From 13ad9a26f3bfeb78af440ade44cdbdecedecc7b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 12 Sep 2023 22:07:05 +0200 Subject: [PATCH 1/3] refactor: Remove digga --- flake.lock | 321 +++++++----------- flake.nix | 291 ++++++---------- hosts/PubSolarOS.nix | 21 -- hosts/biolimo/biolimo.nix | 47 --- hosts/biolimo/configuration.nix | 47 ++- hosts/biolimo/default.nix | 11 +- hosts/bootstrap.nix | 54 --- hosts/chocolatebar/chocolatebar.nix | 109 ------ hosts/chocolatebar/configuration.nix | 106 +++++- hosts/chocolatebar/default.nix | 14 +- hosts/chocolatebar/factorio/default.nix | 1 - hosts/default.nix | 43 +++ hosts/droppie/configuration.nix | 56 ++- hosts/droppie/default.nix | 14 +- hosts/droppie/droppie.nix | 60 ---- hosts/maoam/maoam.nix | 1 - hosts/pie/configuration.nix | 38 ++- hosts/pie/default.nix | 15 +- hosts/pie/pie.nix | 47 --- hosts/pie/unbound.nix | 7 +- modules/arduino/default.nix | 2 +- modules/ci-runner/default.nix | 4 +- modules/core/default.nix | 1 - modules/default.nix | 31 ++ modules/docker-ci-runner/default.nix | 1 - modules/nix-path.nix | 11 - modules/{core/nix.nix => nix/default.nix} | 10 +- modules/paperless/default.nix | 12 +- modules/paranoia/default.nix | 2 +- modules/terminal-life/bash/default.nix | 3 - modules/terminal-life/default.nix | 25 +- .../user}/.config/dircolors | 0 .../user}/.config/git/config.nix | 0 .../user}/.config/git/gitmessage.nix | 0 .../user}/.config/git/global_gitignore.nix | 0 .../user}/.config/libinput-gestures.conf | 0 .../user}/.config/mako/config | 0 .../user}/.config/mimeapps.list | 0 .../user}/.config/mutt/base16.muttrc | 0 .../user}/.config/mutt/mailcap | 0 .../user}/.config/mutt/muttrc | 0 .../user}/.config/offlineimap/functions.py | 0 .../user}/.config/user-dirs.dirs | 0 .../user}/.config/user-dirs.locale | 0 .../user}/.config/waybar/colorscheme.css | 0 .../user}/.config/waybar/config | 0 .../user}/.config/waybar/style.css | 0 .../user}/.config/xmodmap | 0 .../user}/.config/xsettingsd/xsettingsd.conf | 0 .../share/nvim/json-schemas/caddy_schema.json | 0 .../user}/.local/share/scripts/base16.sh | 0 {profiles/base-user => modules/user}/.xinitrc | 0 .../user}/assets/wallpaper.jpg | Bin modules/user/default.nix | 47 ++- {profiles/base-user => modules/user}/home.nix | 1 + .../base-user => modules/user}/mimeapps.nix | 0 .../user}/session-variables.nix | 0 overlays/default.nix | 8 + profiles/audio/default.nix | 11 - profiles/base-user/default.nix | 43 --- profiles/core/default.nix | 109 ------ profiles/full-install/default.nix | 17 - profiles/gaming/default.nix | 11 - profiles/graphical/default.nix | 12 - profiles/iot/default.nix | 13 - profiles/mobile/default.nix | 11 - profiles/pub-solar-iso/default.nix | 15 - profiles/social/default.nix | 11 - profiles/virtualisation/default.nix | 11 - users/b12f/concepts-and-training.nix | 6 +- users/b12f/default.nix | 11 +- users/b12f/home.nix | 6 +- users/default.nix | 9 + users/pub-solar/default.nix | 4 +- users/yule/default.nix | 3 - 75 files changed, 653 insertions(+), 1111 deletions(-) delete mode 100644 hosts/PubSolarOS.nix delete mode 100644 hosts/biolimo/biolimo.nix delete mode 100644 hosts/bootstrap.nix delete mode 100644 hosts/chocolatebar/chocolatebar.nix create mode 100644 hosts/default.nix delete mode 100644 hosts/droppie/droppie.nix delete mode 100644 hosts/pie/pie.nix create mode 100644 modules/default.nix delete mode 100644 modules/nix-path.nix rename modules/{core/nix.nix => nix/default.nix} (81%) rename {profiles/base-user => modules/user}/.config/dircolors (100%) rename {profiles/base-user => modules/user}/.config/git/config.nix (100%) rename {profiles/base-user => modules/user}/.config/git/gitmessage.nix (100%) rename {profiles/base-user => modules/user}/.config/git/global_gitignore.nix (100%) rename {profiles/base-user => modules/user}/.config/libinput-gestures.conf (100%) rename {profiles/base-user => modules/user}/.config/mako/config (100%) rename {profiles/base-user => modules/user}/.config/mimeapps.list (100%) rename {profiles/base-user => modules/user}/.config/mutt/base16.muttrc (100%) rename {profiles/base-user => modules/user}/.config/mutt/mailcap (100%) rename {profiles/base-user => modules/user}/.config/mutt/muttrc (100%) rename {profiles/base-user => modules/user}/.config/offlineimap/functions.py (100%) rename {profiles/base-user => modules/user}/.config/user-dirs.dirs (100%) rename {profiles/base-user => modules/user}/.config/user-dirs.locale (100%) rename {profiles/base-user => modules/user}/.config/waybar/colorscheme.css (100%) rename {profiles/base-user => modules/user}/.config/waybar/config (100%) rename {profiles/base-user => modules/user}/.config/waybar/style.css (100%) rename {profiles/base-user => modules/user}/.config/xmodmap (100%) rename {profiles/base-user => modules/user}/.config/xsettingsd/xsettingsd.conf (100%) rename {profiles/base-user => modules/user}/.local/share/nvim/json-schemas/caddy_schema.json (100%) rename {profiles/base-user => modules/user}/.local/share/scripts/base16.sh (100%) rename {profiles/base-user => modules/user}/.xinitrc (100%) rename {profiles/base-user => modules/user}/assets/wallpaper.jpg (100%) rename {profiles/base-user => modules/user}/home.nix (99%) rename {profiles/base-user => modules/user}/mimeapps.nix (100%) rename {profiles/base-user => modules/user}/session-variables.nix (100%) create mode 100644 overlays/default.nix delete mode 100644 profiles/audio/default.nix delete mode 100644 profiles/base-user/default.nix delete mode 100644 profiles/core/default.nix delete mode 100644 profiles/full-install/default.nix delete mode 100644 profiles/gaming/default.nix delete mode 100644 profiles/graphical/default.nix delete mode 100644 profiles/iot/default.nix delete mode 100644 profiles/mobile/default.nix delete mode 100644 profiles/pub-solar-iso/default.nix delete mode 100644 profiles/social/default.nix delete mode 100644 profiles/virtualisation/default.nix create mode 100644 users/default.nix diff --git a/flake.lock b/flake.lock index f3410075..a543c0c9 100644 --- a/flake.lock +++ b/flake.lock @@ -5,7 +5,7 @@ "adblockStevenBlack": "adblockStevenBlack", "flake-utils": "flake-utils", "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -41,10 +41,10 @@ "agenix": { "inputs": { "darwin": [ - "darwin" + "nix-darwin" ], "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -61,32 +61,12 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1688307440, - "narHash": "sha256-7PTjbN+/+b799YN7Tk2SS5Vh8A0L3gBo8hmB7Y0VXug=", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "b06bab83bdf285ea0ae3c8e145a081eb95959047", - "type": "github" - }, - "original": { - "owner": "LnL7", - "repo": "nix-darwin", - "type": "github" - } - }, "deno2nix": { "inputs": { - "devshell": "devshell_3", + "devshell": "devshell_2", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1686513235, @@ -102,22 +82,22 @@ "url": "https://git.pub.solar/b12f/deno2.nix.git" } }, - "deploy": { + "deploy-rs": { "inputs": { "flake-compat": [ "flake-compat" ], "nixpkgs": [ - "nixos" + "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1686747123, - "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", + "lastModified": 1695052866, + "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "owner": "serokell", "repo": "deploy-rs", - "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", + "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "type": "github" }, "original": { @@ -127,28 +107,6 @@ } }, "devshell": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "digga", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1671489820, - "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=", - "owner": "numtide", - "repo": "devshell", - "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "devshell_2": { "inputs": { "nixpkgs": [ "keycloak-theme-pub-solar", @@ -170,7 +128,7 @@ "type": "github" } }, - "devshell_3": { + "devshell_2": { "inputs": { "nixpkgs": [ "scan2paperless", @@ -193,7 +151,7 @@ "type": "github" } }, - "devshell_4": { + "devshell_3": { "inputs": { "nixpkgs": [ "scan2paperless", @@ -215,46 +173,6 @@ "type": "github" } }, - "digga": { - "inputs": { - "darwin": [ - "darwin" - ], - "deploy": [ - "deploy" - ], - "devshell": "devshell", - "flake-compat": [ - "flake-compat" - ], - "flake-utils": "flake-utils_3", - "flake-utils-plus": "flake-utils-plus", - "home-manager": [ - "home" - ], - "nixlib": [ - "nixos" - ], - "nixpkgs": [ - "nixos" - ], - "nixpkgs-unstable": "nixpkgs-unstable" - }, - "locked": { - "lastModified": 1674947971, - "narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=", - "owner": "pub-solar", - "repo": "digga", - "rev": "2da608bd8afb48afef82c6b1b6d852a36094a497", - "type": "github" - }, - "original": { - "owner": "pub-solar", - "ref": "fix/bootstrap-iso", - "repo": "digga", - "type": "github" - } - }, "fix-atomic-container-restarts": { "locked": { "lastModified": 1688325567, @@ -319,6 +237,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -334,59 +270,7 @@ "type": "github" } }, - "flake-utils-plus": { - "inputs": { - "flake-utils": [ - "digga", - "flake-utils" - ] - }, - "locked": { - "lastModified": 1654029967, - "narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "ref": "refs/pull/120/head", - "repo": "flake-utils-plus", - "type": "github" - } - }, "flake-utils_2": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "inputs": { "systems": "systems_2" }, @@ -404,7 +288,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_3": { "inputs": { "systems": "systems_4" }, @@ -422,7 +306,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_4": { "inputs": { "systems": "systems_6" }, @@ -440,18 +324,18 @@ "type": "github" } }, - "home": { + "home-manager": { "inputs": { "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { - "lastModified": 1687871164, - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { @@ -463,10 +347,10 @@ }, "keycloak-theme-pub-solar": { "inputs": { - "devshell": "devshell_2", - "flake-utils": "flake-utils_4", + "devshell": "devshell", + "flake-utils": "flake-utils_2", "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -484,22 +368,6 @@ "url": "https://git.pub.solar/pub-solar/keycloak-theme" } }, - "latest": { - "locked": { - "lastModified": 1693663421, - "narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e56990880811a451abd32515698c712788be5720", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "master": { "locked": { "lastModified": 1693817516, @@ -534,19 +402,39 @@ "type": "github" } }, - "nixos": { + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1693636127, - "narHash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1", + "lastModified": 1695686713, + "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "e236a1e598a9a59265897948ac9874c364b9555f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "nixos-flake": { + "locked": { + "lastModified": 1692742948, + "narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=", + "owner": "srid", + "repo": "nixos-flake", + "rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "nixos-flake", "type": "github" } }, @@ -581,23 +469,41 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-lib": { "locked": { - "lastModified": 1672791794, - "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", - "owner": "nixos", + "dir": "lib", + "lastModified": 1693471703, + "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", + "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "type": "github" }, "original": { - "owner": "nixos", + "dir": "lib", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { + "locked": { + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1686412476, "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=", @@ -613,7 +519,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1693158576, "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", @@ -633,28 +539,29 @@ "inputs": { "adblock-unbound": "adblock-unbound", "agenix": "agenix", - "darwin": "darwin", - "deploy": "deploy", - "digga": "digga", + "deploy-rs": "deploy-rs", "fix-atomic-container-restarts": "fix-atomic-container-restarts", "fix-yubikey-agent": "fix-yubikey-agent", "flake-compat": "flake-compat", - "home": "home", + "flake-parts": "flake-parts", + "home-manager": "home-manager", "keycloak-theme-pub-solar": "keycloak-theme-pub-solar", - "latest": "latest", "master": "master", "musnix": "musnix", - "nixos": "nixos", + "nix-darwin": "nix-darwin", + "nixos-flake": "nixos-flake", "nixos-hardware": "nixos-hardware", - "scan2paperless": "scan2paperless" + "nixpkgs": "nixpkgs_2", + "scan2paperless": "scan2paperless", + "unstable": "unstable" } }, "scan2paperless": { "inputs": { "deno2nix": "deno2nix", - "devshell": "devshell_4", - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_3" + "devshell": "devshell_3", + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1693298356, @@ -760,6 +667,22 @@ "type": "github" } }, + "unstable": { + "locked": { + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, diff --git a/flake.nix b/flake.nix index c71c5818..dfd218d9 100644 --- a/flake.nix +++ b/flake.nix @@ -1,42 +1,36 @@ { - description = "A highly structured configuration database."; + description = "b12f hosts"; nixConfig.extra-experimental-features = "nix-command flakes"; inputs = { # Track channels with commits tested and built by hydra - nixos.url = "github:nixos/nixpkgs/nixos-23.05"; - latest.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; - digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; - digga.inputs.nixpkgs.follows = "nixos"; - digga.inputs.nixlib.follows = "nixos"; - digga.inputs.home-manager.follows = "home"; - digga.inputs.deploy.follows = "deploy"; - digga.inputs.darwin.follows = "darwin"; - digga.inputs.flake-compat.follows = "flake-compat"; + nix-darwin.url = "github:lnl7/nix-darwin/master"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager/release-23.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; - home.url = "github:nix-community/home-manager/release-23.05"; - home.inputs.nixpkgs.follows = "nixos"; + flake-parts.url = "github:hercules-ci/flake-parts"; + nixos-flake.url = "github:srid/nixos-flake"; - darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "nixos"; - - deploy.url = "github:serokell/deploy-rs"; - deploy.inputs.nixpkgs.follows = "nixos"; - deploy.inputs.flake-compat.follows = "flake-compat"; + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + deploy-rs.inputs.flake-compat.follows = "flake-compat"; agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "nixos"; - agenix.inputs.darwin.follows = "darwin"; + agenix.inputs.nixpkgs.follows = "nixpkgs"; + agenix.inputs.darwin.follows = "nix-darwin"; nixos-hardware.url = "github:nixos/nixos-hardware"; keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main"; - keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos"; + keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; master.url = "github:nixos/nixpkgs/master"; fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent"; @@ -45,177 +39,114 @@ musnix.url = "github:musnix/musnix"; adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound"; - adblock-unbound.inputs.nixpkgs.follows = "nixos"; + adblock-unbound.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { - self, - digga, - nixos, - home, - nixos-hardware, - agenix, - deploy, - scan2paperless, - musnix, - ... - } @ inputs: - digga.lib.mkFlake - { - inherit self inputs; - - channelsConfig = { - allowUnfree = true; - }; - - supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"]; - - channels = { - nixos = { - imports = [(digga.lib.importOverlays ./overlays)]; - overlays = [ - (self: super: { - deploy-rs = { - inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs; - lib = inputs.deploy.lib.x86_64-linux; - }; - }) - ]; - }; - latest = {}; - }; - - lib = import ./lib {lib = digga.lib // nixos.lib;}; - - sharedOverlays = [ - (final: prev: { - __dontExport = true; - lib = prev.lib.extend (lfinal: lprev: { - our = self.lib; - }); - }) - agenix.overlays.default - - (import ./pkgs) + outputs = inputs@{ self, ... }: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" ]; - nixos = { - hostDefaults = { - system = "x86_64-linux"; - channelName = "nixos"; - imports = [(digga.lib.importExportableModules ./modules)]; - modules = [ - {lib.our = self.lib;} - # FIXME: upstream module causes a huge number of unnecessary - # dependencies to be pulled in for all systems -- many of them are - # graphical. should only be imported as needed. - # digga.nixosModules.bootstrapIso - digga.nixosModules.nixConfig - home.nixosModules.home-manager - agenix.nixosModules.age - musnix.nixosModules.musnix + imports = [ + inputs.nixos-flake.flakeModule + ./modules + ./hosts + ./users + ]; + + perSystem = args@{ system, pkgs, config, ... }: { + _module.args = { + inherit inputs; + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + inputs.agenix.overlays.default + ]; + }; + unstable = import inputs.unstable { inherit system; }; + master = import inputs.master { inherit system; }; + fix-yubikey-agent = import inputs.fix-yubikey-agent { inherit system; }; + }; + + devShells.default = pkgs.mkShell { + buildInputs = [ + pkgs.nixpkgs-fmt + pkgs.agenix + pkgs.ssh-to-age ]; }; - - imports = [(digga.lib.importHosts ./hosts)]; - hosts = { - # Set host-specific properties here - bootstrap = { - modules = [ - digga.nixosModules.bootstrapIso - ]; - }; - PubSolarOS = { - tests = [ - #(import ./tests/first-test.nix { - # pkgs = nixos.legacyPackages.x86_64-linux; - # lib = nixos.lib; - #}) - ]; - }; - - pie = { - system = "aarch64-linux"; - modules = [nixos-hardware.nixosModules.raspberry-pi-4]; - }; - - maoam = { - system = "aarch64-linux"; - }; - }; - importables = rec { - profiles = - digga.lib.rakeLeaves ./profiles - // { - users = digga.lib.rakeLeaves ./users; - }; - - suites = with profiles; rec { - base = [users.pub-solar users.root]; - iso = base ++ [base-user graphical pub-solar-iso]; - pubsolaros = [full-install base-user users.root]; - anonymous = [pubsolaros users.pub-solar]; - - b12f = pubsolaros ++ [users.b12f social gaming mobile]; - biolimo = b12f ++ [graphical]; - chocolatebar = b12f ++ [graphical virtualisation]; - - yule = pubsolaros ++ [users.yule]; - droppie = yule ++ []; - pie = yule ++ []; - maoam = b12f ++ []; - }; - }; }; - home = { - imports = [(digga.lib.importExportableModules ./users/modules)]; - modules = []; - importables = rec { - profiles = digga.lib.rakeLeaves ./users/profiles; - suites = with profiles; rec { - base = [direnv git]; - }; - }; - users = let - default = {suites, ...}: { - imports = suites.base; - home.stateVersion = "21.03"; - }; - in { - pub-solar = default; - b12f = default; - yule = default; - }; - }; + flake = { + nixosModules = rec { + base.imports = [ + self.nixosModules.home-manager + inputs.agenix.nixosModules.default + inputs.musnix.nixosModules.musnix - devshell = ./shell; + ({ + flake, + pkgs, + lib, + unstable, + master, + fix-yubikey-agent, + ... + }: { + nixpkgs.overlays = (import ./overlays) ++ [ + (prev: next: { + scan2paperless = inputs.scan2paperless.legacyPackages.${prev.system}.scan2paperless; + nixd = inputs.unstable.legacyPackages.${prev.system}.nixd; + yubikey-agent = inputs.fix-yubikey-agent.legacyPackages.${prev.system}.yubikey-agent; - homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; + factorio-headless = inputs.master.legacyPackages.${prev.system}.factorio-headless; + paperless-ngx = inputs.master.legacyPackages.${prev.system}.paperless-ngx; + waybar = inputs.master.legacyPackages.${prev.system}.waybar; + element-desktop = inputs.master.legacyPackages.${prev.system}.element-desktop; - deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { - droppie = { - hostname = "backup.b12f.io"; - sshUser = "yule"; + adlist = inputs.adblock-unbound.packages.${prev.system}; + }) + ]; + + nix.nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "nixos-config=${./lib/compat/nixos}" + "home-manager=${inputs.home-manager}" + ]; + }) + + self.nixosModules.arduino + self.nixosModules.audio + self.nixosModules.ci-runner + self.nixosModules.core + self.nixosModules.crypto + self.nixosModules.devops + self.nixosModules.docker + self.nixosModules.docker-ci-runner + self.nixosModules.email + self.nixosModules.gaming + self.nixosModules.graphical + self.nixosModules.mobile + self.nixosModules.nix + self.nixosModules.nextcloud + self.nixosModules.office + self.nixosModules.paperless + self.nixosModules.paranoia + self.nixosModules.printing + self.nixosModules.social + self.nixosModules.sway + self.nixosModules.terminal-life + self.nixosModules.uhk + self.nixosModules.user + self.nixosModules.virtualisation + + self.nixosModules.root + ]; }; - - pie = { - sshUser = "yule"; - }; - - maoam = { - sshUser = "b12f"; - }; - #example = { - # hostname = "example.com:22"; - # sshUser = "bartender"; - # fastConnect = true; - # profilesOrder = ["system" "direnv"]; - # profiles.direnv = { - # user = "bartender"; - # path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender; - # }; - #}; }; }; } diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix deleted file mode 100644 index da0375cd..00000000 --- a/hosts/PubSolarOS.nix +++ /dev/null @@ -1,21 +0,0 @@ -{suites, ...}: { - ### root password is empty by default ### - ### default password: pub-solar, optional: add your SSH keys - imports = - suites.iso; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.networkmanager.enable = true; - - fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? -} diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix deleted file mode 100644 index 97051ded..00000000 --- a/hosts/biolimo/biolimo.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ]; - - config = { - pub-solar.paranoia.enable = true; - pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; - pub-solar.core.hibernation.resumeOffset = 15296512; - - hardware.cpu.intel.updateMicrocode = true; - - networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; - - services.printing.drivers = [ - pkgs.cups-brother-hl3140cw - ]; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - }; - - home.packages = [ - inkscape - ]; - }; - - # For OpenProject development with https - security.pki.certificates = [ - (builtins.readFile ./step-roots.pem) - ]; - }; -} diff --git a/hosts/biolimo/configuration.nix b/hosts/biolimo/configuration.nix index d5c70a17..6b28152d 100644 --- a/hosts/biolimo/configuration.nix +++ b/hosts/biolimo/configuration.nix @@ -1,20 +1,51 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, + lib, pkgs, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + pub-solar.graphical.enable = true; + pub-solar.sway.enable = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 15296512; + + hardware.cpu.intel.updateMicrocode = true; + + networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; + + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + + home-manager = with pkgs; + pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + }; + + home.packages = [ + inkscape + ]; + }; + + # For OpenProject development with https + security.pki.certificates = [ + (builtins.readFile ./step-roots.pem) + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index cbf61ab8..187a1108 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -1,7 +1,6 @@ -{suites, ...}: { - imports = - [ - ./biolimo.nix - ] - ++ suites.biolimo; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; } diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix deleted file mode 100644 index c71f03cc..00000000 --- a/hosts/bootstrap.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - pkgs, - profiles, - ... -}: -with lib; let - # Gets hostname of host to be bundled inside iso - # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11 - getFqdn = config: let - net = config.networking; - fqdn = - if (net ? domain) && (net.domain != null) - then "${net.hostName}.${net.domain}" - else net.hostName; - in - fqdn; -in { - # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` - imports = [ - # profiles.networking - profiles.users.root # make sure to configure ssh keys - profiles.users.pub-solar - profiles.base-user - profiles.graphical - profiles.pub-solar-iso - ]; - - config = { - boot.loader.systemd-boot.enable = true; - - # will be overridden by the bootstrapIso instrumentation - fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; - - system.nixos.label = "PubSolarOS-" + config.system.nixos.version; - - # mkForce because a similar transformation gets double applied otherwise - # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17 - # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22 - isoImage = { - isoBaseName = mkForce (getFqdn config); - isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? - }; -} diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix deleted file mode 100644 index 6de9a7c2..00000000 --- a/hosts/chocolatebar/chocolatebar.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - config, - pkgs, - lib, - self, - inputs, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./virtualisation - ./factorio - ]; - - config = { - hardware.cpu.amd.updateMicrocode = true; - - hardware.opengl.extraPackages = with pkgs; [ - rocm-opencl-icd - rocm-opencl-runtime - ]; - - pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; - pub-solar.core.hibernation.resumeOffset = 115075072; - - pub-solar.paperless.sync.masterNode = true; - - age.secrets."drone-runner-exec-config" = { - file = "${self}/secrets/drone-runner-exec-config"; - mode = "400"; - owner = psCfg.user.name; - }; - - pub-solar.docker-ci-runner = { - enable = true; - runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; - }; - - pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; - - services.openssh.openFirewall = true; - networking.firewall.allowedTCPPorts = - [443] - ++ ( - if psCfg.sway.vnc.enable - then [5901] - else [] - ); - networking.firewall.allowedUDPPorts = [43050]; - - environment.systemPackages = with pkgs; [ - wayvnc - drone-docker-runner - stdenv.cc.cc.lib - pkgs.hplip - ]; - - age.secrets."vnc-key.pem" = { - file = "${self}/secrets/vnc-key-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - age.secrets."vnc-cert.pem" = { - file = "${self}/secrets/vnc-cert-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - pub-solar.sway.vnc.enable = true; - - services.printing.drivers = [ - pkgs.cups-brother-hl3140cw - ]; - - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" - ''; - - home-manager.users."${psCfg.user.name}" = { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - }; - - home.sessionVariables = { - NIX_CC = "${pkgs.stdenv.cc}"; - }; - - home.packages = with pkgs; [ - lmms - audacity - ]; - }; - - musnix = { - enable = true; - kernel.realtime = true; - }; - - # For OpenProject development with https - security.pki.certificates = [ - (builtins.readFile ./step-roots.pem) - ]; - }; -} diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix index d5c70a17..5582e91a 100644 --- a/hosts/chocolatebar/configuration.nix +++ b/hosts/chocolatebar/configuration.nix @@ -1,20 +1,112 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, + flake, + lib, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + pub-solar.graphical.enable = true; + pub-solar.sway.enable = true; + pub-solar.virtualisation.enable = true; + + hardware.cpu.amd.updateMicrocode = true; + + hardware.opengl.extraPackages = with pkgs; [ + rocm-opencl-icd + rocm-opencl-runtime ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 115075072; + + pub-solar.paperless.sync.masterNode = true; + + age.secrets."drone-runner-exec-config" = { + file = "${flake.self}/secrets/drone-runner-exec-config"; + mode = "400"; + owner = psCfg.user.name; + }; + + pub-solar.docker-ci-runner = { + enable = true; + runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; + }; + + pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; + + services.openssh.openFirewall = true; + networking.firewall.allowedTCPPorts = + [443] + ++ ( + if psCfg.sway.vnc.enable + then [5901] + else [] + ); + networking.firewall.allowedUDPPorts = [43050]; + + environment.systemPackages = with pkgs; [ + wayvnc + drone-docker-runner + stdenv.cc.cc.lib + pkgs.hplip + ]; + + age.secrets."vnc-key.pem" = { + file = "${flake.self}/secrets/vnc-key-chocolatebar.pem"; + mode = "400"; + owner = psCfg.user.name; + }; + age.secrets."vnc-cert.pem" = { + file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem"; + mode = "400"; + owner = psCfg.user.name; + }; + pub-solar.sway.vnc.enable = true; + + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" + ''; + + home-manager.users."${psCfg.user.name}" = { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + }; + + home.sessionVariables = { + NIX_CC = "${pkgs.stdenv.cc}"; + }; + + home.packages = with pkgs; [ + lmms + audacity + ]; + }; + + musnix = { + enable = true; + kernel.realtime = true; + }; + + # For OpenProject development with https + security.pki.certificates = [ + (builtins.readFile ./step-roots.pem) + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/chocolatebar/default.nix b/hosts/chocolatebar/default.nix index a39b3ecf..f05e641b 100644 --- a/hosts/chocolatebar/default.nix +++ b/hosts/chocolatebar/default.nix @@ -1,7 +1,9 @@ -{suites, ...}: { - imports = - [ - ./chocolatebar.nix - ] - ++ suites.chocolatebar; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./virtualisation + # ./factorio + ]; } diff --git a/hosts/chocolatebar/factorio/default.nix b/hosts/chocolatebar/factorio/default.nix index 50cd5306..533f7397 100644 --- a/hosts/chocolatebar/factorio/default.nix +++ b/hosts/chocolatebar/factorio/default.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - self, ... }: with lib; let diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 00000000..42ad12a6 --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,43 @@ +{ withSystem, self, inputs, ...}: +{ + flake = { + nixosConfigurations = { + biolimo = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + self.nixosModules.base + ./biolimo + self.nixosModules.b12f + ]; + }; + + chocolatebar = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + self.nixosModules.base + ./chocolatebar + self.nixosModules.b12f + ]; + }; + + pie = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "aarch64-linux"; + imports = [ + self.nixosModules.base + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ./pie + self.nixosModules.yule + ]; + }; + + maoam = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "aarch64-linux"; + imports = [ + self.nixosModules.base + ./maoam + self.nixosModules.yule + ]; + }; + }; + }; +} diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix index 5d58058d..5937a8d6 100644 --- a/hosts/droppie/configuration.nix +++ b/hosts/droppie/configuration.nix @@ -1,17 +1,14 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, + flake, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.grub = { enable = true; @@ -20,6 +17,47 @@ }; boot.loader.efi.canTouchEfiVariables = true; + hardware.cpu.intel.updateMicrocode = true; + + pub-solar.core.disk-encryption-active = false; + pub-solar.core.lite = true; + + security.sudo.extraRules = [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + + services.ddclient = { + enable = false; + ipv6 = true; + domains = ["backup.b12f.io"]; + server = "ddns.hosting.de"; + username = "b12f"; + use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; + passwordFile = "/run/agenix/dyndns-droppie.key"; + }; + + age.secrets."dyndns-droppie.key" = { + file = "${flake.self}/secrets/dyndns-droppie.key"; + mode = "400"; + owner = "root"; + }; + + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie + age.secrets."droppie-ssh-root.key" = { + file = "${flake.self}/secrets/droppie-ssh-root.key"; + path = "/home/${psCfg.user.name}/.ssh/id_ed25519"; + mode = "400"; + owner = psCfg.user.name; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/droppie/default.nix b/hosts/droppie/default.nix index 2b44a0d1..9fd7261a 100644 --- a/hosts/droppie/default.nix +++ b/hosts/droppie/default.nix @@ -1,7 +1,9 @@ -{suites, ...}: { - imports = - [ - ./droppie.nix - ] - ++ suites.droppie; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./nextcloud-web-tunnel.nix + ./restic-backup.nix + ]; } diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix deleted file mode 100644 index cb3fe606..00000000 --- a/hosts/droppie/droppie.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./nextcloud-web-tunnel.nix - ./restic-backup.nix - ]; - - config = { - hardware.cpu.intel.updateMicrocode = true; - - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - - services.ddclient = { - enable = false; - ipv6 = true; - domains = ["backup.b12f.io"]; - server = "ddns.hosting.de"; - username = "b12f"; - use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; - passwordFile = "/run/agenix/dyndns-droppie.key"; - }; - - age.secrets."dyndns-droppie.key" = { - file = "${self}/secrets/dyndns-droppie.key"; - mode = "400"; - owner = "root"; - }; - - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie - age.secrets."droppie-ssh-root.key" = { - file = "${self}/secrets/droppie-ssh-root.key"; - path = "/home/${psCfg.user.name}/.ssh/id_ed25519"; - mode = "400"; - owner = psCfg.user.name; - }; - }; -} diff --git a/hosts/maoam/maoam.nix b/hosts/maoam/maoam.nix index e90fa658..3daa77a0 100644 --- a/hosts/maoam/maoam.nix +++ b/hosts/maoam/maoam.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - self, ... }: with lib; let diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix index fdc5b953..86bac573 100644 --- a/hosts/pie/configuration.nix +++ b/hosts/pie/configuration.nix @@ -5,13 +5,12 @@ config, pkgs, lib, - inputs, ... -}: { - imports = [ - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { boot.loader.grub.enable = true; boot.loader.grub.efiSupport = true; boot.loader.grub.efiInstallAsRemovable = true; @@ -27,6 +26,33 @@ boot.kernelPackages = pkgs.linuxPackages_6_1; + pub-solar.core.disk-encryption-active = false; + pub-solar.core.lite = true; + + networking.defaultGateway = { + address = "192.168.178.1"; + interface = "enabcm6e4ei0"; + }; + + networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ + { + address = "192.168.178.2"; + prefixLength = 24; + } + ]; + + security.sudo.extraRules = [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix index 12cc94b9..541edac4 100644 --- a/hosts/pie/default.nix +++ b/hosts/pie/default.nix @@ -1,7 +1,10 @@ -{suites, ...}: { - imports = - [ - ./pie.nix - ] - ++ suites.pie; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./unbound.nix + ./dhcpd.nix + ./wake-droppie.nix + ]; } diff --git a/hosts/pie/pie.nix b/hosts/pie/pie.nix deleted file mode 100644 index 1aa30624..00000000 --- a/hosts/pie/pie.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./unbound.nix - ./dhcpd.nix - ./wake-droppie.nix - ]; - - config = { - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - - networking.defaultGateway = { - address = "192.168.178.1"; - interface = "enabcm6e4ei0"; - }; - - networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ - { - address = "192.168.178.2"; - prefixLength = 24; - } - ]; - - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - }; -} diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index 64088248..3636edd0 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -1,7 +1,4 @@ -{ pkgs, inputs, ... }: -let - adlist = inputs.adblock-unbound.packages.${pkgs.system}; -in { +{ pkgs, lib, ... }: { networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; @@ -10,7 +7,7 @@ in { settings = { server = { include = [ - "\"${adlist.unbound-adblockStevenBlack}\"" + "\"${pkgs.adlist.unbound-adblockStevenBlack}\"" ]; interface = [ "0.0.0.0" ]; access-control = [ "192.168.178.0/24 allow" ]; diff --git a/modules/arduino/default.nix b/modules/arduino/default.nix index 4011735f..489f9c62 100644 --- a/modules/arduino/default.nix +++ b/modules/arduino/default.nix @@ -6,7 +6,7 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.devops; + cfg = config.pub-solar.arduino; in { options.pub-solar.arduino = { enable = mkEnableOption "Life with home automation"; diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 95c58970..869777f3 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -2,7 +2,7 @@ lib, config, pkgs, - self, + flake, ... }: with lib; let @@ -37,7 +37,7 @@ in { }; age.secrets."drone-runner-exec-config" = { - file = "${self}/secrets/drone-runner-exec-config"; + file = "${flake.self}/secrets/drone-runner-exec-config"; mode = "700"; owner = psCfg.user.name; }; diff --git a/modules/core/default.nix b/modules/core/default.nix index 5f6161de..6b85b9df 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -12,7 +12,6 @@ in { ./fonts.nix ./i18n.nix ./networking.nix - ./nix.nix ./packages.nix ./services.nix ]; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 00000000..c0dddc66 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,31 @@ +{ + # Configuration common to all Linux systems + flake = { + nixosModules = { + arduino = import ./arduino; + audio = import ./audio; + ci-runner = import ./ci-runner; + core = import ./core; + crypto = import ./crypto; + devops = import ./devops; + docker = import ./docker; + docker-ci-runner = import ./docker-ci-runner; + email = import ./email; + gaming = import ./gaming; + graphical = import ./graphical; + mobile = import ./mobile; + nix = import ./nix; + nextcloud = import ./nextcloud; + office = import ./office; + paperless = import ./paperless; + paranoia = import ./paranoia; + printing = import ./printing; + social = import ./social; + sway = import ./sway; + terminal-life = import ./terminal-life; + uhk = import ./uhk; + user = import ./user; + virtualisation = import ./virtualisation; + }; + }; +} diff --git a/modules/docker-ci-runner/default.nix b/modules/docker-ci-runner/default.nix index 6a15f928..9d24bf03 100644 --- a/modules/docker-ci-runner/default.nix +++ b/modules/docker-ci-runner/default.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - self, ... }: with lib; let diff --git a/modules/nix-path.nix b/modules/nix-path.nix deleted file mode 100644 index 5967fd2e..00000000 --- a/modules/nix-path.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - channel, - inputs, - ... -}: { - nix.nixPath = [ - "nixpkgs=${channel.input}" - "nixos-config=${../lib/compat/nixos}" - "home-manager=${inputs.home}" - ]; -} diff --git a/modules/core/nix.nix b/modules/nix/default.nix similarity index 81% rename from modules/core/nix.nix rename to modules/nix/default.nix index 1551ffcb..92af6ac4 100644 --- a/modules/core/nix.nix +++ b/modules/nix/default.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - inputs, + flake, ... }: { nix = { @@ -10,6 +10,7 @@ package = pkgs.nix; gc.automatic = true; optimise.automatic = true; + settings = { # Improve nix store disk usage auto-optimise-store = true; @@ -20,6 +21,7 @@ # Allow only group wheel to connect to the nix daemon allowed-users = ["@wheel"]; }; + # Generally useful nix option defaults extraOptions = lib.mkForce '' experimental-features = flakes nix-command @@ -28,5 +30,11 @@ keep-derivations = true fallback = true ''; + + nixPath = [ + "nixpkgs=${flake.inputs.nixpkgs}" + "nixos-config=${../../lib/compat/nixos}" + "home-manager=${flake.inputs.home-manager}" + ]; }; } diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index b11939f3..c6f94b96 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -2,8 +2,6 @@ lib, config, pkgs, - masterModulesPath, - inputs, ... }: with lib; let @@ -11,14 +9,6 @@ with lib; let cfg = config.pub-solar.paperless; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - imports = [ - "${masterModulesPath}/services/misc/paperless.nix" - ]; - - disabledModules = [ - "services/misc/paperless.nix" - ]; - options.pub-solar.paperless = { enable = mkEnableOption "All you need to go paperless"; ocrLanguage = mkOption { @@ -95,7 +85,7 @@ in { home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = with pkgs; [ - inputs.scan2paperless.legacyPackages.x86_64-linux.scan2paperless + scan2paperless sane-backends python310Packages.img2pdf ]; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 56c64a1b..0b2537c5 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -32,7 +32,7 @@ in { # Don't set this if you need sftp services.openssh.allowSFTP = false; - services.openssh.openFirewall = false; # Lock yourself out + # services.openssh.openFirewall = false; # Lock yourself out # Limit the use of sudo to the group wheel security.sudo.execWheelOnly = true; diff --git a/modules/terminal-life/bash/default.nix b/modules/terminal-life/bash/default.nix index 1fd8bc3a..17cc41e9 100644 --- a/modules/terminal-life/bash/default.nix +++ b/modules/terminal-life/bash/default.nix @@ -1,7 +1,6 @@ { config, pkgs, - self, ... }: let psCfg = config.pub-solar; @@ -106,8 +105,6 @@ in { irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi"; drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; - # fix nixos-option - nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat"; myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; nnn = "nnn -d -e -H -r"; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index c137f588..148d6624 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - self, ... }: with lib; let @@ -24,17 +23,6 @@ in { config = mkIf cfg.enable { programs.command-not-found.enable = false; - environment.systemPackages = with pkgs; [ - screen - ]; - - # Starship is a fast and featureful shell prompt - # starship.toml has sane defaults that can be changed there - programs.starship = { - enable = true; - settings = import ./starship.toml.nix; - }; - home-manager = with pkgs; pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = [ @@ -55,25 +43,34 @@ in { ]; })) powerline + screen silver-searcher watson ]; + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there + programs.starship = { + enable = true; + settings = import ./starship.toml.nix; + }; + programs.bash = import ./bash { inherit config; inherit pkgs; - inherit self; inherit lib; }; + programs.fzf = import ./fzf { inherit config; inherit pkgs; }; + programs.neovim = import ./nvim { inherit config; inherit pkgs; inherit lib; }; }; - }; + }; } diff --git a/profiles/base-user/.config/dircolors b/modules/user/.config/dircolors similarity index 100% rename from profiles/base-user/.config/dircolors rename to modules/user/.config/dircolors diff --git a/profiles/base-user/.config/git/config.nix b/modules/user/.config/git/config.nix similarity index 100% rename from profiles/base-user/.config/git/config.nix rename to modules/user/.config/git/config.nix diff --git a/profiles/base-user/.config/git/gitmessage.nix b/modules/user/.config/git/gitmessage.nix similarity index 100% rename from profiles/base-user/.config/git/gitmessage.nix rename to modules/user/.config/git/gitmessage.nix diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/modules/user/.config/git/global_gitignore.nix similarity index 100% rename from profiles/base-user/.config/git/global_gitignore.nix rename to modules/user/.config/git/global_gitignore.nix diff --git a/profiles/base-user/.config/libinput-gestures.conf b/modules/user/.config/libinput-gestures.conf similarity index 100% rename from profiles/base-user/.config/libinput-gestures.conf rename to modules/user/.config/libinput-gestures.conf diff --git a/profiles/base-user/.config/mako/config b/modules/user/.config/mako/config similarity index 100% rename from profiles/base-user/.config/mako/config rename to modules/user/.config/mako/config diff --git a/profiles/base-user/.config/mimeapps.list b/modules/user/.config/mimeapps.list similarity index 100% rename from profiles/base-user/.config/mimeapps.list rename to modules/user/.config/mimeapps.list diff --git a/profiles/base-user/.config/mutt/base16.muttrc b/modules/user/.config/mutt/base16.muttrc similarity index 100% rename from profiles/base-user/.config/mutt/base16.muttrc rename to modules/user/.config/mutt/base16.muttrc diff --git a/profiles/base-user/.config/mutt/mailcap b/modules/user/.config/mutt/mailcap similarity index 100% rename from profiles/base-user/.config/mutt/mailcap rename to modules/user/.config/mutt/mailcap diff --git a/profiles/base-user/.config/mutt/muttrc b/modules/user/.config/mutt/muttrc similarity index 100% rename from profiles/base-user/.config/mutt/muttrc rename to modules/user/.config/mutt/muttrc diff --git a/profiles/base-user/.config/offlineimap/functions.py b/modules/user/.config/offlineimap/functions.py similarity index 100% rename from profiles/base-user/.config/offlineimap/functions.py rename to modules/user/.config/offlineimap/functions.py diff --git a/profiles/base-user/.config/user-dirs.dirs b/modules/user/.config/user-dirs.dirs similarity index 100% rename from profiles/base-user/.config/user-dirs.dirs rename to modules/user/.config/user-dirs.dirs diff --git a/profiles/base-user/.config/user-dirs.locale b/modules/user/.config/user-dirs.locale similarity index 100% rename from profiles/base-user/.config/user-dirs.locale rename to modules/user/.config/user-dirs.locale diff --git a/profiles/base-user/.config/waybar/colorscheme.css b/modules/user/.config/waybar/colorscheme.css similarity index 100% rename from profiles/base-user/.config/waybar/colorscheme.css rename to modules/user/.config/waybar/colorscheme.css diff --git a/profiles/base-user/.config/waybar/config b/modules/user/.config/waybar/config similarity index 100% rename from profiles/base-user/.config/waybar/config rename to modules/user/.config/waybar/config diff --git a/profiles/base-user/.config/waybar/style.css b/modules/user/.config/waybar/style.css similarity index 100% rename from profiles/base-user/.config/waybar/style.css rename to modules/user/.config/waybar/style.css diff --git a/profiles/base-user/.config/xmodmap b/modules/user/.config/xmodmap similarity index 100% rename from profiles/base-user/.config/xmodmap rename to modules/user/.config/xmodmap diff --git a/profiles/base-user/.config/xsettingsd/xsettingsd.conf b/modules/user/.config/xsettingsd/xsettingsd.conf similarity index 100% rename from profiles/base-user/.config/xsettingsd/xsettingsd.conf rename to modules/user/.config/xsettingsd/xsettingsd.conf diff --git a/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json b/modules/user/.local/share/nvim/json-schemas/caddy_schema.json similarity index 100% rename from profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json rename to modules/user/.local/share/nvim/json-schemas/caddy_schema.json diff --git a/profiles/base-user/.local/share/scripts/base16.sh b/modules/user/.local/share/scripts/base16.sh similarity index 100% rename from profiles/base-user/.local/share/scripts/base16.sh rename to modules/user/.local/share/scripts/base16.sh diff --git a/profiles/base-user/.xinitrc b/modules/user/.xinitrc similarity index 100% rename from profiles/base-user/.xinitrc rename to modules/user/.xinitrc diff --git a/profiles/base-user/assets/wallpaper.jpg b/modules/user/assets/wallpaper.jpg similarity index 100% rename from profiles/base-user/assets/wallpaper.jpg rename to modules/user/assets/wallpaper.jpg diff --git a/modules/user/default.nix b/modules/user/default.nix index 516346eb..83e28247 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -1,12 +1,16 @@ { - lib, config, pkgs, + lib, ... -}: -with lib; let - cfg = config.pub-solar; -in { +}: let + psCfg = config.pub-solar; +in +with lib; { + imports = [ + ./home.nix + ]; + options.pub-solar = { user = { name = mkOption { @@ -46,4 +50,37 @@ in { }; }; }; + + config = { + users = { + mutableUsers = false; + + users = with pkgs; + pkgs.lib.setAttrByPath [psCfg.user.name] { + # Indicates whether this is an account for a “real” user. + # This automatically sets group to users, createHome to true, + # home to /home/username, useDefaultShell to true, and isSystemUser to false. + isNormalUser = true; + description = psCfg.user.description; + extraGroups = [ + "input" + "lp" + "networkmanager" + "scanner" + "video" + "dialout" + "wheel" + ]; + shell = pkgs.bash; + initialHashedPassword = + if psCfg.user.password != null + then psCfg.user.password + else ""; + openssh.authorizedKeys.keys = + if psCfg.user.publicKeys != null + then psCfg.user.publicKeys + else []; + }; + }; + }; } diff --git a/profiles/base-user/home.nix b/modules/user/home.nix similarity index 99% rename from profiles/base-user/home.nix rename to modules/user/home.nix index 324fd4ec..04476e0d 100644 --- a/profiles/base-user/home.nix +++ b/modules/user/home.nix @@ -20,6 +20,7 @@ in { # paths it should manage. home.username = psCfg.user.name; home.homeDirectory = "/home/${psCfg.user.name}"; + home.stateVersion = "22.11"; home.packages = with pkgs; []; diff --git a/profiles/base-user/mimeapps.nix b/modules/user/mimeapps.nix similarity index 100% rename from profiles/base-user/mimeapps.nix rename to modules/user/mimeapps.nix diff --git a/profiles/base-user/session-variables.nix b/modules/user/session-variables.nix similarity index 100% rename from profiles/base-user/session-variables.nix rename to modules/user/session-variables.nix diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 00000000..aa0d0ea5 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,8 @@ +[ + (import ../pkgs) + (import ./blesh.nix) + (import ./manix.nix) + (import ./rnix-lsp.nix) + (import ./neovim-plugins.nix) + (import ./signal-desktop.nix) +] diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix deleted file mode 100644 index 10e186d6..00000000 --- a/profiles/audio/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.audio.enable = true; -} diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix deleted file mode 100644 index 578b35bf..00000000 --- a/profiles/base-user/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - psCfg = config.pub-solar; -in { - imports = [ - ./home.nix - ]; - - users = { - mutableUsers = false; - - users = with pkgs; - pkgs.lib.setAttrByPath [psCfg.user.name] { - # Indicates whether this is an account for a “real” user. - # This automatically sets group to users, createHome to true, - # home to /home/username, useDefaultShell to true, and isSystemUser to false. - isNormalUser = true; - description = psCfg.user.description; - extraGroups = [ - "input" - "lp" - "networkmanager" - "scanner" - "video" - "dialout" - "wheel" - ]; - shell = pkgs.bash; - initialHashedPassword = - if psCfg.user.password != null - then psCfg.user.password - else ""; - openssh.authorizedKeys.keys = - if psCfg.user.publicKeys != null - then psCfg.user.publicKeys - else []; - }; - }; -} diff --git a/profiles/core/default.nix b/profiles/core/default.nix deleted file mode 100644 index b26f1729..00000000 --- a/profiles/core/default.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - self, - config, - lib, - pkgs, - inputs, - ... -}: let - inherit (lib) fileContents; -in { - # Sets nrdxp.cachix.org binary cache which just speeds up some builds - imports = [../cachix]; - - config = { - pub-solar.terminal-life.enable = true; - pub-solar.audio.enable = true; - pub-solar.crypto.enable = true; - pub-solar.devops.enable = true; - - # This is just a representation of the nix default - nix.systemFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; - - environment = { - systemPackages = with pkgs; [ - # Core unix utility packages - coreutils-full - progress - dnsutils - inetutils - mtr - pciutils - usbutils - gitFull - git-lfs - git-bug - wget - openssl - openssh - curl - htop - lsof - psmisc - xdg-utils - sysfsutils - renameutils - nfs-utils - moreutils - mailutils - keyutils - input-utils - elfutils - binutils - dateutils - diffutils - findutils - exfat - file - - # zippit - zip - unzip - - # Modern modern utilities - p7zip - croc - jq - - # Nix specific utilities - niv - manix - nix-index - nix-tree - nixpkgs-review - # Build broken, python2.7-PyJWT-2.0.1.drv' failed - #nixops - psos - nvd - - # Fun - neofetch - ]; - }; - - fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts]; - - fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - - sansSerif = ["DejaVu Sans"]; - }; - }; - - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault true; - passwordAuthentication = false; - }; - - # Service that makes Out of Memory Killer more effective - services.earlyoom.enable = true; - - # Use latest LTS linux kernel by default - boot.kernelPackages = pkgs.linuxPackages_5_15; - - boot.supportedFilesystems = ["ntfs"]; - }; -} diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix deleted file mode 100644 index 908b4996..00000000 --- a/profiles/full-install/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - config = { - pub-solar.audio.bluetooth.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - }; -} diff --git a/profiles/gaming/default.nix b/profiles/gaming/default.nix deleted file mode 100644 index 48c7f6f7..00000000 --- a/profiles/gaming/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.gaming.enable = true; -} diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix deleted file mode 100644 index c4937b38..00000000 --- a/profiles/graphical/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; -} diff --git a/profiles/iot/default.nix b/profiles/iot/default.nix deleted file mode 100644 index eb37aabf..00000000 --- a/profiles/iot/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.graphical.enable = false; - pub-solar.x-os.localProxyService.enable = false; - pub-solar.sway.enable = false; -} diff --git a/profiles/mobile/default.nix b/profiles/mobile/default.nix deleted file mode 100644 index ce35e38b..00000000 --- a/profiles/mobile/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.mobile.enable = true; -} diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix deleted file mode 100644 index fa973283..00000000 --- a/profiles/pub-solar-iso/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - config = { - pub-solar.graphical.wayland.software-renderer.enable = true; - pub-solar.sway.terminal = "foot"; - pub-solar.core.iso-options.enable = true; - }; -} diff --git a/profiles/social/default.nix b/profiles/social/default.nix deleted file mode 100644 index fb04d9e6..00000000 --- a/profiles/social/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.social.enable = true; -} diff --git a/profiles/virtualisation/default.nix b/profiles/virtualisation/default.nix deleted file mode 100644 index 2dd2c4fb..00000000 --- a/profiles/virtualisation/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.virtualisation.enable = true; -} diff --git a/users/b12f/concepts-and-training.nix b/users/b12f/concepts-and-training.nix index 4382d8bd..f0094245 100644 --- a/users/b12f/concepts-and-training.nix +++ b/users/b12f/concepts-and-training.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let @@ -10,13 +10,13 @@ with lib; let xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { age.secrets."cat-test.ovpn" = { - file = "${self}/secrets/cat-test.ovpn"; + file = "${flake.self}/secrets/cat-test.ovpn"; mode = "700"; owner = psCfg.user.name; }; age.secrets.".fwknoprc" = { - file = "${self}/secrets/.fwknoprc"; + file = "${flake.self}/secrets/.fwknoprc"; mode = "600"; }; diff --git a/users/b12f/default.nix b/users/b12f/default.nix index c83bacd8..6e8e06a2 100644 --- a/users/b12f/default.nix +++ b/users/b12f/default.nix @@ -1,9 +1,8 @@ { - self, config, - hmUsers, pkgs, lib, + flake, ... }: let psCfg = config.pub-solar; @@ -14,12 +13,10 @@ in { ]; config = { - home-manager.users = {inherit (hmUsers) b12f;}; - services.yubikey-agent.enable = true; age.secrets.b12f-env-secrets = { - file = "${self}/secrets/b12f-env-secrets"; + file = "${flake.self}/secrets/b12f-env-secrets"; mode = "400"; owner = psCfg.user.name; }; @@ -57,8 +54,12 @@ in { arduino.enable = true; email.enable = true; uhk.enable = true; + social.enable = false; + gaming.enable = false; + mobile.enable = false; audio.spotify.enable = true; audio.spotify.username = "spotify@benjaminbaedorf.eu"; + audio.mopidy.enable = false; }; # Needed for the udev rules for solaar diff --git a/users/b12f/home.nix b/users/b12f/home.nix index f0351a3e..78ddd2f4 100644 --- a/users/b12f/home.nix +++ b/users/b12f/home.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let @@ -14,8 +14,6 @@ in { ./concepts-and-training.nix ]; - pub-solar.audio.mopidy.enable = false; - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = with pkgs; [ present-md @@ -119,7 +117,7 @@ in { }; age.secrets."mopidy.conf" = { - file = "${self}/secrets/mopidy.conf"; + file = "${flake.self}/secrets/mopidy.conf"; mode = "700"; owner = "b12f"; }; diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 00000000..856549b9 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,9 @@ +{ + flake = { + nixosModules = rec { + root = import ./root; + b12f = import ./b12f; + yule = import ./yule; + }; + }; +} diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index ce4b74b6..93138fcb 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -1,6 +1,4 @@ -{hmUsers, ...}: { - home-manager.users = {inherit (hmUsers) pub-solar;}; - +{config, ...}: { pub-solar = { # These are your personal settings # The only required settings are `name` and `password`, diff --git a/users/yule/default.nix b/users/yule/default.nix index 3ac3b758..0aa35450 100644 --- a/users/yule/default.nix +++ b/users/yule/default.nix @@ -1,6 +1,5 @@ { config, - hmUsers, pkgs, lib, ... @@ -8,8 +7,6 @@ psCfg = config.pub-solar; in { config = { - home-manager.users = {inherit (hmUsers) yule;}; - pub-solar = { # These are your personal settings # The only required settings are `name` and `password`, From 08c6cb6e81a8d449411fbf56a77d512520d3c8e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 3 Oct 2023 13:50:01 +0200 Subject: [PATCH 2/3] feat: add deploy-rs config --- flake.nix | 22 ++++++++++++------ lib/default.nix | 26 +++++++++++++-------- lib/deploy.nix | 62 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+), 17 deletions(-) create mode 100644 lib/deploy.nix diff --git a/flake.nix b/flake.nix index 8a20d91f..55223341 100644 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,7 @@ devShells.default = pkgs.mkShell { buildInputs = [ + pkgs.deploy-rs pkgs.nixpkgs-fmt pkgs.agenix pkgs.ssh-to-age @@ -141,19 +142,26 @@ ]; }; - deploy.nodes = { - droppie.profiles.system = { - hostname = "backup.b12f.io"; - sshUser = "yule"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.droppie; + deploy.nodes = self.b12f.lib.deploy.mkDeployNodes self.nixosConfigurations { + chocolatebar = { + sshUser = "b12f"; }; - pie.profiles.system = { + biolimo = { + sshUser = "b12f"; + }; + + droppie = { + hostname = "backup.b12f.io"; + sshUser = "yule"; + }; + + pie = { hostname = "pie.local"; sshUser = "yule"; }; - maoam.profiles.system = { + maoam = { sshUser = "b12f"; }; }; diff --git a/lib/default.nix b/lib/default.nix index ac167511..9edb1978 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,10 +1,16 @@ -{lib}: -lib.makeExtensible (self: let - callLibs = file: import file {lib = self;}; -in rec { - ## Define your own library functions here! - #id = x: x; - ## Or in files, containing functions that take {lib} - #foo = callLibs ./foo.nix; - ## In configs, they can be used under "lib.our" -}) +{ lib, inputs, ... }: { + # Configuration common to all Linux systems + flake = { + b12f.lib = let + callLibs = file: import file {inherit lib;}; + in rec { + ## Define your own library functions here! + #id = x: x; + ## Or in files, containing functions that take {lib} + #foo = callLibs ./foo.nix; + ## In configs, they can be used under "lib.our" + + deploy = import ./deploy.nix { inherit inputs lib; }; + }; + }; +} diff --git a/lib/deploy.nix b/lib/deploy.nix new file mode 100644 index 00000000..5e9f6418 --- /dev/null +++ b/lib/deploy.nix @@ -0,0 +1,62 @@ +/* + * The contents of this file are adapted from digga + * https://github.com/divnix/digga + * + * Licensed under the MIT license + */ + +{ lib, inputs }: let + getFqdn = c: let + net = c.config.networking; + fqdn = + if (net ? domain) && (net.domain != null) + then "${net.hostName}.${net.domain}" + else net.hostName; + in + fqdn; +in { + mkDeployNodes = systemConfigurations: extraConfig: + /* + * + Synopsis: mkNodes _systemConfigurations_ _extraConfig_ + + Generate the `nodes` attribute expected by deploy-rs + where _systemConfigurations_ are `nodes`. + + _systemConfigurations_ should take the form of a flake's + _nixosConfigurations_. Note that deploy-rs does not currently support + deploying to darwin hosts. + + _extraConfig_, if specified, will be merged into each of the + nodes' configurations. + + Example _systemConfigurations_ input: + + ``` + { + hostname-1 = { + fastConnection = true; + sshOpts = [ "-p" "25" ]; + }; + hostname-2 = { + sshOpts = [ "-p" "19999" ]; + sshUser = "root"; + }; + } + ``` + * + */ + lib.recursiveUpdate + (lib.mapAttrs + ( + _: c: { + hostname = getFqdn c; + profiles.system = { + user = "root"; + path = inputs.deploy-rs.lib.${c.pkgs.stdenv.hostPlatform.system}.activate.nixos c; + }; + } + ) + systemConfigurations) + extraConfig; +} From b967655d2b6512a4f2bb8b82adc9358bfd9c5e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 3 Oct 2023 14:21:09 +0200 Subject: [PATCH 3/3] fix: Fix nix flake check and devshell --- CHANGELOG.md | 112 ------ CONTRIBUTING.md | 33 -- COPYING | 18 - LICENSE.md | 660 ---------------------------------- default.nix | 35 -- flake.lock | 17 + flake.nix | 87 +---- hosts/biolimo/default.nix | 2 +- hosts/default.nix | 16 +- hosts/maoam/configuration.nix | 21 +- hosts/maoam/default.nix | 13 +- hosts/maoam/maoam.nix | 14 - lib/default.nix | 2 +- modules/default.nix | 68 +++- shell.nix | 1 - shell/default.nix | 11 - shell/devos.nix | 64 ---- shell/hooks/default.nix | 6 - shell/hooks/pre-commit.sh | 9 - 19 files changed, 124 insertions(+), 1065 deletions(-) delete mode 100644 CHANGELOG.md delete mode 100644 CONTRIBUTING.md delete mode 100644 COPYING delete mode 100644 LICENSE.md delete mode 100644 default.nix delete mode 100644 hosts/maoam/maoam.nix delete mode 100644 shell.nix delete mode 100644 shell/default.nix delete mode 100644 shell/devos.nix delete mode 100644 shell/hooks/default.nix delete mode 100755 shell/hooks/pre-commit.sh diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 92f225f7..00000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,112 +0,0 @@ -# Changelog - -## [v0.10.0](https://github.com/divnix/devos/tree/v0.10.0) (2021-05-24) - -**Implemented enhancements:** - -- Providing an interface to nixpkgs.config [\#237](https://github.com/divnix/devos/issues/237) -- Making the user available in profiles [\#230](https://github.com/divnix/devos/issues/230) -- copy evaluation store paths to iso [\#195](https://github.com/divnix/devos/issues/195) -- Extract custom system builds from devosSystem out of lib [\#170](https://github.com/divnix/devos/issues/170) -- Allow setting of channel host-wide [\#117](https://github.com/divnix/devos/issues/117) -- alacritty: CSIu support [\#51](https://github.com/divnix/devos/issues/51) - -**Fixed bugs:** - -- Cachix timeouts + how to disable nrdxp cachix \(if needed\) [\#294](https://github.com/divnix/devos/issues/294) -- default.nix flake-compat is broken [\#285](https://github.com/divnix/devos/issues/285) -- All suites return "attribute missing" [\#282](https://github.com/divnix/devos/issues/282) -- nix is built two times [\#203](https://github.com/divnix/devos/issues/203) -- fix lib docs [\#166](https://github.com/divnix/devos/issues/166) - -**Closed issues:** - -- eliminate userFlakeNixOS [\#257](https://github.com/divnix/devos/issues/257) -- devos-as-library [\#214](https://github.com/divnix/devos/issues/214) - -**Merged pull requests:** - -- Update evalArgs to match the new planned API [\#239](https://github.com/divnix/devos/pull/239) - -## [v0.9.0](https://github.com/divnix/devos/tree/v0.9.0) (2021-04-19) - -**Implemented enhancements:** - -- pin inputs into iso live registry [\#190](https://github.com/divnix/devos/issues/190) -- Pass 'self' to lib [\#169](https://github.com/divnix/devos/issues/169) -- doc: quickstart "ISO. What next?" [\#167](https://github.com/divnix/devos/issues/167) -- Integrate Android AOSP putting mobile under control [\#149](https://github.com/divnix/devos/issues/149) -- Inoculate host identity on first use [\#132](https://github.com/divnix/devos/issues/132) -- kubenix support [\#130](https://github.com/divnix/devos/issues/130) -- Improve Home Manager support: profiles/suites, modules, extern, flake outputs [\#119](https://github.com/divnix/devos/issues/119) -- Local CA \(between hosts\) [\#104](https://github.com/divnix/devos/issues/104) -- Q5: git annex for machine state [\#68](https://github.com/divnix/devos/issues/68) -- name space ./pkgs overlays [\#60](https://github.com/divnix/devos/issues/60) -- remap global keys easily [\#57](https://github.com/divnix/devos/issues/57) -- make pass state part of this repo's structure [\#56](https://github.com/divnix/devos/issues/56) -- Incorporate ./shells [\#38](https://github.com/divnix/devos/issues/38) -- Encrypt with \(r\)age [\#37](https://github.com/divnix/devos/issues/37) - -**Fixed bugs:** - -- `pathsToImportedAttrs` does not accept directories [\#221](https://github.com/divnix/devos/issues/221) -- Cachix caches aren't added to the configuration [\#208](https://github.com/divnix/devos/issues/208) -- Issues with current changelog workflow [\#205](https://github.com/divnix/devos/issues/205) -- iso: systemd service startup [\#194](https://github.com/divnix/devos/issues/194) -- Help adding easy-hls-nix to devos [\#174](https://github.com/divnix/devos/issues/174) -- `flk update` fails because of obsolete flag [\#159](https://github.com/divnix/devos/issues/159) -- Expected that not all packages are exported? [\#151](https://github.com/divnix/devos/issues/151) -- Segmentation fault when generating iso [\#150](https://github.com/divnix/devos/issues/150) - -**Documentation:** - -- doc: split iso [\#193](https://github.com/divnix/devos/issues/193) -- lib: can depend on pkgs \(a la nixpkgs\#pkgs/pkgs-lib\) [\#147](https://github.com/divnix/devos/pull/147) - -**Closed issues:** - -- FRRouting router implementation [\#154](https://github.com/divnix/devos/issues/154) -- ARM aarch64 Support [\#72](https://github.com/divnix/devos/issues/72) - -## [v0.8.0](https://github.com/divnix/devos/tree/v0.8.0) (2021-03-02) - -**Implemented enhancements:** - -- semi automatic update for /pkgs [\#118](https://github.com/divnix/devos/issues/118) -- Home-manager external modules from flakes [\#106](https://github.com/divnix/devos/issues/106) - -**Fixed bugs:** - -- My emacsGcc overlay is not working [\#146](https://github.com/divnix/devos/issues/146) -- local flake registry freezes branches [\#142](https://github.com/divnix/devos/issues/142) -- nixos-option no longer works after collect garbage [\#138](https://github.com/divnix/devos/issues/138) -- Profiles imports are brittle, causing failure if imported twice [\#136](https://github.com/divnix/devos/issues/136) - -## [0.7.0](https://github.com/divnix/devos/tree/0.7.0) (2021-02-20) - -**Implemented enhancements:** - -- add zoxide [\#53](https://github.com/divnix/devos/issues/53) -- Multiarch support? [\#17](https://github.com/divnix/devos/issues/17) -- initial multiArch support [\#18](https://github.com/divnix/devos/pull/18) - -**Fixed bugs:** - -- Missing shebang from flk.sh [\#131](https://github.com/divnix/devos/issues/131) -- Rename Meta Issue [\#128](https://github.com/divnix/devos/issues/128) -- specialisations break the `system` argument [\#46](https://github.com/divnix/devos/issues/46) -- Revert "Add extraArgs to lib.nixosSystem call to add system args." [\#47](https://github.com/divnix/devos/pull/47) - -**Documentation:** - -- update home-manager urls [\#62](https://github.com/divnix/devos/pull/62) - -**Closed issues:** - -- add github action for cachix build ci [\#59](https://github.com/divnix/devos/issues/59) - -## [12052020](https://github.com/divnix/devos/tree/12052020) (2020-12-06) - -## [07092020](https://github.com/divnix/devos/tree/07092020) (2020-07-09) - -\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 07957e7c..00000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,33 +0,0 @@ -# Quick branch overview - -We work with several branches in this repo. This document aims to explain how -to contribute changes to the existing branches. - -### `main` branch - -- Changes to `modules` and `profiles` should go [the main branch](https://git.pub.solar/pub-solar/os/src/branch/main) -- Changes can get accepted via: Pull Request -- Branch protected from direct `git push` - -### `infra` branch - -- Changes to the [pub.solar](https://pub.solar) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/infra) -- Changes can get accepted via: Pull Request -- Branch protected from direct `git push` - -### `momo/main` branch - -- Changes to the [Momo](https://momo.koeln) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/momo/main) -- Changes can get accepted via: Pull Request -- Deployment of changes is [automatic via CI pipeline](https://git.pub.solar/pub-solar/os/src/commit/43bd7421509f7cc9ba06d7c740f3f536a4a2af76/.drone.yml#L20-L38) -- Branch protected from direct `git push` - -### `$USER` branches - -- User's custom hosts and changes can be worked on in these branches -- Direct `git push` possible -- Examples: - - [hensoko](https://git.pub.solar/pub-solar/os/src/branch/hensoko) - - [b12f](https://git.pub.solar/pub-solar/os/src/branch/b12f) - - [axeman](https://git.pub.solar/pub-solar/os/src/branch/axeman) - - [teutat3s](https://git.pub.solar/pub-solar/os/src/branch/teutat3s) diff --git a/COPYING b/COPYING deleted file mode 100644 index c9b44cb8..00000000 --- a/COPYING +++ /dev/null @@ -1,18 +0,0 @@ -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index 74c892ae..00000000 --- a/LICENSE.md +++ /dev/null @@ -1,660 +0,0 @@ -### GNU AFFERO GENERAL PUBLIC LICENSE - -Version 3, 19 November 2007 - -Copyright (C) 2007 Free Software Foundation, Inc. - - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - -### Preamble - -The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - -The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains -free software for all its users. - -When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - -Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - -A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - -The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - -An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing -under this license. - -The precise terms and conditions for copying, distribution and -modification follow. - -### TERMS AND CONDITIONS - -#### 0. Definitions. - -"This License" refers to version 3 of the GNU Affero General Public -License. - -"Copyright" also means copyright-like laws that apply to other kinds -of works, such as semiconductor masks. - -"The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - -To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of -an exact copy. The resulting work is called a "modified version" of -the earlier work or a work "based on" the earlier work. - -A "covered work" means either the unmodified Program or a work based -on the Program. - -To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - -To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user -through a computer network, with no transfer of a copy, is not -conveying. - -An interactive user interface displays "Appropriate Legal Notices" to -the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - -#### 1. Source Code. - -The "source code" for a work means the preferred form of the work for -making modifications to it. "Object code" means any non-source form of -a work. - -A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - -The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - -The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - -The Corresponding Source need not include anything that users can -regenerate automatically from other parts of the Corresponding Source. - -The Corresponding Source for a work in source code form is that same -work. - -#### 2. Basic Permissions. - -All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - -You may make, run and propagate covered works that you do not convey, -without conditions so long as your license otherwise remains in force. -You may convey covered works to others for the sole purpose of having -them make modifications exclusively for you, or provide you with -facilities for running those works, provided that you comply with the -terms of this License in conveying all material for which you do not -control copyright. Those thus making or running the covered works for -you must do so exclusively on your behalf, under your direction and -control, on terms that prohibit them from making any copies of your -copyrighted material outside their relationship with you. - -Conveying under any other circumstances is permitted solely under the -conditions stated below. Sublicensing is not allowed; section 10 makes -it unnecessary. - -#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - -No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - -When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such -circumvention is effected by exercising rights under this License with -respect to the covered work, and you disclaim any intention to limit -operation or modification of the work as a means of enforcing, against -the work's users, your or third parties' legal rights to forbid -circumvention of technological measures. - -#### 4. Conveying Verbatim Copies. - -You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - -You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - -#### 5. Conveying Modified Source Versions. - -You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these -conditions: - -- a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. -- b) The work must carry prominent notices stating that it is - released under this License and any conditions added under - section 7. This requirement modifies the requirement in section 4 - to "keep intact all notices". -- c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. -- d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - -A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - -#### 6. Conveying Non-Source Forms. - -You may convey a covered work in object code form under the terms of -sections 4 and 5, provided that you also convey the machine-readable -Corresponding Source under the terms of this License, in one of these -ways: - -- a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. -- b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the Corresponding - Source from a network server at no charge. -- c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. -- d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. -- e) Convey the object code using peer-to-peer transmission, - provided you inform other peers where the object code and - Corresponding Source of the work are being offered to the general - public at no charge under subsection 6d. - -A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - -A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, -family, or household purposes, or (2) anything designed or sold for -incorporation into a dwelling. In determining whether a product is a -consumer product, doubtful cases shall be resolved in favor of -coverage. For a particular product received by a particular user, -"normally used" refers to a typical or common use of that class of -product, regardless of the status of the particular user or of the way -in which the particular user actually uses, or expects or is expected -to use, the product. A product is a consumer product regardless of -whether the product has substantial commercial, industrial or -non-consumer uses, unless such uses represent the only significant -mode of use of the product. - -"Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to -install and execute modified versions of a covered work in that User -Product from a modified version of its Corresponding Source. The -information must suffice to ensure that the continued functioning of -the modified object code is in no case prevented or interfered with -solely because modification has been made. - -If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - -The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or -updates for a work that has been modified or installed by the -recipient, or for the User Product in which it has been modified or -installed. Access to a network may be denied when the modification -itself materially and adversely affects the operation of the network -or violates the rules and protocols for communication across the -network. - -Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - -#### 7. Additional Terms. - -"Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - -When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - -Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders -of that material) supplement the terms of this License with terms: - -- a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or -- b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or -- c) Prohibiting misrepresentation of the origin of that material, - or requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or -- d) Limiting the use for publicity purposes of names of licensors - or authors of the material; or -- e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or -- f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions - of it) with contractual assumptions of liability to the recipient, - for any liability that these contractual assumptions directly - impose on those licensors and authors. - -All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - -If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - -Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; the -above requirements apply either way. - -#### 8. Termination. - -You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - -However, if you cease all violation of this License, then your license -from a particular copyright holder is reinstated (a) provisionally, -unless and until the copyright holder explicitly and finally -terminates your license, and (b) permanently, if the copyright holder -fails to notify you of the violation by some reasonable means prior to -60 days after the cessation. - -Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - -Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - -#### 9. Acceptance Not Required for Having Copies. - -You are not required to accept this License in order to receive or run -a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - -#### 10. Automatic Licensing of Downstream Recipients. - -Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - -An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - -You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - -#### 11. Patents. - -A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - -A contributor's "essential patent claims" are all patent claims owned -or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - -Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - -In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - -If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - -If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - -A patent license is "discriminatory" if it does not include within the -scope of its coverage, prohibits the exercise of, or is conditioned on -the non-exercise of one or more of the rights that are specifically -granted under this License. You may not convey a covered work if you -are a party to an arrangement with a third party that is in the -business of distributing software, under which you make payment to the -third party based on the extent of your activity of conveying the -work, and under which the third party grants, to any of the parties -who would receive the covered work from you, a discriminatory patent -license (a) in connection with copies of the covered work conveyed by -you (or copies made from those copies), or (b) primarily for and in -connection with specific products or compilations that contain the -covered work, unless you entered into that arrangement, or that patent -license was granted, prior to 28 March 2007. - -Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - -#### 12. No Surrender of Others' Freedom. - -If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under -this License and any other pertinent obligations, then as a -consequence you may not convey it at all. For example, if you agree to -terms that obligate you to collect a royalty for further conveying -from those to whom you convey the Program, the only way you could -satisfy both those terms and this License would be to refrain entirely -from conveying the Program. - -#### 13. Remote Network Interaction; Use with the GNU General Public License. - -Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your -version supports such interaction) an opportunity to receive the -Corresponding Source of your version by providing access to the -Corresponding Source from a network server at no charge, through some -standard or customary means of facilitating copying of software. This -Corresponding Source shall include the Corresponding Source for any -work covered by version 3 of the GNU General Public License that is -incorporated pursuant to the following paragraph. - -Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - -#### 14. Revised Versions of this License. - -The Free Software Foundation may publish revised and/or new versions -of the GNU Affero General Public License from time to time. Such new -versions will be similar in spirit to the present version, but may -differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever -published by the Free Software Foundation. - -If the Program specifies that a proxy can decide which future versions -of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - -Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - -#### 15. Disclaimer of Warranty. - -THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT -WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND -PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE -DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR -CORRECTION. - -#### 16. Limitation of Liability. - -IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR -CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES -ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT -NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR -LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM -TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER -PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -#### 17. Interpretation of Sections 15 and 16. - -If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - -END OF TERMS AND CONDITIONS - -### How to Apply These Terms to Your New Programs - -If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these -terms. - -To do so, attach the following notices to the program. It is safest to -attach them to the start of each source file to most effectively state -the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper -mail. - -If your software can interact with users remotely through a computer -network, you should also make sure that it provides a way for users to -get its source. For example, if your program is a web application, its -interface could display a "Source" link that leads users to an archive -of the code. There are many ways you could offer source, and different -solutions will be better for different programs; see section 13 for -the specific requirements. - -You should also get your employer (if you work as a programmer) or -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. For more information on this, and how to apply and follow -the GNU AGPL, see . diff --git a/default.nix b/default.nix deleted file mode 100644 index 3d5b5f96..00000000 --- a/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -let - inherit (default.inputs.nixos) lib; - - default = (import ./lib/compat).defaultNix; - - ciSystems = [ - "aarch64-linux" - "x86_64-linux" - ]; - - filterSystems = - lib.filterAttrs - (system: _: lib.elem system ciSystems); - - recurseIntoAttrsRecursive = lib.mapAttrs ( - _: v: - if lib.isAttrs v - then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v) - else v - ); - - systemOutputs = - lib.filterAttrs - ( - name: set: - lib.isAttrs set - && lib.any - (system: set ? ${system} && name != "legacyPackages") - ciSystems - ) - default.outputs; - - ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs; -in - (recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;} diff --git a/flake.lock b/flake.lock index 05f8bee5..0a1b3b9c 100644 --- a/flake.lock +++ b/flake.lock @@ -289,6 +289,22 @@ "type": "github" } }, + "mobile-nixos": { + "flake": false, + "locked": { + "lastModified": 1696124168, + "narHash": "sha256-EzGHYAR7rozQQLZEHbKEcb5VpUFGoxwEsM0OWfW4wqU=", + "owner": "nixos", + "repo": "mobile-nixos", + "rev": "7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "mobile-nixos", + "type": "github" + } + }, "musnix": { "inputs": { "nixpkgs": "nixpkgs" @@ -449,6 +465,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager", "master": "master", + "mobile-nixos": "mobile-nixos", "musnix": "musnix", "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", diff --git a/flake.nix b/flake.nix index 55223341..685238ad 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,9 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; + mobile-nixos.url = "github:nixos/mobile-nixos"; + mobile-nixos.flake = false; + master.url = "github:nixos/nixpkgs/master"; scan2paperless.url = "git+https://git.pub.solar/b12f/scan2paperless.git"; musnix.url = "github:musnix/musnix"; @@ -68,81 +71,25 @@ }; devShells.default = pkgs.mkShell { - buildInputs = [ - pkgs.deploy-rs - pkgs.nixpkgs-fmt - pkgs.agenix - pkgs.ssh-to-age + buildInputs = with pkgs; [ + deploy-rs + nixpkgs-fmt + agenix + cachix + editorconfig-checker + nix + nodePackages.prettier + nvfetcher + shellcheck + shfmt + treefmt + nixos-generators ]; }; }; flake = { - nixosModules = rec { - base.imports = [ - self.nixosModules.home-manager - inputs.agenix.nixosModules.default - inputs.musnix.nixosModules.musnix - - ({ - flake, - pkgs, - lib, - unstable, - master, - ... - }: { - nixpkgs.overlays = (import ./overlays) ++ [ - (prev: next: { - scan2paperless = inputs.scan2paperless.legacyPackages.${prev.system}.scan2paperless; - nixd = inputs.unstable.legacyPackages.${prev.system}.nixd; - - factorio-headless = inputs.master.legacyPackages.${prev.system}.factorio-headless; - paperless-ngx = inputs.master.legacyPackages.${prev.system}.paperless-ngx; - waybar = inputs.master.legacyPackages.${prev.system}.waybar; - element-desktop = inputs.master.legacyPackages.${prev.system}.element-desktop; - - adlist = inputs.adblock-unbound.packages.${prev.system}; - }) - ]; - - nix.nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "nixos-config=${./lib/compat/nixos}" - "home-manager=${inputs.home-manager}" - ]; - }) - - self.nixosModules.arduino - self.nixosModules.audio - self.nixosModules.ci-runner - self.nixosModules.core - self.nixosModules.crypto - self.nixosModules.devops - self.nixosModules.docker - self.nixosModules.docker-ci-runner - self.nixosModules.email - self.nixosModules.gaming - self.nixosModules.graphical - self.nixosModules.mobile - self.nixosModules.nix - self.nixosModules.nextcloud - self.nixosModules.office - self.nixosModules.paperless - self.nixosModules.paranoia - self.nixosModules.printing - self.nixosModules.social - self.nixosModules.sway - self.nixosModules.terminal-life - self.nixosModules.uhk - self.nixosModules.user - self.nixosModules.virtualisation - - self.nixosModules.root - ]; - }; - - deploy.nodes = self.b12f.lib.deploy.mkDeployNodes self.nixosConfigurations { + deploy.nodes = self.b12f-os.lib.deploy.mkDeployNodes self.nixosConfigurations { chocolatebar = { sshUser = "b12f"; }; diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index 187a1108..3c4d411a 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { imports = [ ./configuration.nix ./hardware-configuration.nix diff --git a/hosts/default.nix b/hosts/default.nix index 42ad12a6..9d649d4f 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -30,14 +30,14 @@ ]; }; - maoam = self.nixos-flake.lib.mkLinuxSystem { - nixpkgs.hostPlatform = "aarch64-linux"; - imports = [ - self.nixosModules.base - ./maoam - self.nixosModules.yule - ]; - }; + # maoam = self.nixos-flake.lib.mkLinuxSystem { + # nixpkgs.hostPlatform = "aarch64-linux"; + # imports = [ + # self.nixosModules.base + # ./maoam + # self.nixosModules.yule + # ]; + # }; }; }; } diff --git a/hosts/maoam/configuration.nix b/hosts/maoam/configuration.nix index 0baf7a0d..2d9992a7 100644 --- a/hosts/maoam/configuration.nix +++ b/hosts/maoam/configuration.nix @@ -1,18 +1,9 @@ -{ config, lib, pkgs, ... }: -let - mobile-nixos = pkgs.fetchFromGithub { - owner = "NixOS"; - repo = "mobile-nixos"; - rev = "d22c60e8d4d21f0197c1cac88c34dcc366b7a16c"; - sha256 = ""; - }; -in { - imports = [ - (import { device = "pine64-pinephone"; }) - ./hardware-configuration.nix - - ]; - +{ + config, + lib, + pkgs, + ... +}: { # Use Network Manager networking.wireless.enable = false; networking.networkmanager.enable = true; diff --git a/hosts/maoam/default.nix b/hosts/maoam/default.nix index 1ae6f8ee..fb4f6aff 100644 --- a/hosts/maoam/default.nix +++ b/hosts/maoam/default.nix @@ -1,7 +1,8 @@ -{suites, ...}: { - imports = - [ - ./maoam.nix - ] - ++ suites.maoam; +{ flake, pkgs, ... }: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") { device = "pine64-pinephone"; }) + "${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix" + ]; } diff --git a/hosts/maoam/maoam.nix b/hosts/maoam/maoam.nix deleted file mode 100644 index 3daa77a0..00000000 --- a/hosts/maoam/maoam.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ]; -} diff --git a/lib/default.nix b/lib/default.nix index 9edb1978..4e39d82f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ { lib, inputs, ... }: { # Configuration common to all Linux systems flake = { - b12f.lib = let + b12f-os.lib = let callLibs = file: import file {inherit lib;}; in rec { ## Define your own library functions here! diff --git a/modules/default.nix b/modules/default.nix index c0dddc66..41a1dae8 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,7 +1,11 @@ { + self, + inputs, + ... +}: { # Configuration common to all Linux systems flake = { - nixosModules = { + nixosModules = rec { arduino = import ./arduino; audio = import ./audio; ci-runner = import ./ci-runner; @@ -26,6 +30,68 @@ uhk = import ./uhk; user = import ./user; virtualisation = import ./virtualisation; + + base.imports = [ + self.nixosModules.home-manager + inputs.agenix.nixosModules.default + inputs.musnix.nixosModules.musnix + + ({ + flake, + pkgs, + lib, + unstable, + master, + ... + }: { + nixpkgs.overlays = (import ../overlays) ++ [ + (prev: next: { + scan2paperless = inputs.scan2paperless.legacyPackages.${prev.system}.scan2paperless; + nixd = inputs.unstable.legacyPackages.${prev.system}.nixd; + + factorio-headless = inputs.master.legacyPackages.${prev.system}.factorio-headless; + paperless-ngx = inputs.master.legacyPackages.${prev.system}.paperless-ngx; + waybar = inputs.master.legacyPackages.${prev.system}.waybar; + element-desktop = inputs.master.legacyPackages.${prev.system}.element-desktop; + + adlist = inputs.adblock-unbound.packages.${prev.system}; + }) + ]; + + nix.nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "nixos-config=${./lib/compat/nixos}" + "home-manager=${inputs.home-manager}" + ]; + }) + + self.nixosModules.arduino + self.nixosModules.audio + self.nixosModules.ci-runner + self.nixosModules.core + self.nixosModules.crypto + self.nixosModules.devops + self.nixosModules.docker + self.nixosModules.docker-ci-runner + self.nixosModules.email + self.nixosModules.gaming + self.nixosModules.graphical + self.nixosModules.mobile + self.nixosModules.nix + self.nixosModules.nextcloud + self.nixosModules.office + self.nixosModules.paperless + self.nixosModules.paranoia + self.nixosModules.printing + self.nixosModules.social + self.nixosModules.sway + self.nixosModules.terminal-life + self.nixosModules.uhk + self.nixosModules.user + self.nixosModules.virtualisation + + self.nixosModules.root + ]; }; }; } diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 575a5d82..00000000 --- a/shell.nix +++ /dev/null @@ -1 +0,0 @@ -(import ./lib/compat).shellNix diff --git a/shell/default.nix b/shell/default.nix deleted file mode 100644 index 4d00b9ef..00000000 --- a/shell/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - inputs, - ... -}: { - modules = with inputs; [ - ]; - exportedModules = [ - ./devos.nix - ]; -} diff --git a/shell/devos.nix b/shell/devos.nix deleted file mode 100644 index 3a61ec3c..00000000 --- a/shell/devos.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - pkgs, - extraModulesPath, - inputs, - lib, - ... -}: let - inherit - (pkgs) - agenix - alejandra - cachix - editorconfig-checker - nix - nodePackages - nvfetcher - shellcheck - shfmt - treefmt - nixos-generators - ; - - inherit - (pkgs.nodePackages) - prettier - ; - - pkgWithCategory = category: package: {inherit package category;}; - devos = pkgWithCategory "devos"; - formatter = pkgWithCategory "linter"; -in { - imports = ["${extraModulesPath}/git/hooks.nix" ./hooks]; - - # override for our own welcome - devshell.name = pkgs.lib.mkForce "PubSolarOS"; - - packages = [ - alejandra - editorconfig-checker - nodePackages.prettier - shellcheck - shfmt - ]; - - commands = with pkgs; - [ - (devos nix) - (devos agenix) - { - category = "devos"; - name = pkgs.nvfetcher.pname; - help = pkgs.nvfetcher.meta.description; - command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher}/bin/nvfetcher -c ./sources.toml $@"; - } - (formatter treefmt) - ] - ++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [ - (devos cachix) - ] - ++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [ - (devos nixos-generators) - (devos deploy-rs.deploy-rs) - ]; -} diff --git a/shell/hooks/default.nix b/shell/hooks/default.nix deleted file mode 100644 index 1d60d49c..00000000 --- a/shell/hooks/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - git.hooks = { - enable = true; - pre-commit.text = builtins.readFile ./pre-commit.sh; - }; -} diff --git a/shell/hooks/pre-commit.sh b/shell/hooks/pre-commit.sh deleted file mode 100755 index 27fff872..00000000 --- a/shell/hooks/pre-commit.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -# Check editorconfig -if ! editorconfig-checker; then - printf "%b\n" \ - "\nCode is not aligned with .editorconfig" \ - "Review the output and commit your fixes" >&2 - exit 1 -fi