From 3c322bbdbf1143ced4a96f366c6d5fe9709b0aa4 Mon Sep 17 00:00:00 2001 From: oddlama Date: Fri, 5 Sep 2025 20:48:22 +0200 Subject: [PATCH] chore: update flake and make necessary changes, disable immich for now --- config/optional/laptop.nix | 28 +++--- flake.lock | 146 +++++++++++++++--------------- flake.nix | 3 +- hosts/sentinel/firezone.nix | 2 +- hosts/sire/default.nix | 6 +- hosts/ward/default.nix | 2 +- hosts/ward/guests/adguardhome.nix | 71 +++++++-------- hosts/ward/guests/kanidm.nix | 44 ++++----- nix/agenix-rekey.nix | 2 +- nix/devshell.nix | 2 +- nix/hosts.nix | 3 + pkgs/default.nix | 1 + pkgs/nix-plugins.nix | 74 +++++++++++++++ 13 files changed, 228 insertions(+), 156 deletions(-) create mode 100644 pkgs/nix-plugins.nix diff --git a/config/optional/laptop.nix b/config/optional/laptop.nix index 2e2f602..e17ce0e 100644 --- a/config/optional/laptop.nix +++ b/config/optional/laptop.nix @@ -1,21 +1,17 @@ { systemd.network.wait-online.anyInterface = true; - services = { - # tlp.enable = true; - physlock.enable = true; - logind = { - lidSwitch = "ignore"; - lidSwitchDocked = "ignore"; - lidSwitchExternalPower = "ignore"; - extraConfig = '' - HandlePowerKey=suspend - HandleSuspendKey=suspend - HandleHibernateKey=suspend - PowerKeyIgnoreInhibited=yes - SuspendKeyIgnoreInhibited=yes - HibernateKeyIgnoreInhibited=yes - ''; - }; + # services.tlp.enable = true; + services.physlock.enable = true; + services.logind.settings.Login = { + LidSwitch = "ignore"; + LidSwitchDocked = "ignore"; + LidSwitchExternalPower = "ignore"; + HandlePowerKey = "suspend"; + HandleSuspendKey = "suspend"; + HandleHibernateKey = "suspend"; + PowerKeyIgnoreInhibited = "yes"; + SuspendKeyIgnoreInhibited = "yes"; + HibernateKeyIgnoreInhibited = "yes"; }; } diff --git a/flake.lock b/flake.lock index 35705bb..d786bb2 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -36,12 +36,12 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752094135, - "narHash": "sha256-kd5/x5SshFVFHWUf/7rRqXQ06aUaD6VJdUYRCDUHHo0=", - "owner": "oddlama", - "repo": "agenix-rekey", - "rev": "395cdb1631e9715e37d0e859a2b1da63f0ae333b", - "type": "github" + "dirtyRev": "647162ded97dd656efa95951a76bf694559618a0-dirty", + "dirtyShortRev": "647162d-dirty", + "lastModified": 1757081179, + "narHash": "sha256-ITukwc/nWVjn8bEZ/iBMAhbuwHFnm+zfP+C6UyFiFrA=", + "type": "git", + "url": "file:///home/malte/projects/agenix-rekey" }, "original": { "owner": "oddlama", @@ -85,11 +85,11 @@ }, "crane_3": { "locked": { - "lastModified": 1753316655, - "narHash": "sha256-tzWa2kmTEN69OEMhxFy+J2oWSvZP5QhEgXp3TROOzl0=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "f35a3372d070c9e9ccb63ba7ce347f0634ddf3d2", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -273,11 +273,11 @@ ] }, "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "lastModified": 1756733629, + "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", "owner": "nix-community", "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", "type": "github" }, "original": { @@ -490,11 +490,11 @@ "flake-compat_9": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -547,11 +547,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -586,11 +586,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -607,11 +607,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -852,15 +852,15 @@ ] }, "locked": { - "lastModified": 1749289734, - "narHash": "sha256-noC2IBKVH4NHJ3m59rqtdWNYUQY9Q98SC7K5RDw+3aw=", - "owner": "oddlama", + "lastModified": 1757075491, + "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=", + "owner": "nix-community", "repo": "home-manager", - "rev": "a7a0101db4bdef8da592ba5804e7c7444baa0493", + "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf", "type": "github" }, "original": { - "owner": "oddlama", + "owner": "nix-community", "repo": "home-manager", "type": "github" } @@ -919,16 +919,16 @@ ] }, "locked": { - "lastModified": 1748294338, - "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", "owner": "NuschtOS", "repo": "ixx", - "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.8", + "ref": "v0.1.1", "repo": "ixx", "type": "github" } @@ -945,11 +945,11 @@ "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1753693791, - "narHash": "sha256-pZQyCkqIFwGA77np+vqVQZgg2P0qPAI6x6kC3w6+PjE=", + "lastModified": 1756744479, + "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "785a5701b22259b85735301b1aad19c2bee15498", + "rev": "747b7912f49e2885090c83364d88cf853a020ac1", "type": "github" }, "original": { @@ -980,11 +980,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1753388547, - "narHash": "sha256-zbjlS9sa2BbtE80YA9C9DMXwCADba3NjUROw/7Rpt7Y=", + "lastModified": 1756913421, + "narHash": "sha256-bApi+D4wQJe4tG03VySlb4lJOBWqpl8DK8niSfKT87U=", "owner": "astro", "repo": "microvm.nix", - "rev": "9694139d7c761e857ac9d025f9110a92cd8f7686", + "rev": "2ba6697616834ff8c58ebc6180e4833c6d781b82", "type": "github" }, "original": { @@ -1086,11 +1086,11 @@ ] }, "locked": { - "lastModified": 1753589988, - "narHash": "sha256-y1JlcMB2dKFkrr6g+Ucmj8L//IY09BtSKTH/A7OU7mU=", + "lastModified": 1756612744, + "narHash": "sha256-/glV6VAq8Va3ghIbmhET3S1dzkbZqicsk5h+FtvwiPE=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "f0736b09c43028fd726fb70c3eb3d1f0795454cf", + "rev": "3fe768e1f058961095b4a0d7a2ba15dc9736bdc6", "type": "github" }, "original": { @@ -1184,11 +1184,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1756925795, + "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "ba6fab29768007e9f2657014a6e134637100c57d", "type": "github" }, "original": { @@ -1220,11 +1220,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753939845, - "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94def634a20494ee057c76998843c015909d6311", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { @@ -1248,11 +1248,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -1299,11 +1299,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1753977315, - "narHash": "sha256-AM3CZh+Emk/cr5Gf6RUf2xzkWdRB+yewP1YWoRxUbYQ=", + "lastModified": 1756946299, + "narHash": "sha256-N4PjGA0rittpNZGscKPel+mr/dMcKF73j0yr4rbG3T0=", "owner": "nix-community", "repo": "nixvim", - "rev": "a16c89c175277309fd3dd065fb5bc4eab450ae07", + "rev": "63496f00c681b3e200bd17878a43ec68b7139a66", "type": "github" }, "original": { @@ -1322,11 +1322,11 @@ ] }, "locked": { - "lastModified": 1753450833, - "narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=", + "lastModified": 1755555503, + "narHash": "sha256-WiOO7GUOsJ4/DoMy2IC5InnqRDSo2U11la48vCCIjjY=", "owner": "NuschtOS", "repo": "search", - "rev": "40987cc1a24feba378438d691f87c52819f7bd75", + "rev": "6f3efef888b92e6520f10eae15b86ff537e1d2ea", "type": "github" }, "original": { @@ -1534,11 +1534,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1755960406, + "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "type": "github" }, "original": { @@ -1708,11 +1708,11 @@ ] }, "locked": { - "lastModified": 1753584741, - "narHash": "sha256-i147iFSy4K4PJvID+zoszLbRi2o+YV8AyG4TUiDQ3+I=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "69dfe029679e73b8d159011c9547f6148a85ca6b", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", "type": "github" }, "original": { @@ -1772,11 +1772,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1751265943, - "narHash": "sha256-XoHSo6GEElzRUOYAEg/jlh5c8TDsyDESFIux3nU/NMc=", + "lastModified": 1754675037, + "narHash": "sha256-afS08F7lfMUBR4qrBxinN1kuxu+DoHQ5TPNVp9VS/OA=", "ref": "refs/heads/main", - "rev": "37c8663fab86fdb202fece339ef7ac7177ffc201", - "revCount": 904, + "rev": "586577f3015397afacd83bc185454f4cc3c8028f", + "revCount": 955, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -1967,11 +1967,11 @@ ] }, "locked": { - "lastModified": 1754061284, - "narHash": "sha256-ONcNxdSiPyJ9qavMPJYAXDNBzYobHRxw0WbT38lKbwU=", + "lastModified": 1756662192, + "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "58bd4da459f0a39e506847109a2a5cfceb837796", + "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4a47f6b..8226d52 100644 --- a/flake.nix +++ b/flake.nix @@ -29,8 +29,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; home-manager = { - # FIXME: only using a fork to fix https://github.com/nix-community/home-manager/issues/6638 - url = "github:oddlama/home-manager"; + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/sentinel/firezone.nix b/hosts/sentinel/firezone.nix index 7591cf9..a90301c 100644 --- a/hosts/sentinel/firezone.nix +++ b/hosts/sentinel/firezone.nix @@ -19,7 +19,7 @@ let "photos.${globals.domains.me}" "s3.photos.${globals.domains.me}" globals.services.mealie.domain - globals.services.immich.domain + # globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain globals.services.paperless.domain diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index 6287694..82103a5 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -145,9 +145,9 @@ // mkMicrovm "paperless" { enablePaperlessDataset = true; } - // mkMicrovm "immich" { - enableStorageDataset = true; - } + # // mkMicrovm "immich" { + # enableStorageDataset = true; + # } // mkMicrovm "ai" { } // mkMicrovm "minecraft" { } // mkMicrovm "ente" { diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 0a08a1f..3ec2f35 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -21,7 +21,7 @@ let "photos.${globals.domains.me}" "s3.photos.${globals.domains.me}" globals.services.mealie.domain - globals.services.immich.domain + # globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain globals.services.paperless.domain diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index 1e2e2fc..e26480b 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -91,42 +91,41 @@ in ]; dhcp.enabled = false; }; - filtering.rewrites = - [ - # Undo the /etc/hosts entry so we don't answer with the internal - # wireguard address for influxdb - { - inherit (globals.services.influxdb) domain; - answer = globals.domains.me; - } - ] - # Use the local mirror-proxy for some services (not necessary, just for speed) - ++ - map - (domain: { - inherit domain; - answer = globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4; - }) - [ - # FIXME: dont hardcode, filter global service domains by internal state - # FIXME: new entry here? make new firezone entry too. - # FIXME: new entry here? make new firezone gateway on ward entry too. - globals.services.grafana.domain - "accounts.photos.${globals.domains.me}" - "albums.photos.${globals.domains.me}" - "api.photos.${globals.domains.me}" - "cast.photos.${globals.domains.me}" - "photos.${globals.domains.me}" - "s3.photos.${globals.domains.me}" - globals.services.mealie.domain - globals.services.immich.domain - globals.services.influxdb.domain - globals.services.loki.domain - globals.services.paperless.domain - globals.services.esphome.domain - globals.services.home-assistant.domain - "fritzbox.${globals.domains.personal}" - ]; + filtering.rewrites = [ + # Undo the /etc/hosts entry so we don't answer with the internal + # wireguard address for influxdb + { + inherit (globals.services.influxdb) domain; + answer = globals.domains.me; + } + ] + # Use the local mirror-proxy for some services (not necessary, just for speed) + ++ + map + (domain: { + inherit domain; + answer = globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4; + }) + [ + # FIXME: dont hardcode, filter global service domains by internal state + # FIXME: new entry here? make new firezone entry too. + # FIXME: new entry here? make new firezone gateway on ward entry too. + globals.services.grafana.domain + "accounts.photos.${globals.domains.me}" + "albums.photos.${globals.domains.me}" + "api.photos.${globals.domains.me}" + "cast.photos.${globals.domains.me}" + "photos.${globals.domains.me}" + "s3.photos.${globals.domains.me}" + globals.services.mealie.domain + # globals.services.immich.domain + globals.services.influxdb.domain + globals.services.loki.domain + globals.services.paperless.domain + globals.services.esphome.domain + globals.services.home-assistant.domain + "fritzbox.${globals.domains.personal}" + ]; filters = [ { name = "AdGuard DNS filter"; diff --git a/hosts/ward/guests/kanidm.nix b/hosts/ward/guests/kanidm.nix index b991077..474d983 100644 --- a/hosts/ward/guests/kanidm.nix +++ b/hosts/ward/guests/kanidm.nix @@ -37,7 +37,7 @@ in age.secrets.kanidm-oauth2-forgejo = mkRandomSecret; age.secrets.kanidm-oauth2-grafana = mkRandomSecret; - age.secrets.kanidm-oauth2-immich = mkRandomSecret; + # age.secrets.kanidm-oauth2-immich = mkRandomSecret; age.secrets.kanidm-oauth2-firezone = mkRandomSecret; age.secrets.kanidm-oauth2-mealie = mkRandomSecret; age.secrets.kanidm-oauth2-paperless = mkRandomSecret; @@ -115,27 +115,27 @@ in inherit (globals.kanidm) persons; - # Immich - groups."immich.access" = { }; - systems.oauth2.immich = { - displayName = "Immich"; - originUrl = [ - "https://${globals.services.immich.domain}/auth/login" - "https://${globals.services.immich.domain}/api/oauth/mobile-redirect" - ]; - originLanding = "https://${globals.services.immich.domain}/"; - basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path; - preferShortUsername = true; - # XXX: PKCE is currently not supported by immich - allowInsecureClientDisablePkce = true; - # XXX: RS256 is used instead of ES256 so additionally we need legacy crypto - enableLegacyCrypto = true; - scopeMaps."immich.access" = [ - "openid" - "email" - "profile" - ]; - }; + # # Immich + # groups."immich.access" = { }; + # systems.oauth2.immich = { + # displayName = "Immich"; + # originUrl = [ + # "https://${globals.services.immich.domain}/auth/login" + # "https://${globals.services.immich.domain}/api/oauth/mobile-redirect" + # ]; + # originLanding = "https://${globals.services.immich.domain}/"; + # basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path; + # preferShortUsername = true; + # # XXX: PKCE is currently not supported by immich + # allowInsecureClientDisablePkce = true; + # # XXX: RS256 is used instead of ES256 so additionally we need legacy crypto + # enableLegacyCrypto = true; + # scopeMaps."immich.access" = [ + # "openid" + # "email" + # "profile" + # ]; + # }; # Firezone groups."firezone.access" = { }; diff --git a/nix/agenix-rekey.nix b/nix/agenix-rekey.nix index ee6e08b..060ccac 100644 --- a/nix/agenix-rekey.nix +++ b/nix/agenix-rekey.nix @@ -12,7 +12,7 @@ # The identities that are used to rekey agenix secrets and to # decrypt all repository-wide secrets. secretsConfig = { - masterIdentities = [ ../secrets/yk1-nix-rage.pub ]; + masterIdentities = [ "\"$DEVSHELL_DIR\"/secrets/yk1-nix-rage.pub" ]; extraEncryptionPubkeys = [ ../secrets/backup.pub ]; }; }; diff --git a/nix/devshell.nix b/nix/devshell.nix index cd41585..9f5ca78 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -26,7 +26,7 @@ devshells.default = { packages = [ - (builtins.trace "alarm: we pinned nix_2_24 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_24) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. + pkgs.nix # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. ]; commands = [ diff --git a/nix/hosts.nix b/nix/hosts.nix index 2ab5347..896b804 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -34,6 +34,9 @@ modules = [ { nixpkgs.config.allowUnfree = true; + nixpkgs.config.permittedInsecurePackages = [ + "qtwebengine-5.15.19" # teamspeak3, whatever I don't visit any untrusted servers + ]; nixpkgs.overlays = (import ../pkgs/default.nix inputs) ++ [ inputs.idmail.overlays.default # inputs.nixos-cosmic.overlays.default diff --git a/pkgs/default.nix b/pkgs/default.nix index da96a2c..ab56514 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -5,6 +5,7 @@ _inputs: [ git-fuzzy = prev.callPackage ./git-fuzzy { }; segoe-ui-ttf = prev.callPackage ./segoe-ui-ttf.nix { }; zsh-histdb-skim = prev.callPackage ./zsh-skim-histdb.nix { }; + nix-plugins = prev.callPackage ./nix-plugins.nix { }; neovim-clean = prev.neovim-unwrapped.overrideAttrs (old: { nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ]; postInstall = '' diff --git a/pkgs/nix-plugins.nix b/pkgs/nix-plugins.nix new file mode 100644 index 0000000..0402c17 --- /dev/null +++ b/pkgs/nix-plugins.nix @@ -0,0 +1,74 @@ +{ + lib, + stdenv, + fetchFromGitHub, + nix, + cmake, + pkg-config, + capnproto, + boost, + writeText, +}: + +let + patch = writeText "patch" '' + diff --git a/extra-builtins.cc b/extra-builtins.cc + index 3a0f90e..bb10f8b 100644 + --- a/extra-builtins.cc + +++ b/extra-builtins.cc + @@ -1,10 +1,10 @@ + -#include + -#include + -#include + -#include + -#include + -#include + -#include + +#include + +#include + +#include + +#include + +#include + +#include + +#include + + #include "nix-plugins-config.h" + ''; +in + +stdenv.mkDerivation rec { + pname = "nix-plugins"; + version = "15.0.0"; + + # src = fetchFromGitHub { + # owner = "patrickdag"; + # repo = "nix-plugins"; + # rev = "c85627e50bf92807091321029fca3f700c3f13e2"; + # hash = "sha256-lfQ+tDrNj8+nMw1mUl4ombjxdRpIKmAvcimxN4n1Iyo="; + # }; + src = fetchFromGitHub { + owner = "shlevy"; + repo = "nix-plugins"; + tag = version; + hash = "sha256-C4VqKHi6nVAHuXVhqvTRRyn0Bb619ez4LzgUWPH1cbM="; + }; + patches = [ patch ]; + + nativeBuildInputs = [ + cmake + pkg-config + ]; + + buildInputs = [ + nix + boost + capnproto + ]; + + meta = { + description = "Collection of miscellaneous plugins for the nix expression language"; + homepage = "https://github.com/shlevy/nix-plugins"; + license = lib.licenses.mit; + platforms = lib.platforms.all; + }; +}