Merge remote-tracking branch 'devos/master'

This commit is contained in:
teutat3s 2021-09-01 18:45:42 +02:00
commit 02330bc9ce
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
32 changed files with 263 additions and 950 deletions

View file

@ -2,7 +2,7 @@ name: "Check & Cachix"
on: on:
push: push:
branches: branches:
- core - main
- trying - trying
- staging - staging
jobs: jobs:

View file

@ -3,7 +3,7 @@ name: Deploy Docs to GitHub Pages
on: on:
push: push:
branches: branches:
- core - main
jobs: jobs:
deploy: deploy:

View file

@ -12,7 +12,7 @@ Make an awesome template for NixOS users, with consideration for common tools li
[devshell][devshell], and [more](./doc/integrations). [devshell][devshell], and [more](./doc/integrations).
### No. Why _flakes_? ### No. Why _flakes_?
Flakes are a part of an explicit push to improve [Nix's UI](https://github.com/NixOS/nix/blob/master/doc/manual/src/contributing/cli-guideline.md), and have become an intergral part of that effort. Flakes are a part of an explicit push to improve [Nix's UX](https://github.com/NixOS/nix/blob/master/doc/manual/src/contributing/cli-guideline.md), and have become an integral part of that effort.
They also make [Nix expressions](https://nixos.org/manual/nix/unstable/expressions/expression-syntax.html) easier to distribute and reuse with convient [flake references](https://github.com/NixOS/nix/blob/master/src/nix/flake.md#flake-references) for building or using packages, modules, and whole systems. They also make [Nix expressions](https://nixos.org/manual/nix/unstable/expressions/expression-syntax.html) easier to distribute and reuse with convient [flake references](https://github.com/NixOS/nix/blob/master/src/nix/flake.md#flake-references) for building or using packages, modules, and whole systems.
@ -22,18 +22,14 @@ Also, have a look at [_flake.nix_][toc]. If anything is not immediately
discoverable via "[`digga`][digga]'s [`mkFlake`][mk-flake], discoverable via "[`digga`][digga]'s [`mkFlake`][mk-flake],
please file a bug report. please file a bug report.
## Motivation ### Status: Beta
NixOS provides an amazing abstraction to manage our environment, but that new Although this project has already matured quite a bit, especially through
power can sometimes bring feelings of overwhelm and confusion. Having a turing recent outfactoring of [`digga`][digga], a fair amount of api polishing is still
complete system can easily lead to unlimited complexity if we do it wrong. expected. There are unstable versions (0._x_._x_) to help users keep track
Instead, we should have a community consensus on how to manage a NixOS system of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave 😜
and its satellite projects, from which best practices can evolve.
___The future is declarative! 🎉___ ## In the Wild
* The original [authors][please]
## Examples in the Wild
The author maintains his own branch, so you can take inspiration, direction, or
make critical comments about the [code][please]. 😜
## Shoulders ## Shoulders
This work does not reinvent the wheel. It stands on the [shoulders of the This work does not reinvent the wheel. It stands on the [shoulders of the
@ -92,4 +88,3 @@ DevOS is licensed under the [MIT License][mit].
[nixpkgs]: https://github.com/NixOS/nixpkgs [nixpkgs]: https://github.com/NixOS/nixpkgs
[nvfetcher]: https://github.com/berberman/nvfetcher [nvfetcher]: https://github.com/berberman/nvfetcher
[please]: https://github.com/nrdxp/devos/tree/nrd [please]: https://github.com/nrdxp/devos/tree/nrd
[toc]: https://github.com/divnix/devos/blob/core/flake.nix

View file

@ -1,25 +1,18 @@
# Pull Requests # Pull Requests
All development is done in the `develop` branch. Only minor bug-fixes and release
PRs should target `master`.
If making a change to the template, or adding a feature, please be sure to update the ## TL;DR;
relevant docs. Each directory contains its own README.md, which will - **Target Branch**: `main`
automatically be pulled into the [mdbook](https://devos.divnix.com). The book is - **Merge Policy**: [`bors`][bors] is alwyas right (→ `bors try`)
rendered on every change, so the docs should always be up to date. - **Docs**: every changeset is expected to contain doc updates
- **Commit Msg**: be a poet! Comprehensive and explanatory commit messages
should cover the motivation and use case in an easily understandable manner
even when read after a few months.
- **Test Driven Development**: please default to test driven development where possible.
We also use [BORS](https://bors.tech) to ensure that all pull requests pass the ### Within the Devshell (`nix develop`)
test suite once at least one review is completed. - **Hooks**: please `git commit` within the devshell
- **Fail Early**: please run from within the devshell on your local machine:
- `nix flake check`
# Style [bors]: https://bors.tech
If you wish to contribute please follow these guidelines:
* format your code with [`nixpkgs-fmt`][nixpkgs-fmt]. The default devshell
includes a pre-commit hook that does this for you.
* The commit message follows the same semantics as [nixpkgs][nixpkgs].
* You can use a `#` symbol to specify ambiguities. For example,
`develop#zsh: <rest of commit message>` would tell me that you're updating the
`zsh` subprofile living under the `develop` profile.
[nixpkgs-fmt]: https://github.com/nix-community/nixpkgs-fmt
[nixpkgs]: https://github.com/NixOS/nixpkgs

View file

@ -6,7 +6,6 @@
- [Bootstrapping](./start/bootstrapping.md) - [Bootstrapping](./start/bootstrapping.md)
- [From NixOS](./start/from-nixos.md) - [From NixOS](./start/from-nixos.md)
- [Key Concepts](./concepts/index.md) - [Key Concepts](./concepts/index.md)
- [Extern](./concepts/extern.md)
- [Hosts](./concepts/hosts.md) - [Hosts](./concepts/hosts.md)
- [Overrides](./concepts/overrides.md) - [Overrides](./concepts/overrides.md)
- [Profiles](./concepts/profiles.md) - [Profiles](./concepts/profiles.md)
@ -17,17 +16,10 @@
- [Overlays](./outputs/overlays.md) - [Overlays](./outputs/overlays.md)
- [Packages](./outputs/pkgs.md) - [Packages](./outputs/pkgs.md)
- [Concerns]() - [Concerns]()
- [Lib](./lib.md)
- [Secrets](./secrets.md) - [Secrets](./secrets.md)
- [Tests](./tests.md) - [Tests](./tests.md)
- [Helper Script `flk`](./flk/index.md) - [Helper Script `bud`](./bud/index.md)
- [up](./flk/up.md) - [get](./bud/get.md)
- [update](./flk/update.md)
- [get](./flk/get.md)
- [doi](./flk/doi.md)
- [iso](./flk/iso.md)
- [install](./flk/install.md)
- [home](./flk/home.md)
- [Integrations](./integrations/index.md) - [Integrations](./integrations/index.md)
- [Cachix](./integrations/cachix.md) - [Cachix](./integrations/cachix.md)
- [Deploy RS](./integrations/deploy.md) - [Deploy RS](./integrations/deploy.md)

View file

@ -4,7 +4,7 @@ git history.
## Usage ## Usage
```sh ```sh
flk get DEST-DIR bud get DEST-DIR
``` ```
If DEST-DIR is ommitted, it defaults to _./devos_. If DEST-DIR is ommitted, it defaults to _./devos_.

24
doc/bud/index.md Normal file
View file

@ -0,0 +1,24 @@
# [`bud`][bud] command
The template incudes a convenient script for managing your system called [`bud`][bud].
It is a portable and highly composable system control tool that work anywhere on your host
or in the flake's devshell.
Although it comes with some predefined standard helpers,
it is very extensible and you are encouraged to write your own script snippets
to ease your workflows. An example is the bud module for a `get` command that
comes included with `devos`.
While writing scripts you can convenientely access smart environment variables
that can tell the current architecture, user or host name, among others, regardless
wether you invoke `bud` within the devshell or as the system-wide installed `bud`.
For details, please review the [bud repo][bud].
## Usage
```sh
bud help
```
[bud]: https://github.com/divnix/bud

View file

@ -1,42 +0,0 @@
# External Art
When you need to use a module, overlay, or pass a value from one of your inputs
to the rest of your NixOS configuration, you can make use of a couple arguments.
It is encouraged to add external art directly in your `flake.nix` so the file
represents a complete dependency overview of your flake.
## Overlays
External overlays can directly be added to a channel's `overlays` list.
flake.nix:
```nix
{
channels.nixos.overlays = [ inputs.agenix.overlay ];
}
```
Upon exporting overlays, these overlays will be automatically filtered out by inspecting the `inputs` argument.
## Modules
There is a dedicated `nixos.hostDefaults.externalModules` argument for external
modules.
flake.nix:
```nix
{
nixos.hostDefaults.externalModules = [ inputs.agenix.nixosModules.age ];
}
```
## Home Manager
Since there isn't a `hosts` concept for home-manager, externalModules is just a
top-level argument in the `home` namespace.
flake.nix:
```nix
{
home.externalModules = [ doom-emacs = doom-emacs.hmModule ];
}
```
> ##### Note:
> To avoid declaring "external" modules separately, which is obvious since they come from `inputs`, the optimal solution would be to automatically export modules that were created in
> your flake. But this is not possible due to NixOS/nix#4740.

View file

@ -1,4 +1,10 @@
# Key Concepts # Key Concepts
There are few idioms unique to DevOS. This section is dedicated to helping you Key concepts are derived from [digga][digga]. Please refer to its
understand them. [docs][digga-docs] for more details.
This section is dedicated to helping you develop a more hands on
understanding of them them.
[digga-docs]: https://digga.divnix.com
[digga]: https://github.com/divnix/digga

View file

@ -1,3 +1,8 @@
> ##### _Note:_
> This section and its semantics need a conceptiual rework.
> Since recently [portable home configurations][portableuser]
> that are not bound to any specific host are a thing.
# Users # Users
Users are a special case of [profiles](profiles.md) that define system Users are a special case of [profiles](profiles.md) that define system
@ -69,3 +74,4 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac
[home-manager]: https://nix-community.github.io/home-manager [home-manager]: https://nix-community.github.io/home-manager
[modules-list]: https://github.com/divnix/devos/tree/core/users/modules/module-list.nix [modules-list]: https://github.com/divnix/devos/tree/core/users/modules/module-list.nix
[portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers

View file

@ -1,10 +0,0 @@
# DigitalOcean
Now you can [create a droplet](https://cloud.digitalocean.com/droplets/new) using your custom image.
Making a DigitalOcean compatible image for `hosts/NixOS.nix` is as simple as:
```sh
flk doi NixOS
```
This works for any file matching `hosts/*.nix` excluding `default.nix`.

View file

@ -1,8 +0,0 @@
# home
The `home` subcommand is for using your home-manager configurations outside of
NixOS, providing an awesome mechanism for keeping your environments
synchronized, even when using other systems.
## Usage
The [users](../concepts/users.md#external-usage) page contains a good usage
example.

View file

@ -1,20 +0,0 @@
# flk command
The devshell for the project incudes a convenient script for managing your
system called `flk`. Each of the following chapters is a reference for one of
its subcommands.
## Rebuild
Without any of the subcommands, `flk` acts as a convenient shortcut for
`nixos-rebuild`:
```sh
flk NixOS build
```
Will build _hosts/NixOS.nix_. You can change out `build` for `switch`, `test`,
etc. Any additional arguments are passed through to the call to
`nixos-rebuild`.
## Usage
```sh
flk help
```

View file

@ -1,12 +0,0 @@
# install
The `install` subcommand is a simple convenience for `nixos-install`, similar
to the shortcut for `nixos-rebuild`, all additional arguments are passed
through.
## Example
```sh
flk install NixOS
```
This will install _hosts/NixOS.nix_ to /mnt. You can override this directory
using standard `nixos-install` args.

View file

@ -1 +0,0 @@
../start/iso.md

View file

@ -1,4 +0,0 @@
# up
The `up` subcommand is a simple shortcut for `nixos-generate-config` that is
compatible with devos. There is a short explanation in the the getting started
[guide](../start/from-nixos.md#generate-configuration).

View file

@ -1,22 +0,0 @@
# update
The `update` subcommand is a simple alias for:
```sh
nix flake update
```
As it sounds, this will update your lock file.
## Updating Package Sources
If you pass directory name then it will update that input if the directory
contains a flake.nix, with an optional arguement to update only a specific
input in the subflake.
For example, you can update any
[package sources](../outputs/pkgs.md#automatic-source-updates) you may have
declared in _pkgs/flake.nix_:
```sh
flk update pkgs
```
or just its _nixpkgs_:
```sh
flk update pkgs nixpkgs
```

View file

@ -38,6 +38,6 @@ fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching
> ##### _Note:_ > ##### _Note:_
> Please refer to the [NvFetcher Readme][nvf-readme] for more options. > Please refer to the [NvFetcher Readme][nvf-readme] for more options.
[nvf: https://github.com/berberman/nvfetcher [nvf]: https://github.com/berberman/nvfetcher
[nvf-readme]: https://github.com/berberman/nvfetcher#readme [nvf-readme]: https://github.com/berberman/nvfetcher#readme
[sources.toml]: https://github.com/divnix/devos/tree/core/pkgs/sources.toml [sources.toml]: https://github.com/divnix/devos/tree/core/pkgs/sources.toml

View file

@ -1,541 +0,0 @@
## channels
nixpkgs channels to create
*_Type_*:
attribute set of submodules
*_Default_*
```
{}
```
## channels.\<name\>.config
nixpkgs config for this channel
*_Type_*:
attribute set or path convertible to it
*_Default_*
```
{}
```
## channels.\<name\>.input
nixpkgs flake input to use for this channel
*_Type_*:
nix flake
*_Default_*
```
"self.inputs.<name>"
```
## channels.\<name\>.overlays
overlays to apply to this channel
these will get exported under the 'overlays' flake output
as \<channel\>/\<name\> and any overlay pulled from ${inputs}
will be filtered out
*_Type_*:
list of valid Nixpkgs overlay or path convertible to its or anything convertible to it
*_Default_*
```
[]
```
## channelsConfig
nixpkgs config for all channels
*_Type_*:
attribute set or path convertible to it
*_Default_*
```
{}
```
## devshell
Modules to include in your devos shell. the `modules` argument
will be exported under the `devshellModules` output
*_Type_*:
submodule
*_Default_*
```
{}
```
## devshell.externalModules
modules to include that won't be exported
meant importing modules from external flakes
*_Type_*:
list of valid module or path convertible to its or anything convertible to it
*_Default_*
```
[]
```
## devshell.modules
modules to include in all hosts and export to devshellModules output
*_Type_*:
list of path to a modules or anything convertible to it or path convertible to it
*_Default_*
```
[]
```
## home
hosts, modules, suites, and profiles for home-manager
*_Type_*:
submodule
*_Default_*
```
{}
```
## home.externalModules
modules to include that won't be exported
meant importing modules from external flakes
*_Type_*:
list of valid module or path convertible to its or anything convertible to it
*_Default_*
```
[]
```
## home.importables
Packages of paths to be passed to modules as `specialArgs`.
*_Type_*:
attribute set
*_Default_*
```
{}
```
## home.importables.suites
collections of profiles
*_Type_*:
attribute set of list of paths or anything convertible to its
## home.modules
modules to include in all hosts and export to homeModules output
*_Type_*:
list of path to a modules or anything convertible to it or path convertible to it
*_Default_*
```
[]
```
## home.profiles
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
both with the importables option. `rakeLeaves` can be used to create profiles and
by passing a module or `rec` set to `importables`, suites can access profiles.
Example:
```
importables = rec {
profiles = digga.lib.importers.rakeLeaves ./profiles;
suites = with profiles; { };
}
```
See https://github.com/divnix/digga/pull/30 for more details
*_Type_*:
list of paths
*_Default_*
```
[]
```
## home.suites
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
both with the importables option. `rakeLeaves` can be used to create profiles and
by passing a module or `rec` set to `importables`, suites can access profiles.
Example:
```
importables = rec {
profiles = digga.lib.importers.rakeLeaves ./profiles;
suites = with profiles; { };
}
```
See https://github.com/divnix/digga/pull/30 for more details
*_Type_*:
function that evaluates to a(n) attrs or path convertible to it
## nixos
hosts, modules, suites, and profiles for nixos
*_Type_*:
submodule
*_Default_*
```
{}
```
## nixos.hostDefaults
Defaults for all hosts.
the modules passed under hostDefaults will be exported
to the 'nixosModules' flake output.
They will also be added to all hosts.
*_Type_*:
submodule
*_Default_*
```
{}
```
## nixos.hostDefaults.channelName
Channel this host should follow
*_Type_*:
a channel defined in `channels`
*_Default_*
```
null
```
## nixos.hostDefaults.externalModules
modules to include that won't be exported
meant importing modules from external flakes
*_Type_*:
list of valid module or path convertible to its or anything convertible to it
*_Default_*
```
[]
```
## nixos.hostDefaults.modules
modules to include in all hosts and export to nixosModules output
*_Type_*:
list of path to a modules or anything convertible to it or path convertible to it
*_Default_*
```
[]
```
## nixos.hostDefaults.system
system for this host
*_Type_*:
system defined in `supportedSystems`
*_Default_*
```
null
```
## nixos.hosts
configurations to include in the nixosConfigurations output
*_Type_*:
attribute set of submodules
*_Default_*
```
{}
```
## nixos.hosts.\<name\>.channelName
Channel this host should follow
*_Type_*:
a channel defined in `channels`
*_Default_*
```
null
```
## nixos.hosts.\<name\>.modules
modules to include
*_Type_*:
list of valid module or path convertible to its or anything convertible to it
*_Default_*
```
[]
```
## nixos.hosts.\<name\>.system
system for this host
*_Type_*:
system defined in `supportedSystems`
*_Default_*
```
null
```
## nixos.importables
Packages of paths to be passed to modules as `specialArgs`.
*_Type_*:
attribute set
*_Default_*
```
{}
```
## nixos.importables.suites
collections of profiles
*_Type_*:
attribute set of list of paths or anything convertible to its
## nixos.profiles
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
both with the importables option. `rakeLeaves` can be used to create profiles and
by passing a module or `rec` set to `importables`, suites can access profiles.
Example:
```
importables = rec {
profiles = digga.lib.importers.rakeLeaves ./profiles;
suites = with profiles; { };
}
```
See https://github.com/divnix/digga/pull/30 for more details
*_Type_*:
list of paths
*_Default_*
```
[]
```
## nixos.suites
WARNING: The 'suites' and `profiles` options have been deprecated, you can now create
both with the importables option. `rakeLeaves` can be used to create profiles and
by passing a module or `rec` set to `importables`, suites can access profiles.
Example:
```
importables = rec {
profiles = digga.lib.importers.rakeLeaves ./profiles;
suites = with profiles; { };
}
```
See https://github.com/divnix/digga/pull/30 for more details
*_Type_*:
function that evaluates to a(n) attrs or path convertible to it
## outputsBuilder
builder for flake system-spaced outputs
The builder gets passed an attrset of all channels
*_Type_*:
function that evaluates to a(n) attrs
*_Default_*
```
"channels: { }"
```
## self
The flake to create the devos outputs for
*_Type_*:
nix flake
## supportedSystems
The systems supported by this flake
*_Type_*:
list of strings
*_Default_*
```
["aarch64-linux","i686-linux","x86_64-darwin","x86_64-linux"]
```

View file

@ -13,16 +13,6 @@ the supported systems listed in the package's `meta.platforms` attribute.
And, as usual, every package in the overlay is also available to any NixOS And, as usual, every package in the overlay is also available to any NixOS
[host](../concepts/hosts.md). [host](../concepts/hosts.md).
## Automatic Source Updates
There is the added, but optional, convenience of declaring your sources in
_pkgs/flake.nix_ as an input. You can then access them from the `srcs` package.
This allows updates to be managed automatically by simply
[updating](../flk/update.md#updating-package-sources) the lock file. No
more manually entering sha256 hashes!
As an added bonus, version strings are also generated automatically from either
the flake ref, or the date and git revision of the source.
## Example ## Example
pkgs/development/libraries/libinih/default.nix: pkgs/development/libraries/libinih/default.nix:
```nix ```nix

View file

@ -20,29 +20,32 @@ partition to `/mnt/boot`:
```console ```console
$ mount /dev/disk/by-label/nixos /mnt $ mount /dev/disk/by-label/nixos /mnt
$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only $ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
$ swapon /dev/$your_swap_partition $ swapon /dev/disk/by-label/swap
```
Add some extra space to the store. In the iso, it's running on a tmpfs
off your RAM:
```console
$ mkdir -p /mnt/tmpstore/{work,store}
$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store
``` ```
## Install ## Install
Install using the `flk` wrapper baked into the iso off of a copy of devos Install off of a copy of devos from the time the iso was built:
from the time the iso was built:
```console ```console
$ cd /iso/devos $ cd /iso/devos
$ nix develop $ nixos-install --flake .#NixOS
$ flk install NixOS --impure # use same host as above
``` ```
<!-- TODO: find out why --impure is necesary / PRs welcome! -->
## Notes of interest ## Notes of interest
### Remote access to the live installer ### Remote access to the live installer
The iso live installer comes preconfigured with a network configuration The iso live installer comes preconfigured with a network configuration
which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`, which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`,
that is `NixOS.local` in the [iso example](./iso). that is `bootstrap.local` in the [iso example](./iso).
In the rare case that [MulticastDNS][mDNS] is not availabe or turned off In the rare case that [MulticastDNS][mDNS] is not availabe or turned off
in your network, there is a static link-local IPv6 address configured to in your network, there is a static link-local IPv6 address configured to
@ -66,7 +69,7 @@ You can then ssh into the live installer through one of the
following options: following options:
```console ```console
ssh root@NixOS.local ssh root@bootstrap.local
ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target
``` ```

View file

@ -1,14 +1,12 @@
# ISO # ISO
Making and writing an installable iso for `hosts/NixOS.nix` is as simple as: Making and writing an installable iso for `hosts/bootstrap.nix` is as simple as:
```sh ```sh
flk iso NixOS bud build bootstrap bootstrapIso
sudo -E $(which bud) burn
dd bs=4M if=result/iso/*.iso of=/dev/$your_installation_device \
status=progress oflag=sync
``` ```
This works for any file matching `hosts/*.nix` excluding `default.nix`. This works for any host.
## ISO image nix store & cache ## ISO image nix store & cache

View file

@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1626456025, "lastModified": 1627855680,
"narHash": "sha256-TrKfxVir+TilnqSNYokxJKx2ugEem7Khv4YmSwqj9JQ=", "narHash": "sha256-snDOrUp8nth2Vs3GeEXr7Xji+HaHy25htZLNvid/U3I=",
"owner": "divnix", "owner": "divnix",
"repo": "bud", "repo": "bud",
"rev": "59c10c3879b11371944ab664462fe2e9366cfb44", "rev": "612228a68d404d559405225427a5d8b3cef9d27c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -59,38 +59,6 @@
"type": "github" "type": "github"
} }
}, },
"ci-agent": {
"inputs": {
"flake-compat": [
"digga",
"deploy",
"flake-compat"
],
"nix-darwin": [
"darwin"
],
"nixos-20_09": [
"nixos"
],
"nixos-unstable": [
"latest"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix"
},
"locked": {
"lastModified": 1626066948,
"narHash": "sha256-rBo4nCPyAHb1e/9ysYGH7tW1FV0N2XNvRcJR+g8gugA=",
"owner": "hercules-ci",
"repo": "hercules-ci-agent",
"rev": "7f3265cc42d5f364066c145939ee2812938b991c",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-agent",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -116,18 +84,20 @@
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"naersk": "naersk", "naersk": "naersk",
"nixpkgs": [ "nixpkgs": [
"digga",
"nixpkgs" "nixpkgs"
], ],
"utils": [ "utils": [
"digga",
"flake-utils" "flake-utils"
] ]
}, },
"locked": { "locked": {
"lastModified": 1625729093, "lastModified": 1628068208,
"narHash": "sha256-hpo8T7mlVEpHpZIYqhxqt5i/XY8eu4p66MrAg/MCuVY=", "narHash": "sha256-akJBkj6os4bjO1drhketJvXNC21yPuy4ufL2pyius4M=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "587cbcfe8d3ea05c5bb153764d3617012ef28c86", "rev": "d72174307d5b88ec24cc2e69e875228fe3d642ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -157,6 +127,7 @@
"deploy": "deploy", "deploy": "deploy",
"devshell": "devshell", "devshell": "devshell",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"flake-utils-plus": "flake-utils-plus",
"home-manager": [ "home-manager": [
"home" "home"
], ],
@ -166,20 +137,18 @@
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1626470112, "lastModified": 1628211944,
"narHash": "sha256-hC5I3A1HxfGi45avpYBf8zXi1hQkHYWgRgUM4sF9byI=", "narHash": "sha256-2q1dNUzitVd0JNRHYTubbyb8ks3fL9hPJOvQgofxELE=",
"owner": "divnix", "owner": "divnix",
"repo": "digga", "repo": "digga",
"rev": "f25928ed0bf05ab20af5a8231d264ae01b42ab34", "rev": "760bb9c29063258ba547145de0ab96acd7eba4c0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "divnix", "owner": "divnix",
"ref": "develop",
"repo": "digga", "repo": "digga",
"type": "github" "type": "github"
} }
@ -215,13 +184,35 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils-plus": {
"inputs": {
"flake-utils": [
"digga",
"flake-utils"
]
},
"locked": {
"lastModified": 1627071952,
"narHash": "sha256-FhE0KOuI9Kl4eyGJXu4bh9fBP2hbxjnD1DlKHljCcYs=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "51a82925db31073bc4822c9b538a0a3ebf1134b2",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "staging",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": { "flake-utils_2": {
"locked": { "locked": {
"lastModified": 1619345332, "lastModified": 1623875721,
"narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=", "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28", "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -253,16 +244,18 @@
}, },
"latest": { "latest": {
"locked": { "locked": {
"lastModified": 1626529037, "lastModified": 1627942574,
"narHash": "sha256-Q1vbk2fgE43JgjvTBdghZ70ParF2ek/jTn62ACkU8Fw=", "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5f069e17541ac5cd240fced18687cef190080be3", "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "nixos",
"type": "indirect" "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"naersk": { "naersk": {
@ -312,11 +305,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1620663773, "lastModified": 1628492639,
"narHash": "sha256-Nfc2g9xUCPYBFKE5O7OdrDpCVspwk64S8EbsDYoY38c=", "narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=",
"owner": "dramforever", "owner": "dramforever",
"repo": "nix-dram", "repo": "nix-dram",
"rev": "86485e22621b17bcc4472889eedbd562498bb5a2", "rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -327,25 +320,28 @@
}, },
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1626527571, "lastModified": 1628203131,
"narHash": "sha256-+X2GhKfkuLUYs8wVQPUKZULX3OvaNn2KwrvhoxQk9SA=", "narHash": "sha256-jQgXeJ9NQQS0Eobb/qQOvS+RRULkqRikAeXkkFKOPDA=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0a96dbc8b6bd4874ef0f55ce30ec7bdf1cb09452", "rev": "178da37860823d35e801c7df2f73d7866d3d598a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "nixos",
"ref": "release-21.05", "ref": "release-21.05",
"type": "indirect" "repo": "nixpkgs",
"type": "github"
} }
}, },
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": [ "nixlib": [
"digga",
"nixlib" "nixlib"
], ],
"nixpkgs": [ "nixpkgs": [
"digga",
"blank" "blank"
] ]
}, },
@ -380,11 +376,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1620340338, "lastModified": 1626556499,
"narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=", "narHash": "sha256-c2ueMT7fi/yvCNq3nGLEC2v5GklS7eHpB1240LRSW9Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "63586475587d7e0e078291ad4b49b6f6a6885100", "rev": "b59c06dc92f8d03660eb4155754d93a6c34cda83",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -396,11 +392,12 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1626202371, "lastModified": 1626378135,
"narHash": "sha256-thj8msabJEeAfuC/6Zb4jZnnJ7SfcLUZEY0TjXhFQNs=", "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=",
"path": "/nix/store/z9h5jj2b9ls0q3mkvhdz5s05ly7m20k7-source", "owner": "nix-community",
"rev": "c10216f94e7e99a05f515a8bdc87d5b460164f1a", "repo": "NUR",
"type": "path" "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d",
"type": "github"
}, },
"original": { "original": {
"id": "nur", "id": "nur",
@ -416,7 +413,7 @@
], ],
"flake-utils": [ "flake-utils": [
"digga", "digga",
"utils", "flake-utils-plus",
"flake-utils" "flake-utils"
], ],
"nixpkgs": [ "nixpkgs": [
@ -424,11 +421,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1626443440, "lastModified": 1627523399,
"narHash": "sha256-9xDWqVcLxAiRC/g/JnSfsj+s/Ont0fZjczAH9pqqBdg=", "narHash": "sha256-j9CgnUQpWcb8OB4LRzPW8BdxvmoROJptgptDlPA8Heo=",
"owner": "berberman", "owner": "berberman",
"repo": "nvfetcher", "repo": "nvfetcher",
"rev": "ba3366421ff66a06f4176780dff5e8373512bfba", "rev": "fb8f2cc770ad3dd3e29d7ba3004692d4d53fba9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -437,22 +434,6 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"flake": false,
"locked": {
"lastModified": 1622650193,
"narHash": "sha256-qSzUpJDv04ajS9FXoCq6NjVF3qOt9IiGIiGh0P8amyw=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "0398f0649e0a741660ac5e8216760bae5cc78579",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -461,7 +442,6 @@
"blank" "blank"
], ],
"bud": "bud", "bud": "bud",
"ci-agent": "ci-agent",
"darwin": "darwin", "darwin": "darwin",
"deploy": [ "deploy": [
"digga", "digga",
@ -472,6 +452,10 @@
"digga", "digga",
"flake-utils" "flake-utils"
], ],
"flake-utils-plus": [
"digga",
"flake-utils-plus"
],
"home": "home", "home": "home",
"latest": "latest", "latest": "latest",
"naersk": "naersk_2", "naersk": "naersk_2",
@ -486,32 +470,7 @@
"nixos" "nixos"
], ],
"nur": "nur", "nur": "nur",
"nvfetcher": "nvfetcher", "nvfetcher": "nvfetcher"
"utils": [
"digga",
"utils"
]
}
},
"utils": {
"inputs": {
"flake-utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1626288344,
"narHash": "sha256-TioHDqWJkw37jjx4DVrH6LCzwrUfAqXbWl4rKR91fpA=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "5c6ee69f6957afc2fe22c094717d6d78516418b5",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "staging",
"repo": "flake-utils-plus",
"type": "github"
} }
} }
}, },

View file

@ -7,10 +7,10 @@
inputs = inputs =
{ {
nixos.url = "nixpkgs/release-21.05"; nixos.url = "github:nixos/nixpkgs/release-21.05";
latest.url = "nixpkgs"; latest.url = "github:nixos/nixpkgs/nixos-unstable";
digga.url = "github:divnix/digga/develop"; digga.url = "github:divnix/digga";
digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixpkgs.follows = "nixos";
digga.inputs.nixlib.follows = "nixos"; digga.inputs.nixlib.follows = "nixos";
digga.inputs.home-manager.follows = "home"; digga.inputs.home-manager.follows = "home";
@ -33,13 +33,7 @@
nvfetcher.url = "github:berberman/nvfetcher"; nvfetcher.url = "github:berberman/nvfetcher";
nvfetcher.inputs.nixpkgs.follows = "latest"; nvfetcher.inputs.nixpkgs.follows = "latest";
nvfetcher.inputs.flake-compat.follows = "digga/deploy/flake-compat"; nvfetcher.inputs.flake-compat.follows = "digga/deploy/flake-compat";
nvfetcher.inputs.flake-utils.follows = "digga/utils/flake-utils"; nvfetcher.inputs.flake-utils.follows = "digga/flake-utils-plus/flake-utils";
ci-agent.url = "github:hercules-ci/hercules-ci-agent";
ci-agent.inputs.nix-darwin.follows = "darwin";
ci-agent.inputs.nixos-20_09.follows = "nixos";
ci-agent.inputs.nixos-unstable.follows = "latest";
ci-agent.inputs.flake-compat.follows = "digga/deploy/flake-compat";
naersk.url = "github:nmattia/naersk"; naersk.url = "github:nmattia/naersk";
naersk.inputs.nixpkgs.follows = "latest"; naersk.inputs.nixpkgs.follows = "latest";
@ -51,7 +45,7 @@
nixpkgs.follows = "nixos"; nixpkgs.follows = "nixos";
nixlib.follows = "digga/nixlib"; nixlib.follows = "digga/nixlib";
blank.follows = "digga/blank"; blank.follows = "digga/blank";
utils.follows = "digga/utils"; flake-utils-plus.follows = "digga/flake-utils-plus";
flake-utils.follows = "digga/flake-utils"; flake-utils.follows = "digga/flake-utils";
# end ANTI CORRUPTION LAYER # end ANTI CORRUPTION LAYER
@ -64,7 +58,6 @@
, digga , digga
, bud , bud
, nixos , nixos
, ci-agent
, home , home
, nixos-hardware , nixos-hardware
, nur , nur
@ -74,9 +67,6 @@
, nix-dram , nix-dram
, ... , ...
} @ inputs: } @ inputs:
let
bud' = bud self; # rebind to access self.budModules
in
digga.lib.mkFlake digga.lib.mkFlake
{ {
inherit self inputs; inherit self inputs;
@ -85,7 +75,7 @@
channels = { channels = {
nixos = { nixos = {
imports = [ (digga.lib.importers.overlays ./overlays) ]; imports = [ (digga.lib.importOverlays ./overlays) ];
overlays = [ overlays = [
digga.overlays.patchedNix digga.overlays.patchedNix
nur.overlay nur.overlay
@ -114,25 +104,25 @@
hostDefaults = { hostDefaults = {
system = "x86_64-linux"; system = "x86_64-linux";
channelName = "nixos"; channelName = "nixos";
imports = [ (digga.lib.importers.modules ./modules) ]; imports = [ (digga.lib.importModules ./modules) ];
externalModules = [ externalModules = [
{ lib.our = self.lib; } { lib.our = self.lib; }
digga.nixosModules.bootstrapIso
digga.nixosModules.nixConfig digga.nixosModules.nixConfig
ci-agent.nixosModules.agent-profile
home.nixosModules.home-manager home.nixosModules.home-manager
agenix.nixosModules.age agenix.nixosModules.age
(bud.nixosModules.bud bud') bud.nixosModules.bud
]; ];
}; };
imports = [ (digga.lib.importers.hosts ./hosts) ]; imports = [ (digga.lib.importHosts ./hosts) ];
hosts = { hosts = {
/* set host specific properties here */ /* set host specific properties here */
NixOS = { }; NixOS = { };
}; };
importables = rec { importables = rec {
profiles = digga.lib.importers.rakeLeaves ./profiles // { profiles = digga.lib.rakeLeaves ./profiles // {
users = digga.lib.importers.rakeLeaves ./users; users = digga.lib.rakeLeaves ./users;
}; };
suites = with profiles; rec { suites = with profiles; rec {
base = [ core users.nixos users.root ]; base = [ core users.nixos users.root ];
@ -143,10 +133,10 @@
}; };
home = { home = {
imports = [ (digga.lib.importers.modules ./users/modules) ]; imports = [ (digga.lib.importModules ./users/modules) ];
externalModules = [ ]; externalModules = [ ];
importables = rec { importables = rec {
profiles = digga.lib.importers.rakeLeaves ./users/profiles; profiles = digga.lib.rakeLeaves ./users/profiles;
suites = with profiles; rec { suites = with profiles; rec {
base = [ direnv git ]; base = [ direnv git ];
}; };
@ -156,7 +146,7 @@
}; # digga.lib.importers.rakeLeaves ./users/hm; }; # digga.lib.importers.rakeLeaves ./users/hm;
}; };
devshell.modules = [ (import ./shell bud') ]; devshell = ./shell;
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
@ -169,7 +159,7 @@
} }
// //
{ {
budModules = { devos = import ./pkgs/bud; }; budModules = { devos = import ./bud; };
} }
; ;
} }

18
hosts/bootstrap.nix Normal file
View file

@ -0,0 +1,18 @@
{ profiles, ... }:
{
# build with: `bud build bootstrap bootstrapIso`
# reachable on the local link via ssh root@fe80::47%eno1
# where 'eno1' is replaced by your own machine's network
# interface that has the local link to the target machine
imports = [
# profiles.networking
profiles.core
profiles.users.root # make sure to configure ssh keys
profiles.users.nixos
];
boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
}

View file

@ -1,11 +0,0 @@
{ lib, pkgs, self, config, modules, channel, ... }:
{
system.build = {
iso = (config.lib.digga.mkBuild
(config.lib.digga.modules.isoConfig {
inherit self;
fullHostConfig = config;
})
).config.system.build.isoImage;
};
}

View file

@ -12,6 +12,5 @@
leaveDotGit = false; leaveDotGit = false;
sha256 = "1b7xi8c2drbwzfz70czddc4j33s7g1alirv12dwl91hbqxifx8qs"; sha256 = "1b7xi8c2drbwzfz70czddc4j33s7g1alirv12dwl91hbqxifx8qs";
}; };
}; };
} }

View file

@ -1,63 +1,10 @@
bud: { self, inputs, ... }:
{ pkgs, extraModulesPath, ... }:
let
hooks = import ./hooks;
pkgWithCategory = category: package: { inherit package category; };
linter = pkgWithCategory "linter";
docs = pkgWithCategory "docs";
devos = pkgWithCategory "devos";
in
{ {
_file = toString ./.; externalModules = with inputs; [
bud.devshellModules.bud
imports = [ "${extraModulesPath}/git/hooks.nix" ]; ];
git = { inherit hooks; }; modules = [
./devos.nix
# tempfix: remove when merged https://github.com/numtide/devshell/pull/123
devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry ''
# PATH is devshell's exorbitant privilige:
# fence against its pollution
_PATH=''${PATH}
# Load installed profiles
for file in "$DEVSHELL_DIR/etc/profile.d/"*.sh; do
# If that folder doesn't exist, bash loves to return the whole glob
[[ -f "$file" ]] && source "$file"
done
# Exert exorbitant privilige and leave no trace
export PATH=''${_PATH}
unset _PATH
'');
packages = with pkgs; [
git-crypt
]; ];
commands = with pkgs; [
(devos (bud { inherit pkgs; }))
(devos nixUnstable)
(devos agenix)
{
category = "devos";
name = pkgs.nvfetcher-bin.pname;
help = pkgs.nvfetcher-bin.meta.description;
command = "cd $DEVSHELL_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml --no-output $@; nixpkgs-fmt _sources/";
}
(linter nixpkgs-fmt)
(linter editorconfig-checker)
# (docs python3Packages.grip) too many deps
(docs mdbook)
]
++ lib.optional
(pkgs ? deploy-rs)
(devos deploy-rs.deploy-rs)
++ lib.optional
(system != "i686-linux")
(devos cachix)
;
} }

61
shell/devos.nix Normal file
View file

@ -0,0 +1,61 @@
{ pkgs, extraModulesPath, ... }:
let
hooks = import ./hooks;
pkgWithCategory = category: package: { inherit package category; };
linter = pkgWithCategory "linter";
docs = pkgWithCategory "docs";
devos = pkgWithCategory "devos";
in
{
_file = toString ./.;
imports = [ "${extraModulesPath}/git/hooks.nix" ];
git = { inherit hooks; };
# tempfix: remove when merged https://github.com/numtide/devshell/pull/123
devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry ''
# PATH is devshell's exorbitant privilige:
# fence against its pollution
_PATH=''${PATH}
# Load installed profiles
for file in "$DEVSHELL_DIR/etc/profile.d/"*.sh; do
# If that folder doesn't exist, bash loves to return the whole glob
[[ -f "$file" ]] && source "$file"
done
# Exert exorbitant privilige and leave no trace
export PATH=''${_PATH}
unset _PATH
'');
packages = with pkgs; [
git-crypt
];
commands = with pkgs; [
(devos nixUnstable)
(devos agenix)
{
category = "devos";
name = pkgs.nvfetcher-bin.pname;
help = pkgs.nvfetcher-bin.meta.description;
command = "cd $DEVSHELL_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml --no-output $@";
}
(linter nixpkgs-fmt)
(linter editorconfig-checker)
# (docs python3Packages.grip) too many deps
(docs mdbook)
]
++ lib.optional
(pkgs ? deploy-rs)
(devos deploy-rs.deploy-rs)
++ lib.optional
(system != "i686-linux")
(devos cachix)
;
}

View file

@ -1,6 +1,9 @@
{ {
programs.direnv = { programs.direnv = {
enable = true; enable = true;
nix-direnv.enable = true; nix-direnv = {
enable = true;
enableFlakes = true;
};
}; };
} }