Refactor: ..., also: Added vim-lastplace and tmate

.gitmodules

@@ -1,4 +1,4 @@
-[submodule "config/private"]
-	path = private
-	url = "gcrypt::ssh://gitea@git.kittywit.ch:62954/kat/nixfiles-private.git#main"
+[submodule "trusted"]
+	path = trusted
 	branch = main
+	url = "https://git.kittywit.ch/kat/nixfiles-trusted.git"

default.nix

@@ -5,7 +5,6 @@ rec {
     
   profiles = modList {
     modulesDir = ./profiles;
-    defaultFile = "nixos.nix";
   };
 
   users = modList { modulesDir = ./users; };

home.nix

@@ -1,8 +0,0 @@
-{ pkgs, config, lib, ... }:
-
-{
-  imports = [ ./modules/home ]
-    ++ lib.optional (builtins.pathExists (./private/profile/home))
-    (import ./private/profile/home);
-}
-

hosts/samhain/home/sway.nix

@@ -9,17 +9,14 @@
         left = {
           res = "1920x1080";
           pos = "0 0";
-          #bg = "${../../../private/files/wallpapers/left.jpg} fill";
         };
         middle = {
           res = "1920x1200";
           pos = "1920 0";
-          #bg = "${../../../private/files/wallpapers/main.png} fill";
         };
         right = {
           res = "1920x1080";
           pos = "3840 0";
-          #bg = "${../../../private/files/wallpapers/right.jpg}  fill";
         };
       in {
         "DP-1" = left;

hosts/yule/home/sway.nix

@@ -6,7 +6,6 @@
       laptop = {
         res = "1920x1080";
         pos = "0 0";
-        #bg = "${../../../private/files/wallpapers/main.png} fill";
       };
     in { "eDP-1" = laptop; };
 

lib/deploy.nix

@@ -13,13 +13,14 @@ let
 
   tf = { targetName, target }:
     tfEval ({ config, ... }: {
-      imports = map (hostName: ../hosts + "/${hostName}/meta.nix") target ++ [{
+      imports = optional (builtins.pathExists ../trusted/tf) (import ../trusted/tf/meta.nix)
+      ++ map (hostName: ../hosts + "/${hostName}/meta.nix") target ++ [{
         config = mkMerge (map (hostName:
           mapAttrs (_: mkMerge) hosts.${hostName}.config.deploy.tf.out.set)
           target);
       }] ++ optional
-        (builtins.pathExists (../private/targets + "/${targetName}"))
-        (../private/targets + "/${targetName}")
+        (builtins.pathExists (../trusted/targets + "/${targetName}"))
+        (../trusted/targets + "/${targetName}")
         ++ optional (builtins.pathExists (../targets + "/${targetName}"))
         (../targets + "/${targetName}") ++ concatMap (hostName:
           filter builtins.pathExists
@@ -32,10 +33,6 @@ let
         enable = true;
       };
 
-      state = {
-        file = ../private/files/tf + "/terraform-${targetName}.tfstate";
-      };
-
       runners.lazy = {
         file = ../.;
         args = [ "--show-trace" ];
@@ -44,11 +41,6 @@ let
           in "deploy.${attr}.runners.run.";
       };
 
-      terraform = {
-        dataDir = ../private/files/tf + "/tfdata/${targetName}";
-        logPath = ../private/files/tf + "/terraform-${targetName}.log";
-      };
-
       variables.hcloud_token = {
         type = "string";
         value.shellCommand = "bitw get infra/hcloud_token";
@@ -76,6 +68,10 @@ let
           key_algorithm = "hmac-sha512";
         };
       };
+
+      _module.args = {
+        inherit targetName;
+      };
     });
 in {
   inherit tf;

modules/home/default.nix

@@ -4,6 +4,7 @@
   disabledModules = [ "programs/vim.nix" ];
   imports = [
     ./vim.nix
+    ./deploy-tf
     (sources.tf-nix + "/modules/home/secrets.nix")
     (import (sources.arc-nixexprs + "/modules")).home-manager.base16
     (import (sources.arc-nixexprs + "/modules")).home-manager.syncplay

modules/home/deploy-tf/default.nix

@@ -0,0 +1,33 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.deploy.tf;
+  unmergedValues = types.mkOptionType {
+    name = "unmergedValues";
+    merge = loc: defs: map (def: def.value) defs;
+  };
+in {
+
+    options.deploy.tf = mkOption {
+    type = types.submodule {
+      freeformType = types.attrsOf unmergedValues;
+
+      options = {
+        attrs = mkOption {
+          type = types.listOf types.str;
+          default = [ ];
+        };
+        out.set = mkOption { type = types.unspecified; };
+      };
+    };
+  
+  };
+  config = {
+    deploy.tf = {
+      attrs = [ "out" "attrs" ];
+      out.set = removeAttrs cfg cfg.attrs;
+    };
+  };
+}

modules/nixos/deploy-tf/default.nix

@@ -27,12 +27,10 @@ in {
   };
 
   config = {
-    deploy.tf = {
+    deploy.tf = mkMerge (singleton {
       attrs = [ "out" "attrs" ];
       out.set = removeAttrs cfg cfg.attrs;
-    };
-
-    deploy.tf.deploy.systems.${config.networking.hostName} =
+      deploy.systems.${config.networking.hostName} =
         with tf.resources; {
           isRemote =
             (config.networking.hostName != builtins.getEnv "HOME_HOSTNAME");
@@ -44,13 +42,17 @@ in {
             tf.resources.${config.networking.hostName}.refAttr "id";
         };
 
-    deploy.tf.dns.records."kittywitch_net_${config.networking.hostName}" =
+      dns.records."kittywitch_net_${config.networking.hostName}" =
         mkIf (config.hexchen.network.enable) {
           tld = "kittywit.ch.";
           domain = "${config.networking.hostName}.net";
           aaaa.address = config.hexchen.network.address;
         };
 
+      } ++ mapAttrsToList (_: user:
+            mapAttrs (_: mkMerge) user.deploy.tf.out.set)
+            config.home-manager.users);
+
       security.acme.certs."${config.networking.hostName}.net.kittywit.ch" =
         mkIf (config.services.nginx.enable && config.hexchen.network.enable) {
           domain = "${config.networking.hostName}.net.kittywit.ch";
@@ -58,6 +60,7 @@ in {
           credentialsFile = config.secrets.files.dns_creds.path;
           group = "nginx";
         };
+
     _module.args.tf = target.${config.deploy.target};
   };
 }

nixos.nix

@@ -1,14 +1,15 @@
-{ pkgs, config, lib, sources, tf, witch, options, hostName, ... }:
+{ pkgs, config, lib, sources, tf, witch, options, profiles, hostName, ... }:
 
 {
 
   imports =
-    [ (import (./hosts + "/${hostName}/nixos")) ./profiles/common/nixos.nix ]
-    ++ lib.optional
-    (builtins.pathExists (./private/hosts + "/${hostName}/nixos"))
-    (import (./private/hosts + "/${hostName}/nixos"))
-    ++ lib.optional (builtins.pathExists ./private/profile)
-    ./private/profile/nixos;
+    [ (import (./hosts + "/${hostName}/nixos")) profiles.common ]
+    # trusted check
+    ++ lib.optional (builtins.pathExists (./trusted/hosts + "/${hostName}/nixos")) (import (./trusted/hosts + "/${hostName}/nixos"))
+    # trusted default check
+    ++ lib.optional (builtins.pathExists ./trusted) (import ./trusted/hosts)
+    # trusted profile check
+    ++ lib.optional (builtins.pathExists ./trusted/profile) (import ./trusted/profile);
 
   options = {
     deploy.profile.gui = lib.mkEnableOption "graphical system";
@@ -35,11 +36,12 @@
 
       users = {
         kat = {
-          imports = [ ./home.nix ] ++ lib.optional
-            (builtins.pathExists (./hosts + "/${hostName}/home"))
-            (import (./hosts + "/${hostName}/home")) ++ lib.optional
-            (builtins.pathExists (./private/hosts + "/${hostName}/home"))
-            (import (./private/hosts + "/${hostName}/home"));
+          imports = [ ./modules/home ] 
+          ++ lib.optional (builtins.pathExists (./hosts + "/${hostName}/home")) (import (./hosts + "/${hostName}/home")) 
+          # trusted hosts check
+          ++ lib.optional (builtins.pathExists (./trusted/hosts + "/${hostName}/home")) (import (./trusted/hosts + "/${hostName}/home"))
+          # trusted users check 
+          ++ lib.optional (builtins.pathExists ./trusted/users) (import ./trusted/users);
 
           options = {
             deploy.profile.gui = lib.mkEnableOption "graphical system";

pkgs/default.nix

@@ -70,7 +70,7 @@ let
 
       kat-scrot = self.callPackage ./kat-scrot { };
 
-    } // super.lib.optionalAttrs (builtins.pathExists ../private/pkgs)
-    (import ../private/pkgs { inherit super self; });
+    } // super.lib.optionalAttrs (builtins.pathExists ../trusted/pkgs)
+    (import ../trusted/pkgs { inherit super self; });
 
 in (pkgs.extend (import (sources.arc-nixexprs + "/overlay.nix"))).extend overlay

private

@@ -1 +0,0 @@
-Subproject commit efaf2cc6461d43ace6b7f2d7e30e0e6c4de1e5c4

profiles/common/nixos.nix

@@ -1,5 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [ ./nixos ];
-}

profiles/gui/default.nix

@@ -16,4 +16,6 @@
 
   hardware.opengl.extraPackages = with pkgs; [ libvdpau-va-gl ];
   services.tumbler.enable = true;
+
+  deploy.profile.gui = true;
 }

profiles/gui/nixos.nix

@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [ ./nixos ];
-
-  deploy.profile.gui = true;
-}

profiles/laptop/default.nix

@@ -2,4 +2,6 @@
 
 {
   imports = [ ./light.nix ];
+
+  deploy.profile.laptop = true;
 }

profiles/laptop/nixos.nix

@@ -1,7 +0,0 @@
-{ lib, ... }:
-
-{
-  imports = [ ./nixos ];
-
-  deploy.profile.laptop = true;
-}

profiles/sway/default.nix

@@ -2,4 +2,6 @@
 
 {
   imports = [ ./sway.nix ];
+
+  deploy.profile.sway = true;
 }

profiles/sway/nixos.nix

@@ -1,7 +0,0 @@
-{ lib, ... }:
-
-{
-  imports = [ ./nixos ];
-
-  deploy.profile.sway = true;
-}

trusted

@@ -0,0 +1 @@
+Subproject commit e943429855fe24e3b787f26a1f5c528a66ff02be

users/kat/base.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 
 {
-  home-manager.users.kat = { imports = [ ../home/base ]; };
+  home-manager.users.kat = { imports = [ ./base ]; };
 
   users.users.kat = {
     uid = 1000;

users/kat/base/packages.nix

@@ -2,6 +2,7 @@
 
 {
   home.packages = with pkgs; [
+    tmate
     htop
     fd
     sd

users/kat/base/vim/default.nix

@@ -23,6 +23,7 @@
       vim-startify
       vim-airline
       vim-airline-themes
+      vim-lastplace
       base16-vim
     ];
     #extraPackages = with pkgs;

users/kat/base/vim/vimrc.nix

@@ -22,6 +22,9 @@
     let g:notmuch_search_date_format='%Y/%m/%d  %H:%M'
     let g:notmuch_html_converter='${pkgs.elinks}/bin/elinks --dump'
 
+    " lastplace 
+    let g:lastplace_ignore = "gitcommit,gitrebase,svn,hgcommit"
+
     autocmd BufEnter * if tabpagenr('$') == 1 && winnr('$') == 1 && exists('b:NERDTree') && b:NERDTree.isTabTree() |
         \ quit | endif
     autocmd BufEnter * if bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
@@ -52,18 +55,6 @@
     set relativenumber
     set completeopt=longest,menuone
     
-    function! ResCur()
-      if line("'\"") <= line("$")
-        normal! g`"
-        return 1
-      endif
-    endfunction
-
-    augroup resCur
-      autocmd!
-      autocmd BufWinEnter * call ResCur()
-    augroup END
-
   inoremap <silent><expr> <TAB>
         \ pumvisible() ? "\<C-n>" :
         \ <SID>check_back_space() ? "\<TAB>" :

users/kat/default.nix

@@ -1,10 +1,10 @@
 rec {
-  base = ./nixos/base.nix;
-  gui = ./nixos/gui.nix;
-  sway = ./nixos/sway.nix;
-  dev = ./nixos/dev.nix;
-  media = ./nixos/media.nix;
-  personal = ./nixos/personal.nix;
+  base = ./base.nix;
+  gui = ./gui.nix;
+  sway = ./sway.nix;
+  dev = ./dev.nix;
+  media = ./media.nix;
+  personal = ./personal.nix;
 
   server = { imports = [ personal ]; };
   guiFull = { imports = [ gui sway dev media personal ]; };

users/kat/dev.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  home-manager.users.kat = { imports = [ ./dev ]; };
+}

users/kat/gui.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  home-manager.users.kat = { imports = [ ./gui ]; };
+}

users/kat/gui/weechat.nix

@@ -1,11 +1,6 @@
 { config, pkgs, lib, superConfig, ... }:
 
 {
-  home.file = {
-    ".local/share/weechat/sec.conf" = lib.mkIf config.deploy.profile.private {
-      source = ../../../../private/files/weechat/sec.conf;
-    };
-  };
   programs.weechat = {
     enable = true;
     config = {

users/kat/home/default.nix

@@ -1,5 +0,0 @@
-rec {
-  base = ./base;
-  sway = ./sway;
-  gui = ./gui;
-}

users/kat/home/personal/bitw.nix

@@ -1,10 +0,0 @@
-{ config, ... }:
-
-{
-  xdg.configFile."rbw/config.json".text = builtins.toJSON {
-    email = "kat@kittywit.ch";
-    base_url = "https://vault.kittywit.ch";
-    identity_url = null;
-    lock_timeout = 3600;
-  };
-}

users/kat/home/personal/default.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  imports = [ ./secrets.nix ./bitw.nix ./gpg.nix ./packages.nix ];
-}

users/kat/media.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  home-manager.users.kat = { imports = [ ./media ]; };
+}

users/kat/nixos/dev.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  home-manager.users.kat = { imports = [ ../home/dev ]; };
-}

users/kat/nixos/gui.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  home-manager.users.kat = { imports = [ ../home/gui ]; };
-}

users/kat/nixos/media.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  home-manager.users.kat = { imports = [ ../home/media ]; };
-}

users/kat/nixos/personal.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  home-manager.users.kat = { imports = [ ../home/personal ]; };
-}

users/kat/nixos/sway.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  home-manager.users.kat = { imports = [ ../home/sway ]; };
-}

users/kat/personal.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  home-manager.users.kat = { imports = [ ./personal ]; };
+}

users/kat/personal/default.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./secrets.nix ./gpg.nix ./packages.nix ];
+}

users/kat/sway.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  home-manager.users.kat = { imports = [ ./sway ]; };
+}