wip: flakes

2026-03-16 10:11:08 +01:00 · 2021-12-29 17:41:53 +01:00
22 changed files with 290 additions and 192 deletions
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -1,12 +1,4 @@
 { config, lib, pkgs, ... }: {
  imports = [
    <niveum/modules/dropbox.nix>
  ];
  niveum = {
    dropbox.enable = false;
  };
  system.activationScripts.home-symlinks = ''
    ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -1,18 +1,16 @@
-{ pkgs, lib, config, options, ... }:
+{ inputs, pkgs, lib, config, options, ... }:
 let
  inherit (lib.strings) makeBinPath;
  inherit (import <niveum/lib>) localAddresses kieran;
 in {
  imports = [
-    <home-manager/nixos>
+    ../modules/system-dependent.nix
    <niveum/modules/system-dependent.nix>
    {
      boot.supportedFilesystems = [ "ntfs" ];
    }
    {
      nix.nixPath = [
        "/var/src"
        "nixpkgs-overlays=${toString ../overlays}"
      ];
    }
    {
@@ -20,18 +18,14 @@ in {
        config = {
          allowUnfree = true;
          packageOverrides = pkgs: {
            writeDashBin = pkgs.writers.writeDashBin;
            writeDash = pkgs.writers.writeDash;
            gfs-fonts = pkgs.callPackage <niveum/packages/gfs-fonts.nix> {};
            iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> { };
            ix = pkgs.callPackage <niveum/packages/ix.nix> { };
          };
        };
        overlays = [
          (import <nix-writers/pkgs>)
          (import <stockholm/krebs/5pkgs>)
          (self: super: {
-            scripts = import <niveum/packages/scripts> { pkgs = super; lib = super.lib; };
+            scripts = import <niveum/packages/scripts> { pkgs = super; inherit lib; };
          })
        ];
      };
@@ -203,13 +197,11 @@ in {
    ./ccc.nix
    # ./kleiter.nix
    ./khal.nix
    ./engiadina.nix
    ./chromium.nix
    ./cloud.nix
    ./copyq.nix
    ./compton.nix
    ./direnv.nix
    ./distrobump.nix
    ./docker.nix
    ./dunst.nix
    ./flix.nix
--- a/configs/distrobump.nix
+++ b/configs/distrobump.nix
@@ -1,10 +0,0 @@
 { lib, config, pkgs, ... }: {
  imports = [
    (import <stockholm/makefu/3modules/bump-distrowatch.nix> {
      inherit lib config;
      pkgs = pkgs // { writeDash = pkgs.writers.writeDash; };
    })
  ];
  makefu.distrobump.enable = false;
 }
--- a/configs/engiadina.nix
+++ b/configs/engiadina.nix
@@ -1,30 +0,0 @@
 { config, pkgs, ... }:
 let
  inherit (import <niveum/lib>) tmpfilesConfig;
  cdnRoot = "/var/lib/engiadina";
 in
 {
  imports = [ <stockholm/krebs/3modules/permown.nix> ];
  krebs.permown.${cdnRoot} = {
    owner = config.users.users.me.name;
    group = "users";
    umask = "0002";
  };
  services.nginx = {
    enable = true;
    virtualHosts.default = {
      root = cdnRoot;
      listen = [{
        addr = "0.0.0.0";
        port = 3333;
      }];
    };
  };
  environment.shellAliases = {
    engiadina-watch = "${pkgs.findutils}/bin/find extra-src src | ${pkgs.entr}/bin/entr -s 'build-component && ${pkgs.rsync}/bin/rsync -avu dist/*.js ${cdnRoot}/'";
    engiadina-edit = "$EDITOR ${cdnRoot}/index.html";
  };
 }
--- a/configs/hledger.nix
+++ b/configs/hledger.nix
@@ -1,5 +1,5 @@
 { config, pkgs, ... }: {
-  imports = [ <niveum/modules/hledger.nix> ];
+  imports = [ ../modules/hledger.nix ];
  niveum.hledger = {
    enable = true;
--- a/configs/networkmanager.nix
+++ b/configs/networkmanager.nix
@@ -39,7 +39,7 @@ let
  };
 in
 {
-  imports = [ <niveum/modules/networkmanager-declarative.nix> ];
+  imports = [ ../modules/networkmanager-declarative.nix ];
  networking.networkmanager = {
    enable = true;
--- a/configs/power-action.nix
+++ b/configs/power-action.nix
@@ -3,8 +3,6 @@ let
  suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend";
 in
 {
  imports = [ <stockholm/krebs/3modules/power-action.nix> ];
  krebs.power-action = {
    enable = true;
    plans.suspend = {
--- a/configs/retiolum.nix
+++ b/configs/retiolum.nix
@@ -1,6 +1,6 @@
 { config, pkgs, ... }: {
  imports = [
-    <niveum/modules/retiolum.nix>
+    ../modules/retiolum.nix
  ];
  networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; };
--- a/configs/traadfri.nix
+++ b/configs/traadfri.nix
@@ -4,7 +4,7 @@ let
  living-room-id = 131090;
 in
 {
-  imports = [ <niveum/modules/traadfri.nix> ];
+  imports = [ ../modules/traadfri.nix ];
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "traadfri-party" ''
--- a/configs/wallpaper.nix
+++ b/configs/wallpaper.nix
@@ -1,7 +1,5 @@
 { pkgs, lib, ... }:
 {
  imports = [ <stockholm/krebs/3modules/fetchWallpaper.nix> ];
  krebs.fetchWallpaper = {
    enable = true;
    url = "http://prism.r/realwallpaper-krebs-stars-berlin.png";
--- a/deploy.nix
+++ b/deploy.nix
@@ -1,68 +1,38 @@
 let
  inherit (import ./lib/default.nix) sshPort;
-  gitFromJson = path:
+  krops = builtins.fetchGit { url = "https://cgit.krebsco.de/krops/"; };
    let object = importJson path;
    in {
      inherit (object) url;
      ref = object.rev;
    };
  krops = builtins.fetchGit (gitFromJson .versions/krops.json);
  lib = import "${krops}/lib";
  pkgs = import "${krops}/pkgs" { };
  importJson = (import <nixpkgs> { }).lib.importJSON;
-  regularSystem = { path, name, address }: {
+  source = name: lib.evalSource [{
-    source = lib.evalSource [{
+    niveum.file = toString ./.;
-      niveum.file = toString ./.;
+    system-secrets.pass = {
-      system.file = toString path;
+      dir = toString ~/.password-store;
-      nixos-config.symlink = "system/configuration.nix";
+      name = "systems/${name}";
    };
    secrets.pass = {
      dir = toString ~/.password-store;
      name = "shared";
    };
  }];
-      nixpkgs.git = gitFromJson .versions/nixpkgs.json // { shallow = true; };
+  command = targetPath: ''
-      nixpkgs-unstable.git = gitFromJson .versions/nixpkgs-unstable.json // { shallow = true; };
+    nix-shell -p git --run '
-      home-manager.git = gitFromJson .versions/home-manager.json;
+      nixos-rebuild switch -v --show-trace --flake ${targetPath}/niveum || \
-      stockholm.git = gitFromJson .versions/stockholm.json;
+        nixos-rebuild switch -v --flake ${targetPath}/niveum
-      nix-writers.git = gitFromJson .versions/nix-writers.json;
+    '
-      retiolum.git = gitFromJson .versions/retiolum.json;
+  '';
-      nixpkgs-mozilla.git = gitFromJson .versions/nixpkgs-mozilla.json;
+
-      system-secrets.pass = {
+  createHost = name: target: pkgs.krops.writeCommand "deploy-${name}" {
-        dir = toString ~/.password-store;
+    source = source name;
-        name = "systems/${name}";
+    inherit command target;
      };
      secrets.pass = {
        dir = toString ~/.password-store;
        name = "shared";
      };
    }];
    target = "root@${address}:${toString sshPort}";
  };
-  inherit (pkgs.krops) writeDeploy;
+in rec {
-in {
+  zaatar = createHost "zaatar" "root@zaatar.r:${toString sshPort}";
-  zaatar = writeDeploy "deploy-zaatar" (regularSystem {
+  kabsa = createHost "kabsa" "root@kabsa.r:${toString sshPort}";
-    path = systems/zaatar;
+  makanek = createHost "kabsa" "root@makanek.r:${toString sshPort}";
-    name = "zaatar";
+  manakish = createHost "kabsa" "root@manakish.r:${toString sshPort}";
-    address = "zaatar.r";
+  all = pkgs.writeScript "deploy-all"
-  });
+    (lib.concatStringsSep "\n" [ zaatar kabsa makanek manakish ]);
  kabsa = writeDeploy "deploy-kabsa" (regularSystem {
    path = systems/kabsa;
    name = "kabsa";
    address = "kabsa.r";
  });
  toum = writeDeploy "deploy-toum" (regularSystem {
    path = systems/toum;
    name = "toum";
    address = "toum.r";
  }) // {
    buildTarget = "${builtins.getEnv "USER"}@localhost/${builtins.getEnv "HOME"}/.cache/krops";
  };
  makanek = writeDeploy "deploy-makanek" (regularSystem {
    path = systems/makanek;
    name = "makanek";
    address = "makanek.r";
  });
  manakish = writeDeploy "deploy-manakish" (regularSystem {
    path = systems/manakish;
    name = "manakish";
    address = "manakish.r";
  });
 }
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,150 @@
 {
  "nodes": {
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1639871969,
        "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "697cc8c68ed6a606296efbbe9614c32537078756",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-21.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "krops": {
      "flake": false,
      "locked": {
        "lastModified": 1637419569,
        "narHash": "sha256-0hxKZQIoByRDoPsfQq5qzFJioyWRX/fbpvMO2EYQ9lc=",
        "ref": "master",
        "rev": "13ae434b140035e7e2664bd5a8ef4c475413b2e0",
        "revCount": 115,
        "type": "git",
        "url": "https://cgit.krebsco.de/krops"
      },
      "original": {
        "type": "git",
        "url": "https://cgit.krebsco.de/krops"
      }
    },
    "nix-writers": {
      "flake": false,
      "locked": {
        "lastModified": 1554228333,
        "narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=",
        "ref": "master",
        "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
        "revCount": 32,
        "type": "git",
        "url": "https://cgit.krebsco.de/nix-writers"
      },
      "original": {
        "type": "git",
        "url": "https://cgit.krebsco.de/nix-writers"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1640759603,
        "narHash": "sha256-k4d7oC6GvDV1OKxG325JUDpKtZcDUPEiddnJMOQQ/x8=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "e101dc111ac1e5a21efca7822417acc1cb92013a",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "release-21.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-mozilla": {
      "flake": false,
      "locked": {
        "lastModified": 1638887313,
        "narHash": "sha256-FMYV6rVtvSIfthgC1sK1xugh3y7muoQcvduMdriz4ag=",
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
        "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f",
        "type": "github"
      },
      "original": {
        "owner": "mozilla",
        "repo": "nixpkgs-mozilla",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1640725200,
        "narHash": "sha256-yR8clhRTt1OBFojyBaNnNgD+om51nhuJ1OLqWqdY2Ow=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "eaeea6e9337b93d2acb7c2aa27e3f4617408375a",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "retiolum": {
      "flake": false,
      "locked": {
        "lastModified": 1640724425,
        "narHash": "sha256-eGzvF96ZnrKqvQ7wnpa9OYsfBxUMV0Jdh3QGdZhbSek=",
        "owner": "krebs",
        "repo": "retiolum",
        "rev": "5a32ea07d6ca5668ea06f14dffe94fb46d42c674",
        "type": "github"
      },
      "original": {
        "owner": "krebs",
        "repo": "retiolum",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "krops": "krops",
        "nix-writers": "nix-writers",
        "nixpkgs": "nixpkgs",
        "nixpkgs-mozilla": "nixpkgs-mozilla",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "retiolum": "retiolum",
        "stockholm": "stockholm"
      }
    },
    "stockholm": {
      "flake": false,
      "locked": {
        "lastModified": 1640726454,
        "narHash": "sha256-twePnoB0NRhSM4zJOrUI/Zxzwx/u52ey6zA4YYGEvOc=",
        "ref": "master",
        "rev": "2a47990f16935d909930c9dd1ed6f8f2982df638",
        "revCount": 10218,
        "type": "git",
        "url": "https://cgit.lassul.us/stockholm"
      },
      "original": {
        "type": "git",
        "url": "https://cgit.lassul.us/stockholm"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,79 @@
 # imported from https://github.com/pinpox/nixos/blob/bdc0d47111d57cd19512c83538a01f9f9a3fc847/flake.nix
 # ref https://www.youtube.com/watch?v=mJbQ--iBc1U
 {
  description = "niveum systems";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/release-21.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs";
    home-manager = {
      url = "github:nix-community/home-manager/release-21.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # flake-utils.url = "github:numtide/flake-utils";
    # flake-compat = {
    #   url = "github:edolstra/flake-compat";
    #   flake = false;
    # };
    stockholm = {
      url = "git+https://cgit.lassul.us/stockholm";
      flake = false;
    };
    nix-writers = {
      url = "git+https://cgit.krebsco.de/nix-writers";
      flake = false;
    };
    krops = {
      url = "git+https://cgit.krebsco.de/krops";
      flake = false;
    };
    retiolum = {
      url = "github:krebs/retiolum";
      flake = false;
    };
    nixpkgs-mozilla = {
      url = "github:mozilla/nixpkgs-mozilla";
      flake = false;
    };
  };
  outputs = { self, nixpkgs, nix-writers, home-manager, stockholm, ... }@inputs:
  let
    nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
    defaultModules = [
      { _module.args.inputs = inputs; }
      {
        imports = [
          home-manager.nixosModules.home-manager
          "${stockholm}/krebs/3modules/power-action.nix"
          "${stockholm}/krebs/3modules/fetchWallpaper.nix"
          ({ pkgs, ... }: {
            nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
            nixpkgs.overlays = [
              (import "${nix-writers}/pkgs")
              (import "${stockholm}/krebs/5pkgs")
            ];
          })
          ({ pkgs, ... }: { # https://github.com/Mic92/dotfiles/blob/50826e8f247909557975f4f193ecbb4162b07310/nixos/modules/upgrade-diff.nix
            system.activationScripts.diff = ''
              ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
             '';
          })
        ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
      }
    ];
  in {
    nixosConfigurations = {
      kabsa = nixosSystem {
        system = "x86_64-linux";
        modules = defaultModules ++ [
          systems/kabsa/configuration.nix
        ];
      };
    };
  };
 }
--- a/modules/dropbox.nix
+++ b/modules/dropbox.nix
@@ -1,29 +0,0 @@
 { pkgs, lib, config, ... }:
 with lib;
 let cfg = config.niveum.dropbox;
 in {
  options.niveum.dropbox = { enable = mkEnableOption "Dropbox"; };
  config = mkIf cfg.enable {
    environment.systemPackages = [ pkgs.dropbox-cli ];
    networking.firewall = {
      allowedTCPPorts = [ 17500 ];
      allowedUDPPorts = [ 17500 ];
    };
    systemd.user.services.dropbox = {
      description = "Dropbox synchronisation service";
      wantedBy = [ "graphical-session.target" ];
      serviceConfig = {
        ExecStart = "${pkgs.dropbox.out}/bin/dropbox";
        ExecReload = "${pkgs.coreutils.out}/bin/kill -HUP $MAINPID";
        KillMode = "control-group"; # upstream recommends process
        Restart = "on-failure";
        PrivateTmp = true;
        ProtectSystem = "full";
        Nice = 10;
      };
    };
  };
 }
--- a/overlays/overlays.nix
+++ b/overlays/overlays.nix
@@ -1,6 +0,0 @@
 self: super:
 with super.lib;
 let
  eval = import <nixpkgs/nixos/lib/eval-config.nix>;
  paths = (eval {modules = [(import <nixos-config>)];}).config.nixpkgs.overlays;
 in foldl' (flip extends) (_: super) paths self
--- a/packages/scripts/default.nix
+++ b/packages/scripts/default.nix
@@ -168,7 +168,7 @@ in rec {
      | ${pkgs.man}/bin/man --local-file --pager="${pkgs.bat}/bin/bat -p" -
  '';
-  playlist = import ./pls.nix { inherit pkgs; };
+  playlist = import ./pls.nix { inherit pkgs lib; };
  mpv-tv = import ./mpv-tv.nix { inherit pkgs lib; };
--- a/packages/scripts/pls.nix
+++ b/packages/scripts/pls.nix
@@ -1,7 +1,5 @@
-{ pkgs }:
+{ lib, pkgs }:
 let
  inherit (pkgs) lib;
  playlistAPI = "https://radio.lassul.us";
  sendIRC = pkgs.writers.writeDash "send-irc" ''
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -5,9 +5,9 @@ let
 in
 {
  imports = [
-    <niveum/configs/default.nix>
+    ../../configs/default.nix
-    <niveum/configs/battery.nix>
+    ../../configs/battery.nix
-    <niveum/configs/networkmanager.nix>
+    ../../configs/networkmanager.nix
    ./hardware-configuration.nix
    # <stockholm/krebs/2configs/hw/x220.nix>
  ];
--- a/systems/kabsa/hardware-configuration.nix
+++ b/systems/kabsa/hardware-configuration.nix
@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, modulesPath, ... }: {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -1,7 +1,3 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 let
  inherit (import <niveum/lib>) retiolumAddresses;
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -5,21 +5,21 @@ in
 {
  imports = [
    ./hardware-configuration.nix
-    <home-manager/nixos>
+    "${self.inputs.home-manager}/nixos"
-    <niveum/configs/wpa_supplicant.nix>
+    ../configs/wpa_supplicant.nix
-    <niveum/configs/keyboard.nix>
+    ../configs/keyboard.nix
-    <niveum/modules/retiolum.nix>
+    ../modules/retiolum.nix
-    <niveum/configs/spacetime.nix>
+    ../configs/spacetime.nix
-    <niveum/configs/nix.nix>
+    ../configs/nix.nix
-    <niveum/configs/tuna.nix>
+    ../configs/tuna.nix
-    <niveum/configs/sshd.nix>
+    ../configs/sshd.nix
-    <niveum/configs/version.nix>
+    ../configs/version.nix
-    <niveum/configs/gaslight.nix>
+    ../configs/gaslight.nix
-    <niveum/configs/printing.nix>
+    ../configs/printing.nix
-    <niveum/configs/traadfri.nix>
+    ../configs/traadfri.nix
-    <niveum/configs/bvg.nix>
+    ../configs/bvg.nix
-    <niveum/configs/moodle-dl/meinhark.nix>
+    ../configs/moodle-dl/meinhark.nix
-    <niveum/configs/monitoring/push.nix>
+    ../configs/monitoring/push.nix
    {
      nixpkgs.config.allowUnfree = true;
    }
@@ -40,7 +40,7 @@ in
    {
      environment.systemPackages =
      let
-        worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
+        worldradio = pkgs.callPackage ../packages/worldradio.nix {};
      in [
        (pkgs.writers.writeDashBin "mpv" ''
          ${pkgs.mpv}/bin/mpv --no-video "$@"
--- a/systems/zaatar/hardware-configuration.nix
+++ b/systems/zaatar/hardware-configuration.nix
@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }: {
+{ modulesPath, config, lib, pkgs, ... }: {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
  boot.initrd.availableKernelModules =
    [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];