gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: NixOS + darwin equality. feat: vim overhaul.

Browse source
This commit is contained in:
Kat Inskip 2022-07-08 14:12:02 -07:00 committed by kat
parent 5879913b51
commit 2606e1d874
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
48 changed files with 463 additions and 918 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ci/flake-cron.nix
View file

@ -90,12 +90,12 @@ with lib; {
command =
let
main = (import ../.);
hosts = main.network.nodes;
nodes = main.network.nodes.nixos;
targets = main.deploy.targets;
enabledTargets = filterAttrs (_: v: v.enable) main.deploy.targets;
enabledHosts = concatLists (mapAttrsToList (targetName: target: target.nodeNames) enabledTargets);
filteredHosts = subtractLists [ "daiyousei" "shinmyoumaru" "medicine" ] enabledHosts;
hostBuildString = concatMapStringsSep " && " (host: "nix build -Lf . network.nodes.${host}.deploy.system -o result-${host} && nix-collect-garbage -d") filteredHosts;
nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . network.nodes.nixos.${node}.deploy.system -o result-${node} && nix-collect-garbage -d") filteredHosts;
in
''
# ${toString builtins.currentTime}
@ -110,7 +110,7 @@ with lib; {
if git status --porcelain | grep -qF flake.lock; then
git -P diff flake.lock
echo "checking that network.nodes.still build..." >&2
if ${hostBuildString}; then
if ${nodeBuildString}; then
if [[ -n $CACHIX_SIGNING_KEY ]]; then
cachix push kittywitch result*/ &
CACHIX_PUSH=$!

4
ci/nodes.nix
View file

@ -51,13 +51,13 @@
jobs =
let
main = (import ../.);
hosts = main.network.nodes;
hosts = main.network.nodes.nixos;
targets = main.deploy.targets;
enabledTargets = filterAttrs (k: v: v.enable && k != "medicine") main.deploy.targets;
enabledHosts = concatLists (mapAttrsToList (targetName: target: target.nodeNames) enabledTargets);
in
mapAttrs' (k: nameValuePair "${k}") (genAttrs enabledHosts (host: {
tasks.${host}.inputs = channels.nixfiles.network.nodes.${host}.deploy.system;
tasks.${host}.inputs = channels.nixfiles.network.nodes.nixos.${host}.deploy.system;
}));
ci.gh-actions.checkoutOptions.submodules = false;

58
config/modules/darwin/touchid.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.security.pam;
# Implementation Notes
#
# We don't use `environment.etc` because this would require that the user manually delete
# `/etc/pam.d/sudo` which seems unwise given that applying the nix-darwin configuration requires
# sudo. We also can't use `system.patchs` since it only runs once, and so won't patch in the
# changes again after OS updates (which remove modifications to this file).
#
# As such, we resort to line addition/deletion in place using `sed`. We add a comment to the
# added line that includes the name of the option, to make it easier to identify the line that
# should be deleted when the option is disabled.
mkSudoTouchIdAuthScript = isEnabled:
let
file = "/etc/pam.d/sudo";
option = "security.pam.enableSudoTouchIdAuth";
in ''
${if isEnabled then ''
# Enable sudo Touch ID authentication, if not already enabled
if ! grep 'pam_tid.so' ${file} > /dev/null; then
sed -i "" '2i\
auth sufficient pam_tid.so # nix-darwin: ${option}
' ${file}
fi
'' else ''
# Disable sudo Touch ID authentication, if added by nix-darwin
if grep '${option}' ${file} > /dev/null; then
sed -i "" '/${option}/d' ${file}
fi
''}
'';
in
{
options = {
security.pam.enableSudoTouchIdAuth = mkEnableOption ''
Enable sudo authentication with Touch ID
When enabled, this option adds the following line to /etc/pam.d/sudo:
auth sufficient pam_tid.so
(Note that macOS resets this file when doing a system update. As such, sudo
authentication with Touch ID won't work after a system update until the nix-darwin
configuration is reapplied.)
'';
};
config = {
system.activationScripts.extraActivation.text = ''
# PAM settings
echo >&2 "setting up pam..."
${mkSudoTouchIdAuthScript cfg.enableSudoTouchIdAuth}
'';
};
}

4
config/modules/meta/deploy.nix
View file

@ -129,7 +129,7 @@ in
};
};
continue.envVar = "TF_NIX_CONTINUE_${replaceStrings [ "-" ] [ "_" ] config.name}";
}) ++ map (nodeName: mapAttrs (_: mkMerge) meta.network.nodes.${nodeName}.deploy.tf.out.set) config.nodeNames);
}) ++ map (nodeName: mapAttrs (_: mkMerge) meta.network.nodes.nixos.${nodeName}.deploy.tf.out.set) config.nodeNames);
});
in
mkOption {
@ -141,7 +141,7 @@ in
config = {
deploy.targets =
let
nodeNames = attrNames config.network.nodes;
nodeNames = attrNames config.network.nodes.nixos;
targets = config.deploy.targets;
explicitlyDefinedHosts = concatLists (mapAttrsToList (targetName: target: remove targetName target.nodeNames) config.deploy.targets);
in

28
config/modules/meta/imports.nix
View file

@ -11,6 +11,9 @@ with lib;
nixosImports = mkOption {
type = types.listOf types.str;
};
darwinImports = mkOption {
type = types.listOf types.str;
};
homeImports = mkOption {
type = types.listOf types.str;
};
@ -22,21 +25,32 @@ with lib;
config = {
network.importing = {
nixosImports = mkDefault (map (path: toString path) [
(root + "/config/hosts/HN.nix")
(root + "/config/hosts/HN/nixos.nix")
(root + "/config/trusted/hosts/HN/nixos.nix")
(root + "/config/nodes/nixos/HN.nix")
(root + "/config/nodes/nixos/HN/nixos.nix")
(root + "/config/trusted/nodes/nixos/HN/nixos.nix")
]);
darwinImports = mkDefault (map (path: toString path) [
(root + "/config/nodes/darwin/HN.nix")
(root + "/config/nodes/darwin/HN/darwin.nix")
(root + "/config/trusted/nodes/darwin/HN/darwin.nix")
]);
homeImports = mkDefault (map (path: toString path) [
(root + "/config/hosts/HN/home.nix")
(root + "/config/trusted/hosts/HN/home.nix")
(root + "/config/nodes/nixos/HN/home.nix")
(root + "/config/nodes/darwin/HN/home.nix")
(root + "/config/trusted/nodes/HN/home.nix")
]);
users = mkDefault (singleton "kat");
};
lib.kw.nodeImport = hostName: lib.nodeImport {
lib.kw.nixosImport = hostName: lib.nodeImport {
inherit (config.network.importing) nixosImports homeImports users;
inherit profiles hostName;
};
lib.kw.darwinImport = hostName: lib.nodeImport {
nixosImports = config.network.importing.darwinImports;
profiles = profiles // { base = {}; };
inherit (config.network.importing) homeImports users;
inherit hostName;
};
_module.args = { inherit (config.lib) kw; };
};
}

62
config/modules/meta/network.nix
View file

@ -25,7 +25,21 @@ with lib;
default = toString (pkgs.path + "/nixos/modules");
};
};
nodes =
darwin = {
extraModules = mkOption {
type = types.listOf types.unspecified;
default = [ ];
};
specialArgs = mkOption {
type = types.attrsOf types.unspecified;
default = { };
};
modulesPath = mkOption {
type = types.path;
default = toString (inputs.darwin + "/modules");
};
};
nodes.nixos =
let
nixosModule = { name, config, meta, modulesPath, lib, ... }: with lib; {
options = {
@ -44,7 +58,7 @@ with lib;
inherit (pkgs) overlays config;
};
in
mkDefault (if config.nixpkgs.config == pkgs.config && config.nixpkgs.localSystem.system == pkgs.targetPlatform.system then pkgs else pkgsReval);
mkDefault (if config.nixpkgs.config == pkgs.config && config.nixpkgs.system == pkgs.targetPlatform.system then pkgs else pkgsReval);
};
};
};
@ -67,12 +81,52 @@ with lib;
type = types.attrsOf nixosType;
default = { };
};
nodes.darwin =
let
darwinModule = { name, config, meta, modulesPath, lib, ... }: with lib; {
config = {
_module.args.pkgs = pkgs;
nixpkgs = {
system = mkDefault pkgs.system;
};
};
};
darwinType =
let
baseModules = import (config.network.darwin.modulesPath + "/module-list.nix");
in
types.submoduleWith {
modules = baseModules
++ singleton darwinModule
++ config.network.darwin.extraModules;
specialArgs = {
inherit baseModules;
inherit (config.network.darwin) modulesPath;
} // config.network.darwin.specialArgs;
};
in
mkOption {
type = types.attrsOf darwinType;
default = { };
};
};
config.network = {
darwin = {
extraModules = [
inputs.home-manager.darwinModules.home-manager
meta.modules.darwin
];
specialArgs = {
inherit (config.network) nodes;
inherit inputs meta;
};
};
nixos = {
extraModules = [
"${toString inputs.home-manager}/nixos"
] ++ lib.singleton meta.modules.nixos;
inputs.home-manager.nixosModules.home-manager
meta.modules.nixos
];
specialArgs = {
inherit (config.network) nodes;
inherit inputs meta;

252
config/modules/nixos/monitoring.nix
View file

@ -1,252 +0,0 @@
{ config, lib, meta, kw, tf, ... }: with lib;
let
cfg = config.kw.monitoring;
prom_configs =
(mapAttrs (hostName: host: host.services.prometheus.exporters.node)
(filterAttrs
(_: host: host.services.prometheus.exporters.node.enable)
meta.network.nodes));
nd_configs = (mapAttrs (hostName: host: host.services.netdata)
(filterAttrs (_: host: host.services.netdata.enable) meta.network.nodes));
in
{
options.kw.monitoring = {
server = {
enable = mkEnableOption "Monitoring Stack Server";
loki = mkEnableOption "Loki";
domainPrefix = mkOption {
type = types.nullOr types.str;
};
};
client = {
enable = mkEnableOption "Monitoring Stack Client" // {
default = config.network.yggdrasil.enable && config.services.nginx.enable;
};
};
};
config = mkMerge [
({
kw.monitoring.server.domainPrefix = ".${config.network.addresses.yggdrasil.prefix}.${config.network.dns.domain}";
})
(mkIf cfg.server.loki {
network.firewall.private.tcp.ports = [ 3100 ];
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
chunk_store_config = { max_look_back_period = "0s"; };
ingester = {
chunk_idle_period = "1h";
chunk_retain_period = "30s";
chunk_target_size = 1048576;
lifecycler = {
address = "0.0.0.0";
final_sleep = "0s";
ring = {
kvstore = { store = "inmemory"; };
replication_factor = 1;
};
};
max_chunk_age = "1h";
max_transfer_retries = 0;
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
schema_config = {
configs = [{
from = "2020-10-24";
index = {
period = "24h";
prefix = "index_";
};
object_store = "filesystem";
schema = "v11";
store = "boltdb-shipper";
}];
};
compactor = {
working_directory = "/tmp/loki-compactor-boltdb";
shared_store = "filesystem";
};
server = { http_listen_port = 3100; };
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = { directory = "/var/lib/loki/chunks"; };
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
};
};
})
(mkIf cfg.server.enable {
network.firewall.private.tcp.ports = [ 9090 ];
secrets.files.grafana-admin-pass = {
text = "${tf.variables.grafana-admin.ref}";
owner = "grafana";
group = "grafana";
};
services.grafana.security.adminPasswordFile =
config.secrets.files.grafana-admin-pass.path;
services.postgresql = {
ensureDatabases = [ "grafana" ];
ensureUsers = [{
name = "grafana";
ensurePermissions."DATABASE grafana" = "ALL PRIVILEGES";
}];
};
kw.secrets.variables = (mapListToAttrs
(field:
nameValuePair "grafana-${field}" {
path = "secrets/grafana";
inherit field;
}) [ "secret" "admin" ]);
secrets.files.grafana-env = {
text = ''
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${tf.variables.grafana-secret.ref}
'';
owner = "grafana";
group = "grafana";
};
systemd.services.grafana.serviceConfig = {
EnvironmentFile = config.secrets.files.grafana-env.path;
};
services.grafana = {
enable = true;
port = 3001;
domain = "graph.${config.network.dns.domain}";
rootUrl = "https://graph.${config.network.dns.domain}/";
extraOptions = {
AUTH_GENERIC_OAUTH_ENABLED = "true";
AUTH_GENERIC_OAUTH_NAME = "Keycloak";
AUTH_GENERIC_OAUTH_CLIENT_ID = "grafana";
AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = "true";
AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.${config.network.dns.domain}/auth/realms/kittywitch/protocol/openid-connect/auth";
AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.${config.network.dns.domain}/auth/realms/kittywitch/protocol/openid-connect/token";
AUTH_GENERIC_OAUTH_API_URL = "https://auth.${config.network.dns.domain}/auth/realms/kittywitch/protocol/openid-connect/userinfo";
AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH = "contains(realm_access.roles[*], 'Admin') && 'Admin' || contains(realm_access.roles[*], 'Editor') && 'Editor' || 'Admin'";
AUTH_GENERIC_OAUTH_SCOPES = "openid profile email";
AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_NAMEs = "email:primary";
};
database = {
type = "postgres";
host = "/run/postgresql/";
user = "grafana";
name = "grafana";
};
};
services.nginx.virtualHosts."graph.${config.network.dns.domain}" = {
enableACME = true;
forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:3001"; };
};
deploy.tf.dns.records.services_grafana = {
inherit (config.network.dns) zone;
domain = "graph";
cname = { inherit (config.network.addresses.public) target; };
};
services.prometheus = {
enable = true;
scrapeConfigs = mapAttrsToList
(hostName: prom: {
job_name = "${hostName}-nd";
metrics_path = "/api/v1/allmetrics";
honor_labels = true;
params = { format = [ "prometheus" ]; };
static_configs = singleton { targets = singleton "${hostName}${cfg.server.domainPrefix}:19999"; };
})
nd_configs ++ mapAttrsToList
(hostName: prom: {
job_name = hostName;
static_configs = singleton {
targets = [ "${hostName}${cfg.server.domainPrefix}:${toString prom.port}" ];
};
})
prom_configs;
};
})
(mkIf cfg.client.enable {
network.firewall.private.tcp.ports = [ 19999 9002 ];
services.netdata.enable = true;
services.nginx.virtualHosts = kw.virtualHostGen {
networkFilter = singleton "yggdrasil";
block = {
locations."/netdata" = {
proxyPass = "http://[::1]:19999/";
};
};
};
systemd.services.promtail = {
enable = any id (attrValues (mapAttrs (node: conf: conf.kw.monitoring.server.loki) meta.network.nodes));
description = "Promtail service for Loki";
wantedBy = [ "multi-user.target" ];
wants = [ "yggdrassil.service" ];
serviceConfig = mkIf (any id (attrValues (mapAttrs (node: conf: conf.kw.monitoring.server.loki) meta.network.nodes))) {
ExecStart =
let
serverNode = head (attrNames (filterAttrs (node: enabled: enabled == true) (mapAttrs (node: conf: conf.kw.monitoring.server.loki) meta.network.nodes)));
promtailConfig = pkgs.writeText "prom-config.json" (builtins.toJSON {
clients =
[{ url = "http://${serverNode}${cfg.server.domainPrefix}:3100/loki/api/v1/push"; }];
positions = { filename = "/tmp/positions.yaml"; };
scrape_configs = [{
job_name = "journal";
journal = {
labels = {
host = config.networking.hostName;
job = "systemd-journal";
};
max_age = "12h";
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
server = {
grpc_listen_port = 0;
http_listen_port = 28183;
};
});
in
''
${pkgs.grafana-loki}/bin/promtail --config.file ${promtailConfig}
'';
};
};
services.prometheus = {
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
};
})
];
}

2
config/modules/nixos/yggdrasil.nix
View file

@ -105,7 +105,7 @@ in
c: c.enable && (cfg.pubkey != c.pubkey)
)
(
mapAttrsToList (_: node: node.network.yggdrasil or { enable = false; pubkey = null; }) meta.network.nodes
mapAttrsToList (_: node: node.network.yggdrasil or { enable = false; pubkey = null; }) meta.network.nodes.nixos
);
pubkeys = flatten ((filter (n: n != "0000000000000000000000000000000000000000000000000000000000000000") (attrValues cfg.extern.pubkeys)) ++ (map (c: [ c.pubkey ] ++ (attrValues c.extra.pubkeys)) yggConfigs));
in

18
config/hosts/sumireko.nix → config/nodes/darwin/sumireko.nix
View file

@ -1,22 +1,18 @@
{ config, pkgs, lib, meta, ... }: {
{ config, pkgs, lib, inputs, meta, ... }: {
imports = with meta; [
profiles.hardware.aarch64-darwin
profiles.darwin
users.kat.darwin
users.kat.dev
];
services.nix-daemon.enable = true;
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
package = pkgs.nixFlakes;
};
security.pam.enableSudoTouchIdAuth = true;
homebrew = {
enable = true;
brewPrefix = "/opt/homebrew/bin";
casks = [
"element"
"visual-studio-code"
"firefox"
"discord"
];
};
environment.systemPackages = with pkgs; [
@ -24,9 +20,5 @@
jq
];
programs.zsh = {
enable = true;
};
system.stateVersion = 4;
}

0
config/hosts/chen.nix → config/nodes/nixos/chen.nix
View file

2
config/hosts/daiyousei.nix → config/nodes/nixos/daiyousei.nix
View file

@ -1,6 +1,6 @@
{ config, inputs, tf, meta, kw, pkgs, lib, ... }: with lib; {
imports = with meta; [
profiles.hardware.aarch64
profiles.hardware.aarch64-linux
profiles.hardware.oracle.ubuntu
profiles.network
users.kat.services.weechat

0
config/hosts/koishi.nix → config/nodes/nixos/koishi.nix
View file

0
config/hosts/marisa.nix → config/nodes/nixos/marisa.nix
View file

0
config/hosts/ran.nix → config/nodes/nixos/ran.nix
View file

0
config/hosts/rinnosuke.nix → config/nodes/nixos/rinnosuke.nix
View file

0
config/hosts/yukari.nix → config/nodes/nixos/yukari.nix
View file

5
config/profiles/darwin/homebrew.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
homebrew = {
enable = true;
};
}

17
config/profiles/darwin/nix.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, inputs, ... }: {
services.nix-daemon.enable = true;
nix = {
registry = {
nixpkgs.flake = inputs.nixpkgs;
nur.flake = inputs.nur;
arc.flake = inputs.arcexprs;
ci.flake = inputs.ci;
};
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
keep-derivations = true
keep-outputs = true
'';
};
}

5
config/profiles/darwin/shell.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
programs.zsh = {
enable = true;
};
}

2
config/profiles/gui/nfs.nix
View file

@ -5,7 +5,7 @@
/*
fileSystems."/mnt/kat-nas" = lib.mkIf (config.networking.hostName != "yukari") {
device = "${meta.network.nodes.yukari.network.addresses.w.domain}:/mnt/zraw/media";
device = "${meta.network.nodes.nixos.yukari.network.addresses.w.domain}:/mnt/zraw/media";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "nfsvers=4" "soft" "retrans=2" "timeo=60" ];
};

3
config/profiles/hardware/aarch64-darwin.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, lib, ... }: with lib; {
nixpkgs.system = "aarch64-darwin";
}

0
config/profiles/hardware/aarch64.nix → config/profiles/hardware/aarch64-linux.nix
View file

55
config/profiles/network.nix
View file

@ -76,58 +76,3 @@
};
};
}
# networking.firewall.extraCommands = ''
# ip6tables -A INPUT -p 89 -i wgmesh-+ -j ACCEPT
# ${if config.networking.hostName != "marisa" then "ip route replace to 10.42.68.0/24 via ${meta.network.nodes.marisa.network.addresses.wireguard.nixos.ipv4.address}" else ""}
# '';
# networking.nftables.extraInput = ''
# meta l4proto 89 iifname wgmesh-* accept
# '';
#
# network.firewall.private.interfaces = singleton "wgmesh-*";
#
# networking.policyrouting = {
# enable = true;
# rules = [
# { rule = "lookup main suppress_prefixlength 0"; prio = 7000; }
# { rule = "lookup 89 suppress_prefixlength 0"; prio = 8000; }
# { rule = "from all fwmark 51820 lookup main"; prio = 9000; }
# ] ++ (lib.optional config.network.routeDefault { rule = "not from all fwmark 51820 lookup 89"; prio = 9000; });
# };
#
# network.wireguard = {
# enable = true;
# tf.enable = true;
# fwmark = 51820;
# };
#
# network.bird =
# let
# mkKernel = version: ''
# ipv${toString version} {
# import all;
# export filter {
# if source = RTS_STATIC then reject;
# accept;
# };
# };
# kernel table 89;
# scan time 15;
# '';
# mkIgp = version: {
# version = 3;
# extra = "ipv${toString version} { import all; export all; };";
# areas."0".interfaces."wgmesh-*".cost = 100;
# };
# in
# {
# routerId = "${config.network.wireguard.prefixV4}.${toString config.network.wireguard.magicNumber}";
# kernel4Config = mkKernel 4;
# kernel6Config = mkKernel 6;
# ospf = {
# enable = true;
# protocols.igp4 = mkIgp 4;
# protocols.igp6 = mkIgp 6;
# };
# };

2
config/services/access.nix
View file

@ -63,7 +63,7 @@
enableACME = true;
locations = {
"/" = {
proxyPass = "http://[${meta.network.nodes.yukari.network.addresses.yggdrasil.nixos.ipv6.address}]";
proxyPass = "http://[${meta.network.nodes.nixos.yukari.network.addresses.yggdrasil.nixos.ipv6.address}]";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

2
config/services/kattv.nix
View file

@ -40,7 +40,7 @@ let
{ element.matroskamux.streamable = true; }
{
element.tcpclientsink = {
host = meta.network.nodes.yukari.network.addresses.private.nixos.ipv4.address;
host = meta.network.nodes.nixos.yukari.network.addresses.private.nixos.ipv4.address;
port = "4953";
sync = false;
};

2
config/services/kattv2.nix
View file

@ -41,7 +41,7 @@ let
{ element.matroskamux.streamable = true; }
{
element.tcpclientsink = {
host = meta.network.nodes.yukari.network.addresses.private.nixos.ipv4.address;
host = meta.network.nodes.nixos.yukari.network.addresses.private.nixos.ipv4.address;
port = "4954";
sync = false;
};

2
config/targets/rinnosuke-domains.nix
View file

@ -1,6 +1,6 @@
{ config, ... }:
let rinnosuke = config.network.nodes.rinnosuke; in
let rinnosuke = config.network.nodes.nixos.rinnosuke; in
{
deploy.targets.rinnosuke-domains.tf = {
dns.records = {

2
config/tf

@ -1 +1 @@
Subproject commit 2b13499855c58b29bc3f3dd9f566b003251c5fbb
Subproject commit 84b1742d36714279de336e2bee37848d0b3b6de8

1
config/trusted

@ -1 +0,0 @@
Subproject commit 2af2d4cc2e4675a7eebbdfccd5542d306104c237

1
config/users/kat/base/packages.nix
View file

@ -19,7 +19,6 @@
zstd
file
whois
dnsutils
neofetch
];
}

2
config/users/kat/base/ssh.nix
View file

@ -20,7 +20,7 @@
in
(lib.foldAttrList (map
(network:
lib.mapAttrs (_: v: { hostname = v.domain; } // common) (lib.filterAttrs (_: v: v.enable) (lib.mapAttrs (_: v: v.network.addresses.${network}) meta.network.nodes))
lib.mapAttrs (_: v: { hostname = v.domain; } // common) (lib.filterAttrs (_: v: v.enable) (lib.mapAttrs (_: v: v.network.addresses.${network}) meta.network.nodes.nixos))
) [ "private" "public" ]));
};
}

65
config/users/kat/base/vim/base16-vim.patch
View file

@ -1,65 +0,0 @@
diff --git a/templates/default.mustache b/templates/default.mustache
index f95466f..8da6909 100644
--- a/templates/default.mustache
+++ b/templates/default.mustache
@@ -194,12 +194,12 @@ fun <sid>hi(group, guifg, guibg, ctermfg, ctermbg, attr, guisp)
endfun
" Vim editor colors
-call <sid>hi("Normal", s:gui05, s:gui00, s:cterm05, s:cterm00, "", "")
+call <sid>hi("Normal", s:gui05, "NONE", s:cterm05, "NONE", "", "")
call <sid>hi("Bold", "", "", "", "", "bold", "")
call <sid>hi("Debug", s:gui08, "", s:cterm08, "", "", "")
call <sid>hi("Directory", s:gui0D, "", s:cterm0D, "", "", "")
call <sid>hi("Error", s:gui00, s:gui08, s:cterm00, s:cterm08, "", "")
-call <sid>hi("ErrorMsg", s:gui08, s:gui00, s:cterm08, s:cterm00, "", "")
+call <sid>hi("ErrorMsg", s:gui08, "NONE", s:cterm08, "NONE", "", "")
call <sid>hi("Exception", s:gui08, "", s:cterm08, "", "", "")
call <sid>hi("FoldColumn", s:gui0C, s:gui01, s:cterm0C, s:cterm01, "", "")
call <sid>hi("Folded", s:gui03, s:gui01, s:cterm03, s:cterm01, "", "")
@@ -220,15 +220,15 @@ call <sid>hi("VisualNOS", s:gui08, "", s:cterm08, "", "", "")
call <sid>hi("WarningMsg", s:gui08, "", s:cterm08, "", "", "")
call <sid>hi("WildMenu", s:gui00, s:gui05, s:cterm00, s:cterm05, "", "")
call <sid>hi("Title", s:gui0D, "", s:cterm0D, "", "none", "")
-call <sid>hi("Conceal", s:gui0D, s:gui00, s:cterm0D, s:cterm00, "", "")
+call <sid>hi("Conceal", s:gui0D, "NONE", s:cterm0D, "NONE", "", "")
call <sid>hi("Cursor", s:gui00, s:gui05, s:cterm00, s:cterm05, "inverse", "")
call <sid>hi("NonText", s:gui03, "", s:cterm03, "", "", "")
call <sid>hi("Whitespace", s:gui03, "", s:cterm03, "", "", "")
-call <sid>hi("LineNr", s:gui03, s:gui00, s:cterm03, s:cterm00, "", "")
-call <sid>hi("SignColumn", s:gui03, s:gui00, s:cterm03, s:cterm00, "", "")
+call <sid>hi("LineNr", s:gui03, "NONE", s:cterm03, "NONE", "", "")
+call <sid>hi("SignColumn", s:gui03, "NONE", s:cterm03, "NONE", "", "")
call <sid>hi("StatusLine", s:gui04, s:gui01, s:cterm04, s:cterm01, "none", "")
call <sid>hi("StatusLineNC", s:gui03, s:gui01, s:cterm03, s:cterm01, "none", "")
-call <sid>hi("VertSplit", s:gui01, s:gui00, s:cterm01, s:cterm00, "none", "")
+call <sid>hi("VertSplit", s:gui01, "NONE", s:cterm01, "NONE", "none", "")
call <sid>hi("ColorColumn", "", s:gui01, "", s:cterm01, "none", "")
call <sid>hi("CursorColumn", "", s:gui01, "", s:cterm01, "none", "")
call <sid>hi("CursorLine", "", s:gui01, "", s:cterm01, "none", "")
@@ -403,11 +403,11 @@ call <sid>hi("DiffAdd", s:gui0B, s:gui02, s:cterm0B, s:cterm02, "", "")
call <sid>hi("DiffChange", s:gui05, s:gui02, s:cterm05, s:cterm02, "", "")
call <sid>hi("DiffDelete", s:gui08, s:gui02, s:cterm08, s:cterm02, "", "")
call <sid>hi("DiffText", s:gui0D, s:gui02, s:cterm0D, s:cterm02, "", "")
-call <sid>hi("DiffAdded", s:gui0B, s:gui00, s:cterm0B, s:cterm00, "", "")
-call <sid>hi("DiffFile", s:gui08, s:gui00, s:cterm08, s:cterm00, "", "")
-call <sid>hi("DiffNewFile", s:gui0B, s:gui00, s:cterm0B, s:cterm00, "", "")
-call <sid>hi("DiffLine", s:gui0D, s:gui00, s:cterm0D, s:cterm00, "", "")
-call <sid>hi("DiffRemoved", s:gui08, s:gui00, s:cterm08, s:cterm00, "", "")
+call <sid>hi("DiffAdded", s:gui0B, "NONE", s:cterm0B, "NONE", "", "")
+call <sid>hi("DiffFile", s:gui08, "NONE", s:cterm08, "NONE", "", "")
+call <sid>hi("DiffNewFile", s:gui0B, "NONE", s:cterm0B, "NONE", "", "")
+call <sid>hi("DiffLine", s:gui0D, "NONE", s:cterm0D, "NONE", "", "")
+call <sid>hi("DiffRemoved", s:gui08, "NONE", s:cterm08, "NONE", "", "")
" Git highlighting
call <sid>hi("gitcommitOverflow", s:gui08, "", s:cterm08, "", "", "")
@@ -471,7 +471,7 @@ call <sid>hi("mailEmail", s:gui0D, "", s:cterm0D, "", "", "")
" Markdown highlighting
call <sid>hi("markdownCode", s:gui0B, "", s:cterm0B, "", "", "")
-call <sid>hi("markdownError", s:gui05, s:gui00, s:cterm05, s:cterm00, "", "")
+call <sid>hi("markdownError", s:gui05, "NONE", s:cterm05, "NONE", "", "")
call <sid>hi("markdownCodeBlock", s:gui0B, "", s:cterm0B, "", "", "")
call <sid>hi("markdownHeadingDelimiter", s:gui0D, "", s:cterm0D, "", "", "")

114
config/users/kat/base/vim/init.lua Normal file
View file

@ -0,0 +1,114 @@
local g = vim.g -- Global variables
local opt = vim.opt -- Set options (global/buffer/windows-scoped)
local api = vim.api -- Lua API
-----------------------------------------------------------
-- General
-----------------------------------------------------------
opt.mouse = 'a' -- Enable mouse support
opt.clipboard = 'unnamedplus' -- Copy/paste to system clipboard
opt.completeopt = 'longest,menuone' -- Autocomplete options
opt.backup = false -- Disable backup
opt.writebackup = false -- Disable backup
opt.ttimeoutlen = 100 -- Mapping timeout
-----------------------------------------------------------
-- Neovim UI
-----------------------------------------------------------
vim.cmd("colorscheme base16-default-dark") -- Color scheme
opt.number = true -- Show line number
opt.relativenumber = true -- Relative line numbers
opt.showmatch = true -- Highlight matching parenthesis
opt.foldmethod = 'marker' -- Enable folding (default 'foldmarker')
opt.colorcolumn = '80' -- Line length marker at 80 columns
opt.splitright = true -- Vertical split to the right
opt.splitbelow = true -- Horizontal split to the bottom
opt.ignorecase = true -- Ignore case letters when search
opt.smartcase = true -- Ignore lowercase for the whole pattern
opt.linebreak = true -- Wrap on word boundary
opt.showbreak = "" -- Character to use to display word boundary
opt.termguicolors = true -- Enable 24-bit RGB colors
opt.laststatus = 3 -- Set global statusline
opt.listchars = 'tab:» ,extends:,precedes:,nbsp:·,trail:✖' -- Set listmode options
opt.cursorline = true -- Highlight cursor screenline
opt.cmdheight = 1 -- Command entry line height
opt.hlsearch = true -- Highlight matches with last search pattern
-----------------------------------------------------------
-- Tabs, indent
-----------------------------------------------------------
opt.expandtab = false -- Use spaces instead of tabs
opt.shiftwidth = 4 -- Shift 4 spaces when tab
opt.tabstop = 4 -- 1 tab == 4 spaces
opt.smartindent = true -- Autoindent new lines
-----------------------------------------------------------
-- Memory, CPU
-----------------------------------------------------------
opt.hidden = true -- Enable background buffers
opt.history = 100 -- Remember N lines in history
opt.lazyredraw = true -- Faster scrolling
opt.synmaxcol = 240 -- Max column for syntax highlight
opt.updatetime = 700 -- ms to wait for trigger an event
-----------------------------------------------------------
-- Base16
-----------------------------------------------------------
vim.base16colorspace=256
api.nvim_create_autocmd("vimenter", {
command = "highlight Normal guibg=NONE ctermbg=NONE"
})
api.nvim_create_autocmd("SourcePost", {
command = "highlight Normal ctermbg=NONE guibg=NONE | " ..
"highlight LineNr ctermbg=NONE guibg=NONE | " ..
"highlight SignColumn ctermbg=NONE guibg=NONE"
})
-----------------------------------------------------------
-- Plugins
-----------------------------------------------------------
-- Hexokinaise
g.Hexokinase_highlighters = {'virtual'}
g.Hexokinase_optInPatterns = {
'full_hex',
'rgb',
'rgba',
'hsl',
'hsla',
'colour_names'
}
-- Lastplace
g.lastplace_ignore = 'gitcommit,gitrebase,svn,hgcommit'
-----------------------------------------------------------
-- Startup
-----------------------------------------------------------
-- Disable builtins plugins
local disabled_built_ins = {
"netrw",
"netrwPlugin",
"netrwSettings",
"netrwFileHandlers",
"gzip",
"zip",
"zipPlugin",
"tar",
"tarPlugin",
"getscript",
"getscriptPlugin",
"vimball",
"vimballPlugin",
"2html_plugin",
"logipat",
"rrhelper",
"spellfile_plugin",
"matchit"
}
for _, plugin in pairs(disabled_built_ins) do
g["loaded_" .. plugin] = 1
end

47
config/users/kat/base/vim/init.vim
View file

@ -1,47 +0,0 @@
set encoding=utf-8
scriptencoding utf-8
set list listchars=tab:»\ ,extends:,precedes:,nbsp,trail:✖
" Enable mouse
set mouse=a
set viminfo='100000,<100000,s1000,h,n~/.local/share/vim/viminfo'
set ts=2
set sw=2
" colors
let base16colorspace=256
autocmd vimenter * highlight Normal guibg=NONE ctermbg=NONE
autocmd SourcePost * highlight Normal ctermbg=NONE guibg=NONE
\ | highlight LineNr ctermbg=NONE guibg=NONE
\ | highlight SignColumn ctermbg=NONE guibg=NONE
" tabline
let g:airline#extensions#tabline#enabled = 1
" hexokinaise
let g:Hexokinase_highlighters = ['virtual']
let g:Hexokinase_optInPatterns = 'full_hex,rgb,rgba,hsl,hsla,colour_names'
" lastplace
let g:lastplace_ignore = "gitcommit,gitrebase,svn,hgcommit"
set undodir=$XDG_DATA_HOME/vim/undo
set directory=$XDG_DATA_HOME/vim/swap//
set backupdir=$XDG_DATA_HOME/vim/backup
set ttimeoutlen=100
set number
set hidden
set nobackup
set nowritebackup
set cmdheight=1
set updatetime=300
set cursorline
set colorcolumn=100
set linebreak showbreak=" ↳
set hlsearch
set relativenumber
set completeopt=longest,menuone
command Spaces set expandtab
command Tabs set noexpandtab

27
config/users/kat/base/vim/nvim.nix
View file

@ -1,43 +1,26 @@
{ config, lib, pkgs, nixos, ... }: with lib;
let initvim = pkgs.callPackage
({ stdenv, nodejs }: stdenv.mkDerivation {
name = "init.vim";
src = ./init.vim;
inherit nodejs;
buildInputs = [
nodejs
];
phases = [ "buildPhase" ];
buildPhase = ''
substituteAll $src $out
'';
})
{ };
in
{
home.sessionVariables = mkIf config.programs.neovim.enable { EDITOR = "nvim"; };
programs.neovim = {
enable = true;
extraConfig = ''
source ${initvim}
${if nixos.networking.hostName == "koishi" then "color-scheme base16-default-light" else "colorscheme base16-default-dark"}
'';
vimAlias = true;
viAlias = true;
plugins = with pkgs.vimPlugins; [
vim-cool
vim-lastplace
vim-hexokinase
vim-easymotion
vim-nix
fzf-vim
vim-fugitive
vim-startify
vim-airline
vim-airline-themes
vim-lastplace
lualine-nvim
hop-nvim
];
extraConfig = ''
luafile ${./init.lua}
'';
};
}

38
config/users/kat/base/vim/vim.nix
View file

@ -1,38 +0,0 @@
{ config, lib, pkgs, ... }: with lib;
let initvim = pkgs.callPackage
({ stdenv }: stdenv.mkDerivation {
name = "init.vim";
src = ./init.vim;
phases = [ "buildPhase" ];
buildPhase = ''
substituteAll $src $out
'';
})
{ };
in
{
home.sessionVariables = mkIf config.programs.vim.enable { EDITOR = "vim"; };
programs.vim = {
enable = false;
packageConfigurable = pkgs.vim_configurable-pynvim;
extraConfig = ''
source ${initvim}
${if nixos.networking.hostName == "koishi" then "color-scheme base16-default-light" else "colorscheme base16-default-dark"}
'';
plugins = with pkgs.vimPlugins; [
"vim-cool"
"vim-lastplace"
"vim-hexokinase"
"vim-easymotion"
"vim-nix"
"fzf-vim"
"vim-fugitive"
"vim-startify"
"vim-airline"
"vim-airline-themes"
"vim-lastplace"
];
};
}

25
config/users/kat/dev/emacs.nix
View file

@ -1,25 +0,0 @@
{ tf, config, lib, pkgs, inputs, ... }: with lib;
let
doom-emacs = pkgs.callPackage inputs.nix-doom-emacs {
doomPrivateDir = "${./doom.d}";
emacsPackages = pkgs.emacsPackagesFor pkgs.emacsPgtkGcc;
bundledPackages = false;
emacsPackagesOverlay = self: super: {
magit-delta = super.magit-delta.overrideAttrs (esuper: {
buildInputs = esuper.buildInputs ++ [ pkgs.git ];
});
straight = self.straightBuild {
pname = "straight";
};
};
};
in
optionalAttrs (builtins.getEnv "CI_PLATFORM" == "impure" && builtins.getEnv "TF_IN_AUTOMATION" != "") {
home.packages = [ doom-emacs pkgs.sqlite ];
home.file.".emacs.d/init.el".text = ''
(load "default.el")
(load-theme 'base16-${elemAt (splitString "." config.base16.alias.default) 1} t)
'';
}

1
config/users/kat/dev/packages.nix
View file

@ -3,7 +3,6 @@
{
home.packages = with pkgs; [
jq
apache-directory-studio
hyperfine
hexyl
tokei

66
config/users/kat/dev/vim/default.nix
View file

@ -1,76 +1,20 @@
{ config, pkgs, ... }:
let
initvim = pkgs.callPackage
({ stdenv, nodejs }: stdenv.mkDerivation {
name = "init.vim";
src = ./init.vim;
inherit nodejs;
buildInputs = [
nodejs
];
phases = [ "buildPhase" ];
buildPhase = ''
substituteAll $src $out
'';
})
{ };
cocvim = pkgs.callPackage
({ stdenv, elinks, nodejs }: stdenv.mkDerivation {
name = "coc.vim";
src = ./coc.vim;
inherit nodejs;
buildInputs = [
nodejs
];
phases = [ "buildPhase" ];
buildPhase = ''
substituteAll $src $out
'';
})
{ };
in
{
programs.neovim = {
extraConfig = ''
source ${initvim}
source ${cocvim}
luafile ${./init.lua}
'';
extraPackages = with pkgs; [
terraform-ls
];
plugins = with pkgs.vimPlugins; [
neorg
nvim-cmp
plenary-nvim
nvim-base16
nvim-web-devicons
telescope-nvim
coc-yaml
coc-git
coc-css
coc-html
coc-nvim
coc-rust-analyzer
coc-yank
coc-python
coc-json
coc-fzf
nvim-lspconfig
];
coc = {
enable = true;
settings = {
"rust.rustfmt_path" = "${pkgs.rustfmt}/bin/rustfmt";
"rust-analyzer.serverPath" = "rust-analyzer";
"rust-analyzer.updates.prompt" = false;
"rust-analyzer.notifications.cargoTomlNotFound" = false;
"rust-analyzer.notifications.workspaceLoaded" = false;
"rust-analyzer.procMacro.enable" = true;
"rust-analyzer.cargo.loadOutDirsFromCheck" = true;
"rust-analyzer.cargo-watch.enable" = true;
"rust-analyzer.completion.addCallParenthesis" = false; # consider using this?
"rust-analyzer.hoverActions.linksInHover" = true;
"rust-analyzer.diagnostics.disabled" = [
"inactive-code" # it has strange cfg support..?
];
};
};
};
}

51
config/users/kat/dev/vim/init.lua Normal file
View file

@ -0,0 +1,51 @@
local api = vim.api
local cmp = require'cmp'
-----------------------------------------------------------
-- Plugins
-----------------------------------------------------------
-- nvim-cmp
cmp.setup({
snippet = {
expand = function(args)
vim.fn["vsnip#anonymous"](args.body)
end,
},
mapping = {
['<C-y>'] = cmp.mapping.confirm({ select = true }),
},
sources = {
{ name = 'neorg' },
}
})
-- lspconfig
require'lspconfig'.terraformls.setup{}
api.nvim_create_autocmd('BufWritePre', {
pattern = '*.tf',
command = 'lua vim.lsp.buf.formatting_sync()'
})
-- neorg
require('neorg').setup {
-- Tell Neorg what modules to load
load = {
['core.defaults'] = {}, -- Load all the default modules
['core.norg.concealer'] = {}, -- Allows for use of icons
['core.norg.dirman'] = { -- Manage your directories with Neorg
config = {
engine = 'nvim-cmp',
workspaces = {
home = '~/neorg'
}
}
}
},
}
-- telescope
api.nvim_set_keymap('n', '<leader>ff', '<cmd>Telescope find_files<cr>', { noremap = true, silent = true })
api.nvim_set_keymap('n', '<leader>fg', '<cmd>Telescope live_grep<cr>', { noremap = true, silent = true })
api.nvim_set_keymap('n', '<leader>fb', '<cmd>Telescope buffers<cr>', { noremap = true, silent = true })
api.nvim_set_keymap('n', '<leader>fh', '<cmd>Telescope help_tags<cr>', { noremap = true, silent = true })

37
config/users/kat/dev/vim/init.vim
View file

@ -1,37 +0,0 @@
lua << EOF
local cmp = require'cmp'
cmp.setup({
snippet = {
expand = function(args)
vim.fn["vsnip#anonymous"](args.body)
end,
},
mapping = {
['<C-y>'] = cmp.mapping.confirm({ select = true }),
},
sources = {
{ name = 'neorg' },
}
})
require('neorg').setup {
-- Tell Neorg what modules to load
load = {
["core.defaults"] = {}, -- Load all the default modules
["core.norg.concealer"] = {}, -- Allows for use of icons
["core.norg.dirman"] = { -- Manage your directories with Neorg
config = {
engine = "nvim-cmp",
workspaces = {
home = "~/neorg"
}
}
}
},
}
EOF
nnoremap <leader>ff <cmd>Telescope find_files<cr>
nnoremap <leader>fg <cmd>Telescope live_grep<cr>
nnoremap <leader>fb <cmd>Telescope buffers<cr>
nnoremap <leader>fh <cmd>Telescope help_tags<cr>

4
devShell.nix
View file

@ -49,12 +49,12 @@ with lib; pkgs.mkShell {
(node: writeShellScriptBin "${node.networking.hostName}-sd-img" ''
nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace
'')
(filter (node: node.system.build ? sdImage) (attrValues meta.network.nodes)))
(filter (node: node.system.build ? sdImage) (attrValues meta.network.nodes.nixos)))
++ (map
(node: writeShellScriptBin "${node.networking.hostName}-iso-img" ''
nix build -f . network.nodes.${node.networking.hostName}.system.build.isoImage --show-trace
'')
(filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes)));
(filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos)));
shellHook = ''
export HOME_HOSTNAME=$(hostname -s)
export NIX_BIN_DIR=${pkgs.nix}/bin

148
flake.lock generated
View file

@ -3,11 +3,11 @@
"arcexprs": {
"flake": false,
"locked": {
"lastModified": 1654705662,
"narHash": "sha256-+vgMNuehEQqtXmtwq0w0sGDy8b6bShFiS2ZbBtUDw6k=",
"lastModified": 1657234505,
"narHash": "sha256-uDlulP599ZbH+Fgw317nYMfyS+vnKwIDgQevMyc/SV4=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "727f8eb7aaf542b675aaa9141a5027ccb961539e",
"rev": "28017bbbea8ca56691b9c7625a032c2e2dd6283a",
"type": "github"
},
"original": {
@ -37,7 +37,7 @@
"darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
"nixpkgs"
]
},
"locked": {
@ -96,11 +96,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1656067965,
"narHash": "sha256-P/Rtc5a64qm0oww9oLQsTarR6jsCT+vyzC9kc6ebgnk=",
"lastModified": 1657275959,
"narHash": "sha256-pg8FB1DRImBpqXHCp/0Y7bIphpVqGmkWgWOcFDMwdTg=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "a764f50d7667f54e275ec1260de2f8d97b677525",
"rev": "22448c09bae21969ca14d1558a120dafe9853c73",
"type": "github"
},
"original": {
@ -222,29 +222,13 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1656065134,
"narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@ -274,30 +258,6 @@
"type": "github"
}
},
"home-manager-darwin": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs-darwin"
],
"nmd": "nmd",
"nmt": "nmt",
"utils": "utils"
},
"locked": {
"lastModified": 1655928858,
"narHash": "sha256-qVOcb7WVDiqs2yseZwCZRsKT0be8bF3NZufdBZVvZXU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e622bad16372aa5ada79a7fa749ec78715dffc54",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-dns": {
"inputs": {
"flake-utils": [
@ -382,39 +342,25 @@
},
"nixpkgs": {
"locked": {
"lastModified": 0,
"narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=",
"path": "/nix/store/3ds4cwrnkgfvpjgf80vr2dbw9yfrrnsv-source",
"type": "path"
"lastModified": 1657208011,
"narHash": "sha256-BlIFwopAykvdy1DYayEkj6ZZdkn+cVgPNX98QVLc0jM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2770cc0b1e8faa0e20eb2c6aea64c256a706d4f2",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1655946012,
"narHash": "sha256-+QmcvgnRmGPbAlCIOAVHggIMH2GE7w76EI17jYDTmHc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3aad50c30c826430b0270fcf8264c8c41b005403",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-21.11-darwin",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1655983783,
"narHash": "sha256-0h1FzkYWei24IdKNpCX93onkF/FMiXQG8SdEbTc0r8A=",
"lastModified": 1657114324,
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6141b8932a5cf376fe18fcd368cecd9ad946cb68",
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d",
"type": "github"
},
"original": {
@ -424,38 +370,6 @@
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
"lastModified": 1653339422,
"narHash": "sha256-RNLq09vfj21TyYuUCeD6BNTNC6Ew8bLhQULZytN4Xx8=",
"owner": "rycee",
"repo": "nmd",
"rev": "91dee681dd1c478d6040a00835d73c0f4a4c5c29",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"nose": {
"flake": false,
"locked": {
@ -474,11 +388,11 @@
},
"nur": {
"locked": {
"lastModified": 1656085179,
"narHash": "sha256-LRHmv8hvpg+sDERAoGINO0HYdmelwtLU0mBBzdUb0Yc=",
"lastModified": 1657272425,
"narHash": "sha256-Y1vbPYhUi0ZKqn6XxQeE/RnyMcfHIE0YCkR1iPGoToo=",
"owner": "nix-community",
"repo": "nur",
"rev": "70d28da7927d3c1dbed74bdfa6bb50969e548537",
"rev": "4a0d26d6ccb60f24a5e771c6de4c64622fb2b4af",
"type": "github"
},
"original": {
@ -593,11 +507,9 @@
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"home-manager-darwin": "home-manager-darwin",
"nix-dns": "nix-dns",
"nix-doom-emacs": "nix-doom-emacs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-darwin": "nixpkgs-darwin",
"nur": "nur",
"tf-nix": "tf-nix",
"trusted": "trusted"
@ -655,7 +567,6 @@
"trusted": {
"flake": false,
"locked": {
"lastModified": 1652920457,
"narHash": "sha256-Q3QXOoy+iN4VK2CflvRulYvPZXYgF0dO7FoF7CvWFTA=",
"path": "./empty/.",
"type": "path"
@ -664,21 +575,6 @@
"path": "./empty/.",
"type": "path"
}
},
"utils": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

37
flake.nix
View file

@ -15,11 +15,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/nur/master";
nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-21.11-darwin";
darwin.url = "github:lnl7/nix-darwin/master";
darwin.inputs.nixpkgs.follows = "nixpkgs-darwin";
home-manager-darwin.url = "github:nix-community/home-manager";
home-manager-darwin.inputs.nixpkgs.follows = "nixpkgs-darwin";
darwin.inputs.nixpkgs.follows = "nixpkgs";
nix-dns = {
url = "github:kirelagin/nix-dns/master";
inputs.nixpkgs.follows = "nixpkgs";
@ -49,30 +46,20 @@
};
};
outputs = { self, nixpkgs, flake-utils, darwin, home-manager-darwin, ... }@inputs: flake-utils.lib.eachDefaultSystem
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
providedSystems = flake-utils.lib.eachDefaultSystem
(system:
let pkgs = nixpkgs.legacyPackages.${system}; in
rec {
devShell = import ./devShell.nix { inherit inputs system; };
legacyPackages = import ./outputs.nix { inherit inputs system; };
nixosConfigurations = legacyPackages.network.nodes;
}
) // {
darwinConfigurations."sumireko" = let
system = "aarch64-darwin";
meta = self.legacyPackages.${system};
in darwin.lib.darwinSystem {
inherit inputs;
inherit system;
specialArgs = {
inherit inputs meta;
tf = { };
};
pkgs = self.legacyPackages.${system}.darwin-pkgs;
modules = with meta; [
home-manager-darwin.darwinModules.home-manager
meta.hosts.sumireko
];
};
});
in providedSystems // {
nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos;
darwinConfigurations = builtins.mapAttrs (_: config: {
inherit (config.deploy) pkgs;
inherit config;
system = config.system.build.toplevel;
}) self.legacyPackages.aarch64-darwin.network.nodes.darwin;
};
}

43
outputs.nix
View file

@ -1,8 +1,7 @@
{ inputs, system, ... }: let
{ inputs, system ? builtins.currentSystem or "x86_64-linux" , ... }: let
optionalAttrs = cond: as: if cond then as else { };
pkgs = import ./overlays { inherit inputs system; };
darwin-pkgs = import ./overlays/darwin.nix { inherit inputs system; };
inherit (pkgs) lib;
mkTree = import ./tree.nix { inherit lib; };
@ -50,6 +49,7 @@
];
};
};
"modules/darwin".functor.enable = true;
"modules/meta".functor.enable = true;
"profiles/*".functor.enable = true;
"profiles/hardware".evaluateDefault = true;
@ -82,32 +82,45 @@
metaBase = import ./meta.nix { inherit config lib pkgs root; };
xarg = tree.impure;
nixfiles = tree.impure;
eval = lib.evalModules {
modules = lib.singleton metaBase
++ lib.singleton xarg.modules.meta
++ lib.attrValues xarg.targets
++ (map
(host: {
network.nodes.${host} = {
imports = config.lib.kw.nodeImport host;
eval = let
nixosNodes = (map
(node: {
network.nodes.nixos.${node} = {
imports = config.lib.kw.nixosImport node;
networking = {
hostName = host;
hostName = node;
};
};
})
(lib.remove "sumireko" (lib.attrNames xarg.hosts)));
(lib.attrNames nixfiles.nodes.nixos));
darwinNodes = (map
(node: {
network.nodes.darwin.${node} = {
imports = config.lib.kw.darwinImport node;
networking = {
hostName = node;
};
};
})
(lib.attrNames nixfiles.nodes.darwin));
in lib.evalModules {
modules = lib.singleton metaBase
++ lib.singleton nixfiles.modules.meta
++ lib.attrValues nixfiles.targets
++ nixosNodes
++ darwinNodes;
specialArgs = {
inherit inputs root tree;
meta = self;
} // xarg;
} // nixfiles;
};
inherit (eval) config;
self = config // { inherit pkgs lib inputs tree darwin-pkgs; } // xarg;
self = config // { inherit pkgs lib inputs tree; } // nixfiles;
in
self

25
overlays/darwin.nix
View file

@ -1,25 +0,0 @@
{ inputs, system ? builtins.currentSystem, ... }@args:
let
pkgs = import inputs.nixpkgs-darwin {
inherit system;
overlays = [
(import ./nur { inherit inputs; })
(import ./dns { inherit inputs; })
(import ./local)
(import ./lib)
] ++ (map (path: import "${path}/overlay.nix") [
inputs.arcexprs
]);
config = {
allowUnfree = true;
allowBroken = true;
allowUnsupportedSystem = true;
permittedInsecurePackages = [
"ffmpeg-3.4.8"
"ffmpeg-2.8.17"
];
};
};
in
pkgs

4
overlays/default.nix
View file

@ -8,12 +8,16 @@ let
(import ./dns { inherit inputs; })
(import ./local)
(import ./lib)
(final: prev: {
jemalloc = if final.hostPlatform != "aarch64-darwin" then prev.jemalloc else null;
})
] ++ (map (path: import "${path}/overlay.nix") [
inputs.arcexprs
]);
config = {
allowUnfree = true;
allowBroken = true;
allowUnsupportedSystem = true;
permittedInsecurePackages = [
"ffmpeg-3.4.8"
"ffmpeg-2.8.17"

112
trusted/flake.lock generated
View file

@ -3,11 +3,11 @@
"arcexprs": {
"flake": false,
"locked": {
"lastModified": 1654705662,
"narHash": "sha256-+vgMNuehEQqtXmtwq0w0sGDy8b6bShFiS2ZbBtUDw6k=",
"lastModified": 1657234505,
"narHash": "sha256-uDlulP599ZbH+Fgw317nYMfyS+vnKwIDgQevMyc/SV4=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "727f8eb7aaf542b675aaa9141a5027ccb961539e",
"rev": "28017bbbea8ca56691b9c7625a032c2e2dd6283a",
"type": "github"
},
"original": {
@ -98,11 +98,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1656067965,
"narHash": "sha256-P/Rtc5a64qm0oww9oLQsTarR6jsCT+vyzC9kc6ebgnk=",
"lastModified": 1657275959,
"narHash": "sha256-pg8FB1DRImBpqXHCp/0Y7bIphpVqGmkWgWOcFDMwdTg=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "a764f50d7667f54e275ec1260de2f8d97b677525",
"rev": "22448c09bae21969ca14d1558a120dafe9853c73",
"type": "github"
},
"original": {
@ -224,29 +224,13 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1656065134,
"narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@ -279,25 +263,23 @@
},
"home-manager-darwin": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixfiles",
"nixpkgs-darwin"
],
"nmd": "nmd",
"nmt": "nmt",
"utils": "utils"
},
"locked": {
"lastModified": 1655928858,
"narHash": "sha256-qVOcb7WVDiqs2yseZwCZRsKT0be8bF3NZufdBZVvZXU=",
"lastModified": 1657241847,
"narHash": "sha256-/aN3p2LaRNVXf7w92GWgXq9H5f23YRQPOvsm3BrBqzU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e622bad16372aa5ada79a7fa749ec78715dffc54",
"rev": "8160b3b45b8457d58d2b3af2aeb2eb6f47042e0f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
@ -410,21 +392,23 @@
},
"locked": {
"lastModified": 0,
"narHash": "sha256-Rsp3noZzmSZPqu5CawPIYUdGFZ5cTizay1BHCwkcN8U=",
"path": "/nix/store/0ij803nsg2zcpfjlrw33p3ppwc00gyny-source",
"narHash": "sha256-vGvSygG1efbRaUiBu48fHkLn5q1ZcN19YocDVG21vuI=",
"path": "/nix/store/n8s60kqi0wdnp3gv28b8211ldx9alvk3-source",
"type": "path"
},
"original": {
"path": "/nix/store/0ij803nsg2zcpfjlrw33p3ppwc00gyny-source",
"path": "/nix/store/n8s60kqi0wdnp3gv28b8211ldx9alvk3-source",
"type": "path"
}
},
"nixpkgs": {
"locked": {
"lastModified": 0,
"narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=",
"path": "/nix/store/3ds4cwrnkgfvpjgf80vr2dbw9yfrrnsv-source",
"type": "path"
"lastModified": 1657208011,
"narHash": "sha256-BlIFwopAykvdy1DYayEkj6ZZdkn+cVgPNX98QVLc0jM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2770cc0b1e8faa0e20eb2c6aea64c256a706d4f2",
"type": "github"
},
"original": {
"id": "nixpkgs",
@ -433,27 +417,27 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1655946012,
"narHash": "sha256-+QmcvgnRmGPbAlCIOAVHggIMH2GE7w76EI17jYDTmHc=",
"lastModified": 1657208011,
"narHash": "sha256-BlIFwopAykvdy1DYayEkj6ZZdkn+cVgPNX98QVLc0jM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3aad50c30c826430b0270fcf8264c8c41b005403",
"rev": "2770cc0b1e8faa0e20eb2c6aea64c256a706d4f2",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-21.11-darwin",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1655983783,
"narHash": "sha256-0h1FzkYWei24IdKNpCX93onkF/FMiXQG8SdEbTc0r8A=",
"lastModified": 1657114324,
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6141b8932a5cf376fe18fcd368cecd9ad946cb68",
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d",
"type": "github"
},
"original": {
@ -463,38 +447,6 @@
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
"lastModified": 1653339422,
"narHash": "sha256-RNLq09vfj21TyYuUCeD6BNTNC6Ew8bLhQULZytN4Xx8=",
"owner": "rycee",
"repo": "nmd",
"rev": "91dee681dd1c478d6040a00835d73c0f4a4c5c29",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"nose": {
"flake": false,
"locked": {
@ -513,11 +465,11 @@
},
"nur": {
"locked": {
"lastModified": 1656085179,
"narHash": "sha256-LRHmv8hvpg+sDERAoGINO0HYdmelwtLU0mBBzdUb0Yc=",
"lastModified": 1657272425,
"narHash": "sha256-Y1vbPYhUi0ZKqn6XxQeE/RnyMcfHIE0YCkR1iPGoToo=",
"owner": "nix-community",
"repo": "nur",
"rev": "70d28da7927d3c1dbed74bdfa6bb50969e548537",
"rev": "4a0d26d6ccb60f24a5e771c6de4c64622fb2b4af",
"type": "github"
},
"original": {