact --no-extended --print-query --no-sort | \ - tail -n1) || exit 1 - - if [ "$command_str" = "" ]; then - exit 1 - fi - # echo "Command: $command_str" - - # using \E flag from perl regex - test "''${command_str#*\\E}" != "$command_str" && echo "command can't contain '\E'" - test "''${command_str#*\\E}" != "$command_str" && exit 1 - - # get full line from history (with count number) - hist_line=$(echo "$command_history" | grep -Pe "^[0-9]+ \Q$command_str\E$") - # echo "Hist Line: $hist_line" - - if [ "$hist_line" = "" ]; then - hist_count=1 - else - # Increment usage count - hist_count=$(echo "$hist_line" | sed -E 's/^([0-9]+) .+$/\1/') - hist_count=$((hist_count + 1)) - # delete line, to add updated later - # echo "Hist Before: $command_history" - command_history=$(echo "$command_history" | \ - grep --invert-match -Pe "^[0-9]+ \Q$command_str\E$") - # echo "Hist After: $command_history" - fi - - # update history - update_line="''${hist_count} ''${command_str}" - printf "%s\n" "''${update_line}" "''${command_history}" | \ - sort --numeric-sort --reverse > "$HIST_FILE" - # echo "$update_line" - - # execute command - echo "$command_str" - ${sway}/bin/swaymsg -t command exec "$command_str" -'' diff --git a/overlays/pub-solar/sway-service.nix b/overlays/pub-solar/sway-service.nix deleted file mode 100644 index f0b97ee..0000000 --- a/overlays/pub-solar/sway-service.nix +++ /dev/null @@ -1,6 +0,0 @@ -self: with self; '' - # first import environment variables from the login manager - systemctl --user import-environment - # then start the service - exec systemctl --wait --user start sway.service -'' diff --git a/overlays/pub-solar/swaylock-bg.nix b/overlays/pub-solar/swaylock-bg.nix deleted file mode 100644 index b55c32a..0000000 --- a/overlays/pub-solar/swaylock-bg.nix +++ /dev/null @@ -1,20 +0,0 @@ -self: with self; '' - # Dependencies: - # swaylock - - # Make sure we aren't running twice - RUNNING=$(ps -A | grep swaylock | wc -l) - if [ $RUNNING -ne 0 ]; then - exit 0 - fi - - IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg - LOCKARGS="" - - for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` - do - LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" - IMAGES="''${IMAGES} ''${IMAGE}" - done - exec ${swaylock}/bin/swaylock $LOCKARGS -'' diff --git a/overlays/pub-solar/toggle-kbd-layout.nix b/overlays/pub-solar/toggle-kbd-layout.nix deleted file mode 100644 index 0d837b0..0000000 --- a/overlays/pub-solar/toggle-kbd-layout.nix +++ /dev/null @@ -1,14 +0,0 @@ -self: with self; '' - set -e - - current_layout=$(${sway}/bin/swaymsg -t get_inputs | ${jq}/bin/jq -r '.[] | select(.type == "keyboard") | .xkb_active_layout_index' | head -1) - total_layouts=$(${sway}/bin/swaymsg -t get_inputs | ${jq}/bin/jq -r '.[] | select(.type == "keyboard") | .xkb_layout_names | length' | head -1) - - next_layout=$(expr $current_layout + 1); - - if [ $next_layout -ge $total_layouts ]; then - next_layout=0; - fi - - ${sway}/bin/swaymsg input '*' xkb_switch_layout "$next_layout" -'' diff --git a/overlays/pub-solar/uhk-agent.nix b/overlays/pub-solar/uhk-agent.nix deleted file mode 100644 index 3143b05..0000000 --- a/overlays/pub-solar/uhk-agent.nix +++ /dev/null @@ -1,44 +0,0 @@ -self: with self; -let - uhk-agent-bin = stdenv.mkDerivation rec { - pname = "uhk-agent-bin"; - version = "1.5.14"; - src = builtins.fetchurl { - url = "https://github.com/UltimateHackingKeyboard/agent/releases/download/v1.5.14/UHK.Agent-1.5.14-linux-x86_64.AppImage"; - sha256 = "sha256:1yzh4ixy0cqg02xf84vcqj3h67mkxyzs6jf1h935ay582n70nyqg"; - }; - phases = [ "installPhase" "patchPhase" ]; - installPhase = '' - mkdir -p $out/bin - cp $src $out/bin/uhk-agent - chmod +x $out/bin/uhk-agent - ''; - }; - - script = '' - #!${bash}/bin/bash - - ${appimage-run}/bin/appimage-run ${uhk-agent-bin}/bin/uhk-agent - ''; -in -stdenv.mkDerivation rec { - pname = "uhk-agent"; - version = "1.5.14"; - buildInputs = [ - bash - uhk-agent-bin - appimage-run - ]; - - phases = [ "buildPhase" "installPhase" "patchPhase" ]; - - buildPhase = '' - echo "${script}" >> uhk-agent - ''; - - installPhase = '' - mkdir -p $out/bin - cp uhk-agent $out/bin/uhk-agent - chmod +x $out/bin/uhk-agent - ''; -} diff --git a/overlays/pub-solar/wcwd.nix b/overlays/pub-solar/wcwd.nix deleted file mode 100644 index e5ebcca..0000000 --- a/overlays/pub-solar/wcwd.nix +++ /dev/null @@ -1,5 +0,0 @@ -self: with self; '' - pid=$(${sway}/bin/swaymsg -t get_tree | jq '.. | select(.type?) | select(.type=="con") | select(.focused==true).pid') - ppid=$(pgrep --newest --parent ''${pid}) - readlink /proc/''${ppid}/cwd || echo $HOME -'' diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index e327a73..5e572dd 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -7,18 +7,14 @@ in ./home.nix ]; - users = { - mutableUsers = false; - - users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] { - # Indicates whether this is an account for a “real” user. - # This automatically sets group to users, createHome to true, - # home to /home/username, useDefaultShell to true, and isSystemUser to false. - isNormalUser = true; - description = ""; - extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ]; - initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; - shell = pkgs.zsh; - }; + users.users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] { + # Indicates whether this is an account for a “real” user. + # This automatically sets group to users, createHome to true, + # home to /home/username, useDefaultShell to true, and isSystemUser to false. + isNormalUser = true; + description = "The main PubSolarOS user"; + extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ]; + initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; + shell = pkgs.zsh; }; } diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 6d7c87d..ee7e3b3 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -9,7 +9,7 @@ in ./session-variables.nix ]; - home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + home-manager.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] { # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 99f9bb1..b20a6d7 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -127,6 +127,12 @@ in system.autoUpgrade.enable = true; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + services.earlyoom.enable = true; boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/secrets/.gitattributes b/secrets/.gitattributes index ff69eb2..901863e 100644 --- a/secrets/.gitattributes +++ b/secrets/.gitattributes @@ -1,3 +1,4 @@ * filter=git-crypt diff=git-crypt .gitattributes !filter !diff +secrets.nix !filter !diff README.md !filter !diff diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..bac30e0 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,9 @@ +let + # set ssh public keys here for your system and user + system = ""; + user = ""; + allKeys = [ system user ]; +in +{ + "secret.age".publicKeys = allKeys; +} diff --git a/users/ben/default.nix b/users/ben/default.nix index a0d66f5..693ec66 100644 --- a/users/ben/default.nix +++ b/users/ben/default.nix @@ -32,6 +32,6 @@ in ]; }; - fonts.fonts = lib.attrValues pkgs.b12f.fonts; + # fonts.fonts = lib.attrValues pkgs.b12f.fonts; }; }