diff --git a/.drone.yml b/.drone.yml index 23805095..f54bd8f9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -106,7 +106,6 @@ steps: - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --command echo OK - - nix $$NIX_FLAGS develop --command bud --help --- kind: pipeline @@ -122,8 +121,8 @@ steps: commands: - | nix --print-build-logs --verbose \ - develop --command \ - bud build bootstrap bootstrapIso + build \ + '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso' - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -158,6 +157,6 @@ volumes: --- kind: signature -hmac: bdbefb07b97dc8efc44d8eb36ee4d1bb89eec3b7255b49929e126e86a4b4a788 +hmac: da951ba8ede88996728acfb47846e01880eb0e3b91f66e47848d6c1cc727c5d9 ... diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 00000000..cba6f6a1 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,660 @@ +### GNU AFFERO GENERAL PUBLIC LICENSE + +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +### Preamble + +The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains +free software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing +under this license. + +The precise terms and conditions for copying, distribution and +modification follow. + +### TERMS AND CONDITIONS + +#### 0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public +License. + +"Copyright" also means copyright-like laws that apply to other kinds +of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of +an exact copy. The resulting work is called a "modified version" of +the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based +on the Program. + +To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user +through a computer network, with no transfer of a copy, is not +conveying. + +An interactive user interface displays "Appropriate Legal Notices" to +the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +#### 1. Source Code. + +The "source code" for a work means the preferred form of the work for +making modifications to it. "Object code" means any non-source form of +a work. + +A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can +regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same +work. + +#### 2. Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, +without conditions so long as your license otherwise remains in force. +You may convey covered works to others for the sole purpose of having +them make modifications exclusively for you, or provide you with +facilities for running those works, provided that you comply with the +terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for +you must do so exclusively on your behalf, under your direction and +control, on terms that prohibit them from making any copies of your +copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the +conditions stated below. Sublicensing is not allowed; section 10 makes +it unnecessary. + +#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such +circumvention is effected by exercising rights under this License with +respect to the covered work, and you disclaim any intention to limit +operation or modification of the work as a means of enforcing, against +the work's users, your or third parties' legal rights to forbid +circumvention of technological measures. + +#### 4. Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +#### 5. Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these +conditions: + +- a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. +- b) The work must carry prominent notices stating that it is + released under this License and any conditions added under + section 7. This requirement modifies the requirement in section 4 + to "keep intact all notices". +- c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. +- d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +#### 6. Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms of +sections 4 and 5, provided that you also convey the machine-readable +Corresponding Source under the terms of this License, in one of these +ways: + +- a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. +- b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the Corresponding + Source from a network server at no charge. +- c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. +- d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. +- e) Convey the object code using peer-to-peer transmission, + provided you inform other peers where the object code and + Corresponding Source of the work are being offered to the general + public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, +family, or household purposes, or (2) anything designed or sold for +incorporation into a dwelling. In determining whether a product is a +consumer product, doubtful cases shall be resolved in favor of +coverage. For a particular product received by a particular user, +"normally used" refers to a typical or common use of that class of +product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected +to use, the product. A product is a consumer product regardless of +whether the product has substantial commercial, industrial or +non-consumer uses, unless such uses represent the only significant +mode of use of the product. + +"Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to +install and execute modified versions of a covered work in that User +Product from a modified version of its Corresponding Source. The +information must suffice to ensure that the continued functioning of +the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or +updates for a work that has been modified or installed by the +recipient, or for the User Product in which it has been modified or +installed. Access to a network may be denied when the modification +itself materially and adversely affects the operation of the network +or violates the rules and protocols for communication across the +network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +#### 7. Additional Terms. + +"Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders +of that material) supplement the terms of this License with terms: + +- a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or +- b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or +- c) Prohibiting misrepresentation of the origin of that material, + or requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or +- d) Limiting the use for publicity purposes of names of licensors + or authors of the material; or +- e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or +- f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions + of it) with contractual assumptions of liability to the recipient, + for any liability that these contractual assumptions directly + impose on those licensors and authors. + +All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; the +above requirements apply either way. + +#### 8. Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +#### 9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run +a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +#### 10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +#### 11. Patents. + +A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned +or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is "discriminatory" if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on +the non-exercise of one or more of the rights that are specifically +granted under this License. You may not convey a covered work if you +are a party to an arrangement with a third party that is in the +business of distributing software, under which you make payment to the +third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties +who would receive the covered work from you, a discriminatory patent +license (a) in connection with copies of the covered work conveyed by +you (or copies made from those copies), or (b) primarily for and in +connection with specific products or compilations that contain the +covered work, unless you entered into that arrangement, or that patent +license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +#### 12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under +this License and any other pertinent obligations, then as a +consequence you may not convey it at all. For example, if you agree to +terms that obligate you to collect a royalty for further conveying +from those to whom you convey the Program, the only way you could +satisfy both those terms and this License would be to refrain entirely +from conveying the Program. + +#### 13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your +version supports such interaction) an opportunity to receive the +Corresponding Source of your version by providing access to the +Corresponding Source from a network server at no charge, through some +standard or customary means of facilitating copying of software. This +Corresponding Source shall include the Corresponding Source for any +work covered by version 3 of the GNU General Public License that is +incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + +#### 14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions +of the GNU Affero General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever +published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions +of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +#### 15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT +WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR +CORRECTION. + +#### 16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR +CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT +NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR +LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM +TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER +PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +#### 17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +### How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + +To do so, attach the following notices to the program. It is safest to +attach them to the start of each source file to most effectively state +the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation, either version 3 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper +mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for +the specific requirements. + +You should also get your employer (if you work as a programmer) or +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. For more information on this, and how to apply and follow +the GNU AGPL, see . diff --git a/README.md b/README.md index e2a83eb9..31e84212 100644 --- a/README.md +++ b/README.md @@ -1,95 +1,46 @@ -[![NixOS](https://img.shields.io/badge/NixOS-unstable-blue.svg?style=flat&logo=NixOS&logoColor=white)](https://nixos.org) -[![MIT License](https://img.shields.io/github/license/divnix/devos)][mit] -[![Chat](https://img.shields.io/matrix/devos:nixos.org.svg?label=%23devos%3Anixos.org&logo=matrix&server_fqdn=matrix.org)][matrix] +# PubSolarOS -> #### โš  Advisory โš  -> DevOS requires the [flakes][flakes] feature available via an _experimental_ -> branch of [nix][nix]. Until nix 2.4 is released, this project -> should be considered unstable. +Welcome to PubSolarOS, a very opiniated Linux (NixOS) distribution for the nerdy. -### Why? -Make an awesome template for NixOS users, with consideration for common tools like [home-manager][home-manager], -[devshell][devshell], and [more](./doc/integrations). +We're creating this distribution for our own personal use and fun, but +take pride in our craft. As of 14.08.22 it's running on 14 physical devices, +both `x86_64` and `aarch64`. -### No. Why _flakes_? -Flakes are a part of an explicit push to improve [Nix's UX](https://github.com/NixOS/nix/blob/master/doc/manual/src/contributing/cli-guideline.md), and have become an integral part of that effort. +At its core, it's a NixOS installation running our configuration. The UX +decisions and the way the project is structured are what make it +_PubSolarOS_: -They also make [Nix expressions](https://nixos.org/manual/nix/unstable/expressions/expression-syntax.html) easier to distribute and reuse with convient [flake references](https://github.com/NixOS/nix/blob/master/src/nix/flake.md#flake-references) for building or using packages, modules, and whole systems. +* Reproducibility is king, and the future is with declarative and functional + programming. Even if Nix does not turn out to be the end-all-be-all of + reproducible package management (Guix looks good), it has a plethora + of packages, a very active and helpful community, and very solid + software engineering practices. +* Because reproducibility is king, we're using nix flakes for locking flake + dependencies. [Digga](https://github.com/divnix/digga) is our flake + utility library, made by the wonderful people of the Divnix community. +* Physical devices are not shared anymore nowadays. Only seldomly will you + find shared devices that need more than one user account. For this + reason, only one user (excluding `root`) is assumed. +* Keyboard navigation wins where it matters; ergonomics, programmability, + efficiency, and speed. We use a tiling window manager (`sway`) and + prioritize cli-based solutions where sensible. The editor is `neovim` + configured to be just as opiniated as the operating system it is a part + of. For mailing, `neomutt` is the default, but we're more divided on + that part. +* We like new and shiny things, so we've moved to Wayland and pipewire. +* SICHERHEIT is written in capital letters at pub.solar, so we have first- + class disk-encryption support. Currently in the works is a paranoid + mode where the device can only hibernate (no more sleep or lockscreen) + so your data is locked any time you leave the device. +* Free software is better. If we can avoid it, nonfree software is avoided. + By default, `allowUnfree` is `false` so we don't ship non-free software + in a basic PubSolarOS ISO. However, nothing prevents you from using + as much non-free software as you like. +* Automation is better. The reproducibility of nix feels so much more + powerful once you're deploying your new configuration from your laptop + to all your other devices with one command. [We have an automated CI using drone](https://ci.b12f.io/pub-solar/os). +* Community is important. We just like working on this together, and it + feels really good to see our progress at the end of a + [hakken.irl](https://pub.solar/hakken) session. -## Getting Started -Check out the [guide](https://devos.divnix.com/start) to get up and running. -Also, have a look at [_flake.nix_](./flake.nix). If anything is not immediately -discoverable via "[`digga`][digga]'s [`mkFlake`][mk-flake], -please file a bug report. - -### Status: Beta -Although this project has already matured quite a bit, especially through -recent outfactoring of [`digga`][digga], a fair amount of api polishing is still -expected. There are unstable versions (0._x_._x_) to help users keep track -of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave ๐Ÿ˜œ - -## In the Wild -* @Pacman99: [Personal](https://gitlab.com/coffeetables/lower), [Server](https://gitlab.com/coffeetables/myrdd) -* [@danielphan2003](https://github.com/danielphan2003/flk) and make sure to also check out [devos-ext-lib][devos-ext-lib] -* [PubSolarOS](https://git.sr.ht/~b12f/pub-solar-os) - -## Shoulders -This work does not reinvent the wheel. It stands on the [shoulders of the -following giants][giants]: - -### :onion: — like the layers of an onion -- [`divnix/digga`][digga] -- [`gytis-ivaskevicius/flake-utils-plus`][fup] -- [`numtide/flake-utils`][fu] - -### :family: — like family -- [`numtide/devshell`][devshell] -- [`serokell/deploy-rs`][deploy] -- [`berberman/nvfetcher`][nvfetcher] -- [`NixOS/nixpkgs`][nixpkgs] - -:heart: - -## Inspiration & Art -- [hlissner/dotfiles][dotfiles] -- [nix-user-chroot](https://github.com/nix-community/nix-user-chroot) -- [Nickel](https://github.com/tweag/nickel) -- [Awesome Nix](https://github.com/nix-community/awesome-nix) -- [devshell](https://github.com/numtide/devshell) - -## Divnix -The divnix org is an open space that spontaneously formed out of "the Nix". -It is really just a place where otherwise unrelated people work -together and get stuff done. - -It's a place to stop "geeking out in isolation" (or within company boundaries). -A place to experiment, learn together, and iterate quickly on best practices. -That's what it is. - -It might eventually become a non-profit if that's not too complicated or, if those -goals are sufficiently upstreamed into "the Nix", dissolved. - -# License -DevOS is licensed under the [MIT License][mit]. - -[community]: https://github.com/divnix/devos/tree/community -[core]: https://github.com/divnix/devos -[deploy]: https://github.com/serokell/deploy-rs -[devshell]: https://github.com/numtide/devshell -[digga]: https://github.com/divnix/digga -[dotfiles]: https://github.com/hlissner/dotfiles -[flake-doc]: https://github.com/NixOS/nix/blob/master/src/nix/flake.md -[flakes]: https://nixos.wiki/wiki/Flakes -[fu]: https://github.com/numtide/flake-utils -[fup]: https://github.com/gytis-ivaskevicius/flake-utils-plus -[giants]: https://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants -[home-manager]: https://nix-community.github.io/home-manager -[mit]: https://mit-license.org -[mk-flake]: https://github.com/divnix/digga/tree/main/src/mkFlake -[nix]: https://nixos.org/manual/nix/stable -[nixos]: https://nixos.org/manual/nixos/stable -[nixpkgs]: https://github.com/NixOS/nixpkgs -[nvfetcher]: https://github.com/berberman/nvfetcher -[please]: https://github.com/nrdxp/devos/tree/nrd -[matrix]: https://matrix.to/#/#devos:nixos.org -[devos-ext-lib]: https://github.com/divnix/devos-ext-lib +To get started, take a look at the quick start guide in our docs. diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 86f5dd70..e3af7e20 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,18 +1,13 @@ -# Pull Requests - -## TL;DR; +# TL;DR; - **Target Branch**: `main` -- **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) -- **Docs**: every changeset is expected to contain doc updates +- **Merge Policy**: green check: merge away. yellow circle: have patience. red x: try again. +- **Docs**: every change set is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages should cover the motivation and use case in an easily understandable manner even when read after a few months. -- **Test Driven Development**: please default to test driven development where possible. +- **Test Driven Development**: please default to test driven development you can + make use of the `./examples` & `./e2e` and wire test up in the devshell. ### Within the Devshell (`nix develop`) - **Hooks**: please `git commit` within the devshell -- **Fail Early**: please run from within the devshell on your local machine: - - `nix flake check` - -[bors]: https://bors.tech - +- **Fail Early**: please run `check-all` from within the devshell on your local machine diff --git a/doc/SUMMARY.md b/doc/SUMMARY.md index 1d7bafe9..09d2d626 100644 --- a/doc/SUMMARY.md +++ b/doc/SUMMARY.md @@ -3,8 +3,6 @@ - [Introduction](../README.md) - [Quick Start](./start/index.md) - [ISO](./start/iso.md) - - [Bootstrapping](./start/bootstrapping.md) - - [From NixOS](./start/from-nixos.md) - [Key Concepts](./concepts/index.md) - [Hosts](./concepts/hosts.md) - [Overrides](./concepts/overrides.md) @@ -18,11 +16,16 @@ - [Concerns]() - [Secrets](./secrets.md) - [Tests](./tests.md) -- [Helper Script โ€“ `bud`](./bud/index.md) - - [get](./bud/get.md) - [Integrations](./integrations/index.md) - [Cachix](./integrations/cachix.md) - [Deploy RS](./integrations/deploy.md) - [NvFetcher](./integrations/nvfetcher.md) - [Hercules CI](./integrations/hercules.md) +- [API Reference](./api-reference.md) + - [Channels](./api-reference-channels.md) + - [Home](./api-reference-home.md) + - [Devshell](./api-reference-devshell.md) + - [NixOS](./api-reference-nixos.md) +- [Library Reference]() - [Contributing](./CONTRIBUTING.md) + diff --git a/doc/api-reference-channels.md b/doc/api-reference-channels.md new file mode 100755 index 00000000..533e6e91 --- /dev/null +++ b/doc/api-reference-channels.md @@ -0,0 +1,91 @@ +# Channels API Container +Configure your channels that you can use throughout your configurations. + +> #### โš  Gotcha โš  +> Devshell & (non-host-specific) Home-Manager `pkgs` instances are rendered off the +> `nixos.hostDefaults.channelName` (default) channel. + + +## channels +nixpkgs channels to create + + +*_Type_*: +attribute set of submodules or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## channels.\.config +nixpkgs config for this channel + + +*_Type_*: +attribute set or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## channels.\.input +nixpkgs flake input to use for this channel + + +*_Type_*: +nix flake + + +*_Default_* +``` +"self.inputs." +``` + + + + +## channels.\.overlays +overlays to apply to this channel +these will get exported under the 'overlays' flake output +as \/\ and any overlay pulled from \ +will be filtered out + + +*_Type_*: +list of valid Nixpkgs overlay or path convertible to its or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## channels.\.patches +patches to apply to this channel + + +*_Type_*: +list of paths + + +*_Default_* +``` +[] +``` + + + + diff --git a/doc/api-reference-devshell.md b/doc/api-reference-devshell.md new file mode 100755 index 00000000..28f18087 --- /dev/null +++ b/doc/api-reference-devshell.md @@ -0,0 +1,72 @@ +# Devshell API Container +Configure your devshell module collections of your environment. + + +## devshell +Modules to include in your DevOS shell. the `modules` argument +will be exported under the `devshellModules` output + + +*_Type_*: +submodule or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## devshell.exportedModules +modules to include in all hosts and export to devshellModules output + + +*_Type_*: +list of valid module or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## devshell.externalModules +The `externalModules` option has been removed. +Any modules that should be exported should be defined with the `exportedModules` +option and all other modules should just go into the `modules` option. + + +*_Type_*: +list of valid modules or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## devshell.modules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + diff --git a/doc/api-reference-home.md b/doc/api-reference-home.md new file mode 100755 index 00000000..0ab62f36 --- /dev/null +++ b/doc/api-reference-home.md @@ -0,0 +1,119 @@ +# Home-Manager API Container +Configure your home manager modules, profiles & suites. + + +## home +hosts, modules, suites, and profiles for home-manager + + +*_Type_*: +submodule or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## home.exportedModules +modules to include in all hosts and export to homeModules output + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.externalModules +The `externalModules` option has been removed. +Any modules that should be exported should be defined with the `exportedModules` +option and all other modules should just go into the `modules` option. + + +*_Type_*: +list of valid modules or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.importables +Packages of paths to be passed to modules as `specialArgs`. + + +*_Type_*: +attribute set + + +*_Default_* +``` +{} +``` + + + + +## home.importables.suites +collections of profiles + + +*_Type_*: +null or attribute set of list of paths or anything convertible to its or path convertible to it + + +*_Default_* +``` +null +``` + + + + +## home.modules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.users +HM users that can be deployed portably without a host. + + +*_Type_*: +attribute set of HM user configs + + +*_Default_* +``` +{} +``` + + + + diff --git a/doc/api-reference-nixos.md b/doc/api-reference-nixos.md new file mode 100755 index 00000000..7428b161 --- /dev/null +++ b/doc/api-reference-nixos.md @@ -0,0 +1,234 @@ +# NixOS API Container +Configure your nixos modules, profiles & suites. + + +## nixos +hosts, modules, suites, and profiles for NixOS + + +*_Type_*: +submodule or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## nixos.hostDefaults +Defaults for all hosts. +the modules passed under hostDefaults will be exported +to the 'nixosModules' flake output. +They will also be added to all hosts. + + +*_Type_*: +submodule + + +*_Default_* +``` +{} +``` + + + + +## nixos.hostDefaults.channelName +Channel this host should follow + + +*_Type_*: +channel defined in `channels` + + + + + + +## nixos.hostDefaults.exportedModules +modules to include in all hosts and export to nixosModules output + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.externalModules +The `externalModules` option has been removed. +Any modules that should be exported should be defined with the `exportedModules` +option and all other modules should just go into the `modules` option. + + +*_Type_*: +list of valid modules or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.modules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.system +system for this host + + +*_Type_*: +null or system defined in `supportedSystems` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts +configurations to include in the nixosConfigurations output + + +*_Type_*: +attribute set of submodules + + +*_Default_* +``` +{} +``` + + + + +## nixos.hosts.\.channelName +Channel this host should follow + + +*_Type_*: +null or channel defined in `channels` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts.\.modules +modules to include + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hosts.\.system +system for this host + + +*_Type_*: +null or system defined in `supportedSystems` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts.\.tests +tests to run + + +*_Type_*: +list of valid NixOS test or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + +*_Example_* +``` +{"_type":"literalExpression","text":"[\n {\n name = \"testname1\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n }\n ({ corutils, writers, ... }: {\n name = \"testname2\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n })\n ./path/to/test.nix\n];\n"} +``` + + +## nixos.importables +Packages of paths to be passed to modules as `specialArgs`. + + +*_Type_*: +attribute set + + +*_Default_* +``` +{} +``` + + + + +## nixos.importables.suites +collections of profiles + + +*_Type_*: +null or attribute set of list of paths or anything convertible to its or path convertible to it + + +*_Default_* +``` +null +``` + + + + diff --git a/doc/api-reference.md b/doc/api-reference.md new file mode 100755 index 00000000..47eb1284 --- /dev/null +++ b/doc/api-reference.md @@ -0,0 +1,80 @@ +# Top Level API +`digga`'s top level API. API Containers are documented in their respective sub-chapter: + +- [Channels](./api-reference-channels.md) +- [Home](./api-reference-home.md) +- [Devshell](./api-reference-devshell.md) +- [NixOS](./api-reference-nixos.md) +- [Darwin](./api-reference-darwin.md) + +## channelsConfig +nixpkgs config for all channels + + +*_Type_*: +attribute set or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## inputs +The flake's inputs + +*_Type_*: +attribute set of nix flakes + + + + + + +## outputsBuilder +builder for flake system-spaced outputs +The builder gets passed an attrset of all channels + + +*_Type_*: +function that evaluates to a(n) attribute set or path convertible to it + + +*_Default_* +``` +"channels: { }" +``` + + + + +## self +The flake to create the DevOS outputs for + +*_Type_*: +nix flake + + + + + + +## supportedSystems +The systems supported by this flake + + +*_Type_*: +list of strings + + +*_Default_* +``` +["aarch64-linux","aarch64-darwin","i686-linux","x86_64-darwin","x86_64-linux"] +``` + + + + diff --git a/doc/bud/get.md b/doc/bud/get.md deleted file mode 100644 index 12263df0..00000000 --- a/doc/bud/get.md +++ /dev/null @@ -1,10 +0,0 @@ -# get -The `get` subcommand is useful for getting a bare copy of devos without the -git history. - -## Usage -```sh -bud get DEST-DIR -``` - -If DEST-DIR is ommitted, it defaults to _./devos_. diff --git a/doc/bud/index.md b/doc/bud/index.md deleted file mode 100644 index 7b985792..00000000 --- a/doc/bud/index.md +++ /dev/null @@ -1,24 +0,0 @@ -# [`bud`][bud] command -The template incudes a convenient script for managing your system called [`bud`][bud]. - -It is a portable and highly composable system control tool that work anywhere on your host -or in the flake's devshell. - -Although it comes with some predefined standard helpers, -it is very extensible and you are encouraged to write your own script snippets -to ease your workflows. An example is the bud module for a `get` command that -comes included with `devos`. - -While writing scripts you can convenientely access smart environment variables -that can tell the current architecture, user or host name, among others, regardless -wether you invoke `bud` within the devshell or as the system-wide installed `bud`. - -For details, please review the [bud repo][bud]. - -## Usage -```sh -bud help -``` - - -[bud]: https://github.com/divnix/bud diff --git a/doc/concepts/users.md b/doc/concepts/users.md index b2a6c2a3..b3454244 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -49,19 +49,18 @@ argument that gets passed to your home-manager users. ## External Usage You can easily use the defined home-manager configurations outside of NixOS -using the `homeConfigurations` flake output. The [bud](../bud/index.md) helper -script makes this even easier. +using the `homeConfigurations` flake output. -This is great for keeping your environment consistent across Unix systems, -including OSX. +This is great for keeping your environment consistent across Unix-like systems, +including macOS. ### From within the projects devshell: ```sh -# builds the nixos user defined in the NixOS host -bud home NixOS nixos +# builds the pub-solar user defined in the PubSolarOS host +nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' # build and activate -bud home NixOS nixos switch +nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' && ./result/activate && unlink result ``` ### Manually from outside the project: diff --git a/doc/start/bootstrapping.md b/doc/start/bootstrapping.md deleted file mode 100644 index b8a0ad04..00000000 --- a/doc/start/bootstrapping.md +++ /dev/null @@ -1,102 +0,0 @@ -# Bootstrapping - -This will help you boostrap a bare host with the help of the -[bespoke iso](./iso.md) live installer. - -_Note: nothing prevents you from remotely executing the boostrapping -process. See below._ - -Once your target host has booted into the live iso, you need to partition -and format your disk according to the [official manual][manual]. - -## Mount partitions - -Then properly mount the formatted partitions at `/mnt`, so that you can -install your system to those new partitions. - -Mount `nixos` partition to `/mnt` and — for UEFI — `boot` -partition to `/mnt/boot`: - -```console -$ mount /dev/disk/by-label/nixos /mnt -$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only -$ swapon /dev/disk/by-label/swap -``` - -Add some extra space to the store. In the iso, it's running on a tmpfs -off your RAM: -```console -$ mkdir -p /mnt/tmpstore/{work,store} -$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store -``` - -## Install - -Install off of a copy of devos from the time the iso was built: - -```console -$ cd /iso/devos -$ nixos-install --flake .#NixOS -``` - -## Notes of interest - -### Remote access to the live installer - -The iso live installer comes preconfigured with a network configuration -which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`, -that is `bootstrap.local` in the [iso example](./iso). - -In the rare case that [MulticastDNS][mDNS] is not availabe or turned off -in your network, there is a static link-local IPv6 address configured to -`fe80::47`(mnemonic from the letter's position in the english alphabet: -`n=14 i=9 x=24; 47 = n+i+x`). - -Provided that you have added your public key to the authorized keys of the -`root` user _(hint: [`deploy-rs`](../integrations/deploy.md) needs passwordless -sudo access)_: - -```nix -{ ... }: -{ - users.users.root.openssh.authorizedKeys.keyFiles = [ - ../secrets/path/to/key.pub - ]; -} -``` - -You can then ssh into the live installer through one of the -following options: - -```console -ssh root@bootstrap.local - -ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target -``` - -_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only -configured on the live installer. If you wish to enable [MulticastDNS][mDNS] -for your environment, you ought to configure that in a regular [profile](../concepts/profiles.md)._ - -### EUI-64 LLA & Host Identity - -The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended -Unique Identifiers (EUI-64) that is derived from the host interface's Message -Authentication Code (MAC) address. - -After a little while (a few seconds), you can remotely discover this unique and host -specific address over [NDP][NDP] for example with: - -```console -ip -6 neigh show # also shows fe80::47 -``` - -***This LLA is stable for the host, unless you need to swap that particular network card.*** -Under this reservation, though, you may use this EUI-64 to wire up a specific -(cryptographic) host identity. - - -[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning -[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS -[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol -[staticLLA]: https://tools.ietf.org/html/rfc7404 diff --git a/doc/start/from-nixos.md b/doc/start/from-nixos.md deleted file mode 100644 index 3e8c84d6..00000000 --- a/doc/start/from-nixos.md +++ /dev/null @@ -1,51 +0,0 @@ -# From NixOS - -## Generate Configuration -Assuming you're happy with your existing partition layout, you can generate a -basic NixOS configuration for your system using: -```sh -bud up -``` - -This will make a new file `hosts/up-$(hostname).nix`, which you can edit to -your liking. - -You must then add a host to `nixos.hosts` in flake.nix: -```nix -{ - nixos.hosts = { - modules = hosts/NixOS.nix; - }; -} -``` - -Make sure your `i18n.defaultLocale` and `time.timeZone` are set properly for -your region. Keep in mind that `networking.hostName` will be automatically -set to the name of your host; - -Now might be a good time to read the docs on [suites](../concepts/suites.md) and -[profiles](../concepts/profiles.md) and add or create any that you need. - -> ##### _Note:_ -> While the `up` sub-command is provided as a convenience to quickly set up and -> install a "fresh" NixOS system on current hardware, committing these files is -> discouraged. -> -> They are placed in the git staging area automatically because they would be -> invisible to the flake otherwise, but it is best to move what you need from -> them directly into a host module of your own making, and commit that instead. -# Installation - -Once you're ready to deploy `hosts/my-host.nix`: -```sh -bud my-host switch -``` - - -This calls `nixos-rebuild` with sudo to build and install your configuration. - -> ##### _Notes:_ -> - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with -> `nixos-rebuild`. - - diff --git a/doc/start/index.md b/doc/start/index.md index 2cd14d9a..9650ba05 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -2,25 +2,35 @@ The only dependency is nix, so make sure you have it [installed][install-nix]. ## Get the Template -Here is a snippet that will get you the template without the git history: +If you currently don't have flakes setup, you can utilize the digga shell to pull the template: ```sh -nix-shell -p cachix --run "cachix use nrdxp" - -nix-shell https://github.com/divnix/devos/archive/main.tar.gz -A shell \ - --run "bud get main" - -cd devos - -nix-shell +nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \ + --run "nix flake init -t github:divnix/digga" +``` +If you already have flakes support, you can directly pull the template: +```sh +nix flake init -t github:divnix/digga +``` +Then make sure to create the git repository: +```sh git init git add . git commit -m init ``` -This will place you in a new folder named `devos` with git initialized, and a -nix-shell that provides all the dependencies, including the unstable nix -version required. +To drop into a nix-shell, if you don't have flakes setup, use the digga shell to create a `flake.lock`: +```sh +nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \ + --run "nix flake lock" +``` +Or if you do have flakes support, just run: +```sh +nix flake lock +``` + +Finally, run `nix-shell` to get to an interactive shell with all the dependencies, including the unstable nix +version required. You can run `menu` to confirm that you are using digga (expected output includes [docs], [general commands], [linter], etc.). In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment. @@ -33,9 +43,8 @@ In addition, the [binary cache](../integrations/cachix.md) is added for faster d > you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"` ## Next Steps: + - [Make installable ISO](./iso.md) -- [Bootstrap Host](./bootstrapping.md) -- [Already on NixOS](./from-nixos.md) [install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation diff --git a/doc/start/iso.md b/doc/start/iso.md index 76af1c6e..b8fa6659 100644 --- a/doc/start/iso.md +++ b/doc/start/iso.md @@ -1,22 +1,36 @@ -# ISO +# Installation Media + +This project leverages [nix-community/nixos-generators][nixos-generators] for +building machine images. In most cases, you'll probably want to use the +`install-iso` format. + +Making an installable ISO for `hosts/bootstrap.nix` is as simple as: -Making and writing an installable iso for `hosts/bootstrap.nix` is as simple as: ```sh -bud build bootstrap bootstrapIso -sudo -E $(which bud) burn +nix run github:nix-community/nixos-generators -- \ + --format install-iso \ + --flake '.#bootstrap' ``` -This works for any host. +Then "burn" the ISO to your USB stick (or CD-R if you like!) following the +[instructions in the NixOS manual][burn] (or using your preferred USB burner). -## ISO image nix store & cache +You can also swap out the `--format` for [any of the others][formats] supported +by nixos-generators. -The iso image holds the store to the live environment and _also_ acts as a binary cache -to the installer. To considerably speed up things, the image already includes all flake -`inputs` as well as the `devshell` closures. +Continue by following the usual installation instructions in the NixOS manual. -While you _could_ provision any machine with a single stick, a custom-made iso for -the host you want to install DevOS to, maximises those local cache hits. +## ISO Nix Store and Cache -For hosts that don't differ too much, a single usb stick might be ok, whereas when -there are bigger differences, a custom-made usb stick will be considerably faster. +The ISO image holds the Nix store for the live environment and _also_ acts as a +binary cache to the installer. To considerably speed things up, the image +already includes all flake `inputs` as well as the `devshell` closures. +While you _could_ provision any NixOS machine with the same USB stick, an ISO +custom-made for your target host will maximise those local cache hits. For hosts +that don't differ too much, a single USB stick might be ok, whereas when there +are bigger differences, a custom-made USB stick will be considerably faster. + +[nixos-generators]: https://github.com/nix-community/nixos-generators +[burn]: https://nixos.org/manual/nixos/stable/index.html#sec-booting-from-usb +[formats]: https://github.com/nix-community/nixos-generators/tree/master/formats diff --git a/flake.lock b/flake.lock index e6c7e47d..5bf6c09b 100644 --- a/flake.lock +++ b/flake.lock @@ -20,26 +20,6 @@ "type": "github" } }, - "beautysh": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1641830469, - "narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=", - "owner": "lovesegfault", - "repo": "beautysh", - "rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb", - "type": "github" - }, - "original": { - "owner": "lovesegfault", - "repo": "beautysh", - "type": "github" - } - }, "blank": { "locked": { "lastModified": 1625557891, @@ -55,31 +35,6 @@ "type": "github" } }, - "bud": { - "inputs": { - "beautysh": "beautysh", - "devshell": [ - "digga", - "devshell" - ], - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1654190822, - "narHash": "sha256-B8z3stYaULNDBBjzJHrFHGgiJHrLqhBkxH+9u5iBP7E=", - "owner": "divnix", - "repo": "bud", - "rev": "0ff3e4e4b8791ea4d827bf5bfcac28cef060f209", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "bud", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -145,7 +100,7 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils", "nixpkgs": [ "digga", "nixpkgs" @@ -251,11 +206,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -266,7 +221,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_4" + "flake-utils": "flake-utils_2" }, "locked": { "lastModified": 1654029967, @@ -284,36 +239,6 @@ } }, "flake-utils_2": { - "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "locked": { "lastModified": 1644229661, "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", @@ -328,22 +253,7 @@ "type": "github" } }, - "flake-utils_5": { - "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { + "flake-utils_3": { "locked": { "lastModified": 1649676176, "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", @@ -431,27 +341,6 @@ "type": "github" } }, - "nix-dram": { - "inputs": { - "flake-utils": "flake-utils_5", - "nixpkgs": [ - "latest" - ] - }, - "locked": { - "lastModified": 1660180791, - "narHash": "sha256-oPO+keK4S9daL9ubU51hZ+QOWVSMbZ56F20iFI9Px3s=", - "owner": "dramforever", - "repo": "nix-dram", - "rev": "ae7f0b7c5d39eec5941fe21e9f202106bdea9ac2", - "type": "github" - }, - "original": { - "owner": "dramforever", - "repo": "nix-dram", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1636849918, @@ -486,7 +375,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1657748715, @@ -519,16 +408,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1633971123, - "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", + "lastModified": 1637186689, + "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", + "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -549,37 +438,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1651340061, - "narHash": "sha256-/+4FmvMfUw2IQXiVyMJMNdhf6mEodFRQRHIwUeVEZmk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d510b23805c37a5b11b86dc3ba8723fcaa6f4539", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1637186689, - "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 0, @@ -595,7 +453,7 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixos" ] @@ -614,25 +472,6 @@ "type": "github" } }, - "poetry2nix": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1633382856, - "narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "pub-solar": { "locked": { "lastModified": 1654369474, @@ -652,14 +491,12 @@ "root": { "inputs": { "agenix": "agenix", - "bud": "bud", "darwin": "darwin", "deploy": "deploy", "digga": "digga", "home": "home", "latest": "latest_2", "naersk": "naersk", - "nix-dram": "nix-dram", "nixos": "nixos", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 6b151818..573deadc 100644 --- a/flake.nix +++ b/flake.nix @@ -18,10 +18,6 @@ digga.inputs.home-manager.follows = "home"; digga.inputs.deploy.follows = "deploy"; - bud.url = "github:divnix/bud"; - bud.inputs.nixpkgs.follows = "nixos"; - bud.inputs.devshell.follows = "digga/devshell"; - home.url = "github:nix-community/home-manager/release-22.05"; home.inputs.nixpkgs.follows = "nixos"; @@ -43,16 +39,11 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-generators.url = "github:nix-community/nixos-generators"; - - # PubSolarOS additions - nix-dram.url = "github:dramforever/nix-dram"; - nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = { self , digga - , bud , nixos , home , nixos-hardware @@ -60,25 +51,22 @@ , agenix , nvfetcher , deploy - , nix-dram , ... } @ inputs: digga.lib.mkFlake { inherit self inputs; - channelsConfig = { allowUnfree = true; }; + channelsConfig = { + # allowUnfree = true; + }; supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; channels = { nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; - overlays = [ - nur.overlay - agenix.overlay - ./pkgs/default.nix - ]; + overlays = [ ]; }; latest = { }; }; @@ -92,6 +80,10 @@ our = self.lib; }); }) + nur.overlay + agenix.overlay + + (import ./pkgs) ]; nixos = { @@ -105,7 +97,6 @@ digga.nixosModules.nixConfig home.nixosModules.home-manager agenix.nixosModules.age - bud.nixosModules.bud ]; }; @@ -119,9 +110,9 @@ users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core users.pub-solar users.root ]; + base = [ users.pub-solar users.root ]; iso = base ++ [ base-user graphical pub-solar-iso ]; - pubsolaros = [ core full-install base-user users.root ]; + pubsolaros = [ full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; b12f = pubsolaros ++ [ users.ben social gaming mobile ]; @@ -157,6 +148,5 @@ deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { droppie = { }; }; - } - ; + }; } diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index acadc449..ba509911 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,12 +1,11 @@ { profiles, ... }: { - # build with: `bud build bootstrap bootstrapIso` + # build with: `nix build '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'` # reachable on the local link via ssh root@fe80::47%eno1 # where 'eno1' is replaced by your own machine's network # interface that has the local link to the target machine imports = [ # profiles.networking - profiles.core profiles.users.root # make sure to configure ssh keys profiles.users.pub-solar profiles.base-user diff --git a/modules/x-os/boot.nix b/modules/core/boot.nix similarity index 69% rename from modules/x-os/boot.nix rename to modules/core/boot.nix index 87c5b7d5..9a524a39 100644 --- a/modules/x-os/boot.nix +++ b/modules/core/boot.nix @@ -1,16 +1,16 @@ { config, pkgs, lib, ... }: let - cfg = config.pub-solar.x-os; + cfg = config.pub-solar.core; in with lib; { - options.pub-solar.x-os.iso-options.enable = mkOption { + options.pub-solar.core.iso-options.enable = mkOption { type = types.bool; default = false; description = "Feature flag for iso builds"; }; - options.pub-solar.x-os.disk-encryption-active = mkOption { + options.pub-solar.core.disk-encryption-active = mkOption { type = types.bool; default = true; description = "Whether it should be assumed that there is a cryptroot device"; @@ -30,5 +30,11 @@ with lib; }; boot.loader.systemd-boot.enable = true; + + # Use latest LTS linux kernel by default + boot.kernelPackages = pkgs.linuxPackages_5_15; + + # Support ntfs drives + boot.supportedFilesystems = [ "ntfs" ]; }; } diff --git a/modules/core/default.nix b/modules/core/default.nix new file mode 100644 index 00000000..7b168268 --- /dev/null +++ b/modules/core/default.nix @@ -0,0 +1,41 @@ +{ config, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.core; +in +{ + imports = [ + ./boot.nix + ./fonts.nix + ./i18n.nix + ./networking.nix + ./nix.nix + ./packages.nix + ./services.nix + ]; + + options.pub-solar.core = { + lite = mkOption { + description = '' + Enable a lite edition of core with less default modules and a reduced package set. + ''; + default = false; + type = types.bool; + }; + }; + + config = { + pub-solar = { + audio.enable = lib.mkIf (!cfg.lite) true; + crypto.enable = lib.mkIf (!cfg.lite) true; + devops.enable = lib.mkIf (!cfg.lite) true; + + terminal-life = { + enable = true; + lite = cfg.lite; + }; + }; + }; +} diff --git a/modules/core/fonts.nix b/modules/core/fonts.nix new file mode 100644 index 00000000..979ffc68 --- /dev/null +++ b/modules/core/fonts.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +{ + fonts = { + fonts = with pkgs; [ powerline-fonts dejavu_fonts ]; + fontconfig.defaultFonts = { + monospace = [ "DejaVu Sans Mono for Powerline" ]; + sansSerif = [ "DejaVu Sans" ]; + }; + }; +} + diff --git a/modules/x-os/i18n.nix b/modules/core/i18n.nix similarity index 100% rename from modules/x-os/i18n.nix rename to modules/core/i18n.nix diff --git a/modules/x-os/networking.nix b/modules/core/networking.nix similarity index 95% rename from modules/x-os/networking.nix rename to modules/core/networking.nix index 5ff41ddc..c6123f18 100644 --- a/modules/x-os/networking.nix +++ b/modules/core/networking.nix @@ -2,10 +2,10 @@ with lib; -let cfg = config.pub-solar.x-os; +let cfg = config.pub-solar.core; in { - options.pub-solar.x-os = { + options.pub-solar.core = { binaryCaches = mkOption { type = types.listOf types.str; default = [ ]; diff --git a/modules/core/nix.nix b/modules/core/nix.nix new file mode 100644 index 00000000..38b70cfc --- /dev/null +++ b/modules/core/nix.nix @@ -0,0 +1,23 @@ +{ config, pkgs, lib, inputs, ... }: + +{ + nix = { + # Improve nix store disk usage + autoOptimiseStore = true; + gc.automatic = true; + optimise.automatic = true; + # Prevents impurities in builds + useSandbox = true; + # give root and @wheel special privileges with nix + trustedUsers = [ "root" "@wheel" ]; + # This is just a representation of the nix default + systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + # Generally useful nix option defaults + extraOptions = '' + min-free = 536870912 + keep-outputs = true + keep-derivations = true + fallback = true + ''; + }; +} diff --git a/modules/core/packages.nix b/modules/core/packages.nix new file mode 100644 index 00000000..f6867816 --- /dev/null +++ b/modules/core/packages.nix @@ -0,0 +1,75 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.core; +in +{ + environment = { + systemPackages = with pkgs; [ + # Core unix utility packages + coreutils-full + dnsutils + inetutils + progress + pciutils + usbutils + + wget + openssl + openssh + curl + htop + lsof + psmisc + file + + # zippit + zip + unzip + + # Modern modern utilities + p7zip + croc + jq + ] + + ++ lib.optionals (!cfg.lite) [ + mtr + + gitFull + git-lfs + git-bug + + xdg-utils + sysfsutils + renameutils + nfs-utils + moreutils + mailutils + keyutils + input-utils + elfutils + binutils + dateutils + diffutils + findutils + exfat + + # Nix specific utilities + niv + manix + nix-index + nix-tree + nixpkgs-review + # Build broken, python2.7-PyJWT-2.0.1.drv' failed + #nixops + psos + nvd + + # Fun + neofetch + ]; + }; +} diff --git a/modules/core/services.nix b/modules/core/services.nix new file mode 100644 index 00000000..61ba6ea0 --- /dev/null +++ b/modules/core/services.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +{ + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + + # Service that makes Out of Memory Killer more effective + services.earlyoom.enable = true; +} diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index 0bb9781c..a506c2ef 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -5,17 +5,19 @@ let cfg = config.pub-solar.graphical; yamlFormat = pkgs.formats.yaml { }; recursiveMerge = attrList: - let f = attrPath: - zipAttrsWith (n: values: - if tail values == [ ] - then head values - else if all isList values - then unique (concatLists values) - else if all isAttrs values - then f (attrPath ++ [ n ]) values - else last values - ); - in f [ ] attrList; + let + f = attrPath: + zipAttrsWith (n: values: + if tail values == [ ] + then head values + else if all isList values + then unique (concatLists values) + else if all isAttrs values + then f (attrPath ++ [ n ]) values + else last values + ); + in + f [ ] attrList; in { options.pub-solar.graphical = { @@ -77,7 +79,6 @@ in fonts.enableDefaultFonts = true; fonts.fonts = with pkgs; [ - corefonts fira-code fira-code-symbols google-fonts diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 48a6c3c4..1e8fa9de 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -21,10 +21,6 @@ in services.printing.defaultShared = false; services.printing.drivers = [ pkgs.gutenprint - pkgs.brgenml1lpr - pkgs.brgenml1cupswrapper - pkgs.brlaser - pkgs.cups-brother-hl3140cw ]; hardware.sane = { enable = true; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 8ecb9919..6bd0312f 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -7,6 +7,14 @@ in { options.pub-solar.terminal-life = { enable = mkEnableOption "Life in black and white"; + + lite = mkOption { + description = '' + Enable a lite edition of terminal-life with less modules and a reduced package set. + ''; + default = false; + type = types.bool; + }; }; config = mkIf cfg.enable { diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 09a25b2f..6ca59da6 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let psCfg = config.pub-solar; + cfg = config.pub-solar.terminal-life; xdg = config.home-manager.users."${psCfg.user.name}".xdg; preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); @@ -86,7 +87,7 @@ in withRuby = true; withPython3 = true; - extraPackages = with pkgs; [ + extraPackages = with pkgs; lib.mkIf (!cfg.lite) [ ccls gopls nodejs diff --git a/modules/x-os/default.nix b/modules/x-os/default.nix deleted file mode 100644 index 6276bf5f..00000000 --- a/modules/x-os/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - imports = [ - ./boot.nix - ./i18n.nix - ./networking.nix - ]; -} diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4a85b71f..243373bc 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -10,11 +10,13 @@ channels: final: prev: { discord element-desktop rage + nix-index nixpkgs-fmt qutebrowser signal-desktop starship deploy-rs + nix tdesktop arduino diff --git a/overlays/rnix-lsp.nix b/overlays/rnix-lsp.nix new file mode 100644 index 00000000..62c0f2b0 --- /dev/null +++ b/overlays/rnix-lsp.nix @@ -0,0 +1,18 @@ +final: prev: { + rnix-lsp = prev.rnix-lsp.overrideAttrs (oldAttrs: rec { + version = "unstable-2022-07-28"; + + src = prev.fetchFromGitHub { + owner = "nix-community"; + repo = "rnix-lsp"; + rev = "ff18e04551a39ccdab0ff9c83926db3807b23478"; + sha256 = "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc="; + }; + + cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { + name = "rnix-lsp-vendor.tar.gz"; + inherit src; + outputHash = "sha256-SroynaHaFpvKlMSEagoGQhZcY7A0tE4xTbUXYFcneo8="; + }); + }); +} diff --git a/pkgs/sway-launcher.nix b/pkgs/sway-launcher.nix index afa09d07..57c7afe4 100644 --- a/pkgs/sway-launcher.nix +++ b/pkgs/sway-launcher.nix @@ -23,7 +23,7 @@ self: with self; '' # search command list command_str=$(printf "%s\n" "''${command_history}" "''${command_list}" | \ sed -E 's/^[0-9]+ (.+)$/\1/' | \ - fzf --exact --no-extended --print-query --no-sort | \ + fzf --color=16 --exact --no-extended --print-query --no-sort | \ tail -n1) || exit 1 if [ "$command_str" = "" ]; then diff --git a/profiles/core/starship.toml b/profiles/core/starship.toml deleted file mode 100644 index 6ed366b5..00000000 --- a/profiles/core/starship.toml +++ /dev/null @@ -1,95 +0,0 @@ -[aws] -symbol = "๎Œฝ " - -[character] -success_symbol = "[โฏ](bold purple)" -vicmd_symbol = "[โฎ](bold purple)" - -[battery] -full_symbol = "๏•ธ" -charging_symbol = "๏–ƒ" -discharging_symbol = "๏–‚" - -[conda] -symbol = "๏„Œ " - -[directory] -style = "cyan" -read_only = " ๐Ÿ”’" - -[docker] -symbol = "๏Œˆ " - -[elixir] -symbol = "๎‰ต " - -[elm] -symbol = "๎˜ฌ " - -[git_branch] -format = "[$symbol$branch]($style) " -symbol = "๏˜ " -style = "bold dimmed white" - -[git_status] -format = '([ใ€Œ$all_status$ahead_behindใ€]($style) )' -conflicted = "โš ๏ธ" -ahead = "โŸซ${count} " -behind = "โŸช${count}" -diverged = "๐Ÿ”€ " -untracked = "๐Ÿ“ " -stashed = "โ†ช " -modified = "๐šซ " -staged = "โœ” " -renamed = "โ‡† " -deleted = "โœ˜ " -style = "bold bright-white" - -[golang] -symbol = "๎˜ง " - -[haskell] -symbol = "๎˜Ÿ " - -[hg_branch] -symbol = "๏˜ " - -[java] -symbol = "๎‰– " - -[julia] -symbol = "๎˜ค " - -[memory_usage] -symbol = "๏กš " -disabled = false - -[nim] -symbol = "๏šค " - -[nix_shell] -format = '[$symbol$state]($style) ' -symbol = "๏‹œ " -pure_msg = "ฮป" -impure_msg = "โŽ”" - -[nodejs] -symbol = "๎‰ " - -[package] -symbol = "๏ฃ– " - -[php] -symbol = "๎˜ˆ " - -[python] -symbol = "๎˜† " - -[ruby] -symbol = "๎ˆพ " - -[rust] -symbol = "๏€“ " - -[status] -disabled = false diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix index 24b5e1b3..4aa8c6fd 100644 --- a/profiles/pub-solar-iso/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -6,6 +6,6 @@ in config = { pub-solar.graphical.wayland.software-renderer.enable = true; pub-solar.sway.terminal = "foot"; - pub-solar.x-os.iso-options.enable = true; + pub-solar.core.iso-options.enable = true; }; } diff --git a/shell/default.nix b/shell/default.nix index d22b3af4..597a2d2d 100644 --- a/shell/default.nix +++ b/shell/default.nix @@ -1,7 +1,6 @@ { self, inputs, ... }: { modules = with inputs; [ - bud.devshellModules.bud ]; exportedModules = [ ./devos.nix diff --git a/shell/devos.nix b/shell/devos.nix index f799ca03..bd3399a1 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -1,12 +1,22 @@ -{ pkgs, extraModulesPath, inputs, ... }: +{ pkgs, extraModulesPath, inputs, lib, ... }: let + inherit (pkgs) + agenix + cachix + editorconfig-checker + mdbook + nixUnstable + nixpkgs-fmt + nvfetcher + ; + hooks = import ./hooks; pkgWithCategory = category: package: { inherit package category; }; + devos = pkgWithCategory "devos"; linter = pkgWithCategory "linter"; docs = pkgWithCategory "docs"; - devos = pkgWithCategory "devos"; in { @@ -34,7 +44,7 @@ in ''); commands = with pkgs; [ - (devos nixUnstable) + (devos nix) (devos agenix) { category = "devos"; @@ -44,15 +54,15 @@ in } (linter nixpkgs-fmt) (linter editorconfig-checker) - # (docs python3Packages.grip) too many deps + (docs mdbook) + ] + ++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [ + (devos cachix) + ] + ++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [ + (devos inputs.nixos-generators.defaultPackage.${pkgs.system}) (devos deploy-rs) ] - ++ lib.optional - (system != "i686-linux") - (devos cachix) - ++ lib.optional - (system != "aarch64-darwin") - (devos inputs.nixos-generators.defaultPackage.${pkgs.system}) ; } diff --git a/shell/hooks/pre-commit.sh b/shell/hooks/pre-commit.sh index 985d3b40..a7fa9083 100755 --- a/shell/hooks/pre-commit.sh +++ b/shell/hooks/pre-commit.sh @@ -14,13 +14,16 @@ nix_files=($($diff -- '*.nix')) all_files=($($diff)) # Format staged nix files. -if [[ -n "${nix_files[@]}" ]]; then +if (( ${#nix_files[@]} != 0 )); then nixpkgs-fmt "${nix_files[@]}" \ && git add "${nix_files[@]}" fi # check editorconfig -editorconfig-checker -- "${all_files[@]}" +if (( ${#all_files[@]} != 0 )); then + editorconfig-checker -- "${all_files[@]}" +fi + if [[ $? != '0' ]]; then printf "%b\n" \ "\nCode is not aligned with .editorconfig" \ diff --git a/users/yule/default.nix b/users/yule/default.nix index 85b1b036..10d55ce7 100644 --- a/users/yule/default.nix +++ b/users/yule/default.nix @@ -13,14 +13,17 @@ in user = { name = "yule"; description = "b12f"; - password = "$y$j9T$kN1mEvhgjQ1g.9oF9/m6n/$5RMpIWdwSOMG5vUTW2N9tGCn6/NsXouMNn5VGnIA6lB"; + password = "$6$pHMaL9DfxhvnLGy5$ka9bRU5p1lPTF0YHPZDM9Miq79iXuaXb6GLeALM1eX5djdsHYnpvVWjrmImWmcghGXsrDwpmXZPSJUU.gFpuA1"; fullName = "Benjamin Bรคdorf"; email = "hello@benjaminbaedorf.eu"; gpgKeyId = "4406E80E13CD656C"; publicKeys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOLcgrSOP0EB2PSqMrZWwUeZAME9ffRbUq6CgaGAuIehqVWHWUnHb4LvP6hOiJkpWxwUC/12ml15I90zczqVXig= b12f Yubi Main" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s" ]; }; };