wip: flakes

2026-03-16 18:21:07 +01:00 · 2021-12-29 17:41:53 +01:00
22 changed files with 290 additions and 192 deletions
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -1,12 +1,4 @@
 { config, lib, pkgs, ... }: {
-  imports = [
-    <niveum/modules/dropbox.nix>
-  ];
-
-  niveum = {
-    dropbox.enable = false;
-  };
-
  system.activationScripts.home-symlinks = ''
    ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -1,18 +1,16 @@
-{ pkgs, lib, config, options, ... }:
+{ inputs, pkgs, lib, config, options, ... }:
 let
  inherit (lib.strings) makeBinPath;
  inherit (import <niveum/lib>) localAddresses kieran;
 in {
  imports = [
-    <home-manager/nixos>
-    <niveum/modules/system-dependent.nix>
+    ../modules/system-dependent.nix
    {
      boot.supportedFilesystems = [ "ntfs" ];
    }
    {
      nix.nixPath = [
        "/var/src"
-        "nixpkgs-overlays=${toString ../overlays}"
      ];
    }
    {
@@ -20,18 +18,14 @@ in {
        config = {
          allowUnfree = true;
          packageOverrides = pkgs: {
-            writeDashBin = pkgs.writers.writeDashBin;
-            writeDash = pkgs.writers.writeDash;
            gfs-fonts = pkgs.callPackage <niveum/packages/gfs-fonts.nix> {};
            iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> { };
            ix = pkgs.callPackage <niveum/packages/ix.nix> { };
          };
        };
        overlays = [
-          (import <nix-writers/pkgs>)
-          (import <stockholm/krebs/5pkgs>)
          (self: super: {
-            scripts = import <niveum/packages/scripts> { pkgs = super; lib = super.lib; };
+            scripts = import <niveum/packages/scripts> { pkgs = super; inherit lib; };
          })
        ];
      };
@@ -203,13 +197,11 @@ in {
    ./ccc.nix
    # ./kleiter.nix
    ./khal.nix
-    ./engiadina.nix
    ./chromium.nix
    ./cloud.nix
    ./copyq.nix
    ./compton.nix
    ./direnv.nix
-    ./distrobump.nix
    ./docker.nix
    ./dunst.nix
    ./flix.nix
--- a/configs/distrobump.nix
+++ b/configs/distrobump.nix
@@ -1,10 +0,0 @@
-{ lib, config, pkgs, ... }: {
-  imports = [
-    (import <stockholm/makefu/3modules/bump-distrowatch.nix> {
-      inherit lib config;
-      pkgs = pkgs // { writeDash = pkgs.writers.writeDash; };
-    })
-  ];
-
-  makefu.distrobump.enable = false;
-}
--- a/configs/engiadina.nix
+++ b/configs/engiadina.nix
@@ -1,30 +0,0 @@
-{ config, pkgs, ... }:
-let
-  inherit (import <niveum/lib>) tmpfilesConfig;
-  cdnRoot = "/var/lib/engiadina";
-in
-{
-  imports = [ <stockholm/krebs/3modules/permown.nix> ];
-
-  krebs.permown.${cdnRoot} = {
-    owner = config.users.users.me.name;
-    group = "users";
-    umask = "0002";
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts.default = {
-      root = cdnRoot;
-      listen = [{
-        addr = "0.0.0.0";
-        port = 3333;
-      }];
-    };
-  };
-
-  environment.shellAliases = {
-    engiadina-watch = "${pkgs.findutils}/bin/find extra-src src | ${pkgs.entr}/bin/entr -s 'build-component && ${pkgs.rsync}/bin/rsync -avu dist/*.js ${cdnRoot}/'";
-    engiadina-edit = "$EDITOR ${cdnRoot}/index.html";
-  };
-}
--- a/configs/hledger.nix
+++ b/configs/hledger.nix
@@ -1,5 +1,5 @@
 { config, pkgs, ... }: {
-  imports = [ <niveum/modules/hledger.nix> ];
+  imports = [ ../modules/hledger.nix ];

  niveum.hledger = {
    enable = true;
--- a/configs/networkmanager.nix
+++ b/configs/networkmanager.nix
@@ -39,7 +39,7 @@ let
  };
 in
 {
-  imports = [ <niveum/modules/networkmanager-declarative.nix> ];
+  imports = [ ../modules/networkmanager-declarative.nix ];

  networking.networkmanager = {
    enable = true;
--- a/configs/power-action.nix
+++ b/configs/power-action.nix
@@ -3,8 +3,6 @@ let
  suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend";
 in
 {
-  imports = [ <stockholm/krebs/3modules/power-action.nix> ];
-
  krebs.power-action = {
    enable = true;
    plans.suspend = {
--- a/configs/retiolum.nix
+++ b/configs/retiolum.nix
@@ -1,6 +1,6 @@
 { config, pkgs, ... }: {
  imports = [
-    <niveum/modules/retiolum.nix>
+    ../modules/retiolum.nix
  ];

  networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; };
--- a/configs/traadfri.nix
+++ b/configs/traadfri.nix
@@ -4,7 +4,7 @@ let
  living-room-id = 131090;
 in
 {
-  imports = [ <niveum/modules/traadfri.nix> ];
+  imports = [ ../modules/traadfri.nix ];

  environment.systemPackages = [
    (pkgs.writers.writeDashBin "traadfri-party" ''
--- a/configs/wallpaper.nix
+++ b/configs/wallpaper.nix
@@ -1,7 +1,5 @@
 { pkgs, lib, ... }:
 {
-  imports = [ <stockholm/krebs/3modules/fetchWallpaper.nix> ];
-
  krebs.fetchWallpaper = {
    enable = true;
    url = "http://prism.r/realwallpaper-krebs-stars-berlin.png";
--- a/deploy.nix
+++ b/deploy.nix
@@ -1,68 +1,38 @@
 let
  inherit (import ./lib/default.nix) sshPort;

-  gitFromJson = path:
-    let object = importJson path;
-    in {
-      inherit (object) url;
-      ref = object.rev;
-    };
-  krops = builtins.fetchGit (gitFromJson .versions/krops.json);
+  krops = builtins.fetchGit { url = "https://cgit.krebsco.de/krops/"; };
  lib = import "${krops}/lib";
  pkgs = import "${krops}/pkgs" { };
-  importJson = (import <nixpkgs> { }).lib.importJSON;

-  regularSystem = { path, name, address }: {
-    source = lib.evalSource [{
-      niveum.file = toString ./.;
-      system.file = toString path;
-      nixos-config.symlink = "system/configuration.nix";
+  source = name: lib.evalSource [{
+    niveum.file = toString ./.;
+    system-secrets.pass = {
+      dir = toString ~/.password-store;
+      name = "systems/${name}";
+    };
+    secrets.pass = {
+      dir = toString ~/.password-store;
+      name = "shared";
+    };
+  }];

-      nixpkgs.git = gitFromJson .versions/nixpkgs.json // { shallow = true; };
-      nixpkgs-unstable.git = gitFromJson .versions/nixpkgs-unstable.json // { shallow = true; };
-      home-manager.git = gitFromJson .versions/home-manager.json;
-      stockholm.git = gitFromJson .versions/stockholm.json;
-      nix-writers.git = gitFromJson .versions/nix-writers.json;
-      retiolum.git = gitFromJson .versions/retiolum.json;
-      nixpkgs-mozilla.git = gitFromJson .versions/nixpkgs-mozilla.json;
-      system-secrets.pass = {
-        dir = toString ~/.password-store;
-        name = "systems/${name}";
-      };
-      secrets.pass = {
-        dir = toString ~/.password-store;
-        name = "shared";
-      };
-    }];
-    target = "root@${address}:${toString sshPort}";
+  command = targetPath: ''
+    nix-shell -p git --run '
+      nixos-rebuild switch -v --show-trace --flake ${targetPath}/niveum || \
+        nixos-rebuild switch -v --flake ${targetPath}/niveum
+    '
+  '';
+
+  createHost = name: target: pkgs.krops.writeCommand "deploy-${name}" {
+    source = source name;
+    inherit command target;
  };
-  inherit (pkgs.krops) writeDeploy;
-in {
-  zaatar = writeDeploy "deploy-zaatar" (regularSystem {
-    path = systems/zaatar;
-    name = "zaatar";
-    address = "zaatar.r";
-  });
-  kabsa = writeDeploy "deploy-kabsa" (regularSystem {
-    path = systems/kabsa;
-    name = "kabsa";
-    address = "kabsa.r";
-  });
-  toum = writeDeploy "deploy-toum" (regularSystem {
-    path = systems/toum;
-    name = "toum";
-    address = "toum.r";
-  }) // {
-    buildTarget = "${builtins.getEnv "USER"}@localhost/${builtins.getEnv "HOME"}/.cache/krops";
-  };
-  makanek = writeDeploy "deploy-makanek" (regularSystem {
-    path = systems/makanek;
-    name = "makanek";
-    address = "makanek.r";
-  });
-  manakish = writeDeploy "deploy-manakish" (regularSystem {
-    path = systems/manakish;
-    name = "manakish";
-    address = "manakish.r";
-  });
+in rec {
+  zaatar = createHost "zaatar" "root@zaatar.r:${toString sshPort}";
+  kabsa = createHost "kabsa" "root@kabsa.r:${toString sshPort}";
+  makanek = createHost "kabsa" "root@makanek.r:${toString sshPort}";
+  manakish = createHost "kabsa" "root@manakish.r:${toString sshPort}";
+  all = pkgs.writeScript "deploy-all"
+    (lib.concatStringsSep "\n" [ zaatar kabsa makanek manakish ]);
 }
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,150 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1639871969,
+        "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "697cc8c68ed6a606296efbbe9614c32537078756",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-21.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "krops": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1637419569,
+        "narHash": "sha256-0hxKZQIoByRDoPsfQq5qzFJioyWRX/fbpvMO2EYQ9lc=",
+        "ref": "master",
+        "rev": "13ae434b140035e7e2664bd5a8ef4c475413b2e0",
+        "revCount": 115,
+        "type": "git",
+        "url": "https://cgit.krebsco.de/krops"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.krebsco.de/krops"
+      }
+    },
+    "nix-writers": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1554228333,
+        "narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=",
+        "ref": "master",
+        "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
+        "revCount": 32,
+        "type": "git",
+        "url": "https://cgit.krebsco.de/nix-writers"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.krebsco.de/nix-writers"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1640759603,
+        "narHash": "sha256-k4d7oC6GvDV1OKxG325JUDpKtZcDUPEiddnJMOQQ/x8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "e101dc111ac1e5a21efca7822417acc1cb92013a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-mozilla": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1638887313,
+        "narHash": "sha256-FMYV6rVtvSIfthgC1sK1xugh3y7muoQcvduMdriz4ag=",
+        "owner": "mozilla",
+        "repo": "nixpkgs-mozilla",
+        "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mozilla",
+        "repo": "nixpkgs-mozilla",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1640725200,
+        "narHash": "sha256-yR8clhRTt1OBFojyBaNnNgD+om51nhuJ1OLqWqdY2Ow=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "eaeea6e9337b93d2acb7c2aa27e3f4617408375a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "retiolum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640724425,
+        "narHash": "sha256-eGzvF96ZnrKqvQ7wnpa9OYsfBxUMV0Jdh3QGdZhbSek=",
+        "owner": "krebs",
+        "repo": "retiolum",
+        "rev": "5a32ea07d6ca5668ea06f14dffe94fb46d42c674",
+        "type": "github"
+      },
+      "original": {
+        "owner": "krebs",
+        "repo": "retiolum",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "krops": "krops",
+        "nix-writers": "nix-writers",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-mozilla": "nixpkgs-mozilla",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "retiolum": "retiolum",
+        "stockholm": "stockholm"
+      }
+    },
+    "stockholm": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640726454,
+        "narHash": "sha256-twePnoB0NRhSM4zJOrUI/Zxzwx/u52ey6zA4YYGEvOc=",
+        "ref": "master",
+        "rev": "2a47990f16935d909930c9dd1ed6f8f2982df638",
+        "revCount": 10218,
+        "type": "git",
+        "url": "https://cgit.lassul.us/stockholm"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.lassul.us/stockholm"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,79 @@
+# imported from https://github.com/pinpox/nixos/blob/bdc0d47111d57cd19512c83538a01f9f9a3fc847/flake.nix
+# ref https://www.youtube.com/watch?v=mJbQ--iBc1U
+{
+  description = "niveum systems";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/release-21.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs";
+    home-manager = {
+      url = "github:nix-community/home-manager/release-21.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    # flake-utils.url = "github:numtide/flake-utils";
+    # flake-compat = {
+    #   url = "github:edolstra/flake-compat";
+    #   flake = false;
+    # };
+    stockholm = {
+      url = "git+https://cgit.lassul.us/stockholm";
+      flake = false;
+    };
+    nix-writers = {
+      url = "git+https://cgit.krebsco.de/nix-writers";
+      flake = false;
+    };
+    krops = {
+      url = "git+https://cgit.krebsco.de/krops";
+      flake = false;
+    };
+    retiolum = {
+      url = "github:krebs/retiolum";
+      flake = false;
+    };
+    nixpkgs-mozilla = {
+      url = "github:mozilla/nixpkgs-mozilla";
+      flake = false;
+    };
+  };
+
+  outputs = { self, nixpkgs, nix-writers, home-manager, stockholm, ... }@inputs:
+  let
+    nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
+
+    defaultModules = [
+      { _module.args.inputs = inputs; }
+      {
+        imports = [
+          home-manager.nixosModules.home-manager
+          "${stockholm}/krebs/3modules/power-action.nix"
+          "${stockholm}/krebs/3modules/fetchWallpaper.nix"
+          ({ pkgs, ... }: {
+            nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
+            nixpkgs.overlays = [
+              (import "${nix-writers}/pkgs")
+              (import "${stockholm}/krebs/5pkgs")
+            ];
+          })
+          ({ pkgs, ... }: { # https://github.com/Mic92/dotfiles/blob/50826e8f247909557975f4f193ecbb4162b07310/nixos/modules/upgrade-diff.nix
+            system.activationScripts.diff = ''
+              ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
+             '';
+          })
+        ];
+
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+      }
+    ];
+  in {
+    nixosConfigurations = {
+      kabsa = nixosSystem {
+        system = "x86_64-linux";
+        modules = defaultModules ++ [
+          systems/kabsa/configuration.nix
+        ];
+      };
+    };
+  };
+}
--- a/modules/dropbox.nix
+++ b/modules/dropbox.nix
@@ -1,29 +0,0 @@
-{ pkgs, lib, config, ... }:
-with lib;
-let cfg = config.niveum.dropbox;
-in {
-  options.niveum.dropbox = { enable = mkEnableOption "Dropbox"; };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.dropbox-cli ];
-
-    networking.firewall = {
-      allowedTCPPorts = [ 17500 ];
-      allowedUDPPorts = [ 17500 ];
-    };
-
-    systemd.user.services.dropbox = {
-      description = "Dropbox synchronisation service";
-      wantedBy = [ "graphical-session.target" ];
-      serviceConfig = {
-        ExecStart = "${pkgs.dropbox.out}/bin/dropbox";
-        ExecReload = "${pkgs.coreutils.out}/bin/kill -HUP $MAINPID";
-        KillMode = "control-group"; # upstream recommends process
-        Restart = "on-failure";
-        PrivateTmp = true;
-        ProtectSystem = "full";
-        Nice = 10;
-      };
-    };
-  };
-}
--- a/overlays/overlays.nix
+++ b/overlays/overlays.nix
@@ -1,6 +0,0 @@
-self: super:
-with super.lib;
-let
-  eval = import <nixpkgs/nixos/lib/eval-config.nix>;
-  paths = (eval {modules = [(import <nixos-config>)];}).config.nixpkgs.overlays;
-in foldl' (flip extends) (_: super) paths self
--- a/packages/scripts/default.nix
+++ b/packages/scripts/default.nix
@@ -168,7 +168,7 @@ in rec {
      | ${pkgs.man}/bin/man --local-file --pager="${pkgs.bat}/bin/bat -p" -
  '';

-  playlist = import ./pls.nix { inherit pkgs; };
+  playlist = import ./pls.nix { inherit pkgs lib; };

  mpv-tv = import ./mpv-tv.nix { inherit pkgs lib; };

--- a/packages/scripts/pls.nix
+++ b/packages/scripts/pls.nix
@@ -1,7 +1,5 @@
-{ pkgs }:
+{ lib, pkgs }:
 let
-  inherit (pkgs) lib;
-
  playlistAPI = "https://radio.lassul.us";

  sendIRC = pkgs.writers.writeDash "send-irc" ''
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -5,9 +5,9 @@ let
 in
 {
  imports = [
-    <niveum/configs/default.nix>
-    <niveum/configs/battery.nix>
-    <niveum/configs/networkmanager.nix>
+    ../../configs/default.nix
+    ../../configs/battery.nix
+    ../../configs/networkmanager.nix
    ./hardware-configuration.nix
    # <stockholm/krebs/2configs/hw/x220.nix>
  ];
--- a/systems/kabsa/hardware-configuration.nix
+++ b/systems/kabsa/hardware-configuration.nix
@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }: {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+{ config, lib, pkgs, modulesPath, ... }: {
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];

  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -1,7 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
 { config, pkgs, ... }:
 let
  inherit (import <niveum/lib>) retiolumAddresses;
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -5,21 +5,21 @@ in
 {
  imports = [
    ./hardware-configuration.nix
-    <home-manager/nixos>
-    <niveum/configs/wpa_supplicant.nix>
-    <niveum/configs/keyboard.nix>
-    <niveum/modules/retiolum.nix>
-    <niveum/configs/spacetime.nix>
-    <niveum/configs/nix.nix>
-    <niveum/configs/tuna.nix>
-    <niveum/configs/sshd.nix>
-    <niveum/configs/version.nix>
-    <niveum/configs/gaslight.nix>
-    <niveum/configs/printing.nix>
-    <niveum/configs/traadfri.nix>
-    <niveum/configs/bvg.nix>
-    <niveum/configs/moodle-dl/meinhark.nix>
-    <niveum/configs/monitoring/push.nix>
+    "${self.inputs.home-manager}/nixos"
+    ../configs/wpa_supplicant.nix
+    ../configs/keyboard.nix
+    ../modules/retiolum.nix
+    ../configs/spacetime.nix
+    ../configs/nix.nix
+    ../configs/tuna.nix
+    ../configs/sshd.nix
+    ../configs/version.nix
+    ../configs/gaslight.nix
+    ../configs/printing.nix
+    ../configs/traadfri.nix
+    ../configs/bvg.nix
+    ../configs/moodle-dl/meinhark.nix
+    ../configs/monitoring/push.nix
    {
      nixpkgs.config.allowUnfree = true;
    }
@@ -40,7 +40,7 @@ in
    {
      environment.systemPackages =
      let
-        worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
+        worldradio = pkgs.callPackage ../packages/worldradio.nix {};
      in [
        (pkgs.writers.writeDashBin "mpv" ''
          ${pkgs.mpv}/bin/mpv --no-video "$@"
--- a/systems/zaatar/hardware-configuration.nix
+++ b/systems/zaatar/hardware-configuration.nix
@@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }: {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+{ modulesPath, config, lib, pkgs, ... }: {
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];

  boot.initrd.availableKernelModules =
    [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];