From 9794026f6c22b49518c285b4452ea4c8dd9ae7bf Mon Sep 17 00:00:00 2001 From: kat Date: Sun, 2 Oct 2022 12:34:00 -0700 Subject: [PATCH] feat: refactoring + system types --- default.nix | 2 +- devShell.nix | 2 +- esphome/base.nix | 21 ++ .../bedroom.nix} | 16 +- flake.lock | 60 ++--- flake.nix | 2 +- hardware/local.nix | 4 + home/gui/packages.nix | 1 + home/vim/default.nix | 2 +- home/vim/init.lua | 5 +- meta.nix | 133 +++++------ mkTree.nix | 130 ++++++++++ modules/esphome/deploy.nix | 55 +++-- modules/esphome/genesis.nix | 19 +- modules/meta/deploy.nix | 9 +- modules/meta/genesis.nix | 7 + modules/meta/imports.nix | 4 +- modules/meta/network.nix | 9 +- modules/meta/networks.nix | 26 ++ modules/meta/secrets.nix | 6 +- modules/meta/tailscale.nix | 42 ++++ modules/system/genesis.nix | 3 + modules/tf/acme.nix | 23 ++ modules/tf/gcroot.nix | 3 + tf.nix => modules/tf/katdns.nix | 22 +- modules/type/secretType.nix | 32 +++ nixos/systems/koishi.nix | 4 + nixos/systems/tewi/home-assistant.nix | 9 +- nixos/systems/tewi/mosquitto.nix | 17 ++ outputs.nix | 176 -------------- overlays/local/default.nix | 4 +- patchedInputs.nix | 19 ++ targets/home.nix | 2 +- tf | 2 +- tree.nix | 223 ++++++++---------- trusted/flake.lock | 96 ++++---- 36 files changed, 653 insertions(+), 537 deletions(-) create mode 100644 esphome/base.nix rename esphome/{bedroom-sensor.nix => boards/bedroom.nix} (70%) create mode 100644 mkTree.nix create mode 100644 modules/meta/genesis.nix create mode 100644 modules/meta/networks.nix create mode 100644 modules/meta/tailscale.nix create mode 100644 modules/system/genesis.nix create mode 100644 modules/tf/acme.nix create mode 100644 modules/tf/gcroot.nix rename tf.nix => modules/tf/katdns.nix (58%) create mode 100644 modules/type/secretType.nix delete mode 100644 outputs.nix create mode 100644 patchedInputs.nix diff --git a/default.nix b/default.nix index 3b087e51..96737074 100644 --- a/default.nix +++ b/default.nix @@ -1 +1 @@ -import ./outputs.nix { inputs = import ./inputs.nix; system = builtins.currentSystem; } +import ./meta.nix { inputs = import ./inputs.nix; system = builtins.currentSystem; } diff --git a/devShell.nix b/devShell.nix index 17055060..8d6f427d 100644 --- a/devShell.nix +++ b/devShell.nix @@ -1,6 +1,6 @@ { inputs, system }: let - meta = import ./outputs.nix { inherit inputs system; }; + meta = import ./meta.nix { inherit inputs system; }; config = meta; inherit (meta) pkgs; inherit (pkgs) lib; diff --git a/esphome/base.nix b/esphome/base.nix new file mode 100644 index 00000000..ecca2d22 --- /dev/null +++ b/esphome/base.nix @@ -0,0 +1,21 @@ +{ config, ... }: { + api = { + password = "!secret api_password"; + }; + ota = { + safe_mode = true; + password = "!secret ota_password"; + }; + wifi = { + ssid = "Gensokyo"; + password = "!secret wifi_password"; + }; + logger = { + level = "DEBUG"; + }; + secrets = { + ota_password = "gensokyo/esphome#ota"; + api_password = "gensokyo/esphome#api"; + wifi_password = "gensokyo/esphome#wifi"; + }; +} diff --git a/esphome/bedroom-sensor.nix b/esphome/boards/bedroom.nix similarity index 70% rename from esphome/bedroom-sensor.nix rename to esphome/boards/bedroom.nix index 4b2e9b82..bf10c024 100644 --- a/esphome/bedroom-sensor.nix +++ b/esphome/boards/bedroom.nix @@ -3,25 +3,11 @@ platform = "esp8266"; board = "d1_mini"; }; - api = { - password = "!secret api_password"; - }; - wifi = { - ssid = "Gensokyo"; - password = "!secret wifi_password"; - }; i2c = { sda = "D2"; scl = "D1"; scan = true; }; - logger = { - level = "DEBUG"; - }; - ota = { - safe_mode = true; - password = "!secret ota_password"; - }; sensor = [ { platform = "dht"; @@ -48,7 +34,7 @@ name = "Bedroom eCO2"; }; tvoc = { - name = "Bedroom Total Volatile Organic Compound"; + name = "Bedroom TVOC"; }; } ]; diff --git a/flake.lock b/flake.lock index 5f851eba..9b099372 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1664324035, - "narHash": "sha256-X/aULANyF9pHR+OejllcIG1vSs4H0sis5212dt6i/Xo=", + "lastModified": 1664737885, + "narHash": "sha256-ppcK2iEo949aGMVVXoqYs3H0K0jhPTDdUj+Dt1abIW0=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "6b308153ddc58f1ed5e3223cb242ac4867ef5712", + "rev": "4e09592dade1388d900ab3524bc240ce75b14abb", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1658370007, - "narHash": "sha256-gKxTtjSPwTNp1Lcqynw8HYDSq/wtF7EmF4NvS0dyeb8=", + "lastModified": 1664566287, + "narHash": "sha256-DysbqsNrLAGI4VU9HlP3qXe1b0P3N9mGGttmr3xUCHU=", "owner": "arcnmx", "repo": "ci", - "rev": "5cec82ebd5614fdeaaf442c4390451e2f483fdc4", + "rev": "3f5f6df67088485d422b97d3a41fe259e2bdc53e", "type": "github" }, "original": { @@ -91,11 +91,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1662654452, - "narHash": "sha256-mrr161UOnVNx2pzR9ePmhVlxapzQ57ZDSLb9BRgW0bo=", + "lastModified": 1664478431, + "narHash": "sha256-XTPklm/+e2UfIitB0+s/fKTheMJSw3G1p+t0SsBCuo4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "70e241d5b189982dabc1fe55829475c5c483c89d", + "rev": "6c78924bc5b6daaf98c0dbe63bdfcf80e6433f4b", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1662839665, - "narHash": "sha256-TGSRXMmRTn4eza3q0XvqpuPoeCnkktPeD0TaM/V1pZ0=", + "lastModified": 1664622347, + "narHash": "sha256-pJTnEG68PhrXjpkfz/784BlcxaHgV06b1cUVGRxhMdw=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "acbf1b70335d4fd6a6c05bc417d7f3ca44739437", + "rev": "b65e204ce9d20b376acc38ec205d08007eccdaef", "type": "github" }, "original": { @@ -373,11 +373,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1664281702, - "narHash": "sha256-haixZ4TJLu1Dciow54wrHrHvlGDVr5sW6MTeAV/ZLuI=", + "lastModified": 1664538465, + "narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7e52b35fe98481a279d89f9c145f8076d049d2b9", + "rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nur": { "locked": { - "lastModified": 1664382743, - "narHash": "sha256-rtDxdzj5IBvO114QP9gyfjVt9N7tZWd0e2/RQxrDtw4=", + "lastModified": 1664718272, + "narHash": "sha256-BNnUks1BKzBr8HzoKBFQ8a7/avQhDkKCu0DSgW1ulcY=", "owner": "nix-community", "repo": "nur", - "rev": "8ca43145e3b31861d807c8df3ce53f559c3b5762", + "rev": "392b26288ad1cdebd03eac17adb70491f9f392d3", "type": "github" }, "original": { @@ -438,11 +438,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1662614940, - "narHash": "sha256-9eAqhKXpTfZQH3bn19ien3HIzF100h8z97iHqs/QUgY=", + "lastModified": 1664493874, + "narHash": "sha256-8zLosjfQX0aR5HprtCeiSqN1pfB+GEUF9AULk6WRcR4=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "eb5ef0ae1424a725f933ef3929e5396a2ab727ab", + "rev": "fe1f4f2ccf040deff9c57288d987f17cc2da321f", "type": "github" }, "original": { @@ -454,11 +454,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1661026052, - "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=", + "lastModified": 1664301003, + "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e", + "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", "type": "github" }, "original": { @@ -502,11 +502,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1662369032, - "narHash": "sha256-1BZWA3W77YbNZUj+7vJbkTeWY8O4jjPg7t5PvlEVDYA=", + "lastModified": 1664012352, + "narHash": "sha256-Pu5p6HqIO2wvWiTEhsQyIuwlWEIa1GjO3EDXosznyYE=", "owner": "hakimel", "repo": "reveal.js", - "rev": "8a97ad58b04045fe5a9c964aa31659bd27e665c5", + "rev": "468132320d6e072abd1297d7cc24766a2b7a832d", "type": "github" }, "original": { @@ -599,11 +599,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1662386895, - "narHash": "sha256-pYW2hcHgkr9KYdRvX2EkpOt/OL8yl+mkZ21JbMKWc8Q=", + "lastModified": 1663136308, + "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "017402713bd2f1fd7a691aa48afb4330f5397432", + "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b9f423b6..0adc67f5 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ (system: rec { devShells.default = import ./devShell.nix { inherit system inputs; }; - legacyPackages = import ./outputs.nix { inherit system inputs; }; + legacyPackages = import ./meta.nix { inherit system inputs; }; }); in providedSystems // { nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos; diff --git a/hardware/local.nix b/hardware/local.nix index 168a7cce..5fdfd424 100644 --- a/hardware/local.nix +++ b/hardware/local.nix @@ -7,4 +7,8 @@ host = if config.networks.gensokyo.interfaces != [] then config.networks.gensokyo.ipv4 else config.networks.chitei.ipv4; }; }; + + services.udev.extraRules = '' + SUBSYSTEM=="tty", GROUP="input", MODE="0660" + ''; } diff --git a/home/gui/packages.nix b/home/gui/packages.nix index bab33b39..7c27d9d5 100644 --- a/home/gui/packages.nix +++ b/home/gui/packages.nix @@ -18,6 +18,7 @@ unzip yubikey-manager jmtpfs + google-chrome element-desktop cryptsetup esphome diff --git a/home/vim/default.nix b/home/vim/default.nix index bf4042b0..f71db445 100644 --- a/home/vim/default.nix +++ b/home/vim/default.nix @@ -39,7 +39,7 @@ in { # EasyMotion Equivalent hop-nvim # org-mode for vim - neorg +# neorg # base16 config.base16.vim.plugin # Fonts diff --git a/home/vim/init.lua b/home/vim/init.lua index b471bdc0..1b25e89e 100644 --- a/home/vim/init.lua +++ b/home/vim/init.lua @@ -177,7 +177,7 @@ cmp.setup({ [''] = cmp.mapping.confirm({ select = true }), }, sources = { - { name = 'neorg' }, +-- { name = 'neorg' }, } }) @@ -189,6 +189,7 @@ api.nvim_create_autocmd('BufWritePre', { command = 'lua vim.lsp.buf.formatting_sync()' }) +--[[ -- neorg require('neorg').setup { -- Tell Neorg what modules to load @@ -204,7 +205,7 @@ require('neorg').setup { } } }, -} +}]]-- -- telescope local telescope = require('telescope.builtin') diff --git a/meta.nix b/meta.nix index d456de81..2f337820 100644 --- a/meta.nix +++ b/meta.nix @@ -1,82 +1,61 @@ -{ config, pkgs, lib, root, ... }: with lib; let - home = config.deploy.targets.home.tf; -in { - options = { - networks = let - meta = config; - in mkOption{ - type = with types; attrsOf (submodule ({ name, config, ... }: { - options = { - member_configs = mkOption { - type = unspecified; - }; - members = mkOption { - type = unspecified; - }; - };})); - }; - tailnet_uri = mkOption { - type = types.str; - }; - tailnet = mkOption { - type = types.attrsOf (types.submodule ({ name, config, ... }: { - options = { - ipv4 = mkOption { - type = types.str; - }; - ipv6 = mkOption { - type = types.str; - }; - pp = mkOption { - type = types.unspecified; - default = family: port: "http://${config."ipv${toString family}"}:${toString port}/"; - }; - ppp = mkOption { - type = types.unspecified; - default = family: port: path: "http://${config."ipv${toString family}"}:${toString port}/${path}"; - }; - tags = mkOption { - type = types.listOf types.str; - }; - }; - })); +{ inputs, system ? builtins.currentSystem or "x86_64-linux" , ... }: let + patchedInputs = import ./patchedInputs.nix { inherit inputs system; }; + pkgs = import ./overlays { inherit system; inputs = patchedInputs; }; + inherit (pkgs) lib; + tree = import ./tree.nix { inherit lib; inputs = patchedInputs; }; + root = ./.; # Required for modules/meta/imports.nix to find hosts + nixfiles = tree.impure; + + eval = let + esphomeNodes = (map + (node: { + network.nodes.esphome.${node} = { + imports = config.lib.kw.esphomeImport node; + esphome = { + name = node; }; }; - config = { + }) + (lib.attrNames nixfiles.esphome.boards)); + nixosNodes = (map + (node: { + network.nodes.nixos.${node} = { + imports = config.lib.kw.nixosImport node; + networking = { + hostName = node; + }; + }; + }) + (lib.attrNames nixfiles.nixos.systems)); + darwinNodes = (map + (node: { + network.nodes.darwin.${node} = { + imports = config.lib.kw.darwinImport node; + networking = { + hostName = node; + }; + }; + }) + (lib.attrNames nixfiles.darwin.systems)); + in lib.evalModules { + modules = [ + nixfiles.modules.meta + { + _module.args.pkgs = lib.mkDefault pkgs; + } + ] + ++ lib.attrValues nixfiles.targets + ++ nixosNodes + ++ darwinNodes + ++ esphomeNodes; - networks = let - names = [ "gensokyo" "chitei" "internet" "tailscale" ]; - network_filter = network: rec { - member_configs = filterAttrs (_: nodeConfig: nodeConfig.networks.${network}.interfaces != []) config.network.nodes.nixos; - members = mapAttrs (_: nodeConfig: nodeConfig.networks.${network}) member_configs; - }; - networks' = genAttrs names network_filter; - in networks'; - - tailnet_uri = "inskip.me"; - tailnet = let - raw = home.resources.tailnet_devices.importAttr "devices"; - in mkIf (home.state.enable) (mapListToAttrs (elet: nameValuePair (removeSuffix ".${config.tailnet_uri}" elet.name) { - tags = elet.tags; - ipv4 = head (filter (e: hasInfix "." e) elet.addresses); - ipv6 = head (filter (e: hasInfix ":" e) elet.addresses); - }) raw); - - runners = { - lazy = { - file = ./default.nix; - args = [ "--show-trace" ]; - }; + specialArgs = { + inherit root tree; + inputs = patchedInputs; + meta = self; + } // nixfiles; }; - kw.secrets.command = - let - bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"''; - in - "${bitw}/bin/bitw get"; - - deploy.targets.dummy.enable = false; - deploy.targets.marisa.tf.terraform.refreshOnApply = false; - _module.args.pkgs = lib.mkDefault pkgs; -}; -} + inherit (eval) config; + self = config // { inherit pkgs lib tree; inputs = patchedInputs; } // nixfiles; +in self diff --git a/mkTree.nix b/mkTree.nix new file mode 100644 index 00000000..027fc138 --- /dev/null +++ b/mkTree.nix @@ -0,0 +1,130 @@ +{ lib }: { config, folder, inputs, ... }@args: let + inherit (lib.attrsets) filterAttrs mapAttrs' mapAttrs isAttrs nameValuePair attrValues; + inherit (lib.strings) hasPrefix removeSuffix; + inherit (lib.lists) imap1 singleton optionals optional sublist; + inherit (lib.trivial) pipe; + inherit (lib.options) mkOption; + inherit (lib.modules) evalModules; + pureTreeGrab = { base, path }: let + realPath = toString path; + dirContents = builtins.readDir path; + isDirectory = entry: dirContents."${entry}" == "directory"; + isHidden = entry: hasPrefix "." entry; + isDir = entry: _: (isDirectory entry) && !(isHidden entry); + directories = filterAttrs isDir dirContents; + isNixFile = entry: _: let + result = builtins.match "(.*)\\.nix" entry; + in result != null && builtins.length result > 0; + nixFiles = filterAttrs isNixFile dirContents; + getPath = entry: "${realPath}/${entry}"; + getPaths = entries: mapAttrs' (n: v: + nameValuePair (removeSuffix ".nix" n) (getPath n) + ) entries; + nixFilePaths = getPaths nixFiles; + dirPaths = getPaths directories; + recursedPaths = mapAttrs (_: fullPath: pureTreeGrab { + inherit base; + path = fullPath; + }) dirPaths; + contents = recursedPaths // nixFilePaths; + in contents; + configTreeStruct = { config, ... }: { + options.treeConfig = mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ name, options, config, ... }: { + options = { + evaluateDefault = mkOption { + type = lib.types.bool; + description = "Replace the contents of this branch or leaf with those provided by the evaluation of default.nix."; + default = false; + }; + aliasDefault = mkOption { + type = lib.types.bool; + description = "Replace the contents of this branch or leaf with the default.nix."; + default = false; + }; + excludes = mkOption { + type = lib.types.listOf lib.types.str; + description = "Exclude files or folders from the recurser."; + default = []; + }; + functor = { + enable = mkOption { + type = lib.types.bool; + description = "Provide a functor for the path provided"; + default = false; + }; + external = mkOption { + type = lib.types.listOf lib.types.unspecified; + description = "Add external imports into the functor."; + default = []; + }; + excludes = mkOption { + type = lib.types.listOf lib.types.str; + description = "Exclude files or folders from the functor."; + default = []; + }; + }; + }; + })); + }; + config.treeConfig = { + "*" = {}; + "/" = {}; + }; + }; + configTree.treeConfig = config; + configTreeModule = (evalModules { + modules = [ + configTreeStruct + configTree + ]; + }).config.treeConfig; + mapAttrsRecursive = f: set: let + recurse = path: set: let + g = name: value: if isAttrs value + then f (path ++ [name]) (recurse (path ++ [name]) value) + else f (path ++ [name]) value; + in mapAttrs g set; + in f [] (recurse [] set); + getPathString = path: builtins.concatStringsSep "/" path; + getConfig = path: default: configTreeModule.${getPathString path} or default; + revtail = path: sublist 0 (builtins.length path - 1) path; + getConfigRecursive = path: let + parentPath = revtail path; + in getConfig (path ++ singleton "*") (getConfigRecursive parentPath); + processLeaves = tree: config: mapAttrsRecursive (path: value: let + pathString = getPathString path; + leafConfig = if path == [] then + configTreeModule."/" + else getConfig path (getConfigRecursive (revtail path)); + processConfig = path: value: let + processFunctor = prev: prev // { + __functor = self: { ... }: { + imports = attrValues (removeAttrs prev leafConfig.functor.excludes) ++ leafConfig.functor.external; + }; + }; + processAliasDefault = prev: prev.default; + processDefault = prev: import prev.default (args // { + inherit lib; + tree = { + prev = removeAttrs prev (singleton "default"); + pure = pureTree; + impure = impureTree; + }; + }); + processExcludes = prev: removeAttrs prev leafConfig.excludes; + processes = optionals (isAttrs value) ( + optional (leafConfig.excludes != []) processExcludes + ++ optional leafConfig.evaluateDefault processDefault + ++ optional leafConfig.aliasDefault processAliasDefault + ++ optional leafConfig.functor.enable processFunctor + ); + in pipe value processes; + in processConfig path value) tree; + pureTree = pureTreeGrab { base = folder; path = folder; }; + impureTree = processLeaves pureTree configTreeModule; +in { + config = configTreeModule; + pure = pureTree; + impure = impureTree; +} diff --git a/modules/esphome/deploy.nix b/modules/esphome/deploy.nix index 56330afa..34bce866 100644 --- a/modules/esphome/deploy.nix +++ b/modules/esphome/deploy.nix @@ -1,4 +1,4 @@ -{ tf, target, name, meta, config, lib, ... }: +{ tf, target, name, meta, pkgs, config, lib, ... }: /* This module: @@ -15,9 +15,12 @@ let name = "unmergedValues"; merge = loc: defs: map (def: def.value) defs; }; -in -{ - options.deploy.tf = mkOption { +in { + options = { + out = mkOption { + type = types.str; + }; + deploy.tf = mkOption { type = types.submodule { inherit (unmerged) freeformType; @@ -43,44 +46,68 @@ in }; }; }; + }; config = let - functionlessConfig = lib.removeAttrs config ["out" "_module" "platform" "deploy"]; + functionlessConfig = lib.removeAttrs config ["out" "_module" "platform" "deploy" "secrets"]; mutatedConfig = functionlessConfig // (optionalAttrs (config.platform != {}) { ${functionlessConfig.esphome.platform} = config.platform; }); jsonConfig = builtins.toJSON mutatedConfig; + secretsMap = mapAttrs (name: _: tf.variables."${config.esphome.name}-secret-${name}".ref) config.secrets; + secretsFile = builtins.toJSON secretsMap; closureConfig = pkgs.writeText "${functionlessConfig.esphome.name}.json" jsonConfig; - closure-upload = pkgs.writeShellScriptBin "${functionlessConfig.esphome.name}-upload" '' - ''; - in { + in mkMerge [ + { + _module.args.tf = mapNullable (target: target.tf) target; + out = jsonConfig; deploy.tf = { attrs = [ "import" "imports" "out" "attrs" "triggers" ]; import = genAttrs cfg.tf.imports (target: meta.deploy.targets.${target}.tf); out.set = removeAttrs cfg.tf cfg.tf.attrs; triggers = { - compile = { + upload = { system = config.out; }; }; resources = { + "${name}-secrets" = { + provider = "local"; + type = "file"; + inputs = { + filename = "${tf.terraform.dataDir}/esphome-${name}-secrets.json"; + content = secretsFile; + }; + }; "${name}-upload" = { provider = "null"; type = "resource"; - inputs.triggers = cfg.tf.triggers.compile; + inputs.triggers = cfg.tf.triggers.upload; provisioners = [ { type = "local-exec"; local-exec.command = '' - ${pkgs.esphome}/bin/esphome upload ${closureConfig} + ${pkgs.esphome}/bin/esphome compile ${closureConfig} ${tf.resources."${name}-secrets".refAttr "filename"} + ${pkgs.esphome}/bin/esphome upload ${closureConfig} --device ${name}.local ''; } ]; }; }; }; - - _module.args.tf = mapNullable (target: target.tf) target; - }; + } + (mkIf (config.secrets != {}) { + deploy.tf.variables = mapAttrs' (name: content: let + parts = if hasInfix "#" content then splitString "#" content else content; + field = head (reverseList parts); + path = if length parts > 1 then head parts else "password"; + in nameValuePair "${config.esphome.name}-secret-${name}" ({ + value.shellCommand = "bitw get ${path} -f ${field}"; + type = "string"; + sensitive = true; + }) + ) config.secrets; + }) + ]; } diff --git a/modules/esphome/genesis.nix b/modules/esphome/genesis.nix index c981aecd..223ed2ed 100644 --- a/modules/esphome/genesis.nix +++ b/modules/esphome/genesis.nix @@ -1,10 +1,13 @@ { name, config, meta, pkgs, lib, ... }: with lib; { - options = { - } // genAttrs [ "esphome" "api" "platform" "wifi" "i2c" "logger" "ota" "sensor" ] (key: - mkOption { - type = types.unspecified; - default = {}; - } - ); - } + options = { + } // genAttrs [ "esphome" "api" "platform" "wifi" "i2c" "logger" "ota" "sensor" "secrets" ] (key: + mkOption { + type = types.unspecified; + default = {}; + } + ); + imports = with meta; [ + esphome.base + ]; +} diff --git a/modules/meta/deploy.nix b/modules/meta/deploy.nix index 6682fcb5..6e018c2f 100644 --- a/modules/meta/deploy.nix +++ b/modules/meta/deploy.nix @@ -1,4 +1,4 @@ -{ inputs, config, pkgs, lib, ... }: +{ inputs, tree, config, pkgs, lib, ... }: /* This module: @@ -32,7 +32,7 @@ in { imports = [ "${toString inputs.tf-nix}/modules/run.nix" - ] ++ (optional (builtins.pathExists ../../tf/tf.nix) (../../tf/tf.nix)); + ]; options = { deploy = { dataDir = mkOption { @@ -73,8 +73,9 @@ in }; config.tf = mkMerge (singleton ({ ... }: { - imports = [ - ../../tf.nix + imports = if name == "home" then attrValues (removeAttrs tree.impure.modules.tf [ "acme" "__functor" ]) + else [ + tree.impure.modules.tf ]; deploy.gcroot = { name = mkDefault "kw-${config.name}"; diff --git a/modules/meta/genesis.nix b/modules/meta/genesis.nix new file mode 100644 index 00000000..92125886 --- /dev/null +++ b/modules/meta/genesis.nix @@ -0,0 +1,7 @@ +{ config, pkgs, root, ... }: { + runners.lazy = { + file = root; + args = [ "--show-trace" ]; + }; + deploy.targets.dummy.enable = false; +} diff --git a/modules/meta/imports.nix b/modules/meta/imports.nix index 7b76e11f..3b2ee613 100644 --- a/modules/meta/imports.nix +++ b/modules/meta/imports.nix @@ -32,8 +32,8 @@ with lib; (root + "/nixos/systems/HN/nixos.nix") ]); esphomeImports = mkDefault (map (path: toString path) [ - (root + "/esphome/HN.nix") - (root + "/esphome/HN/esphome.nix") + (root + "/esphome/boards/HN.nix") + (root + "/esphome/boards/HN/esphome.nix") ]); darwinImports = mkDefault (map (path: toString path) [ (root + "/darwin/systems/HN.nix") diff --git a/modules/meta/network.nix b/modules/meta/network.nix index 5832149b..d3eea049 100644 --- a/modules/meta/network.nix +++ b/modules/meta/network.nix @@ -55,7 +55,7 @@ with lib; }; nodes.esphome = let esphomeType = types.submoduleWith { - modules = [ { _module.args.pkgs = pkgs; } ] ++ config.network.esphome.extraModules; + modules = config.network.esphome.extraModules; inherit (config.network.esphome) specialArgs; }; in mkOption { @@ -140,6 +140,7 @@ with lib; esphome = { extraModules = [ meta.modules.esphome + meta.modules.system.genesis ]; specialArgs = { target = config.deploy.targets.home; @@ -149,8 +150,9 @@ with lib; }; darwin = { extraModules = [ - inputs.home-manager.darwinModules.home-manager + inputs.home-manager.darwinModules.home-manager meta.modules.darwin + meta.modules.system.genesis meta.modules.system meta.system ]; @@ -161,7 +163,8 @@ with lib; }; nixos = { extraModules = [ - inputs.home-manager.nixosModules.home-manager + inputs.home-manager.nixosModules.home-manager + meta.modules.system.genesis meta.modules.nixos meta.modules.system meta.nixos.network diff --git a/modules/meta/networks.nix b/modules/meta/networks.nix new file mode 100644 index 00000000..a775a346 --- /dev/null +++ b/modules/meta/networks.nix @@ -0,0 +1,26 @@ +{ config, lib, ... }: with lib; { + options = { + networks = mkOption { + type = with types; attrsOf (submodule ({ name, config, ... }: { + options = { + member_configs = mkOption { + type = unspecified; + }; + members = mkOption { + type = unspecified; + }; + }; + })); + }; + }; + config = { + networks = let + names = [ "gensokyo" "chitei" "internet" "tailscale" ]; + network_filter = network: rec { + member_configs = filterAttrs (_: nodeConfig: nodeConfig.networks.${network}.interfaces != []) config.network.nodes.nixos; + members = mapAttrs (_: nodeConfig: nodeConfig.networks.${network}) member_configs; + }; + networks' = genAttrs names network_filter; + in networks'; + }; +} diff --git a/modules/meta/secrets.nix b/modules/meta/secrets.nix index 16cb85fc..c7e08675 100644 --- a/modules/meta/secrets.nix +++ b/modules/meta/secrets.nix @@ -1,5 +1,9 @@ -{ config, lib, ... }: with lib; { +{ config, pkgs, lib, ... }: with lib; { options.kw.secrets.command = mkOption { type = types.str; + default = let + bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"''; + in + "${bitw}/bin/bitw get"; }; } diff --git a/modules/meta/tailscale.nix b/modules/meta/tailscale.nix new file mode 100644 index 00000000..d54c18f4 --- /dev/null +++ b/modules/meta/tailscale.nix @@ -0,0 +1,42 @@ +{ config, pkgs, lib, root, ... }: with lib; let + home = config.deploy.targets.home.tf; +in { + options = { + tailnet_uri = mkOption { + type = types.str; + }; + tailnet = mkOption { + type = types.attrsOf (types.submodule ({ name, config, ... }: { + options = { + ipv4 = mkOption { + type = types.str; + }; + ipv6 = mkOption { + type = types.str; + }; + pp = mkOption { + type = types.unspecified; + default = family: port: "http://${config."ipv${toString family}"}:${toString port}/"; + }; + ppp = mkOption { + type = types.unspecified; + default = family: port: path: "http://${config."ipv${toString family}"}:${toString port}/${path}"; + }; + tags = mkOption { + type = types.listOf types.str; + }; + }; + })); + }; + }; + config = { + tailnet_uri = "inskip.me"; + tailnet = let + raw = home.resources.tailnet_devices.importAttr "devices"; + in mkIf (home.state.enable) (mapListToAttrs (elet: nameValuePair (removeSuffix ".${config.tailnet_uri}" elet.name) { + tags = elet.tags; + ipv4 = head (filter (e: hasInfix "." e) elet.addresses); + ipv6 = head (filter (e: hasInfix ":" e) elet.addresses); + }) raw); + }; +} diff --git a/modules/system/genesis.nix b/modules/system/genesis.nix new file mode 100644 index 00000000..31c4092e --- /dev/null +++ b/modules/system/genesis.nix @@ -0,0 +1,3 @@ +{ config, pkgs, lib, ... }: { + _module.args.pkgs = lib.mkDefault pkgs; +} diff --git a/modules/tf/acme.nix b/modules/tf/acme.nix new file mode 100644 index 00000000..49b4b9ff --- /dev/null +++ b/modules/tf/acme.nix @@ -0,0 +1,23 @@ +{ config, meta, lib, target, ... }: with lib; +let + home = meta.deploy.targets.home.tf; +in lib.mkIf (target != "home") { + acme = { + enable = true; + account = { + register = lib.mkDefault false; + emailAddress = "kat@inskip.me"; + accountKeyPem = home.resources.acme_private_key.importAttr "private_key_pem"; + }; + challenge = { + defaultProvider = "rfc2136"; + configs.rfc2136 = { + RFC2136_NAMESERVER = config.variables.katdns-address.ref; + RFC2136_TSIG_KEY = config.variables.katdns-name.ref; + RFC2136_TSIG_SECRET = config.variables.katdns-key.ref; + RFC2136_TSIG_ALGORITHM = "hmac-sha512"; + }; + }; + }; + +} diff --git a/modules/tf/gcroot.nix b/modules/tf/gcroot.nix new file mode 100644 index 00000000..847b542b --- /dev/null +++ b/modules/tf/gcroot.nix @@ -0,0 +1,3 @@ +{ config, ... }: { + deploy.gcroot.enable = true; +} diff --git a/tf.nix b/modules/tf/katdns.nix similarity index 58% rename from tf.nix rename to modules/tf/katdns.nix index 93b57460..f20395b9 100644 --- a/tf.nix +++ b/modules/tf/katdns.nix @@ -1,8 +1,4 @@ -{ config, meta, lib, ... }: with lib; - -{ - deploy.gcroot.enable = true; - +{ config, lib, ... }: with lib; { variables.katdns-address = { value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f address"; type = "string"; @@ -18,22 +14,6 @@ type = "string"; sensitive = true; }; - acme = { - enable = true; - account = { - emailAddress = "kat@inskip.me"; - accountKeyPem = home.resources.acme_private_key.importAttr "private_key_pem"; - }; - challenge = { - defaultProvider = "rfc2136"; - configs.rfc2136 = { - RFC2136_NAMESERVER = tf.variables.katdns-address.ref; - RFC2136_TSIG_KEY = tf.variables.katdns-name.ref; - RFC2136_TSIG_SECRET = tf.variables.katdns-key.ref; - RFC2136_TSIG_ALGORITHM = "hmac-sha512"; - }; - }; - }; providers.katdns = { type = "dns"; diff --git a/modules/type/secretType.nix b/modules/type/secretType.nix new file mode 100644 index 00000000..b163582c --- /dev/null +++ b/modules/type/secretType.nix @@ -0,0 +1,32 @@ +{ config, lib, ... }: with lib; let + secretType = types.submodule ({ name, ... }: { + options = { + path = mkOption { type = types.str; }; + field = mkOption { + type = types.str; + default = ""; + }; + }; + }); + repoSecretType = types.submodule ({ name, ... }: { + options = { + source = mkOption { + type = types.path; + }; + text = mkOption { + type = types.str; + }; + }; + }); +in { + options.secrets = { + variables = mkOption { + type = types.attrsOf secretType; + default = { }; + }; + repo = mkOption { + type = types.attrsOf repoSecretType; + default = { }; + }; + }; +} diff --git a/nixos/systems/koishi.nix b/nixos/systems/koishi.nix index f23f1412..7546c00a 100644 --- a/nixos/systems/koishi.nix +++ b/nixos/systems/koishi.nix @@ -17,6 +17,10 @@ User root ''; +virtualisation.docker.enable = true; + +environment.systemPackages = [ pkgs.docker-compose ]; + nix.buildMachines = [ { hostName = "daiyousei-build"; system = "aarch64-linux"; diff --git a/nixos/systems/tewi/home-assistant.nix b/nixos/systems/tewi/home-assistant.nix index 8030987d..82f05921 100644 --- a/nixos/systems/tewi/home-assistant.nix +++ b/nixos/systems/tewi/home-assistant.nix @@ -43,6 +43,13 @@ unit_system = "metric"; external_url = "https://home.gensokyo.zone"; }; + frontend = { + themes = "!include_dir_merge_named themes"; + }; + powercalc = { + }; + utility_meter = { + }; logger = { default = "info"; }; @@ -101,7 +108,6 @@ counter = {}; device_tracker = {}; energy = {}; - frontend = {}; group = {}; history = {}; image = {}; @@ -135,6 +141,7 @@ psycopg2 aiohomekit securetar + (aiogithubapi.overrideAttrs (_: { doInstallCheck = false; })) ]; extraComponents = [ "zha" diff --git a/nixos/systems/tewi/mosquitto.nix b/nixos/systems/tewi/mosquitto.nix index 8f3c7ec9..34956caf 100644 --- a/nixos/systems/tewi/mosquitto.nix +++ b/nixos/systems/tewi/mosquitto.nix @@ -21,6 +21,11 @@ field = "hass"; }; + kw.secrets.variables.espresence-pass = { + path = "secrets/mosquitto"; + field = "espresence"; + }; + secrets.files.z2m-pass = { text = tf.variables.z2m-pass.ref; owner = "mosquitto"; @@ -39,6 +44,12 @@ group = "mosquitto"; }; + secrets.files.espresence-pass = { + text = tf.variables.espresence-pass.ref; + owner = "mosquitto"; + group = "mosquitto"; + }; + services.mosquitto = { enable = true; persistence = true; @@ -53,6 +64,12 @@ "readwrite #" ]; }; + espresence = { + passwordFile = config.secrets.files.espresence-pass.path; + acl = [ + "readwrite #" + ]; + }; systemd = { passwordFile = config.secrets.files.systemd-pass.path; acl = [ diff --git a/outputs.nix b/outputs.nix deleted file mode 100644 index 523747ac..00000000 --- a/outputs.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ inputs, system ? builtins.currentSystem or "x86_64-linux" , ... }: let - optionalAttrs = cond: as: if cond then as else { }; - - bootstrapPkgs = import ./overlays { inherit inputs system; }; - inherit (pkgs) lib; - - patchedInputs = inputs /*// { - nixpkgs = bootstrapPkgs.applyPatches { - name = "nixpkgs"; - src = inputs.nixpkgs; - patches = [ - ]; - }; - }*/ // { darwin = bootstrapPkgs.applyPatches { - name = "darwin"; - src = inputs.darwin; - patches = [ (bootstrapPkgs.fetchpatch { - url = "https://patch-diff.githubusercontent.com/raw/LnL7/nix-darwin/pull/310.patch"; - sha256 = "sha256-drnLOhF8JGXx8YY7w1PD2arUZvbqafWPTatQNTHt+QI="; - }) ]; - }; }; - - pkgs = import ./overlays { inherit system; inputs = patchedInputs; }; - - mkTree = import ./tree.nix { inherit lib; }; - localTree = mkTree { - inputs = patchedInputs; - folder = ./.; - config = { - "/" = { - excludes = [ - "tf" - "inputs" - "tree" - "flake" - "meta" - "outputs" - "inputs" - "trusted" - ]; - }; - "modules/nixos" = { - functor = { - enable = true; - external = [ - (inputs.tf-nix + "/modules/nixos/secrets.nix") - (inputs.tf-nix + "/modules/nixos/secrets-users.nix") - ] ++ (with (import (inputs.arcexprs + "/modules")).nixos; [ - nix - systemd - dht22-exporter - glauth - modprobe - kernel - crypttab - mutable-state - common-root - pulseaudio - wireplumber - alsa - bindings - matrix-appservices - matrix-synapse-appservices - display - filebin - mosh - base16 base16-shared - doc-warnings - ]); - }; - }; - "modules/home" = { - functor = { - enable = true; - external = [ - (import (inputs.arcexprs + "/modules")).home-manager - (inputs.tf-nix + "/modules/home/secrets.nix") - ]; - }; - }; - "modules/darwin".functor.enable = true; - "modules/system".functor.enable = true; - "modules/esphome".functor.enable = true; - "modules/meta".functor.enable = true; - "nixos/systems".functor.enable = false; - "darwin/systems".functor.enable = false; - "nixos/*".functor = { - enable = true; - }; - "darwin/*".functor = { - enable = true; - }; - "system".functor.enable = true; - "hardware".evaluateDefault = true; - "nixos/cross".evaluateDefault = true; - "hardware/*".evaluateDefault = true; - "services/*".aliasDefault = true; - "home".evaluateDefault = true; - "home/*".functor.enable = true; - }; - }; - trustedTree = mkTree { - inputs = patchedInputs; - folder = inputs.trusted; - config = { - "secrets".evaluateDefault = true; - }; - }; - - tree = localTree // { - pure = localTree.pure // { - trusted = trustedTree.pure; - }; - impure = localTree.impure // { - trusted = trustedTree.impure; - }; - }; - - root = ./.; - - metaBase = import ./meta.nix { inherit config lib pkgs root; }; - - nixfiles = tree.impure; - - eval = let - esphomeNodes = (map - (node: { - network.nodes.esphome.${node} = { - imports = config.lib.kw.esphomeImport node; - esphome = { - name = node; - }; - }; - }) - (lib.attrNames nixfiles.esphome)); - nixosNodes = (map - (node: { - network.nodes.nixos.${node} = { - imports = config.lib.kw.nixosImport node; - networking = { - hostName = node; - }; - }; - }) - (lib.attrNames nixfiles.nixos.systems)); - darwinNodes = (map - (node: { - network.nodes.darwin.${node} = { - imports = config.lib.kw.darwinImport node; - networking = { - hostName = node; - }; - }; - }) - (lib.attrNames nixfiles.darwin.systems)); - in lib.evalModules { - modules = lib.singleton metaBase - ++ lib.singleton nixfiles.modules.meta - ++ lib.attrValues nixfiles.targets - ++ nixosNodes - ++ darwinNodes - ++ esphomeNodes; - - specialArgs = { - inherit root tree; - inputs = patchedInputs; - meta = self; - } // nixfiles; - }; - - inherit (eval) config; - - - self = config // { inherit pkgs lib tree; inputs = patchedInputs; } // nixfiles; -in - self diff --git a/overlays/local/default.nix b/overlays/local/default.nix index 42c983c9..47e5af3c 100644 --- a/overlays/local/default.nix +++ b/overlays/local/default.nix @@ -25,8 +25,8 @@ final: prev: { provider-source-address = "registry.terraform.io/${owner}/${owner}"; repo = "terraform-provider-tailscale"; rev = "v${version}"; - sha256 = "sha256-/qC8TOtoVoBTWeAFpt2TYE8tlYBCCcn/mzVQ/DN51YQ="; - vendorSha256 = "sha256-8EIxqKkVO706oejlvN79K8aEZAF5H2vZRdr5vbQa0l4="; + hash = "sha256-/qC8TOtoVoBTWeAFpt2TYE8tlYBCCcn/mzVQ/DN51YQ="; + vendorHash = "sha256-8EIxqKkVO706oejlvN79K8aEZAF5H2vZRdr5vbQa0l4="; version = "0.13.5"; }; }; diff --git a/patchedInputs.nix b/patchedInputs.nix new file mode 100644 index 00000000..a9187a6e --- /dev/null +++ b/patchedInputs.nix @@ -0,0 +1,19 @@ +{ inputs, system, ... }: let + pkgs = import ./overlays { inherit inputs system; }; # A local import of nixpkgs without patching. +in inputs /*// { + nixpkgs = pkgs.applyPatches { + name = "nixpkgs"; + src = inputs.nixpkgs; + patches = [ + ]; + }; + }*/ // { darwin = pkgs.applyPatches { + # TODO: close when emi's PR is merged + name = "darwin"; + src = inputs.darwin; + patches = [ (pkgs.fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/LnL7/nix-darwin/pull/310.patch"; + sha256 = "sha256-drnLOhF8JGXx8YY7w1PD2arUZvbqafWPTatQNTHt+QI="; + }) ]; + }; } + diff --git a/targets/home.nix b/targets/home.nix index 2e06111b..afe30fa6 100644 --- a/targets/home.nix +++ b/targets/home.nix @@ -11,7 +11,7 @@ export = true; }; acme.account = { - register = false; + register = lib.mkForce true; emailAddress = "kat@inskip.me"; accountKeyPem = config.resources.acme_private_key.refAttr "private_key_pem"; }; diff --git a/tf b/tf index 856827e2..ca992c8b 160000 --- a/tf +++ b/tf @@ -1 +1 @@ -Subproject commit 856827e23fd7f1ef1d07dea9c5be26c0a0f7dee8 +Subproject commit ca992c8b1f24bd9134f4a706ff7c476d62d885bc diff --git a/tree.nix b/tree.nix index 027fc138..2dd5f43b 100644 --- a/tree.nix +++ b/tree.nix @@ -1,130 +1,99 @@ -{ lib }: { config, folder, inputs, ... }@args: let - inherit (lib.attrsets) filterAttrs mapAttrs' mapAttrs isAttrs nameValuePair attrValues; - inherit (lib.strings) hasPrefix removeSuffix; - inherit (lib.lists) imap1 singleton optionals optional sublist; - inherit (lib.trivial) pipe; - inherit (lib.options) mkOption; - inherit (lib.modules) evalModules; - pureTreeGrab = { base, path }: let - realPath = toString path; - dirContents = builtins.readDir path; - isDirectory = entry: dirContents."${entry}" == "directory"; - isHidden = entry: hasPrefix "." entry; - isDir = entry: _: (isDirectory entry) && !(isHidden entry); - directories = filterAttrs isDir dirContents; - isNixFile = entry: _: let - result = builtins.match "(.*)\\.nix" entry; - in result != null && builtins.length result > 0; - nixFiles = filterAttrs isNixFile dirContents; - getPath = entry: "${realPath}/${entry}"; - getPaths = entries: mapAttrs' (n: v: - nameValuePair (removeSuffix ".nix" n) (getPath n) - ) entries; - nixFilePaths = getPaths nixFiles; - dirPaths = getPaths directories; - recursedPaths = mapAttrs (_: fullPath: pureTreeGrab { - inherit base; - path = fullPath; - }) dirPaths; - contents = recursedPaths // nixFilePaths; - in contents; - configTreeStruct = { config, ... }: { - options.treeConfig = mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ name, options, config, ... }: { - options = { - evaluateDefault = mkOption { - type = lib.types.bool; - description = "Replace the contents of this branch or leaf with those provided by the evaluation of default.nix."; - default = false; - }; - aliasDefault = mkOption { - type = lib.types.bool; - description = "Replace the contents of this branch or leaf with the default.nix."; - default = false; - }; - excludes = mkOption { - type = lib.types.listOf lib.types.str; - description = "Exclude files or folders from the recurser."; - default = []; - }; - functor = { - enable = mkOption { - type = lib.types.bool; - description = "Provide a functor for the path provided"; - default = false; - }; - external = mkOption { - type = lib.types.listOf lib.types.unspecified; - description = "Add external imports into the functor."; - default = []; - }; - excludes = mkOption { - type = lib.types.listOf lib.types.str; - description = "Exclude files or folders from the functor."; - default = []; - }; - }; - }; - })); - }; - config.treeConfig = { - "*" = {}; - "/" = {}; - }; - }; - configTree.treeConfig = config; - configTreeModule = (evalModules { - modules = [ - configTreeStruct - configTree - ]; - }).config.treeConfig; - mapAttrsRecursive = f: set: let - recurse = path: set: let - g = name: value: if isAttrs value - then f (path ++ [name]) (recurse (path ++ [name]) value) - else f (path ++ [name]) value; - in mapAttrs g set; - in f [] (recurse [] set); - getPathString = path: builtins.concatStringsSep "/" path; - getConfig = path: default: configTreeModule.${getPathString path} or default; - revtail = path: sublist 0 (builtins.length path - 1) path; - getConfigRecursive = path: let - parentPath = revtail path; - in getConfig (path ++ singleton "*") (getConfigRecursive parentPath); - processLeaves = tree: config: mapAttrsRecursive (path: value: let - pathString = getPathString path; - leafConfig = if path == [] then - configTreeModule."/" - else getConfig path (getConfigRecursive (revtail path)); - processConfig = path: value: let - processFunctor = prev: prev // { - __functor = self: { ... }: { - imports = attrValues (removeAttrs prev leafConfig.functor.excludes) ++ leafConfig.functor.external; +{ inputs, lib, ... }: let + mkTree = import ./mkTree.nix { inherit lib; }; + localTree = mkTree { + inherit inputs; + folder = ./.; + config = { + "/" = { + excludes = [ + "tf" + "inputs" + "default" + "patchedInputs" + "mkTree" + "outputs" + "tree" + "flake" + "meta" + "inputs" + "trusted" + ]; + }; + "modules/nixos" = { + functor = { + external = [ + (inputs.tf-nix + "/modules/nixos/secrets.nix") + (inputs.tf-nix + "/modules/nixos/secrets-users.nix") + ] ++ (with (import (inputs.arcexprs + "/modules")).nixos; [ + nix + systemd + dht22-exporter + glauth + modprobe + kernel + crypttab + mutable-state + common-root + pulseaudio + wireplumber + alsa + bindings + matrix-appservices + matrix-synapse-appservices + display + filebin + mosh + base16 base16-shared + doc-warnings + ]); }; }; - processAliasDefault = prev: prev.default; - processDefault = prev: import prev.default (args // { - inherit lib; - tree = { - prev = removeAttrs prev (singleton "default"); - pure = pureTree; - impure = impureTree; + "modules/home" = { + functor = { + external = [ + (import (inputs.arcexprs + "/modules")).home-manager + (inputs.tf-nix + "/modules/home/secrets.nix") + ]; }; - }); - processExcludes = prev: removeAttrs prev leafConfig.excludes; - processes = optionals (isAttrs value) ( - optional (leafConfig.excludes != []) processExcludes - ++ optional leafConfig.evaluateDefault processDefault - ++ optional leafConfig.aliasDefault processAliasDefault - ++ optional leafConfig.functor.enable processFunctor - ); - in pipe value processes; - in processConfig path value) tree; - pureTree = pureTreeGrab { base = folder; path = folder; }; - impureTree = processLeaves pureTree configTreeModule; -in { - config = configTreeModule; - pure = pureTree; - impure = impureTree; -} + }; + "modules/nixos".functor.enable = true; + "modules/darwin".functor.enable = true; + "modules/meta".functor.enable = true; + "modules/tf".functor.enable = true; + "modules/system".functor.enable = true; + "modules/home".functor.enable = true; + "modules/esphome".functor.enable = true; + "modules/type".functor.enable = true; + "nixos/systems".functor.enable = false; + "darwin/systems".functor.enable = false; + "nixos/*".functor = { + enable = true; + }; + "darwin/*".functor = { + enable = true; + }; + "system".functor.enable = true; + "hardware".evaluateDefault = true; + "nixos/cross".evaluateDefault = true; + "hardware/*".evaluateDefault = true; + "services/*".aliasDefault = true; + "home".evaluateDefault = true; + "home/*".functor.enable = true; + }; + }; + trustedTree = mkTree { + inherit inputs; + folder = inputs.trusted; + config = { + "secrets".evaluateDefault = true; + }; + }; + tree = localTree // { + pure = localTree.pure // { + trusted = trustedTree.pure; + }; + impure = localTree.impure // { + trusted = trustedTree.impure; + }; + }; +in tree diff --git a/trusted/flake.lock b/trusted/flake.lock index 7656ab57..4dce36fe 100644 --- a/trusted/flake.lock +++ b/trusted/flake.lock @@ -3,11 +3,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1657481944, - "narHash": "sha256-b9fAcaHvclH50zjwxCq972F7uKNEerkShjM5YFOm6RA=", + "lastModified": 1664324035, + "narHash": "sha256-X/aULANyF9pHR+OejllcIG1vSs4H0sis5212dt6i/Xo=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "493ec79ee75efe10f06747d83e5eaca4409a4a6c", + "rev": "6b308153ddc58f1ed5e3223cb242ac4867ef5712", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1654122671, - "narHash": "sha256-75xNbnJ29pWK2GbOEA9yUA6mvx5hcDWBFaSOSpv5Ob0=", + "lastModified": 1658370007, + "narHash": "sha256-gKxTtjSPwTNp1Lcqynw8HYDSq/wtF7EmF4NvS0dyeb8=", "owner": "arcnmx", "repo": "ci", - "rev": "b78a5e52a21dad03dd4ca6d46354be6da1cf727a", + "rev": "5cec82ebd5614fdeaaf442c4390451e2f483fdc4", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1651916036, - "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", + "lastModified": 1664210064, + "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", + "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", "type": "github" }, "original": { @@ -59,11 +59,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1657393840, - "narHash": "sha256-ISaIbqCNKKz9DhrTVKvDS40CzZiqICb2eDepGUdwYQA=", + "lastModified": 1660901074, + "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "33c5f3721a704c72e49efc5960be3785d1a80b81", + "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1655900328, - "narHash": "sha256-fEYwFxW2sdzNK14DrS92OCGy8KDPZKewrHljnE/RlzQ=", + "lastModified": 1662645711, + "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=", "owner": "doomemacs", "repo": "snippets", - "rev": "6b2bd5a77c536ed414794ecf71d37a60ebd4663e", + "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00", "type": "github" }, "original": { @@ -92,11 +92,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1657840190, - "narHash": "sha256-eg4YXDAUm/6E3zcQW7vebDuWosx2opJ/EgknDTr8cQ4=", + "lastModified": 1662654452, + "narHash": "sha256-mrr161UOnVNx2pzR9ePmhVlxapzQ57ZDSLb9BRgW0bo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b51bea50371cc7a98863fb64bf1aaa1126a68a36", + "rev": "70e241d5b189982dabc1fe55829475c5c483c89d", "type": "github" }, "original": { @@ -235,11 +235,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -348,11 +348,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1657850811, - "narHash": "sha256-UeeaT2If2wixWzjRj31QM55lpt5Eq+PM+ZeXYK0Zq0Y=", + "lastModified": 1662839665, + "narHash": "sha256-TGSRXMmRTn4eza3q0XvqpuPoeCnkktPeD0TaM/V1pZ0=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc", + "rev": "acbf1b70335d4fd6a6c05bc417d7f3ca44739437", "type": "github" }, "original": { @@ -395,11 +395,11 @@ ] }, "locked": { - "lastModified": 1658858203, - "narHash": "sha256-swzDI7Ryhnj35E4JjNB4OhGgtIuehh1bay1ZHVODA6s=", + "lastModified": 1664474132, + "narHash": "sha256-leeynikJOn2sxA03UvIzKiyctFeSLCGuh5tf0Uh6/1M=", "owner": "kittywitch", "repo": "nixfiles", - "rev": "d10b95e21a6beee38705042b040467fc41b15992", + "rev": "a0f9d0ab488632eb163885f0e817d83ca5d663ab", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1657447684, - "narHash": "sha256-FCP9AuU1q6PE3vOeM5SFf58f/UKPBAsoSGDUGamNBbo=", + "lastModified": 1664281702, + "narHash": "sha256-haixZ4TJLu1Dciow54wrHrHvlGDVr5sW6MTeAV/ZLuI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88", + "rev": "7e52b35fe98481a279d89f9c145f8076d049d2b9", "type": "github" }, "original": { @@ -442,11 +442,11 @@ }, "nur": { "locked": { - "lastModified": 1657535550, - "narHash": "sha256-8WwxmlXe6o1Ob8rQan8R1H1NKSNaxqRuIuIU5RVhyd4=", + "lastModified": 1664382743, + "narHash": "sha256-rtDxdzj5IBvO114QP9gyfjVt9N7tZWd0e2/RQxrDtw4=", "owner": "nix-community", "repo": "nur", - "rev": "f0faa262c28384df0c00ec2c64e8031c4fbd0a61", + "rev": "8ca43145e3b31861d807c8df3ce53f559c3b5762", "type": "github" }, "original": { @@ -475,11 +475,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1657805672, - "narHash": "sha256-AtB0epI4wGsY/kesgX/OshHYYY0uZJq4oTFO8wSWDlU=", + "lastModified": 1662614940, + "narHash": "sha256-9eAqhKXpTfZQH3bn19ien3HIzF100h8z97iHqs/QUgY=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "d9479887226ad79a1a8de739e7be0fc1fffec536", + "rev": "eb5ef0ae1424a725f933ef3929e5396a2ab727ab", "type": "github" }, "original": { @@ -491,11 +491,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1652646857, - "narHash": "sha256-IWIShWyVnbwXqGLQaDNvJ0KoepxhIrXWTjPyGPEkQ14=", + "lastModified": 1661026052, + "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa", + "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e", "type": "github" }, "original": { @@ -539,11 +539,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1653993278, - "narHash": "sha256-X43lsjoLBWmttIKj9Jzut0UP0dZlsue3fYbJ3++ojbU=", + "lastModified": 1662369032, + "narHash": "sha256-1BZWA3W77YbNZUj+7vJbkTeWY8O4jjPg7t5PvlEVDYA=", "owner": "hakimel", "repo": "reveal.js", - "rev": "039972c730690af7a83a5cb832056a7cc8b565d7", + "rev": "8a97ad58b04045fe5a9c964aa31659bd27e665c5", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "tf-nix": { "flake": false, "locked": { - "lastModified": 1657549622, - "narHash": "sha256-gIoMfy8Roq4hh2BBL3Hd8Z+FsPtC4bGAcS/yttuahwg=", + "lastModified": 1663367102, + "narHash": "sha256-gcUzQDyXogvQ0TSYX2lrKQ5D/3k76w/lmL6tNrnNwXk=", "owner": "arcnmx", "repo": "tf-nix", - "rev": "c99cf454785d57cb430ae09c3327a0b619e2eed1", + "rev": "133b92ea58c8c0cd7d02674013d67b54e169141f", "type": "github" }, "original": { @@ -627,11 +627,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1657604837, - "narHash": "sha256-ztIkLW/CGh5cOfL9VrbP4N055aXKU0uraipeTFTYFM0=", + "lastModified": 1662386895, + "narHash": "sha256-pYW2hcHgkr9KYdRvX2EkpOt/OL8yl+mkZ21JbMKWc8Q=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "33e3fb561e71cf0ab83833d45c55909583fc3899", + "rev": "017402713bd2f1fd7a691aa48afb4330f5397432", "type": "github" }, "original": {