diff --git a/.envrc b/.envrc index ca22a7f..3e74c79 100644 --- a/.envrc +++ b/.envrc @@ -1,11 +1,8 @@ #!/bin/sh -source "$( - nix eval \ - --no-update-lock-file \ - --no-write-lock-file \ - --no-warn-dirty \ - --accept-flake-config \ - .#__std.direnv_lib 2>/dev/null -)" -use std comb //_QUEEN/devshells:default +use flake + +watch_file ./nix/checks.nix +watch_file ./nix/dev-shell.nix + +eval "$shellHook" diff --git a/.gitignore b/.gitignore index a6205b2..f3b34fd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,3 @@ -# direnv/direnv + divnix/std -.std - -# numtide/devshell -.data - -# nixos/nix -result* - -# nixago: ignore-linked-files -.conform.yaml -lefthook.yml +result +result-* treefmt.toml diff --git a/.luacheckrc b/.luacheckrc new file mode 100644 index 0000000..653f105 --- /dev/null +++ b/.luacheckrc @@ -0,0 +1 @@ +globals = { "vim" } diff --git a/.stylua.toml b/.stylua.toml new file mode 100644 index 0000000..3be1637 --- /dev/null +++ b/.stylua.toml @@ -0,0 +1,6 @@ +column_width = 120 +line_endings = "Unix" +indent_type = "Tabs" +indent_width = 1 +quote_style = "AutoPreferDouble" +no_call_parentheses = true diff --git a/README.md b/README.md index dd7b400..1301067 100644 --- a/README.md +++ b/README.md @@ -1,10 +1 @@ -Wow infrastructure. - -## Used things - -[![Standard](https://img.shields.io/badge/Nix-Standard-green?style=for-the-badge&logo=NixOS)](https://github.com/divnix/std) -[![Colmena](https://img.shields.io/badge/Nix-Colmena-yellow?style=for-the-badge&logo=NixOS)](https://github.com/zhaofengli/colmena) - -[![NixOS Generators](https://img.shields.io/badge/NixOS-generators-yellowgreen?style=for-the-badge&logo=NixOS)](https://github.com/nix-community/nixos-generators) -[![NixOS Disko](https://img.shields.io/badge/NixOS-disko-blue?style=for-the-badge&logo=NixOS)](https://github.com/nix-community/disko) -[![NixOS Hardware](https://img.shields.io/badge/NixOS-hardware-lightgrey?style=for-the-badge&logo=NixOS)](https://github.com/nixos/nixos-hardware) +Infrastructure. diff --git a/core/ssh.nix b/core/ssh.nix new file mode 100644 index 0000000..4deba7f --- /dev/null +++ b/core/ssh.nix @@ -0,0 +1,15 @@ +{ + services.sshd.enable = true; + services.openssh = { + enable = true; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + permitRootLogin = "yes"; + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; +} diff --git a/core/xdg.nix b/core/xdg.nix new file mode 100644 index 0000000..77908a0 --- /dev/null +++ b/core/xdg.nix @@ -0,0 +1,12 @@ +{ + environment.etc."xdg/user-dirs.defaults".text = '' + DESKTOP=tmp + DOWNLOAD=download + TEMPLATES=tmp + PUBLICSHARE=opt + DOCUMENTS=documents + MUSIC=music + PICTURES=pictures + VIDEOS=tmp + ''; +} diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..0205bc8 --- /dev/null +++ b/default.nix @@ -0,0 +1,14 @@ +(import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { + src = ./.; + }) +.defaultNix diff --git a/dev/default.nix b/dev/default.nix new file mode 100644 index 0000000..8abee11 --- /dev/null +++ b/dev/default.nix @@ -0,0 +1,7 @@ +{ + imports = [./documentation.nix]; + + environment = { + enableDebugInfo = true; + }; +} diff --git a/dev/documentation.nix b/dev/documentation.nix new file mode 100644 index 0000000..61904be --- /dev/null +++ b/dev/documentation.nix @@ -0,0 +1,12 @@ +{ + lib, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [man-pages]; + documentation = { + dev.enable = true; + man.enable = true; + info.enable = lib.mkForce false; + }; +} diff --git a/flake.lock b/flake.lock index 8a0a13d..640d05d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,128 +1,60 @@ { "nodes": { - "blank": { + "agenix": { + "inputs": { + "nixpkgs": [ + "ragenix", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1625557891, - "narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=", - "owner": "divnix", - "repo": "blank", - "rev": "5a5d2684073d9f563072ed07c871d577a6c614a8", + "lastModified": 1665870395, + "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", + "owner": "ryantm", + "repo": "agenix", + "rev": "a630400067c6d03c9b3e0455347dc8559db14288", "type": "github" }, "original": { - "owner": "divnix", - "repo": "blank", + "owner": "ryantm", + "repo": "agenix", "type": "github" } }, - "colmena": { + "deploy-rs": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": [ - "std", + "flake-compat": [ + "flake-compat" + ], + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ "flake-utils" - ], - "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": [ - "nixpkgs" - ], - "stable": [ - "std", - "blank" ] }, "locked": { - "lastModified": 1669917327, - "narHash": "sha256-YYjaNOUJZaM5t35GbWtfX825TlI9LAksbfdhaCYWmfY=", - "owner": "zhaofengli", - "repo": "colmena", - "rev": "64c46fa0169233d4faed70c52583cd3183c7f5aa", + "lastModified": 1668797197, + "narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce", "type": "github" }, "original": { - "owner": "zhaofengli", - "repo": "colmena", - "type": "github" - } - }, - "devshell": { - "inputs": { - "flake-utils": [ - "std", - "flake-utils" - ], - "nixpkgs": [ - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1663445644, - "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", - "owner": "numtide", - "repo": "devshell", - "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1670157103, - "narHash": "sha256-EDvoYUwi7RB/oSOtbk7ykRQXQ0KI5A+UPI8D/TanYXY=", - "owner": "nix-community", - "repo": "disko", - "rev": "e0ce5fb75f1197cf57b0a5c46434d69c14efc842", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "dmerge": { - "inputs": { - "nixlib": [ - "std", - "nixpkgs" - ], - "yants": [ - "std", - "yants" - ] - }, - "locked": { - "lastModified": 1659548052, - "narHash": "sha256-fzI2gp1skGA8mQo/FBFrUAtY0GQkAIAaV/V127TJPyY=", - "owner": "divnix", - "repo": "data-merge", - "rev": "d160d18ce7b1a45b88344aa3f13ed1163954b497", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "data-merge", + "owner": "serokell", + "repo": "deploy-rs", "type": "github" } }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -132,285 +64,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home": { - "inputs": { - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1670163996, - "narHash": "sha256-6vbu9Wmh1Ov0VgkWuLAazQ/crzohdZ8jnQp87pDsy7s=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "90b0e5f440160f54cb4f1f08372e1be554e10873", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "incl": { - "inputs": { - "nixlib": [ - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1669263024, - "narHash": "sha256-E/+23NKtxAqYG/0ydYgxlgarKnxmDbg6rCMWnOBqn9Q=", - "owner": "divnix", - "repo": "incl", - "rev": "ce7bebaee048e4cd7ebdb4cee7885e00c4e2abca", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "incl", - "type": "github" - } - }, - "n2c": { - "inputs": { - "flake-utils": [ - "std", - "flake-utils" - ], - "nixpkgs": [ - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1665039323, - "narHash": "sha256-SAh3ZjFGsaCI8FRzXQyp56qcGdAqgKEfJWPCQ0Sr7tQ=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "b008fe329ffb59b67bf9e7b08ede6ee792f2741a", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, - "nix-eval-jobs": { - "inputs": { - "flake-utils": [ - "colmena", - "flake-utils" - ], - "nixpkgs": [ - "colmena", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660713017, - "narHash": "sha256-w6KLNkT/2fI7UvPg3NoKj7gve4CgUHpyWOFq0BUwW7o=", - "owner": "zhaofengli", - "repo": "nix-eval-jobs", - "rev": "b4c078a4870c5b1a5b74420ca1dca41f4d75b7cc", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "colmena", - "repo": "nix-eval-jobs", - "type": "github" - } - }, - "nixago": { - "inputs": { - "flake-utils": [ - "std", - "flake-utils" - ], - "nixago-exts": [ - "std", - "blank" - ], - "nixpkgs": [ - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1661824785, - "narHash": "sha256-/PnwdWoO/JugJZHtDUioQp3uRiWeXHUdgvoyNbXesz8=", - "owner": "nix-community", - "repo": "nixago", - "rev": "8c1f9e5f1578d4b2ea989f618588d62a335083c3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixago", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": [ - "nixpkgs" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1669065280, - "narHash": "sha256-3+pq1oJWjGDLfd8G/vR3IIFZ+EQ/aglukA0bTiMlf3o=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "50aeec40f2072d2ab267c8ec8a345573704ec110", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1669650994, - "narHash": "sha256-uwASLUfedIQ5q01TtMwZDEV2HCZr5nVPZjzVgCG+D5I=", - "owner": "nixos", - "repo": "nixos-hardware", - "rev": "7883883d135ce5b7eae5dce4bfa12262b85c1c46", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1669969257, - "narHash": "sha256-mOS13sK3v+kfgP+1Mh56ohiG8uVhLHAo7m/q9kqAehc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "b72b8b94cf0c012b0252a9100a636cad69696666", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1670064435, - "narHash": "sha256-+ELoY30UN+Pl3Yn7RWRPabykwebsVK/kYE9JsIsUMxQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "61a8a98e6d557e6dd7ed0cdb54c3a3e3bbc5e25c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nosys": { - "locked": { - "lastModified": 1667881534, - "narHash": "sha256-FhwJ15uPLRsvaxtt/bNuqE/ykMpNAPF0upozFKhTtXM=", - "owner": "divnix", - "repo": "nosys", - "rev": "2d0d5207f6a230e9d0f660903f8db9807b54814f", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "nosys", - "type": "github" - } - }, - "root": { - "inputs": { - "colmena": "colmena", - "disko": "disko", - "home": "home", - "nixos": [ - "nixpkgs" - ], - "nixos-generators": "nixos-generators", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", - "std": "std" - } - }, - "std": { - "inputs": { - "arion": [ - "std", - "blank" - ], - "blank": "blank", - "devshell": "devshell", - "dmerge": "dmerge", - "flake-utils": "flake-utils", - "incl": "incl", - "makes": [ - "std", - "blank" - ], - "mdbook-kroki-preprocessor": [ - "std", - "blank" - ], - "microvm": [ - "std", - "blank" - ], - "n2c": "n2c", - "nixago": "nixago", - "nixpkgs": [ - "nixpkgs" - ], - "nosys": "nosys", - "yants": "yants" - }, - "locked": { - "lastModified": 1669987194, - "narHash": "sha256-jwqWqdzYfc5UvNW1XpiQMtadshBT2YCfos2EaIGZ6yQ=", - "owner": "divnix", - "repo": "std", - "rev": "91e736f821d058a9db78560fb18ac24b5292f065", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "std", - "type": "github" - } - }, - "utils": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -425,24 +78,216 @@ "type": "github" } }, - "yants": { + "gitignore": { "inputs": { "nixpkgs": [ - "std", + "pre-commit-hooks", "nixpkgs" ] }, "locked": { - "lastModified": 1667096281, - "narHash": "sha256-wRRec6ze0gJHmGn6m57/zhz/Kdvp9HS4Nl5fkQ+uIuA=", - "owner": "divnix", - "repo": "yants", - "rev": "d18f356ec25cb94dc9c275870c3a7927a10f8c3c", + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", "type": "github" }, "original": { - "owner": "divnix", - "repo": "yants", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ + "flake-utils" + ] + }, + "locked": { + "lastModified": 1670513770, + "narHash": "sha256-muL74fsbGA8K8WlZSPNWddOiuBnC54kAajncX6nXrh4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "054d9e3187ca00479e8036dc0e92900a384f30fd", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1668668915, + "narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "5df9108b346f8a42021bf99e50de89c9caa251c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1670174919, + "narHash": "sha256-XdQr3BUnrvVLRFunLWrZORhwYHDG0+9jUUe0Jv1pths=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1670332253, + "narHash": "sha256-O5SmhlIUt1s+vK4NXeGYqwcBIMwbBPAEZ3GHE3XT28c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1c9ffcf70786f0966982ce0fc76ec05df2e1dec2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1668984258, + "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1670413394, + "narHash": "sha256-M7sWqrKtOqUv9euX1t3HCxis8cPy9MNiZxQmUf0KF1o=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1303a1a76e9eb074075bfe566518c413f6fc104e", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "ragenix": { + "inputs": { + "agenix": "agenix", + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1667808611, + "narHash": "sha256-HHxTosiswFFS5PHLalpa3OKKl3R9BdgMk7pY4tjX2HU=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "f34618bd9e93edab1f0d62fc3619af7d2d8e5a0c", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "home-manager": "home-manager", + "impermanence": "impermanence", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "ragenix": "ragenix", + "templates": "templates" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "ragenix", + "flake-utils" + ], + "nixpkgs": [ + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1667271616, + "narHash": "sha256-qR43NUFFoKfDRro3M1SarTYVfTn8WvWznGJX5eNCNZw=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "3cbe6891588e1efad2491f87a54be26aeed1fac0", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "templates": { + "locked": { + "lastModified": 1669413554, + "narHash": "sha256-ljlMaTVs/aiygN0MtVWmLL8cJ0btX6GxST6D8klCb6o=", + "owner": "NixOS", + "repo": "templates", + "rev": "dfd2a90b1507f2eaedb2f9f4798f728f0006ad30", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "templates", "type": "github" } } diff --git a/flake.nix b/flake.nix index b9d96ef..23eb18e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,122 +1,76 @@ { - description = "Personal Infrastructure"; - inputs.std.url = "github:divnix/std"; - inputs.std.inputs.nixpkgs.follows = "nixpkgs"; - inputs.std.inputs.mdbook-kroki-preprocessor.follows = "std/blank"; - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + description = "oddlama's NixOS Infrastructure"; - # tools inputs = { - nixos-generators.url = "github:nix-community/nixos-generators"; - nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; - nixos-generators.inputs.nixlib.follows = "nixpkgs"; - colmena.url = "github:zhaofengli/colmena"; - colmena.inputs.nixpkgs.follows = "nixpkgs"; - colmena.inputs.stable.follows = "std/blank"; - colmena.inputs.flake-utils.follows = "std/flake-utils"; - disko.url = "github:nix-community/disko"; - disko.inputs.nixpkgs.follows = "nixpkgs"; - nixos-hardware.url = "github:nixos/nixos-hardware"; - }; + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-compat.follows = "flake-compat"; + utils.follows = "flake-utils"; + }; + }; - # nixpkgs & home-manager - inputs = { - nixos.follows = "nixpkgs"; - home.url = "github:nix-community/home-manager"; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; + }; + + impermanence.url = "github:nix-community/impermanence"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + inputs.flake-compat.follows = "flake-compat"; + }; + + ragenix = { + url = "github:yaxitech/ragenix"; + inputs.flake-utils.follows = "flake-utils"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + templates.url = "github:NixOS/templates"; + flake-utils.url = "github:numtide/flake-utils"; }; outputs = { - std, self, + nixpkgs, + flake-utils, ... } @ inputs: - std.growOn { - inherit inputs; - cellsFrom = ./nix; - # debug = ["cells" "x86_64-linux"]; - cellBlocks = with std.blockTypes; [ - # modules implement - (functions "nixosModules") - (functions "homeModules") - (functions "devshellModules") + { + deploy = import ./nix/deploy.nix inputs; + overlays = import ./nix/overlay.nix inputs; + homeConfigurations = import ./nix/home-manager.nix inputs; + nixosConfigurations = import ./nix/nixos.nix inputs; + } + // flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"] (localSystem: { + checks = import ./nix/checks.nix inputs localSystem; + devShells.default = import ./nix/dev-shell.nix inputs localSystem; - # profiles activate - (functions "hardwareProfiles") - (functions "nixosProfiles") - (functions "homeProfiles") - (functions "devshellProfiles") + packages = + { + default = self.packages.${localSystem}.all; + } + // (import ./nix/host-drvs.nix inputs localSystem); - # suites aggregate profiles - (functions "nixosSuites") - (functions "homeSuites") - - # configurations can be deployed - (data "nixosConfigurations") - (data "colmenaConfigurations") - (data "homeConfigurations") - (data "diskoConfigurations") - - # devshells can be entered - (devshells "devshells") - - # jobs can be run - (runnables "jobs") - - # library holds shared knowledge made code - (functions "library") - ]; - nixpkgsConfig = { - allowUnfree = true; + pkgs = import nixpkgs { + inherit localSystem; + overlays = [ + self.overlays.default + ]; + config.allowUnfree = true; }; - } - # soil - { - packages.x86_64-linux = {inherit (inputs.disko.packages.x86_64-linux) disko;}; - devShells = std.harvest self ["_QUEEN" "devshells"]; - } - { - # tool: colmena -- "fill the jar on the soil with the honey!" - colmenaHive = let - makeHoneyFrom = import ./make-honey.nix { - inherit (inputs) colmena nixpkgs; - cellBlock = "colmenaConfigurations"; - }; - in - makeHoneyFrom self; - - # tool: nixos-generators -- "get drunk like a bear!" - nixosConfigurations = let - makeMeadFrom = import ./make-mead.nix { - inherit (inputs) nixpkgs; - cellBlock = "nixosConfigurations"; - }; - in - makeMeadFrom self; - - # tool: home-manager -- "drunken sailor, sunken sailor; honeymoon pantaloon." - homeConfigurations = let - makeMoonshineFrom = import ./make-moonshine.nix { - inherit (inputs) nixpkgs; - cellBlock = "homeConfigurations"; - }; - in - makeMoonshineFrom self; - - # tool: disko -- "Tiganizatia, tiganizatia - disko, disko partizani." - diskoConfigurations = let - makeShantyFrom = import ./make-shanty.nix { - inherit (inputs) nixpkgs; - cellBlock = "diskoConfigurations"; - }; - in - makeShantyFrom self; - }; - - # --- Flake Local Nix Configuration ---------------------------- - # TODO: adopt spongix - nixConfig = { - extra-substituters = []; - extra-trusted-public-keys = []; - }; - # -------------------------------------------------------------- + }); } diff --git a/make-honey.nix b/make-honey.nix deleted file mode 100644 index 8b84a9d..0000000 --- a/make-honey.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - colmena, - nixpkgs, - cellBlock ? "colmenaConfigurations", -}: let - l = nixpkgs.lib // builtins; - inherit (import ./pasteurize.nix {inherit nixpkgs cellBlock;}) pasteurize stir beeOptions; - - colmenaModules = [ - colmena.nixosModules.assertionModule - colmena.nixosModules.keyChownModule - colmena.nixosModules.keyServiceModule - colmena.nixosModules.deploymentOptions - beeOptions # still present, but we dont care - ]; -in - self: let - comb = pasteurize self; - evalNode = extra: name: config: let - inherit (stir config) evalConfig system; - in - evalConfig { - inherit system; - modules = colmenaModules ++ [extra config]; - specialArgs = {inherit name;}; - }; - in - # Exported attributes - l.fix (this: { - __schema = "v0"; - - nodes = l.mapAttrs (evalNode {_module.check = true;}) comb; - toplevel = l.mapAttrs (_: v: v.config.system.build.toplevel) this.nodes; - deploymentConfig = l.mapAttrs (_: v: v.config.deployment) this.nodes; - deploymentConfigSelected = names: l.filterAttrs (name: _: l.elem name names) this.deploymentConfig; - evalSelected = names: l.filterAttrs (name: _: l.elem name names) this.toplevel; - evalSelectedDrvPaths = names: l.mapAttrs (_: v: v.drvPath) (this.evalSelected names); - metaConfig = { - name = "oddlama/infranix"; - inherit (import ./flake.nix) description; - machinesFile = null; - allowApplyAll = false; - }; - introspect = f: - f { - lib = nixpkgs.lib // builtins; - pkgs = nixpkgs.legacyPackages.${builtins.currentSystem}; - nodes = l.mapAttrs (evalNode {_module.check = false;}) comb; - }; - }) diff --git a/make-mead.nix b/make-mead.nix deleted file mode 100644 index 4bd8ed3..0000000 --- a/make-mead.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - nixpkgs, - cellBlock ? "nixosConfigurations", -}: let - l = nixpkgs.lib // builtins; - inherit (import ./pasteurize.nix {inherit nixpkgs cellBlock;}) pasteurize stir beeOptions; -in - self: let - comb = pasteurize self; - evalNode = extra: name: config: let - inherit (stir config) evalConfig system; - in - evalConfig { - inherit system; - modules = [extra beeOptions config]; - }; - in - l.mapAttrs (evalNode {}) comb diff --git a/make-moonshine.nix b/make-moonshine.nix deleted file mode 100644 index 4cb6d9f..0000000 --- a/make-moonshine.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - nixpkgs, - cellBlock ? "homeConfigurations", -}: let - l = nixpkgs.lib // builtins; - inherit (import ./pasteurize.nix {inherit nixpkgs cellBlock;}) cure shake showAssertions; -in - self: let - comb = cure self; - res = name: config: let - inherit - (shake config {}) - evaled - ; - asserted = showAssertions evaled; - in { - # __schema = "v0"; - inherit (asserted) options config; - inherit (asserted.config.home) activationPackage; - newsDisplay = evaled.config.news.display; - newsEntries = l.sort (a: b: a.time > b.time) ( - l.filter (a: a.condition) evaled.config.news.entries - ); - }; - in - l.mapAttrs res comb diff --git a/make-shanty.nix b/make-shanty.nix deleted file mode 100644 index 5510d61..0000000 --- a/make-shanty.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - nixpkgs, - cellBlock ? "diskoConfigurations", -}: let - l = nixpkgs.lib // builtins; - inherit (import ./pasteurize.nix {inherit nixpkgs cellBlock;}) sing; -in - sing diff --git a/nix/checks.nix b/nix/checks.nix new file mode 100644 index 0000000..eebc486 --- /dev/null +++ b/nix/checks.nix @@ -0,0 +1,44 @@ +{ + self, + pre-commit-hooks, + ... +}: system: +with self.pkgs.${system}; + { + pre-commit-check = + pre-commit-hooks.lib.${system}.run + { + src = lib.cleanSource ../.; + hooks = { + actionlint.enable = true; + luacheck.enable = true; + nix-linter.enable = true; + alejandra.enable = true; + statix.enable = true; + stylua.enable = true; + }; + settings.nix-linter.checks = [ + "DIYInherit" + "EmptyInherit" + "EmptyLet" + "EtaReduce" + "LetInInheritRecset" + "ListLiteralConcat" + "NegateAtom" + "SequentialLet" + "SetLiteralUpdate" + "UnfortunateArgName" + "UnneededRec" + "UnusedArg" + "UnusedLetBind" + "UpdateEmptySet" + "BetaReduction" + "EmptyVariadicParamSet" + "UnneededAntiquote" + "no-FreeLetInFunc" + "no-AlphabeticalArgs" + "no-AlphabeticalBindings" + ]; + }; + } + // (deploy-rs.lib.deployChecks self.deploy) diff --git a/nix/deploy.nix b/nix/deploy.nix new file mode 100644 index 0000000..51f83c3 --- /dev/null +++ b/nix/deploy.nix @@ -0,0 +1,24 @@ +{ + self, + deploy-rs, + nixpkgs, + ... +}: let + inherit (nixpkgs) lib; + hosts = (import ./hosts.nix).all; + + genNode = hostName: nixosCfg: let + inherit (hosts.${hostName}) hostname hostPlatform remoteBuild; + inherit (deploy-rs.lib.${hostPlatform}) activate; + in { + inherit remoteBuild hostname; + profiles.system.path = activate.nixos nixosCfg; + }; +in { + autoRollback = false; + magicRollback = true; + sshUser = "root"; + user = "root"; + sudo = "runuser -u"; + nodes = lib.mapAttrs genNode self.nixosConfigurations; +} diff --git a/nix/home/colmenaConfigurations.nix b/nix/home/colmenaConfigurations.nix deleted file mode 100644 index ea0139b..0000000 --- a/nix/home/colmenaConfigurations.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - nom = { - networking.hostName = "nom"; - deployment = { - allowLocalDeployment = true; - targetHost = "192.168.1.183"; - }; - imports = [cell.nixosConfigurations.nom]; - }; -} diff --git a/nix/home/diskoConfigurations.nix b/nix/home/diskoConfigurations.nix deleted file mode 100644 index 1ff831a..0000000 --- a/nix/home/diskoConfigurations.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ - nom = { - disk = { - "Intenso_SSD_3833430-532201046" = { - type = "disk"; - device = "/dev/disk/by-id/ata-Intenso_SSD_3833430-532201046"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - type = "partition"; - name = "efi"; - start = "2048"; - end = "8GiB"; - fs-type = "fat32"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - type = "partition"; - name = "swap"; - start = "8GiB"; - end = "100%"; - content = { - type = "swap"; - randomEncryption = true; - }; - } - ]; - }; - }; - "Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W" = { - type = "disk"; - device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - zpool = { - rpool = { - type = "zpool"; - mode = "mirror"; - rootFsOptions = { - compression = "zstd"; - acltype = "posix"; - atime = "off"; - xattr = "sa"; - dnodesize = "auto"; - mountpoint = "none"; - canmount = "off"; - devices = "off"; - encryption = "aes-256-gcm"; - keyformat = "passphrase"; - keylocation = "prompt"; - "autobackup:snap" = "true"; - "autobackup:home" = "true"; - }; - options = { - ashift = "12"; - bootfs = "rpool/root/nixos"; - }; - datasets = { - "root" = { - zfs_type = "filesystem"; - }; - "root/nixos" = { - zfs_type = "filesystem"; - options = { - canmount = "on"; - mountpoint = "/"; - }; - }; - "home" = { - zfs_type = "filesystem"; - }; - "home/root" = { - zfs_type = "filesystem"; - options = { - canmount = "on"; - mountpoint = "/root"; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/home/hardwareProfiles.nix b/nix/home/hardwareProfiles.nix deleted file mode 100644 index a834466..0000000 --- a/nix/home/hardwareProfiles.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - nom = { - pkgs, - config, - lib, - ... - }: { - imports = [ - inputs.disko.nixosModules.disko - {disko.devices = cell.diskoConfigurations.nom;} - inputs.nixos-hardware.nixosModules.common-cpu-intel - inputs.nixos-hardware.nixosModules.common-pc-laptop - inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - # ZFS - networking.hostId = "4313abca"; - boot.supportedFilesystems = ["zfs"]; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - - # WWhen using systemd-networkd it's still possible to use this option, - # but it's recommended to use it in conjunction with explicit per-interface - # declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault false; - - hardware.enableRedistributableFirmware = true; - hardware.enableAllFirmware = true; - # high-resolution display - hardware.video.hidpi.enable = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - }; -} diff --git a/nix/home/nixosConfigurations.nix b/nix/home/nixosConfigurations.nix deleted file mode 100644 index 0a156ef..0000000 --- a/nix/home/nixosConfigurations.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - nom = {pkgs, ...}: { - bee.system = "x86_64-linux"; - bee.pkgs = import inputs.nixos { - inherit (inputs.nixpkgs) system; - config.allowUnfree = true; - overlays = []; - }; - imports = [ - cell.hardwareProfiles.nom - ]; - - # Disable unnecessary stuff from the nixos defaults. - services.udisks2.enable = false; - networking.dhcpcd.enable = false; - networking.firewall.enable = false; - security.sudo.enable = false; - - documentation.dev.enable = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - nix.settings = { - auto-optimise-store = true; - allowed-users = ["@wheel"]; - trusted-users = ["root" "@wheel"]; - experimental-features = [ - "flakes" - "nix-command" - ]; - accept-flake-config = true; - }; - - time.timeZone = "Europe/Berlin"; - - # Select internationalisation properties. - i18n.defaultLocale = "C.UTF-8"; - console = { - keyMap = "de-latin1-nodeadkeys"; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - passwordAuthentication = false; - kbdInteractiveAuthentication = false; - permitRootLogin = "yes"; - hostKeys = [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; - - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - services.sshd.enable = true; - - # Enable sound. - sound.enable = true; - sound.mediaKeys.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users = { - users.root = { - initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1"; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"]; - }; - users.myuser = { - isNormalUser = true; - shell = pkgs.zsh; - extraGroups = ["wheel" "audio" "video"]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - firefox - thunderbird - ]; - }; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - kitty - firefox - direnv - # Git & Tools - git - # Nix - # nil # nix language server - rnix-lsp # nix language server - alejandra # nix formatter - # Python - black # python formatter - ]; - - # Programs configuration - programs.neovim.enable = true; - programs.neovim.viAlias = true; - environment.variables.EDITOR = "nvim"; - - programs.starship.enable = true; - programs.nix-ld.enable = true; # quality of life for downloaded programs - programs.zsh = { - enable = true; - enableCompletion = true; - autosuggestions.enable = true; - autosuggestions.async = true; - syntaxHighlighting.enable = true; - shellInit = '' - eval "$(direnv hook zsh)" - ''; - }; - programs.git = { - enable = true; - config = { - init.defaultBranch = "main"; - pull.rebase = true; - }; - }; - #programs.ssh = { - # extraConfig = '' - # Host github.com - # User git - # Hostname github.com - # IdentityFile ~/.ssh/lar - # Host gitlab.com - # PreferredAuthentications publickey - # IdentityFile ~/.ssh/lar - # ''; - #}; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? - }; -} diff --git a/nix/host-drvs.nix b/nix/host-drvs.nix new file mode 100644 index 0000000..c417321 --- /dev/null +++ b/nix/host-drvs.nix @@ -0,0 +1,28 @@ +{self, ...}: system: let + inherit (self.pkgs.${system}) lib linkFarm; + + hosts = import ./hosts.nix; + + nixosDrvs = lib.mapAttrs (_: nixos: nixos.config.system.build.toplevel) self.nixosConfigurations; + homeDrvs = lib.mapAttrs (_: home: home.activationPackage) self.homeConfigurations; + hostDrvs = nixosDrvs // homeDrvs; + + structuredHostDrvs = + lib.mapAttrsRecursiveCond + (as: !(as ? "type" && (lib.elem as.type ["home-manager" "nixos"]))) + (path: _: hostDrvs.${lib.last path}) + hosts; + + structuredHostFarms = + lib.mapAttrsRecursiveCond + (as: !(lib.any lib.isDerivation (lib.attrValues as))) + ( + path: values: + (linkFarm + (lib.concatStringsSep "-" path) + (lib.mapAttrsToList (name: path: {inherit name path;}) values)) + // values + ) + structuredHostDrvs; +in + structuredHostFarms diff --git a/nix/hosts.nix b/nix/hosts.nix new file mode 100644 index 0000000..a0c8902 --- /dev/null +++ b/nix/hosts.nix @@ -0,0 +1,35 @@ +let + hosts = { + nom = { + type = "nixos"; + hostname = "nom"; + hostPlatform = "x86_64-linux"; + remoteBuild = true; + }; + }; + + inherit (builtins) attrNames concatMap listToAttrs; + + filterAttrs = pred: set: + listToAttrs (concatMap (name: let + value = set.${name}; + in + if pred name value + then [{inherit name value;}] + else []) (attrNames set)); + + systemPred = system: (_: v: builtins.match ".*${system}.*" v.hostPlatform != null); + + genFamily = filter: hosts: rec { + all = filterAttrs filter hosts; + + nixos = genFamily (_: v: v.type == "nixos") all; + homeManager = genFamily (_: v: v.type == "home-manager") all; + + linux = genFamily (systemPred "-linux") all; + + aarch64-linux = genFamily (systemPred "aarch64-linux") all; + x86_64-linux = genFamily (systemPred "x86_64-linux") all; + }; +in + genFamily (_: _: true) hosts diff --git a/nix/nixos.nix b/nix/nixos.nix new file mode 100644 index 0000000..b951353 --- /dev/null +++ b/nix/nixos.nix @@ -0,0 +1,43 @@ +{ + self, + home-manager, + impermanence, + nixos-hardware, + nixpkgs, + ragenix, + templates, + ... +}: let + inherit (nixpkgs) lib; + hosts = (import ./hosts.nix).nixos.all; + + nixRegistry = { + nix.registry = { + nixpkgs.flake = nixpkgs; + p.flake = nixpkgs; + pkgs.flake = nixpkgs; + templates.flake = templates; + }; + }; + + genConfiguration = hostname: {hostPlatform, ...}: + lib.nixosSystem { + modules = [ + (../hosts + "/${hostname}") + { + nixpkgs.pkgs = self.pkgs.${hostPlatform}; + # FIXME: This shouldn't be needed, but is for some reason + nixpkgs.hostPlatform = hostPlatform; + } + nixRegistry + home-manager.nixosModules.home-manager + impermanence.nixosModules.impermanence + ragenix.nixosModules.age + ]; + specialArgs = { + impermanence = impermanence.nixosModules; + nixos-hardware = nixos-hardware.nixosModules; + }; + }; +in + lib.mapAttrs genConfiguration hosts diff --git a/nix/overlay.nix b/nix/overlay.nix new file mode 100644 index 0000000..e213da8 --- /dev/null +++ b/nix/overlay.nix @@ -0,0 +1,23 @@ +{ + deploy-rs, + nixpkgs, + ragenix, + ... +}: let + inherit (nixpkgs) lib; + localOverlays = + lib.mapAttrs' + (f: _: + lib.nameValuePair + (lib.removeSuffix ".nix" f) + (import (./overlays + "/${f}"))) + (builtins.readDir ./overlays); +in + localOverlays + // { + default = lib.composeManyExtensions ((lib.attrValues localOverlays) + ++ [ + deploy-rs.overlay + ragenix.overlays.default + ]); + } diff --git a/nix/overlays/scripts/default.nix b/nix/overlays/scripts/default.nix new file mode 100644 index 0000000..d9a817f --- /dev/null +++ b/nix/overlays/scripts/default.nix @@ -0,0 +1,11 @@ +final: prev: +with prev.lib; +with builtins; + composeManyExtensions + ( + map + (f: import (./. + "/${f}")) + (remove "default.nix" (attrNames (readDir ./.))) + ) + final + prev diff --git a/pasteurize.nix b/pasteurize.nix deleted file mode 100644 index 6ffd9b9..0000000 --- a/pasteurize.nix +++ /dev/null @@ -1,233 +0,0 @@ -{ - nixpkgs, - cellBlock, -}: let - l = nixpkgs.lib // builtins; - evalModulesMinimal = - (import (nixpkgs + /nixos/lib/default.nix) { - inherit (nixpkgs) lib; - # don't show the warning. - featureFlags.minimalModules = {}; - }) - .evalModules; - - beeOptions = {config, ...}: { - options.bee = { - system = l.mkOption { - type = l.types.str; - description = "divnix/hive requires you to set the host's system via 'config.bee.system = \"x86_64-linux\";'"; - }; - home = l.mkOption { - type = l.mkOptionType { - name = "input"; - description = "home-manager input"; - check = x: (l.isAttrs x) && (l.hasAttr "sourceInfo" x); - }; - description = "divnix/hive requires you to set the home-manager input via 'config.bee.home = inputs.home-22-05;'"; - }; - pkgs = l.mkOption { - type = l.mkOptionType { - name = "packages"; - description = "instance of nixpkgs"; - check = x: (l.isAttrs x) && (l.hasAttr "path" x); - }; - description = "divnix/hive requires you to set the nixpkgs instance via 'config.bee.pkgs = inputs.nixos-22.05.legacyPackages;'"; - apply = x: - if (l.hasAttr "${config.bee.system}" x) - then x.${config.bee.system} - else x; - }; - }; - }; - - combCheckModule = let - erase = optionName: {options, ...}: let - opt = l.getAttrFromPath optionName options; - in { - options = l.setAttrByPath optionName (l.mkOption {visible = false;}); - config._hive_erased = [ - { - assertion = !opt.isDefined; - message = '' - The option definition `${l.showOption optionName}' in ${l.showFiles opt.files} is not supported by divnix/hive. - - This is a Standard simplification. - - - Please set 'config.bee.pkgs' to an instantiated version of nixpkgs. - - Also declare the host system via 'config.bee.system'. - ''; - } - ]; - }; - in - {config, ...}: { - imports = [ - (erase ["nixpkgs" "config"]) - (erase ["nixpkgs" "overlays"]) - (erase ["nixpkgs" "system"]) - (erase ["nixpkgs" "localSystem"]) - (erase ["nixpkgs" "crossSystem"]) - (erase ["nixpkgs" "pkgs"]) - ]; - config._module = { - freeformType = l.types.unspecified; - check = true; - }; - options._hive_erased = l.mkOption { - type = l.types.listOf l.types.unspecified; - internal = true; - default = []; - }; - }; - - checkAndTransformConfigFor = site: target: out: config: let - _file = "github:oddlama/infranix: ./nix/${site}; target: ${target}"; - locatedConfig = { - imports = [config]; - inherit _file; - }; - checked = (evalModulesMinimal {modules = [combCheckModule beeOptions locatedConfig];}).config; - asserted = let - failedAsserts = map (x: x.message) (l.filter (x: !x.assertion) checked._hive_erased); - in - if failedAsserts != [] - then throw "\nFailed assertions:\n${l.concatStringsSep "\n" (map (x: "- ${x}") failedAsserts)}" - else checked; - in - locatedConfig // (out asserted); - - /* - - We start with: - ${system}.${site}.${cellBlock}.${machine} = config; - - We want: - ${machine}@${site} = config; (filtered by system) - - */ - pasteurize = self: - l.pipe - ( - l.mapAttrs (system: - l.mapAttrs (site: blocks: ( - l.pipe blocks [ - (l.attrByPath [cellBlock] {}) - (l.mapAttrs (machine: - checkAndTransformConfigFor site machine ( - asserted: { - environment.etc."nixos/configuration.nix".text = '' - throw ''' - This machine is not managed by nixos-rebuild, but by colmena. - ''' - ''; - nixpkgs = { - inherit (asserted.bee) system pkgs; - inherit (asserted.bee.pkgs) config; # nixos modules don't load this - }; - } - ))) - (l.filterAttrs (_: config: config.nixpkgs.system == system)) - (l.mapAttrs (machine: l.nameValuePair "${machine}@${site}")) - ] - ))) - (l.intersectAttrs (l.genAttrs l.systems.doubles.all (_: null)) self) - ) [ - (l.collect (x: x ? name && x ? value)) - l.listToAttrs - ]; - - stir = config: { - # we consume the already transformed contract here - evalConfig = import (config.nixpkgs.pkgs.path + "/nixos/lib/eval-config.nix"); - system = config.nixpkgs.system; - }; - - # same as pasteurize, but for home manager configs - cure = self: - l.pipe - ( - l.mapAttrs (system: - l.mapAttrs (site: blocks: ( - l.pipe blocks [ - (l.attrByPath [cellBlock] {}) - (l.mapAttrs (homecfg: - checkAndTransformConfigFor site homecfg ( - # We switched off the home-manager nimpkgs module since it - # does a re-import (and we don't tolerate that interface) - # so we re-use bee to communicate with the shake function - # below - asserted: {bee = {inherit (asserted.bee) system pkgs home;};} - ))) - (l.filterAttrs (_: config: config.bee.system == system)) - (l.mapAttrs (homecfg: l.nameValuePair "${homecfg}@${site}")) - ] - ))) - (l.intersectAttrs (l.genAttrs l.systems.doubles.all (_: null)) self) - ) [ - (l.collect (x: x ? name && x ? value)) - l.listToAttrs - ]; - - # same as stir, but for home manager configs - shake = config: extra: let - # we consume the already transformed contract here - lib = import (config.bee.home + /modules/lib/stdlib-extended.nix) l; - hmModules = import (config.bee.home + /modules/modules.nix) { - inherit (config.bee) pkgs; - inherit lib; - check = true; - # we switch off the nixpkgs module, package instantiation needs - # to happen on the `std` layer - useNixpkgsModule = false; - }; - evaled = - # need to use the extended lib - lib.evalModules { - modules = [config beeOptions extra] ++ hmModules; - specialArgs = { - modulesPath = l.toString (config.bee.home + /modules); - }; - }; - in { - inherit evaled; - # system = config.bee.system; # not actually used - }; - - # same as pasteurize, but for disko where the system doesn't matter - sing = self: - l.pipe - ( - l.mapAttrs (system: - l.mapAttrs (site: blocks: ( - l.pipe blocks [ - (l.attrByPath [cellBlock] {}) - (l.filterAttrs (_: _: "x86_64-linux" == system)) # pick one - (l.mapAttrs (disko: l.nameValuePair "${disko}.${site}")) - ] - ))) - (l.intersectAttrs (l.genAttrs l.systems.doubles.all (_: null)) self) - ) [ - (l.collect (x: x ? name && x ? value)) - l.listToAttrs - ]; - - # Error reporting - showAssertions = let - collectFailed = cfg: - l.map (x: x.message) (l.filter (x: !x.assertion) cfg.assertions); - showWarnings = res: let - f = w: x: l.trace "warning: ${w}" x; - in - l.fold f res res.config.warnings; - in - evaled: - showWarnings ( - let - failed = collectFailed evaled.config; - failedStr = l.concatStringsSep "\n" (map (x: "- ${x}") failed); - in - if failed == [] - then evaled - else throw "\nFailed assertions:\n${failedStr}" - ); -in {inherit pasteurize stir cure shake sing showAssertions beeOptions;} diff --git a/users/oddlama/default.nix b/users/oddlama/default.nix new file mode 100644 index 0000000..7c17b43 --- /dev/null +++ b/users/oddlama/default.nix @@ -0,0 +1,9 @@ +{ + config, + impermanence, + lib, + pkgs, + ... +}: +with lib; { +}