diff --git a/CHANGELOG.md b/CHANGELOG.md
deleted file mode 100644
index 92f225f7..00000000
--- a/CHANGELOG.md
+++ /dev/null
@@ -1,112 +0,0 @@
-# Changelog
-
-## [v0.10.0](https://github.com/divnix/devos/tree/v0.10.0) (2021-05-24)
-
-**Implemented enhancements:**
-
-- Providing an interface to nixpkgs.config [\#237](https://github.com/divnix/devos/issues/237)
-- Making the user available in profiles [\#230](https://github.com/divnix/devos/issues/230)
-- copy evaluation store paths to iso [\#195](https://github.com/divnix/devos/issues/195)
-- Extract custom system builds from devosSystem out of lib [\#170](https://github.com/divnix/devos/issues/170)
-- Allow setting of channel host-wide [\#117](https://github.com/divnix/devos/issues/117)
-- alacritty: CSIu support [\#51](https://github.com/divnix/devos/issues/51)
-
-**Fixed bugs:**
-
-- Cachix timeouts + how to disable nrdxp cachix \(if needed\) [\#294](https://github.com/divnix/devos/issues/294)
-- default.nix flake-compat is broken [\#285](https://github.com/divnix/devos/issues/285)
-- All suites return "attribute missing" [\#282](https://github.com/divnix/devos/issues/282)
-- nix is built two times [\#203](https://github.com/divnix/devos/issues/203)
-- fix lib docs [\#166](https://github.com/divnix/devos/issues/166)
-
-**Closed issues:**
-
-- eliminate userFlakeNixOS [\#257](https://github.com/divnix/devos/issues/257)
-- devos-as-library [\#214](https://github.com/divnix/devos/issues/214)
-
-**Merged pull requests:**
-
-- Update evalArgs to match the new planned API [\#239](https://github.com/divnix/devos/pull/239)
-
-## [v0.9.0](https://github.com/divnix/devos/tree/v0.9.0) (2021-04-19)
-
-**Implemented enhancements:**
-
-- pin inputs into iso live registry [\#190](https://github.com/divnix/devos/issues/190)
-- Pass 'self' to lib [\#169](https://github.com/divnix/devos/issues/169)
-- doc: quickstart "ISO. What next?" [\#167](https://github.com/divnix/devos/issues/167)
-- Integrate Android AOSP putting mobile under control [\#149](https://github.com/divnix/devos/issues/149)
-- Inoculate host identity on first use [\#132](https://github.com/divnix/devos/issues/132)
-- kubenix support [\#130](https://github.com/divnix/devos/issues/130)
-- Improve Home Manager support: profiles/suites, modules, extern, flake outputs [\#119](https://github.com/divnix/devos/issues/119)
-- Local CA \(between hosts\) [\#104](https://github.com/divnix/devos/issues/104)
-- Q5: git annex for machine state [\#68](https://github.com/divnix/devos/issues/68)
-- name space ./pkgs overlays [\#60](https://github.com/divnix/devos/issues/60)
-- remap global keys easily [\#57](https://github.com/divnix/devos/issues/57)
-- make pass state part of this repo's structure [\#56](https://github.com/divnix/devos/issues/56)
-- Incorporate ./shells [\#38](https://github.com/divnix/devos/issues/38)
-- Encrypt with \(r\)age [\#37](https://github.com/divnix/devos/issues/37)
-
-**Fixed bugs:**
-
-- `pathsToImportedAttrs` does not accept directories [\#221](https://github.com/divnix/devos/issues/221)
-- Cachix caches aren't added to the configuration [\#208](https://github.com/divnix/devos/issues/208)
-- Issues with current changelog workflow [\#205](https://github.com/divnix/devos/issues/205)
-- iso: systemd service startup [\#194](https://github.com/divnix/devos/issues/194)
-- Help adding easy-hls-nix to devos [\#174](https://github.com/divnix/devos/issues/174)
-- `flk update` fails because of obsolete flag [\#159](https://github.com/divnix/devos/issues/159)
-- Expected that not all packages are exported? [\#151](https://github.com/divnix/devos/issues/151)
-- Segmentation fault when generating iso [\#150](https://github.com/divnix/devos/issues/150)
-
-**Documentation:**
-
-- doc: split iso [\#193](https://github.com/divnix/devos/issues/193)
-- lib: can depend on pkgs \(a la nixpkgs\#pkgs/pkgs-lib\) [\#147](https://github.com/divnix/devos/pull/147)
-
-**Closed issues:**
-
-- FRRouting router implementation [\#154](https://github.com/divnix/devos/issues/154)
-- ARM aarch64 Support [\#72](https://github.com/divnix/devos/issues/72)
-
-## [v0.8.0](https://github.com/divnix/devos/tree/v0.8.0) (2021-03-02)
-
-**Implemented enhancements:**
-
-- semi automatic update for /pkgs [\#118](https://github.com/divnix/devos/issues/118)
-- Home-manager external modules from flakes [\#106](https://github.com/divnix/devos/issues/106)
-
-**Fixed bugs:**
-
-- My emacsGcc overlay is not working [\#146](https://github.com/divnix/devos/issues/146)
-- local flake registry freezes branches [\#142](https://github.com/divnix/devos/issues/142)
-- nixos-option no longer works after collect garbage [\#138](https://github.com/divnix/devos/issues/138)
-- Profiles imports are brittle, causing failure if imported twice [\#136](https://github.com/divnix/devos/issues/136)
-
-## [0.7.0](https://github.com/divnix/devos/tree/0.7.0) (2021-02-20)
-
-**Implemented enhancements:**
-
-- add zoxide [\#53](https://github.com/divnix/devos/issues/53)
-- Multiarch support? [\#17](https://github.com/divnix/devos/issues/17)
-- initial multiArch support [\#18](https://github.com/divnix/devos/pull/18)
-
-**Fixed bugs:**
-
-- Missing shebang from flk.sh [\#131](https://github.com/divnix/devos/issues/131)
-- Rename Meta Issue [\#128](https://github.com/divnix/devos/issues/128)
-- specialisations break the `system` argument [\#46](https://github.com/divnix/devos/issues/46)
-- Revert "Add extraArgs to lib.nixosSystem call to add system args." [\#47](https://github.com/divnix/devos/pull/47)
-
-**Documentation:**
-
-- update home-manager urls [\#62](https://github.com/divnix/devos/pull/62)
-
-**Closed issues:**
-
-- add github action for cachix build ci [\#59](https://github.com/divnix/devos/issues/59)
-
-## [12052020](https://github.com/divnix/devos/tree/12052020) (2020-12-06)
-
-## [07092020](https://github.com/divnix/devos/tree/07092020) (2020-07-09)
-
-\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
deleted file mode 100644
index 07957e7c..00000000
--- a/CONTRIBUTING.md
+++ /dev/null
@@ -1,33 +0,0 @@
-# Quick branch overview
-
-We work with several branches in this repo. This document aims to explain how
-to contribute changes to the existing branches.
-
-### `main` branch
-
-- Changes to `modules` and `profiles` should go [the main branch](https://git.pub.solar/pub-solar/os/src/branch/main)
-- Changes can get accepted via: Pull Request
-- Branch protected from direct `git push`
-
-### `infra` branch
-
-- Changes to the [pub.solar](https://pub.solar) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/infra)
-- Changes can get accepted via: Pull Request
-- Branch protected from direct `git push`
-
-### `momo/main` branch
-
-- Changes to the [Momo](https://momo.koeln) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/momo/main)
-- Changes can get accepted via: Pull Request
-- Deployment of changes is [automatic via CI pipeline](https://git.pub.solar/pub-solar/os/src/commit/43bd7421509f7cc9ba06d7c740f3f536a4a2af76/.drone.yml#L20-L38)
-- Branch protected from direct `git push`
-
-### `$USER` branches
-
-- User's custom hosts and changes can be worked on in these branches
-- Direct `git push` possible
-- Examples:
- - [hensoko](https://git.pub.solar/pub-solar/os/src/branch/hensoko)
- - [b12f](https://git.pub.solar/pub-solar/os/src/branch/b12f)
- - [axeman](https://git.pub.solar/pub-solar/os/src/branch/axeman)
- - [teutat3s](https://git.pub.solar/pub-solar/os/src/branch/teutat3s)
diff --git a/COPYING b/COPYING
deleted file mode 100644
index c9b44cb8..00000000
--- a/COPYING
+++ /dev/null
@@ -1,18 +0,0 @@
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/LICENSE.md b/LICENSE.md
deleted file mode 100644
index 74c892ae..00000000
--- a/LICENSE.md
+++ /dev/null
@@ -1,660 +0,0 @@
-### GNU AFFERO GENERAL PUBLIC LICENSE
-
-Version 3, 19 November 2007
-
-Copyright (C) 2007 Free Software Foundation, Inc.
-
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-### Preamble
-
-The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
-
-The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains
-free software for all its users.
-
-When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
-
-A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate. Many developers of free software are heartened and
-encouraged by the resulting cooperation. However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
-
-The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community. It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server. Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
-
-An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals. This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing
-under this license.
-
-The precise terms and conditions for copying, distribution and
-modification follow.
-
-### TERMS AND CONDITIONS
-
-#### 0. Definitions.
-
-"This License" refers to version 3 of the GNU Affero General Public
-License.
-
-"Copyright" also means copyright-like laws that apply to other kinds
-of works, such as semiconductor masks.
-
-"The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
-To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of
-an exact copy. The resulting work is called a "modified version" of
-the earlier work or a work "based on" the earlier work.
-
-A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user
-through a computer network, with no transfer of a copy, is not
-conveying.
-
-An interactive user interface displays "Appropriate Legal Notices" to
-the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-#### 1. Source Code.
-
-The "source code" for a work means the preferred form of the work for
-making modifications to it. "Object code" means any non-source form of
-a work.
-
-A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-The Corresponding Source need not include anything that users can
-regenerate automatically from other parts of the Corresponding Source.
-
-The Corresponding Source for a work in source code form is that same
-work.
-
-#### 2. Basic Permissions.
-
-All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-You may make, run and propagate covered works that you do not convey,
-without conditions so long as your license otherwise remains in force.
-You may convey covered works to others for the sole purpose of having
-them make modifications exclusively for you, or provide you with
-facilities for running those works, provided that you comply with the
-terms of this License in conveying all material for which you do not
-control copyright. Those thus making or running the covered works for
-you must do so exclusively on your behalf, under your direction and
-control, on terms that prohibit them from making any copies of your
-copyrighted material outside their relationship with you.
-
-Conveying under any other circumstances is permitted solely under the
-conditions stated below. Sublicensing is not allowed; section 10 makes
-it unnecessary.
-
-#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such
-circumvention is effected by exercising rights under this License with
-respect to the covered work, and you disclaim any intention to limit
-operation or modification of the work as a means of enforcing, against
-the work's users, your or third parties' legal rights to forbid
-circumvention of technological measures.
-
-#### 4. Conveying Verbatim Copies.
-
-You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-#### 5. Conveying Modified Source Versions.
-
-You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these
-conditions:
-
-- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under
- section 7. This requirement modifies the requirement in section 4
- to "keep intact all notices".
-- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
-A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-#### 6. Conveying Non-Source Forms.
-
-You may convey a covered work in object code form under the terms of
-sections 4 and 5, provided that you also convey the machine-readable
-Corresponding Source under the terms of this License, in one of these
-ways:
-
-- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the Corresponding
- Source from a network server at no charge.
-- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-- e) Convey the object code using peer-to-peer transmission,
- provided you inform other peers where the object code and
- Corresponding Source of the work are being offered to the general
- public at no charge under subsection 6d.
-
-A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal,
-family, or household purposes, or (2) anything designed or sold for
-incorporation into a dwelling. In determining whether a product is a
-consumer product, doubtful cases shall be resolved in favor of
-coverage. For a particular product received by a particular user,
-"normally used" refers to a typical or common use of that class of
-product, regardless of the status of the particular user or of the way
-in which the particular user actually uses, or expects or is expected
-to use, the product. A product is a consumer product regardless of
-whether the product has substantial commercial, industrial or
-non-consumer uses, unless such uses represent the only significant
-mode of use of the product.
-
-"Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to
-install and execute modified versions of a covered work in that User
-Product from a modified version of its Corresponding Source. The
-information must suffice to ensure that the continued functioning of
-the modified object code is in no case prevented or interfered with
-solely because modification has been made.
-
-If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or
-updates for a work that has been modified or installed by the
-recipient, or for the User Product in which it has been modified or
-installed. Access to a network may be denied when the modification
-itself materially and adversely affects the operation of the network
-or violates the rules and protocols for communication across the
-network.
-
-Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-#### 7. Additional Terms.
-
-"Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders
-of that material) supplement the terms of this License with terms:
-
-- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-- c) Prohibiting misrepresentation of the origin of that material,
- or requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-- d) Limiting the use for publicity purposes of names of licensors
- or authors of the material; or
-- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions
- of it) with contractual assumptions of liability to the recipient,
- for any liability that these contractual assumptions directly
- impose on those licensors and authors.
-
-All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions; the
-above requirements apply either way.
-
-#### 8. Termination.
-
-You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-However, if you cease all violation of this License, then your license
-from a particular copyright holder is reinstated (a) provisionally,
-unless and until the copyright holder explicitly and finally
-terminates your license, and (b) permanently, if the copyright holder
-fails to notify you of the violation by some reasonable means prior to
-60 days after the cessation.
-
-Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-#### 9. Acceptance Not Required for Having Copies.
-
-You are not required to accept this License in order to receive or run
-a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-#### 10. Automatic Licensing of Downstream Recipients.
-
-Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
-An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-#### 11. Patents.
-
-A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
-A contributor's "essential patent claims" are all patent claims owned
-or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-A patent license is "discriminatory" if it does not include within the
-scope of its coverage, prohibits the exercise of, or is conditioned on
-the non-exercise of one or more of the rights that are specifically
-granted under this License. You may not convey a covered work if you
-are a party to an arrangement with a third party that is in the
-business of distributing software, under which you make payment to the
-third party based on the extent of your activity of conveying the
-work, and under which the third party grants, to any of the parties
-who would receive the covered work from you, a discriminatory patent
-license (a) in connection with copies of the covered work conveyed by
-you (or copies made from those copies), or (b) primarily for and in
-connection with specific products or compilations that contain the
-covered work, unless you entered into that arrangement, or that patent
-license was granted, prior to 28 March 2007.
-
-Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-#### 12. No Surrender of Others' Freedom.
-
-If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under
-this License and any other pertinent obligations, then as a
-consequence you may not convey it at all. For example, if you agree to
-terms that obligate you to collect a royalty for further conveying
-from those to whom you convey the Program, the only way you could
-satisfy both those terms and this License would be to refrain entirely
-from conveying the Program.
-
-#### 13. Remote Network Interaction; Use with the GNU General Public License.
-
-Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your
-version supports such interaction) an opportunity to receive the
-Corresponding Source of your version by providing access to the
-Corresponding Source from a network server at no charge, through some
-standard or customary means of facilitating copying of software. This
-Corresponding Source shall include the Corresponding Source for any
-work covered by version 3 of the GNU General Public License that is
-incorporated pursuant to the following paragraph.
-
-Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
-
-#### 14. Revised Versions of this License.
-
-The Free Software Foundation may publish revised and/or new versions
-of the GNU Affero General Public License from time to time. Such new
-versions will be similar in spirit to the present version, but may
-differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever
-published by the Free Software Foundation.
-
-If the Program specifies that a proxy can decide which future versions
-of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-#### 15. Disclaimer of Warranty.
-
-THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
-WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
-PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
-DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
-CORRECTION.
-
-#### 16. Limitation of Liability.
-
-IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
-CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
-ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
-NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
-LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
-TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
-PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-#### 17. Interpretation of Sections 15 and 16.
-
-If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-END OF TERMS AND CONDITIONS
-
-### How to Apply These Terms to Your New Programs
-
-If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these
-terms.
-
-To do so, attach the following notices to the program. It is safest to
-attach them to the start of each source file to most effectively state
-the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
-
-
- Copyright (C)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as
- published by the Free Software Foundation, either version 3 of the
- License, or (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see .
-
-Also add information on how to contact you by electronic and paper
-mail.
-
-If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source. For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code. There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for
-the specific requirements.
-
-You should also get your employer (if you work as a programmer) or
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. For more information on this, and how to apply and follow
-the GNU AGPL, see .
diff --git a/default.nix b/default.nix
deleted file mode 100644
index 3d5b5f96..00000000
--- a/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-let
- inherit (default.inputs.nixos) lib;
-
- default = (import ./lib/compat).defaultNix;
-
- ciSystems = [
- "aarch64-linux"
- "x86_64-linux"
- ];
-
- filterSystems =
- lib.filterAttrs
- (system: _: lib.elem system ciSystems);
-
- recurseIntoAttrsRecursive = lib.mapAttrs (
- _: v:
- if lib.isAttrs v
- then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
- else v
- );
-
- systemOutputs =
- lib.filterAttrs
- (
- name: set:
- lib.isAttrs set
- && lib.any
- (system: set ? ${system} && name != "legacyPackages")
- ciSystems
- )
- default.outputs;
-
- ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
-in
- (recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;}
diff --git a/flake.lock b/flake.lock
index f3410075..0a1b3b9c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,7 +5,7 @@
"adblockStevenBlack": "adblockStevenBlack",
"flake-utils": "flake-utils",
"nixpkgs": [
- "nixos"
+ "nixpkgs"
]
},
"locked": {
@@ -41,10 +41,10 @@
"agenix": {
"inputs": {
"darwin": [
- "darwin"
+ "nix-darwin"
],
"nixpkgs": [
- "nixos"
+ "nixpkgs"
]
},
"locked": {
@@ -61,32 +61,12 @@
"type": "github"
}
},
- "darwin": {
- "inputs": {
- "nixpkgs": [
- "nixos"
- ]
- },
- "locked": {
- "lastModified": 1688307440,
- "narHash": "sha256-7PTjbN+/+b799YN7Tk2SS5Vh8A0L3gBo8hmB7Y0VXug=",
- "owner": "LnL7",
- "repo": "nix-darwin",
- "rev": "b06bab83bdf285ea0ae3c8e145a081eb95959047",
- "type": "github"
- },
- "original": {
- "owner": "LnL7",
- "repo": "nix-darwin",
- "type": "github"
- }
- },
"deno2nix": {
"inputs": {
- "devshell": "devshell_3",
+ "devshell": "devshell",
"flake-compat": "flake-compat_2",
- "flake-utils": "flake-utils_5",
- "nixpkgs": "nixpkgs_2"
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1686513235,
@@ -102,22 +82,22 @@
"url": "https://git.pub.solar/b12f/deno2.nix.git"
}
},
- "deploy": {
+ "deploy-rs": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
- "nixos"
+ "nixpkgs"
],
"utils": "utils"
},
"locked": {
- "lastModified": 1686747123,
- "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
+ "lastModified": 1695052866,
+ "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell",
"repo": "deploy-rs",
- "rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
+ "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github"
},
"original": {
@@ -128,18 +108,19 @@
},
"devshell": {
"inputs": {
- "flake-utils": "flake-utils_2",
"nixpkgs": [
- "digga",
+ "scan2paperless",
+ "deno2nix",
"nixpkgs"
- ]
+ ],
+ "systems": "systems"
},
"locked": {
- "lastModified": 1671489820,
- "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=",
+ "lastModified": 1685972731,
+ "narHash": "sha256-VpwVUthxs3AFgvWxGTHu+KVDnS/zT3xkCtmjX2PjNQs=",
"owner": "numtide",
"repo": "devshell",
- "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634",
+ "rev": "6b2554d28d46bfa6e24b941e999a145760dad0e1",
"type": "github"
},
"original": {
@@ -149,32 +130,9 @@
}
},
"devshell_2": {
- "inputs": {
- "nixpkgs": [
- "keycloak-theme-pub-solar",
- "nixpkgs"
- ],
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1688380630,
- "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
- "owner": "numtide",
- "repo": "devshell",
- "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "devshell",
- "type": "github"
- }
- },
- "devshell_3": {
"inputs": {
"nixpkgs": [
"scan2paperless",
- "deno2nix",
"nixpkgs"
],
"systems": "systems_3"
@@ -193,100 +151,6 @@
"type": "github"
}
},
- "devshell_4": {
- "inputs": {
- "nixpkgs": [
- "scan2paperless",
- "nixpkgs"
- ],
- "systems": "systems_5"
- },
- "locked": {
- "lastModified": 1685972731,
- "narHash": "sha256-VpwVUthxs3AFgvWxGTHu+KVDnS/zT3xkCtmjX2PjNQs=",
- "owner": "numtide",
- "repo": "devshell",
- "rev": "6b2554d28d46bfa6e24b941e999a145760dad0e1",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "devshell",
- "type": "github"
- }
- },
- "digga": {
- "inputs": {
- "darwin": [
- "darwin"
- ],
- "deploy": [
- "deploy"
- ],
- "devshell": "devshell",
- "flake-compat": [
- "flake-compat"
- ],
- "flake-utils": "flake-utils_3",
- "flake-utils-plus": "flake-utils-plus",
- "home-manager": [
- "home"
- ],
- "nixlib": [
- "nixos"
- ],
- "nixpkgs": [
- "nixos"
- ],
- "nixpkgs-unstable": "nixpkgs-unstable"
- },
- "locked": {
- "lastModified": 1674947971,
- "narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=",
- "owner": "pub-solar",
- "repo": "digga",
- "rev": "2da608bd8afb48afef82c6b1b6d852a36094a497",
- "type": "github"
- },
- "original": {
- "owner": "pub-solar",
- "ref": "fix/bootstrap-iso",
- "repo": "digga",
- "type": "github"
- }
- },
- "fix-atomic-container-restarts": {
- "locked": {
- "lastModified": 1688325567,
- "narHash": "sha256-7thz5UlbgR9LNWOoPKMtpchI8U1EQpj6p4FhIGe3ZRI=",
- "owner": "pub-solar",
- "repo": "nixpkgs",
- "rev": "2a04ada27acb5a7401f8265e9d0a6db0f259cafb",
- "type": "github"
- },
- "original": {
- "owner": "pub-solar",
- "ref": "fix/atomic-container-restarts",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "fix-yubikey-agent": {
- "locked": {
- "lastModified": 1654372286,
- "narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=",
- "owner": "pub-solar",
- "repo": "nixpkgs",
- "rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b",
- "type": "github"
- },
- "original": {
- "owner": "pub-solar",
- "ref": "fix/use-latest-unstable-yubikey-agent",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"flake-compat": {
"flake": false,
"locked": {
@@ -319,6 +183,24 @@
"type": "github"
}
},
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": "nixpkgs-lib"
+ },
+ "locked": {
+ "lastModified": 1693611461,
+ "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
"flake-utils": {
"locked": {
"lastModified": 1659877975,
@@ -334,35 +216,16 @@
"type": "github"
}
},
- "flake-utils-plus": {
- "inputs": {
- "flake-utils": [
- "digga",
- "flake-utils"
- ]
- },
- "locked": {
- "lastModified": 1654029967,
- "narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=",
- "owner": "gytis-ivaskevicius",
- "repo": "flake-utils-plus",
- "rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199",
- "type": "github"
- },
- "original": {
- "owner": "gytis-ivaskevicius",
- "ref": "refs/pull/120/head",
- "repo": "flake-utils-plus",
- "type": "github"
- }
- },
"flake-utils_2": {
+ "inputs": {
+ "systems": "systems_2"
+ },
"locked": {
- "lastModified": 1642700792,
- "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
+ "lastModified": 1685518550,
+ "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+ "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
@@ -372,39 +235,6 @@
}
},
"flake-utils_3": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_4": {
- "inputs": {
- "systems": "systems_2"
- },
- "locked": {
- "lastModified": 1689068808,
- "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_5": {
"inputs": {
"systems": "systems_4"
},
@@ -422,36 +252,18 @@
"type": "github"
}
},
- "flake-utils_6": {
- "inputs": {
- "systems": "systems_6"
- },
- "locked": {
- "lastModified": 1685518550,
- "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "home": {
+ "home-manager": {
"inputs": {
"nixpkgs": [
- "nixos"
+ "nixpkgs"
]
},
"locked": {
- "lastModified": 1687871164,
- "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+ "lastModified": 1695108154,
+ "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+ "rev": "07682fff75d41f18327a871088d20af2710d4744",
"type": "github"
},
"original": {
@@ -461,45 +273,6 @@
"type": "github"
}
},
- "keycloak-theme-pub-solar": {
- "inputs": {
- "devshell": "devshell_2",
- "flake-utils": "flake-utils_4",
- "nixpkgs": [
- "nixos"
- ]
- },
- "locked": {
- "lastModified": 1689875310,
- "narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=",
- "ref": "main",
- "rev": "c2c86bbf9855f16a231a596b75b443232a7b9395",
- "revCount": 24,
- "type": "git",
- "url": "https://git.pub.solar/pub-solar/keycloak-theme"
- },
- "original": {
- "ref": "main",
- "type": "git",
- "url": "https://git.pub.solar/pub-solar/keycloak-theme"
- }
- },
- "latest": {
- "locked": {
- "lastModified": 1693663421,
- "narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "e56990880811a451abd32515698c712788be5720",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"master": {
"locked": {
"lastModified": 1693817516,
@@ -516,6 +289,22 @@
"type": "github"
}
},
+ "mobile-nixos": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1696124168,
+ "narHash": "sha256-EzGHYAR7rozQQLZEHbKEcb5VpUFGoxwEsM0OWfW4wqU=",
+ "owner": "nixos",
+ "repo": "mobile-nixos",
+ "rev": "7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "repo": "mobile-nixos",
+ "type": "github"
+ }
+ },
"musnix": {
"inputs": {
"nixpkgs": "nixpkgs"
@@ -534,19 +323,39 @@
"type": "github"
}
},
- "nixos": {
+ "nix-darwin": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
"locked": {
- "lastModified": 1693636127,
- "narHash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1",
+ "lastModified": 1695686713,
+ "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=",
+ "owner": "lnl7",
+ "repo": "nix-darwin",
+ "rev": "e236a1e598a9a59265897948ac9874c364b9555f",
"type": "github"
},
"original": {
- "owner": "nixos",
- "ref": "nixos-23.05",
- "repo": "nixpkgs",
+ "owner": "lnl7",
+ "ref": "master",
+ "repo": "nix-darwin",
+ "type": "github"
+ }
+ },
+ "nixos-flake": {
+ "locked": {
+ "lastModified": 1692742948,
+ "narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=",
+ "owner": "srid",
+ "repo": "nixos-flake",
+ "rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431",
+ "type": "github"
+ },
+ "original": {
+ "owner": "srid",
+ "repo": "nixos-flake",
"type": "github"
}
},
@@ -581,23 +390,41 @@
"type": "github"
}
},
- "nixpkgs-unstable": {
+ "nixpkgs-lib": {
"locked": {
- "lastModified": 1672791794,
- "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
- "owner": "nixos",
+ "dir": "lib",
+ "lastModified": 1693471703,
+ "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
+ "owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
+ "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"type": "github"
},
"original": {
- "owner": "nixos",
+ "dir": "lib",
+ "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
+ "locked": {
+ "lastModified": 1696039360,
+ "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-23.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
"locked": {
"lastModified": 1686412476,
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
@@ -613,7 +440,7 @@
"type": "github"
}
},
- "nixpkgs_3": {
+ "nixpkgs_4": {
"locked": {
"lastModified": 1693158576,
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
@@ -633,28 +460,27 @@
"inputs": {
"adblock-unbound": "adblock-unbound",
"agenix": "agenix",
- "darwin": "darwin",
- "deploy": "deploy",
- "digga": "digga",
- "fix-atomic-container-restarts": "fix-atomic-container-restarts",
- "fix-yubikey-agent": "fix-yubikey-agent",
+ "deploy-rs": "deploy-rs",
"flake-compat": "flake-compat",
- "home": "home",
- "keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
- "latest": "latest",
+ "flake-parts": "flake-parts",
+ "home-manager": "home-manager",
"master": "master",
+ "mobile-nixos": "mobile-nixos",
"musnix": "musnix",
- "nixos": "nixos",
+ "nix-darwin": "nix-darwin",
+ "nixos-flake": "nixos-flake",
"nixos-hardware": "nixos-hardware",
- "scan2paperless": "scan2paperless"
+ "nixpkgs": "nixpkgs_2",
+ "scan2paperless": "scan2paperless",
+ "unstable": "unstable"
}
},
"scan2paperless": {
"inputs": {
"deno2nix": "deno2nix",
- "devshell": "devshell_4",
- "flake-utils": "flake-utils_6",
- "nixpkgs": "nixpkgs_3"
+ "devshell": "devshell_2",
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1693298356,
@@ -730,33 +556,19 @@
"type": "github"
}
},
- "systems_5": {
+ "unstable": {
"locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "lastModified": 1696019113,
+ "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github"
},
"original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "systems_6": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
"type": "github"
}
},
diff --git a/flake.nix b/flake.nix
index aa9c412d..685238ad 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,222 +1,117 @@
{
- description = "A highly structured configuration database.";
+ description = "b12f hosts";
nixConfig.extra-experimental-features = "nix-command flakes";
inputs = {
# Track channels with commits tested and built by hydra
- nixos.url = "github:nixos/nixpkgs/nixos-23.05";
- latest.url = "github:nixos/nixpkgs/nixos-unstable";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+ unstable.url = "github:nixos/nixpkgs/nixos-unstable";
flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false;
- digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
- digga.inputs.nixpkgs.follows = "nixos";
- digga.inputs.nixlib.follows = "nixos";
- digga.inputs.home-manager.follows = "home";
- digga.inputs.deploy.follows = "deploy";
- digga.inputs.darwin.follows = "darwin";
- digga.inputs.flake-compat.follows = "flake-compat";
+ nix-darwin.url = "github:lnl7/nix-darwin/master";
+ nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
- home.url = "github:nix-community/home-manager/release-23.05";
- home.inputs.nixpkgs.follows = "nixos";
+ home-manager.url = "github:nix-community/home-manager/release-23.05";
+ home-manager.inputs.nixpkgs.follows = "nixpkgs";
- darwin.url = "github:LnL7/nix-darwin";
- darwin.inputs.nixpkgs.follows = "nixos";
+ flake-parts.url = "github:hercules-ci/flake-parts";
+ nixos-flake.url = "github:srid/nixos-flake";
- deploy.url = "github:serokell/deploy-rs";
- deploy.inputs.nixpkgs.follows = "nixos";
- deploy.inputs.flake-compat.follows = "flake-compat";
+ deploy-rs.url = "github:serokell/deploy-rs";
+ deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
+ deploy-rs.inputs.flake-compat.follows = "flake-compat";
agenix.url = "github:ryantm/agenix";
- agenix.inputs.nixpkgs.follows = "nixos";
- agenix.inputs.darwin.follows = "darwin";
+ agenix.inputs.nixpkgs.follows = "nixpkgs";
+ agenix.inputs.darwin.follows = "nix-darwin";
nixos-hardware.url = "github:nixos/nixos-hardware";
- keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
- keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos";
+ mobile-nixos.url = "github:nixos/mobile-nixos";
+ mobile-nixos.flake = false;
master.url = "github:nixos/nixpkgs/master";
- fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
- fix-atomic-container-restarts.url = "github:pub-solar/nixpkgs/fix/atomic-container-restarts";
scan2paperless.url = "git+https://git.pub.solar/b12f/scan2paperless.git";
musnix.url = "github:musnix/musnix";
-
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
- adblock-unbound.inputs.nixpkgs.follows = "nixos";
+ adblock-unbound.inputs.nixpkgs.follows = "nixpkgs";
};
- outputs = {
- self,
- digga,
- nixos,
- home,
- nixos-hardware,
- agenix,
- deploy,
- scan2paperless,
- musnix,
- ...
- } @ inputs:
- digga.lib.mkFlake
- {
- inherit self inputs;
-
- channelsConfig = {
- allowUnfree = true;
- };
-
- supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"];
-
- channels = {
- nixos = {
- imports = [(digga.lib.importOverlays ./overlays)];
- overlays = [
- (self: super: {
- deploy-rs = {
- inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs;
- lib = inputs.deploy.lib.x86_64-linux;
- };
- })
- ];
- };
- latest = {};
- };
-
- lib = import ./lib {lib = digga.lib // nixos.lib;};
-
- sharedOverlays = [
- (final: prev: {
- __dontExport = true;
- lib = prev.lib.extend (lfinal: lprev: {
- our = self.lib;
- });
- })
- agenix.overlays.default
-
- (import ./pkgs)
+ outputs = inputs@{ self, ... }:
+ inputs.flake-parts.lib.mkFlake { inherit inputs; } {
+ systems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "x86_64-darwin"
+ "aarch64-darwin"
];
- nixos = {
- hostDefaults = {
- system = "x86_64-linux";
- channelName = "nixos";
- imports = [(digga.lib.importExportableModules ./modules)];
- modules = [
- {lib.our = self.lib;}
- # FIXME: upstream module causes a huge number of unnecessary
- # dependencies to be pulled in for all systems -- many of them are
- # graphical. should only be imported as needed.
- # digga.nixosModules.bootstrapIso
- digga.nixosModules.nixConfig
- home.nixosModules.home-manager
- agenix.nixosModules.age
- musnix.nixosModules.musnix
- ];
- };
+ imports = [
+ inputs.nixos-flake.flakeModule
+ ./lib
+ ./modules
+ ./hosts
+ ./users
+ ];
- imports = [(digga.lib.importHosts ./hosts)];
- hosts = {
- # Set host-specific properties here
- bootstrap = {
- modules = [
- digga.nixosModules.bootstrapIso
+ perSystem = args@{ system, pkgs, config, ... }: {
+ _module.args = {
+ inherit inputs;
+ pkgs = import inputs.nixpkgs {
+ inherit system;
+ overlays = [
+ inputs.agenix.overlays.default
];
};
- PubSolarOS = {
- tests = [
- #(import ./tests/first-test.nix {
- # pkgs = nixos.legacyPackages.x86_64-linux;
- # lib = nixos.lib;
- #})
- ];
+ unstable = import inputs.unstable { inherit system; };
+ master = import inputs.master { inherit system; };
+ };
+
+ devShells.default = pkgs.mkShell {
+ buildInputs = with pkgs; [
+ deploy-rs
+ nixpkgs-fmt
+ agenix
+ cachix
+ editorconfig-checker
+ nix
+ nodePackages.prettier
+ nvfetcher
+ shellcheck
+ shfmt
+ treefmt
+ nixos-generators
+ ];
+ };
+ };
+
+ flake = {
+ deploy.nodes = self.b12f-os.lib.deploy.mkDeployNodes self.nixosConfigurations {
+ chocolatebar = {
+ sshUser = "b12f";
+ };
+
+ biolimo = {
+ sshUser = "b12f";
+ };
+
+ droppie = {
+ hostname = "backup.b12f.io";
+ sshUser = "yule";
};
pie = {
- system = "aarch64-linux";
- modules = [nixos-hardware.nixosModules.raspberry-pi-4];
+ hostname = "pie.local";
+ sshUser = "yule";
};
maoam = {
- system = "aarch64-linux";
+ sshUser = "b12f";
};
};
- importables = rec {
- profiles =
- digga.lib.rakeLeaves ./profiles
- // {
- users = digga.lib.rakeLeaves ./users;
- };
-
- suites = with profiles; rec {
- base = [users.pub-solar users.root];
- iso = base ++ [base-user graphical pub-solar-iso];
- pubsolaros = [full-install base-user users.root];
- anonymous = [pubsolaros users.pub-solar];
-
- b12f = pubsolaros ++ [users.b12f social gaming mobile];
- biolimo = b12f ++ [graphical];
- chocolatebar = b12f ++ [graphical virtualisation];
-
- yule = pubsolaros ++ [users.yule];
- droppie = yule ++ [];
- pie = yule ++ [];
- maoam = b12f ++ [];
- };
- };
- };
-
- home = {
- imports = [(digga.lib.importExportableModules ./users/modules)];
- modules = [];
- importables = rec {
- profiles = digga.lib.rakeLeaves ./users/profiles;
- suites = with profiles; rec {
- base = [direnv git];
- };
- };
- users = let
- default = {suites, ...}: {
- imports = suites.base;
- home.stateVersion = "21.03";
- };
- in {
- pub-solar = default;
- b12f = default;
- yule = default;
- };
- };
-
- devshell = ./shell;
-
- homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
-
- deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
- droppie = {
- hostname = "backup.b12f.io";
- sshUser = "yule";
- };
-
- pie = {
- hostname = "pie.local";
- sshUser = "yule";
- };
-
- maoam = {
- sshUser = "b12f";
- };
- #example = {
- # hostname = "example.com:22";
- # sshUser = "bartender";
- # fastConnect = true;
- # profilesOrder = ["system" "direnv"];
- # profiles.direnv = {
- # user = "bartender";
- # path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender;
- # };
- #};
};
};
}
diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix
deleted file mode 100644
index da0375cd..00000000
--- a/hosts/PubSolarOS.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{suites, ...}: {
- ### root password is empty by default ###
- ### default password: pub-solar, optional: add your SSH keys
- imports =
- suites.iso;
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.networkmanager.enable = true;
-
- fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "22.05"; # Did you read the comment?
-}
diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix
deleted file mode 100644
index 97051ded..00000000
--- a/hosts/biolimo/biolimo.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-with lib; let
- psCfg = config.pub-solar;
- xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
- imports = [
- ./configuration.nix
- ];
-
- config = {
- pub-solar.paranoia.enable = true;
- pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
- pub-solar.core.hibernation.resumeOffset = 15296512;
-
- hardware.cpu.intel.updateMicrocode = true;
-
- networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
-
- services.printing.drivers = [
- pkgs.cups-brother-hl3140cw
- ];
-
- home-manager = with pkgs;
- pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
- xdg.configFile = mkIf psCfg.sway.enable {
- "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
- "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
- "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
- "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
- };
-
- home.packages = [
- inkscape
- ];
- };
-
- # For OpenProject development with https
- security.pki.certificates = [
- (builtins.readFile ./step-roots.pem)
- ];
- };
-}
diff --git a/hosts/biolimo/configuration.nix b/hosts/biolimo/configuration.nix
index d5c70a17..6b28152d 100644
--- a/hosts/biolimo/configuration.nix
+++ b/hosts/biolimo/configuration.nix
@@ -1,20 +1,51 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
{
config,
+ lib,
pkgs,
...
-}: {
- imports = [
- # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ];
+}:
+with lib; let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+ pub-solar.graphical.enable = true;
+ pub-solar.sway.enable = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ pub-solar.paranoia.enable = true;
+ pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+ pub-solar.core.hibernation.resumeOffset = 15296512;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
+
+ services.printing.drivers = [
+ pkgs.cups-brother-hl3140cw
+ ];
+
+ home-manager = with pkgs;
+ pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+ xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+ "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+ };
+
+ home.packages = [
+ inkscape
+ ];
+ };
+
+ # For OpenProject development with https
+ security.pki.certificates = [
+ (builtins.readFile ./step-roots.pem)
+ ];
+
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix
index cbf61ab8..3c4d411a 100644
--- a/hosts/biolimo/default.nix
+++ b/hosts/biolimo/default.nix
@@ -1,7 +1,6 @@
-{suites, ...}: {
- imports =
- [
- ./biolimo.nix
- ]
- ++ suites.biolimo;
+{ ... }: {
+ imports = [
+ ./configuration.nix
+ ./hardware-configuration.nix
+ ];
}
diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix
deleted file mode 100644
index c71f03cc..00000000
--- a/hosts/bootstrap.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{
- config,
- lib,
- pkgs,
- profiles,
- ...
-}:
-with lib; let
- # Gets hostname of host to be bundled inside iso
- # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
- getFqdn = config: let
- net = config.networking;
- fqdn =
- if (net ? domain) && (net.domain != null)
- then "${net.hostName}.${net.domain}"
- else net.hostName;
- in
- fqdn;
-in {
- # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
- imports = [
- # profiles.networking
- profiles.users.root # make sure to configure ssh keys
- profiles.users.pub-solar
- profiles.base-user
- profiles.graphical
- profiles.pub-solar-iso
- ];
-
- config = {
- boot.loader.systemd-boot.enable = true;
-
- # will be overridden by the bootstrapIso instrumentation
- fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
-
- system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
-
- # mkForce because a similar transformation gets double applied otherwise
- # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
- # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
- isoImage = {
- isoBaseName = mkForce (getFqdn config);
- isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
- };
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "21.05"; # Did you read the comment?
- };
-}
diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix
deleted file mode 100644
index 6de9a7c2..00000000
--- a/hosts/chocolatebar/chocolatebar.nix
+++ /dev/null
@@ -1,109 +0,0 @@
-{
- config,
- pkgs,
- lib,
- self,
- inputs,
- ...
-}:
-with lib; let
- psCfg = config.pub-solar;
- xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
- imports = [
- ./configuration.nix
- ./virtualisation
- ./factorio
- ];
-
- config = {
- hardware.cpu.amd.updateMicrocode = true;
-
- hardware.opengl.extraPackages = with pkgs; [
- rocm-opencl-icd
- rocm-opencl-runtime
- ];
-
- pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
- pub-solar.core.hibernation.resumeOffset = 115075072;
-
- pub-solar.paperless.sync.masterNode = true;
-
- age.secrets."drone-runner-exec-config" = {
- file = "${self}/secrets/drone-runner-exec-config";
- mode = "400";
- owner = psCfg.user.name;
- };
-
- pub-solar.docker-ci-runner = {
- enable = true;
- runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
- };
-
- pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
-
- services.openssh.openFirewall = true;
- networking.firewall.allowedTCPPorts =
- [443]
- ++ (
- if psCfg.sway.vnc.enable
- then [5901]
- else []
- );
- networking.firewall.allowedUDPPorts = [43050];
-
- environment.systemPackages = with pkgs; [
- wayvnc
- drone-docker-runner
- stdenv.cc.cc.lib
- pkgs.hplip
- ];
-
- age.secrets."vnc-key.pem" = {
- file = "${self}/secrets/vnc-key-chocolatebar.pem";
- mode = "400";
- owner = psCfg.user.name;
- };
- age.secrets."vnc-cert.pem" = {
- file = "${self}/secrets/vnc-cert-chocolatebar.pem";
- mode = "400";
- owner = psCfg.user.name;
- };
- pub-solar.sway.vnc.enable = true;
-
- services.printing.drivers = [
- pkgs.cups-brother-hl3140cw
- ];
-
- services.udev.extraRules = ''
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
- '';
-
- home-manager.users."${psCfg.user.name}" = {
- xdg.configFile = mkIf psCfg.sway.enable {
- "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
- "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
- "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
- };
-
- home.sessionVariables = {
- NIX_CC = "${pkgs.stdenv.cc}";
- };
-
- home.packages = with pkgs; [
- lmms
- audacity
- ];
- };
-
- musnix = {
- enable = true;
- kernel.realtime = true;
- };
-
- # For OpenProject development with https
- security.pki.certificates = [
- (builtins.readFile ./step-roots.pem)
- ];
- };
-}
diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix
index d5c70a17..5582e91a 100644
--- a/hosts/chocolatebar/configuration.nix
+++ b/hosts/chocolatebar/configuration.nix
@@ -1,20 +1,112 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
{
config,
pkgs,
+ flake,
+ lib,
...
-}: {
- imports = [
- # Include the results of the hardware scan.
- ./hardware-configuration.nix
+}:
+with lib; let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+ pub-solar.graphical.enable = true;
+ pub-solar.sway.enable = true;
+ pub-solar.virtualisation.enable = true;
+
+ hardware.cpu.amd.updateMicrocode = true;
+
+ hardware.opengl.extraPackages = with pkgs; [
+ rocm-opencl-icd
+ rocm-opencl-runtime
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ pub-solar.paranoia.enable = true;
+ pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+ pub-solar.core.hibernation.resumeOffset = 115075072;
+
+ pub-solar.paperless.sync.masterNode = true;
+
+ age.secrets."drone-runner-exec-config" = {
+ file = "${flake.self}/secrets/drone-runner-exec-config";
+ mode = "400";
+ owner = psCfg.user.name;
+ };
+
+ pub-solar.docker-ci-runner = {
+ enable = true;
+ runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
+ };
+
+ pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
+
+ services.openssh.openFirewall = true;
+ networking.firewall.allowedTCPPorts =
+ [443]
+ ++ (
+ if psCfg.sway.vnc.enable
+ then [5901]
+ else []
+ );
+ networking.firewall.allowedUDPPorts = [43050];
+
+ environment.systemPackages = with pkgs; [
+ wayvnc
+ drone-docker-runner
+ stdenv.cc.cc.lib
+ pkgs.hplip
+ ];
+
+ age.secrets."vnc-key.pem" = {
+ file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
+ mode = "400";
+ owner = psCfg.user.name;
+ };
+ age.secrets."vnc-cert.pem" = {
+ file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
+ mode = "400";
+ owner = psCfg.user.name;
+ };
+ pub-solar.sway.vnc.enable = true;
+
+ services.printing.drivers = [
+ pkgs.cups-brother-hl3140cw
+ ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
+ '';
+
+ home-manager.users."${psCfg.user.name}" = {
+ xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+ };
+
+ home.sessionVariables = {
+ NIX_CC = "${pkgs.stdenv.cc}";
+ };
+
+ home.packages = with pkgs; [
+ lmms
+ audacity
+ ];
+ };
+
+ musnix = {
+ enable = true;
+ kernel.realtime = true;
+ };
+
+ # For OpenProject development with https
+ security.pki.certificates = [
+ (builtins.readFile ./step-roots.pem)
+ ];
+
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/chocolatebar/default.nix b/hosts/chocolatebar/default.nix
index a39b3ecf..f05e641b 100644
--- a/hosts/chocolatebar/default.nix
+++ b/hosts/chocolatebar/default.nix
@@ -1,7 +1,9 @@
-{suites, ...}: {
- imports =
- [
- ./chocolatebar.nix
- ]
- ++ suites.chocolatebar;
+{...}: {
+ imports = [
+ ./configuration.nix
+ ./hardware-configuration.nix
+
+ ./virtualisation
+ # ./factorio
+ ];
}
diff --git a/hosts/chocolatebar/factorio/default.nix b/hosts/chocolatebar/factorio/default.nix
index 50cd5306..533f7397 100644
--- a/hosts/chocolatebar/factorio/default.nix
+++ b/hosts/chocolatebar/factorio/default.nix
@@ -2,7 +2,6 @@
config,
pkgs,
lib,
- self,
...
}:
with lib; let
diff --git a/hosts/default.nix b/hosts/default.nix
new file mode 100644
index 00000000..9d649d4f
--- /dev/null
+++ b/hosts/default.nix
@@ -0,0 +1,43 @@
+{ withSystem, self, inputs, ...}:
+{
+ flake = {
+ nixosConfigurations = {
+ biolimo = self.nixos-flake.lib.mkLinuxSystem {
+ nixpkgs.hostPlatform = "x86_64-linux";
+ imports = [
+ self.nixosModules.base
+ ./biolimo
+ self.nixosModules.b12f
+ ];
+ };
+
+ chocolatebar = self.nixos-flake.lib.mkLinuxSystem {
+ nixpkgs.hostPlatform = "x86_64-linux";
+ imports = [
+ self.nixosModules.base
+ ./chocolatebar
+ self.nixosModules.b12f
+ ];
+ };
+
+ pie = self.nixos-flake.lib.mkLinuxSystem {
+ nixpkgs.hostPlatform = "aarch64-linux";
+ imports = [
+ self.nixosModules.base
+ inputs.nixos-hardware.nixosModules.raspberry-pi-4
+ ./pie
+ self.nixosModules.yule
+ ];
+ };
+
+ # maoam = self.nixos-flake.lib.mkLinuxSystem {
+ # nixpkgs.hostPlatform = "aarch64-linux";
+ # imports = [
+ # self.nixosModules.base
+ # ./maoam
+ # self.nixosModules.yule
+ # ];
+ # };
+ };
+ };
+}
diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix
index 5d58058d..5937a8d6 100644
--- a/hosts/droppie/configuration.nix
+++ b/hosts/droppie/configuration.nix
@@ -1,17 +1,14 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
{
config,
pkgs,
lib,
+ flake,
...
-}: {
- imports = [
- # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ];
-
+}:
+with lib; let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
@@ -20,6 +17,47 @@
};
boot.loader.efi.canTouchEfiVariables = true;
+ hardware.cpu.intel.updateMicrocode = true;
+
+ pub-solar.core.disk-encryption-active = false;
+ pub-solar.core.lite = true;
+
+ security.sudo.extraRules = [
+ {
+ users = ["${psCfg.user.name}"];
+ commands = [
+ {
+ command = "ALL";
+ options = ["NOPASSWD"];
+ }
+ ];
+ }
+ ];
+
+ services.ddclient = {
+ enable = false;
+ ipv6 = true;
+ domains = ["backup.b12f.io"];
+ server = "ddns.hosting.de";
+ username = "b12f";
+ use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
+ passwordFile = "/run/agenix/dyndns-droppie.key";
+ };
+
+ age.secrets."dyndns-droppie.key" = {
+ file = "${flake.self}/secrets/dyndns-droppie.key";
+ mode = "400";
+ owner = "root";
+ };
+
+ # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
+ age.secrets."droppie-ssh-root.key" = {
+ file = "${flake.self}/secrets/droppie-ssh-root.key";
+ path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
+ mode = "400";
+ owner = psCfg.user.name;
+ };
+
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/droppie/default.nix b/hosts/droppie/default.nix
index 2b44a0d1..9fd7261a 100644
--- a/hosts/droppie/default.nix
+++ b/hosts/droppie/default.nix
@@ -1,7 +1,9 @@
-{suites, ...}: {
- imports =
- [
- ./droppie.nix
- ]
- ++ suites.droppie;
+{...}: {
+ imports = [
+ ./configuration.nix
+ ./hardware-configuration.nix
+
+ ./nextcloud-web-tunnel.nix
+ ./restic-backup.nix
+ ];
}
diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix
deleted file mode 100644
index cb3fe606..00000000
--- a/hosts/droppie/droppie.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{
- config,
- pkgs,
- lib,
- self,
- ...
-}:
-with lib; let
- psCfg = config.pub-solar;
- xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
- imports = [
- ./configuration.nix
- ./nextcloud-web-tunnel.nix
- ./restic-backup.nix
- ];
-
- config = {
- hardware.cpu.intel.updateMicrocode = true;
-
- pub-solar.core.disk-encryption-active = false;
- pub-solar.core.lite = true;
-
- security.sudo.extraRules = [
- {
- users = ["${psCfg.user.name}"];
- commands = [
- {
- command = "ALL";
- options = ["NOPASSWD"];
- }
- ];
- }
- ];
-
- services.ddclient = {
- enable = false;
- ipv6 = true;
- domains = ["backup.b12f.io"];
- server = "ddns.hosting.de";
- username = "b12f";
- use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
- passwordFile = "/run/agenix/dyndns-droppie.key";
- };
-
- age.secrets."dyndns-droppie.key" = {
- file = "${self}/secrets/dyndns-droppie.key";
- mode = "400";
- owner = "root";
- };
-
- # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
- age.secrets."droppie-ssh-root.key" = {
- file = "${self}/secrets/droppie-ssh-root.key";
- path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
- mode = "400";
- owner = psCfg.user.name;
- };
- };
-}
diff --git a/hosts/maoam/configuration.nix b/hosts/maoam/configuration.nix
index 0baf7a0d..2d9992a7 100644
--- a/hosts/maoam/configuration.nix
+++ b/hosts/maoam/configuration.nix
@@ -1,18 +1,9 @@
-{ config, lib, pkgs, ... }:
-let
- mobile-nixos = pkgs.fetchFromGithub {
- owner = "NixOS";
- repo = "mobile-nixos";
- rev = "d22c60e8d4d21f0197c1cac88c34dcc366b7a16c";
- sha256 = "";
- };
-in {
- imports = [
- (import { device = "pine64-pinephone"; })
- ./hardware-configuration.nix
-
- ];
-
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: {
# Use Network Manager
networking.wireless.enable = false;
networking.networkmanager.enable = true;
diff --git a/hosts/maoam/default.nix b/hosts/maoam/default.nix
index 1ae6f8ee..fb4f6aff 100644
--- a/hosts/maoam/default.nix
+++ b/hosts/maoam/default.nix
@@ -1,7 +1,8 @@
-{suites, ...}: {
- imports =
- [
- ./maoam.nix
- ]
- ++ suites.maoam;
+{ flake, pkgs, ... }: {
+ imports = [
+ ./configuration.nix
+ ./hardware-configuration.nix
+ ((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") { device = "pine64-pinephone"; })
+ "${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix"
+ ];
}
diff --git a/hosts/maoam/maoam.nix b/hosts/maoam/maoam.nix
deleted file mode 100644
index e90fa658..00000000
--- a/hosts/maoam/maoam.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- config,
- pkgs,
- lib,
- self,
- ...
-}:
-with lib; let
- psCfg = config.pub-solar;
- xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
- imports = [
- ./configuration.nix
- ];
-}
diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix
index fdc5b953..86bac573 100644
--- a/hosts/pie/configuration.nix
+++ b/hosts/pie/configuration.nix
@@ -5,13 +5,12 @@
config,
pkgs,
lib,
- inputs,
...
-}: {
- imports = [
- ./hardware-configuration.nix
- ];
-
+}:
+with lib; let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
@@ -27,6 +26,33 @@
boot.kernelPackages = pkgs.linuxPackages_6_1;
+ pub-solar.core.disk-encryption-active = false;
+ pub-solar.core.lite = true;
+
+ networking.defaultGateway = {
+ address = "192.168.178.1";
+ interface = "enabcm6e4ei0";
+ };
+
+ networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
+ {
+ address = "192.168.178.2";
+ prefixLength = 24;
+ }
+ ];
+
+ security.sudo.extraRules = [
+ {
+ users = ["${psCfg.user.name}"];
+ commands = [
+ {
+ command = "ALL";
+ options = ["NOPASSWD"];
+ }
+ ];
+ }
+ ];
+
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix
index 12cc94b9..541edac4 100644
--- a/hosts/pie/default.nix
+++ b/hosts/pie/default.nix
@@ -1,7 +1,10 @@
-{suites, ...}: {
- imports =
- [
- ./pie.nix
- ]
- ++ suites.pie;
+{...}: {
+ imports = [
+ ./configuration.nix
+ ./hardware-configuration.nix
+
+ ./unbound.nix
+ ./dhcpd.nix
+ ./wake-droppie.nix
+ ];
}
diff --git a/hosts/pie/pie.nix b/hosts/pie/pie.nix
deleted file mode 100644
index 1aa30624..00000000
--- a/hosts/pie/pie.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{
- config,
- pkgs,
- lib,
- self,
- ...
-}:
-with lib; let
- psCfg = config.pub-solar;
- xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
- imports = [
- ./configuration.nix
- ./unbound.nix
- ./dhcpd.nix
- ./wake-droppie.nix
- ];
-
- config = {
- pub-solar.core.disk-encryption-active = false;
- pub-solar.core.lite = true;
-
- networking.defaultGateway = {
- address = "192.168.178.1";
- interface = "enabcm6e4ei0";
- };
-
- networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
- {
- address = "192.168.178.2";
- prefixLength = 24;
- }
- ];
-
- security.sudo.extraRules = [
- {
- users = ["${psCfg.user.name}"];
- commands = [
- {
- command = "ALL";
- options = ["NOPASSWD"];
- }
- ];
- }
- ];
- };
-}
diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix
index 64088248..3636edd0 100644
--- a/hosts/pie/unbound.nix
+++ b/hosts/pie/unbound.nix
@@ -1,7 +1,4 @@
-{ pkgs, inputs, ... }:
-let
- adlist = inputs.adblock-unbound.packages.${pkgs.system};
-in {
+{ pkgs, lib, ... }: {
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
@@ -10,7 +7,7 @@ in {
settings = {
server = {
include = [
- "\"${adlist.unbound-adblockStevenBlack}\""
+ "\"${pkgs.adlist.unbound-adblockStevenBlack}\""
];
interface = [ "0.0.0.0" ];
access-control = [ "192.168.178.0/24 allow" ];
diff --git a/lib/default.nix b/lib/default.nix
index ac167511..4e39d82f 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,10 +1,16 @@
-{lib}:
-lib.makeExtensible (self: let
- callLibs = file: import file {lib = self;};
-in rec {
- ## Define your own library functions here!
- #id = x: x;
- ## Or in files, containing functions that take {lib}
- #foo = callLibs ./foo.nix;
- ## In configs, they can be used under "lib.our"
-})
+{ lib, inputs, ... }: {
+ # Configuration common to all Linux systems
+ flake = {
+ b12f-os.lib = let
+ callLibs = file: import file {inherit lib;};
+ in rec {
+ ## Define your own library functions here!
+ #id = x: x;
+ ## Or in files, containing functions that take {lib}
+ #foo = callLibs ./foo.nix;
+ ## In configs, they can be used under "lib.our"
+
+ deploy = import ./deploy.nix { inherit inputs lib; };
+ };
+ };
+}
diff --git a/lib/deploy.nix b/lib/deploy.nix
new file mode 100644
index 00000000..5e9f6418
--- /dev/null
+++ b/lib/deploy.nix
@@ -0,0 +1,62 @@
+/*
+ * The contents of this file are adapted from digga
+ * https://github.com/divnix/digga
+ *
+ * Licensed under the MIT license
+ */
+
+{ lib, inputs }: let
+ getFqdn = c: let
+ net = c.config.networking;
+ fqdn =
+ if (net ? domain) && (net.domain != null)
+ then "${net.hostName}.${net.domain}"
+ else net.hostName;
+ in
+ fqdn;
+in {
+ mkDeployNodes = systemConfigurations: extraConfig:
+ /*
+ *
+ Synopsis: mkNodes _systemConfigurations_ _extraConfig_
+
+ Generate the `nodes` attribute expected by deploy-rs
+ where _systemConfigurations_ are `nodes`.
+
+ _systemConfigurations_ should take the form of a flake's
+ _nixosConfigurations_. Note that deploy-rs does not currently support
+ deploying to darwin hosts.
+
+ _extraConfig_, if specified, will be merged into each of the
+ nodes' configurations.
+
+ Example _systemConfigurations_ input:
+
+ ```
+ {
+ hostname-1 = {
+ fastConnection = true;
+ sshOpts = [ "-p" "25" ];
+ };
+ hostname-2 = {
+ sshOpts = [ "-p" "19999" ];
+ sshUser = "root";
+ };
+ }
+ ```
+ *
+ */
+ lib.recursiveUpdate
+ (lib.mapAttrs
+ (
+ _: c: {
+ hostname = getFqdn c;
+ profiles.system = {
+ user = "root";
+ path = inputs.deploy-rs.lib.${c.pkgs.stdenv.hostPlatform.system}.activate.nixos c;
+ };
+ }
+ )
+ systemConfigurations)
+ extraConfig;
+}
diff --git a/modules/arduino/default.nix b/modules/arduino/default.nix
index 4011735f..489f9c62 100644
--- a/modules/arduino/default.nix
+++ b/modules/arduino/default.nix
@@ -6,7 +6,7 @@
}:
with lib; let
psCfg = config.pub-solar;
- cfg = config.pub-solar.devops;
+ cfg = config.pub-solar.arduino;
in {
options.pub-solar.arduino = {
enable = mkEnableOption "Life with home automation";
diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix
index 95c58970..869777f3 100644
--- a/modules/ci-runner/default.nix
+++ b/modules/ci-runner/default.nix
@@ -2,7 +2,7 @@
lib,
config,
pkgs,
- self,
+ flake,
...
}:
with lib; let
@@ -37,7 +37,7 @@ in {
};
age.secrets."drone-runner-exec-config" = {
- file = "${self}/secrets/drone-runner-exec-config";
+ file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "700";
owner = psCfg.user.name;
};
diff --git a/modules/core/default.nix b/modules/core/default.nix
index 5f6161de..6b85b9df 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -12,7 +12,6 @@ in {
./fonts.nix
./i18n.nix
./networking.nix
- ./nix.nix
./packages.nix
./services.nix
];
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 00000000..41a1dae8
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,97 @@
+{
+ self,
+ inputs,
+ ...
+}: {
+ # Configuration common to all Linux systems
+ flake = {
+ nixosModules = rec {
+ arduino = import ./arduino;
+ audio = import ./audio;
+ ci-runner = import ./ci-runner;
+ core = import ./core;
+ crypto = import ./crypto;
+ devops = import ./devops;
+ docker = import ./docker;
+ docker-ci-runner = import ./docker-ci-runner;
+ email = import ./email;
+ gaming = import ./gaming;
+ graphical = import ./graphical;
+ mobile = import ./mobile;
+ nix = import ./nix;
+ nextcloud = import ./nextcloud;
+ office = import ./office;
+ paperless = import ./paperless;
+ paranoia = import ./paranoia;
+ printing = import ./printing;
+ social = import ./social;
+ sway = import ./sway;
+ terminal-life = import ./terminal-life;
+ uhk = import ./uhk;
+ user = import ./user;
+ virtualisation = import ./virtualisation;
+
+ base.imports = [
+ self.nixosModules.home-manager
+ inputs.agenix.nixosModules.default
+ inputs.musnix.nixosModules.musnix
+
+ ({
+ flake,
+ pkgs,
+ lib,
+ unstable,
+ master,
+ ...
+ }: {
+ nixpkgs.overlays = (import ../overlays) ++ [
+ (prev: next: {
+ scan2paperless = inputs.scan2paperless.legacyPackages.${prev.system}.scan2paperless;
+ nixd = inputs.unstable.legacyPackages.${prev.system}.nixd;
+
+ factorio-headless = inputs.master.legacyPackages.${prev.system}.factorio-headless;
+ paperless-ngx = inputs.master.legacyPackages.${prev.system}.paperless-ngx;
+ waybar = inputs.master.legacyPackages.${prev.system}.waybar;
+ element-desktop = inputs.master.legacyPackages.${prev.system}.element-desktop;
+
+ adlist = inputs.adblock-unbound.packages.${prev.system};
+ })
+ ];
+
+ nix.nixPath = [
+ "nixpkgs=${inputs.nixpkgs}"
+ "nixos-config=${./lib/compat/nixos}"
+ "home-manager=${inputs.home-manager}"
+ ];
+ })
+
+ self.nixosModules.arduino
+ self.nixosModules.audio
+ self.nixosModules.ci-runner
+ self.nixosModules.core
+ self.nixosModules.crypto
+ self.nixosModules.devops
+ self.nixosModules.docker
+ self.nixosModules.docker-ci-runner
+ self.nixosModules.email
+ self.nixosModules.gaming
+ self.nixosModules.graphical
+ self.nixosModules.mobile
+ self.nixosModules.nix
+ self.nixosModules.nextcloud
+ self.nixosModules.office
+ self.nixosModules.paperless
+ self.nixosModules.paranoia
+ self.nixosModules.printing
+ self.nixosModules.social
+ self.nixosModules.sway
+ self.nixosModules.terminal-life
+ self.nixosModules.uhk
+ self.nixosModules.user
+ self.nixosModules.virtualisation
+
+ self.nixosModules.root
+ ];
+ };
+ };
+}
diff --git a/modules/docker-ci-runner/default.nix b/modules/docker-ci-runner/default.nix
index 6a15f928..9d24bf03 100644
--- a/modules/docker-ci-runner/default.nix
+++ b/modules/docker-ci-runner/default.nix
@@ -2,7 +2,6 @@
lib,
config,
pkgs,
- self,
...
}:
with lib; let
diff --git a/modules/nix-path.nix b/modules/nix-path.nix
deleted file mode 100644
index 5967fd2e..00000000
--- a/modules/nix-path.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- channel,
- inputs,
- ...
-}: {
- nix.nixPath = [
- "nixpkgs=${channel.input}"
- "nixos-config=${../lib/compat/nixos}"
- "home-manager=${inputs.home}"
- ];
-}
diff --git a/modules/core/nix.nix b/modules/nix/default.nix
similarity index 81%
rename from modules/core/nix.nix
rename to modules/nix/default.nix
index 1551ffcb..92af6ac4 100644
--- a/modules/core/nix.nix
+++ b/modules/nix/default.nix
@@ -2,7 +2,7 @@
config,
pkgs,
lib,
- inputs,
+ flake,
...
}: {
nix = {
@@ -10,6 +10,7 @@
package = pkgs.nix;
gc.automatic = true;
optimise.automatic = true;
+
settings = {
# Improve nix store disk usage
auto-optimise-store = true;
@@ -20,6 +21,7 @@
# Allow only group wheel to connect to the nix daemon
allowed-users = ["@wheel"];
};
+
# Generally useful nix option defaults
extraOptions = lib.mkForce ''
experimental-features = flakes nix-command
@@ -28,5 +30,11 @@
keep-derivations = true
fallback = true
'';
+
+ nixPath = [
+ "nixpkgs=${flake.inputs.nixpkgs}"
+ "nixos-config=${../../lib/compat/nixos}"
+ "home-manager=${flake.inputs.home-manager}"
+ ];
};
}
diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix
index b11939f3..c6f94b96 100644
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@@ -2,8 +2,6 @@
lib,
config,
pkgs,
- masterModulesPath,
- inputs,
...
}:
with lib; let
@@ -11,14 +9,6 @@ with lib; let
cfg = config.pub-solar.paperless;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
- imports = [
- "${masterModulesPath}/services/misc/paperless.nix"
- ];
-
- disabledModules = [
- "services/misc/paperless.nix"
- ];
-
options.pub-solar.paperless = {
enable = mkEnableOption "All you need to go paperless";
ocrLanguage = mkOption {
@@ -95,7 +85,7 @@ in {
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [
- inputs.scan2paperless.legacyPackages.x86_64-linux.scan2paperless
+ scan2paperless
sane-backends
python310Packages.img2pdf
];
diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix
index 56c64a1b..0b2537c5 100644
--- a/modules/paranoia/default.nix
+++ b/modules/paranoia/default.nix
@@ -32,7 +32,7 @@ in {
# Don't set this if you need sftp
services.openssh.allowSFTP = false;
- services.openssh.openFirewall = false; # Lock yourself out
+ # services.openssh.openFirewall = false; # Lock yourself out
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
diff --git a/modules/terminal-life/bash/default.nix b/modules/terminal-life/bash/default.nix
index 1fd8bc3a..17cc41e9 100644
--- a/modules/terminal-life/bash/default.nix
+++ b/modules/terminal-life/bash/default.nix
@@ -1,7 +1,6 @@
{
config,
pkgs,
- self,
...
}: let
psCfg = config.pub-solar;
@@ -106,8 +105,6 @@ in {
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix";
- # fix nixos-option
- nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
nnn = "nnn -d -e -H -r";
};
diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix
index c137f588..148d6624 100644
--- a/modules/terminal-life/default.nix
+++ b/modules/terminal-life/default.nix
@@ -2,7 +2,6 @@
lib,
config,
pkgs,
- self,
...
}:
with lib; let
@@ -24,17 +23,6 @@ in {
config = mkIf cfg.enable {
programs.command-not-found.enable = false;
- environment.systemPackages = with pkgs; [
- screen
- ];
-
- # Starship is a fast and featureful shell prompt
- # starship.toml has sane defaults that can be changed there
- programs.starship = {
- enable = true;
- settings = import ./starship.toml.nix;
- };
-
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
@@ -55,25 +43,34 @@ in {
];
}))
powerline
+ screen
silver-searcher
watson
];
+ # Starship is a fast and featureful shell prompt
+ # starship.toml has sane defaults that can be changed there
+ programs.starship = {
+ enable = true;
+ settings = import ./starship.toml.nix;
+ };
+
programs.bash = import ./bash {
inherit config;
inherit pkgs;
- inherit self;
inherit lib;
};
+
programs.fzf = import ./fzf {
inherit config;
inherit pkgs;
};
+
programs.neovim = import ./nvim {
inherit config;
inherit pkgs;
inherit lib;
};
};
- };
+ };
}
diff --git a/profiles/base-user/.config/dircolors b/modules/user/.config/dircolors
similarity index 100%
rename from profiles/base-user/.config/dircolors
rename to modules/user/.config/dircolors
diff --git a/profiles/base-user/.config/git/config.nix b/modules/user/.config/git/config.nix
similarity index 100%
rename from profiles/base-user/.config/git/config.nix
rename to modules/user/.config/git/config.nix
diff --git a/profiles/base-user/.config/git/gitmessage.nix b/modules/user/.config/git/gitmessage.nix
similarity index 100%
rename from profiles/base-user/.config/git/gitmessage.nix
rename to modules/user/.config/git/gitmessage.nix
diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/modules/user/.config/git/global_gitignore.nix
similarity index 100%
rename from profiles/base-user/.config/git/global_gitignore.nix
rename to modules/user/.config/git/global_gitignore.nix
diff --git a/profiles/base-user/.config/libinput-gestures.conf b/modules/user/.config/libinput-gestures.conf
similarity index 100%
rename from profiles/base-user/.config/libinput-gestures.conf
rename to modules/user/.config/libinput-gestures.conf
diff --git a/profiles/base-user/.config/mako/config b/modules/user/.config/mako/config
similarity index 100%
rename from profiles/base-user/.config/mako/config
rename to modules/user/.config/mako/config
diff --git a/profiles/base-user/.config/mimeapps.list b/modules/user/.config/mimeapps.list
similarity index 100%
rename from profiles/base-user/.config/mimeapps.list
rename to modules/user/.config/mimeapps.list
diff --git a/profiles/base-user/.config/mutt/base16.muttrc b/modules/user/.config/mutt/base16.muttrc
similarity index 100%
rename from profiles/base-user/.config/mutt/base16.muttrc
rename to modules/user/.config/mutt/base16.muttrc
diff --git a/profiles/base-user/.config/mutt/mailcap b/modules/user/.config/mutt/mailcap
similarity index 100%
rename from profiles/base-user/.config/mutt/mailcap
rename to modules/user/.config/mutt/mailcap
diff --git a/profiles/base-user/.config/mutt/muttrc b/modules/user/.config/mutt/muttrc
similarity index 100%
rename from profiles/base-user/.config/mutt/muttrc
rename to modules/user/.config/mutt/muttrc
diff --git a/profiles/base-user/.config/offlineimap/functions.py b/modules/user/.config/offlineimap/functions.py
similarity index 100%
rename from profiles/base-user/.config/offlineimap/functions.py
rename to modules/user/.config/offlineimap/functions.py
diff --git a/profiles/base-user/.config/user-dirs.dirs b/modules/user/.config/user-dirs.dirs
similarity index 100%
rename from profiles/base-user/.config/user-dirs.dirs
rename to modules/user/.config/user-dirs.dirs
diff --git a/profiles/base-user/.config/user-dirs.locale b/modules/user/.config/user-dirs.locale
similarity index 100%
rename from profiles/base-user/.config/user-dirs.locale
rename to modules/user/.config/user-dirs.locale
diff --git a/profiles/base-user/.config/waybar/colorscheme.css b/modules/user/.config/waybar/colorscheme.css
similarity index 100%
rename from profiles/base-user/.config/waybar/colorscheme.css
rename to modules/user/.config/waybar/colorscheme.css
diff --git a/profiles/base-user/.config/waybar/config b/modules/user/.config/waybar/config
similarity index 100%
rename from profiles/base-user/.config/waybar/config
rename to modules/user/.config/waybar/config
diff --git a/profiles/base-user/.config/waybar/style.css b/modules/user/.config/waybar/style.css
similarity index 100%
rename from profiles/base-user/.config/waybar/style.css
rename to modules/user/.config/waybar/style.css
diff --git a/profiles/base-user/.config/xmodmap b/modules/user/.config/xmodmap
similarity index 100%
rename from profiles/base-user/.config/xmodmap
rename to modules/user/.config/xmodmap
diff --git a/profiles/base-user/.config/xsettingsd/xsettingsd.conf b/modules/user/.config/xsettingsd/xsettingsd.conf
similarity index 100%
rename from profiles/base-user/.config/xsettingsd/xsettingsd.conf
rename to modules/user/.config/xsettingsd/xsettingsd.conf
diff --git a/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json b/modules/user/.local/share/nvim/json-schemas/caddy_schema.json
similarity index 100%
rename from profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json
rename to modules/user/.local/share/nvim/json-schemas/caddy_schema.json
diff --git a/profiles/base-user/.local/share/scripts/base16.sh b/modules/user/.local/share/scripts/base16.sh
similarity index 100%
rename from profiles/base-user/.local/share/scripts/base16.sh
rename to modules/user/.local/share/scripts/base16.sh
diff --git a/profiles/base-user/.xinitrc b/modules/user/.xinitrc
similarity index 100%
rename from profiles/base-user/.xinitrc
rename to modules/user/.xinitrc
diff --git a/profiles/base-user/assets/wallpaper.jpg b/modules/user/assets/wallpaper.jpg
similarity index 100%
rename from profiles/base-user/assets/wallpaper.jpg
rename to modules/user/assets/wallpaper.jpg
diff --git a/modules/user/default.nix b/modules/user/default.nix
index 516346eb..83e28247 100644
--- a/modules/user/default.nix
+++ b/modules/user/default.nix
@@ -1,12 +1,16 @@
{
- lib,
config,
pkgs,
+ lib,
...
-}:
-with lib; let
- cfg = config.pub-solar;
-in {
+}: let
+ psCfg = config.pub-solar;
+in
+with lib; {
+ imports = [
+ ./home.nix
+ ];
+
options.pub-solar = {
user = {
name = mkOption {
@@ -46,4 +50,37 @@ in {
};
};
};
+
+ config = {
+ users = {
+ mutableUsers = false;
+
+ users = with pkgs;
+ pkgs.lib.setAttrByPath [psCfg.user.name] {
+ # Indicates whether this is an account for a “real” user.
+ # This automatically sets group to users, createHome to true,
+ # home to /home/username, useDefaultShell to true, and isSystemUser to false.
+ isNormalUser = true;
+ description = psCfg.user.description;
+ extraGroups = [
+ "input"
+ "lp"
+ "networkmanager"
+ "scanner"
+ "video"
+ "dialout"
+ "wheel"
+ ];
+ shell = pkgs.bash;
+ initialHashedPassword =
+ if psCfg.user.password != null
+ then psCfg.user.password
+ else "";
+ openssh.authorizedKeys.keys =
+ if psCfg.user.publicKeys != null
+ then psCfg.user.publicKeys
+ else [];
+ };
+ };
+ };
}
diff --git a/profiles/base-user/home.nix b/modules/user/home.nix
similarity index 99%
rename from profiles/base-user/home.nix
rename to modules/user/home.nix
index 324fd4ec..04476e0d 100644
--- a/profiles/base-user/home.nix
+++ b/modules/user/home.nix
@@ -20,6 +20,7 @@ in {
# paths it should manage.
home.username = psCfg.user.name;
home.homeDirectory = "/home/${psCfg.user.name}";
+ home.stateVersion = "22.11";
home.packages = with pkgs; [];
diff --git a/profiles/base-user/mimeapps.nix b/modules/user/mimeapps.nix
similarity index 100%
rename from profiles/base-user/mimeapps.nix
rename to modules/user/mimeapps.nix
diff --git a/profiles/base-user/session-variables.nix b/modules/user/session-variables.nix
similarity index 100%
rename from profiles/base-user/session-variables.nix
rename to modules/user/session-variables.nix
diff --git a/overlays/default.nix b/overlays/default.nix
new file mode 100644
index 00000000..aa0d0ea5
--- /dev/null
+++ b/overlays/default.nix
@@ -0,0 +1,8 @@
+[
+ (import ../pkgs)
+ (import ./blesh.nix)
+ (import ./manix.nix)
+ (import ./rnix-lsp.nix)
+ (import ./neovim-plugins.nix)
+ (import ./signal-desktop.nix)
+]
diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix
deleted file mode 100644
index 10e186d6..00000000
--- a/profiles/audio/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.audio.enable = true;
-}
diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix
deleted file mode 100644
index 578b35bf..00000000
--- a/profiles/base-user/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}: let
- psCfg = config.pub-solar;
-in {
- imports = [
- ./home.nix
- ];
-
- users = {
- mutableUsers = false;
-
- users = with pkgs;
- pkgs.lib.setAttrByPath [psCfg.user.name] {
- # Indicates whether this is an account for a “real” user.
- # This automatically sets group to users, createHome to true,
- # home to /home/username, useDefaultShell to true, and isSystemUser to false.
- isNormalUser = true;
- description = psCfg.user.description;
- extraGroups = [
- "input"
- "lp"
- "networkmanager"
- "scanner"
- "video"
- "dialout"
- "wheel"
- ];
- shell = pkgs.bash;
- initialHashedPassword =
- if psCfg.user.password != null
- then psCfg.user.password
- else "";
- openssh.authorizedKeys.keys =
- if psCfg.user.publicKeys != null
- then psCfg.user.publicKeys
- else [];
- };
- };
-}
diff --git a/profiles/core/default.nix b/profiles/core/default.nix
deleted file mode 100644
index b26f1729..00000000
--- a/profiles/core/default.nix
+++ /dev/null
@@ -1,109 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- inputs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- # Sets nrdxp.cachix.org binary cache which just speeds up some builds
- imports = [../cachix];
-
- config = {
- pub-solar.terminal-life.enable = true;
- pub-solar.audio.enable = true;
- pub-solar.crypto.enable = true;
- pub-solar.devops.enable = true;
-
- # This is just a representation of the nix default
- nix.systemFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
-
- environment = {
- systemPackages = with pkgs; [
- # Core unix utility packages
- coreutils-full
- progress
- dnsutils
- inetutils
- mtr
- pciutils
- usbutils
- gitFull
- git-lfs
- git-bug
- wget
- openssl
- openssh
- curl
- htop
- lsof
- psmisc
- xdg-utils
- sysfsutils
- renameutils
- nfs-utils
- moreutils
- mailutils
- keyutils
- input-utils
- elfutils
- binutils
- dateutils
- diffutils
- findutils
- exfat
- file
-
- # zippit
- zip
- unzip
-
- # Modern modern utilities
- p7zip
- croc
- jq
-
- # Nix specific utilities
- niv
- manix
- nix-index
- nix-tree
- nixpkgs-review
- # Build broken, python2.7-PyJWT-2.0.1.drv' failed
- #nixops
- psos
- nvd
-
- # Fun
- neofetch
- ];
- };
-
- fonts = {
- fonts = with pkgs; [powerline-fonts dejavu_fonts];
-
- fontconfig.defaultFonts = {
- monospace = ["DejaVu Sans Mono for Powerline"];
-
- sansSerif = ["DejaVu Sans"];
- };
- };
-
- # For rage encryption, all hosts need a ssh key pair
- services.openssh = {
- enable = true;
- openFirewall = lib.mkDefault true;
- passwordAuthentication = false;
- };
-
- # Service that makes Out of Memory Killer more effective
- services.earlyoom.enable = true;
-
- # Use latest LTS linux kernel by default
- boot.kernelPackages = pkgs.linuxPackages_5_15;
-
- boot.supportedFilesystems = ["ntfs"];
- };
-}
diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix
deleted file mode 100644
index 908b4996..00000000
--- a/profiles/full-install/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- config = {
- pub-solar.audio.bluetooth.enable = true;
- pub-solar.docker.enable = true;
- pub-solar.nextcloud.enable = true;
- pub-solar.office.enable = true;
- # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
- };
-}
diff --git a/profiles/gaming/default.nix b/profiles/gaming/default.nix
deleted file mode 100644
index 48c7f6f7..00000000
--- a/profiles/gaming/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.gaming.enable = true;
-}
diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix
deleted file mode 100644
index c4937b38..00000000
--- a/profiles/graphical/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.graphical.enable = true;
- pub-solar.sway.enable = true;
-}
diff --git a/profiles/iot/default.nix b/profiles/iot/default.nix
deleted file mode 100644
index eb37aabf..00000000
--- a/profiles/iot/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.graphical.enable = false;
- pub-solar.x-os.localProxyService.enable = false;
- pub-solar.sway.enable = false;
-}
diff --git a/profiles/mobile/default.nix b/profiles/mobile/default.nix
deleted file mode 100644
index ce35e38b..00000000
--- a/profiles/mobile/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.mobile.enable = true;
-}
diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix
deleted file mode 100644
index fa973283..00000000
--- a/profiles/pub-solar-iso/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- config = {
- pub-solar.graphical.wayland.software-renderer.enable = true;
- pub-solar.sway.terminal = "foot";
- pub-solar.core.iso-options.enable = true;
- };
-}
diff --git a/profiles/social/default.nix b/profiles/social/default.nix
deleted file mode 100644
index fb04d9e6..00000000
--- a/profiles/social/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.social.enable = true;
-}
diff --git a/profiles/virtualisation/default.nix b/profiles/virtualisation/default.nix
deleted file mode 100644
index 2dd2c4fb..00000000
--- a/profiles/virtualisation/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- self,
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) fileContents;
-in {
- pub-solar.virtualisation.enable = true;
-}
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index 575a5d82..00000000
--- a/shell.nix
+++ /dev/null
@@ -1 +0,0 @@
-(import ./lib/compat).shellNix
diff --git a/shell/default.nix b/shell/default.nix
deleted file mode 100644
index 4d00b9ef..00000000
--- a/shell/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- self,
- inputs,
- ...
-}: {
- modules = with inputs; [
- ];
- exportedModules = [
- ./devos.nix
- ];
-}
diff --git a/shell/devos.nix b/shell/devos.nix
deleted file mode 100644
index 3a61ec3c..00000000
--- a/shell/devos.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{
- pkgs,
- extraModulesPath,
- inputs,
- lib,
- ...
-}: let
- inherit
- (pkgs)
- agenix
- alejandra
- cachix
- editorconfig-checker
- nix
- nodePackages
- nvfetcher
- shellcheck
- shfmt
- treefmt
- nixos-generators
- ;
-
- inherit
- (pkgs.nodePackages)
- prettier
- ;
-
- pkgWithCategory = category: package: {inherit package category;};
- devos = pkgWithCategory "devos";
- formatter = pkgWithCategory "linter";
-in {
- imports = ["${extraModulesPath}/git/hooks.nix" ./hooks];
-
- # override for our own welcome
- devshell.name = pkgs.lib.mkForce "PubSolarOS";
-
- packages = [
- alejandra
- editorconfig-checker
- nodePackages.prettier
- shellcheck
- shfmt
- ];
-
- commands = with pkgs;
- [
- (devos nix)
- (devos agenix)
- {
- category = "devos";
- name = pkgs.nvfetcher.pname;
- help = pkgs.nvfetcher.meta.description;
- command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher}/bin/nvfetcher -c ./sources.toml $@";
- }
- (formatter treefmt)
- ]
- ++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [
- (devos cachix)
- ]
- ++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
- (devos nixos-generators)
- (devos deploy-rs.deploy-rs)
- ];
-}
diff --git a/shell/hooks/default.nix b/shell/hooks/default.nix
deleted file mode 100644
index 1d60d49c..00000000
--- a/shell/hooks/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- git.hooks = {
- enable = true;
- pre-commit.text = builtins.readFile ./pre-commit.sh;
- };
-}
diff --git a/shell/hooks/pre-commit.sh b/shell/hooks/pre-commit.sh
deleted file mode 100755
index 27fff872..00000000
--- a/shell/hooks/pre-commit.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-# Check editorconfig
-if ! editorconfig-checker; then
- printf "%b\n" \
- "\nCode is not aligned with .editorconfig" \
- "Review the output and commit your fixes" >&2
- exit 1
-fi
diff --git a/users/b12f/concepts-and-training.nix b/users/b12f/concepts-and-training.nix
index 6e98ef6c..e97b8ee3 100644
--- a/users/b12f/concepts-and-training.nix
+++ b/users/b12f/concepts-and-training.nix
@@ -2,7 +2,7 @@
config,
pkgs,
lib,
- self,
+ flake,
...
}:
with lib; let
@@ -10,13 +10,13 @@ with lib; let
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
age.secrets."cat-test.ovpn" = {
- file = "${self}/secrets/cat-test.ovpn";
+ file = "${flake.self}/secrets/cat-test.ovpn";
mode = "700";
owner = psCfg.user.name;
};
age.secrets.".fwknoprc" = {
- file = "${self}/secrets/.fwknoprc";
+ file = "${flake.self}/secrets/.fwknoprc";
mode = "600";
};
diff --git a/users/b12f/default.nix b/users/b12f/default.nix
index c83bacd8..6e8e06a2 100644
--- a/users/b12f/default.nix
+++ b/users/b12f/default.nix
@@ -1,9 +1,8 @@
{
- self,
config,
- hmUsers,
pkgs,
lib,
+ flake,
...
}: let
psCfg = config.pub-solar;
@@ -14,12 +13,10 @@ in {
];
config = {
- home-manager.users = {inherit (hmUsers) b12f;};
-
services.yubikey-agent.enable = true;
age.secrets.b12f-env-secrets = {
- file = "${self}/secrets/b12f-env-secrets";
+ file = "${flake.self}/secrets/b12f-env-secrets";
mode = "400";
owner = psCfg.user.name;
};
@@ -57,8 +54,12 @@ in {
arduino.enable = true;
email.enable = true;
uhk.enable = true;
+ social.enable = false;
+ gaming.enable = false;
+ mobile.enable = false;
audio.spotify.enable = true;
audio.spotify.username = "spotify@benjaminbaedorf.eu";
+ audio.mopidy.enable = false;
};
# Needed for the udev rules for solaar
diff --git a/users/b12f/home.nix b/users/b12f/home.nix
index 70a96b7b..c745e3e9 100644
--- a/users/b12f/home.nix
+++ b/users/b12f/home.nix
@@ -2,7 +2,7 @@
config,
pkgs,
lib,
- self,
+ flake,
...
}:
with lib; let
@@ -14,8 +14,6 @@ in {
./concepts-and-training.nix
];
- pub-solar.audio.mopidy.enable = false;
-
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [
present-md
@@ -124,7 +122,7 @@ in {
};
age.secrets."mopidy.conf" = {
- file = "${self}/secrets/mopidy.conf";
+ file = "${flake.self}/secrets/mopidy.conf";
mode = "700";
owner = "b12f";
};
diff --git a/users/default.nix b/users/default.nix
new file mode 100644
index 00000000..856549b9
--- /dev/null
+++ b/users/default.nix
@@ -0,0 +1,9 @@
+{
+ flake = {
+ nixosModules = rec {
+ root = import ./root;
+ b12f = import ./b12f;
+ yule = import ./yule;
+ };
+ };
+}
diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix
index ce4b74b6..93138fcb 100644
--- a/users/pub-solar/default.nix
+++ b/users/pub-solar/default.nix
@@ -1,6 +1,4 @@
-{hmUsers, ...}: {
- home-manager.users = {inherit (hmUsers) pub-solar;};
-
+{config, ...}: {
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,
diff --git a/users/yule/default.nix b/users/yule/default.nix
index 3ac3b758..0aa35450 100644
--- a/users/yule/default.nix
+++ b/users/yule/default.nix
@@ -1,6 +1,5 @@
{
config,
- hmUsers,
pkgs,
lib,
...
@@ -8,8 +7,6 @@
psCfg = config.pub-solar;
in {
config = {
- home-manager.users = {inherit (hmUsers) yule;};
-
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,