dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2025-12-26 15:04:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into gr-flake-module

Browse source
This commit is contained in:
Sridhar Ratnakumar 2024-06-12 17:04:31 -04:00 committed by GitHub
commit 25be1dd601
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
33 changed files with 635 additions and 597 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/ci.yaml vendored
View file

@ -14,4 +14,4 @@ jobs:
system: [aarch64-linux, aarch64-darwin]
steps:
- uses: actions/checkout@v4
- run: nixci build --systems "github:nix-systems/${{ matrix.system }}"
- run: nixci build --systems "github:nix-systems/${{ matrix.system }}" -- --show-trace

1
.vscode/extensions.json vendored
View file

@ -4,7 +4,6 @@
"b4dm4n.nixpkgs-fmt",
"jnoortheen.nix-ide",
"mattn.lisp",
"thenuprojectcontributors.vscode-nushell-lang",
"mkhl.direnv"
]
}

6
.vscode/settings.json vendored
View file

@ -1,6 +1,8 @@
{
"nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix",
"search.followSymlinks": false,
"editor.defaultFormatter": "B4dM4n.nixpkgs-fmt",
"editor.formatOnSave": true,
"editor.formatOnType": true
"editor.formatOnType": true,
"nix.enableLanguageServer": true,
"nix.serverPath": "nixd"
}

5
clusters/github-runner/README.md
View file

@ -13,6 +13,11 @@ While we could use the `nix-darwin` module for Github Runners, we do it the othe
- The Linux VM's `/etc/ssh/ssh_host_ed25519_key` is used to authorize itself to connect to the Mac.
- The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can.
## Known Issues
- GitHub token must be provided to avoid the "API rate limit exceeded" error (which can happen if you do all this on your laptop and work around the world). See https://github.com/srid/nixos-config/issues/54
- GitHub runner might crash due to out of sync time on the VM. If you are Parallels, you should [sync time from Mac](https://kb.parallels.com/113271).
## Usage
- `/systems/darwin.nix` (macOS config)

6
clusters/github-runner/nixos-module.nix
View file

@ -19,6 +19,7 @@ let
inherit user group tokenFile name;
enable = true;
replace = true;
ephemeral = true;
extraPackages = with pkgs; runner-pkgs ++ [
# Standard nix tools
nixci
@ -39,6 +40,11 @@ in
users.groups.${group} = { };
nix.settings.trusted-users = [ user ];
# No way to do this: https://github.com/NixOS/nix/issues/6536
#nix.extraOptions = ''
# !include /run/keys/nix-conf-gh-token.secret
#'';
# Runners
services.github-runners = mkPersonalRunners "srid" repos.srid;

2
clusters/github-runner/repos.nix
View file

@ -6,5 +6,7 @@
nixos-config.num = 2;
nixos-flake.num = 2 * 5;
perpetuum.num = 2;
emanote.num = 2;
nixci.num = 2;
};
}

476
flake.lock generated
View file

@ -1,12 +1,36 @@
{
"nodes": {
"actualism-app": {
"inputs": {
"cargo-doc-live": "cargo-doc-live",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"process-compose-flake": "process-compose-flake",
"rust-flake": "rust-flake",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1715572711,
"narHash": "sha256-CPZrSwbZBasURURCzoWHb0XCK1dYEmomT8HamOoQ1A8=",
"owner": "srid",
"repo": "actualism-app",
"rev": "62897d3bb3340d0952489195fd8f1f31b12c9c8c",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "actualism-app",
"type": "github"
}
},
"cargo-doc-live": {
"locked": {
"lastModified": 1692743000,
"narHash": "sha256-7lxG/r72hECceIir+Y+N3vM0f7FcudZD5cq+KhZj4MI=",
"lastModified": 1713493311,
"narHash": "sha256-fxbzPNIv0o/Y0OEo0r6iAm4Dft1pX08CKtzBl+RKgrE=",
"owner": "srid",
"repo": "cargo-doc-live",
"rev": "575b9d0733cac0448219d7bc5746ebd594baedb5",
"rev": "b7058f7b4eb131c569a1fcebf966a1149defd7e3",
"type": "github"
},
"original": {
@ -48,45 +72,46 @@
"crane": {
"inputs": {
"nixpkgs": [
"nix-browser",
"actualism-app",
"rust-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701305027,
"narHash": "sha256-/LUYOjcPn5vam8DJjHBpGGKfGMSDp1P1wUW1Ca4h3yQ=",
"lastModified": 1707685877,
"narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=",
"owner": "ipetkov",
"repo": "crane",
"rev": "c53a8c071dc59430bc54b3ad0b58d96252a07ab8",
"rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e",
"type": "github"
}
},
"crane_2": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixci",
"rust-flake",
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
]
},
"locked": {
"lastModified": 1693787605,
"narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=",
"lastModified": 1707685877,
"narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=",
"owner": "ipetkov",
"repo": "crane",
"rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d",
"rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e",
"type": "github"
}
},
@ -115,11 +140,11 @@
]
},
"locked": {
"lastModified": 1711099426,
"narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
@ -128,22 +153,6 @@
"type": "github"
}
},
"dioxus-desktop-template": {
"flake": false,
"locked": {
"lastModified": 1701368080,
"narHash": "sha256-mdfaOnccAl3uudxMIEqCSPr5DIOZjnsMaD0dNsd8Am4=",
"owner": "srid",
"repo": "dioxus-desktop-template",
"rev": "3054d7e74e46c97ee7cee4c42ec025fc284faaf6",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "dioxus-desktop-template",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -167,11 +176,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -215,11 +224,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1698579227,
"narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=",
"lastModified": 1714641030,
"narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f76e870d64779109e41370848074ac4eaa1606ec",
"rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
"type": "github"
},
"original": {
@ -233,11 +242,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
@ -272,11 +281,11 @@
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
@ -285,16 +294,31 @@
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@ -308,11 +332,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1692799911,
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -375,29 +399,60 @@
"type": "github"
}
},
"flake-utils_6": {
"git-hooks": {
"inputs": {
"systems": "systems_8"
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"lastModified": 1716213921,
"narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nixci",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"git-hooks",
"nixpkgs"
]
},
@ -422,11 +477,11 @@
]
},
"locked": {
"lastModified": 1711133180,
"narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=",
"lastModified": 1717052710,
"narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb",
"rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae",
"type": "github"
},
"original": {
@ -443,11 +498,11 @@
]
},
"locked": {
"lastModified": 1711133180,
"narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=",
"lastModified": 1717052710,
"narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb",
"rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae",
"type": "github"
},
"original": {
@ -456,29 +511,18 @@
"type": "github"
}
},
"nix-browser": {
"inputs": {
"cargo-doc-live": "cargo-doc-live",
"crane": "crane",
"dioxus-desktop-template": "dioxus-desktop-template",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs",
"process-compose-flake": "process-compose-flake",
"rust-overlay": "rust-overlay",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"just-flake": {
"locked": {
"lastModified": 1707643180,
"narHash": "sha256-8s9/OeqqeqbmUb8dwW4Viye795Zyms6E+24Ihw7cz4Q=",
"lastModified": 1713316411,
"narHash": "sha256-NkJfU6H+6vgHkPtZ2ESbZ/h2wnsDQrZvB4vbdUIBx8Q=",
"owner": "juspay",
"repo": "nix-browser",
"rev": "d7d33d764d7f0829cbd2160431e091d09a7b0700",
"repo": "just-flake",
"rev": "0e33952a4bcd16cd54ee3aba8111606c237d4526",
"type": "github"
},
"original": {
"owner": "juspay",
"repo": "nix-browser",
"repo": "just-flake",
"type": "github"
}
},
@ -489,11 +533,11 @@
]
},
"locked": {
"lastModified": 1710717205,
"narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=",
"lastModified": 1716993688,
"narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3",
"rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
"type": "github"
},
"original": {
@ -510,11 +554,11 @@
]
},
"locked": {
"lastModified": 1710717205,
"narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=",
"lastModified": 1716993688,
"narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3",
"rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
"type": "github"
},
"original": {
@ -530,11 +574,11 @@
]
},
"locked": {
"lastModified": 1711249705,
"narHash": "sha256-h/NQECj6mIzF4XR6AQoSpkCnwqAM+ol4+qOdYi2ykmQ=",
"lastModified": 1716772633,
"narHash": "sha256-Idcye44UW+EgjbjCoklf2IDF+XrehV6CVYvxR1omst4=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "34519f3bb678a5abbddf7b200ac5347263ee781b",
"rev": "ff80cb4a11bb87f3ce8459be6f16a25ac86eb2ac",
"type": "github"
},
"original": {
@ -546,21 +590,22 @@
"nixci": {
"inputs": {
"cargo-doc-live": "cargo-doc-live_2",
"crane": "crane_2",
"devour-flake": "devour-flake",
"flake-parts": "flake-parts_3",
"just-flake": "just-flake",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"process-compose-flake": "process-compose-flake_2",
"rust-overlay": "rust-overlay_3",
"rust-flake": "rust-flake_2",
"systems": "systems_5",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1711384311,
"narHash": "sha256-WcfkvK0XcnthRYUoyU8iRmisxBl3faRrc/v1KCsnXS4=",
"lastModified": 1717697637,
"narHash": "sha256-IBbblZ5wvS1Y9hDuYW337YjbAXkcj6i/Z6lZesfisBc=",
"owner": "srid",
"repo": "nixci",
"rev": "594b5a770e0e70efbb4f93a727849fc303116787",
"rev": "6a672e28811f716a8cff5108dc720269d897d246",
"type": "github"
},
"original": {
@ -571,15 +616,16 @@
},
"nixos-flake": {
"locked": {
"lastModified": 1711376798,
"narHash": "sha256-37wawZGSX/dD1rn7TwFJhUdpozC2VPEQXetpfpK/D+w=",
"lastModified": 1718165126,
"narHash": "sha256-M+aW1O01dv6b+MKsGKVLO6dcHqTrGpeToCoz9Ced29o=",
"owner": "srid",
"repo": "nixos-flake",
"rev": "7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5",
"rev": "02c0ad4030ea97f3e8c470825d9844b0f0eb1f7b",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "deploy",
"repo": "nixos-flake",
"type": "github"
}
@ -620,11 +666,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1701237617,
"narHash": "sha256-Ryd8xpNDY9MJnBFDYhB37XSFIxCPVVVXAbInNPa95vs=",
"lastModified": 1715282013,
"narHash": "sha256-GtwK9hQMbN+FxSD2eTioBOi2P47+t3oqnY4ZGJl53+k=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "85306ef2470ba705c97ce72741d56e42d0264015",
"rev": "cc6431d5598071f0021efc6c009c79e5b5fe1617",
"type": "github"
},
"original": {
@ -636,38 +682,26 @@
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1696019113,
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github"
"lastModified": 1714640452,
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
}
},
"nixpkgs-lib_2": {
"locked": {
"dir": "lib",
"lastModified": 1698611440,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"type": "github"
"lastModified": 1714640452,
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
}
},
"nixpkgs-lib_3": {
@ -690,11 +724,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1681358109,
"narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
@ -706,11 +740,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1688590700,
"narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=",
"lastModified": 1714763106,
"narHash": "sha256-DrDHo74uTycfpAF+/qxZAMlP/Cpe04BVioJb6fdI0YY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b",
"rev": "e9be42459999a253a9f92559b1f5b72e1b44c13d",
"type": "github"
},
"original": {
@ -767,11 +801,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1711333969,
"narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=",
"lastModified": 1716948383,
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "57e6b3a9e4ebec5aa121188301f04a6b8c354c9b",
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
"type": "github"
},
"original": {
@ -802,19 +836,21 @@
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_4",
"flake-root": "flake-root",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin_2",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1711456788,
"narHash": "sha256-Aj9dEP/J/my+WWUlw5JRAjYFZJVOZ08jxYXgNHtbb8E=",
"lastModified": 1717081007,
"narHash": "sha256-GNr1i6itjFKGXSco3lcdKe8GxEwrmSYFDUpZyXsXWp4=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "b8b0c1d58f3259dd0236a5844897aeec3b36b73d",
"rev": "da9bd1f2e8fc8cd8553a76a9e22afd386c18f205",
"type": "github"
},
"original": {
@ -823,26 +859,26 @@
"type": "github"
}
},
"pre-commit-hooks": {
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_6",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixci",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"lastModified": 1714478972,
"narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"rev": "2849da033884f54822af194400f8dff435ada242",
"type": "github"
},
"original": {
@ -853,11 +889,11 @@
},
"process-compose-flake": {
"locked": {
"lastModified": 1701368682,
"narHash": "sha256-YkZbzfOkv68YOX4fK6VQvNHpysyZ/x3gePL3wbo8giA=",
"lastModified": 1715063745,
"narHash": "sha256-kO8gcRHfuKIlsGmFoHUF4lD3CfrRBymIlG2R3OHBEjQ=",
"owner": "Platonic-Systems",
"repo": "process-compose-flake",
"rev": "8edcd4de7c631eac2ce5f8e2a0782e0ca606da9b",
"rev": "32c069e7ef436b4325ee36503cd02b2863eede53",
"type": "github"
},
"original": {
@ -883,11 +919,11 @@
},
"root": {
"inputs": {
"actualism-app": "actualism-app",
"colmena-flake": "colmena-flake",
"disko": "disko",
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"home-manager": "home-manager",
"nix-browser": "nix-browser",
"nix-darwin": "nix-darwin",
"nix-index-database": "nix-index-database",
"nixci": "nixci",
@ -896,7 +932,54 @@
"nixos-vscode-server": "nixos-vscode-server",
"nixpkgs": "nixpkgs_7",
"nixvim": "nixvim",
"treefmt-nix": "treefmt-nix_3"
"treefmt-nix": "treefmt-nix_4"
}
},
"rust-flake": {
"inputs": {
"crane": "crane",
"nixpkgs": [
"actualism-app",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1715570778,
"narHash": "sha256-PlWsDmfLHmhrvf2y7rBJP9wKlgMKm4iIP/PX2BdlttI=",
"owner": "juspay",
"repo": "rust-flake",
"rev": "19e41363312bdb34c2b3d6304b84d5d5fccee09d",
"type": "github"
},
"original": {
"owner": "juspay",
"ref": "extraBuildArgs",
"repo": "rust-flake",
"type": "github"
}
},
"rust-flake_2": {
"inputs": {
"crane": "crane_2",
"nixpkgs": [
"nixci",
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1713345390,
"narHash": "sha256-JukrAWf4u9ECX6XEDcFpQaTGuqjvKl1ecuOOdrstEH4=",
"owner": "juspay",
"repo": "rust-flake",
"rev": "b2535a09c5ed6c33904a59bd4a965aaf14fbddc3",
"type": "github"
},
"original": {
"owner": "juspay",
"repo": "rust-flake",
"type": "github"
}
},
"rust-overlay": {
@ -905,11 +988,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1701310566,
"narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=",
"lastModified": 1715480255,
"narHash": "sha256-gEZl8nYidQwqJhOigJ91JDjoBFoPEWVsd82AKnaE7Go=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff",
"rev": "d690205a4f01ec0930303c4204e5063958e51255",
"type": "github"
},
"original": {
@ -919,43 +1002,16 @@
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": [
"nixci",
"crane",
"flake-utils"
],
"nixpkgs": [
"nixci",
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1693707092,
"narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1694052649,
"narHash": "sha256-+eBEU3dw3/fCfi8ZHFNutINxehMazGkQxqNcpeNbTo4=",
"lastModified": 1701310566,
"narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a795148ffbcc77f2b592d50ceebe36147e623a77",
"rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff",
"type": "github"
},
"original": {
@ -1069,34 +1125,19 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nix-browser",
"actualism-app",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {
@ -1124,6 +1165,27 @@
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},

67
flake.nix
View file

@ -10,7 +10,7 @@
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-flake.url = "github:srid/nixos-flake";
nixos-flake.url = "github:srid/nixos-flake/deploy";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
colmena-flake.url = "github:juspay/colmena-flake";
@ -19,9 +19,9 @@
nixos-vscode-server.flake = false;
nixos-vscode-server.url = "github:nix-community/nixos-vscode-server";
nixci.url = "github:srid/nixci";
nix-browser.url = "github:juspay/nix-browser";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
actualism-app.url = "github:srid/actualism-app";
# Neovim
nixvim.url = "github:nix-community/nixvim";
@ -57,14 +57,33 @@
[ "op" "read" "op://Personal/nixos-config/${field}" ];
in
{
github-runner = {
targetHost = "github-runner";
immediacy = {
targetHost = "immediacy";
targetUser = "srid";
keys."github-runner-token.secret" = {
user = "github-runner";
keyCommand = read1Password "github-runner-token";
keys."hedgedoc.env" = {
user = "hedgedoc";
keyCommand = read1Password "hedgedoc.env";
};
};
github-runner =
let
user = "github-runner";
in
{
targetHost = "github-runner";
targetUser = "srid";
keys = {
"github-runner-token.secret" = {
inherit user;
keyCommand = read1Password "github-runner-token";
};
"nix-conf-gh-token.secret" = {
user = "root";
permissions = "0440";
keyCommand = read1Password "nix-conf-gh-token";
};
};
};
};
flake = {
@ -77,19 +96,26 @@
nixosConfigurations.github-runner =
self.nixos-flake.lib.mkLinuxSystem
./systems/github-runner.nix;
# Hetzner dedicated
nixosConfigurations.immediacy =
self.nixos-flake.lib.mkLinuxSystem
./systems/ax41.nix;
};
perSystem = { self', pkgs, lib, config, ... }: {
perSystem = { self', pkgs, system, config, ... }: {
# Flake inputs we want to update periodically
# Run: `nix run .#update`.
nixos-flake.primary-inputs = [
"nixpkgs"
"home-manager"
"nix-darwin"
"nixos-flake"
"nix-index-database"
"nixvim"
];
nixos-flake = {
primary-inputs = [
"nixpkgs"
"home-manager"
"nix-darwin"
"nixos-flake"
"nix-index-database"
"nixvim"
];
};
treefmt.config = {
projectRootFile = "flake.nix";
@ -98,11 +124,20 @@
formatter = config.treefmt.build.wrapper;
packages.default = self'.packages.activate;
devShells.default = pkgs.mkShell {
inputsFrom = [ config.treefmt.build.devShell ];
packages = with pkgs; [
just
colmena
nixd
];
};
# Make our overlay available to the devShell
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
overlays = [
(import ./packages/overlay.nix { inherit system; flake = { inherit inputs; }; })
];
};
};

19
home/_1password.nix
View file

@ -1,4 +1,7 @@
{ pkgs, lib, ... }:
{ flake, config, pkgs, lib, ... }:
let
userConfig = flake.config.people.users.${config.home.username};
in
{
home.packages = with pkgs; [
_1password
@ -20,4 +23,18 @@
};
};
};
# https://developer.1password.com/docs/ssh/git-commit-signing/
#
# For this to work on GitHub, you must have added the SSH pub key as a signing key, see
# https://1password.community/discussion/comment/667515/#Comment_667515
programs.git.includes = [{
condition = "gitdir:~/code/**"; # Personal repos only
contents = {
user.signingKey = userConfig.sshKey;
gpg.format = "ssh";
gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign";
commit.gpgsign = true;
};
}];
}

4
home/default.nix
View file

@ -21,6 +21,7 @@
# ./nushell.nix
./just.nix
# ./powershell.nix
./juspay.nix
];
};
common-linux = {
@ -36,8 +37,7 @@
./zsh.nix
# ./bash.nix
# ./kitty.nix
# ./emacs.nix
# ./himalaya.nix
./himalaya.nix
];
};
};

7
home/direnv.nix
View file

@ -2,9 +2,8 @@
programs.direnv = {
enable = true;
nix-direnv.enable = true;
# NOTE: disabled, because causes breakage often
/* config.global = {
strict_env = true;
}; */
config.global = {
hide_env_diff = true;
};
};
}

76
home/emacs/doom/config.el
View file

@ -1,76 +0,0 @@
;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
;; Place your private configuration here! Remember, you do not need to run 'doom
;; sync' after modifying this file!
;; Some functionality uses this to identify you, e.g. GPG configuration, email
;; clients, file templates and snippets. It is optional.
(setq user-full-name "Sridhar Ratnakumar"
user-mail-address "srid@srid.ca")
;; Doom exposes five (optional) variables for controlling fonts in Doom:
;;
;; - `doom-font' -- the primary font to use
;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable)
;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for
;; presentations or streaming.
;; - `doom-symbol-font' -- for symbols
;; - `doom-serif-font' -- for the `fixed-pitch-serif' face
;;
;; See 'C-h v doom-font' for documentation and more examples of what they
;; accept. For example:
;;
;;(setq doom-font (font-spec :family "Fira Code" :size 12 :weight 'semi-light)
;; doom-variable-pitch-font (font-spec :family "Fira Sans" :size 13))
;;
;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to
;; refresh your font settings. If Emacs still can't find your font, it likely
;; wasn't installed correctly. Font issues are rarely Doom issues!
;; There are two ways to load a theme. Both assume the theme is installed and
;; available. You can either set `doom-theme' or manually load a theme with the
;; `load-theme' function. This is the default:
(setq doom-theme 'doom-one)
;; This determines the style of line numbers in effect. If set to `nil', line
;; numbers are disabled. For relative line numbers, set this to `relative'.
(setq display-line-numbers-type t)
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq org-directory "~/org/")
;; Whenever you reconfigure a package, make sure to wrap your config in an
;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
;;
;; (after! PACKAGE
;; (setq x y))
;;
;; The exceptions to this rule:
;;
;; - Setting file/directory variables (like `org-directory')
;; - Setting variables which explicitly tell you to set them before their
;; package is loaded (see 'C-h v VARIABLE' to look up their documentation).
;; - Setting doom variables (which start with 'doom-' or '+').
;;
;; Here are some additional functions/macros that will help you configure Doom.
;;
;; - `load!' for loading external *.el files relative to this one
;; - `use-package!' for configuring packages
;; - `after!' for running code after a package has loaded
;; - `add-load-path!' for adding directories to the `load-path', relative to
;; this file. Emacs searches the `load-path' when you load packages with
;; `require' or `use-package'.
;; - `map!' for binding new keys
;;
;; To get information about any of these functions/macros, move the cursor over
;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
;; This will open documentation for it, including demos of how they are used.
;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces,
;; etc).
;;
;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
;; they are implemented.

194
home/emacs/doom/init.el
View file

@ -1,194 +0,0 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a link to Doom's Module Index where all
;; of our modules are listed, including what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;bidi ; (tfel ot) thgir etirw uoy gnipleh
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life
vertico ; the search engine of the future
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
;;doom-quit ; DOOM quit-message prompts when you quit Emacs
;;(emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;ligatures ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
;;unicode ; extended unicode support for various languages
(vc-gutter +pretty) ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
;;(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;;rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
;;ibuffer ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
;;vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
;;(spell +flyspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;biblio ; Writes a PhD for you (citation needed)
;;collab ; buffers with friends
;;debugger ; FIXME stepping through code, to help you add bugs
;;direnv
;;docker
;;editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
lookup ; navigate your code and its documentation
;;lsp ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
;;tmux ; an API for interacting with tmux
;;tree-sitter ; syntax and parsing, sitting in a tree...
;;upload ; map local to remote projects via ssh/ftp
:os
(:if (featurep :system 'macos) macos) ; improve compatibility with macOS
;;tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
;;(cc +lsp) ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
;;elixir ; erlang done right
;;elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER)
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
;;(go +lsp) ; the hipster dialect
;;(graphql +lsp) ; Give queries a REST
;;(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
;;json ; At least it ain't XML
;;(java +lsp) ; the poster child for carpal tunnel syndrome
;;javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
;;latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
;;lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
;;nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
org ; organize your plain life in plain text
;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
;;python ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
;;(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
;;yaml ; JSON, but readable
;;zig ; C, but simpler
:email
;;(mu4e +org +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
;;calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))

50
home/emacs/doom/packages.el
View file

@ -1,50 +0,0 @@
;; -*- no-byte-compile: t; -*-
;;; $DOOMDIR/packages.el
;; To install a package with Doom you must declare them here and run 'doom sync'
;; on the command line, then restart Emacs for the changes to take effect -- or
;; use 'M-x doom/reload'.
;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
;; (package! some-package)
;; To install a package directly from a remote git repo, you must specify a
;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
;; https://github.com/radian-software/straight.el#the-recipe-format
;; (package! another-package
;; :recipe (:host github :repo "username/repo"))
;; If the package you are trying to install does not contain a PACKAGENAME.el
;; file, or is located in a subdirectory of the repo, you'll need to specify
;; `:files' in the `:recipe':
;; (package! this-package
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
;; If you'd like to disable a package included with Doom, you can do so here
;; with the `:disable' property:
;; (package! builtin-package :disable t)
;; You can override the recipe of a built in package without having to specify
;; all the properties for `:recipe'. These will inherit the rest of its recipe
;; from Doom or MELPA/ELPA/Emacsmirror:
;; (package! builtin-package :recipe (:nonrecursive t))
;; (package! builtin-package-2 :recipe (:repo "myfork/package"))
;; Specify a `:branch' to install a package from a particular branch or tag.
;; This is required for some packages whose default branch isn't 'master' (which
;; our package manager can't deal with; see radian-software/straight.el#279)
;; (package! builtin-package :recipe (:branch "develop"))
;; Use `:pin' to specify a particular commit to install.
;; (package! builtin-package :pin "1a2b3c4d5e")
;; Doom's packages are pinned to a specific commit and updated from release to
;; release. The `unpin!' macro allows you to unpin single packages...
;; (unpin! pinned-package)
;; ...or multiple packages
;; (unpin! pinned-package another-pinned-package)
;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
;; (unpin! t)

7
home/git.nix
View file

@ -1,6 +1,9 @@
{ pkgs, config, flake, ... }:
{
home.packages = [ pkgs.git-lfs ];
home.packages = with pkgs; [
git-lfs
git-filter-repo
];
programs.git = {
package = pkgs.gitAndTools.gitFull;
@ -35,7 +38,7 @@
};
};
extraConfig = {
init.defaultBranch = "master"; # https://srid.ca/unwoke
init.defaultBranch = "master"; # Undo breakage due to https://srid.ca/luxury-belief
core.editor = "nvim";
#protocol.keybase.allow = "always";
credential.helper = "store --file ~/.git-credentials";

10
home/himalaya.nix
View file

@ -1,4 +1,5 @@
let
# https://pimalaya.org/himalaya/cli/latest/configuration/icloud-mail.html
iCloudMailSettings = {
imap = {
host = "imap.mail.me.com";
@ -14,7 +15,9 @@ in
{
home.shellAliases = {
H = "himalaya";
Hr = "himalaya message read";
Hd = "himalaya message delete";
Hs = "himalaya account sync";
};
programs.himalaya = {
@ -28,10 +31,13 @@ in
address = "happyandharmless@icloud.com";
aliases = [ "srid@srid.ca" ];
userName = "happyandharmless";
passwordCommand = "op read op://Personal/iCloud/himalaya";
passwordCommand = "op read op://Personal/iCloud-Apple/himalaya";
himalaya = {
enable = true;
settings.sync.enable = true;
# Don't forget to run `himalaya account sync` first!
settings.sync = {
enable = true;
};
};
};
};

37
home/juspay.nix Normal file
View file

@ -0,0 +1,37 @@
# For Juspay work
{ pkgs, lib, ... }:
{
programs.ssh = {
matchBlocks = {
# Juspay machines (through Tailscale)
vanjaram = {
hostname = "100.83.79.127";
user = "srid";
forwardAgent = true;
};
biryani = {
hostname = "100.97.32.60";
user = "admin";
forwardAgent = true;
};
# To clone Juspay repos.
# https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host
"bitbucket.org" = {
identitiesOnly = true;
identityFile = "~/.ssh/juspay.pub";
};
};
};
programs.git = {
# Bitbucket git access and policies
includes = [{
condition = "gitdir:~/juspay/**";
contents = {
user.email = "sridhar.ratnakumar@juspay.in";
};
}];
};
}

10
home/neovim.nix
View file

@ -1,12 +1,14 @@
{ pkgs, ... }:
{
programs.nixvim = {
enable = true;
enable = pkgs.stdenv.isDarwin; # nixvim uses IFD; so not using it on Linux (breaks colmena apply)
# Theme
colorschemes.tokyonight.enable = true;
# Settings
options = {
opts = {
expandtab = true;
shiftwidth = 2;
smartindent = true;
@ -42,7 +44,7 @@
};
telescope = {
enable = true;
keymaps = {
settings.keymaps = {
"<leader>ff" = {
desc = "file finder";
action = "find_files";
@ -53,7 +55,7 @@
};
};
extensions = {
file_browser.enable = true;
file-browser.enable = true;
};
};

18
home/ssh.nix
View file

@ -2,23 +2,13 @@
{
programs.ssh = {
enable = true;
# Note: More defined in juspay.nix
matchBlocks = {
vanjaram = {
hostname = "100.83.79.127";
user = "srid";
immediacy = {
hostname = "65.109.84.215";
forwardAgent = true;
};
biryani = {
hostname = "100.97.32.60";
user = "admin";
forwardAgent = true;
};
# To clone Juspay repos.
# https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host
"bitbucket.org" = {
identitiesOnly = true;
identityFile = "~/.ssh/juspay.pub";
};
};
};
}

12
home/terminal.nix
View file

@ -13,7 +13,6 @@
# Useful for Nix development
nixci
nix-health
nil
nixpkgs-fmt
just
@ -26,8 +25,19 @@
fuckport
sshuttle-via
entr
# Fonts
cascadia-code
# Txns
hledger
hledger-web
gnupg
];
fonts.fontconfig.enable = true;
home.shellAliases = {
e = "nvim";
ee = "nvim $(fzf)";

2
home/zsh.nix
View file

@ -14,7 +14,7 @@
];
envExtra = ''
export PATH=/etc/profiles/per-user/$USER/bin:/run/current-system/sw/bin/:/usr/local/bin:$PATH
export PATH=/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/system/sw/bin:/usr/local/bin:$PATH
# Because, adding it in .ssh/config is not enough.
# cf. https://developer.1password.com/docs/ssh/get-started#step-4-configure-your-ssh-or-git-client

29
justfile
View file

@ -1,9 +1,34 @@
default:
@just --list
# Activate local configuration
[group('main')]
activate:
nix run
# Format the nix source tree
fmt:
treefmt
# Deploy to github-runner VM
github-runner:
# Deploy to all remote machines
deploy:
colmena apply --build-on-target
# Deploy to github-runner VM
[group('github-runner')]
gr-deploy:
colmena apply --build-on-target --on github-runner
# Re-animate the VM that was suspended until now.
[group('github-runner')]
gr-animate:
colmena upload-keys
ssh -t github-runner "sudo systemctl restart --all github-runner-*"
[group('github-runner')]
gr-inspect:
ssh -t github-runner "sudo systemctl status --all github-runner-*"
[group('github-runner')]
gr-ssh:
ssh -t github-runner

2
nix-darwin/default.nix
View file

@ -4,7 +4,7 @@
flake = {
darwinModules = {
my-home = {
home-manager.users.${config.people.myself} = { pkgs, ... }: {
home-manager.users.${config.people.myself} = {
imports = [
self.homeModules.common-darwin
];

49
nixos/actualism-app.nix Normal file
View file

@ -0,0 +1,49 @@
{ flake, pkgs, lib, ... }:
let
inherit (flake) inputs;
inherit (inputs) self;
in
{
networking.firewall = {
allowedTCPPorts = [
80
443
];
};
# actualism-app (temp host)
services.nginx = {
enable = true;
virtualHosts."www.actualism.app" = {
enableACME = true;
# addSSL = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "srid@srid.ca";
};
systemd.services.actualism-app = {
enable = true;
description = "actualism-app server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart =
lib.getExe (pkgs.writeShellApplication {
name = "actualism-app-start";
text = ''
cd ${pkgs.actualism-app}/
${pkgs.actualism-app}/bin/actualism-app
'';
});
Restart = "always";
};
};
}

4
nixos/caches/oss.nix
View file

@ -2,11 +2,11 @@
nix.settings.trusted-public-keys = [
#"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nammayatri.cachix.org-1:PiVlgB8hKyYwVtCAGpzTh2z9RsFPhIES6UKs0YB662I="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
# "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
];
nix.settings.substituters = [
#"https://nix-community.cachix.org"
"https://cache.garnix.io?priority=41"
# "https://cache.garnix.io?priority=41"
"https://nammayatri.cachix.org?priority=42"
];
}

4
nixos/disko/trivial.nix
View file

@ -4,8 +4,8 @@
disko.devices = {
disk = {
main = {
# When using disko-install, we will overwrite this value from the commandline
device = "/dev/disk/by-id/some-disk-id";
# TODO: Don't hardcode (this file is used by multiple systems)
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";

37
nixos/hedgedoc.nix Normal file
View file

@ -0,0 +1,37 @@
let
domain = "pad.srid.ca";
port = 9112;
in
{
services.hedgedoc = {
enable = true;
# GitHub secrets set in colmena (see flake.nix)
environmentFile = "/run/keys/hedgedoc.env";
settings = {
# URL config
inherit domain port;
protocolUseSSL = true;
urlAddPort = false;
allowOrigin = [ "localhost" ];
# Accept GitHub users only.
# NOTE: Fine-grained access (eg: whitelist of users) not possible until
# HedgeDoc 2.0
email = false;
allowAnonymous = false;
};
};
services.nginx = {
virtualHosts.${domain} = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
};
};
};
}

2
nixos/self/primary-as-admin.nix
View file

@ -6,7 +6,7 @@
users.users =
let
people = flake.config.people;
myKeys = people.users.${people.myself}.sshKeys;
myKeys = [ people.users.${people.myself}.sshKey ];
in
{
root.openssh.authorizedKeys.keys = myKeys;

24
packages/overlay.nix
View file

@ -5,5 +5,27 @@ self: super: {
twitter-convert = self.callPackage ./twitter-convert { };
sshuttle-via = self.callPackage ./sshuttle-via.nix { };
nixci = flake.inputs.nixci.packages.${system}.default;
nix-health = flake.inputs.nix-browser.packages.${system}.nix-health;
# nix-health = flake.inputs.nix-browser.packages.${system}.nix-health;
actualism-app = flake.inputs.actualism-app.packages.${system}.default;
# Use just v1.27.0, until upstream upgrades it.
just = super.just.overrideAttrs (oa: rec {
name = "${oa.pname}-${version}";
version = "1.27.0";
src = super.fetchFromGitHub {
owner = "casey";
repo = oa.pname;
rev = "refs/tags/${version}";
hash = "sha256-xyiIAw8PGMgYPtnnzSExcOgwG64HqC9TbBMTKQVG97k=";
};
# Overriding `cargoHash` has no effect; we must override the resultant
# `cargoDeps` and set the hash in its `outputHash` attribute.
cargoDeps = oa.cargoDeps.overrideAttrs (super.lib.const {
name = "${name}-vendor.tar.gz";
inherit src;
outputHash = "sha256-jMurOCr9On+sudgCzIBrPHF+6jCE/6dj5E106cAL2qw=";
});
doCheck = false;
});
}

52
systems/ax41.nix Normal file
View file

@ -0,0 +1,52 @@
{ flake, pkgs, lib, ... }:
let
inherit (flake) inputs;
inherit (inputs) self;
in
{
imports = [
inputs.disko.nixosModules.disko
self.nixosModules.default
"${self}/nixos/disko/trivial.nix"
"${self}/nixos/nix.nix"
"${self}/nixos/self/primary-as-admin.nix"
"${self}/nixos/docker.nix"
"${self}/nixos/actualism-app.nix"
"${self}/nixos/hedgedoc.nix"
# "${self}/nixos/server/harden/basics.nix"
];
system.stateVersion = "23.11";
networking.hostName = "immediacy";
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader.grub = {
devices = [ "/dev/nvme0n1" ];
efiSupport = true;
efiInstallAsRemovable = true;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
hardware.cpu.intel.updateMicrocode = true;
hardware.enableRedistributableFirmware = true;
# Hetzner networking
networking.useDHCP = false;
networking.interfaces."eth0".ipv4.addresses = [
{
address = "65.109.84.215"; # your IPv4 here
prefixLength = 24;
}
];
networking.interfaces."eth0".ipv6.addresses = [
{
address = "2a01:4f9:3051:52d3::2"; # Your IPv6 here
prefixLength = 64;
}
];
networking.defaultGateway = "65.109.84.193";
networking.nameservers = [ "8.8.8.8" ];
services.openssh.enable = true;
programs.nix-ld.enable = true; # for vscode server
}

3
systems/github-runner.nix
View file

@ -1,4 +1,4 @@
{ flake, pkgs, lib, ... }:
{ flake, ... }:
let
inherit (flake) inputs;
@ -10,6 +10,7 @@ in
"${self}/nixos/disko/trivial.nix"
"${self}/nixos/parallels-vm.nix"
"${self}/nixos/nix.nix"
"${self}/nixos/current-location.nix"
"${self}/nixos/self/primary-as-admin.nix"
"${self}/nixos/server/harden/basics.nix"
"${self}/clusters/github-runner/nixos-module.nix"

9
users/config.nix
View file

@ -4,12 +4,9 @@
srid = {
name = "Sridhar Ratnakumar";
email = "srid@srid.ca";
sshKeys = [
# Legacy
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos"
# New
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd"
];
# Legacy
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos"
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd";
};
};
}

6
users/default.nix
View file

@ -8,10 +8,10 @@ let
email = lib.mkOption {
type = lib.types.str;
};
sshKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
sshKey = lib.mkOption {
type = lib.types.str;
description = ''
SSH public keys
SSH public key
'';
};
};