ludovico
/
dotfiles
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init digga

This commit is contained in:
Ludovico Piero 2023-02-08 06:41:32 +10:00
commit 46c43e91d7
41 changed files with 1546 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.editorconfig Normal file
View File

@ -0,0 +1,32 @@
# Editor configuration, see http://editorconfig.org
root = true
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
indent_style = space
indent_size = 2
# Ignore diffs/patches
[*.{diff,patch}]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
indent_size = unset
[{.*,secrets}/**]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
charset = unset
indent_style = unset
indent_size = unset
[*.py]
indent_size = 4
[*.md]
max_line_length = off
trim_trailing_whitespace = false

2
.envrc Normal file
View File

@ -0,0 +1,2 @@
watch_file shell/* flake.nix
use flake || use nix

5
.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
result
.direnv
doc/index.html
pkgs/_sources/.shake*

18
COPYING Normal file
View File

@ -0,0 +1,18 @@
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

11
README.md Normal file
View File

@ -0,0 +1,11 @@
# Nix Configuration
This repository is home to the nix code that builds my systems.
## Why Nix?
Nix allows for easy to manage, collaborative, reproducible deployments. This means that once something is setup and configured once, it works forever. If someone else shares their configuration, anyone can make use of it.
This flake is configured with the use of [digga][digga].
[digga]: https://github.com/divnix/digga

35
default.nix Normal file
View File

@ -0,0 +1,35 @@
let
inherit (default.inputs.nixos) lib;
default = (import ./lib/compat).defaultNix;
ciSystems = [
"aarch64-linux"
"x86_64-linux"
];
filterSystems =
lib.filterAttrs
(system: _: lib.elem system ciSystems);
recurseIntoAttrsRecursive = lib.mapAttrs (
_: v:
if lib.isAttrs v
then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
else v
);
systemOutputs =
lib.filterAttrs
(
name: set:
lib.isAttrs set
&& lib.any
(system: set ? ${system} && name != "legacyPackages")
ciSystems
)
default.outputs;
ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
in
(recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;}

470
flake.lock Normal file
View File

@ -0,0 +1,470 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin-stable"
]
},
"locked": {
"lastModified": 1672753581,
"narHash": "sha256-EIi2tqHoje5cE9WqH23ZghW28NOOWSUM7tcxKE1U9KI=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "3db1d870b04b13411f56ab1a50cd32b001f56433",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"digga",
"nixpkgs"
]
},
"locked": {
"lastModified": 1651916036,
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixos"
],
"utils": "utils"
},
"locked": {
"lastModified": 1672327199,
"narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"digga",
"nixpkgs"
]
},
"locked": {
"lastModified": 1655976588,
"narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=",
"owner": "numtide",
"repo": "devshell",
"rev": "899ca4629020592a13a46783587f6e674179d1db",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"digga": {
"inputs": {
"darwin": "darwin_2",
"deploy": [
"deploy"
],
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus",
"home-manager": [
"home"
],
"nixlib": [
"nixos"
],
"nixpkgs": [
"nixos"
],
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1668250948,
"narHash": "sha256-qqyzJQHgb/Bgq3Zxwa0gmaDEpkuyVhvynnq6a0akMWw=",
"owner": "divnix",
"repo": "digga",
"rev": "54ede8e591d288c176a09d6fcf4b123896c0bf0f",
"type": "github"
},
"original": {
"owner": "divnix",
"repo": "digga",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1654029967,
"narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "refs/pull/120/head",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1667077288,
"narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home": {
"inputs": {
"nixpkgs": [
"nixos"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1672244468,
"narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"repo": "home-manager",
"type": "github"
}
},
"latest": {
"locked": {
"lastModified": 1672791794,
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos": {
"locked": {
"lastModified": 1672844754,
"narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e9ade2c8240e00a4784fac282a502efff2786bdc",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1672644464,
"narHash": "sha256-RYlvRMcQNT7FDoDkViijQBHg9g+blsB+U6AvL/gAsPI=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "ca29e25c39b8e117d4d76a81f1e229824a9b3a26",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1671525405,
"narHash": "sha256-MEgNxm/oRt5w4ycMENewfZQKOak0ixmjVPfXM96N1FA=",
"path": "/nix/store/d2flirhsd337gm8j8rxlqklslryx6g3q-source",
"rev": "cbe419ed4c8f98bd82d169c321d339ea30904f1f",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-darwin-stable": {
"locked": {
"lastModified": 1672907623,
"narHash": "sha256-hI1wQVjYDdnEX0DxFbxNqUgkg/L3BAUb6Ocy5DJS0Yw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c013ff8cc1e5186fd459f95e757d572700190fec",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-22.11-darwin",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1667629849,
"narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1672971053,
"narHash": "sha256-d2w/OvdsBkg7jf9n6diLASirdY0XstSqpUXPtWLfKrM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "37aa8904d0a5687eb3eca8a72737e1e3e75113b3",
"type": "github"
},
"original": {
"id": "nur",
"type": "indirect"
}
},
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1667620329,
"narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"type": "github"
},
"original": {
"owner": "berberman",
"repo": "nvfetcher",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"darwin": "darwin",
"deploy": "deploy",
"digga": "digga",
"flake-compat": "flake-compat_3",
"home": "home",
"latest": "latest",
"nixos": "nixos",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-darwin-stable": "nixpkgs-darwin-stable",
"nur": "nur",
"nvfetcher": "nvfetcher"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

223
flake.nix Normal file
View File

@ -0,0 +1,223 @@
{
description = "A highly structured configuration database.";
nixConfig = {
extra-experimental-features = "nix-command flakes";
extra-substituters = [
"https://nrdxp.cachix.org"
"https://nix-community.cachix.org"
];
extra-trusted-public-keys = [
"nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
inputs = {
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
# Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-22.11";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
# For darwin hosts: it can be helpful to track this darwin-specific stable
# channel equivalent to the `nixos-*` channels for NixOS. For one, these
# channels are more likely to provide cached binaries for darwin systems.
# But, perhaps even more usefully, it provides a place for adding
# darwin-specific overlays and packages which could otherwise cause build
# failures on Linux systems.
nixpkgs-darwin-stable.url = "github:NixOS/nixpkgs/nixpkgs-22.11-darwin";
digga.url = "github:divnix/digga";
digga.inputs.nixpkgs.follows = "nixos";
digga.inputs.nixlib.follows = "nixos";
digga.inputs.home-manager.follows = "home";
digga.inputs.deploy.follows = "deploy";
home.url = "github:nix-community/home-manager/release-22.11";
home.inputs.nixpkgs.follows = "nixos";
darwin.url = "github:LnL7/nix-darwin";
darwin.inputs.nixpkgs.follows = "nixpkgs-darwin-stable";
deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixos";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixos";
nvfetcher.url = "github:berberman/nvfetcher";
nvfetcher.inputs.nixpkgs.follows = "nixos";
nixos-hardware.url = "github:nixos/nixos-hardware";
};
outputs = {
self,
digga,
nixos,
home,
nixos-hardware,
nur,
agenix,
nvfetcher,
deploy,
nixpkgs,
...
} @ inputs:
digga.lib.mkFlake
{
inherit self inputs;
channelsConfig = {allowUnfree = true;};
channels = {
nixos = {
imports = [(digga.lib.importOverlays ./overlays)];
overlays = [];
};
nixpkgs-darwin-stable = {
imports = [(digga.lib.importOverlays ./overlays)];
overlays = [
# TODO: restructure overlays directory for per-channel overrides
# `importOverlays` will import everything under the path given
(channels: final: prev:
{
inherit (channels.latest) mas;
}
// prev.lib.optionalAttrs true {})
];
};
latest = {};
};
lib = import ./lib {lib = digga.lib // nixos.lib;};
sharedOverlays = [
(final: prev: {
__dontExport = true;
lib = prev.lib.extend (lfinal: lprev: {
our = self.lib;
});
})
nur.overlay
agenix.overlay
nvfetcher.overlay
(import ./pkgs)
];
nixos = {
hostDefaults = {
system = "x86_64-linux";
channelName = "nixos";
imports = [(digga.lib.importExportableModules ./modules)];
modules = [
{lib.our = self.lib;}
digga.nixosModules.bootstrapIso
digga.nixosModules.nixConfig
home.nixosModules.home-manager
agenix.nixosModules.age
];
};
imports = [(digga.lib.importHosts ./hosts/nixos)];
hosts = {
# set host-specific properties here
NixOS = {};
};
importables = rec {
profiles =
digga.lib.rakeLeaves ./profiles
// {
users = digga.lib.rakeLeaves ./users;
};
suites = with profiles; rec {
base = [core.nixos users.nixos users.root];
};
};
};
darwin = {
hostDefaults = {
system = "x86_64-darwin";
channelName = "nixpkgs-darwin-stable";
imports = [(digga.lib.importExportableModules ./modules)];
modules = [
{lib.our = self.lib;}
digga.darwinModules.nixConfig
home.darwinModules.home-manager
agenix.nixosModules.age
];
};
imports = [(digga.lib.importHosts ./hosts/darwin)];
hosts = {
# set host-specific properties here
Mac = {};
};
importables = rec {
profiles =
digga.lib.rakeLeaves ./profiles
// {
users = digga.lib.rakeLeaves ./users;
};
suites = with profiles; rec {
base = [core.darwin users.darwin];
};
};
};
home = {
imports = [(digga.lib.importExportableModules ./users/modules)];
modules = [];
importables = rec {
profiles = digga.lib.rakeLeaves ./users/profiles;
suites = with profiles; rec {
base = [direnv git];
};
};
users = {
# TODO: does this naming convention still make sense with darwin support?
#
# - it doesn't make sense to make a 'nixos' user available on
# darwin, and vice versa
#
# - the 'nixos' user might have special significance as the default
# user for fresh systems
#
# - perhaps a system-agnostic home-manager user is more appropriate?
# something like 'primaryuser'?
#
# all that said, these only exist within the `hmUsers` attrset, so
# it could just be left to the developer to determine what's
# appropriate. after all, configuring these hm users is one of the
# first steps in customizing the template.
nixos = {suites, ...}: {
imports = suites.base;
home.stateVersion = "22.11";
};
darwin = {suites, ...}: {
imports = suites.base;
home.stateVersion = "22.11";
};
}; # digga.lib.importers.rakeLeaves ./users/hm;
};
devshell = ./shell;
# TODO: similar to the above note: does it make sense to make all of
# these users available on all systems?
homeConfigurations =
digga.lib.mergeAny
(digga.lib.mkHomeConfigurations self.darwinConfigurations)
(digga.lib.mkHomeConfigurations self.nixosConfigurations);
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {};
};
}

12
hosts/darwin/Mac.nix Normal file
View File

@ -0,0 +1,12 @@
{
config,
pkgs,
suites,
...
}: {
imports = with suites; base;
# The `mas` package is included here as a test for platform-specific package
# support in Digga. Feel free to remove it in your config.
environment.systemPackages = with pkgs; [mas];
}

11
hosts/nixos/NixOS.nix Normal file
View File

@ -0,0 +1,11 @@
{suites, ...}: {
### root password is empty by default ###
imports = suites.base;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true;
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
}

13
hosts/nixos/bootstrap.nix Normal file
View File

@ -0,0 +1,13 @@
{profiles, ...}: {
imports = [
# profiles.networking
profiles.core.nixos
profiles.users.root # make sure to configure ssh keys
profiles.users.nixos
];
boot.loader.systemd-boot.enable = true;
# Required, but will be overridden in the resulting installer ISO.
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
}

21
lib/compat/default.nix Normal file
View File

@ -0,0 +1,21 @@
let
lock = builtins.fromJSON (builtins.readFile (builtins.path {
path = ../../flake.lock;
name = "lockPath";
}));
flake =
import
(
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{
src = builtins.path {
path = ../../.;
name = "projectRoot";
};
};
in
flake

9
lib/compat/nixos/default.nix Normal file
View File

@ -0,0 +1,9 @@
{...}: let
inherit (default.inputs.nixos) lib;
host = configs.${hostname} or configs.NixOS;
configs = default.nixosConfigurations;
default = (import ../.).defaultNix;
hostname = lib.fileContents /etc/hostname;
in
host

12
lib/default.nix Normal file
View File

@ -0,0 +1,12 @@
{lib}:
lib.makeExtensible (self:
let
callLibs = file: import file { lib = self; };
in
rec {
## Define your own library functions here!
#id = x: x;
## Or in files, containing functions that take {lib}
#foo = callLibs ./foo.nix;
## In configs, they can be used under "lib.our"
})

18
modules/hm-system-defaults.nix Normal file
View File

@ -0,0 +1,18 @@
{
config,
pkgs,
...
}: {
home-manager.sharedModules = [
{
home.sessionVariables = {
# environment.sessionVariables is not currently available in nix-darwin
NIX_PATH =
config.environment.sessionVariables.NIX_PATH
or config.environment.variables.NIX_PATH;
};
xdg.configFile."nix/registry.json".text =
config.environment.etc."nix/registry.json".text;
}
];
}

11
modules/nix-path.nix Normal file
View File

@ -0,0 +1,11 @@
{
channel,
inputs,
...
}: {
nix.nixPath = [
"nixpkgs=${channel.input}"
"nixos-config=${../lib/compat/nixos}"
"home-manager=${inputs.home}"
];
}

5
overlays/manix.nix Normal file
View File

@ -0,0 +1,5 @@
final: prev: {
manix = prev.manix.overrideAttrs (o: rec {
inherit (prev.sources.manix) pname version src;
});
}

32
overlays/overrides.nix Normal file
View File

@ -0,0 +1,32 @@
channels: final: prev: {
__dontExport = true; # overrides clutter up actual creations
inherit
(channels.latest)
cachix
dhall
discord
element-desktop
rage
nix-index
qutebrowser
alejandra
signal-desktop
starship
deploy-rs
;
haskellPackages =
prev.haskellPackages.override
(old: {
overrides = prev.lib.composeExtensions (old.overrides or (_: _: {})) (hfinal: hprev: let
version = prev.lib.replaceChars ["."] [""] prev.ghc.version;
in {
# same for haskell packages, matching ghc versions
inherit
(channels.latest.haskell.packages."ghc${version}")
haskell-language-server
;
});
});
}

18
pkgs/_sources/generated.nix Normal file
View File

@ -0,0 +1,18 @@
# This file was generated by nvfetcher, please do not modify it manually.
{
fetchgit,
fetchurl,
}: {
manix = {
pname = "manix";
version = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4";
src = fetchgit {
url = "https://github.com/mlvzk/manix";
rev = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4";
fetchSubmodules = false;
deepClone = false;
leaveDotGit = false;
sha256 = "1b7xi8c2drbwzfz70czddc4j33s7g1alirv12dwl91hbqxifx8qs";
};
};
}

5
pkgs/default.nix Normal file
View File

@ -0,0 +1,5 @@
final: prev: {
# keep sources this first
sources = prev.callPackage (import ./_sources/generated.nix) {};
# then, call packages with `final.callPackage`
}

4
pkgs/sources.toml Normal file
View File

@ -0,0 +1,4 @@
# nvfetcher.toml
[manix]
src.git = "https://github.com/mlvzk/manix"
fetch.github = "mlvzk/manix"

13
profiles/cachix/default.nix Normal file
View File

@ -0,0 +1,13 @@
{
pkgs,
lib,
...
}: let
folder = ./.;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix";
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
inherit imports;
nix.binaryCaches = ["https://cache.nixos.org/"];
}

10
profiles/cachix/nix-community.nix Normal file
View File

@ -0,0 +1,10 @@
{
nix = {
binaryCaches = [
"https://nix-community.cachix.org"
];
binaryCachePublicKeys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}

10
profiles/cachix/nrdxp.nix Normal file
View File

@ -0,0 +1,10 @@
{
nix = {
binaryCaches = [
"https://nrdxp.cachix.org"
];
binaryCachePublicKeys = [
"nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="
];
};
}

103
profiles/core/common.nix Normal file
View File

@ -0,0 +1,103 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
inherit (pkgs.stdenv.hostPlatform) isDarwin;
in {
# Sets binary caches which speeds up some builds
imports = [../cachix];
environment = {
# Selection of sysadmin tools that can come in handy
systemPackages = with pkgs; [
binutils
coreutils
curl
direnv
dnsutils
fd
git
bottom
jq
manix
moreutils
nix-index
nmap
ripgrep
skim
tealdeer
whois
];
# Starship is a fast and featureful shell prompt
# starship.toml has sane defaults that can be changed there
shellInit = ''
export STARSHIP_CONFIG=${
pkgs.writeText "starship.toml"
(fileContents ./starship.toml)
}
'';
shellAliases = let
# The `security.sudo.enable` option does not exist on darwin because
# sudo is always available.
ifSudo = lib.mkIf (isDarwin || config.security.sudo.enable);
in {
# quick cd
".." = "cd ..";
"..." = "cd ../..";
"...." = "cd ../../..";
"....." = "cd ../../../..";
# git
g = "git";
# grep
grep = "rg";
gi = "grep -i";
# internet ip
# TODO: explain this hard-coded IP address
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
# nix
n = "nix";
np = "n profile";
ni = "np install";
nr = "np remove";
ns = "n search --no-update-lock-file";
nf = "n flake";
nepl = "n repl '<nixpkgs>'";
srch = "ns nixos";
orch = "ns override";
mn = ''
manix "" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | sk --preview="manix '{}'" | xargs manix
'';
top = "btm";
# sudo
s = ifSudo "sudo -E ";
si = ifSudo "sudo -i";
se = ifSudo "sudoedit";
};
};
fonts.fonts = with pkgs; [powerline-fonts dejavu_fonts];
nix = {
# Improve nix store disk usage
gc.automatic = true;
# Generally useful nix option defaults
extraOptions = ''
min-free = 536870912
keep-outputs = true
keep-derivations = true
fallback = true
'';
};
}

63
profiles/core/darwin.nix Normal file
View File

@ -0,0 +1,63 @@
{
self,
config,
lib,
pkgs,
...
}: {
imports = [
./common.nix
];
# Recreate /run/current-system symlink after boot
services.activate-system.enable = true;
services.nix-daemon.enable = true;
users.nix.configureBuildUsers = true;
environment = {
systemPackages = with pkgs; [
m-cli
terminal-notifier
];
darwinConfig = "${self}/lib/compat";
shellAliases = {
nrb = "sudo darwin-rebuild switch --flake";
};
};
nix = {
nixPath = [
# TODO: This entry should be added automatically via FUP's
# `nix.linkInputs` and `nix.generateNixPathFromInputs` options, but
# currently that doesn't work because nix-darwin doesn't export packages,
# which FUP expects.
#
# This entry should be removed once the upstream issues are fixed.
#
# https://github.com/LnL7/nix-darwin/issues/277
# https://github.com/gytis-ivaskevicius/flake-utils-plus/issues/107
"darwin=/etc/nix/inputs/darwin"
];
# Prevents impurities in builds
useSandbox = true;
# Give special Nix privileges.
trustedUsers = ["root" "@wheel" "@admin"];
};
programs.bash = {
# nix-darwin's shell options are very different from those on nixos. there
# is no `promptInit` option, for example. so instead, we throw the prompt
# init line into `interactiveShellInit`.
#
# https://github.com/LnL7/nix-darwin/blob/master/modules/programs/bash/default.nix
interactiveShellInit = ''
eval "$(${pkgs.starship}/bin/starship init bash)"
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
'';
};
}

83
profiles/core/nixos.nix Normal file
View File

@ -0,0 +1,83 @@
{
config,
lib,
pkgs,
self,
...
}: {
imports = [
./common.nix
];
environment = {
# Selection of sysadmin tools that can come in handy
systemPackages = with pkgs; [
dosfstools
gptfdisk
iputils
usbutils
utillinux
];
shellAliases = let
ifSudo = lib.mkIf config.security.sudo.enable;
in {
# nix
nrb = ifSudo "sudo nixos-rebuild";
# fix nixos-option for flake compat
nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
# systemd
ctl = "systemctl";
stl = ifSudo "s systemctl";
utl = "systemctl --user";
ut = "systemctl --user start";
un = "systemctl --user stop";
up = ifSudo "s systemctl start";
dn = ifSudo "s systemctl stop";
jtl = "journalctl";
};
};
fonts.fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
nix = {
settings = {
# Prevent impurities in builds
sandbox = true;
# Give root user and wheel group special Nix privileges.
trusted-users = ["root" "@wheel"];
allowed-users = ["@wheel"];
};
# Improve nix store disk usage
settings.auto-optimise-store = true;
optimise.automatic = true;
};
programs.bash = {
# Enable starship
promptInit = ''
eval "$(${pkgs.starship}/bin/starship init bash)"
'';
# Enable direnv, a tool for managing shell environments
interactiveShellInit = ''
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
'';
};
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
};
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;
}

95
profiles/core/starship.toml Normal file
View File

@ -0,0 +1,95 @@
[aws]
symbol = " "
[character]
success_symbol = "[](bold purple)"
vicmd_symbol = "[](bold purple)"
[battery]
full_symbol = ""
charging_symbol = ""
discharging_symbol = ""
[conda]
symbol = " "
[directory]
style = "cyan"
read_only = " 🔒"
[docker_context]
symbol = " "
[elixir]
symbol = " "
[elm]
symbol = " "
[git_branch]
format = "[$symbol$branch]($style) "
symbol = " "
style = "bold dimmed white"
[git_status]
format = '([「$all_status$ahead_behind」]($style) )'
conflicted = "⚠️"
ahead = "⟫${count} "
behind = "⟪${count}"
diverged = "🔀 "
untracked = "📁 "
stashed = "↪ "
modified = "𝚫 "
staged = "✔ "
renamed = "⇆ "
deleted = "✘ "
style = "bold bright-white"
[golang]
symbol = " "
[haskell]
symbol = " "
[hg_branch]
symbol = " "
[java]
symbol = " "
[julia]
symbol = " "
[memory_usage]
symbol = " "
disabled = false
[nim]
symbol = " "
[nix_shell]
format = '[$symbol$state]($style) '
symbol = " "
pure_msg = "λ"
impure_msg = "⎔"
[nodejs]
symbol = " "
[package]
symbol = " "
[php]
symbol = " "
[python]
symbol = " "
[ruby]
symbol = " "
[rust]
symbol = " "
[status]
disabled = false

8
secrets/secrets.nix Normal file
View File

@ -0,0 +1,8 @@
let
# set ssh public keys here for your system and user
system = "";
user = "";
allKeys = [system user];
in {
"secret.age".publicKeys = allKeys;
}

1
shell.nix Normal file
View File

@ -0,0 +1 @@
(import ./lib/compat).shellNix

10
shell/default.nix Normal file
View File

@ -0,0 +1,10 @@
{
self,
inputs,
...
}: {
modules = with inputs; [];
exportedModules = [
./devos.nix
];
}

55
shell/devos.nix Normal file
View File

@ -0,0 +1,55 @@
{
pkgs,
extraModulesPath,
inputs,
lib,
...
}: let
inherit
(pkgs)
agenix
alejandra
cachix
editorconfig-checker
nixUnstable
nodePackages
shfmt
treefmt
nvfetcher-bin
nixos-generators
;
pkgWithCategory = category: package: {inherit package category;};
devos = pkgWithCategory "devos";
formatter = pkgWithCategory "linter";
in {
imports = ["${extraModulesPath}/git/hooks.nix" ./hooks];
packages = [
alejandra
nodePackages.prettier
shfmt
editorconfig-checker
];
commands =
[
(devos nixUnstable)
(devos agenix)
{
category = "devos";
name = nvfetcher-bin.pname;
help = nvfetcher-bin.meta.description;
command = "cd $PRJ_ROOT/pkgs; ${nvfetcher-bin}/bin/nvfetcher -c ./sources.toml $@";
}
(formatter treefmt)
]
++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [
(devos cachix)
]
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
(devos nixos-generators)
(devos inputs.deploy.packages.${pkgs.system}.deploy-rs)
];
}

6
shell/hooks/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
git.hooks = {
enable = true;
pre-commit.text = builtins.readFile ./pre-commit.sh;
};
}

28
shell/hooks/pre-commit.sh Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
if git rev-parse --verify HEAD >/dev/null 2>&1; then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=$(${git}/bin/git hash-object -t tree /dev/null)
fi
diff="git diff-index --name-only --cached $against --diff-filter d"
all_files=($($diff))
# Format staged files.
if ((${#all_files[@]} != 0)); then
treefmt "${all_files[@]}" &&
git add "${all_files[@]}"
fi
# check editorconfig
if ((${#all_files[@]} != 0)); then
if ! editorconfig-checker -- "${all_files[@]}"; then
printf "%b\n" \
"\nCode is not aligned with .editorconfig" \
"Review the output and commit your fixes" >&2
exit 1
fi
fi

22
treefmt.toml Normal file
View File

@ -0,0 +1,22 @@
[formatter.nix]
command = "alejandra"
includes = ["*.nix"]
[formatter.prettier]
command = "prettier"
options = ["--write"]
includes = [
"*.json",
"*.yaml",
"*.md",
]
[formatter.shell]
command = "shfmt"
options = [
"-s",
"-w",
"-i",
"2",
]
includes = ["*.sh"]

7
users/darwin/default.nix Normal file
View File

@ -0,0 +1,7 @@
{hmUsers, ...}: {
home-manager.users = {inherit (hmUsers) darwin;};
users.users.darwin = {
description = "default";
};
}

0
users/modules/.flake-keep Normal file
View File

10
users/nixos/default.nix Normal file
View File

@ -0,0 +1,10 @@
{hmUsers, ...}: {
home-manager.users = {inherit (hmUsers) nixos;};
users.users.nixos = {
password = "nixos";
description = "default";
isNormalUser = true;
extraGroups = ["wheel"];
};
}

8
users/profiles/direnv/default.nix Normal file
View File

@ -0,0 +1,8 @@
{
programs.direnv = {
enable = true;
nix-direnv = {
enable = true;
};
};
}

42
users/profiles/git/default.nix Normal file
View File

@ -0,0 +1,42 @@
{
programs.git = {
enable = true;
extraConfig = {
pull.rebase = false;
};
aliases = {
a = "add -p";
co = "checkout";
cob = "checkout -b";
f = "fetch -p";
c = "commit";
p = "push";
ba = "branch -a";
bd = "branch -d";
bD = "branch -D";
d = "diff";
dc = "diff --cached";
ds = "diff --staged";
r = "restore";
rs = "restore --staged";
st = "status -sb";
# reset
soft = "reset --soft";
hard = "reset --hard";
s1ft = "soft HEAD~1";
h1rd = "hard HEAD~1";
# logging
lg = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
plog = "log --graph --pretty='format:%C(red)%d%C(reset) %C(yellow)%h%C(reset) %ar %C(green)%aN%C(reset) %s'";
tlog = "log --stat --since='1 Day Ago' --graph --pretty=oneline --abbrev-commit --date=relative";
rank = "shortlog -sn --no-merges";
# delete merged branches
bdm = "!git branch --merged | grep -v '*' | xargs -n 1 git branch -d";
};
};
}

5
users/root/default.nix Normal file
View File

@ -0,0 +1,5 @@
{...}:
# recommend using `hashedPassword`
{
users.users.root.password = "";
}