b12f restructure #1
8
.gitignore
vendored
8
.gitignore
vendored
|
@ -3,4 +3,12 @@ up
|
||||||
hosts/up-*
|
hosts/up-*
|
||||||
.direnv
|
.direnv
|
||||||
doc/index.html
|
doc/index.html
|
||||||
|
<<<<<<< HEAD
|
||||||
tags
|
tags
|
||||||
|
=======
|
||||||
|
|
||||||
|
# Result of flk commands
|
||||||
|
vm
|
||||||
|
iso
|
||||||
|
doi
|
||||||
|
>>>>>>> devos/core
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
# Pull Requests
|
# Pull Requests
|
||||||
If making a change to core, or adding a feature, please be sure to update the
|
All development is done in the `develop` branch. Only minor bug-fixes and release
|
||||||
|
PRs should target `master`.
|
||||||
|
|
||||||
|
If making a change to the template, or adding a feature, please be sure to update the
|
||||||
relevant docs. Each directory contains its own README.md, which will
|
relevant docs. Each directory contains its own README.md, which will
|
||||||
automatically be pulled into the [mdbook](https://devos.divnix.com). The book is
|
automatically be pulled into the [mdbook](https://devos.divnix.com). The book is
|
||||||
rendered on every change, so the docs should always be up to date.
|
rendered on every change, so the docs should always be up to date.
|
||||||
|
|
|
@ -24,6 +24,7 @@
|
||||||
- [up](./flk/up.md)
|
- [up](./flk/up.md)
|
||||||
- [update](./flk/update.md)
|
- [update](./flk/update.md)
|
||||||
- [get](./flk/get.md)
|
- [get](./flk/get.md)
|
||||||
|
- [doi](./flk/doi.md)
|
||||||
- [iso](./flk/iso.md)
|
- [iso](./flk/iso.md)
|
||||||
- [install](./flk/install.md)
|
- [install](./flk/install.md)
|
||||||
- [home](./flk/home.md)
|
- [home](./flk/home.md)
|
||||||
|
|
|
@ -6,13 +6,14 @@ of these hosts, devos automatically imports every _.nix_ file inside this
|
||||||
directory to the mentioned attribute set, applying the projects defaults to
|
directory to the mentioned attribute set, applying the projects defaults to
|
||||||
each. The only hard requirement is that the file contain a valid NixOS module.
|
each. The only hard requirement is that the file contain a valid NixOS module.
|
||||||
|
|
||||||
As an example, a file `hosts/system.nix` will be available via the flake
|
As an example, a file `hosts/system.nix` or `hosts/system/default.nix` will
|
||||||
output `nixosConfigurations.system`. You can have as many hosts as you want
|
be available via the flake output `nixosConfigurations.system`. You can have
|
||||||
and all of them will be automatically imported based on their name.
|
as many hosts as you want and all of them will be automatically imported based
|
||||||
|
on their name.
|
||||||
|
|
||||||
For each host, the configuration automatically sets the `networking.hostName`
|
For each host, the configuration automatically sets the `networking.hostName`
|
||||||
attribute to the name of the file minus the _.nix_ extension. This is for
|
attribute to the folder name or name of the file minus the _.nix_ extension. This
|
||||||
convenience, since `nixos-rebuild` automatically searches for a configuration
|
is for convenience, since `nixos-rebuild` automatically searches for a configuration
|
||||||
matching the current systems hostname if one is not specified explicitly.
|
matching the current systems hostname if one is not specified explicitly.
|
||||||
|
|
||||||
You can set channels, systems, and add extra modules to each host by editing the
|
You can set channels, systems, and add extra modules to each host by editing the
|
||||||
|
|
|
@ -27,10 +27,11 @@ You can also pull modules from other channels. All modules have access to the
|
||||||
`modulesPath` for each channel as `<channelName>ModulesPath`. And you can use
|
`modulesPath` for each channel as `<channelName>ModulesPath`. And you can use
|
||||||
`disabledModules` to remove modules from the current channel.
|
`disabledModules` to remove modules from the current channel.
|
||||||
|
|
||||||
Pulling the zsh module from the `latest` channel:
|
To pull zsh module from the `latest` channel this code can be placed in any module, whether its your host file, a profile, or a module in ./modules etc:
|
||||||
```nix
|
```nix
|
||||||
{ latestModulesPath }: {
|
{ latestModulesPath }:
|
||||||
modules = [ "${latestModulesPath}/programs/zsh/zsh.nix" ];
|
{
|
||||||
|
imports = [ "${latestModulesPath}/programs/zsh/zsh.nix" ];
|
||||||
disabledModules = [ "programs/zsh/zsh.nix" ];
|
disabledModules = [ "programs/zsh/zsh.nix" ];
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
|
@ -8,34 +8,29 @@ separation of concerns.
|
||||||
If you need guidance, a community [branch](https://github.com/divnix/devos/tree/community/profiles)
|
If you need guidance, a community [branch](https://github.com/divnix/devos/tree/community/profiles)
|
||||||
is maintained to help get up to speed on their usage.
|
is maintained to help get up to speed on their usage.
|
||||||
|
|
||||||
## Constraints
|
## Creation
|
||||||
For the sake of consistency, a profile should always be defined in a
|
Profiles are created with the `rakeLeaves` function which recursively collects
|
||||||
___default.nix___ containing a [nixos module config][config].
|
`.nix` files from within a folder. The recursion stops at folders with a `default.nix`
|
||||||
A profile's directory is used for quick modularization of
|
in them. You end up with an attribute set with leaves(paths to profiles) or
|
||||||
[interelated bits](./profiles.md#subprofiles).
|
nodes(attrsets leading to more nodes or leaves).
|
||||||
|
|
||||||
|
A profile is used for quick modularization of [interelated bits](./profiles.md#subprofiles).
|
||||||
|
|
||||||
> ##### _Notes:_
|
> ##### _Notes:_
|
||||||
> * For _declaring_ module options, there's the [modules](../outputs/modules.md) directory.
|
> * For _declaring_ module options, there's the [modules](../outputs/modules.md) directory.
|
||||||
> * This directory takes inspiration from
|
> * This directory takes inspiration from
|
||||||
> [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles)
|
> [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles)
|
||||||
> .
|
> .
|
||||||
> * Sticking to a simple [spec][spec] has refreshing advantages.
|
|
||||||
> [hercules-ci](../integrations/hercules.md) expects all profiles to be
|
|
||||||
> defined in a ___default.nix___, allowing them to be built automatically when
|
|
||||||
> added. Congruently, [suites](suites.md) expect ___default.nix___ to avoid
|
|
||||||
> having to manage their paths manually.
|
|
||||||
|
|
||||||
## Subprofiles
|
### Nested profiles
|
||||||
Profiles can also define subprofiles. They follow the same constraints outlined
|
Profiles can be nested in attribute sets due to the recursive nature of `rakeLeaves`.
|
||||||
above. A good top level profile should be a high level concern, such as your
|
This can be useful to have a set of profiles created for a specific purpose. It is
|
||||||
personal development environment while the subprofiles should be more focused
|
sometimes useful to have a `common` profile that has high level concerns related
|
||||||
program configurations such as your text editor, and shell configs. This way,
|
to all its sister profiles.
|
||||||
you can either pull in the whole development profile, or pick and choose
|
|
||||||
individual programs.
|
|
||||||
|
|
||||||
### Example
|
### Example
|
||||||
|
|
||||||
profiles/develop/default.nix:
|
profiles/develop/common.nix:
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
imports = [ ./zsh ];
|
imports = [ ./zsh ];
|
||||||
|
@ -43,7 +38,7 @@ profiles/develop/default.nix:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
profiles/develop/zsh/default.nix:
|
profiles/develop/zsh.nix:
|
||||||
```nix
|
```nix
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -52,6 +47,16 @@ profiles/develop/zsh/default.nix:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The examples above will end up with a profiles set like this:
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
develop = {
|
||||||
|
common = ./profiles/develop/common.nix;
|
||||||
|
zsh = ./profiles/develop/zsh.nix;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Conclusion
|
## Conclusion
|
||||||
Profiles are the most important concept in DevOS. They allow us to keep our
|
Profiles are the most important concept in DevOS. They allow us to keep our
|
||||||
Nix expressions self contained and modular. This way we can maximize reuse
|
Nix expressions self contained and modular. This way we can maximize reuse
|
||||||
|
|
|
@ -1,18 +1,11 @@
|
||||||
# Suites
|
# Suites
|
||||||
Suites provide a mechanism for users to easily combine and name collecitons of
|
Suites provide a mechanism for users to easily combine and name collecitons of
|
||||||
profiles. For good examples, check out the suites defined in the community
|
profiles. For good examples, check out the suites defined in the community branch.
|
||||||
[branch](https://github.com/divnix/devos/blob/community/suites/default.nix).
|
|
||||||
|
|
||||||
In the future, we will use suites as a mechanism for deploying various machine
|
`suites` are defined in the `importables` argument in either the `home` or `nixos`
|
||||||
types which don't depend on hardware, such as vm's and containers.
|
namespace. They are a special case of an `importable` which get passed as a special
|
||||||
|
argument (one that can be use in an `imports` line) to your hosts. All lists defined
|
||||||
They are defined with the `suites` argument in either `home` or `nixos` namespace.
|
in `suites` are flattened and type-checked as paths.
|
||||||
Suites should be passed as a function that take profiles as an argument.
|
|
||||||
|
|
||||||
The profiles are passed based on the folder names and list passed to the relevant
|
|
||||||
`profiles` argument. In the template's flake.nix `profiles` is set as
|
|
||||||
`[ ./profiles ./users ]` and that corresponds to the `{ profiles, users }` argument
|
|
||||||
pattern.
|
|
||||||
|
|
||||||
## Definition
|
## Definition
|
||||||
```nix
|
```nix
|
||||||
|
|
|
@ -23,11 +23,23 @@ your users. For a fully fleshed out example, check out the developers personal
|
||||||
```
|
```
|
||||||
|
|
||||||
## Home Manager
|
## Home Manager
|
||||||
Home Manager support follows the same principles as regular nixos configurations.
|
Home Manager support follows the same principles as regular nixos configurations,
|
||||||
|
it even gets its own namespace in your `flake.nix` as `home`.
|
||||||
|
|
||||||
All modules defined in [user modules][modules-list] will be imported to
|
All modules defined in [user modules][modules-list] will be imported to
|
||||||
Home Manager. All profiles are availabe in [suites][suites] as userProfiles.
|
Home Manager.
|
||||||
The `userSuites` output will be available in your Home Manager Configuration as
|
User profiles can be collected in a similar fashion as system ones into a `suites`
|
||||||
the special argument, `suites`.
|
argument that gets passed to your home-manager users.
|
||||||
|
|
||||||
|
### Example
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
home-manager.users.nixos = { suites, ... }: {
|
||||||
|
imports = suites.base;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## External Usage
|
## External Usage
|
||||||
You can easily use the defined home-manager configurations outside of NixOS
|
You can easily use the defined home-manager configurations outside of NixOS
|
||||||
|
@ -56,5 +68,4 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac
|
||||||
```
|
```
|
||||||
|
|
||||||
[home-manager]: https://nix-community.github.io/home-manager
|
[home-manager]: https://nix-community.github.io/home-manager
|
||||||
[suites]: https://github.com/divnix/devos/tree/core/suites/default.nix
|
[modules-list]: https://github.com/divnix/devos/tree/core/users/modules/module-list.nix
|
||||||
[modules-list]: https://github.com/divnix/devos/tree/core/modules/module-list.nix
|
|
||||||
|
|
10
doc/flk/doi.md
Normal file
10
doc/flk/doi.md
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# DigitalOcean
|
||||||
|
|
||||||
|
Now you can [create a droplet](https://cloud.digitalocean.com/droplets/new) using your custom image.
|
||||||
|
|
||||||
|
Making a DigitalOcean compatible image for `hosts/NixOS.nix` is as simple as:
|
||||||
|
```sh
|
||||||
|
flk doi NixOS
|
||||||
|
```
|
||||||
|
|
||||||
|
This works for any file matching `hosts/*.nix` excluding `default.nix`.
|
87
doc/lib.md
87
doc/lib.md
|
@ -1,87 +0,0 @@
|
||||||
# Lib
|
|
||||||
The lib directory mirrors the upstream concepts of [`nixpkgs:./lib`][nixpkgs-lib],
|
|
||||||
[`nixpkgs:./nixos/lib`][nixpkgs-nixos-lib] and [`nixpkgs:./pkgs/pkgs-lib`][nixpkgs-pkgs-lib],
|
|
||||||
but also occasionally [`nixpkgs:./pkgs/build-support`][nixpkgs-pkgs-build-support].
|
|
||||||
|
|
||||||
All functions defined in lib can be accessed in modules and packages as `ourlib`.
|
|
||||||
|
|
||||||
For example:
|
|
||||||
|
|
||||||
- you want to add a library function that depends on some packages
|
|
||||||
and use it throughout your devos environment: place it into `./lib`
|
|
||||||
as if you would place it into [`nixpkgs:./pkgs/pkgs-lib`][nixpkgs-pkgs-lib].
|
|
||||||
|
|
||||||
- you want to add library functions that don't depend on `pkgs`: place
|
|
||||||
them into `./lib` as if you would place them into [`nixpkgs:./lib`][nixpkgs-lib].
|
|
||||||
|
|
||||||
- need to try out a newish custom build support: place it here before
|
|
||||||
upstreaming into [`nixpkgs:./pkgs/build-support`][nixpkgs-pkgs-build-support].
|
|
||||||
|
|
||||||
- you want to reutilize certain module configuration functions or helpers:
|
|
||||||
place them into `./lib` as if you would place them into [`nixpkgs:./nixos/lib`][nixpkgs-nixos-lib].
|
|
||||||
|
|
||||||
Once your library grows, we recoomend you start organizing them into subfolders
|
|
||||||
analogous `nixpkgs`:
|
|
||||||
|
|
||||||
| `nixpkgs` | `devos` |
|
|
||||||
| ---------------------- | ------------------ |
|
|
||||||
| `./lib` | `./lib` |
|
|
||||||
| `./pkgs/pkgs-lib` | `./lib/pkgs-lib` |
|
|
||||||
| `./nixos/lib` | `./lib/nixos-lib` |
|
|
||||||
| `./pkgs/build-support` | `./lib/pkgs-build` |
|
|
||||||
|
|
||||||
|
|
||||||
## Example
|
|
||||||
lib/nixos-lib/mkCustomI3BindSym/default.nix:
|
|
||||||
```nix
|
|
||||||
{ pkgs, writers, ... }:
|
|
||||||
{ name, cmd, workspace, baseKey }:
|
|
||||||
let
|
|
||||||
isWorkspaceEmpty = writers.writePython3 "is-workspace-empty" {
|
|
||||||
libraries = [ pkgs.python3Packages.i3ipc ];
|
|
||||||
} (builtins.readFile ./is-workspace-empty.py);
|
|
||||||
|
|
||||||
ws = builtins.toString workspace;
|
|
||||||
in
|
|
||||||
''
|
|
||||||
|
|
||||||
# ${name}
|
|
||||||
#bindsym ${baseKey}+${ws} workspace ${ws}; exec ${cmd}
|
|
||||||
bindsym ${baseKey}+${ws} workspace ${ws}; exec bash -c "${isWorkspaceEmpty} && ${cmd}"
|
|
||||||
''
|
|
||||||
```
|
|
||||||
|
|
||||||
lib/nixos-lib/mkCustomI3BindSym/is-workspace-empty.py:
|
|
||||||
```python
|
|
||||||
# returns 0/1 if current workspace is empty/non-empty
|
|
||||||
|
|
||||||
import i3ipc
|
|
||||||
|
|
||||||
i3 = i3ipc.Connection()
|
|
||||||
tree = i3.get_tree()
|
|
||||||
|
|
||||||
|
|
||||||
def current_workspace():
|
|
||||||
return tree.find_focused().workspace()
|
|
||||||
|
|
||||||
|
|
||||||
if current_workspace().leaves():
|
|
||||||
print("Error current workspace is not empty")
|
|
||||||
exit(1)
|
|
||||||
exit(0)
|
|
||||||
```
|
|
||||||
|
|
||||||
lib/default.nix:
|
|
||||||
```nix
|
|
||||||
{ nixos, pkgs, ... }:
|
|
||||||
# ...
|
|
||||||
{
|
|
||||||
# ...
|
|
||||||
mkCustomI3BindSym = pkgs.callPackage ./nixos-lib/mkCustomI3BindSym { };
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
[nixpkgs-lib]: https://github.com/NixOS/nixpkgs/tree/master/lib
|
|
||||||
[nixpkgs-pkgs-lib]: https://github.com/NixOS/nixpkgs/tree/master/pkgs/pkgs-lib
|
|
||||||
[nixpkgs-pkgs-build-support]: https://github.com/NixOS/nixpkgs/tree/master/pkgs/build-support
|
|
||||||
[nixpkgs-nixos-lib]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib
|
|
|
@ -40,7 +40,7 @@ nix flake
|
||||||
|
|
||||||
*_Default_*
|
*_Default_*
|
||||||
```
|
```
|
||||||
"inputs.<name>"
|
"self.inputs.<name>"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -81,6 +81,56 @@ attribute set or path convertible to it
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## devshell
|
||||||
|
Modules to include in your devos shell. the `modules` argument
|
||||||
|
will be exported under the `devshellModules` output
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
submodule
|
||||||
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
|
```
|
||||||
|
{}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## devshell.externalModules
|
||||||
|
modules to include that won't be exported
|
||||||
|
meant importing modules from external flakes
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
list of valid module or path convertible to its or anything convertible to it
|
||||||
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
|
```
|
||||||
|
[]
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## devshell.modules
|
||||||
|
modules to include in all hosts and export to devshellModules output
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
list of path to a modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
|
```
|
||||||
|
[]
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## home
|
## home
|
||||||
hosts, modules, suites, and profiles for home-manager
|
hosts, modules, suites, and profiles for home-manager
|
||||||
|
|
||||||
|
@ -103,7 +153,7 @@ meant importing modules from external flakes
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
*_Type_*:
|
||||||
list of valid module or path convertible to its
|
list of valid module or path convertible to its or anything convertible to it
|
||||||
|
|
||||||
|
|
||||||
*_Default_*
|
*_Default_*
|
||||||
|
@ -114,6 +164,34 @@ list of valid module or path convertible to its
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.importables
|
||||||
|
Packages of paths to be passed to modules as `specialArgs`.
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
attribute set
|
||||||
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
|
```
|
||||||
|
{}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.importables.suites
|
||||||
|
collections of profiles
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
attribute set of list of paths or anything convertible to its
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## home.modules
|
## home.modules
|
||||||
modules to include in all hosts and export to homeModules output
|
modules to include in all hosts and export to homeModules output
|
||||||
|
|
||||||
|
@ -131,10 +209,17 @@ list of path to a modules or anything convertible to it or path convertible to i
|
||||||
|
|
||||||
|
|
||||||
## home.profiles
|
## home.profiles
|
||||||
profile folders that can be collected into suites
|
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
|
||||||
the name of the argument passed to suites is based
|
both with the importables option. `rakeLeaves` can be used to create profiles and
|
||||||
on the folder name.
|
by passing a module or `rec` set to `importables`, suites can access profiles.
|
||||||
[ ./profiles ] => { profiles }:
|
Example:
|
||||||
|
```
|
||||||
|
importables = rec {
|
||||||
|
profiles = digga.lib.importers.rakeLeaves ./profiles;
|
||||||
|
suites = with profiles; { };
|
||||||
|
}
|
||||||
|
```
|
||||||
|
See https://github.com/divnix/digga/pull/30 for more details
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
*_Type_*:
|
||||||
|
@ -150,31 +235,23 @@ list of paths
|
||||||
|
|
||||||
|
|
||||||
## home.suites
|
## home.suites
|
||||||
Function that takes profiles and returns suites for this config system
|
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
|
||||||
These can be accessed through the 'suites' special argument.
|
both with the importables option. `rakeLeaves` can be used to create profiles and
|
||||||
|
by passing a module or `rec` set to `importables`, suites can access profiles.
|
||||||
|
Example:
|
||||||
|
```
|
||||||
|
importables = rec {
|
||||||
|
profiles = digga.lib.importers.rakeLeaves ./profiles;
|
||||||
|
suites = with profiles; { };
|
||||||
|
}
|
||||||
|
```
|
||||||
|
See https://github.com/divnix/digga/pull/30 for more details
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
*_Type_*:
|
||||||
function that evaluates to a(n) attrs or path convertible to it
|
function that evaluates to a(n) attrs or path convertible to it
|
||||||
|
|
||||||
|
|
||||||
*_Default_*
|
|
||||||
```
|
|
||||||
"<function>"
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## inputs
|
|
||||||
inputs for this flake
|
|
||||||
used to set channel defaults and create registry
|
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
|
||||||
attribute set of nix flakes
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -236,7 +313,7 @@ meant importing modules from external flakes
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
*_Type_*:
|
||||||
list of valid module or path convertible to its
|
list of valid module or path convertible to its or anything convertible to it
|
||||||
|
|
||||||
|
|
||||||
*_Default_*
|
*_Default_*
|
||||||
|
@ -343,11 +420,46 @@ null
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.importables
|
||||||
|
Packages of paths to be passed to modules as `specialArgs`.
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
attribute set
|
||||||
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
|
```
|
||||||
|
{}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.importables.suites
|
||||||
|
collections of profiles
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
attribute set of list of paths or anything convertible to its
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## nixos.profiles
|
## nixos.profiles
|
||||||
profile folders that can be collected into suites
|
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
|
||||||
the name of the argument passed to suites is based
|
both with the importables option. `rakeLeaves` can be used to create profiles and
|
||||||
on the folder name.
|
by passing a module or `rec` set to `importables`, suites can access profiles.
|
||||||
[ ./profiles ] => { profiles }:
|
Example:
|
||||||
|
```
|
||||||
|
importables = rec {
|
||||||
|
profiles = digga.lib.importers.rakeLeaves ./profiles;
|
||||||
|
suites = with profiles; { };
|
||||||
|
}
|
||||||
|
```
|
||||||
|
See https://github.com/divnix/digga/pull/30 for more details
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
*_Type_*:
|
||||||
|
@ -363,17 +475,39 @@ list of paths
|
||||||
|
|
||||||
|
|
||||||
## nixos.suites
|
## nixos.suites
|
||||||
Function that takes profiles and returns suites for this config system
|
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
|
||||||
These can be accessed through the 'suites' special argument.
|
both with the importables option. `rakeLeaves` can be used to create profiles and
|
||||||
|
by passing a module or `rec` set to `importables`, suites can access profiles.
|
||||||
|
Example:
|
||||||
|
```
|
||||||
|
importables = rec {
|
||||||
|
profiles = digga.lib.importers.rakeLeaves ./profiles;
|
||||||
|
suites = with profiles; { };
|
||||||
|
}
|
||||||
|
```
|
||||||
|
See https://github.com/divnix/digga/pull/30 for more details
|
||||||
|
|
||||||
|
|
||||||
*_Type_*:
|
*_Type_*:
|
||||||
function that evaluates to a(n) attrs or path convertible to it
|
function that evaluates to a(n) attrs or path convertible to it
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## outputsBuilder
|
||||||
|
builder for flake system-spaced outputs
|
||||||
|
The builder gets passed an attrset of all channels
|
||||||
|
|
||||||
|
|
||||||
|
*_Type_*:
|
||||||
|
function that evaluates to a(n) attrs
|
||||||
|
|
||||||
|
|
||||||
*_Default_*
|
*_Default_*
|
||||||
```
|
```
|
||||||
"<function>"
|
"channels: { }"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,7 @@ The only minor difference is that, instead of adding the `callPackage` call to
|
||||||
`all-packages.nix`, you just add it the the _default.nix_ in this directory,
|
`all-packages.nix`, you just add it the the _default.nix_ in this directory,
|
||||||
which is defined as a simple overlay.
|
which is defined as a simple overlay.
|
||||||
|
|
||||||
This overlay is set as the default `overlay` output attribute for the flake.
|
All the packages are exported via `packages.<system>.<pkg-name>`, for all
|
||||||
And all the packages are exported via `packages.<system>.<pkg-name>`, for all
|
|
||||||
the supported systems listed in the package's `meta.platforms` attribute.
|
the supported systems listed in the package's `meta.platforms` attribute.
|
||||||
|
|
||||||
And, as usual, every package in the overlay is also available to any NixOS
|
And, as usual, every package in the overlay is also available to any NixOS
|
||||||
|
|
110
doc/secrets.md
110
doc/secrets.md
|
@ -1,18 +1,110 @@
|
||||||
# Secrets
|
# Secrets
|
||||||
Secrets are managed using [git-crypt][git-crypt] so you can keep your flake in
|
Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix]
|
||||||
a public repository like GitHub without exposing your password or other
|
so you can keep your flake in a public repository like GitHub without
|
||||||
sensitive data.
|
exposing your password or other sensitive data.
|
||||||
|
|
||||||
By default, everything in the secrets folder is automatically encrypted. Just
|
By default, everything in the secrets folder is automatically encrypted. Just
|
||||||
be sure to run `git-crypt init` before putting anything in here.
|
be sure to run `git-crypt init` before putting anything in here.
|
||||||
|
|
||||||
|
## Agenix
|
||||||
|
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
||||||
|
within the nix store because it is world-readable.
|
||||||
|
|
||||||
|
Most NixOS modules have the ability to set options to files in the system, outside
|
||||||
|
the nix store, that contain sensitive information. You can use [agenix][agenix]
|
||||||
|
to easily setup those secret files declaratively.
|
||||||
|
|
||||||
|
[agenix][agenix] encrypts secrets and stores them as .age files in your repository.
|
||||||
|
Age files are encrypted with multiple ssh public keys, so any host or user with a
|
||||||
|
matching ssh private key can read the data. The [age module][age module] will add those
|
||||||
|
encrypted files to the nix store and decrypt them on activation to `/run/secrets`.
|
||||||
|
|
||||||
|
### Setup
|
||||||
|
All hosts must have openssh enabled, this is done by default in the core profile.
|
||||||
|
|
||||||
|
You need to populate your `secrets/secrets.nix` with the proper ssh public keys.
|
||||||
|
Be extra careful to make sure you only add public keys, you should never share a
|
||||||
|
private key!!
|
||||||
|
|
||||||
|
secrets/secrets.nix:
|
||||||
|
```nix
|
||||||
|
let
|
||||||
|
system = "<system ssh key>";
|
||||||
|
user = "<user ssh key>";
|
||||||
|
allKeys = [ system user ];
|
||||||
|
in
|
||||||
|
```
|
||||||
|
|
||||||
|
On most systems, you can get your systems ssh public key from `/etc/ssh/ssh_host_ed25519_key.pub`. If
|
||||||
|
this file doesn't exist you likely need to enable openssh and rebuild your system.
|
||||||
|
|
||||||
|
Your users ssh public key is probably stored in `~/.ssh/id_ed25519.pub` or
|
||||||
|
`~/.ssh/id_rsa.pub`. If you haven't generated a ssh key yet, be sure do so:
|
||||||
|
```sh
|
||||||
|
ssh-keygen -t ed25519
|
||||||
|
```
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
> Currently, there is [no mechanism][secrets-issue] in nix to deploy secrets
|
> The underlying tool used by agenix, rage, doesn't work well with password protected
|
||||||
> within the nix/store so, if they end up in the nix/store after deployment, they
|
> ssh keys. So if you have lots of secrets you might have to type in your password many
|
||||||
> will be world readable on that machine.
|
> times.
|
||||||
>
|
|
||||||
> The author of devos intends to implement a workaround for this situation in
|
|
||||||
> the near future, but for the time being, simple be aware of this.
|
### Secrets
|
||||||
|
You will need the `agenix` command to create secrets. DevOS conveniently provides that
|
||||||
|
in the devShell, so just run `nix develop` whenever you want to edit secrets. Make sure
|
||||||
|
to always run `agenix` while in the `secrets/` folder, so it can pick up your `secrets.nix`.
|
||||||
|
|
||||||
|
To create secrets, simply add lines to your `secrets/secrets.nix`:
|
||||||
|
```
|
||||||
|
let
|
||||||
|
...
|
||||||
|
allKeys = [ system user ];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"secret.age".publicKeys = allKeys;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
That would tell agenix to create a `secret.age` file that is encrypted with the `system`
|
||||||
|
and `user` ssh public key.
|
||||||
|
|
||||||
|
Then go into the `secrets` folder and run:
|
||||||
|
```sh
|
||||||
|
agenix -e secret.age
|
||||||
|
```
|
||||||
|
This will create the `secret.age`, if it doesn't already exist, and allow you to edit it.
|
||||||
|
|
||||||
|
If you ever change the `publicKeys` entry of any secret make sure to rekey the secrets:
|
||||||
|
```sh
|
||||||
|
agenix --rekey
|
||||||
|
```
|
||||||
|
|
||||||
|
### Usage
|
||||||
|
Once you have your secret file encrypted and ready to use, you can utilize the [age module][age module]
|
||||||
|
to ensure that your secrets end up in `/run/secrets`.
|
||||||
|
|
||||||
|
In any profile that uses a NixOS module that requires a secret you can enable a particular secret like so:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{ self, ... }:
|
||||||
|
{
|
||||||
|
age.secrets.mysecret.file = "${self}/secrets/mysecret.age";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Then you can just pass the path `/run/secrets/mysecret` to the module.
|
||||||
|
|
||||||
|
You can make use of the many options provided by the age module to customize where and how
|
||||||
|
secrets get decrypted. You can learn about them by looking at the
|
||||||
|
[age module][age module].
|
||||||
|
|
||||||
|
|
||||||
|
> ##### _Note:_
|
||||||
|
> You can take a look at the [agenix repository][agenix] for more information
|
||||||
|
> about the tool.
|
||||||
|
|
||||||
[git-crypt]: https://github.com/AGWA/git-crypt
|
[git-crypt]: https://github.com/AGWA/git-crypt
|
||||||
|
[agenix]: https://github.com/ryantm/agenix
|
||||||
|
[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix
|
||||||
[secrets-issue]: https://github.com/NixOS/nix/issues/8
|
[secrets-issue]: https://github.com/NixOS/nix/issues/8
|
||||||
|
|
11
doc/tests.md
11
doc/tests.md
|
@ -5,22 +5,19 @@ NixOS offers some incredibly powerful tools to write tests for your
|
||||||
configuration, and, optionally, run them in
|
configuration, and, optionally, run them in
|
||||||
[CI](./integrations/hercules.md).
|
[CI](./integrations/hercules.md).
|
||||||
|
|
||||||
## Lib Tests
|
|
||||||
You can easily write tests for your own library functions in the
|
|
||||||
lib/___tests/lib.nix___ file and they will be run on every `nix flake check` or
|
|
||||||
during a CI run.
|
|
||||||
|
|
||||||
## Unit Tests
|
## Unit Tests
|
||||||
Unit tests are can be created from regular derivations, and they can do
|
Unit tests can be created from regular derivations, and they can do
|
||||||
almost anything you can imagine. By convention, it is best to test your
|
almost anything you can imagine. By convention, it is best to test your
|
||||||
packages during their [check phase][check]. All packages and their tests will
|
packages during their [check phase][check]. All packages and their tests will
|
||||||
be built during CI.
|
be built during CI.
|
||||||
|
|
||||||
## Integration Tests
|
## Integration Tests
|
||||||
|
All your profiles defined in suites will be tested in a NixOS VM.
|
||||||
|
|
||||||
You can write integration tests for one or more NixOS VMs that can,
|
You can write integration tests for one or more NixOS VMs that can,
|
||||||
optionally, be networked together, and yes, it's as awesome as it sounds!
|
optionally, be networked together, and yes, it's as awesome as it sounds!
|
||||||
|
|
||||||
Be sure to use the `mkTest` function, in the [___tests/default.nix___][default]
|
Be sure to use the `mkTest` function from digga, `digga.lib.pkgs-lib.mkTest`
|
||||||
which wraps the official [testing-python][testing-python] function to ensure
|
which wraps the official [testing-python][testing-python] function to ensure
|
||||||
that the system is setup exactly as it is for a bare DevOS system. There are
|
that the system is setup exactly as it is for a bare DevOS system. There are
|
||||||
already great resources for learning how to use these tests effectively,
|
already great resources for learning how to use these tests effectively,
|
||||||
|
|
139
flake.lock
139
flake.lock
|
@ -1,22 +1,23 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"b12f-nix-fonts": {
|
"agenix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": [
|
||||||
|
"latest"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622483595,
|
"lastModified": 1620877075,
|
||||||
"narHash": "sha256-h3x/N2m6hqdaHyHRQh3celkg9A+0Zn+8U/IGnq6rugQ=",
|
"narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
|
||||||
"ref": "main",
|
"owner": "ryantm",
|
||||||
"rev": "2d0f4e56712c01d8a31aacbc58f2bba2a160e9b6",
|
"repo": "agenix",
|
||||||
"revCount": 3,
|
"rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
|
||||||
"type": "git",
|
"type": "github"
|
||||||
"url": "https://git.b12f.io/b12f/nix-fonts"
|
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"ref": "main",
|
"owner": "ryantm",
|
||||||
"type": "git",
|
"repo": "agenix",
|
||||||
"url": "https://git.b12f.io/b12f/nix-fonts"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ci-agent": {
|
"ci-agent": {
|
||||||
|
@ -71,7 +72,7 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat_2",
|
||||||
"naersk": "naersk",
|
"naersk": "naersk",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -90,11 +91,11 @@
|
||||||
},
|
},
|
||||||
"devshell": {
|
"devshell": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1618523768,
|
"lastModified": 1622013274,
|
||||||
"narHash": "sha256-Gev9da35pHUey3kGz/zrJFc/9ICs++vPCho7qB1mqd8=",
|
"narHash": "sha256-mK/Lv0lCbl07dI5s7tR/7nb79HunKnJik3KyR6yeI2k=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "devshell",
|
"repo": "devshell",
|
||||||
"rev": "709fe4d04a9101c9d224ad83f73416dce71baf21",
|
"rev": "e7faf69e6bf8546517cc936c7f6d31c7eb3abcb2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -108,19 +109,20 @@
|
||||||
"deploy": "deploy",
|
"deploy": "deploy",
|
||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
"nixlib": "nixlib",
|
"nixlib": "nixlib",
|
||||||
"nixpkgs": "nixpkgs_3",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"utils": "utils_2"
|
"utils": "utils_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622093678,
|
"lastModified": 1623197477,
|
||||||
"narHash": "sha256-WLD1RXE351WlYTwGmadXH7EGLGNOpnqgUFuJgYuhbQk=",
|
"narHash": "sha256-2Qk/uIHb1nXre2rRlGonAJmpuamBs7RRfgXhMmS5JkU=",
|
||||||
"owner": "divnix",
|
"owner": "divnix",
|
||||||
"repo": "digga",
|
"repo": "digga",
|
||||||
"rev": "1b366811824635d249befa8bb046ac4c5f9f3494",
|
"rev": "f69703abc33f221b676966a8435c4f09ef70ff49",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "divnix",
|
"owner": "divnix",
|
||||||
|
"ref": "master",
|
||||||
"repo": "digga",
|
"repo": "digga",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -225,11 +227,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622482341,
|
"lastModified": 1623623251,
|
||||||
"narHash": "sha256-qNTi74De8iTyCQiDqOKRRNOk1pu++BpxvbmKSeqg8es=",
|
"narHash": "sha256-Aku5PTg4zk+XaiIOvDuRLzQmybGg3StaEmAl/NZlKdU=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2a4ab0d891a59fd3a0fc09e9805aad5a8f82dfac",
|
"rev": "25bf3d79531ce45fd36866205bf07a24bb3be2b9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -240,11 +242,11 @@
|
||||||
},
|
},
|
||||||
"latest": {
|
"latest": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622480250,
|
"lastModified": 1623692505,
|
||||||
"narHash": "sha256-uYUEKsTE9Dm2mml7icr0zgdgFDo9NbiiFjX/II7Ifik=",
|
"narHash": "sha256-2WnyKaMBPmkHgWXzyMc73ehsKrIUgumZQ+GuHL2OjSM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "4335222fd5119562f37028ad18df05cc94329222",
|
"rev": "16cd0e70fe5a1b9fdbe8b4d8a3d6b258c5f885da",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -280,11 +282,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1620316130,
|
"lastModified": 1623324658,
|
||||||
"narHash": "sha256-sU0VS5oJS1FsHsZsLELAXc7G2eIelVuucRw+q5B1x9k=",
|
"narHash": "sha256-TjWmZPH/xbUi7Xuj2EigB9sTOpqsiFmnv7m6+QgTDrA=",
|
||||||
"owner": "nmattia",
|
"owner": "nmattia",
|
||||||
"repo": "naersk",
|
"repo": "naersk",
|
||||||
"rev": "a3f40fe42cc6d267ff7518fa3199e99ff1444ac4",
|
"rev": "4f7426c362809e472d03c369d3674317c32b6863",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -302,11 +304,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "contrib",
|
"dir": "contrib",
|
||||||
"lastModified": 1622347770,
|
"lastModified": 1623622151,
|
||||||
"narHash": "sha256-reuhbVHdVGwvxyGq8fo/i1fVwqsoswQDb/YasgSPJ8k=",
|
"narHash": "sha256-IkBOtKnytI4/CxrB8TgFcUeSmf39sLDHABcwMmhbMQY=",
|
||||||
"owner": "neovim",
|
"owner": "neovim",
|
||||||
"repo": "neovim",
|
"repo": "neovim",
|
||||||
"rev": "3cd688ff775a50808eb7d260e540038cc32b4a40",
|
"rev": "2f0e5e7e67faa469f5d12a66ec084ab9c35d8c6b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -320,14 +322,14 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_3",
|
"flake-compat": "flake-compat_3",
|
||||||
"neovim-flake": "neovim-flake",
|
"neovim-flake": "neovim-flake",
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622451818,
|
"lastModified": 1623658603,
|
||||||
"narHash": "sha256-JGL1kzVXhkVMHl0UA/FW3zJ6BncJnwJ4YKOnGLjNnjk=",
|
"narHash": "sha256-7R3BNOYXh51up/vo+o4CunTVe/MhHZ/jwGJzJBJZ+4Y=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "neovim-nightly-overlay",
|
"repo": "neovim-nightly-overlay",
|
||||||
"rev": "381238fc989d4790b70417c22b682bb1aa5ea0af",
|
"rev": "54eaff5f5f1080ec8d4320e5259ae404604fe014",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -339,7 +341,7 @@
|
||||||
"nix-dram": {
|
"nix-dram": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_3",
|
||||||
"nixpkgs": "nixpkgs_5"
|
"nixpkgs": "nixpkgs_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1620663773,
|
"lastModified": 1620663773,
|
||||||
|
@ -372,11 +374,11 @@
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622282707,
|
"lastModified": 1623324058,
|
||||||
"narHash": "sha256-+GOrUDsdneUqrOm9d+9bHXjEVoVcU8tm14WGVzbt6gg=",
|
"narHash": "sha256-Jm9GUTXdjXz56gWDKy++EpFfjrBaxqXlLvTLfgEi8lo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6933d068c5d2fcff398e802f7c4e271bbdab6705",
|
"rev": "432fc2d9a67f92e05438dff5fdc2b39d33f77997",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -387,11 +389,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622475342,
|
"lastModified": 1623569835,
|
||||||
"narHash": "sha256-c08illT/TUfI2oeLlN8YP4kcGtXLsJOcoq9CNzoRQhM=",
|
"narHash": "sha256-Mg+FN1JkEQ91Zff0+ot/ndRgD9BB+uDBLN12AcBYkSA=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "d38958a6aa5bdbf3239f26a04689f3d9ae7da0c0",
|
"rev": "7305b276c90cfd3ad0a2452101a49c0b52c784c0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -401,21 +403,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1622059058,
|
|
||||||
"narHash": "sha256-t1/ZMtyxClVSfcV4Pt5C1YpkeJ/UwFF3oitLD7Ch/UA=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "84aa23742f6c72501f9cc209f29c438766f5352d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1610942247,
|
"lastModified": 1610942247,
|
||||||
"narHash": "sha256-PKo1ATAlC6BmfYSRmX0TVmNoFbrec+A5OKcabGEu2yU=",
|
"narHash": "sha256-PKo1ATAlC6BmfYSRmX0TVmNoFbrec+A5OKcabGEu2yU=",
|
||||||
|
@ -431,7 +418,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1620962350,
|
"lastModified": 1620962350,
|
||||||
"narHash": "sha256-9ASW4d4/Z8HmRvuJI8rxbEOTbXTBpQ8y+CmFYBwtXzE=",
|
"narHash": "sha256-9ASW4d4/Z8HmRvuJI8rxbEOTbXTBpQ8y+CmFYBwtXzE=",
|
||||||
|
@ -446,13 +433,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622282707,
|
"lastModified": 1623324058,
|
||||||
"narHash": "sha256-+GOrUDsdneUqrOm9d+9bHXjEVoVcU8tm14WGVzbt6gg=",
|
"narHash": "sha256-Jm9GUTXdjXz56gWDKy++EpFfjrBaxqXlLvTLfgEi8lo=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6933d068c5d2fcff398e802f7c4e271bbdab6705",
|
"rev": "432fc2d9a67f92e05438dff5fdc2b39d33f77997",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -462,7 +449,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1620340338,
|
"lastModified": 1620340338,
|
||||||
"narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=",
|
"narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=",
|
||||||
|
@ -478,13 +465,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_6": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622480250,
|
"lastModified": 1623692505,
|
||||||
"narHash": "sha256-uYUEKsTE9Dm2mml7icr0zgdgFDo9NbiiFjX/II7Ifik=",
|
"narHash": "sha256-2WnyKaMBPmkHgWXzyMc73ehsKrIUgumZQ+GuHL2OjSM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "4335222fd5119562f37028ad18df05cc94329222",
|
"rev": "16cd0e70fe5a1b9fdbe8b4d8a3d6b258c5f885da",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -494,11 +481,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1622483169,
|
"lastModified": 1623691985,
|
||||||
"narHash": "sha256-uEHHS2pZRcyXBRUtynugr5FPhiRW4IVNaEbWqPI7tC0=",
|
"narHash": "sha256-ujUDfpOjjK4jvk16kRnsOoHamoh1dg8KOcz+1YoC368=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "3022dd625fbdaee8cfa7aeb5a4fdff345b2738c6",
|
"rev": "633cfde3ed8f7a095a75413c1a214e27f8117f86",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -540,7 +527,7 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"b12f-nix-fonts": "b12f-nix-fonts",
|
"agenix": "agenix",
|
||||||
"ci-agent": "ci-agent",
|
"ci-agent": "ci-agent",
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
"digga": "digga",
|
"digga": "digga",
|
||||||
|
@ -551,7 +538,7 @@
|
||||||
"nix-dram": "nix-dram",
|
"nix-dram": "nix-dram",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs_6",
|
"nixpkgs": "nixpkgs_5",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"pkgs": "pkgs"
|
"pkgs": "pkgs"
|
||||||
}
|
}
|
||||||
|
@ -576,11 +563,11 @@
|
||||||
"flake-utils": "flake-utils"
|
"flake-utils": "flake-utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1620801141,
|
"lastModified": 1622583383,
|
||||||
"narHash": "sha256-XPJ+/nP/s218E11R+4LJyvkrQXvdT3D6TzNjfWVYZnI=",
|
"narHash": "sha256-2DFx619SNfjzYwqx1ryae8zHnTh+N7VsZkbtAbrYIIA=",
|
||||||
"owner": "gytis-ivaskevicius",
|
"owner": "gytis-ivaskevicius",
|
||||||
"repo": "flake-utils-plus",
|
"repo": "flake-utils-plus",
|
||||||
"rev": "1a742047f3f7c97b22768ba7738ac5a01052099e",
|
"rev": "6b2ea4b02cad77fac581c6a9ec4f822ba87dce5c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
39
flake.nix
39
flake.nix
|
@ -5,7 +5,7 @@
|
||||||
{
|
{
|
||||||
nixos.url = "nixpkgs/nixos-unstable";
|
nixos.url = "nixpkgs/nixos-unstable";
|
||||||
latest.url = "nixpkgs";
|
latest.url = "nixpkgs";
|
||||||
digga.url = "github:divnix/digga";
|
digga.url = "github:divnix/digga/master";
|
||||||
|
|
||||||
ci-agent = {
|
ci-agent = {
|
||||||
url = "github:hercules-ci/hercules-ci-agent";
|
url = "github:hercules-ci/hercules-ci-agent";
|
||||||
|
@ -17,6 +17,8 @@
|
||||||
home.inputs.nixpkgs.follows = "nixos";
|
home.inputs.nixpkgs.follows = "nixos";
|
||||||
naersk.url = "github:nmattia/naersk";
|
naersk.url = "github:nmattia/naersk";
|
||||||
naersk.inputs.nixpkgs.follows = "latest";
|
naersk.inputs.nixpkgs.follows = "latest";
|
||||||
|
agenix.url = "github:ryantm/agenix";
|
||||||
|
agenix.inputs.nixpkgs.follows = "latest";
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||||
|
|
||||||
pkgs.url = "path:./pkgs";
|
pkgs.url = "path:./pkgs";
|
||||||
|
@ -31,7 +33,7 @@
|
||||||
neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
|
neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
|
||||||
|
|
||||||
# b12f additions
|
# b12f additions
|
||||||
b12f-nix-fonts.url = "git+https://git.b12f.io/b12f/nix-fonts?ref=main";
|
# b12f-nix-fonts.url = "git+https://git.b12f.io/b12f/nix-fonts?ref=main";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
|
@ -42,10 +44,11 @@
|
||||||
, ci-agent
|
, ci-agent
|
||||||
, home
|
, home
|
||||||
, nixos-hardware
|
, nixos-hardware
|
||||||
, nix-dram
|
, agenix
|
||||||
, nur
|
, nur
|
||||||
|
, nix-dram
|
||||||
, neovim-nightly
|
, neovim-nightly
|
||||||
, b12f-nix-fonts
|
# , b12f-nix-fonts
|
||||||
, ...
|
, ...
|
||||||
}: digga.lib.mkFlake {
|
}: digga.lib.mkFlake {
|
||||||
inherit self inputs;
|
inherit self inputs;
|
||||||
|
@ -59,9 +62,10 @@
|
||||||
./pkgs/default.nix
|
./pkgs/default.nix
|
||||||
pkgs.overlay # for `srcs`
|
pkgs.overlay # for `srcs`
|
||||||
nur.overlay
|
nur.overlay
|
||||||
|
agenix.overlay
|
||||||
nix-dram.overlay
|
nix-dram.overlay
|
||||||
neovim-nightly.overlay
|
neovim-nightly.overlay
|
||||||
b12f-nix-fonts.overlay
|
# b12f-nix-fonts.overlay
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
latest = { };
|
latest = { };
|
||||||
|
@ -86,6 +90,7 @@
|
||||||
{ _module.args.ourLib = self.lib; }
|
{ _module.args.ourLib = self.lib; }
|
||||||
ci-agent.nixosModules.agent-profile
|
ci-agent.nixosModules.agent-profile
|
||||||
home.nixosModules.home-manager
|
home.nixosModules.home-manager
|
||||||
|
agenix.nixosModules.age
|
||||||
./modules/customBuilds.nix
|
./modules/customBuilds.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -95,24 +100,34 @@
|
||||||
/* set host specific properties here */
|
/* set host specific properties here */
|
||||||
NixOS = { };
|
NixOS = { };
|
||||||
};
|
};
|
||||||
profiles = [ ./profiles ./users ];
|
importables = rec {
|
||||||
suites = { profiles, users, ... }: with profiles; rec {
|
profiles = digga.lib.importers.rakeLeaves ./profiles // {
|
||||||
|
users = digga.lib.importers.rakeLeaves ./users;
|
||||||
|
};
|
||||||
|
suites = with profiles; rec {
|
||||||
base = [ core users.nixos users.root ];
|
base = [ core users.nixos users.root ];
|
||||||
pubsolaros = [ core base-user users.root ];
|
pubsolaros = [ core base-user users.root ];
|
||||||
anonymous = [ pubsolaros users.nixos ];
|
anonymous = pubsolaros ++ [ users.nixos ];
|
||||||
b12f = [ pubsolaros users.ben ];
|
b12f = pubsolaros ++ [ users.ben ];
|
||||||
biolimo = [ b12f graphical ];
|
biolimo = b12f ++ [ graphical ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
modules = ./users/modules/module-list.nix;
|
modules = ./users/modules/module-list.nix;
|
||||||
externalModules = [ ];
|
externalModules = [ ];
|
||||||
profiles = [ ./users/profiles ];
|
importables = rec {
|
||||||
suites = { profiles, ... }: with profiles; rec {
|
profiles = digga.lib.importers.rakeLeaves ./users/profiles;
|
||||||
|
suites = with profiles; rec {
|
||||||
base = [ direnv git ];
|
base = [ direnv git ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
devshell.externalModules = { pkgs, ... }: {
|
||||||
|
packages = [ pkgs.agenix ];
|
||||||
|
};
|
||||||
|
|
||||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||||
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
{ suites, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./biolimo
|
|
||||||
] ++ suites.biolimo;
|
|
||||||
}
|
|
28
hosts/biolimo/base.nix
Normal file
28
hosts/biolimo/base.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin";
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
5000
|
||||||
|
];
|
||||||
|
|
||||||
|
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||||
|
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||||
|
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,28 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ suites, ... }:
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./base.nix
|
||||||
];
|
] ++ suites.biolimo;
|
||||||
|
|
||||||
config = {
|
|
||||||
pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin";
|
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
5000
|
|
||||||
];
|
|
||||||
|
|
||||||
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
|
|
||||||
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
|
||||||
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
|
||||||
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
|
||||||
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,6 @@ in
|
||||||
system.build = {
|
system.build = {
|
||||||
iso = (mkBuild (diggaLib.modules.isoConfig {
|
iso = (mkBuild (diggaLib.modules.isoConfig {
|
||||||
inherit self;
|
inherit self;
|
||||||
inherit (self) inputs;
|
|
||||||
fullHostConfig = config;
|
fullHostConfig = config;
|
||||||
})).config.system.build.isoImage;
|
})).config.system.build.isoImage;
|
||||||
|
|
||||||
|
@ -26,5 +25,9 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
})).config.home-manager.users;
|
})).config.home-manager.users;
|
||||||
|
|
||||||
|
digitalOcean = (mkBuild ({ modulesPath, ... }: {
|
||||||
|
imports = [ "${modulesPath}/virtualisation/digital-ocean-image.nix" ];
|
||||||
|
})).config.system.build.digitalOceanImage;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ channels: final: prev: {
|
||||||
discord
|
discord
|
||||||
element-desktop
|
element-desktop
|
||||||
manix
|
manix
|
||||||
|
rage
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
qutebrowser
|
qutebrowser
|
||||||
signal-desktop
|
signal-desktop
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
import ./pub-solar
|
|
|
@ -1,15 +0,0 @@
|
||||||
final: prev:
|
|
||||||
with final; {
|
|
||||||
import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final);
|
|
||||||
mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final);
|
|
||||||
mu = writeShellScriptBin "mu" (import ./mu.nix final);
|
|
||||||
mopidy-jellyfin = import ./mopidy-jellyfin.nix final;
|
|
||||||
psos = writeShellScriptBin "psos" (import ./psos.nix final);
|
|
||||||
s = writeShellScriptBin "s" (import ./s.nix final);
|
|
||||||
swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
|
|
||||||
sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final);
|
|
||||||
sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final);
|
|
||||||
toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
|
|
||||||
uhk-agent = import ./uhk-agent.nix final;
|
|
||||||
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
GPU_VGA_PORT="0000:01:00.0"
|
|
||||||
|
|
||||||
echo 1 > "/sys/bus/pci/devices/$GPU_VGA_PORT/rom"
|
|
||||||
cat "/sys/bus/pci/devices/$GPU_VGA_PORT/rom" > \
|
|
||||||
"/usr/share/qemu/gpu-1060.rom"
|
|
||||||
echo 0 > "/sys/bus/pci/devices/$GPU_VGA_PORT/rom"
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
# usage: import-gsettings <gsettings key>:<settings.ini key> <gsettings key>:<settings.ini key> ...
|
|
||||||
|
|
||||||
expression=""
|
|
||||||
for pair in "$@"; do
|
|
||||||
IFS=:; set -- $pair
|
|
||||||
expressions="$expressions -e 's/^$2=(.*)$/gsettings set org.gnome.desktop.interface $1 \1/e'"
|
|
||||||
done
|
|
||||||
IFS=
|
|
||||||
eval exec sed -E $expressions "$XDG_CONFIG_HOME"/gtk-3.0/settings.ini >/dev/null
|
|
||||||
''
|
|
|
@ -1,9 +0,0 @@
|
||||||
shopt - s nullglob
|
|
||||||
for
|
|
||||||
g in /sys/kernel/iommu_groups/*; do
|
|
||||||
echo "IOMMU Group ${g##*/}:"
|
|
||||||
for d in $g/devices/*; do
|
|
||||||
echo -e "\t$(lspci -nns ${d##*/})"
|
|
||||||
done;
|
|
||||||
done;
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
echo "$@" >> $XDG_CACHE_HOME/log/mailto.log
|
|
||||||
|
|
||||||
exec ${alacritty}/bin/alacritty -e neomutt -- "$@"
|
|
||||||
''
|
|
|
@ -1,29 +0,0 @@
|
||||||
self: with self;
|
|
||||||
let
|
|
||||||
websocket-client = python38.pkgs.buildPythonPackage rec {
|
|
||||||
pname = "websocket-client";
|
|
||||||
version = "1.0.0";
|
|
||||||
doCheck = false;
|
|
||||||
src = python38.pkgs.fetchPypi {
|
|
||||||
inherit pname version;
|
|
||||||
sha256 = "sha256-UFGzii9MJ/vXygd+uyPsaWWmJt7VqVY382vhs1tsT4E=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
python38.pkgs.buildPythonPackage rec {
|
|
||||||
pname = "Mopidy-Jellyfin";
|
|
||||||
version = "1.0.2";
|
|
||||||
doCheck = false;
|
|
||||||
propagatedBuildInputs = with python38.pkgs; [
|
|
||||||
unidecode
|
|
||||||
websocket-client
|
|
||||||
requests
|
|
||||||
setuptools
|
|
||||||
pykka
|
|
||||||
mopidy
|
|
||||||
];
|
|
||||||
src = python38.pkgs.fetchPypi {
|
|
||||||
inherit pname version;
|
|
||||||
sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g=";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
exec ${alacritty}/bin/alacritty --class mu_vimpc --option dimensions.columns=120 --option dimensions.lines=80 -e vimpc -- "$@"
|
|
||||||
''
|
|
|
@ -1,5 +0,0 @@
|
||||||
# You can use this file as a nixpkgs overlay. This is useful in the
|
|
||||||
# case where you don't want to add the whole NUR namespace to your
|
|
||||||
# configuration.
|
|
||||||
|
|
||||||
self: super: import ./default.nix { pkgs = super; }
|
|
|
@ -1,29 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
case $1 in
|
|
||||||
rebuild)
|
|
||||||
shift;
|
|
||||||
exec sudo nixos-rebuild switch --flake "/etc/nixos#installed-host" $@
|
|
||||||
;;
|
|
||||||
update)
|
|
||||||
shift;
|
|
||||||
cd /etc/nixos
|
|
||||||
git pull
|
|
||||||
exec nix flake update
|
|
||||||
;;
|
|
||||||
option)
|
|
||||||
shift;
|
|
||||||
exec nixos-option -I nixpkgs=/etc/nixos/lib/compat $@
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
if [[ "$@" != "" ]]; then
|
|
||||||
echo "Unknown command: psos $@"
|
|
||||||
echo ""
|
|
||||||
fi
|
|
||||||
echo "Usage: psos [COMMAND]"
|
|
||||||
echo " rebuild Rebuild the configuration and switch to it"
|
|
||||||
echo " update Pull git and update flake.lock"
|
|
||||||
echo " option [path] See the current value for an option in the flake config. Example: psos option nix.nixPath"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
''
|
|
|
@ -1,39 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
case $1 in
|
|
||||||
d)
|
|
||||||
shift;
|
|
||||||
URL="https://duckduckgo.com?q=$@"
|
|
||||||
;;
|
|
||||||
no)
|
|
||||||
shift;
|
|
||||||
URL="https://search.nixos.org/options?query=$@"
|
|
||||||
;;
|
|
||||||
np)
|
|
||||||
shift;
|
|
||||||
URL="https://search.nixos.org/packages?query=$@"
|
|
||||||
;;
|
|
||||||
rs)
|
|
||||||
shift;
|
|
||||||
URL="https://doc.rust-lang.org/std/index.html?search=$@"
|
|
||||||
;;
|
|
||||||
rsc)
|
|
||||||
shift;
|
|
||||||
URL="https://docs.rs/releases/search?query=$@"
|
|
||||||
;;
|
|
||||||
mdn)
|
|
||||||
shift;
|
|
||||||
URL="https://developer.mozilla.org/en-US/search?q=$@"
|
|
||||||
;;
|
|
||||||
w)
|
|
||||||
shift;
|
|
||||||
URL="https://en.wikipedia.org/w/index.php?search=$@"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
URL="https://search.b12f.io?q=$@"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
${firefox-wayland}/bin/firefox --new-tab "$URL"
|
|
||||||
${sway}/bin/swaymsg '[app_id="firefox"]' focus
|
|
||||||
''
|
|
|
@ -1,64 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
#!/usr/bin/env zsh
|
|
||||||
# terminal application launcher for sway, using fzf
|
|
||||||
# original command:
|
|
||||||
# Based on: https://github.com/swaywm/sway/issues/1367
|
|
||||||
# bindsym $altkey+space exec termite --name=launcher -e \
|
|
||||||
# "bash -c 'compgen -c | sort -u | fzf --no-extended --print-query | \
|
|
||||||
# tail -n1 | xargs -r swaymsg -t command exec'"
|
|
||||||
|
|
||||||
HIST_FILE="''${XDG_CACHE_HOME:-$HOME/.cache}/sway-launcher-history.txt"
|
|
||||||
|
|
||||||
# Get shell command list
|
|
||||||
# This may include the occasional non-executable file
|
|
||||||
command_list=$({ whence -wm '*' | sed 's/:[^:]*$//' })
|
|
||||||
|
|
||||||
# read existing command history
|
|
||||||
if [ -f "$HIST_FILE" ]; then
|
|
||||||
command_history=$(cat "$HIST_FILE")
|
|
||||||
else
|
|
||||||
command_history=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# search command list
|
|
||||||
command_str=$(printf "%s\n" "''${command_history}" "''${command_list}" | \
|
|
||||||
sed -E 's/^[0-9]+ (.+)$/\1/' | \
|
|
||||||
fzf --exact --no-extended --print-query --no-sort | \
|
|
||||||
tail -n1) || exit 1
|
|
||||||
|
|
||||||
if [ "$command_str" = "" ]; then
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# echo "Command: $command_str"
|
|
||||||
|
|
||||||
# using \E flag from perl regex
|
|
||||||
test "''${command_str#*\\E}" != "$command_str" && echo "command can't contain '\E'"
|
|
||||||
test "''${command_str#*\\E}" != "$command_str" && exit 1
|
|
||||||
|
|
||||||
# get full line from history (with count number)
|
|
||||||
hist_line=$(echo "$command_history" | grep -Pe "^[0-9]+ \Q$command_str\E$")
|
|
||||||
# echo "Hist Line: $hist_line"
|
|
||||||
|
|
||||||
if [ "$hist_line" = "" ]; then
|
|
||||||
hist_count=1
|
|
||||||
else
|
|
||||||
# Increment usage count
|
|
||||||
hist_count=$(echo "$hist_line" | sed -E 's/^([0-9]+) .+$/\1/')
|
|
||||||
hist_count=$((hist_count + 1))
|
|
||||||
# delete line, to add updated later
|
|
||||||
# echo "Hist Before: $command_history"
|
|
||||||
command_history=$(echo "$command_history" | \
|
|
||||||
grep --invert-match -Pe "^[0-9]+ \Q$command_str\E$")
|
|
||||||
# echo "Hist After: $command_history"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# update history
|
|
||||||
update_line="''${hist_count} ''${command_str}"
|
|
||||||
printf "%s\n" "''${update_line}" "''${command_history}" | \
|
|
||||||
sort --numeric-sort --reverse > "$HIST_FILE"
|
|
||||||
# echo "$update_line"
|
|
||||||
|
|
||||||
# execute command
|
|
||||||
echo "$command_str"
|
|
||||||
${sway}/bin/swaymsg -t command exec "$command_str"
|
|
||||||
''
|
|
|
@ -1,6 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
# first import environment variables from the login manager
|
|
||||||
systemctl --user import-environment
|
|
||||||
# then start the service
|
|
||||||
exec systemctl --wait --user start sway.service
|
|
||||||
''
|
|
|
@ -1,20 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
# Dependencies:
|
|
||||||
# swaylock
|
|
||||||
|
|
||||||
# Make sure we aren't running twice
|
|
||||||
RUNNING=$(ps -A | grep swaylock | wc -l)
|
|
||||||
if [ $RUNNING -ne 0 ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg
|
|
||||||
LOCKARGS=""
|
|
||||||
|
|
||||||
for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'`
|
|
||||||
do
|
|
||||||
LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}"
|
|
||||||
IMAGES="''${IMAGES} ''${IMAGE}"
|
|
||||||
done
|
|
||||||
exec ${swaylock}/bin/swaylock $LOCKARGS
|
|
||||||
''
|
|
|
@ -1,14 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
set -e
|
|
||||||
|
|
||||||
current_layout=$(${sway}/bin/swaymsg -t get_inputs | ${jq}/bin/jq -r '.[] | select(.type == "keyboard") | .xkb_active_layout_index' | head -1)
|
|
||||||
total_layouts=$(${sway}/bin/swaymsg -t get_inputs | ${jq}/bin/jq -r '.[] | select(.type == "keyboard") | .xkb_layout_names | length' | head -1)
|
|
||||||
|
|
||||||
next_layout=$(expr $current_layout + 1);
|
|
||||||
|
|
||||||
if [ $next_layout -ge $total_layouts ]; then
|
|
||||||
next_layout=0;
|
|
||||||
fi
|
|
||||||
|
|
||||||
${sway}/bin/swaymsg input '*' xkb_switch_layout "$next_layout"
|
|
||||||
''
|
|
|
@ -1,44 +0,0 @@
|
||||||
self: with self;
|
|
||||||
let
|
|
||||||
uhk-agent-bin = stdenv.mkDerivation rec {
|
|
||||||
pname = "uhk-agent-bin";
|
|
||||||
version = "1.5.14";
|
|
||||||
src = builtins.fetchurl {
|
|
||||||
url = "https://github.com/UltimateHackingKeyboard/agent/releases/download/v1.5.14/UHK.Agent-1.5.14-linux-x86_64.AppImage";
|
|
||||||
sha256 = "sha256:1yzh4ixy0cqg02xf84vcqj3h67mkxyzs6jf1h935ay582n70nyqg";
|
|
||||||
};
|
|
||||||
phases = [ "installPhase" "patchPhase" ];
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
cp $src $out/bin/uhk-agent
|
|
||||||
chmod +x $out/bin/uhk-agent
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
script = ''
|
|
||||||
#!${bash}/bin/bash
|
|
||||||
|
|
||||||
${appimage-run}/bin/appimage-run ${uhk-agent-bin}/bin/uhk-agent
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "uhk-agent";
|
|
||||||
version = "1.5.14";
|
|
||||||
buildInputs = [
|
|
||||||
bash
|
|
||||||
uhk-agent-bin
|
|
||||||
appimage-run
|
|
||||||
];
|
|
||||||
|
|
||||||
phases = [ "buildPhase" "installPhase" "patchPhase" ];
|
|
||||||
|
|
||||||
buildPhase = ''
|
|
||||||
echo "${script}" >> uhk-agent
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
cp uhk-agent $out/bin/uhk-agent
|
|
||||||
chmod +x $out/bin/uhk-agent
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
self: with self; ''
|
|
||||||
pid=$(${sway}/bin/swaymsg -t get_tree | jq '.. | select(.type?) | select(.type=="con") | select(.focused==true).pid')
|
|
||||||
ppid=$(pgrep --newest --parent ''${pid})
|
|
||||||
readlink /proc/''${ppid}/cwd || echo $HOME
|
|
||||||
''
|
|
|
@ -7,18 +7,14 @@ in
|
||||||
./home.nix
|
./home.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
users = {
|
users.users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] {
|
||||||
mutableUsers = false;
|
|
||||||
|
|
||||||
users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] {
|
|
||||||
# Indicates whether this is an account for a “real” user.
|
# Indicates whether this is an account for a “real” user.
|
||||||
# This automatically sets group to users, createHome to true,
|
# This automatically sets group to users, createHome to true,
|
||||||
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
|
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "";
|
description = "The main PubSolarOS user";
|
||||||
extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ];
|
extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ];
|
||||||
initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
|
initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ in
|
||||||
./session-variables.nix
|
./session-variables.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
home-manager.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
|
||||||
# Let Home Manager install and manage itself.
|
# Let Home Manager install and manage itself.
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -127,6 +127,12 @@ in
|
||||||
|
|
||||||
system.autoUpgrade.enable = true;
|
system.autoUpgrade.enable = true;
|
||||||
|
|
||||||
|
# For rage encryption, all hosts need a ssh key pair
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = lib.mkDefault false;
|
||||||
|
};
|
||||||
|
|
||||||
services.earlyoom.enable = true;
|
services.earlyoom.enable = true;
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
1
secrets/.gitattributes
vendored
1
secrets/.gitattributes
vendored
|
@ -1,3 +1,4 @@
|
||||||
* filter=git-crypt diff=git-crypt
|
* filter=git-crypt diff=git-crypt
|
||||||
.gitattributes !filter !diff
|
.gitattributes !filter !diff
|
||||||
|
secrets.nix !filter !diff
|
||||||
README.md !filter !diff
|
README.md !filter !diff
|
||||||
|
|
9
secrets/secrets.nix
Normal file
9
secrets/secrets.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
let
|
||||||
|
# set ssh public keys here for your system and user
|
||||||
|
system = "";
|
||||||
|
user = "";
|
||||||
|
allKeys = [ system user ];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"secret.age".publicKeys = allKeys;
|
||||||
|
}
|
|
@ -32,6 +32,6 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
fonts.fonts = lib.attrValues pkgs.b12f.fonts;
|
# fonts.fonts = lib.attrValues pkgs.b12f.fonts;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue