From 8f1baa9f120da70aafd16a74f591f090e888b8e0 Mon Sep 17 00:00:00 2001 From: maralorn Date: Fri, 3 Feb 2023 06:37:18 +0100 Subject: [PATCH] Flakify home-manager --- channels.nix | 12 --- flake.lock | 45 ++++++++--- flake.nix | 43 +++++------ home-manager/machines.nix | 1 - home-manager/modes.nix | 36 +++++++++ home-manager/roles/default.nix | 1 - home-manager/roles/kassandra.nix | 7 +- home-manager/roles/mail-sort.nix | 2 +- home-manager/roles/mail.nix | 2 +- home-manager/roles/mode-switching.nix | 12 +-- home-manager/roles/taskwarrior.nix | 7 +- home.nix | 14 ---- nixos/configurations.nix | 104 ++++++++++++++++++-------- nixos/machines/hera/cloud.nix | 2 +- nixos/roles/default.nix | 33 +------- overlays/20-unfree.nix | 14 +--- overlays/packages.nix | 6 -- overlays/writeHaskellScript.nix | 3 - packages/default.nix | 28 ++++++- 19 files changed, 199 insertions(+), 173 deletions(-) delete mode 100644 channels.nix create mode 100644 home-manager/modes.nix delete mode 100644 home.nix delete mode 100644 overlays/packages.nix diff --git a/channels.nix b/channels.nix deleted file mode 100644 index a0b1b1a7..00000000 --- a/channels.nix +++ /dev/null @@ -1,12 +0,0 @@ -let - nixos-stable = { - nixpkgs-channel = "nixos-stable"; - home-manager-channel = "home-manager-stable"; - }; -in rec { - hera = nixos-stable; - apollo = nixos-stable; - zeus = nixos-stable; - fluffy = nixos-stable; - chor-cloud = hera; -} diff --git a/flake.lock b/flake.lock index cd0ebff1..77261895 100644 --- a/flake.lock +++ b/flake.lock @@ -136,6 +136,30 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixos-unstable" + ], + "utils": [ + "pre-commit-hooks-nix", + "flake-utils" + ] + }, + "locked": { + "lastModified": 1674440933, + "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "65c47ced082e3353113614f77b1bc18822dc731f", + "type": "github" + }, + "original": { + "id": "home-manager", + "ref": "release-22.11", + "type": "indirect" + } + }, "nixos-hardware": { "locked": { "lastModified": 1674550793, @@ -152,34 +176,32 @@ }, "nixos-stable": { "locked": { - "lastModified": 1675154384, - "narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=", - "owner": "nixos", + "lastModified": 1675237434, + "narHash": "sha256-YoFR0vyEa1HXufLNIFgOGhIFMRnY6aZ0IepZF5cYemo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb", + "rev": "285b3ff0660640575186a4086e1f8dc0df2874b5", "type": "github" }, "original": { - "owner": "nixos", + "id": "nixpkgs", "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "nixos-unstable": { "locked": { "lastModified": 1675183161, "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", - "owner": "nixos", + "owner": "NixOS", "repo": "nixpkgs", "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", "type": "github" }, "original": { - "owner": "nixos", + "id": "nixpkgs", "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "pre-commit-hooks-nix": { @@ -212,6 +234,7 @@ "inputs": { "flake-parts": "flake-parts", "hexa-nur-packages": "hexa-nur-packages", + "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixos-stable": "nixos-stable", "nixos-unstable": "nixos-unstable", diff --git a/flake.nix b/flake.nix index 96c0095d..0b987beb 100644 --- a/flake.nix +++ b/flake.nix @@ -9,10 +9,17 @@ url = "git+ssh://git@hera.m-0.eu/config-secrets"; inputs.nixpkgs.follows = "nixos-unstable"; }; - nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixos-stable.url = "github:nixos/nixpkgs/nixos-22.11"; + nixos-unstable.url = "nixpkgs/nixos-unstable"; + nixos-stable.url = "nixpkgs/nixos-22.11"; nixpkgs.follows = "nixos-unstable"; flake-parts.inputs.nixpkgs-lib.follows = "nixos-unstable"; + home-manager = { + url = "home-manager/release-22.11"; + inputs = { + utils.follows = "pre-commit-hooks-nix/flake-utils"; + nixpkgs.follows = "nixos-unstable"; + }; + }; hexa-nur-packages = { url = "github:mweinelt/nur-packages"; inputs.nixpkgs.follows = "nixos-unstable"; @@ -26,19 +33,15 @@ }; }; - outputs = inputs @ {nixos-hardware, ...}: let - unstable = inputs.nixos-unstable.legacyPackages.x86_64-linux; - inherit (import ./packages {pkgs = unstable;}) haskellPackagesOverlay selectHaskellPackages; - in + outputs = inputs @ {nixos-hardware, ...}: inputs.flake-parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.pre-commit-hooks-nix.flakeModule + ./nixos/configurations.nix + ./home-manager/modes.nix + ./packages ]; systems = ["x86_64-linux"]; - flake = { - nixosConfigurations = import ./nixos/configurations.nix inputs; - overlays.haskellPackages = haskellPackagesOverlay; - }; perSystem = { self', inputs', @@ -46,31 +49,19 @@ config, lib, ... - }: let - hpkgs = pkgs.haskellPackages.override { - overrides = inputs.self.overlays.haskellPackages; - }; - in { + }: { devShells = { default = pkgs.mkShell { shellHook = config.pre-commit.installationScript; }; - haskell = hpkgs.shellFor { - packages = hpkgs: (builtins.attrValues (selectHaskellPackages hpkgs)); - shellHook = config.pre-commit.installationScript; - buildInputs = [ - hpkgs.haskell-language-server - pkgs.cabal-install - ]; - }; }; checks = { system-checks = pkgs.runCommand "system-checks" {} '' - ${lib.concatMapStringsSep "\n" (x: "# ${x.config.system.build.toplevel}") (builtins.attrValues inputs.self.nixosConfigurations)} - echo success > $out + mkdir -p $out + ${lib.concatMapStringsSep "\n" (x: x) (lib.mapAttrsToList (name: x: "ln -s ${x.config.system.build.toplevel} $out/${name}-system") inputs.self.nixosConfigurations)} + ${lib.concatMapStringsSep "\n" (x: x) (lib.mapAttrsToList (name: x: "ln -s ${x} $out/${name}-home") inputs.self.homeModes)} ''; }; - packages = selectHaskellPackages hpkgs; pre-commit = { check.enable = true; diff --git a/home-manager/machines.nix b/home-manager/machines.nix index 35d473ab..23ab590e 100644 --- a/home-manager/machines.nix +++ b/home-manager/machines.nix @@ -35,7 +35,6 @@ let makeConfig = hostName: imports: _: { imports = imports ++ [./roles/default.nix]; m-0.hostName = hostName; - nixpkgs.overlays = [(_: _: (import ../channels.nix)."${hostName}")]; }; makeAutostart = name: {config, ...}: { config.xdg.configFile."autostart/${name}.desktop".source = "${config.home.path}/share/applications/${name}.desktop"; diff --git a/home-manager/modes.nix b/home-manager/modes.nix new file mode 100644 index 00000000..45d8191b --- /dev/null +++ b/home-manager/modes.nix @@ -0,0 +1,36 @@ +{ + withSystem, + lib, + inputs, + ... +}: { + flake = withSystem "x86_64-linux" ({inputs', ...}: let + pkgs = inputs'.nixos-stable.legacyPackages; + flattenAttrs = attrs: + lib.listToAttrs (lib.flatten (lib.mapAttrsToList + ( + outer_key: + lib.mapAttrsToList + (inner_key: value: { + name = "${outer_key}-${inner_key}"; + inherit value; + }) + ) + attrs)); + machines = import ./machines.nix; + buildHomeManager = config: (inputs.home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ + config + inputs.self.nixosModules.insertOverlays + ]; + }); + buildModesForHost = host: modes: + pkgs.runCommandLocal "${host}-modes" {} '' + mkdir $out + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config: "ln -s ${(buildHomeManager config).activationPackage} $out/${mode}") modes)}''; + in { + homeConfigurations = lib.mapAttrs (_: buildHomeManager) (flattenAttrs machines); + homeModes = lib.mapAttrs buildModesForHost machines; + }); +} diff --git a/home-manager/roles/default.nix b/home-manager/roles/default.nix index 6bd202a1..b1602255 100644 --- a/home-manager/roles/default.nix +++ b/home-manager/roles/default.nix @@ -13,7 +13,6 @@ ./helix.nix ./nvd.nix ]; - nixpkgs.overlays = import ../../overlays {inherit lib;}; news.display = "silent"; diff --git a/home-manager/roles/kassandra.nix b/home-manager/roles/kassandra.nix index ef52e80a..cb89cedc 100644 --- a/home-manager/roles/kassandra.nix +++ b/home-manager/roles/kassandra.nix @@ -24,10 +24,5 @@ ln -s ${standalone}/source.dhall $out/config.dhall ''; in { - xdg.configFile = - if pkgs.withSecrets - then { - kassandra.source = dhallResult.out; - } - else {}; + xdg.configFile.kassandra.source = dhallResult.out; } diff --git a/home-manager/roles/mail-sort.nix b/home-manager/roles/mail-sort.nix index c2b57432..54031c98 100644 --- a/home-manager/roles/mail-sort.nix +++ b/home-manager/roles/mail-sort.nix @@ -117,7 +117,7 @@ in { postExec = "${sortMail}/bin/sort-mail-archive"; preExec = toString mail2task; }; - accounts.email.accounts = lib.mkIf pkgs.withSecrets { + accounts.email.accounts = { hera.imapnotify = { onNotifyPost = toString mail2task; boxes = ["Move/todo"]; diff --git a/home-manager/roles/mail.nix b/home-manager/roles/mail.nix index 5cbacd6a..a30e8dee 100644 --- a/home-manager/roles/mail.nix +++ b/home-manager/roles/mail.nix @@ -64,7 +64,7 @@ in { msmtp.enable = true; mbsync.enable = true; notmuch = { - enable = pkgs.withSecrets; + enable = true; hooks.postInsert = '' ${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)" ${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted" diff --git a/home-manager/roles/mode-switching.nix b/home-manager/roles/mode-switching.nix index b83e4518..a145033c 100644 --- a/home-manager/roles/mode-switching.nix +++ b/home-manager/roles/mode-switching.nix @@ -40,15 +40,9 @@ in { name = "update-modes"; bins = [activateMode pkgs.git pkgs.nix-output-monitor]; } '' - params = ["${configPath}/home-manager/target.nix", "-A", "${hostName}"] - main = do say "Building ~/.modes for ${hostName}" - nixPath <- myNixPath "${configPath}" - setEnv "WITH_SECRETS" "false" - nom_build nixPath (params ++ remoteBuildParams ++ ["--no-out-link"]) - setEnv "WITH_SECRETS" "true" - nom_build nixPath (params ++ ["-o", "${modeDir}"]) + nom ["build", "/home/maralorn/git/config#homeModes.${hostName}", "-o", "${modeDir}"] activate_mode ''; quickUpdateMode = @@ -61,10 +55,10 @@ in { getMode = decodeUtf8 <$> (cat "${modeFile}" |> captureTrim) main = do - nixPath <- myNixPath "${configPath}" mode <- getMode say [i|Quick switching to mode #{mode} ...|] - ignoreFailure (home_manager (nixPath <> ["switch", "-A", [i|${hostName}-#{mode}|]])) &!> StdOut |> nom + path :: Text <- decodeUtf8 <$> (nix ["build", "--print-out-paths", [i|/home/maralorn/git/config\#homeConfigurations.${hostName}-#{mode}.activationPackage|]] |> captureTrim) + exe ([i|#{path}/activate|] :: String) update_modes ''; selectMode = diff --git a/home-manager/roles/taskwarrior.nix b/home-manager/roles/taskwarrior.nix index 0c49a7d3..379becc2 100644 --- a/home-manager/roles/taskwarrior.nix +++ b/home-manager/roles/taskwarrior.nix @@ -1,6 +1,7 @@ { pkgs, config, + flake-inputs, ... }: let fix-tasks = pkgs.writeShellScriptBin "fix-tasks" '' @@ -75,10 +76,10 @@ in { dataLocation = "${config.home.homeDirectory}/.task"; config = { taskd = { - certificate = pkgs.privatePath "taskwarrior/public.cert"; + certificate = "${flake-inputs.secrets}/taskwarrior/public.cert"; credentials = pkgs.privateValue "" "taskwarrior/credentials"; - ca = pkgs.privatePath "taskwarrior/ca.cert"; - key = pkgs.privatePath "taskwarrior/private.key"; + ca = "${flake-inputs.secrets}/taskwarrior/ca.cert"; + key = "${flake-inputs.secrets}/taskwarrior/private.key"; server = "hera.m-0.eu:53589"; }; }; diff --git a/home.nix b/home.nix deleted file mode 100644 index 951bf665..00000000 --- a/home.nix +++ /dev/null @@ -1,14 +0,0 @@ -let - inherit (import (import ./nix/sources.nix).nixos-unstable {}) lib; - modes = import home-manager/machines.nix; -in - lib.listToAttrs (lib.flatten (lib.mapAttrsToList - ( - host: - lib.mapAttrsToList - (mode: config: { - name = "${host}-${mode}"; - value = config; - }) - ) - modes)) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f05ea8d5..371fd9d9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,36 +1,74 @@ -flake-inputs: let - inherit (flake-inputs.nixos-stable) lib; - networkingModule = name: "${flake-inputs.nixos-unstable}/nixos/modules/services/networking/${name}.nix"; - modules = [ - # nftables using module not available in 22.11. - (networkingModule "firewall-iptables") - (networkingModule "firewall-nftables") - (networkingModule "firewall") - (networkingModule "nat-iptables") - (networkingModule "nat-nftables") - (networkingModule "nat") - (networkingModule "nftables") - (_: { - disabledModules = [ - "services/networking/firewall.nix" - "services/networking/nftables.nix" - "services/networking/nat.nix" - "services/networking/redsocks.nix" - "services/networking/miniupnpd.nix" - "services/audio/roon-server.nix" - "services/audio/roon-bridge.nix" - ]; - }) - ]; - makeSystem = name: - lib.nixosSystem { - modules = +{ + withSystem, + lib, + inputs, + ... +}: { + flake = withSystem "x86_64-linux" ({ + inputs', + system, + ... + }: let + networkingModule = name: "${inputs.nixos-unstable}/nixos/modules/services/networking/${name}.nix"; + modules = [ + # nftables using module not available in 22.11. + (networkingModule "firewall-iptables") + (networkingModule "firewall-nftables") + (networkingModule "firewall") + (networkingModule "nat-iptables") + (networkingModule "nat-nftables") + (networkingModule "nat") + (networkingModule "nftables") + (_: { + disabledModules = [ + "services/networking/firewall.nix" + "services/networking/nftables.nix" + "services/networking/nat.nix" + "services/networking/redsocks.nix" + "services/networking/miniupnpd.nix" + "services/audio/roon-server.nix" + "services/audio/roon-bridge.nix" + ]; + }) + ]; + makeSystem = name: + inputs'.nixos-stable.legacyPackages.nixos { + imports = + [ + (import (./. + "/machines/${name}/configuration.nix") inputs) + inputs.secrets.nixosModules.secrets + inputs.self.nixosModules.insertOverlays + ] + ++ modules; + }; + in { + nixosModules.insertOverlays = _: { + _module.args = { + flake-inputs = inputs // {inherit modules;}; + flake-inputs' = inputs'; + }; + nixpkgs.overlays = [ - (import (./. + "/machines/${name}/configuration.nix") flake-inputs) - flake-inputs.secrets.nixosModules.secrets - (_: {config._module.args.flake-inputs = flake-inputs // {inherit modules;};}) + (_: _: + { + unstable = inputs'.nixos-unstable.legacyPackages; + unfree = import inputs.nixos-stable { + inherit system; + config = { + allowUnfree = true; + android_sdk.accept_license = true; + }; + }; + unstableUnfree = import inputs.nixos-unstable { + config.allowUnfree = true; + inherit system; + }; + } + // inputs.secrets.private) + inputs.self.overlays.addMyHaskellPackages ] - ++ modules; + ++ import ../overlays {inherit lib;}; }; -in - lib.genAttrs ["zeus" "apollo" "hera" "fluffy"] makeSystem + nixosConfigurations = lib.genAttrs ["zeus" "apollo" "hera" "fluffy"] makeSystem; + }); +} diff --git a/nixos/machines/hera/cloud.nix b/nixos/machines/hera/cloud.nix index 0d6ae70a..816507b7 100644 --- a/nixos/machines/hera/cloud.nix +++ b/nixos/machines/hera/cloud.nix @@ -78,7 +78,7 @@ privateNetwork = true; hostBridge = "bridge"; config = {pkgs, ...}: { - imports = [(args @ {pkgs, ...}: import ../../roles (args // {inherit flake-inputs;}))] ++ flake-inputs.modules; + imports = [flake-inputs.self.nixosModules.insertOverlays] ++ flake-inputs.modules; networking = { interfaces.eth0 = { diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index 54fdf003..b91dc306 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - flake-inputs, ... }: { imports = [ @@ -15,19 +14,6 @@ supportedLocales = ["en_DK.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"]; }; - # For nixos-rebuild - nixpkgs.overlays = - [ - (_: _: - { - unstable = flake-inputs.nixos-unstable.legacyPackages.x86_64-linux; - nixpkgs-channel = "nixos-stable"; - home-manager-channel = "home-manager-stable"; - } - // flake-inputs.secrets.private) - ] - ++ import ../../overlays {inherit lib;}; - time.timeZone = "Europe/Berlin"; networking = { @@ -65,6 +51,7 @@ systemPackages = builtins.attrValues { inherit (pkgs) + git gnumake mkpasswd file @@ -121,16 +108,6 @@ ; inherit (pkgs.python3Packages) qrcode; }; - etc = - lib.mapAttrs' - (name: value: lib.nameValuePair "nix-path/${name}" {source = value;}) - (lib.filterAttrs (name: value: name != "__functor") pkgs.sources) - // { - "nix-path/nixos".source = pkgs.sources."${pkgs.nixpkgs-channel}"; - "nix-path/nixpkgs".source = pkgs.sources."${pkgs.nixpkgs-channel}"; - "nix-path/home-manager".source = - pkgs.sources."${pkgs.home-manager-channel}"; - }; variables = lib.genAttrs ["CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE"] (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"); @@ -138,18 +115,12 @@ nix = { settings = { - substituters = lib.mkAfter ( - pkgs.privateValue [] "binary-caches" - # ++ ( - # if config.networking.hostName != "hera" then [ "ssh-ng://nix-ssh@hera.m-0.eu?trusted=true&priority=100" ] else [ ] - # ) - ); + substituters = lib.mkAfter (pkgs.privateValue [] "binary-caches"); trusted-public-keys = [ "nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30=" ]; trusted-users = ["maralorn" "laminar"]; }; - nixPath = ["/etc/nix-path"]; buildMachines = pkgs.privateValue [] "remote-builders"; extraOptions = '' experimental-features = nix-command flakes diff --git a/overlays/20-unfree.nix b/overlays/20-unfree.nix index 825e5cce..c7f54b8f 100644 --- a/overlays/20-unfree.nix +++ b/overlays/20-unfree.nix @@ -1,12 +1,4 @@ -self: super: let - unfree = import self.sources."${self.nixpkgs-channel}" { - config = { - allowUnfree = true; - android_sdk.accept_license = true; - }; - }; - unstableUnfree = import self.sources.nixos-unstable {config.allowUnfree = true;}; -in { - inherit (unfree) discord zoom-us minecraft teamviewer steam androidsdk_9_0; - inherit (unstableUnfree) minecraft-server; +self: super: { + inherit (super.unfree) discord zoom-us minecraft teamviewer steam androidsdk_9_0; + inherit (super.unstableUnfree) minecraft-server; } diff --git a/overlays/packages.nix b/overlays/packages.nix deleted file mode 100644 index 73545a86..00000000 --- a/overlays/packages.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: prev: let - inherit (import ../packages {pkgs = prev;}) haskellPackagesOverlay selectHaskellPackages; -in - selectHaskellPackages (prev.unstable.haskellPackages.override { - overrides = haskellPackagesOverlay; - }) diff --git a/overlays/writeHaskellScript.nix b/overlays/writeHaskellScript.nix index efc268e3..ed8d4dcc 100644 --- a/overlays/writeHaskellScript.nix +++ b/overlays/writeHaskellScript.nix @@ -108,9 +108,6 @@ in { tag name str = ["-I", [i|#{name :: Text}=#{str :: Text}|]] :: [String] getNivAssign (name, repo) = tag name <$> getNivPath path repo - myNixPath :: Text -> IO [String] - myNixPath = aNixPath "${pkgs.home-manager-channel}" "${pkgs.nixpkgs-channel}" - buildSystemParams :: [String] buildSystemParams = ["", "-A", "system"] diff --git a/packages/default.nix b/packages/default.nix index 8c75a6b6..8e859591 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -1,5 +1,9 @@ -{pkgs}: let - inherit (pkgs) lib; +{ + lib, + inputs, + ... +}: let + pkgs = inputs.nixos-unstable.legacyPackages.x86_64-linux; inherit (pkgs.haskell.lib.compose) unmarkBroken doJailbreak dontCheck appendPatch; includePatterns = [ ".hs" @@ -58,6 +62,24 @@ source = ./nixpkgs-bot; }; }; + hpkgs = pkgs.haskellPackages.override { + overrides = haskellPackagesOverlay; + }; + packages = selectHaskellPackages hpkgs; in { - inherit selectHaskellPackages haskellPackagesOverlay; + flake.overlays = { + inherit haskellPackagesOverlay; + addMyHaskellPackages = _: _: packages; + }; + perSystem = {config, ...}: { + inherit packages; + devShells.haskell = hpkgs.shellFor { + packages = hpkgs: (builtins.attrValues (selectHaskellPackages hpkgs)); + shellHook = config.pre-commit.installationScript; + buildInputs = [ + hpkgs.haskell-language-server + hpkgs.cabal-install + ]; + }; + }; }