Refactor overlays

2023-02-11 15:14:51 +01:00 · 2023-02-11 15:14:51 +01:00 · 6e60f26cf7
parent 28d4016f88
commit 6e60f26cf7
22 changed files with 147 additions and 138 deletions
--- a/flake.lock
+++ b/flake.lock
@ -425,9 +425,6 @@
        "nixos-mailserver": "nixos-mailserver",
        "nixos-stable": "nixos-stable",
        "nixos-unstable": "nixos-unstable",
-        "nixpkgs": [
-          "nixos-unstable"
-        ],
        "pre-commit-hooks": "pre-commit-hooks",
        "secrets": "secrets"
      }
--- a/flake.nix
+++ b/flake.nix
@ -36,7 +36,6 @@
      url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git";
    };
    nixos-stable.url = "nixpkgs/nixos-22.11";
-    nixpkgs.follows = "nixos-unstable";
    flake-parts.inputs.nixpkgs-lib.follows = "nixos-unstable";
    home-manager = {
      url = "home-manager/release-22.11";
@ -58,21 +57,26 @@
    };
  };

-  outputs = inputs @ {nixos-hardware, ...}:
+  outputs = inputs @ {
+    nixos-hardware,
+    self,
+    ...
+  }:
    inputs.flake-parts.lib.mkFlake {inherit inputs;} {
      imports = [
        inputs.pre-commit-hooks.flakeModule
        ./nixos/flake-parts.nix
        ./home-manager/flake-parts.nix
        ./packages/flake-parts.nix
+        ./overlays/flake-parts.nix
      ];
      systems = ["x86_64-linux"];
      perSystem = {
        self',
        inputs',
-        pkgs,
        config,
        lib,
+        pkgs,
        ...
      }: {
        devShells = {
@ -81,14 +85,14 @@
          };
        };
        checks = {
-          system-checks = pkgs.runCommand "system-checks" {} ''
-            mkdir -p $out
-            ${lib.concatMapStringsSep "\n" (x: x) (lib.mapAttrsToList (name: x: "ln -s ${x.config.system.build.toplevel} $out/${name}-system") inputs.self.nixosConfigurations)}
-            ${lib.concatMapStringsSep "\n" (x: x) (lib.mapAttrsToList (name: x: "ln -s ${x} $out/${name}-home") inputs.self.homeModes)}
-          '';
+          system-checks = pkgs.recursiveLinkFarm "all-configs" {
+            nixos-configurations = lib.mapAttrs (_: config: config.config.system.build.toplevel) self.nixosConfigurations;
+            home-manager-configurations = self.homeModes;
+          };
        };

        pre-commit = {
+          pkgs = inputs'.nixos-unstable.legacyPackages;
          check.enable = true;
          settings = {
            settings.ormolu.defaultExtensions = [
--- a/home-manager/flake-parts.nix
+++ b/home-manager/flake-parts.nix
@ -4,8 +4,11 @@
  inputs,
  ...
 }: {
-  flake = withSystem "x86_64-linux" ({inputs', ...}: let
-    pkgs = inputs'.nixos-stable.legacyPackages;
+  flake = withSystem "x86_64-linux" ({
+    self',
+    pkgs,
+    ...
+  }: let
    flattenAttrs = attrs:
      lib.listToAttrs (lib.flatten (lib.mapAttrsToList
        (
@ -22,14 +25,14 @@
      inherit pkgs;
      modules = [
        config
-        inputs.self.nixosModules.insertOverlays
        inputs.emanote.homeManagerModule
      ];
    });
    buildModesForHost = host: modes:
-      pkgs.runCommandLocal "${host}-modes" {} ''
-        mkdir $out
-        ${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config: "ln -s ${(buildHomeManager config).activationPackage} $out/${mode}") modes)}'';
+      pkgs.recursiveLinkFarm "${host}-modes"
+      (lib.mapAttrs
+        (_: config: (buildHomeManager config).activationPackage)
+        modes);
  in {
    homeConfigurations = lib.mapAttrs (_: buildHomeManager) (flattenAttrs machines);
    homeModes = lib.mapAttrs buildModesForHost machines;
--- a/home-manager/roles/gnome.nix
+++ b/home-manager/roles/gnome.nix
@ -55,6 +55,7 @@ in {
      move-to-monitor-up = [];
      move-to-workspace-left = [];
      move-to-workspace-right = [];
+      toggle-fullscreen = ["<Super>f"];
    };

    "org/gnome/mutter/keybindings" = {
--- a/home-manager/roles/mpd.nix
+++ b/home-manager/roles/mpd.nix
@ -8,7 +8,7 @@
  playlist_dir = "${audio_dir}/playlists";
 in {
  home.file."media/audio/playlists" = {
-    source = pkgs.setToDirectories (lib.mapAttrs' (name: content: lib.nameValuePair "${name}.m3u" (builtins.toFile "${name}.m3u" content)) {
+    source = pkgs.recursiveLinkFarm "mpd-playlists" (lib.mapAttrs' (name: content: lib.nameValuePair "${name}.m3u" (builtins.toFile "${name}.m3u" content)) {
      "radio-swiss-classic" = "https://stream.srg-ssr.ch/m/rsc_de/aacp_96";
      "radio-swiss-jazz" = "https://stream.srg-ssr.ch/m/rsj/aacp_96";
      "br-klassik" = "http://dispatcher.rndfnk.com/br/brklassik/live/mp3/high";
--- a/home-manager/roles/taskwarrior.nix
+++ b/home-manager/roles/taskwarrior.nix
@ -1,7 +1,6 @@
 {
  pkgs,
  config,
-  flake-inputs,
  ...
 }: let
  fix-tasks = pkgs.writeShellScriptBin "fix-tasks" ''
@ -76,10 +75,10 @@ in {
    dataLocation = "${config.home.homeDirectory}/.task";
    config = {
      taskd = {
-        certificate = "${flake-inputs.secrets}/taskwarrior/public.cert";
+        certificate = "${pkgs.flake-inputs.secrets}/taskwarrior/public.cert";
        credentials = pkgs.privateValue "" "taskwarrior/credentials";
-        ca = "${flake-inputs.secrets}/taskwarrior/ca.cert";
-        key = "${flake-inputs.secrets}/taskwarrior/private.key";
+        ca = "${pkgs.flake-inputs.secrets}/taskwarrior/ca.cert";
+        key = "${pkgs.flake-inputs.secrets}/taskwarrior/private.key";
        server = "hera.m-0.eu:53589";
      };
    };
--- a/nixos/flake-parts.nix
+++ b/nixos/flake-parts.nix
@ -4,72 +4,46 @@
  inputs,
  ...
 }: {
-  flake = withSystem "x86_64-linux" ({
-    inputs',
-    system,
-    ...
-  }: let
-    networkingModule = name: "${inputs.nixos-unstable}/nixos/modules/services/networking/${name}.nix";
-    modules = [
-      # nftables using module not available in 22.11.
-      (networkingModule "firewall-iptables")
-      (networkingModule "firewall-nftables")
-      (networkingModule "firewall")
-      (networkingModule "nat-iptables")
-      (networkingModule "nat-nftables")
-      (networkingModule "nat")
-      (networkingModule "nftables")
-      (_: {
-        disabledModules = [
-          "services/networking/firewall.nix"
-          "services/networking/nftables.nix"
-          "services/networking/nat.nix"
-          "services/networking/redsocks.nix"
-          "services/networking/miniupnpd.nix"
-          "services/audio/roon-server.nix"
-          "services/audio/roon-bridge.nix"
-        ];
-      })
-    ];
-    makeSystem = name:
-      inputs'.nixos-stable.legacyPackages.nixos {
-        imports =
-          [
+  flake = {
+    nixosConfigurations = withSystem "x86_64-linux" ({
+      system,
+      self',
+      pkgs,
+      ...
+    }: let
+      machines = builtins.attrNames (builtins.readDir ./machines);
+      makeSystem = name:
+        pkgs.nixos {
+          imports = [
            (import (./. + "/machines/${name}/configuration.nix") inputs)
            inputs.secrets.nixosModules.default
-            inputs.self.nixosModules.insertOverlays
-          ]
-          ++ modules;
-      };
-  in {
-    nixosModules.insertOverlays = _: {
-      _module.args = {
-        flake-inputs = inputs // {inherit modules;};
-        flake-inputs' = inputs';
-      };
-      nixpkgs.overlays =
-        [
-          (_: _:
-            {
-              nix-output-monitor = inputs'.nix-output-monitor.packages.default;
-              unstable = inputs'.nixos-unstable.legacyPackages;
-              unfree = import inputs.nixos-stable {
-                inherit system;
-                config = {
-                  allowUnfree = true;
-                  android_sdk.accept_license = true;
-                };
-              };
-              unstableUnfree = import inputs.nixos-unstable {
-                config.allowUnfree = true;
-                inherit system;
-              };
-            }
-            // inputs.secrets.private)
-          inputs.self.overlays.addMyHaskellPackages
-        ]
-        ++ import ../overlays {inherit lib;};
+            inputs.self.nixosModules.unstableNFTables
+          ];
+        };
+    in
+      lib.genAttrs machines makeSystem);
+    nixosModules.unstableNFTables = _: {
+      disabledModules = [
+        "services/networking/firewall.nix"
+        "services/networking/nftables.nix"
+        "services/networking/nat.nix"
+        "services/networking/redsocks.nix"
+        "services/networking/miniupnpd.nix"
+        "services/audio/roon-server.nix"
+        "services/audio/roon-bridge.nix"
+      ];
+      imports = let
+        networkingModule = name: "${inputs.nixos-unstable}/nixos/modules/services/networking/${name}.nix";
+      in [
+        # nftables using module not available in 22.11.
+        (networkingModule "firewall-iptables")
+        (networkingModule "firewall-nftables")
+        (networkingModule "firewall")
+        (networkingModule "nat-iptables")
+        (networkingModule "nat-nftables")
+        (networkingModule "nat")
+        (networkingModule "nftables")
+      ];
    };
-    nixosConfigurations = lib.genAttrs (builtins.attrNames (builtins.readDir ./machines)) makeSystem;
-  });
+  };
 }
--- a/nixos/machines/hera/cloud.nix
+++ b/nixos/machines/hera/cloud.nix
@ -2,7 +2,6 @@
  pkgs,
  config,
  lib,
-  flake-inputs,
  ...
 }: let
  adminCreds =
@ -77,13 +76,12 @@
    autoStart = true;
    privateNetwork = true;
    hostBridge = "bridge";
-    config = {pkgs, ...}: {
-      imports =
-        [
-          ../../roles
-          flake-inputs.self.nixosModules.insertOverlays
-        ]
-        ++ flake-inputs.modules;
+    config = _: {
+      imports = [
+        ../../roles
+        pkgs.flake-inputs.self.nixosModules.unstableNFTables
+      ];
+      nixpkgs = {inherit pkgs;};

      networking = {
        interfaces.eth0 = {
--- a/nixos/roles/git.nix
+++ b/nixos/roles/git.nix
@ -2,7 +2,6 @@
  config,
  pkgs,
  lib,
-  flake-inputs,
  ...
 }: let
  gitoliteCfg = config.services.gitolite;
@ -110,7 +109,7 @@ in {
    cd $dir
    git clone git@localhost:gitolite-admin
    cd gitolite-admin
-    cp -r ${flake-inputs.secrets}/gitolite/* .
+    cp -r ${pkgs.flake-inputs.secrets}/gitolite/* .
    if [[ "$(git status --porcelain)" != "" ]]; then
      git "config" "user.email" "git@hera.m-0.eu"
      git "config" "user.name" "git user"
--- a/nixos/roles/home-assistant/hexa-cards.nix
+++ b/nixos/roles/home-assistant/hexa-cards.nix
@ -1,9 +1,5 @@
-{
-  pkgs,
-  flake-inputs,
-  ...
-}: let
-  nur = flake-inputs.hexa-nur-packages.packages.x86_64-linux;
+{pkgs, ...}: let
+  nur = pkgs.flake-inputs'.hexa-nur-packages.packages;

  mkLovelaceModule = name: {
    url = "custom/${name}.js?${nur.hassLovelaceModules."${name}".version}";
--- a/nixos/roles/laminar/default.nix
+++ b/nixos/roles/laminar/default.nix
@ -70,7 +70,7 @@ in {
        LimitNOFILE = "1024000";
      };
      after = ["network.target"];
-      preStart = "ln -sfT ${pkgs.setToDirectories (addTimeouts cfg.cfgFiles)} ${cfgDir}";
+      preStart = "ln -sfT ${pkgs.recursiveLinkFarm "laminar-config-dir" (addTimeouts cfg.cfgFiles)} ${cfgDir}";
    };
    services = {
      nginx = {
--- a/nixos/roles/mailman.nix
+++ b/nixos/roles/mailman.nix
@ -38,7 +38,7 @@ in {
        "paths.fhs".template_dir =
          lib.mkForce
          (
-            pkgs.setToDirectories {
+            pkgs.recursiveLinkFarm "mailman-templates" {
              site.de = {
                "list:user:notice:goodbye.txt" = builtins.toFile "goodbye" ''
                  Du erhältst nun keine E-Mails mehr über diese Mailingliste.
--- a/overlays/20-unfree.nix
+++ b/overlays/20-unfree.nix
@ -1,4 +0,0 @@
-self: super: {
-  inherit (super.unfree) discord zoom-us minecraft teamviewer steam androidsdk_9_0;
-  inherit (super.unstableUnfree) minecraft-server;
-}
--- a/overlays/30-ghc/default.nix
+++ b/overlays/30-ghc/default.nix
@ -1,7 +0,0 @@
-final: prev: let
-  myPkgs = import ./packages.nix;
-in {
-  myHaskellPackages = myPkgs.makeHaskellPackages prev.unstableHaskellPackages;
-  myHaskellScriptPackages = myPkgs.makeHaskellScriptPackages prev.haskellPackages;
-  ghcWithPackages = prev.unstableGhc.withHoogle (p: builtins.attrValues (myPkgs.makeHaskellPackages p));
-}
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -1,12 +0,0 @@
-{lib}: let
-  overlayPath = ./.;
-  candidates = lib.attrNames (builtins.readDir overlayPath);
-  pathToOverlay = n: overlayPath + ("/" + n);
-  isNixFile = n: builtins.match ".*\\.nix" n != null;
-  isNixDir = n: builtins.pathExists (pathToOverlay n + "/default.nix");
-  notDefault = n: n != "default.nix";
-  isOverlay = n: (isNixDir n || isNixFile n) && notDefault n;
-  overlays = builtins.filter isOverlay candidates;
-  importOverlay = n: import (pathToOverlay n);
-in
-  map importOverlay overlays
--- a/overlays/file-tree.nix
+++ b/overlays/file-tree.nix
@ -1,18 +1,20 @@
-_: prev: let
-  inherit (prev) lib;
+final: _: let
+  inherit (final) lib;
  linkToPath = path: fileOrDir: (
-    if prev.lib.types.path.check fileOrDir
-    then ["ln -sT ${fileOrDir} ${path}"]
+    if final.lib.types.path.check fileOrDir
+    then [
+      {
+        name = lib.concatStringsSep "/" path;
+        path = fileOrDir;
+      }
+    ]
    else
-      ["mkdir -p ${path}"]
-      ++ lib.concatLists (
+      lib.concatLists (
        lib.mapAttrsToList
-        (dirName: linkToPath "${path}/${dirName}")
+        (dirName: linkToPath (path ++ [dirName]))
        fileOrDir
      )
  );
 in {
-  setToDirectories = files:
-    prev.runCommand "set-to-directories" {}
-    (lib.concatStringsSep "\n" (linkToPath "$out" files));
+  recursiveLinkFarm = name: files: final.linkFarm name (linkToPath [] files);
 }
--- a/overlays/flake-parts.nix
+++ b/overlays/flake-parts.nix
@ -0,0 +1,33 @@
+{
+  lib,
+  inputs,
+  ...
+}: {
+  perSystem = {
+    inputs',
+    system,
+    ...
+  }: {
+    _module.args.pkgs = inputs'.nixos-stable.legacyPackages.appendOverlays (
+      [
+        (_: _: {
+          flake-inputs = inputs;
+          flake-inputs' = inputs';
+        })
+        inputs.self.overlays.addMyHaskellPackages
+      ]
+      ++ (let
+        overlayPath = ./.;
+        candidates = lib.attrNames (builtins.readDir overlayPath);
+        pathToOverlay = n: overlayPath + ("/" + n);
+        isNixFile = n: builtins.match ".*\\.nix" n != null;
+        isNixDir = n: builtins.pathExists (pathToOverlay n + "/default.nix");
+        notDefault = n: n != "flake-parts.nix";
+        isOverlay = n: (isNixDir n || isNixFile n) && notDefault n;
+        overlays = builtins.filter isOverlay candidates;
+        importOverlay = n: import (pathToOverlay n);
+      in
+        map importOverlay overlays)
+    );
+  };
+}
--- a/overlays/ghc/default.nix
+++ b/overlays/ghc/default.nix
@ -0,0 +1,7 @@
+final: _: let
+  myPkgs = import ./packages.nix;
+in {
+  myHaskellPackages = myPkgs.makeHaskellPackages final.unstableHaskellPackages;
+  myHaskellScriptPackages = myPkgs.makeHaskellScriptPackages final.haskellPackages;
+  ghcWithPackages = final.unstableGhc.withHoogle (p: builtins.attrValues (myPkgs.makeHaskellPackages p));
+}
--- a/overlays/30-ghc/packages.nix
+++ b/overlays/30-ghc/packages.nix
--- a/overlays/10-previews.nix
+++ b/overlays/10-previews.nix
@ -1,4 +1,6 @@
 self: super: {
+  nix-output-monitor = self.flake-inputs'.nix-output-monitor.packages.default;
+  unstable = self.flake-inputs'.nixos-unstable.legacyPackages;
  unstableHaskellPackages = self.unstable.haskellPackages;
  unstableGhc = self.unstable.ghc;
  inherit
--- a/overlays/private.nix
+++ b/overlays/private.nix
@ -0,0 +1 @@
+_: prev: prev.flake-inputs.secrets.private
--- a/overlays/unfree.nix
+++ b/overlays/unfree.nix
@ -0,0 +1,16 @@
+self: super: let
+  unfree = import self.flake-inputs.nixos-stable {
+    inherit (self) system;
+    config = {
+      allowUnfree = true;
+      android_sdk.accept_license = true;
+    };
+  };
+  unstableUnfree = import self.flake-inputs.nixos-unstable {
+    config.allowUnfree = true;
+    inherit (self) system;
+  };
+in {
+  inherit (unfree) discord zoom-us minecraft teamviewer steam androidsdk_9_0;
+  inherit (unstableUnfree) minecraft-server;
+}