re-order stuffs around

.envrc

@@ -0,0 +1,6 @@
+# If nix-shell available, then nix is installed. We're going to use nix-direnv.
+if command -v nix-shell &> /dev/null
+then
+    use flake
+fi
+

DEV.md

@@ -0,0 +1,36 @@
+# Journal on development
+
+This contains information dump to record thoughts as I design this repo
+
+## Nix as first-class citizen instead of native config
+
+- Nix can export JSON and other object serialization formats
+
+- Still allows native config, so that Neovim, for example, which uses Turing-complete
+  config language, to make full use of its native LSP.
+
+## Design pattern emerges from unstructured code
+
+### Modules
+
+- Main thing for the first big refactor of codebase
+
+- nixpkgs and home-manager has their own interface for modules 
+
+- The main benefit is to provide (runtime) type-safety on options, along with
+documentations and defaults
+
+## Nitpicky details
+
+### `nativeBuildInputs` vs `buildInputs`
+
+- `nativeBuildInputs` is available **before** `buildInputs`.
+
+- `nativeBuildInputs` is supposed to be built by a deployment machine (not target)
+
+- `buildInputs` gives you access during runtime
+
+- `nativeBulidInputs` gives you access to packages during build time
+
+- `mkShell` doesn't care about `packages`, `nativeBuildInputs`, `buildInputs`
+

flake.nix

@@ -0,0 +1,55 @@
+{
+  description = "My personal configuration in Nix (and some native configurations)";
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    flake-utils.url = "github:numtide/flake-utils";
+    nixgl.url = "github:guibou/nixGL";
+    rust-overlay.url = "github:oxalica/rust-overlay";
+    # Allows default.nix to call onto flake.nix. Useful for nix eval and automations
+    flake-compat = {
+      url = "github:edolstra/flake-compat";
+      flake = false;
+    };
+  };
+
+  outputs = {
+    nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
+    ,...
+  }@_inputs: let 
+    # Context/global stuffs to be passed down
+    # TODO: adapt to different platforms think about different systems later
+    system = "x86_64-linux";
+    pkgs = import nixpkgs {
+      inherit system;
+      config = {
+        allowUnfree = true;
+      };
+    };
+
+    # inject nixpkgs.lib onto c_ (calculus)
+    _lib = pkgs.lib;
+    inputs = (lib.recursiveUpdate {inherit system, })
+    inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs);
+    lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib;
+
+    # update inputs with our library and past onto our end configurations
+    inputs_w_lib = (lib.recursiveUpdate lib inputs_w_pkgs);
+    modules = (import ./modules inputs_w_lib);
+    hosts = (import ./hosts inputs_w_lib); 
+    users = (import ./users inputs_w_lib);
+    
+    final_inputs = inputs_w_lib;
+  in {
+    # inherit (hosts) nixosConfigurations;
+    # inherit (users) homeConfigurations;
+    devShell = import ./shell final_inputs;
+  };
+}

native_configs/README.md

@@ -0,0 +1,3 @@
+# Native configs
+
+Contains all configurations that are written in their native language

nixops/simple_hydra.nix

@@ -1,31 +0,0 @@
-{
-  my-hydra = { config, pkgs, ... }: {
-    # send email
-    services.postfix = {
-      enable = true;
-      setSendmail = true;
-    };
-    # postgresql as a build queue (optimization possible?)
-    services.postgresql = {
-      enable = true;
-      package = pkgs.postgresql;
-      identMap = ''
-        hydra-users hydra hydra
-        hydra-users hydra-queue-runner hydra
-        hydra-users hydra-www hydra
-        hydra-users root postgres
-        hydra-users postgres postgres
-      '';
-    };
-    services.hydra = {
-      enable = true;
-      useSubstitutes = true;
-      # hydraURL = 
-    };
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ config.services.hydra.port ];
-      };
-    };
-  };
-}

nixops/simple_hydra_vbox.nix

@@ -1,25 +0,0 @@
-# guide: https://qfpl.io/posts/nix/starting-simple-hydra/
-{
-  my-hydra = { config, pkgs, ... }: {
-    deployment = {
-      targetEnv = "virtualbox";
-      virtualbox.memorySize = 1024; # 1 GB``
-      virtualbox.vcpu = 2; # 2 vcpus :/ very limited on Linode, sorry
-      virtualbox.headless = true; # no gui pls
-    };
-    services = {
-      nixosManual.showManual = false; # save space, just no manual on our nix installation
-      ntp.enable = true; # time daemon
-      openssh = {
-        allowSFTP = false; # Prefer using SCP because connection is less verbose (?)
-        # we are going to generate rsa public key pair to machine
-        passwordAuthentication = false; # client-pubkey/server-prikey or dig yourself
-      };
-    };
-    users = {
-      mutableUsers = false; # Remember Trien's Windows freeze function? this is it.
-      # Yo, allow trusted users through ok?
-      users.root.openssh.authorizedKeys.keyFiles = [ "ssh/authorizedKeys" ];
-    };
-  };
-}

secrets.nix

@@ -0,0 +1,18 @@
+let 
+  # user-specific (~/.ssh/id_ed25519.pub)
+  users = {
+    "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
+  };
+  # System-specific settings (/etc/ssh/ssh_hsot_ed25519_key.pub)
+  systems = {
+    "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs";
+  };
+  all = users // systems;
+  # stands for calculus
+  c_ = builtins;
+in {
+  "system/secrets/s3fs.age".publicKeys = c_.attrValues (all);
+  "system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
+  "system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
+
+}

shell.nix

@@ -0,0 +1,14 @@
+# Ideally, this should contain the barebone necessary for building/interacting 
+# with tech used in this project
+
+# Should also incorporate shortcuts like scripts/{hm-switch,conf-sysnix}.sh in here instead
+
+# It should not contain PDE
+{pkgs? import <nixpkgs> {}
+,...}: pkgs.mkShell {
+    # These are the ones that can be built by a remote machine
+    nativeBuildInputs = [];
+    # These are the ones that must be built by the target machine
+    lol="hello world";
+}
+