From 9b0a54e5347fcf5a6b011969e984d673f6cedccc Mon Sep 17 00:00:00 2001 From: Pegasust Date: Sun, 25 Dec 2022 02:55:30 -0700 Subject: [PATCH] re-order stuffs around --- .envrc | 6 ++ DEV.md | 36 ++++++++++++ flake.nix | 55 +++++++++++++++++++ native_configs/README.md | 3 + .../alacritty}/alacritty.yml | 0 {neovim => native_configs/neovim}/init.lua | 0 .../neovim}/scripts/deps.sh | 0 {ssh => native_configs/ssh}/authorized_keys | 0 {ssh => native_configs/ssh}/config | 0 .../starship}/starship.toml | 0 {tmux => native_configs/tmux}/tmux.conf | 0 {zk => native_configs/zk}/config.toml | 0 nixops/simple_hydra.nix | 31 ----------- nixops/simple_hydra_vbox.nix | 25 --------- secrets.nix | 18 ++++++ shell.nix | 14 +++++ 16 files changed, 132 insertions(+), 56 deletions(-) create mode 100644 .envrc create mode 100644 DEV.md create mode 100644 flake.nix create mode 100644 native_configs/README.md rename {alacritty => native_configs/alacritty}/alacritty.yml (100%) rename {neovim => native_configs/neovim}/init.lua (100%) rename {neovim => native_configs/neovim}/scripts/deps.sh (100%) rename {ssh => native_configs/ssh}/authorized_keys (100%) rename {ssh => native_configs/ssh}/config (100%) rename {starship => native_configs/starship}/starship.toml (100%) rename {tmux => native_configs/tmux}/tmux.conf (100%) rename {zk => native_configs/zk}/config.toml (100%) delete mode 100644 nixops/simple_hydra.nix delete mode 100644 nixops/simple_hydra_vbox.nix create mode 100644 secrets.nix create mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..9834d0e --- /dev/null +++ b/.envrc @@ -0,0 +1,6 @@ +# If nix-shell available, then nix is installed. We're going to use nix-direnv. +if command -v nix-shell &> /dev/null +then + use flake +fi + diff --git a/DEV.md b/DEV.md new file mode 100644 index 0000000..f5f7c68 --- /dev/null +++ b/DEV.md @@ -0,0 +1,36 @@ +# Journal on development + +This contains information dump to record thoughts as I design this repo + +## Nix as first-class citizen instead of native config + +- Nix can export JSON and other object serialization formats + +- Still allows native config, so that Neovim, for example, which uses Turing-complete + config language, to make full use of its native LSP. + +## Design pattern emerges from unstructured code + +### Modules + +- Main thing for the first big refactor of codebase + +- nixpkgs and home-manager has their own interface for modules + +- The main benefit is to provide (runtime) type-safety on options, along with +documentations and defaults + +## Nitpicky details + +### `nativeBuildInputs` vs `buildInputs` + +- `nativeBuildInputs` is available **before** `buildInputs`. + +- `nativeBuildInputs` is supposed to be built by a deployment machine (not target) + +- `buildInputs` gives you access during runtime + +- `nativeBulidInputs` gives you access to packages during build time + +- `mkShell` doesn't care about `packages`, `nativeBuildInputs`, `buildInputs` + diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..74ba762 --- /dev/null +++ b/flake.nix @@ -0,0 +1,55 @@ +{ + description = "My personal configuration in Nix (and some native configurations)"; + inputs = { + nixpkgs.url = "nixpkgs/nixos-unstable"; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-utils.url = "github:numtide/flake-utils"; + nixgl.url = "github:guibou/nixGL"; + rust-overlay.url = "github:oxalica/rust-overlay"; + # Allows default.nix to call onto flake.nix. Useful for nix eval and automations + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + }; + + outputs = { + nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat + ,... + }@_inputs: let + # Context/global stuffs to be passed down + # TODO: adapt to different platforms think about different systems later + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + }; + }; + + # inject nixpkgs.lib onto c_ (calculus) + _lib = pkgs.lib; + inputs = (lib.recursiveUpdate {inherit system, }) + inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs); + lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib; + + # update inputs with our library and past onto our end configurations + inputs_w_lib = (lib.recursiveUpdate lib inputs_w_pkgs); + modules = (import ./modules inputs_w_lib); + hosts = (import ./hosts inputs_w_lib); + users = (import ./users inputs_w_lib); + + final_inputs = inputs_w_lib; + in { + # inherit (hosts) nixosConfigurations; + # inherit (users) homeConfigurations; + devShell = import ./shell final_inputs; + }; +} diff --git a/native_configs/README.md b/native_configs/README.md new file mode 100644 index 0000000..63955ee --- /dev/null +++ b/native_configs/README.md @@ -0,0 +1,3 @@ +# Native configs + +Contains all configurations that are written in their native language diff --git a/alacritty/alacritty.yml b/native_configs/alacritty/alacritty.yml similarity index 100% rename from alacritty/alacritty.yml rename to native_configs/alacritty/alacritty.yml diff --git a/neovim/init.lua b/native_configs/neovim/init.lua similarity index 100% rename from neovim/init.lua rename to native_configs/neovim/init.lua diff --git a/neovim/scripts/deps.sh b/native_configs/neovim/scripts/deps.sh similarity index 100% rename from neovim/scripts/deps.sh rename to native_configs/neovim/scripts/deps.sh diff --git a/ssh/authorized_keys b/native_configs/ssh/authorized_keys similarity index 100% rename from ssh/authorized_keys rename to native_configs/ssh/authorized_keys diff --git a/ssh/config b/native_configs/ssh/config similarity index 100% rename from ssh/config rename to native_configs/ssh/config diff --git a/starship/starship.toml b/native_configs/starship/starship.toml similarity index 100% rename from starship/starship.toml rename to native_configs/starship/starship.toml diff --git a/tmux/tmux.conf b/native_configs/tmux/tmux.conf similarity index 100% rename from tmux/tmux.conf rename to native_configs/tmux/tmux.conf diff --git a/zk/config.toml b/native_configs/zk/config.toml similarity index 100% rename from zk/config.toml rename to native_configs/zk/config.toml diff --git a/nixops/simple_hydra.nix b/nixops/simple_hydra.nix deleted file mode 100644 index 76d16af..0000000 --- a/nixops/simple_hydra.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - my-hydra = { config, pkgs, ... }: { - # send email - services.postfix = { - enable = true; - setSendmail = true; - }; - # postgresql as a build queue (optimization possible?) - services.postgresql = { - enable = true; - package = pkgs.postgresql; - identMap = '' - hydra-users hydra hydra - hydra-users hydra-queue-runner hydra - hydra-users hydra-www hydra - hydra-users root postgres - hydra-users postgres postgres - ''; - }; - services.hydra = { - enable = true; - useSubstitutes = true; - # hydraURL = - }; - networking = { - firewall = { - allowedTCPPorts = [ config.services.hydra.port ]; - }; - }; - }; -} diff --git a/nixops/simple_hydra_vbox.nix b/nixops/simple_hydra_vbox.nix deleted file mode 100644 index a3f8ac1..0000000 --- a/nixops/simple_hydra_vbox.nix +++ /dev/null @@ -1,25 +0,0 @@ -# guide: https://qfpl.io/posts/nix/starting-simple-hydra/ -{ - my-hydra = { config, pkgs, ... }: { - deployment = { - targetEnv = "virtualbox"; - virtualbox.memorySize = 1024; # 1 GB`` - virtualbox.vcpu = 2; # 2 vcpus :/ very limited on Linode, sorry - virtualbox.headless = true; # no gui pls - }; - services = { - nixosManual.showManual = false; # save space, just no manual on our nix installation - ntp.enable = true; # time daemon - openssh = { - allowSFTP = false; # Prefer using SCP because connection is less verbose (?) - # we are going to generate rsa public key pair to machine - passwordAuthentication = false; # client-pubkey/server-prikey or dig yourself - }; - }; - users = { - mutableUsers = false; # Remember Trien's Windows freeze function? this is it. - # Yo, allow trusted users through ok? - users.root.openssh.authorizedKeys.keyFiles = [ "ssh/authorizedKeys" ]; - }; - }; -} diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..ad3c77c --- /dev/null +++ b/secrets.nix @@ -0,0 +1,18 @@ +let + # user-specific (~/.ssh/id_ed25519.pub) + users = { + "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z"; + }; + # System-specific settings (/etc/ssh/ssh_hsot_ed25519_key.pub) + systems = { + "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs"; + }; + all = users // systems; + # stands for calculus + c_ = builtins; +in { + "system/secrets/s3fs.age".publicKeys = c_.attrValues (all); + "system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all); + "system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all); + +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..988a932 --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +# Ideally, this should contain the barebone necessary for building/interacting +# with tech used in this project + +# Should also incorporate shortcuts like scripts/{hm-switch,conf-sysnix}.sh in here instead + +# It should not contain PDE +{pkgs? import {} +,...}: pkgs.mkShell { + # These are the ones that can be built by a remote machine + nativeBuildInputs = []; + # These are the ones that must be built by the target machine + lol="hello world"; +} +