From 9b0a54e5347fcf5a6b011969e984d673f6cedccc Mon Sep 17 00:00:00 2001 From: Pegasust Date: Sun, 25 Dec 2022 02:55:30 -0700 Subject: [PATCH 01/13] re-order stuffs around --- .envrc | 6 ++ DEV.md | 36 ++++++++++++ flake.nix | 55 +++++++++++++++++++ native_configs/README.md | 3 + .../alacritty}/alacritty.yml | 0 {neovim => native_configs/neovim}/init.lua | 0 .../neovim}/scripts/deps.sh | 0 {ssh => native_configs/ssh}/authorized_keys | 0 {ssh => native_configs/ssh}/config | 0 .../starship}/starship.toml | 0 {tmux => native_configs/tmux}/tmux.conf | 0 {zk => native_configs/zk}/config.toml | 0 nixops/simple_hydra.nix | 31 ----------- nixops/simple_hydra_vbox.nix | 25 --------- secrets.nix | 18 ++++++ shell.nix | 14 +++++ 16 files changed, 132 insertions(+), 56 deletions(-) create mode 100644 .envrc create mode 100644 DEV.md create mode 100644 flake.nix create mode 100644 native_configs/README.md rename {alacritty => native_configs/alacritty}/alacritty.yml (100%) rename {neovim => native_configs/neovim}/init.lua (100%) rename {neovim => native_configs/neovim}/scripts/deps.sh (100%) rename {ssh => native_configs/ssh}/authorized_keys (100%) rename {ssh => native_configs/ssh}/config (100%) rename {starship => native_configs/starship}/starship.toml (100%) rename {tmux => native_configs/tmux}/tmux.conf (100%) rename {zk => native_configs/zk}/config.toml (100%) delete mode 100644 nixops/simple_hydra.nix delete mode 100644 nixops/simple_hydra_vbox.nix create mode 100644 secrets.nix create mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..9834d0e --- /dev/null +++ b/.envrc @@ -0,0 +1,6 @@ +# If nix-shell available, then nix is installed. We're going to use nix-direnv. +if command -v nix-shell &> /dev/null +then + use flake +fi + diff --git a/DEV.md b/DEV.md new file mode 100644 index 0000000..f5f7c68 --- /dev/null +++ b/DEV.md @@ -0,0 +1,36 @@ +# Journal on development + +This contains information dump to record thoughts as I design this repo + +## Nix as first-class citizen instead of native config + +- Nix can export JSON and other object serialization formats + +- Still allows native config, so that Neovim, for example, which uses Turing-complete + config language, to make full use of its native LSP. + +## Design pattern emerges from unstructured code + +### Modules + +- Main thing for the first big refactor of codebase + +- nixpkgs and home-manager has their own interface for modules + +- The main benefit is to provide (runtime) type-safety on options, along with +documentations and defaults + +## Nitpicky details + +### `nativeBuildInputs` vs `buildInputs` + +- `nativeBuildInputs` is available **before** `buildInputs`. + +- `nativeBuildInputs` is supposed to be built by a deployment machine (not target) + +- `buildInputs` gives you access during runtime + +- `nativeBulidInputs` gives you access to packages during build time + +- `mkShell` doesn't care about `packages`, `nativeBuildInputs`, `buildInputs` + diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..74ba762 --- /dev/null +++ b/flake.nix @@ -0,0 +1,55 @@ +{ + description = "My personal configuration in Nix (and some native configurations)"; + inputs = { + nixpkgs.url = "nixpkgs/nixos-unstable"; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-utils.url = "github:numtide/flake-utils"; + nixgl.url = "github:guibou/nixGL"; + rust-overlay.url = "github:oxalica/rust-overlay"; + # Allows default.nix to call onto flake.nix. Useful for nix eval and automations + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + }; + + outputs = { + nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat + ,... + }@_inputs: let + # Context/global stuffs to be passed down + # TODO: adapt to different platforms think about different systems later + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + }; + }; + + # inject nixpkgs.lib onto c_ (calculus) + _lib = pkgs.lib; + inputs = (lib.recursiveUpdate {inherit system, }) + inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs); + lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib; + + # update inputs with our library and past onto our end configurations + inputs_w_lib = (lib.recursiveUpdate lib inputs_w_pkgs); + modules = (import ./modules inputs_w_lib); + hosts = (import ./hosts inputs_w_lib); + users = (import ./users inputs_w_lib); + + final_inputs = inputs_w_lib; + in { + # inherit (hosts) nixosConfigurations; + # inherit (users) homeConfigurations; + devShell = import ./shell final_inputs; + }; +} diff --git a/native_configs/README.md b/native_configs/README.md new file mode 100644 index 0000000..63955ee --- /dev/null +++ b/native_configs/README.md @@ -0,0 +1,3 @@ +# Native configs + +Contains all configurations that are written in their native language diff --git a/alacritty/alacritty.yml b/native_configs/alacritty/alacritty.yml similarity index 100% rename from alacritty/alacritty.yml rename to native_configs/alacritty/alacritty.yml diff --git a/neovim/init.lua b/native_configs/neovim/init.lua similarity index 100% rename from neovim/init.lua rename to native_configs/neovim/init.lua diff --git a/neovim/scripts/deps.sh b/native_configs/neovim/scripts/deps.sh similarity index 100% rename from neovim/scripts/deps.sh rename to native_configs/neovim/scripts/deps.sh diff --git a/ssh/authorized_keys b/native_configs/ssh/authorized_keys similarity index 100% rename from ssh/authorized_keys rename to native_configs/ssh/authorized_keys diff --git a/ssh/config b/native_configs/ssh/config similarity index 100% rename from ssh/config rename to native_configs/ssh/config diff --git a/starship/starship.toml b/native_configs/starship/starship.toml similarity index 100% rename from starship/starship.toml rename to native_configs/starship/starship.toml diff --git a/tmux/tmux.conf b/native_configs/tmux/tmux.conf similarity index 100% rename from tmux/tmux.conf rename to native_configs/tmux/tmux.conf diff --git a/zk/config.toml b/native_configs/zk/config.toml similarity index 100% rename from zk/config.toml rename to native_configs/zk/config.toml diff --git a/nixops/simple_hydra.nix b/nixops/simple_hydra.nix deleted file mode 100644 index 76d16af..0000000 --- a/nixops/simple_hydra.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - my-hydra = { config, pkgs, ... }: { - # send email - services.postfix = { - enable = true; - setSendmail = true; - }; - # postgresql as a build queue (optimization possible?) - services.postgresql = { - enable = true; - package = pkgs.postgresql; - identMap = '' - hydra-users hydra hydra - hydra-users hydra-queue-runner hydra - hydra-users hydra-www hydra - hydra-users root postgres - hydra-users postgres postgres - ''; - }; - services.hydra = { - enable = true; - useSubstitutes = true; - # hydraURL = - }; - networking = { - firewall = { - allowedTCPPorts = [ config.services.hydra.port ]; - }; - }; - }; -} diff --git a/nixops/simple_hydra_vbox.nix b/nixops/simple_hydra_vbox.nix deleted file mode 100644 index a3f8ac1..0000000 --- a/nixops/simple_hydra_vbox.nix +++ /dev/null @@ -1,25 +0,0 @@ -# guide: https://qfpl.io/posts/nix/starting-simple-hydra/ -{ - my-hydra = { config, pkgs, ... }: { - deployment = { - targetEnv = "virtualbox"; - virtualbox.memorySize = 1024; # 1 GB`` - virtualbox.vcpu = 2; # 2 vcpus :/ very limited on Linode, sorry - virtualbox.headless = true; # no gui pls - }; - services = { - nixosManual.showManual = false; # save space, just no manual on our nix installation - ntp.enable = true; # time daemon - openssh = { - allowSFTP = false; # Prefer using SCP because connection is less verbose (?) - # we are going to generate rsa public key pair to machine - passwordAuthentication = false; # client-pubkey/server-prikey or dig yourself - }; - }; - users = { - mutableUsers = false; # Remember Trien's Windows freeze function? this is it. - # Yo, allow trusted users through ok? - users.root.openssh.authorizedKeys.keyFiles = [ "ssh/authorizedKeys" ]; - }; - }; -} diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..ad3c77c --- /dev/null +++ b/secrets.nix @@ -0,0 +1,18 @@ +let + # user-specific (~/.ssh/id_ed25519.pub) + users = { + "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z"; + }; + # System-specific settings (/etc/ssh/ssh_hsot_ed25519_key.pub) + systems = { + "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs"; + }; + all = users // systems; + # stands for calculus + c_ = builtins; +in { + "system/secrets/s3fs.age".publicKeys = c_.attrValues (all); + "system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all); + "system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all); + +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..988a932 --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +# Ideally, this should contain the barebone necessary for building/interacting +# with tech used in this project + +# Should also incorporate shortcuts like scripts/{hm-switch,conf-sysnix}.sh in here instead + +# It should not contain PDE +{pkgs? import {} +,...}: pkgs.mkShell { + # These are the ones that can be built by a remote machine + nativeBuildInputs = []; + # These are the ones that must be built by the target machine + lol="hello world"; +} + From 93e5306ce3d83f7615f74d6277f1b8669c627a25 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Sun, 25 Dec 2022 03:54:10 -0700 Subject: [PATCH 02/13] even more stuffs for top-level nix-flake --- default.nix | 1 + dev-shell.nix | 20 +++ DEV.md => docs/DEV.md | 0 flake.lock | 218 +++++++++++++++++++++++++++++++++ flake.nix | 6 +- lib/default.nix | 11 ++ modules/default.nix | 1 + nix-conf/home-manager/home.nix | 30 ++--- shell.nix | 17 +-- 9 files changed, 272 insertions(+), 32 deletions(-) create mode 100644 default.nix create mode 100644 dev-shell.nix rename DEV.md => docs/DEV.md (100%) create mode 100644 flake.lock create mode 100644 lib/default.nix create mode 100644 modules/default.nix diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..2a5a70d --- /dev/null +++ b/default.nix @@ -0,0 +1 @@ +# We use top-level nix-flake, so default.nix is basically just a wrapper around ./flake.nix diff --git a/dev-shell.nix b/dev-shell.nix new file mode 100644 index 0000000..bd4eee5 --- /dev/null +++ b/dev-shell.nix @@ -0,0 +1,20 @@ +# Ideally, this should contain the barebone necessary for building/interacting +# with tech used in this project + +# Should also incorporate shortcuts like scripts/{hm-switch,conf-sysnix}.sh in here instead + +# It should not contain PDE +{pkgs? import {} +,lib +,...}: pkgs.mkShell { + # mkShell doesn't care about the differences across nativeBuildInputs, + # buildInputs, or packages + buildInputs = [ + # shell scripts + (lib.shellAsDrv {script = ''echo "hello world"''; pname = "hello";}) + ]; + + # env vars + lol="hello world"; +} + diff --git a/DEV.md b/docs/DEV.md similarity index 100% rename from DEV.md rename to docs/DEV.md diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..8814e08 --- /dev/null +++ b/flake.lock @@ -0,0 +1,218 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1665870395, + "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", + "owner": "ryantm", + "repo": "agenix", + "rev": "a630400067c6d03c9b3e0455347dc8559db14288", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1671958483, + "narHash": "sha256-wX+VBdHwrpW654PzmM4efiPdUDI8da8TGZeQt/zYP40=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "939731b8cb75fb451170cb8f935186a6a7424444", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixgl": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1661367362, + "narHash": "sha256-Qc8MXcV+YCPREu8kk6oggk23ZBKLqeQRAIsLbHEviPE=", + "owner": "guibou", + "repo": "nixGL", + "rev": "7165ffbccbd2cf4379b6cd6d2edd1620a427e5ae", + "type": "github" + }, + "original": { + "owner": "guibou", + "repo": "nixGL", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1660551188, + "narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "441dc5d512153039f19ef198e662e4f3dbb9fd65", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1671722432, + "narHash": "sha256-ojcZUekIQeOZkHHzR81st7qxX99dB1Eaaq6PU5MNeKc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "652e92b8064949a11bc193b90b74cb727f2a1405", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1665296151, + "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "home-manager": "home-manager", + "nixgl": "nixgl", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1671935094, + "narHash": "sha256-fWEkH5550R6q6+CeG/317g9ywE/ZhW/4zuCjTaDsHe8=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "fd2740316bacb3e0106381c325e0bb90d6790aeb", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 74ba762..576ee76 100644 --- a/flake.nix +++ b/flake.nix @@ -36,12 +36,12 @@ # inject nixpkgs.lib onto c_ (calculus) _lib = pkgs.lib; - inputs = (lib.recursiveUpdate {inherit system, }) + inputs = (_lib.recursiveUpdate {inherit system;} _inputs); inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs); lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib; # update inputs with our library and past onto our end configurations - inputs_w_lib = (lib.recursiveUpdate lib inputs_w_pkgs); + inputs_w_lib = (lib.recursiveUpdate {inherit lib;} inputs_w_pkgs); modules = (import ./modules inputs_w_lib); hosts = (import ./hosts inputs_w_lib); users = (import ./users inputs_w_lib); @@ -50,6 +50,6 @@ in { # inherit (hosts) nixosConfigurations; # inherit (users) homeConfigurations; - devShell = import ./shell final_inputs; + devShell."${system}" = import ./shell.nix final_inputs; }; } diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..7b30c30 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,11 @@ +{pkgs,...}@inputs: let + lib = pkgs.lib; +in { + # short-hand to create a shell derivation + # NOTE: this is pure. This means, env vars from devShells might not + # be accessible unless MAYBE they are `export`ed + shellAsDrv = {script, pname}: (pkgs.callPackage ( + # just a pattern that we must remember: args to this are children of pkgs. + {writeShellScriptBin}: writeShellScriptBin pname script + ) {}); +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..9fe8c60 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1 @@ +inputs: {} diff --git a/nix-conf/home-manager/home.nix b/nix-conf/home-manager/home.nix index f86ecc7..ea436bd 100644 --- a/nix-conf/home-manager/home.nix +++ b/nix-conf/home-manager/home.nix @@ -15,15 +15,14 @@ let # Yes, I desperately want neovim to work out-of-the-box without flake.nix for now # I want at least python LSP to work everywhere because it's basically # an alternative to bash script when I move to OpenColo - pkgs.gccStdenv - pkgs.gcc - pkgs.tree-sitter - pkgs.ripgrep - pkgs.fzf + # pkgs.gccStdenv + # pkgs.gcc + # pkgs.tree-sitter + pkgs.fzf # file name fuzzy search # pkgs.sumneko-lua-language-server - pkgs.ripgrep - pkgs.zk - pkgs.fd + pkgs.ripgrep # content fuzzy search + pkgs.zk # Zettelkasten (limited support) + pkgs.fd # Required by a Telescope plugin (?) pkgs.stdenv.cc.cc.lib # Python3 as alternative to bash scripts :^) # (pkgs.python310Full.withPackages (pypkgs: [ @@ -44,14 +43,14 @@ in }; home.packages = pkgs.lib.unique ([ # pkgs.ncdu - pkgs.rclone - pkgs.htop - pkgs.ripgrep - pkgs.unzip - pkgs.zip + pkgs.rclone # cloud file operations + pkgs.htop # system diagnostics in CLI + pkgs.ripgrep # content fuzzy search + pkgs.unzip # compression + pkgs.zip # compression # cool utilities - pkgs.yq # Yaml adaptor for jq (only pretty print, little query) + pkgs.yq # Yaml adaptor for jq (only pretty print, little query) pkgs.xorg.xclock # TODO: only include if have GL # For testing GL installation pkgs.logseq # TODO: only include if have GL # Obsidian alt pkgs.mosh # Parsec for SSH @@ -59,7 +58,7 @@ in pkgs.lynx # Web browser at your local terminal # Personal management - pkgs.keepass + pkgs.keepass # password manager. wish there is a keepass-query # pkgs.tailscale # VPC;; This should be installed in system-nix pkgs.python310 # dev packages should be in project @@ -76,6 +75,7 @@ in programs.jq = { enable = true; }; + # TODO: override the original package, inject tree-sitter and stuffs programs.neovim = { enable = true; viAlias = true; diff --git a/shell.nix b/shell.nix index 988a932..5ca9b9a 100644 --- a/shell.nix +++ b/shell.nix @@ -1,14 +1,3 @@ -# Ideally, this should contain the barebone necessary for building/interacting -# with tech used in this project - -# Should also incorporate shortcuts like scripts/{hm-switch,conf-sysnix}.sh in here instead - -# It should not contain PDE -{pkgs? import {} -,...}: pkgs.mkShell { - # These are the ones that can be built by a remote machine - nativeBuildInputs = []; - # These are the ones that must be built by the target machine - lol="hello world"; -} - +# This uses the exported devShells from flake.nix +# the default or base version of nix-shell can be found in dev-shell.nix instead +# This architecture is because we use top-level flake.nix From 416f0d0c60c24c8dca98cd1834e1342b66b52fe4 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Sun, 25 Dec 2022 16:15:15 -0700 Subject: [PATCH 03/13] wip: add opinionated setups, which is enabled in module import --- default.nix | 10 +++++++ dev-shell.nix | 4 +-- flake.nix | 9 +++++-- lib/default.nix | 28 ++++++++++++++++++- modules/base.sys.nix | 10 +++++++ modules/kde.sys.nix | 8 ++++++ modules/minimal.sys.nix | 27 +++++++++++++++++++ modules/mosh.sys.nix | 12 +++++++++ modules/secrets.nix | 16 +++++++++++ modules/tailscale.sys.nix | 48 +++++++++++++++++++++++++++++++++ secrets.nix | 2 +- secrets/_nhitrl.age | 10 +++++++ secrets/s3fs.age | 10 +++++++ secrets/s3fs.digital-garden.age | 10 +++++++ shell.nix | 10 +++++++ 15 files changed, 208 insertions(+), 6 deletions(-) create mode 100644 modules/base.sys.nix create mode 100644 modules/kde.sys.nix create mode 100644 modules/minimal.sys.nix create mode 100644 modules/mosh.sys.nix create mode 100644 modules/secrets.nix create mode 100644 modules/tailscale.sys.nix create mode 100644 secrets/_nhitrl.age create mode 100644 secrets/s3fs.age create mode 100644 secrets/s3fs.digital-garden.age diff --git a/default.nix b/default.nix index 2a5a70d..3fa0b39 100644 --- a/default.nix +++ b/default.nix @@ -1 +1,11 @@ # We use top-level nix-flake, so default.nix is basically just a wrapper around ./flake.nix +(import + ( + let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ./.; } +).defaultNix diff --git a/dev-shell.nix b/dev-shell.nix index bd4eee5..d23c062 100644 --- a/dev-shell.nix +++ b/dev-shell.nix @@ -1,8 +1,8 @@ # Ideally, this should contain the barebone necessary for building/interacting # with tech used in this project - +# # Should also incorporate shortcuts like scripts/{hm-switch,conf-sysnix}.sh in here instead - +# # It should not contain PDE {pkgs? import {} ,lib diff --git a/flake.nix b/flake.nix index 576ee76..d0c2b5e 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,12 @@ # inject nixpkgs.lib onto c_ (calculus) _lib = pkgs.lib; - inputs = (_lib.recursiveUpdate {inherit system;} _inputs); + inputs = (_lib.recursiveUpdate { + inherit system; + # NOTE: this will only read files that are within git tree + # all secrets should go into secrets.nix and secrets/*.age + proj_root = builtins.toString ./.; + } _inputs); inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs); lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib; @@ -50,6 +55,6 @@ in { # inherit (hosts) nixosConfigurations; # inherit (users) homeConfigurations; - devShell."${system}" = import ./shell.nix final_inputs; + devShell."${system}" = import ./dev-shell.nix final_inputs; }; } diff --git a/lib/default.nix b/lib/default.nix index 7b30c30..6a529d9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,5 +1,12 @@ -{pkgs,...}@inputs: let +{pkgs +,nixpkgs +,proj_root +,nixosDefaultVersion? "22.05" +,defaultSystem? "x86_64-linux"; +,...}@inputs: let lib = pkgs.lib; + + # procedure = in { # short-hand to create a shell derivation # NOTE: this is pure. This means, env vars from devShells might not @@ -8,4 +15,23 @@ in { # just a pattern that we must remember: args to this are children of pkgs. {writeShellScriptBin}: writeShellScriptBin pname script ) {}); + + # Configures hosts as nixosConfiguration + # [host_T] -> {host_T[int].hostName = type (nixpkgs.lib.nixosConfiguration);} + mkHost = {hostName + , nixosBareConfiguration + , nixosVersion? nixosDefaultVersion + , system? defaultSystem + , preset? "base"}: # base | minimal + nixpkgs.lib.nixosSystem (nixosBareConfiguration // { + inherit system; + modules = [ + { + system.stateVersion = nixosVersion; + networking.hostName = hostName; + } + import "${proj_root}/modules/base.nix" + import "${proj_root}/modules/tailscale.sys.nix" + ] ++ nixosBareConfiguration.modules; + }); } diff --git a/modules/base.sys.nix b/modules/base.sys.nix new file mode 100644 index 0000000..df60476 --- /dev/null +++ b/modules/base.sys.nix @@ -0,0 +1,10 @@ +{pkgs +,lib +,proj_root +}:{ + imports = [ + ./minimal.sys.nix + ./mosh.sys.nix + ./tailscale.sys.nix + ]; +} diff --git a/modules/kde.sys.nix b/modules/kde.sys.nix new file mode 100644 index 0000000..907bfeb --- /dev/null +++ b/modules/kde.sys.nix @@ -0,0 +1,8 @@ +{pkgs +,lib +,config +,proj_root +,agenix +}: { + environment.noXlibs = lib.mkForce false; +} diff --git a/modules/minimal.sys.nix b/modules/minimal.sys.nix new file mode 100644 index 0000000..2af79c1 --- /dev/null +++ b/modules/minimal.sys.nix @@ -0,0 +1,27 @@ +{pkgs +,lib +,proj_root +}:{ + # prune old builds after a while + nix.settings.auto-optimize-store = true; + nix.package = pkgs.nixFlakes; # nix flakes + nix.extraOptions = '' + experimental=feature = nix-command flakes + ''; + programs.neovim = { + enable = true; + defaultEditor = true; + }; + programs.git.enable = true; + environment.systemPackages = [ + pkgs.gnumake + pkgs.wget + pkgs.inetutils # network diag + pkgs.mtr # network diag + pkgs.sysstat # sys diag + ]; + users.users.root = { + # openssh runs in root, no? This is because port < 1024 requires root. + openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys"); + }; +} diff --git a/modules/mosh.sys.nix b/modules/mosh.sys.nix new file mode 100644 index 0000000..0e287cf --- /dev/null +++ b/modules/mosh.sys.nix @@ -0,0 +1,12 @@ +{pkgs +,lib +,config +}: { + environment.systemPackages = [pkgs.mosh]; + networking.firewall = lib.mkIf config.networking.firewall.enable { + allowedUDPPortRanges = [ + { from = 60000; to = 61000; } # mosh + ]; + }; +} + diff --git a/modules/secrets.nix b/modules/secrets.nix new file mode 100644 index 0000000..b91057f --- /dev/null +++ b/modules/secrets.nix @@ -0,0 +1,16 @@ +{agenix +,proj_root}: { + age.secrets.s3fs = { + file = "${proj_root}/secrets/s3fs.age"; + # mode = "600"; # owner + group only + # owner = "hungtr"; + # group = "users"; + }; + age.secrets."s3fs.digital-garden" = { + file = "${proj_root}/secrets/s3fs.digital-garden.age"; + }; + age.secrets._nhitrl_cred = { + file = "${proj_root}/secrets/_nhitrl.age"; + }; + environment.systemPackages = [agenix.defaultPackage.x86_64-linux]; +} diff --git a/modules/tailscale.sys.nix b/modules/tailscale.sys.nix new file mode 100644 index 0000000..e7da3d5 --- /dev/null +++ b/modules/tailscale.sys.nix @@ -0,0 +1,48 @@ +{pkgs +,config +,lib +,...}: { + environment.systemPackages = [pkgs.tailscale]; + services.tailscale.enable = true; + + systemd.services.tailscale-autoconnect = { + description = "Automatically connects to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = '' + # wait for tailscaled to settle + sleep 2 + # check if we are already authenticated to tailscale + status="$(${pkgs.tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # ${pkgs.tailscale}/bin/tailscale up # blocks, doesn't give url + # This time, configure device auth so that we authenticate from portal + # https://tailscale.com/kb/1099/device-authorization/#enable-device-authorization-for-your-network + ${pkgs.tailscale}/bin/tailscale up -authkey tskey-auth-kJcgTG5CNTRL-PUVFkk31z1bThHpfq3FC5b1jcMmkW2EYW + ''; + }; + + networking.firewall = lib.mkIf config.networking.firewall.enable { + trustedInterfaces = [ + "tailscale0" + ]; + allowedUDPPorts = [ + config.services.tailscale.port + ]; + allowedTCPPorts = [ + 22 + ]; + checkReversePath = "loose"; + }; +} diff --git a/secrets.nix b/secrets.nix index ad3c77c..762039d 100644 --- a/secrets.nix +++ b/secrets.nix @@ -3,7 +3,7 @@ let users = { "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z"; }; - # System-specific settings (/etc/ssh/ssh_hsot_ed25519_key.pub) + # System-specific settings (/etc/ssh/ssh_host_ed25519_key.pub) systems = { "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs"; }; diff --git a/secrets/_nhitrl.age b/secrets/_nhitrl.age new file mode 100644 index 0000000..7b3f4d2 --- /dev/null +++ b/secrets/_nhitrl.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 ahbzMg QEQ0gfV00KEZFXSUMAnITVG2vAhS0IrnbbEXVsQRjXA +/iXv++nOsRRmWAu4dFTmxxC7qlCjMuTYuTa6GsYgsX0 +-> ssh-ed25519 glsjZQ Lob1uedpMxsDygT/i6Pnuwi6BzdgZPAeemISakcncVM +UddBD1YezLMeCUn4UuHGIrK68AwCIwuHAobpkJdi/3U +-> Tx+>#u-grease ;A%8 W +m11Fw6roG6feroJ/o5Ro8Dv1C3Piq3bGbdV78TH9Z0URPru+srdINovMvoVqjkuZ +eHiRwb1fN0ymLRD6/WxT4ZLKbT6J5yNPCrc+ +--- 88hy3b76RX3PAc0Lfms//lhuqsi2tsqmL9gFQqUMBKM +>%frP+JY`',~ʼf݂_Q2A59N/V [Sg3 4Y(c}N[ ҕJ6Upvf/i+tT^) \ No newline at end of file diff --git a/secrets/s3fs.age b/secrets/s3fs.age new file mode 100644 index 0000000..89113d0 --- /dev/null +++ b/secrets/s3fs.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 ahbzMg 6pTVLAgOY/JZVWiCFHLo8xQ4/CL6620IMaBRpqI8Wws +CtJeQuy5VzKZhJnIH+/cjlKsAcg0RY2bhHTWVm+hUOY +-> ssh-ed25519 glsjZQ we7RCgsnODTJ8rKYhU+9tu0DmLH+98mcQKQ3I2slikM +G81lsFLQR9polxme1K/MU2d8Y01PrTqtzJnVq0EMJF0 +-> |-grease B\W,I9z ^Gx;$ Kk7!4,P +0Jl5Lhx7R8YOs9S+hUtQDDpNIqBhC/MM0N7w1MCtwYtkIIIWKfY9jkJ7+Cew2Ee5 +Qb04jnE +--- b7AXWRgK45a/91iwmwt5g+CWOlU/2f4nUDfXlg/bs9A +%;3RmQWhp̖V;׮V[z9al=cLvau7,tUܶh^&ֿWJP6-ң n-=] \ No newline at end of file diff --git a/secrets/s3fs.digital-garden.age b/secrets/s3fs.digital-garden.age new file mode 100644 index 0000000..bb46bdd --- /dev/null +++ b/secrets/s3fs.digital-garden.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 ahbzMg GUriNV3lYlrA4xfIUj9PedI8p87avdQKOXhFqVnyzG4 +TvLDyCGbmU0N26SLWDIhj8tAgwrx1kFyhe6knPvJbLg +-> ssh-ed25519 glsjZQ uZUN8LJ5tnBlkrQ23JutAMzOODVF/96m+5qwgE0mJgM +srPQPu/fcCSDsbyZF8HLytPts7LGib6AHKBxaVXbK+c +-> R{n]I@-grease +EdbrkSaDEZBhArX2fk83dPE8DAtFuCdzm9TlIfXWhv8+jFLNmSshkKYc2Rlj/FE1 +7w +--- GYDU/uV9eu8AKstyufFIueBnuvXwlKO3Oz9LLxkkhKQ +f/MXbvV}^}|~ꞹ.qU"*yIifjEJWa\ ysUQ$ \ No newline at end of file diff --git a/shell.nix b/shell.nix index 5ca9b9a..7409f9a 100644 --- a/shell.nix +++ b/shell.nix @@ -1,3 +1,13 @@ # This uses the exported devShells from flake.nix # the default or base version of nix-shell can be found in dev-shell.nix instead # This architecture is because we use top-level flake.nix +(import + ( + let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ./.; } +).shellNix From 9944604a38cfb16801fc70f45b30870e7c66fc71 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 03:42:14 -0700 Subject: [PATCH 04/13] old nix-conf: update proj_root + failure on hungtr-neovim --- nix-conf/home-manager/base/alacritty.nix | 2 +- nix-conf/home-manager/base/mkModuleArgs.nix | 7 +++++- nix-conf/home-manager/base/shells.nix | 4 +-- nix-conf/home-manager/base/ssh.nix | 2 +- nix-conf/home-manager/home.nix | 27 ++++++++++++++++++--- 5 files changed, 34 insertions(+), 8 deletions(-) diff --git a/nix-conf/home-manager/base/alacritty.nix b/nix-conf/home-manager/base/alacritty.nix index e69f9b2..8677649 100644 --- a/nix-conf/home-manager/base/alacritty.nix +++ b/nix-conf/home-manager/base/alacritty.nix @@ -5,7 +5,7 @@ }: let inherit (myLib) fromYaml; - actualConfig = fromYaml (builtins.readFile "${proj_root}//alacritty/alacritty.yml"); + actualConfig = fromYaml (builtins.readFile "${proj_root.config.path}//alacritty/alacritty.yml"); cfg = config.base.alacritty; in { diff --git a/nix-conf/home-manager/base/mkModuleArgs.nix b/nix-conf/home-manager/base/mkModuleArgs.nix index c7f970c..64720f7 100644 --- a/nix-conf/home-manager/base/mkModuleArgs.nix +++ b/nix-conf/home-manager/base/mkModuleArgs.nix @@ -5,9 +5,14 @@ let recursiveUpdate = lib.recursiveUpdate; _lib = recursiveUpdate lib (import ../../lib { inherit pkgs lib; }); + proj_root = builtins.toString ./../../..; in # TODO: Unpollute inputs recursiveUpdate inputs { - proj_root = builtins.toString ./../../..; + proj_root = { + path = proj_root; + config.path = "${proj_root}/native_configs"; + scripts.path = "${proj_root}/scripts"; + }; myLib = _lib; } diff --git a/nix-conf/home-manager/base/shells.nix b/nix-conf/home-manager/base/shells.nix index 8f034d2..a4803ea 100644 --- a/nix-conf/home-manager/base/shells.nix +++ b/nix-conf/home-manager/base/shells.nix @@ -36,7 +36,7 @@ in }; }; config = myLib.mkIf cfg.enable { - xdg.configFile."starship.toml".source = "${proj_root}//starship/starship.toml"; + xdg.configFile."starship.toml".source = "${proj_root.config.path}//starship/starship.toml"; # nix: Propagates the environment with packages and vars when enter (children of) # a directory with shell.nix-compatible and .envrc programs.direnv = { @@ -51,7 +51,7 @@ in }; programs.tmux = { enable = true; - extraConfig = builtins.readFile "${proj_root}/tmux/tmux.conf"; + extraConfig = builtins.readFile "${proj_root.config.path}/tmux/tmux.conf"; }; programs.exa = { enable = true; diff --git a/nix-conf/home-manager/base/ssh.nix b/nix-conf/home-manager/base/ssh.nix index aedb1e3..637651e 100644 --- a/nix-conf/home-manager/base/ssh.nix +++ b/nix-conf/home-manager/base/ssh.nix @@ -17,7 +17,7 @@ in config.programs.ssh = { inherit (cfg) enable; forwardAgent = true; - extraConfig = builtins.readFile "${proj_root}/ssh/config"; + extraConfig = builtins.readFile "${proj_root.config.path}/ssh/config"; }; } diff --git a/nix-conf/home-manager/home.nix b/nix-conf/home-manager/home.nix index ea436bd..905ad7c 100644 --- a/nix-conf/home-manager/home.nix +++ b/nix-conf/home-manager/home.nix @@ -8,6 +8,7 @@ , myHome , myLib , option # The options we're given, this might be useful for typesafety? +, proj_root , ... }: let @@ -32,7 +33,25 @@ let # pypkgs.ujson # pylsp seems to rely on this. satisfy it lol # ])) ]; - proj_root = builtins.toString ./../..; + rust_pkgs = (pkgs.rust-bin.selectLatestNightlyWith + ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )); + my_neovim = pkgs.neovim-unwrapped.overrideDerivation (old: { +# TODO: is there a more beautiful way to override propagatedBuildInputs? + name = "hungtr-" + old.name; + buildInputs = (old.buildInputs or []) ++ [ + pkgs.tree-sitter # highlighting + rust_pkgs # for potentially rust-analyzer + pkgs.fzf + pkgs.ripgrep + pkgs.zk + pkgs.fd + ]; + }); inherit (myLib) fromYaml; in { @@ -68,8 +87,8 @@ in ] ++ (myHome.packages or [ ]) ++ nvim_pkgs); ## Configs ## - xdg.configFile."nvim/init.lua".source = "${proj_root}//neovim/init.lua"; - xdg.configFile."zk/config.toml".source = "${proj_root}//zk/config.toml"; + xdg.configFile."nvim/init.lua".source = "${proj_root.config.path}//neovim/init.lua"; + xdg.configFile."zk/config.toml".source = "${proj_root.config.path}//zk/config.toml"; ## Programs ## programs.jq = { @@ -78,11 +97,13 @@ in # TODO: override the original package, inject tree-sitter and stuffs programs.neovim = { enable = true; + package = my_neovim; viAlias = true; vimAlias = true; withPython3 = true; withNodeJs = true; extraPackages = nvim_pkgs; + # only for here for archive-documentation # extraPython3Packages = (pypkgs: [ # # pypkgs.python-lsp-server # pypkgs.ujson From c94520edbe6ec9ec5b97d38f86e146820ed739e0 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 04:03:56 -0700 Subject: [PATCH 05/13] neovim with runtime path success. check: `:tree-sittersitter` vs tree-sitter on shell --- nix-conf/home-manager/home.nix | 43 +++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/nix-conf/home-manager/home.nix b/nix-conf/home-manager/home.nix index 905ad7c..ec0679d 100644 --- a/nix-conf/home-manager/home.nix +++ b/nix-conf/home-manager/home.nix @@ -18,13 +18,15 @@ let # an alternative to bash script when I move to OpenColo # pkgs.gccStdenv # pkgs.gcc - # pkgs.tree-sitter + pkgs.tree-sitter pkgs.fzf # file name fuzzy search # pkgs.sumneko-lua-language-server pkgs.ripgrep # content fuzzy search pkgs.zk # Zettelkasten (limited support) pkgs.fd # Required by a Telescope plugin (?) pkgs.stdenv.cc.cc.lib + rust_pkgs + pkgs.rust-analyzer # Python3 as alternative to bash scripts :^) # (pkgs.python310Full.withPackages (pypkgs: [ # # python-lsp-server's dependencies is absolutely astronomous @@ -40,18 +42,29 @@ let extensions = [ "rust-src" ]; } )); - my_neovim = pkgs.neovim-unwrapped.overrideDerivation (old: { -# TODO: is there a more beautiful way to override propagatedBuildInputs? - name = "hungtr-" + old.name; - buildInputs = (old.buildInputs or []) ++ [ - pkgs.tree-sitter # highlighting - rust_pkgs # for potentially rust-analyzer - pkgs.fzf - pkgs.ripgrep - pkgs.zk - pkgs.fd - ]; - }); +# NOTE: Failure 1: buildInputs is pretty much ignored +# my_neovim = pkgs.neovim-unwrapped.overrideDerivation (old: { +# # TODO: is there a more beautiful way to override propagatedBuildInputs? +# name = "hungtr-" + old.name; +# buildInputs = (old.buildInputs or []) ++ [ +# pkgs.tree-sitter # highlighting +# rust_pkgs # for potentially rust-analyzer +# pkgs.fzf +# pkgs.ripgrep +# pkgs.zk +# pkgs.fd +# ]; +# NOTE: Failure 2: propagatedBuildInputs probably only concerns dyn libs +# }); + # NOTE: Failure 3: must be unwrapped neovim because home-manager does the wrapping + # my_neovim = pkgs.neovim; + + # NOTE: Add packages to nvim_pkgs instead, so that it's available at userspace + # and is added to the path after wrapping. + # check: nix repl `homeConfigurations.hungtr.config.programs.neovim.finalPackage.buildCommand` + # see: :/--suffix.*PATH + # there should be mentions of additional packages + my_neovim = pkgs.neovim-unwrapped; inherit (myLib) fromYaml; in { @@ -84,7 +97,9 @@ in # pkgs.python310.numpy # pkgs.python310Packages.tensorflow # pkgs.python310Packages.scikit-learn - ] ++ (myHome.packages or [ ]) ++ nvim_pkgs); + ] ++ (myHome.packages or [ ]) + # ++ nvim_pkgs + ); ## Configs ## xdg.configFile."nvim/init.lua".source = "${proj_root.config.path}//neovim/init.lua"; From 2dcd1b795614547a55bf6196accd4641725ab290 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 04:08:26 -0700 Subject: [PATCH 06/13] rust-analyzer: linker cc not found resolved --- nix-conf/home-manager/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix-conf/home-manager/home.nix b/nix-conf/home-manager/home.nix index ec0679d..386f993 100644 --- a/nix-conf/home-manager/home.nix +++ b/nix-conf/home-manager/home.nix @@ -17,7 +17,7 @@ let # I want at least python LSP to work everywhere because it's basically # an alternative to bash script when I move to OpenColo # pkgs.gccStdenv - # pkgs.gcc + pkgs.gcc pkgs.tree-sitter pkgs.fzf # file name fuzzy search # pkgs.sumneko-lua-language-server From 66f13ffb37b507b157e042d2dd0954610db1b0b0 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 04:34:17 -0700 Subject: [PATCH 07/13] neovim: lua-lsp good now --- native_configs/neovim/init.lua | 13 ++++++------- nix-conf/home-manager/home.nix | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/native_configs/neovim/init.lua b/native_configs/neovim/init.lua index 5657a14..5112951 100644 --- a/native_configs/neovim/init.lua +++ b/native_configs/neovim/init.lua @@ -216,7 +216,7 @@ require('telescope').setup { case_mode = 'smart_case' }, file_browser = { - theme = "ivy", + theme = require('telescope.themes').get_ivy().theme, hiject_netrw = true, -- disables netrw and use file-browser instead mappings = { ["i"] = {}, -- disable any shortcut in insert mode for now @@ -246,7 +246,7 @@ pcall(require('telescope').load_extension, 'file_browser') remap('n', '', 'Telescope', { desc = 'Open Telescope general search' }) remap('n', 'fm', function() - require("telescope").extensions.file_browser.file_browser() + require("telescope").extensions.file_browser.file_browser({}) end, { desc = '[F]ile [M]utation' }) remap('n', 'ff', function() @@ -258,11 +258,11 @@ remap('n', 'ff', function() end, { desc = '[F]ind [F]ile' }) remap('n', 'fa', function() - require('telescope.builtin').find_files({ + require('telescope.builtin').find_files(require('telescope.themes').get_ivy({ hidden = true, no_ignore = true, follow = true, - }) + })) end, { desc = '[F]ind [A]ll files' }) remap('n', 'fg', function() @@ -284,7 +284,7 @@ end, { desc = '[F]ind [D]iagnostics' }) -- ZK remap stuffs remap('n', 'zf', function() -- vim.cmd([[:ZkNotes]]) - require('zk').edit({}, {multi_select = false}) + require('zk').edit({}, { multi_select = false }) end, { desc = '[Z]ettelkasten [F]iles' }) remap('n', 'zg', function() @@ -894,7 +894,7 @@ require('zk.commands').add("ZkGrep", function(match_ctor) elseif type(match_ctor) == 'string' then match = { match = grep_str } end - require('zk').edit(match, { title = "Grep: '" .. grep_str .. "'", mutli_select = false}) + require('zk').edit(match, { title = "Grep: '" .. grep_str .. "'", mutli_select = false }) end) @@ -943,4 +943,3 @@ require('lualine').setup { } require('nvim-surround').setup {} - diff --git a/nix-conf/home-manager/home.nix b/nix-conf/home-manager/home.nix index 386f993..efab2ed 100644 --- a/nix-conf/home-manager/home.nix +++ b/nix-conf/home-manager/home.nix @@ -20,7 +20,7 @@ let pkgs.gcc pkgs.tree-sitter pkgs.fzf # file name fuzzy search - # pkgs.sumneko-lua-language-server + pkgs.sumneko-lua-language-server pkgs.ripgrep # content fuzzy search pkgs.zk # Zettelkasten (limited support) pkgs.fd # Required by a Telescope plugin (?) From 1cab6d34300ef591ee5d51ca584925540e69f1c2 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 05:32:35 -0700 Subject: [PATCH 08/13] neovim: the default theme for file picker was better --- native_configs/neovim/init.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/native_configs/neovim/init.lua b/native_configs/neovim/init.lua index 5112951..2db825b 100644 --- a/native_configs/neovim/init.lua +++ b/native_configs/neovim/init.lua @@ -258,11 +258,11 @@ remap('n', 'ff', function() end, { desc = '[F]ind [F]ile' }) remap('n', 'fa', function() - require('telescope.builtin').find_files(require('telescope.themes').get_ivy({ + require('telescope.builtin').find_files({ hidden = true, no_ignore = true, follow = true, - })) + }) end, { desc = '[F]ind [A]ll files' }) remap('n', 'fg', function() From 3e22f2c3e7dd8919bf308efb361878be8f5bafee Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 21:22:07 -0700 Subject: [PATCH 09/13] add some more modules --- flake.nix | 24 +++- hosts/bao/default.nix | 5 + hosts/default.nix | 16 +++ hosts/lizzi/default.nix | 4 + lib/default.nix | 25 ++-- lib/serde.nix | 29 +++++ lib/test.nix | 3 + modules/base.sys.nix | 4 + modules/kde.sys.nix | 29 ++++- modules/pipewire.audio.sys.nix | 15 +++ modules/pulseaudio.sys.nix | 9 ++ modules/secrets.nix | 9 +- modules/ssh.sys.nix | 6 + modules/storage.perso.sys.nix | 110 ++++++++++++++++++ nix-conf/system/configuration.nix | 2 +- nix-conf/system/flake.nix | 4 +- .../profiles/bao/hardware-configuration.nix | 2 +- scripts/config-sysnix.sh | 2 +- secrets.nix | 28 ++--- secrets/default.nix | 18 +++ templates/default.nix | 5 + 21 files changed, 310 insertions(+), 39 deletions(-) create mode 100644 hosts/bao/default.nix create mode 100644 hosts/default.nix create mode 100644 hosts/lizzi/default.nix create mode 100644 lib/serde.nix create mode 100644 lib/test.nix create mode 100644 modules/pipewire.audio.sys.nix create mode 100644 modules/pulseaudio.sys.nix create mode 100644 modules/ssh.sys.nix create mode 100644 modules/storage.perso.sys.nix create mode 100644 secrets/default.nix create mode 100644 templates/default.nix diff --git a/flake.nix b/flake.nix index d0c2b5e..ccabf0b 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,18 @@ inherit system; # NOTE: this will only read files that are within git tree # all secrets should go into secrets.nix and secrets/*.age - proj_root = builtins.toString ./.; + proj_root = let + path = builtins.toString ./.; + in { + inherit path; + configs.path = "${path}/native-configs"; + scripts.path = "${path}/scripts"; + secrets.path = "${path}/secrets"; + testdata.path = "${path}/tests"; + modules.path = "${path}/modules"; + hosts.path = "${path}/hosts"; + users.path = "${path}/users"; + }; } _inputs); inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs); lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib; @@ -51,10 +62,19 @@ hosts = (import ./hosts inputs_w_lib); users = (import ./users inputs_w_lib); + # {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat + # ,pkgs, lib (extended), proj_root} final_inputs = inputs_w_lib; in { - # inherit (hosts) nixosConfigurations; + inherit (hosts) nixosConfigurations; # inherit (users) homeConfigurations; + inherit lib; devShell."${system}" = import ./dev-shell.nix final_inputs; + templates = import ./templates final_inputs; + + unit_tests = (lib.runTests + (import ./lib/test.nix final_inputs) // + {}); + secrets = import ./secrets final_inputs; }; } diff --git a/hosts/bao/default.nix b/hosts/bao/default.nix new file mode 100644 index 0000000..f24f049 --- /dev/null +++ b/hosts/bao/default.nix @@ -0,0 +1,5 @@ +{nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat +,pkgs, lib, proj_root}: { + +} + diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..ba9921c --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,16 @@ +{nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat +,pkgs, lib, proj_root,...}@inputs:{ + nixosConfigurations = { + bao = lib.mkHost { + hostName = "bao"; + nixosBareConfiguration = { + modules = [ + + import ../modules/kde.sys.nix + import ../modules/pulseaudio.sys.nix + import ../modules/storage.perso.sys.nix + ]; + }; + }; + }; +} diff --git a/hosts/lizzi/default.nix b/hosts/lizzi/default.nix new file mode 100644 index 0000000..145cab8 --- /dev/null +++ b/hosts/lizzi/default.nix @@ -0,0 +1,4 @@ +{nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat +,pkgs, lib, proj_root}: { + +} diff --git a/lib/default.nix b/lib/default.nix index 6a529d9..b486571 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,11 +1,12 @@ {pkgs ,nixpkgs ,proj_root +,agenix ,nixosDefaultVersion? "22.05" -,defaultSystem? "x86_64-linux"; +,defaultSystem? "x86_64-linux" ,...}@inputs: let lib = pkgs.lib; - + serde = import ./serde.nix inputs // {inherit lib;}; # procedure = in { # short-hand to create a shell derivation @@ -17,21 +18,31 @@ in { ) {}); # Configures hosts as nixosConfiguration - # [host_T] -> {host_T[int].hostName = type (nixpkgs.lib.nixosConfiguration);} mkHost = {hostName , nixosBareConfiguration + , finalInputs + , users ? {} , nixosVersion? nixosDefaultVersion , system? defaultSystem - , preset? "base"}: # base | minimal - nixpkgs.lib.nixosSystem (nixosBareConfiguration // { + , preset? "base"}: # base | minimal + let + hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; + in nixpkgs.lib.nixosSystem (nixosBareConfiguration // { inherit system; modules = [ { system.stateVersion = nixosVersion; networking.hostName = hostName; + users.users = users; } - import "${proj_root}/modules/base.nix" - import "${proj_root}/modules/tailscale.sys.nix" + { + _module.args = finalInputs; + } + import "${proj_root.modules.path}/secrets.nix" + import "${proj_root.modules.path}/${preset}.sys.nix" ] ++ nixosBareConfiguration.modules; + lib = finalInputs.lib; }); + inherit serde; + inherit (serde) fromYaml fromYamlPath; } diff --git a/lib/serde.nix b/lib/serde.nix new file mode 100644 index 0000000..73d5eed --- /dev/null +++ b/lib/serde.nix @@ -0,0 +1,29 @@ +# Takes care of serializing and deserializing to some formats +# Blame: Pegasust +# TODO: Add to* formats from pkgs.formats.* +{ pkgs +, lib +,... +} @ inputs: +let + yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage + ({ runCommand }: + # runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33 + runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; } + # run yq which outputs '.' (no filter) on file at yamlPath + # note that $out is passed onto the bash/sh script for execution + '' + echo "$yamlContent" | yq >$out + '') + { }; +in { + # Takes in a yaml string and produces a derivation with translated JSON at $outputPath + # similar to builtins.fromJSON, turns a YAML string to nix attrset + fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json")); + fromYamlPath = yamlPath: builtins.fromJSON ( + builtins.readFile ( + yamlToJsonDrv ( + builtins.readFile yamlPath) + "any-output.json")); + # TODO: fromToml? +} diff --git a/lib/test.nix b/lib/test.nix new file mode 100644 index 0000000..169522e --- /dev/null +++ b/lib/test.nix @@ -0,0 +1,3 @@ +{lib,...}: { + +} diff --git a/modules/base.sys.nix b/modules/base.sys.nix index df60476..6c4e836 100644 --- a/modules/base.sys.nix +++ b/modules/base.sys.nix @@ -6,5 +6,9 @@ ./minimal.sys.nix ./mosh.sys.nix ./tailscale.sys.nix + ./ssh.sys.nix ]; + environment.systemPackages = [pkgs.lm_sensors]; + time.timeZone = "America/Phoenix"; + } diff --git a/modules/kde.sys.nix b/modules/kde.sys.nix index 907bfeb..6744c8e 100644 --- a/modules/kde.sys.nix +++ b/modules/kde.sys.nix @@ -1,8 +1,27 @@ -{pkgs -,lib -,config -,proj_root -,agenix +{ pkgs +, lib }: { environment.noXlibs = lib.mkForce false; + # TODO: wireless networking + + # Enable the X11 windowing system. + services.xserver.enable = true; + # KDE & Plasma 5 + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5 = { + enable = true; + excludePackages = let plasma5 = pkgs.libsForQt5; in + [ + plasma5.elisa # audio viewer + plasma5.konsole # I use alacritty instaed + plasma5.plasma-browser-integration + plasma5.print-manager # will enable if I need + plasma5.khelpcenter # why not just write manpages instead :( + # plasma5.ksshaskpass # pls just put prompts on my dear terminal + ]; + }; + + # disables KDE's setting of askpassword + programs.ssh.askPassword = ""; + programs.ssh.enableAskPassword = false; } diff --git a/modules/pipewire.audio.sys.nix b/modules/pipewire.audio.sys.nix new file mode 100644 index 0000000..8c36bee --- /dev/null +++ b/modules/pipewire.audio.sys.nix @@ -0,0 +1,15 @@ +{ + # Sound: pipewire + sound.enable = false; + hardware.pulseaudio.enable = false; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # Might want to use JACK in the future + jack.enable = true; + }; + + security.rtkit.enable = true; +} diff --git a/modules/pulseaudio.sys.nix b/modules/pulseaudio.sys.nix new file mode 100644 index 0000000..3b804f3 --- /dev/null +++ b/modules/pulseaudio.sys.nix @@ -0,0 +1,9 @@ +{ + # Enable sound. (pulse audio) + sound.enable = true; + programs.dconf.enable = true; + hardware.pulseaudio.enable = true; + hardware.pulseaudio.support32Bit = true; + nixpkgs.config.pulseaudio = true; + hardware.pulseaudio.extraConfig = "load-module module-combine-sink"; +} diff --git a/modules/secrets.nix b/modules/secrets.nix index b91057f..9c91dc6 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -1,16 +1,19 @@ {agenix ,proj_root}: { + imports = [ + agenix.nixosModule + ]; age.secrets.s3fs = { - file = "${proj_root}/secrets/s3fs.age"; + file = "${proj_root.secrets.path}/s3fs.age"; # mode = "600"; # owner + group only # owner = "hungtr"; # group = "users"; }; age.secrets."s3fs.digital-garden" = { - file = "${proj_root}/secrets/s3fs.digital-garden.age"; + file = "${proj_root.secrets.path}/s3fs.digital-garden.age"; }; age.secrets._nhitrl_cred = { - file = "${proj_root}/secrets/_nhitrl.age"; + file = "${proj_root.secrets.path}/_nhitrl.age"; }; environment.systemPackages = [agenix.defaultPackage.x86_64-linux]; } diff --git a/modules/ssh.sys.nix b/modules/ssh.sys.nix new file mode 100644 index 0000000..1e42a3c --- /dev/null +++ b/modules/ssh.sys.nix @@ -0,0 +1,6 @@ +{ + services.openssh = { + enable = true; + permitRootLogin = false; + }; +} diff --git a/modules/storage.perso.sys.nix b/modules/storage.perso.sys.nix new file mode 100644 index 0000000..e16db18 --- /dev/null +++ b/modules/storage.perso.sys.nix @@ -0,0 +1,110 @@ +# Personal configuration on storage solution +{ pkgs, config, lib }: { + environment.systemPackages = [ + pkgs.s3fs + pkgs.cifs-utils + ]; + + # Sadly, autofs uses systemd, so we can't put it in home-manager + # HACK: need to store secret somewhere so that root can access this + # because autofs may run as root for now, we enforce putting the secret in this monorepo + # TODO: make this configuration nix-less to show that it's 100% data + services.autofs = + let + # confToBackendArg {lol="what"; empty=""; name_only=null;} -> "lol=what,empty=,name_only" + # TODO: change null -> true/false. This allows overriding & better self-documentation + confToBackendArg = conf: (lib.concatStringsSep "," + (lib.mapAttrsToList (name: value: "${name}${lib.optionalString (value != null) "=${value}"}") conf)); + + # mount_dest: path ("wow") + # backend_args: nix attrs representing the arguments to be passed to s3fs + # ({"-fstype" = "fuse"; "use_cache" = "/tmp";}) + # bucket: bucket name (hungtr-hot) + # NOTE: s3 custom provider will be provided inside + # backend_args, so just put the bucket name here + # + #-> "${mount_dest} ${formatted_args} ${s3fs-bin}#${bucket}" + autofs-s3fs_entry = + { mount_dest + , backend_args ? { "-fstype" = "fuse"; } + , bucket + }@inputs: + let + s3fs-exec = "${pkgs.s3fs}/bin/s3fs"; + in + "${mount_dest} ${confToBackendArg backend_args} :${s3fs-exec}\#${bucket}"; + personalStorage = [ + # hungtr-hot @ phoenix is broken :) + # (autofs-s3fs_entry { + # mount_dest = "hot"; + # backend_args = { + # "-fstype" = "fuse"; + # use_cache = "/tmp"; + # del_cache = null; + # allow_other = null; + # url = ''"https://f5i0.ph.idrivee2-32.com"''; + # # TODO: builtins.readFile requires a Git-controlled file + # passwd_file = config.age.secrets.s3fs.path; + # dbglevel = "debug"; # enable this for better debugging info in journalctl + # uid = "1000"; # default user + # gid = "100"; # users + # umask="003"; # others read only, fully shared for users group + # # _netdev = null; # ignored by s3fs (https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs.cpp#L4910) + # }; + # bucket = "hungtr-hot"; + # }) + (autofs-s3fs_entry { + mount_dest = "garden"; + backend_args = { + "-fstype" = "fuse"; + use_cache = "/tmp"; + del_cache = null; + allow_other = null; + url = "https://v5h5.la11.idrivee2-14.com"; + passwd_file = config.age.secrets."s3fs.digital-garden".path; + dbglevel = "debug"; # enable this for better debugging info in journalctl + uid = "1000"; # default user + gid = "100"; # users + umask = "003"; # others read only, fully shared for users group + }; + bucket = "digital-garden"; + }) + ( + let args = { + "-fstype" = "cifs"; + credentials = config.age.secrets._nhitrl_cred.path; + user = null; + uid = "1001"; + gid = "100"; + dir_mode = "0777"; + file_mode = "0777"; + }; + in "felia_d ${confToBackendArg args} ://felia.coati-celsius.ts.net/d" + ) + ( + let args = { + "-fstype" = "cifs"; + credentials = config.age.secrets._nhitrl_cred.path; + user = null; + uid = "1001"; + gid = "100"; + dir_mode = "0777"; + file_mode = "0777"; + }; + in "felia_f ${confToBackendArg args} ://felia.coati-celsius.ts.net/f" + ) + ]; + persoConf = pkgs.writeText "auto.personal" (builtins.concatStringsSep "\n" personalStorage); + in + { + enable = true; + # Creates /perso directory with every subdirectory declared by ${personalStorage} + # as of now (might be stale), /perso/hot is the only mount accessible + # that is also managed by s3fs + autoMaster = '' + /perso file:${persoConf} + ''; + timeout = 30; # default: 600, 600 seconds (10 mins) of inactivity => unmount + # debug = true; # writes to more to journalctl + }; +} diff --git a/nix-conf/system/configuration.nix b/nix-conf/system/configuration.nix index 8f867d5..7242c14 100755 --- a/nix-conf/system/configuration.nix +++ b/nix-conf/system/configuration.nix @@ -33,7 +33,7 @@ with lib; }; users.users.root = { # openssh runs in root, no? This is because port < 1024 requires root. - openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys"); + openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/native_configs/ssh/authorized_keys"); }; # Some basic programs diff --git a/nix-conf/system/flake.nix b/nix-conf/system/flake.nix index fca0888..caac7c7 100644 --- a/nix-conf/system/flake.nix +++ b/nix-conf/system/flake.nix @@ -211,7 +211,9 @@ ./configuration.nix # automount using s3fs ({config, pkgs, lib, ...}: { - environment.systemPackages = [pkgs.s3fs pkgs.cifs-utils]; # s3fs-fuse + environment.systemPackages = [ + pkgs.s3fs pkgs.cifs-utils pkgs.lm_sensors pkgs.hddtemp + ]; # s3fs-fuse # Sadly, autofs uses systemd, so we can't put it in home-manager # HACK: need to store secret somewhere so that root can access this # because autofs may run as root for now, we enforce putting the secret in this monorepo diff --git a/nix-conf/system/profiles/bao/hardware-configuration.nix b/nix-conf/system/profiles/bao/hardware-configuration.nix index 56e94aa..c29572c 100644 --- a/nix-conf/system/profiles/bao/hardware-configuration.nix +++ b/nix-conf/system/profiles/bao/hardware-configuration.nix @@ -11,7 +11,7 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; # boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = []; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "coretemp"]; boot.extraModulePackages = [ ]; fileSystems."/" = diff --git a/scripts/config-sysnix.sh b/scripts/config-sysnix.sh index 49af659..261aa69 100755 --- a/scripts/config-sysnix.sh +++ b/scripts/config-sysnix.sh @@ -33,7 +33,7 @@ git add "${HARDWARE_CONF}" # Copy ssh/id-rsa details onto ssh/authorized_keys SSH_PRIV="${HOME}/.ssh/id_rsa" SSH_PUB="${SSH_PRIV}.pub" -SSH_DIR="${SCRIPT_DIR}/../ssh" +SSH_DIR="${SCRIPT_DIR}/../native_configs/ssh" if [ ! -f "${SSH_PRIV}" ]; then ssh-keygen -b 2048 -t rsa -f "${SSH_PRIV}" -q -N "" fi diff --git a/secrets.nix b/secrets.nix index 762039d..549ff67 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,18 +1,10 @@ -let - # user-specific (~/.ssh/id_ed25519.pub) - users = { - "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z"; - }; - # System-specific settings (/etc/ssh/ssh_host_ed25519_key.pub) - systems = { - "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs"; - }; - all = users // systems; - # stands for calculus - c_ = builtins; -in { - "system/secrets/s3fs.age".publicKeys = c_.attrValues (all); - "system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all); - "system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all); - -} +(import + ( + let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ./.; } +).defaultNix.secrets diff --git a/secrets/default.nix b/secrets/default.nix new file mode 100644 index 0000000..4808c6c --- /dev/null +++ b/secrets/default.nix @@ -0,0 +1,18 @@ +# TODO: put ssh keys as user/host config +inputs: let + # user-specific (~/.ssh/id_ed25519.pub) + users = { + "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z"; + }; + # System-specific settings (/etc/ssh/ssh_host_ed25519_key.pub) + systems = { + "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs"; + }; + all = users // systems; + # stands for calculus + c_ = builtins; +in { + "system/secrets/s3fs.age".publicKeys = c_.attrValues (all); + "system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all); + "system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all); +} diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..f83e1ff --- /dev/null +++ b/templates/default.nix @@ -0,0 +1,5 @@ +{pkgs +,lib +, +}: { +} From 85dda3dbd3c75484ccb3417878cbf14d997ec3eb Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 21:51:32 -0700 Subject: [PATCH 10/13] add some rust templates --- templates/default.nix | 12 ++++++- templates/rust-monorepo/.envrc | 1 + .../.github/workflows/build_nix.yml | 13 +++++++ templates/rust-monorepo/Cargo.lock | 14 ++++++++ templates/rust-monorepo/Cargo.toml | 5 +++ templates/rust-monorepo/default.nix | 7 ++++ templates/rust-monorepo/exec/cli/.gitignore | 1 + templates/rust-monorepo/exec/cli/Cargo.toml | 9 +++++ templates/rust-monorepo/exec/cli/src/main.rs | 3 ++ templates/rust-monorepo/flake.nix | 35 +++++++++++++++++++ .../rust-monorepo/packages/core/.gitignore | 2 ++ .../rust-monorepo/packages/core/Cargo.toml | 8 +++++ .../rust-monorepo/packages/core/src/lib.rs | 14 ++++++++ templates/rust-monorepo/shell.nix | 7 ++++ templates/rust/.envrc | 1 + .../rust/.github/workflows/build_nix.yml | 13 +++++++ templates/rust/default.nix | 7 ++++ templates/rust/flake.nix | 35 +++++++++++++++++++ templates/rust/shell.nix | 7 ++++ 19 files changed, 193 insertions(+), 1 deletion(-) create mode 100644 templates/rust-monorepo/.envrc create mode 100644 templates/rust-monorepo/.github/workflows/build_nix.yml create mode 100644 templates/rust-monorepo/Cargo.lock create mode 100644 templates/rust-monorepo/Cargo.toml create mode 100644 templates/rust-monorepo/default.nix create mode 100644 templates/rust-monorepo/exec/cli/.gitignore create mode 100644 templates/rust-monorepo/exec/cli/Cargo.toml create mode 100644 templates/rust-monorepo/exec/cli/src/main.rs create mode 100644 templates/rust-monorepo/flake.nix create mode 100644 templates/rust-monorepo/packages/core/.gitignore create mode 100644 templates/rust-monorepo/packages/core/Cargo.toml create mode 100644 templates/rust-monorepo/packages/core/src/lib.rs create mode 100644 templates/rust-monorepo/shell.nix create mode 100644 templates/rust/.envrc create mode 100644 templates/rust/.github/workflows/build_nix.yml create mode 100644 templates/rust/default.nix create mode 100644 templates/rust/flake.nix create mode 100644 templates/rust/shell.nix diff --git a/templates/default.nix b/templates/default.nix index f83e1ff..3642f66 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -1,5 +1,15 @@ +# TODO: templates should be able to have initial states like +# repo name, author,... {pkgs ,lib -, +,... }: { + rust = { + path = ./rust; + description = "Minimal Rust build template using Naersk, rust-overlay, rust-analyzer"; + }; + rust-monorepo = { + path = ./rust-monorepo; + description = "hungtr's opinionated Rust monorepo, extended from ./rust, using Cargo workspace"; + }; } diff --git a/templates/rust-monorepo/.envrc b/templates/rust-monorepo/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/templates/rust-monorepo/.envrc @@ -0,0 +1 @@ +use flake diff --git a/templates/rust-monorepo/.github/workflows/build_nix.yml b/templates/rust-monorepo/.github/workflows/build_nix.yml new file mode 100644 index 0000000..2f684e1 --- /dev/null +++ b/templates/rust-monorepo/.github/workflows/build_nix.yml @@ -0,0 +1,13 @@ +name: "Build legacy Nix package on Ubuntu" + +on: + push: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v12 + - name: Building package + run: nix-build . -A defaultPackage.x86_64-linux diff --git a/templates/rust-monorepo/Cargo.lock b/templates/rust-monorepo/Cargo.lock new file mode 100644 index 0000000..b74bea3 --- /dev/null +++ b/templates/rust-monorepo/Cargo.lock @@ -0,0 +1,14 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "cli" +version = "0.1.0" +dependencies = [ + "core", +] + +[[package]] +name = "core" +version = "0.1.0" diff --git a/templates/rust-monorepo/Cargo.toml b/templates/rust-monorepo/Cargo.toml new file mode 100644 index 0000000..230aee7 --- /dev/null +++ b/templates/rust-monorepo/Cargo.toml @@ -0,0 +1,5 @@ +[workspace] +members = [ + "packages/*", + "exec/*" +] diff --git a/templates/rust-monorepo/default.nix b/templates/rust-monorepo/default.nix new file mode 100644 index 0000000..39bacff --- /dev/null +++ b/templates/rust-monorepo/default.nix @@ -0,0 +1,7 @@ +(import ( + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz"; + sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; } +) { + src = ./.; +}).defaultNix diff --git a/templates/rust-monorepo/exec/cli/.gitignore b/templates/rust-monorepo/exec/cli/.gitignore new file mode 100644 index 0000000..ea8c4bf --- /dev/null +++ b/templates/rust-monorepo/exec/cli/.gitignore @@ -0,0 +1 @@ +/target diff --git a/templates/rust-monorepo/exec/cli/Cargo.toml b/templates/rust-monorepo/exec/cli/Cargo.toml new file mode 100644 index 0000000..c3cd6d1 --- /dev/null +++ b/templates/rust-monorepo/exec/cli/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "cli" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +core = { version = "0.1.0", path = "../../packages/core" } diff --git a/templates/rust-monorepo/exec/cli/src/main.rs b/templates/rust-monorepo/exec/cli/src/main.rs new file mode 100644 index 0000000..e7a11a9 --- /dev/null +++ b/templates/rust-monorepo/exec/cli/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +} diff --git a/templates/rust-monorepo/flake.nix b/templates/rust-monorepo/flake.nix new file mode 100644 index 0000000..394ac4e --- /dev/null +++ b/templates/rust-monorepo/flake.nix @@ -0,0 +1,35 @@ +{ + inputs = { + naersk.url = "github:nix-community/naersk/master"; + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + utils.url = "github:numtide/flake-utils"; + rust-overlay = "github:oxalica/rust-overlay"; + }; + + outputs = { self, nixpkgs, utils, naersk, rust-overlay }: + utils.lib.eachDefaultSystem (system: + let + overlays = [ rust-overlay.overlays.default ]; + pkgs = import nixpkgs { inherit system overlays; }; + naersk-lib = pkgs.callPackage naersk { }; + in + { + defaultPackage = naersk-lib.buildPackage ./.; + devShell = with pkgs; mkShell { + buildInputs = [ + (pkgs.rust-bin.selectLatestNightlyWith + ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) + pkgs.rust-analyzer + ]; + RUST_SRC_PATH = rustPlatform.rustLibSrc; + shellHook = '' + # nix flake update # is this even needed? + ''; + }; + }); +} diff --git a/templates/rust-monorepo/packages/core/.gitignore b/templates/rust-monorepo/packages/core/.gitignore new file mode 100644 index 0000000..4fffb2f --- /dev/null +++ b/templates/rust-monorepo/packages/core/.gitignore @@ -0,0 +1,2 @@ +/target +/Cargo.lock diff --git a/templates/rust-monorepo/packages/core/Cargo.toml b/templates/rust-monorepo/packages/core/Cargo.toml new file mode 100644 index 0000000..900733d --- /dev/null +++ b/templates/rust-monorepo/packages/core/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "core" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] diff --git a/templates/rust-monorepo/packages/core/src/lib.rs b/templates/rust-monorepo/packages/core/src/lib.rs new file mode 100644 index 0000000..7d12d9a --- /dev/null +++ b/templates/rust-monorepo/packages/core/src/lib.rs @@ -0,0 +1,14 @@ +pub fn add(left: usize, right: usize) -> usize { + left + right +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn it_works() { + let result = add(2, 2); + assert_eq!(result, 4); + } +} diff --git a/templates/rust-monorepo/shell.nix b/templates/rust-monorepo/shell.nix new file mode 100644 index 0000000..77db547 --- /dev/null +++ b/templates/rust-monorepo/shell.nix @@ -0,0 +1,7 @@ +(import ( + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz"; + sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; } +) { + src = ./.; +}).shellNix diff --git a/templates/rust/.envrc b/templates/rust/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/templates/rust/.envrc @@ -0,0 +1 @@ +use flake diff --git a/templates/rust/.github/workflows/build_nix.yml b/templates/rust/.github/workflows/build_nix.yml new file mode 100644 index 0000000..2f684e1 --- /dev/null +++ b/templates/rust/.github/workflows/build_nix.yml @@ -0,0 +1,13 @@ +name: "Build legacy Nix package on Ubuntu" + +on: + push: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v12 + - name: Building package + run: nix-build . -A defaultPackage.x86_64-linux diff --git a/templates/rust/default.nix b/templates/rust/default.nix new file mode 100644 index 0000000..39bacff --- /dev/null +++ b/templates/rust/default.nix @@ -0,0 +1,7 @@ +(import ( + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz"; + sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; } +) { + src = ./.; +}).defaultNix diff --git a/templates/rust/flake.nix b/templates/rust/flake.nix new file mode 100644 index 0000000..394ac4e --- /dev/null +++ b/templates/rust/flake.nix @@ -0,0 +1,35 @@ +{ + inputs = { + naersk.url = "github:nix-community/naersk/master"; + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + utils.url = "github:numtide/flake-utils"; + rust-overlay = "github:oxalica/rust-overlay"; + }; + + outputs = { self, nixpkgs, utils, naersk, rust-overlay }: + utils.lib.eachDefaultSystem (system: + let + overlays = [ rust-overlay.overlays.default ]; + pkgs = import nixpkgs { inherit system overlays; }; + naersk-lib = pkgs.callPackage naersk { }; + in + { + defaultPackage = naersk-lib.buildPackage ./.; + devShell = with pkgs; mkShell { + buildInputs = [ + (pkgs.rust-bin.selectLatestNightlyWith + ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) + pkgs.rust-analyzer + ]; + RUST_SRC_PATH = rustPlatform.rustLibSrc; + shellHook = '' + # nix flake update # is this even needed? + ''; + }; + }); +} diff --git a/templates/rust/shell.nix b/templates/rust/shell.nix new file mode 100644 index 0000000..77db547 --- /dev/null +++ b/templates/rust/shell.nix @@ -0,0 +1,7 @@ +(import ( + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz"; + sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; } +) { + src = ./.; +}).shellNix From 4df865676b9079c0be8c99304f7b8509e721a172 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 22:58:24 -0700 Subject: [PATCH 11/13] before pattern-copy --- flake.nix | 23 +++++++++++--- hosts/default.nix | 74 +++++++++++++++++++++++++++++++++++-------- lib/default.nix | 50 ++++++++++++++--------------- templates/default.nix | 2 +- 4 files changed, 106 insertions(+), 43 deletions(-) diff --git a/flake.nix b/flake.nix index ccabf0b..e0e2011 100644 --- a/flake.nix +++ b/flake.nix @@ -53,7 +53,7 @@ users.path = "${path}/users"; }; } _inputs); - inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs); + inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs; lib = pkgs.lib;} inputs); lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib; # update inputs with our library and past onto our end configurations @@ -65,6 +65,20 @@ # {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat # ,pkgs, lib (extended), proj_root} final_inputs = inputs_w_lib; + + # Tests: unit + integration + unit_tests = (import ./lib/test.nix final_inputs) // + { + test_example = { + expr = "names must start with 'test'"; + expected = "or won't show up"; + }; + not_show = { + expr = "this will be ignored by lib.runTests"; + expected = "for sure"; + }; + }; + in { inherit (hosts) nixosConfigurations; # inherit (users) homeConfigurations; @@ -72,9 +86,10 @@ devShell."${system}" = import ./dev-shell.nix final_inputs; templates = import ./templates final_inputs; - unit_tests = (lib.runTests - (import ./lib/test.nix final_inputs) // - {}); + unit_tests = lib.runTests unit_tests; secrets = import ./secrets final_inputs; + debug = { + inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests; + }; }; } diff --git a/hosts/default.nix b/hosts/default.nix index ba9921c..192b436 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,16 +1,64 @@ {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat -,pkgs, lib, proj_root,...}@inputs:{ - nixosConfigurations = { - bao = lib.mkHost { - hostName = "bao"; - nixosBareConfiguration = { - modules = [ - - import ../modules/kde.sys.nix - import ../modules/pulseaudio.sys.nix - import ../modules/storage.perso.sys.nix - ]; - }; - }; +,pkgs, lib, proj_root, nixosDefaultVersion? "22.05", defaultSystem? "x86_64-linux",...}@finalInputs: let +config = { + bao.metadata = { + # req + hostName = "bao"; + # opts + ssh_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs"; + nixosVersion = "22.11"; + system = "x86_64-linux"; + preset = "base"; }; + bao.nixosConfig = { + modules = [ + import ../modules/kde.sys.nix + import ../modules/pulseaudio.sys.nix + import ../modules/storage.perso.sys.nix + ]; + }; +}; +propagate = hostConfig@{metadata, nixosConfig}: let + # req + inherit (metadata) hostName; + # opts + ssh_pubkey = lib.attrByPath ["ssh_pubkey"] null metadata; # metadata.ssh_pubkey??undefined + users = lib.attrByPath ["users"] {} metadata; + nixosVersion = lib.attrByPath ["nixosVersion"] nixosDefaultVersion metadata; + system = lib.attrByPath ["system"] defaultSystem metadata; + preset = lib.attrByPath ["preset"] "base" metadata; + # infer + hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; +in { + inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig; + nixosConfig = nixosConfig // { + inherit system; + lib = finalInputs.lib; + modules = [ + { + system.stateVersion = nixosVersion; + networking.hostName = hostName; + users.users = users; + } + { + _module.args = finalInputs; + } + import "${proj_root.modules.path}/secrets.nix" + import "${proj_root.modules.path}/${preset}.sys.nix" + ] ++ nixosConfig.modules; + }; +}; +mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig; +mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig); +trimNull = lib.filterAttrs (name: value: value != null); +flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey); +in { + inherit config; + # nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config; + nixosConfigurations = {}; + debug = { + propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config; + }; + # {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";} + hostKeys = trimNull (flattenPubkey config); } diff --git a/lib/default.nix b/lib/default.nix index b486571..baf6243 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -18,31 +18,31 @@ in { ) {}); # Configures hosts as nixosConfiguration - mkHost = {hostName - , nixosBareConfiguration - , finalInputs - , users ? {} - , nixosVersion? nixosDefaultVersion - , system? defaultSystem - , preset? "base"}: # base | minimal - let - hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; - in nixpkgs.lib.nixosSystem (nixosBareConfiguration // { - inherit system; - modules = [ - { - system.stateVersion = nixosVersion; - networking.hostName = hostName; - users.users = users; - } - { - _module.args = finalInputs; - } - import "${proj_root.modules.path}/secrets.nix" - import "${proj_root.modules.path}/${preset}.sys.nix" - ] ++ nixosBareConfiguration.modules; - lib = finalInputs.lib; - }); + # mkHost = {hostName + # , nixosBareConfiguration + # , finalInputs + # , users ? {} + # , nixosVersion? nixosDefaultVersion + # , system? defaultSystem + # , preset? "base"}: # base | minimal + # let + # hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; + # in nixpkgs.lib.nixosSystem (nixosBareConfiguration // { + # inherit system; + # modules = [ + # { + # system.stateVersion = nixosVersion; + # networking.hostName = hostName; + # users.users = users; + # } + # { + # _module.args = finalInputs; + # } + # import "${proj_root.modules.path}/secrets.nix" + # import "${proj_root.modules.path}/${preset}.sys.nix" + # ] ++ nixosBareConfiguration.modules; + # lib = finalInputs.lib; + # }); inherit serde; inherit (serde) fromYaml fromYamlPath; } diff --git a/templates/default.nix b/templates/default.nix index 3642f66..041b23b 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -10,6 +10,6 @@ }; rust-monorepo = { path = ./rust-monorepo; - description = "hungtr's opinionated Rust monorepo, extended from ./rust, using Cargo workspace"; + description = "Opinionated Rust monorepo, extended from ./rust, using Cargo workspace"; }; } From 43942e2fe0b9e4935f215b3662ebb93d285e5061 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Mon, 26 Dec 2022 23:18:09 -0700 Subject: [PATCH 12/13] copy hardware-configurations --- hosts/Felia/hardware-configuration.nix | 80 +++++++++++++++++++++++ hosts/bao/hardware-configuration.nix | 41 ++++++++++++ hosts/homeless/hardware-configuration.nix | 43 ++++++++++++ hosts/lester/hardware-configuration.nix | 42 ++++++++++++ hosts/lizzi/hardware-configuration.nix | 49 ++++++++++++++ hosts/nyx/hardware-configuration.nix | 42 ++++++++++++ hosts/prince/hardware-configuration.nix | 0 7 files changed, 297 insertions(+) create mode 100644 hosts/Felia/hardware-configuration.nix create mode 100644 hosts/bao/hardware-configuration.nix create mode 100644 hosts/homeless/hardware-configuration.nix create mode 100644 hosts/lester/hardware-configuration.nix create mode 100644 hosts/lizzi/hardware-configuration.nix create mode 100644 hosts/nyx/hardware-configuration.nix create mode 100644 hosts/prince/hardware-configuration.nix diff --git a/hosts/Felia/hardware-configuration.nix b/hosts/Felia/hardware-configuration.nix new file mode 100644 index 0000000..97c93fb --- /dev/null +++ b/hosts/Felia/hardware-configuration.nix @@ -0,0 +1,80 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + ## NOTE: These filesystems are mounted by a wrapper script from nix-wsl + + # fileSystems."/" = + # { + # device = "/dev/sdc"; + # fsType = "ext4"; + # }; + # + # fileSystems."/mnt/wsl" = + # { + # device = "tmpfs"; + # fsType = "tmpfs"; + # }; + # + # fileSystems."/mnt/wsl/docker-desktop/shared-sockets/guest-services" = + # { + # device = "none"; + # fsType = "tmpfs"; + # }; + # + # fileSystems."/usr/lib/wsl/drivers" = + # { + # device = "drivers"; + # fsType = "drvfs"; + # }; + # + # fileSystems."/usr/lib/wsl/lib" = + # { + # device = "lib"; + # fsType = "drvfs"; + # }; + + fileSystems."/mnt/c" = + { + device = "C:"; + fsType = "drvfs"; + }; + + fileSystems."/mnt/d" = + { + device = "D:"; + fsType = "drvfs"; + }; + + fileSystems."/mnt/f" = + { + device = "F:"; + fsType = "drvfs"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.bond0.useDHCP = lib.mkDefault true; + # networking.interfaces.bonding_masters.useDHCP = lib.mkDefault true; + # networking.interfaces.dummy0.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.sit0.useDHCP = lib.mkDefault true; + # networking.interfaces.tunl0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/bao/hardware-configuration.nix b/hosts/bao/hardware-configuration.nix new file mode 100644 index 0000000..c29572c --- /dev/null +++ b/hosts/bao/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + # boot.initrd.kernelModules = [ "amdgpu" ]; + boot.initrd.kernelModules = []; + boot.kernelModules = [ "kvm-amd" "coretemp"]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + # Might be wise to use /dev/nvme0p1 instead + { device = "/dev/disk/by-uuid/27fc09b3-e3b7-4883-94a0-c313a0e0abe2"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + # Might be wise to use /dev/nvme0p2 instead + { device = "/dev/disk/by-uuid/EBA6-394D"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/homeless/hardware-configuration.nix b/hosts/homeless/hardware-configuration.nix new file mode 100644 index 0000000..e45b92a --- /dev/null +++ b/hosts/homeless/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input serial; + terminal_output serial + ''; + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/sda"; + fsType = "ext4"; + }; + + swapDevices = + [{ device = "/dev/sdb"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/lester/hardware-configuration.nix b/hosts/lester/hardware-configuration.nix new file mode 100644 index 0000000..aa59e37 --- /dev/null +++ b/hosts/lester/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input serial; + terminal_output serial + ''; + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/sda"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/sdb"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/lizzi/hardware-configuration.nix b/hosts/lizzi/hardware-configuration.nix new file mode 100644 index 0000000..5fa1db1 --- /dev/null +++ b/hosts/lizzi/hardware-configuration.nix @@ -0,0 +1,49 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input serial; + terminal_output serial + ''; + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems = { + "/" = { + device = "/dev/sda"; + fsType = "ext4"; + }; + # Assume Linode volume "gitea" exists, mount it to '/gitea"' + "/gitea" = { + device = "/dev/disk/by-id/scsi-0Linode_Volume_gitea"; + fsType = "ext4"; + }; + }; + + swapDevices = + [{ device = "/dev/sdb"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/nyx/hardware-configuration.nix b/hosts/nyx/hardware-configuration.nix new file mode 100644 index 0000000..36b63dd --- /dev/null +++ b/hosts/nyx/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.kernelParams = ["console=ttyS0,19200n8"]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input serial; + terminal_output serial; + ''; + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + fileSystems."/" = + { device = "/dev/sda"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/sdb"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/prince/hardware-configuration.nix b/hosts/prince/hardware-configuration.nix new file mode 100644 index 0000000..e69de29 From b22ef28604bc3556a9d2c82a0fc7feb26ba26fa8 Mon Sep 17 00:00:00 2001 From: Pegasust Date: Tue, 27 Dec 2022 19:08:07 -0700 Subject: [PATCH 13/13] just make nix-conf works for now --- flake.lock | 18 +++---- .../home-manager/base/private_chromium.nix | 48 ++++++++++++++++++ .../home-manager/base/productive_desktop.nix | 9 ++++ nix-conf/home-manager/flake.nix | 49 +----------------- scripts/config-sysnix-edge.sh | 50 +++++++++++++++++++ 5 files changed, 118 insertions(+), 56 deletions(-) create mode 100644 nix-conf/home-manager/base/private_chromium.nix create mode 100644 nix-conf/home-manager/base/productive_desktop.nix create mode 100755 scripts/config-sysnix-edge.sh diff --git a/flake.lock b/flake.lock index 8814e08..ef5f094 100644 --- a/flake.lock +++ b/flake.lock @@ -89,11 +89,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1671958483, - "narHash": "sha256-wX+VBdHwrpW654PzmM4efiPdUDI8da8TGZeQt/zYP40=", + "lastModified": 1671966569, + "narHash": "sha256-jbLgfSnmLchARBNFRvCic63CFQ9LAyvlXnBpc2kwjQc=", "owner": "nix-community", "repo": "home-manager", - "rev": "939731b8cb75fb451170cb8f935186a6a7424444", + "rev": "c55fa26ce05fee8e063db22918d05a73d430b2ea", "type": "github" }, "original": { @@ -138,11 +138,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1671722432, - "narHash": "sha256-ojcZUekIQeOZkHHzR81st7qxX99dB1Eaaq6PU5MNeKc=", + "lastModified": 1671983799, + "narHash": "sha256-Z2Ro6hFPZHkBqkVXY5/aBUzxi5xizQGvuHQ9+T5B/ks=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "652e92b8064949a11bc193b90b74cb727f2a1405", + "rev": "fad51abd42ca17a60fc1d4cb9382e2d79ae31836", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1671935094, - "narHash": "sha256-fWEkH5550R6q6+CeG/317g9ywE/ZhW/4zuCjTaDsHe8=", + "lastModified": 1672107670, + "narHash": "sha256-m4kP+8k46JwSXYDugykIVvRyoNofZDG7atjbi5+sLoU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "fd2740316bacb3e0106381c325e0bb90d6790aeb", + "rev": "f4827ef0518463f31a52ab2e5c500c80558fdd78", "type": "github" }, "original": { diff --git a/nix-conf/home-manager/base/private_chromium.nix b/nix-conf/home-manager/base/private_chromium.nix new file mode 100644 index 0000000..c8de51c --- /dev/null +++ b/nix-conf/home-manager/base/private_chromium.nix @@ -0,0 +1,48 @@ +{ config, pkgs, lib, ... }: +let cfg = config.base.private_chromium; +in +{ + options.base.private_chromium = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + example = false; + description = '' + Enable extremely lightweight chromium with vimium plugin + ''; + }; + }; + config = lib.mkIf cfg.enable { + # home.packages = [pkgs.ungoogled-chromium]; + programs.chromium = { + enable = true; + package = pkgs.ungoogled-chromium; + extensions = + let + mkChromiumExtForVersion = browserVersion: { id, sha256, extVersion, ... }: + { + inherit id; + crxPath = builtins.fetchurl { + url = "https://clients2.google.com/service/update2/crx" + + "?response=redirect" + + "&acceptformat=crx2,crx3" + + "&prodversion=${browserVersion}" + + "&x=id%3D${id}%26installsource%3Dondemand%26uc"; + name = "${id}.crx"; + inherit sha256; + }; + version = extVersion; + }; + mkChromiumExt = mkChromiumExtForVersion (lib.versions.major pkgs.ungoogled-chromium.version); + in + [ + # vimium + (mkChromiumExt { + id = "dbepggeogbaibhgnhhndojpepiihcmeb"; + sha256 = "00qhbs41gx71q026xaflgwzzridfw1sx3i9yah45cyawv8q7ziic"; + extVersion = "1.67.4"; + }) + ]; + }; + }; +} diff --git a/nix-conf/home-manager/base/productive_desktop.nix b/nix-conf/home-manager/base/productive_desktop.nix new file mode 100644 index 0000000..f319af8 --- /dev/null +++ b/nix-conf/home-manager/base/productive_desktop.nix @@ -0,0 +1,9 @@ +inputs@{pkgs,...}: { + imports = [ + # slack + ({pkgs,...}: { + home.packages = [pkgs.slack]; + }) + ./private_chromium.nix + ]; +} diff --git a/nix-conf/home-manager/flake.nix b/nix-conf/home-manager/flake.nix index b09d0b6..c4223eb 100644 --- a/nix-conf/home-manager/flake.nix +++ b/nix-conf/home-manager/flake.nix @@ -35,52 +35,7 @@ # lib = (import ../lib { inherit pkgs; lib = pkgs.lib; }); base = import ./base; inherit (base) mkModuleArgs; - private_chromium = {config, pkgs, lib, ...}: let cfg = config.base.private_chromium; - in { - options.base.private_chromium = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - example = false; - description = '' - Enable extremely lightweight chromium with vimium plugin - ''; - }; - }; - config = lib.mkIf cfg.enable { - # home.packages = [pkgs.ungoogled-chromium]; - programs.chromium = { - enable = true; - package = pkgs.ungoogled-chromium; - extensions = - let - mkChromiumExtForVersion = browserVersion: {id, sha256, extVersion,...}: - { - inherit id; - crxPath = builtins.fetchurl { - url = "https://clients2.google.com/service/update2/crx"+ - "?response=redirect"+ - "&acceptformat=crx2,crx3"+ - "&prodversion=${browserVersion}"+ - "&x=id%3D${id}%26installsource%3Dondemand%26uc"; - name = "${id}.crx"; - inherit sha256; - }; - version = extVersion; - }; - mkChromiumExt = mkChromiumExtForVersion (lib.versions.major pkgs.ungoogled-chromium.version); - in - [ - # vimium - (mkChromiumExt { - id = "dbepggeogbaibhgnhhndojpepiihcmeb"; - sha256 = "00qhbs41gx71q026xaflgwzzridfw1sx3i9yah45cyawv8q7ziic"; - extVersion = "1.67.4"; - }) - ]; - }; - }; - }; + kde_module = {config, pkgs, ...}: { fonts.fontconfig.enable = true; home.packages = [ @@ -121,7 +76,7 @@ modules = base.modules ++ [ ./home.nix kde_module - private_chromium + ./base/productive_desktop.nix ]; # optionally pass inarguments to module # we migrate this from in-place modules to allow flexibility diff --git a/scripts/config-sysnix-edge.sh b/scripts/config-sysnix-edge.sh new file mode 100755 index 0000000..f7de08d --- /dev/null +++ b/scripts/config-sysnix-edge.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env sh +## Configures a new nixos system to this repository +## Blame: Hung Tran (Pegasust) + +set -xv + +HOSTNAME=${1} + +if [ -z $HOSTNAME ]; then + current_hostname=$(hostname) + echo "Missing hostname as first param." + echo "Type the hostname you want to be here" + read -p "[${current_hostname}] > " HOSTNAME + HOSTNAME=${HOSTNAME:-${current_hostname}} + read -p "Using hostname: ${HOSTNAME}. Press ENTER to continue." _WHATEVER_ +fi + +# Where is this script located +SCRIPT_DIR=$(realpath $(dirname $0)) +echo "SCRIPT_DIR: ${SCRIPT_DIR}" + +SYSNIX_DIR="${SCRIPT_DIR}/.." + +# Copy hardware-configuration of existing machine onto our version control +SYSNIX_PROF="${SYSNIX_DIR}/hosts/${HOSTNAME}" +HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix" +if [ ! -f "${HARDWARE_CONF}" ]; then + mkdir "$SYSNIX_PROF" + sudo cp /etc/nixos/hardware-configuration.nix ${HARDWARE_CONF} +fi +git add "${HARDWARE_CONF}" + +# Copy ssh/id-rsa details onto ssh/authorized_keys +SSH_PRIV="${HOME}/.ssh/id_rsa" +SSH_PUB="${SSH_PRIV}.pub" +SSH_DIR="${SCRIPT_DIR}/../native_configs/ssh" +if [ ! -f "${SSH_PRIV}" ]; then + ssh-keygen -b 2048 -t rsa -f "${SSH_PRIV}" -q -N "" +fi +# idempotently adds to authorized_keys +cat "${SSH_PUB}" >> "${SSH_DIR}/authorized_keys" +# sort "${SSH_DIR}/authorized_keys" | uniq >"${SSH_DIR}/authorized_keys" +# NOTE: if we do sort... file >file, the ">file" is performed first, which truncates +# the file before we open to read. Hence, `sort [...] file >file` yields empty file. +# Because of this, we have to use `-o` +sort -u "${SSH_DIR}/authorized_keys" -o "${SSH_DIR}/authorized_keys" + +echo "Apply nixos-rebuild" +sudo nixos-rebuild switch --flake "${SYSNIX_DIR}#${HOSTNAME}" +