diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 281c438..a6b07ba 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,4 +14,4 @@ jobs: system: [aarch64-linux, aarch64-darwin] steps: - uses: actions/checkout@v4 - - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" + - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" -- --show-trace diff --git a/.vscode/extensions.json b/.vscode/extensions.json index db6b510..4d6c35e 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -4,7 +4,6 @@ "b4dm4n.nixpkgs-fmt", "jnoortheen.nix-ide", "mattn.lisp", - "thenuprojectcontributors.vscode-nushell-lang", "mkhl.direnv" ] } \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json index ab7e433..aa1becf 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,8 @@ { - "nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix", + "search.followSymlinks": false, "editor.defaultFormatter": "B4dM4n.nixpkgs-fmt", "editor.formatOnSave": true, - "editor.formatOnType": true + "editor.formatOnType": true, + "nix.enableLanguageServer": true, + "nix.serverPath": "nixd" } \ No newline at end of file diff --git a/clusters/github-runner/README.md b/clusters/github-runner/README.md index 1bc43b6..c914952 100644 --- a/clusters/github-runner/README.md +++ b/clusters/github-runner/README.md @@ -13,6 +13,11 @@ While we could use the `nix-darwin` module for Github Runners, we do it the othe - The Linux VM's `/etc/ssh/ssh_host_ed25519_key` is used to authorize itself to connect to the Mac. - The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can. +## Known Issues + +- GitHub token must be provided to avoid the "API rate limit exceeded" error (which can happen if you do all this on your laptop and work around the world). See https://github.com/srid/nixos-config/issues/54 +- GitHub runner might crash due to out of sync time on the VM. If you are Parallels, you should [sync time from Mac](https://kb.parallels.com/113271). + ## Usage - `/systems/darwin.nix` (macOS config) diff --git a/clusters/github-runner/nixos-module.nix b/clusters/github-runner/nixos-module.nix index 6af80a4..67b10a4 100644 --- a/clusters/github-runner/nixos-module.nix +++ b/clusters/github-runner/nixos-module.nix @@ -19,6 +19,7 @@ let inherit user group tokenFile name; enable = true; replace = true; + ephemeral = true; extraPackages = with pkgs; runner-pkgs ++ [ # Standard nix tools nixci @@ -39,6 +40,11 @@ in users.groups.${group} = { }; nix.settings.trusted-users = [ user ]; + # No way to do this: https://github.com/NixOS/nix/issues/6536 + #nix.extraOptions = '' + # !include /run/keys/nix-conf-gh-token.secret + #''; + # Runners services.github-runners = mkPersonalRunners "srid" repos.srid; diff --git a/clusters/github-runner/repos.nix b/clusters/github-runner/repos.nix index 52f63db..0857b9c 100644 --- a/clusters/github-runner/repos.nix +++ b/clusters/github-runner/repos.nix @@ -6,5 +6,7 @@ nixos-config.num = 2; nixos-flake.num = 2 * 5; perpetuum.num = 2; + emanote.num = 2; + nixci.num = 2; }; } diff --git a/flake.lock b/flake.lock index b8f8973..a2a94f6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,36 @@ { "nodes": { + "actualism-app": { + "inputs": { + "cargo-doc-live": "cargo-doc-live", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "process-compose-flake": "process-compose-flake", + "rust-flake": "rust-flake", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1715572711, + "narHash": "sha256-CPZrSwbZBasURURCzoWHb0XCK1dYEmomT8HamOoQ1A8=", + "owner": "srid", + "repo": "actualism-app", + "rev": "62897d3bb3340d0952489195fd8f1f31b12c9c8c", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "actualism-app", + "type": "github" + } + }, "cargo-doc-live": { "locked": { - "lastModified": 1692743000, - "narHash": "sha256-7lxG/r72hECceIir+Y+N3vM0f7FcudZD5cq+KhZj4MI=", + "lastModified": 1713493311, + "narHash": "sha256-fxbzPNIv0o/Y0OEo0r6iAm4Dft1pX08CKtzBl+RKgrE=", "owner": "srid", "repo": "cargo-doc-live", - "rev": "575b9d0733cac0448219d7bc5746ebd594baedb5", + "rev": "b7058f7b4eb131c569a1fcebf966a1149defd7e3", "type": "github" }, "original": { @@ -48,45 +72,46 @@ "crane": { "inputs": { "nixpkgs": [ - "nix-browser", + "actualism-app", + "rust-flake", "nixpkgs" ] }, "locked": { - "lastModified": 1701305027, - "narHash": "sha256-/LUYOjcPn5vam8DJjHBpGGKfGMSDp1P1wUW1Ca4h3yQ=", + "lastModified": 1707685877, + "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", "owner": "ipetkov", "repo": "crane", - "rev": "c53a8c071dc59430bc54b3ad0b58d96252a07ab8", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" }, "original": { "owner": "ipetkov", "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" } }, "crane_2": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixci", + "rust-flake", "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" + ] }, "locked": { - "lastModified": 1693787605, - "narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=", + "lastModified": 1707685877, + "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", "owner": "ipetkov", "repo": "crane", - "rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" }, "original": { "owner": "ipetkov", "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" } }, @@ -115,11 +140,11 @@ ] }, "locked": { - "lastModified": 1711099426, - "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "lastModified": 1713532798, + "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", "owner": "numtide", "repo": "devshell", - "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", "type": "github" }, "original": { @@ -128,22 +153,6 @@ "type": "github" } }, - "dioxus-desktop-template": { - "flake": false, - "locked": { - "lastModified": 1701368080, - "narHash": "sha256-mdfaOnccAl3uudxMIEqCSPr5DIOZjnsMaD0dNsd8Am4=", - "owner": "srid", - "repo": "dioxus-desktop-template", - "rev": "3054d7e74e46c97ee7cee4c42ec025fc284faaf6", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "dioxus-desktop-template", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -167,11 +176,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -215,11 +224,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1698579227, - "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f76e870d64779109e41370848074ac4eaa1606ec", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -233,11 +242,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1698882062, - "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -272,11 +281,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -285,16 +294,31 @@ "type": "github" } }, + "flake-root": { + "locked": { + "lastModified": 1713493429, + "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", + "owner": "srid", + "repo": "flake-root", + "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "flake-root", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -308,11 +332,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -375,29 +399,60 @@ "type": "github" } }, - "flake-utils_6": { + "git-hooks": { "inputs": { - "systems": "systems_8" + "flake-compat": "flake-compat_3", + "gitignore": "gitignore_2", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixvim", + "nixpkgs" + ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "nixci", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "nixvim", - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -422,11 +477,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1717052710, + "narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae", "type": "github" }, "original": { @@ -443,11 +498,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1717052710, + "narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae", "type": "github" }, "original": { @@ -456,29 +511,18 @@ "type": "github" } }, - "nix-browser": { - "inputs": { - "cargo-doc-live": "cargo-doc-live", - "crane": "crane", - "dioxus-desktop-template": "dioxus-desktop-template", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs", - "process-compose-flake": "process-compose-flake", - "rust-overlay": "rust-overlay", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, + "just-flake": { "locked": { - "lastModified": 1707643180, - "narHash": "sha256-8s9/OeqqeqbmUb8dwW4Viye795Zyms6E+24Ihw7cz4Q=", + "lastModified": 1713316411, + "narHash": "sha256-NkJfU6H+6vgHkPtZ2ESbZ/h2wnsDQrZvB4vbdUIBx8Q=", "owner": "juspay", - "repo": "nix-browser", - "rev": "d7d33d764d7f0829cbd2160431e091d09a7b0700", + "repo": "just-flake", + "rev": "0e33952a4bcd16cd54ee3aba8111606c237d4526", "type": "github" }, "original": { "owner": "juspay", - "repo": "nix-browser", + "repo": "just-flake", "type": "github" } }, @@ -489,11 +533,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -510,11 +554,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -530,11 +574,11 @@ ] }, "locked": { - "lastModified": 1711249705, - "narHash": "sha256-h/NQECj6mIzF4XR6AQoSpkCnwqAM+ol4+qOdYi2ykmQ=", + "lastModified": 1716772633, + "narHash": "sha256-Idcye44UW+EgjbjCoklf2IDF+XrehV6CVYvxR1omst4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "34519f3bb678a5abbddf7b200ac5347263ee781b", + "rev": "ff80cb4a11bb87f3ce8459be6f16a25ac86eb2ac", "type": "github" }, "original": { @@ -546,21 +590,22 @@ "nixci": { "inputs": { "cargo-doc-live": "cargo-doc-live_2", - "crane": "crane_2", "devour-flake": "devour-flake", "flake-parts": "flake-parts_3", + "just-flake": "just-flake", "nixpkgs": "nixpkgs_3", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", "process-compose-flake": "process-compose-flake_2", - "rust-overlay": "rust-overlay_3", + "rust-flake": "rust-flake_2", "systems": "systems_5", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1711384311, - "narHash": "sha256-WcfkvK0XcnthRYUoyU8iRmisxBl3faRrc/v1KCsnXS4=", + "lastModified": 1717697637, + "narHash": "sha256-IBbblZ5wvS1Y9hDuYW337YjbAXkcj6i/Z6lZesfisBc=", "owner": "srid", "repo": "nixci", - "rev": "594b5a770e0e70efbb4f93a727849fc303116787", + "rev": "6a672e28811f716a8cff5108dc720269d897d246", "type": "github" }, "original": { @@ -571,15 +616,16 @@ }, "nixos-flake": { "locked": { - "lastModified": 1711376798, - "narHash": "sha256-37wawZGSX/dD1rn7TwFJhUdpozC2VPEQXetpfpK/D+w=", + "lastModified": 1718165126, + "narHash": "sha256-M+aW1O01dv6b+MKsGKVLO6dcHqTrGpeToCoz9Ced29o=", "owner": "srid", "repo": "nixos-flake", - "rev": "7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5", + "rev": "02c0ad4030ea97f3e8c470825d9844b0f0eb1f7b", "type": "github" }, "original": { "owner": "srid", + "ref": "deploy", "repo": "nixos-flake", "type": "github" } @@ -620,11 +666,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701237617, - "narHash": "sha256-Ryd8xpNDY9MJnBFDYhB37XSFIxCPVVVXAbInNPa95vs=", + "lastModified": 1715282013, + "narHash": "sha256-GtwK9hQMbN+FxSD2eTioBOi2P47+t3oqnY4ZGJl53+k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85306ef2470ba705c97ce72741d56e42d0264015", + "rev": "cc6431d5598071f0021efc6c009c79e5b5fe1617", "type": "github" }, "original": { @@ -636,38 +682,26 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "dir": "lib", - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "nixpkgs-lib_3": { @@ -690,11 +724,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681358109, - "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", + "lastModified": 1706487304, + "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", + "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", "type": "github" }, "original": { @@ -706,11 +740,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1688590700, - "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", + "lastModified": 1714763106, + "narHash": "sha256-DrDHo74uTycfpAF+/qxZAMlP/Cpe04BVioJb6fdI0YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", + "rev": "e9be42459999a253a9f92559b1f5b72e1b44c13d", "type": "github" }, "original": { @@ -767,11 +801,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1711333969, - "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57e6b3a9e4ebec5aa121188301f04a6b8c354c9b", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -802,19 +836,21 @@ "devshell": "devshell", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_4", + "flake-root": "flake-root", + "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin_2", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks" + "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1711456788, - "narHash": "sha256-Aj9dEP/J/my+WWUlw5JRAjYFZJVOZ08jxYXgNHtbb8E=", + "lastModified": 1717081007, + "narHash": "sha256-GNr1i6itjFKGXSco3lcdKe8GxEwrmSYFDUpZyXsXWp4=", "owner": "nix-community", "repo": "nixvim", - "rev": "b8b0c1d58f3259dd0236a5844897aeec3b36b73d", + "rev": "da9bd1f2e8fc8cd8553a76a9e22afd386c18f205", "type": "github" }, "original": { @@ -823,26 +859,26 @@ "type": "github" } }, - "pre-commit-hooks": { + "pre-commit-hooks-nix": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_6", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", "gitignore": "gitignore", "nixpkgs": [ - "nixvim", + "nixci", "nixpkgs" ], "nixpkgs-stable": [ - "nixvim", + "nixci", "nixpkgs" ] }, "locked": { - "lastModified": 1710923068, - "narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=", + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "e611897ddfdde3ed3eaac4758635d7177ff78673", + "rev": "2849da033884f54822af194400f8dff435ada242", "type": "github" }, "original": { @@ -853,11 +889,11 @@ }, "process-compose-flake": { "locked": { - "lastModified": 1701368682, - "narHash": "sha256-YkZbzfOkv68YOX4fK6VQvNHpysyZ/x3gePL3wbo8giA=", + "lastModified": 1715063745, + "narHash": "sha256-kO8gcRHfuKIlsGmFoHUF4lD3CfrRBymIlG2R3OHBEjQ=", "owner": "Platonic-Systems", "repo": "process-compose-flake", - "rev": "8edcd4de7c631eac2ce5f8e2a0782e0ca606da9b", + "rev": "32c069e7ef436b4325ee36503cd02b2863eede53", "type": "github" }, "original": { @@ -883,11 +919,11 @@ }, "root": { "inputs": { + "actualism-app": "actualism-app", "colmena-flake": "colmena-flake", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager", - "nix-browser": "nix-browser", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixci": "nixci", @@ -896,7 +932,54 @@ "nixos-vscode-server": "nixos-vscode-server", "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" + } + }, + "rust-flake": { + "inputs": { + "crane": "crane", + "nixpkgs": [ + "actualism-app", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1715570778, + "narHash": "sha256-PlWsDmfLHmhrvf2y7rBJP9wKlgMKm4iIP/PX2BdlttI=", + "owner": "juspay", + "repo": "rust-flake", + "rev": "19e41363312bdb34c2b3d6304b84d5d5fccee09d", + "type": "github" + }, + "original": { + "owner": "juspay", + "ref": "extraBuildArgs", + "repo": "rust-flake", + "type": "github" + } + }, + "rust-flake_2": { + "inputs": { + "crane": "crane_2", + "nixpkgs": [ + "nixci", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1713345390, + "narHash": "sha256-JukrAWf4u9ECX6XEDcFpQaTGuqjvKl1ecuOOdrstEH4=", + "owner": "juspay", + "repo": "rust-flake", + "rev": "b2535a09c5ed6c33904a59bd4a965aaf14fbddc3", + "type": "github" + }, + "original": { + "owner": "juspay", + "repo": "rust-flake", + "type": "github" } }, "rust-overlay": { @@ -905,11 +988,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1701310566, - "narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=", + "lastModified": 1715480255, + "narHash": "sha256-gEZl8nYidQwqJhOigJ91JDjoBFoPEWVsd82AKnaE7Go=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff", + "rev": "d690205a4f01ec0930303c4204e5063958e51255", "type": "github" }, "original": { @@ -919,43 +1002,16 @@ } }, "rust-overlay_2": { - "inputs": { - "flake-utils": [ - "nixci", - "crane", - "flake-utils" - ], - "nixpkgs": [ - "nixci", - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1693707092, - "narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1694052649, - "narHash": "sha256-+eBEU3dw3/fCfi8ZHFNutINxehMazGkQxqNcpeNbTo4=", + "lastModified": 1701310566, + "narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a795148ffbcc77f2b592d50ceebe36147e623a77", + "rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff", "type": "github" }, "original": { @@ -1069,34 +1125,19 @@ "type": "github" } }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ - "nix-browser", + "actualism-app", "nixpkgs" ] }, "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", "type": "github" }, "original": { @@ -1124,6 +1165,27 @@ } }, "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715940852, + "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { "inputs": { "nixpkgs": "nixpkgs_8" }, diff --git a/flake.nix b/flake.nix index 467e93c..0ed5a04 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,7 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixos-flake.url = "github:srid/nixos-flake"; + nixos-flake.url = "github:srid/nixos-flake/deploy"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; colmena-flake.url = "github:juspay/colmena-flake"; @@ -19,9 +19,9 @@ nixos-vscode-server.flake = false; nixos-vscode-server.url = "github:nix-community/nixos-vscode-server"; nixci.url = "github:srid/nixci"; - nix-browser.url = "github:juspay/nix-browser"; nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + actualism-app.url = "github:srid/actualism-app"; # Neovim nixvim.url = "github:nix-community/nixvim"; @@ -57,14 +57,33 @@ [ "op" "read" "op://Personal/nixos-config/${field}" ]; in { - github-runner = { - targetHost = "github-runner"; + immediacy = { + targetHost = "immediacy"; targetUser = "srid"; - keys."github-runner-token.secret" = { - user = "github-runner"; - keyCommand = read1Password "github-runner-token"; + keys."hedgedoc.env" = { + user = "hedgedoc"; + keyCommand = read1Password "hedgedoc.env"; }; }; + github-runner = + let + user = "github-runner"; + in + { + targetHost = "github-runner"; + targetUser = "srid"; + keys = { + "github-runner-token.secret" = { + inherit user; + keyCommand = read1Password "github-runner-token"; + }; + "nix-conf-gh-token.secret" = { + user = "root"; + permissions = "0440"; + keyCommand = read1Password "nix-conf-gh-token"; + }; + }; + }; }; flake = { @@ -77,19 +96,26 @@ nixosConfigurations.github-runner = self.nixos-flake.lib.mkLinuxSystem ./systems/github-runner.nix; + + # Hetzner dedicated + nixosConfigurations.immediacy = + self.nixos-flake.lib.mkLinuxSystem + ./systems/ax41.nix; }; - perSystem = { self', pkgs, lib, config, ... }: { + perSystem = { self', pkgs, system, config, ... }: { # Flake inputs we want to update periodically # Run: `nix run .#update`. - nixos-flake.primary-inputs = [ - "nixpkgs" - "home-manager" - "nix-darwin" - "nixos-flake" - "nix-index-database" - "nixvim" - ]; + nixos-flake = { + primary-inputs = [ + "nixpkgs" + "home-manager" + "nix-darwin" + "nixos-flake" + "nix-index-database" + "nixvim" + ]; + }; treefmt.config = { projectRootFile = "flake.nix"; @@ -98,11 +124,20 @@ formatter = config.treefmt.build.wrapper; packages.default = self'.packages.activate; + devShells.default = pkgs.mkShell { inputsFrom = [ config.treefmt.build.devShell ]; packages = with pkgs; [ just colmena + nixd + ]; + }; + # Make our overlay available to the devShell + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + (import ./packages/overlay.nix { inherit system; flake = { inherit inputs; }; }) ]; }; }; diff --git a/home/_1password.nix b/home/_1password.nix index 98433bd..ad087f0 100644 --- a/home/_1password.nix +++ b/home/_1password.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ... }: +{ flake, config, pkgs, lib, ... }: +let + userConfig = flake.config.people.users.${config.home.username}; +in { home.packages = with pkgs; [ _1password @@ -20,4 +23,18 @@ }; }; }; + + # https://developer.1password.com/docs/ssh/git-commit-signing/ + # + # For this to work on GitHub, you must have added the SSH pub key as a signing key, see + # https://1password.community/discussion/comment/667515/#Comment_667515 + programs.git.includes = [{ + condition = "gitdir:~/code/**"; # Personal repos only + contents = { + user.signingKey = userConfig.sshKey; + gpg.format = "ssh"; + gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"; + commit.gpgsign = true; + }; + }]; } diff --git a/home/default.nix b/home/default.nix index 7ef13ca..bea576d 100644 --- a/home/default.nix +++ b/home/default.nix @@ -21,6 +21,7 @@ # ./nushell.nix ./just.nix # ./powershell.nix + ./juspay.nix ]; }; common-linux = { @@ -36,8 +37,7 @@ ./zsh.nix # ./bash.nix # ./kitty.nix - # ./emacs.nix - # ./himalaya.nix + ./himalaya.nix ]; }; }; diff --git a/home/direnv.nix b/home/direnv.nix index b55c2bf..83b2cfc 100644 --- a/home/direnv.nix +++ b/home/direnv.nix @@ -2,9 +2,8 @@ programs.direnv = { enable = true; nix-direnv.enable = true; - # NOTE: disabled, because causes breakage often - /* config.global = { - strict_env = true; - }; */ + config.global = { + hide_env_diff = true; + }; }; } diff --git a/home/emacs/doom/config.el b/home/emacs/doom/config.el deleted file mode 100644 index c4f74dc..0000000 --- a/home/emacs/doom/config.el +++ /dev/null @@ -1,76 +0,0 @@ -;;; $DOOMDIR/config.el -*- lexical-binding: t; -*- - -;; Place your private configuration here! Remember, you do not need to run 'doom -;; sync' after modifying this file! - - -;; Some functionality uses this to identify you, e.g. GPG configuration, email -;; clients, file templates and snippets. It is optional. -(setq user-full-name "Sridhar Ratnakumar" - user-mail-address "srid@srid.ca") - -;; Doom exposes five (optional) variables for controlling fonts in Doom: -;; -;; - `doom-font' -- the primary font to use -;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable) -;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for -;; presentations or streaming. -;; - `doom-symbol-font' -- for symbols -;; - `doom-serif-font' -- for the `fixed-pitch-serif' face -;; -;; See 'C-h v doom-font' for documentation and more examples of what they -;; accept. For example: -;; -;;(setq doom-font (font-spec :family "Fira Code" :size 12 :weight 'semi-light) -;; doom-variable-pitch-font (font-spec :family "Fira Sans" :size 13)) -;; -;; If you or Emacs can't find your font, use 'M-x describe-font' to look them -;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to -;; refresh your font settings. If Emacs still can't find your font, it likely -;; wasn't installed correctly. Font issues are rarely Doom issues! - -;; There are two ways to load a theme. Both assume the theme is installed and -;; available. You can either set `doom-theme' or manually load a theme with the -;; `load-theme' function. This is the default: -(setq doom-theme 'doom-one) - -;; This determines the style of line numbers in effect. If set to `nil', line -;; numbers are disabled. For relative line numbers, set this to `relative'. -(setq display-line-numbers-type t) - -;; If you use `org' and don't want your org files in the default location below, -;; change `org-directory'. It must be set before org loads! -(setq org-directory "~/org/") - - -;; Whenever you reconfigure a package, make sure to wrap your config in an -;; `after!' block, otherwise Doom's defaults may override your settings. E.g. -;; -;; (after! PACKAGE -;; (setq x y)) -;; -;; The exceptions to this rule: -;; -;; - Setting file/directory variables (like `org-directory') -;; - Setting variables which explicitly tell you to set them before their -;; package is loaded (see 'C-h v VARIABLE' to look up their documentation). -;; - Setting doom variables (which start with 'doom-' or '+'). -;; -;; Here are some additional functions/macros that will help you configure Doom. -;; -;; - `load!' for loading external *.el files relative to this one -;; - `use-package!' for configuring packages -;; - `after!' for running code after a package has loaded -;; - `add-load-path!' for adding directories to the `load-path', relative to -;; this file. Emacs searches the `load-path' when you load packages with -;; `require' or `use-package'. -;; - `map!' for binding new keys -;; -;; To get information about any of these functions/macros, move the cursor over -;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k'). -;; This will open documentation for it, including demos of how they are used. -;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces, -;; etc). -;; -;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how -;; they are implemented. \ No newline at end of file diff --git a/home/emacs/doom/init.el b/home/emacs/doom/init.el deleted file mode 100644 index c7f36c9..0000000 --- a/home/emacs/doom/init.el +++ /dev/null @@ -1,194 +0,0 @@ -;;; init.el -*- lexical-binding: t; -*- - -;; This file controls what Doom modules are enabled and what order they load -;; in. Remember to run 'doom sync' after modifying it! - -;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's -;; documentation. There you'll find a link to Doom's Module Index where all -;; of our modules are listed, including what flags they support. - -;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or -;; 'C-c c k' for non-vim users) to view its documentation. This works on -;; flags as well (those symbols that start with a plus). -;; -;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its -;; directory (for easy access to its source code). - -(doom! :input - ;;bidi ; (tfel ot) thgir etirw uoy gnipleh - ;;chinese - ;;japanese - ;;layout ; auie,ctsrnm is the superior home row - - :completion - company ; the ultimate code completion backend - ;;helm ; the *other* search engine for love and life - ;;ido ; the other *other* search engine... - ;;ivy ; a search engine for love and life - vertico ; the search engine of the future - - :ui - ;;deft ; notational velocity for Emacs - doom ; what makes DOOM look the way it does - doom-dashboard ; a nifty splash screen for Emacs - ;;doom-quit ; DOOM quit-message prompts when you quit Emacs - ;;(emoji +unicode) ; 🙂 - hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW - ;;hydra - ;;indent-guides ; highlighted indent columns - ;;ligatures ; ligatures and symbols to make your code pretty again - ;;minimap ; show a map of the code on the side - modeline ; snazzy, Atom-inspired modeline, plus API - ;;nav-flash ; blink cursor line after big motions - ;;neotree ; a project drawer, like NERDTree for vim - ophints ; highlight the region an operation acts on - (popup +defaults) ; tame sudden yet inevitable temporary windows - ;;tabs ; a tab bar for Emacs - ;;treemacs ; a project drawer, like neotree but cooler - ;;unicode ; extended unicode support for various languages - (vc-gutter +pretty) ; vcs diff in the fringe - vi-tilde-fringe ; fringe tildes to mark beyond EOB - ;;window-select ; visually switch windows - workspaces ; tab emulation, persistence & separate workspaces - ;;zen ; distraction-free coding or writing - - :editor - (evil +everywhere); come to the dark side, we have cookies - file-templates ; auto-snippets for empty files - fold ; (nigh) universal code folding - ;;(format +onsave) ; automated prettiness - ;;god ; run Emacs commands without modifier keys - ;;lispy ; vim for lisp, for people who don't like vim - ;;multiple-cursors ; editing in many places at once - ;;objed ; text object editing for the innocent - ;;parinfer ; turn lisp into python, sort of - ;;rotate-text ; cycle region at point between text candidates - snippets ; my elves. They type so I don't have to - ;;word-wrap ; soft wrapping with language-aware indent - - :emacs - dired ; making dired pretty [functional] - electric ; smarter, keyword-based electric-indent - ;;ibuffer ; interactive buffer management - undo ; persistent, smarter undo for your inevitable mistakes - vc ; version-control and Emacs, sitting in a tree - - :term - ;;eshell ; the elisp shell that works everywhere - ;;shell ; simple shell REPL for Emacs - ;;term ; basic terminal emulator for Emacs - ;;vterm ; the best terminal emulation in Emacs - - :checkers - syntax ; tasing you for every semicolon you forget - ;;(spell +flyspell) ; tasing you for misspelling mispelling - ;;grammar ; tasing grammar mistake every you make - - :tools - ;;ansible - ;;biblio ; Writes a PhD for you (citation needed) - ;;collab ; buffers with friends - ;;debugger ; FIXME stepping through code, to help you add bugs - ;;direnv - ;;docker - ;;editorconfig ; let someone else argue about tabs vs spaces - ;;ein ; tame Jupyter notebooks with emacs - (eval +overlay) ; run code, run (also, repls) - lookup ; navigate your code and its documentation - ;;lsp ; M-x vscode - magit ; a git porcelain for Emacs - ;;make ; run make tasks from Emacs - ;;pass ; password manager for nerds - ;;pdf ; pdf enhancements - ;;prodigy ; FIXME managing external services & code builders - ;;rgb ; creating color strings - ;;taskrunner ; taskrunner for all your projects - ;;terraform ; infrastructure as code - ;;tmux ; an API for interacting with tmux - ;;tree-sitter ; syntax and parsing, sitting in a tree... - ;;upload ; map local to remote projects via ssh/ftp - - :os - (:if (featurep :system 'macos) macos) ; improve compatibility with macOS - ;;tty ; improve the terminal Emacs experience - - :lang - ;;agda ; types of types of types of types... - ;;beancount ; mind the GAAP - ;;(cc +lsp) ; C > C++ == 1 - ;;clojure ; java with a lisp - ;;common-lisp ; if you've seen one lisp, you've seen them all - ;;coq ; proofs-as-programs - ;;crystal ; ruby at the speed of c - ;;csharp ; unity, .NET, and mono shenanigans - ;;data ; config/data formats - ;;(dart +flutter) ; paint ui and not much else - ;;dhall - ;;elixir ; erlang done right - ;;elm ; care for a cup of TEA? - emacs-lisp ; drown in parentheses - ;;erlang ; an elegant language for a more civilized age - ;;ess ; emacs speaks statistics - ;;factor - ;;faust ; dsp, but you get to keep your soul - ;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER) - ;;fsharp ; ML stands for Microsoft's Language - ;;fstar ; (dependent) types and (monadic) effects and Z3 - ;;gdscript ; the language you waited for - ;;(go +lsp) ; the hipster dialect - ;;(graphql +lsp) ; Give queries a REST - ;;(haskell +lsp) ; a language that's lazier than I am - ;;hy ; readability of scheme w/ speed of python - ;;idris ; a language you can depend on - ;;json ; At least it ain't XML - ;;(java +lsp) ; the poster child for carpal tunnel syndrome - ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) - ;;julia ; a better, faster MATLAB - ;;kotlin ; a better, slicker Java(Script) - ;;latex ; writing papers in Emacs has never been so fun - ;;lean ; for folks with too much to prove - ;;ledger ; be audit you can be - ;;lua ; one-based indices? one-based indices - markdown ; writing docs for people to ignore - ;;nim ; python + lisp at the speed of c - ;;nix ; I hereby declare "nix geht mehr!" - ;;ocaml ; an objective camel - org ; organize your plain life in plain text - ;;php ; perl's insecure younger brother - ;;plantuml ; diagrams for confusing people more - ;;purescript ; javascript, but functional - ;;python ; beautiful is better than ugly - ;;qt ; the 'cutest' gui framework ever - ;;racket ; a DSL for DSLs - ;;raku ; the artist formerly known as perl6 - ;;rest ; Emacs as a REST client - ;;rst ; ReST in peace - ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} - ;;(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() - ;;scala ; java, but good - ;;(scheme +guile) ; a fully conniving family of lisps - sh ; she sells {ba,z,fi}sh shells on the C xor - ;;sml - ;;solidity ; do you need a blockchain? No. - ;;swift ; who asked for emoji variables? - ;;terra ; Earth and Moon in alignment for performance. - ;;web ; the tubes - ;;yaml ; JSON, but readable - ;;zig ; C, but simpler - - :email - ;;(mu4e +org +gmail) - ;;notmuch - ;;(wanderlust +gmail) - - :app - ;;calendar - ;;emms - ;;everywhere ; *leave* Emacs!? You must be joking - ;;irc ; how neckbeards socialize - ;;(rss +org) ; emacs as an RSS reader - ;;twitter ; twitter client https://twitter.com/vnought - - :config - ;;literate - (default +bindings +smartparens)) \ No newline at end of file diff --git a/home/emacs/doom/packages.el b/home/emacs/doom/packages.el deleted file mode 100644 index a809bf9..0000000 --- a/home/emacs/doom/packages.el +++ /dev/null @@ -1,50 +0,0 @@ -;; -*- no-byte-compile: t; -*- -;;; $DOOMDIR/packages.el - -;; To install a package with Doom you must declare them here and run 'doom sync' -;; on the command line, then restart Emacs for the changes to take effect -- or -;; use 'M-x doom/reload'. - - -;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror: -;; (package! some-package) - -;; To install a package directly from a remote git repo, you must specify a -;; `:recipe'. You'll find documentation on what `:recipe' accepts here: -;; https://github.com/radian-software/straight.el#the-recipe-format -;; (package! another-package -;; :recipe (:host github :repo "username/repo")) - -;; If the package you are trying to install does not contain a PACKAGENAME.el -;; file, or is located in a subdirectory of the repo, you'll need to specify -;; `:files' in the `:recipe': -;; (package! this-package -;; :recipe (:host github :repo "username/repo" -;; :files ("some-file.el" "src/lisp/*.el"))) - -;; If you'd like to disable a package included with Doom, you can do so here -;; with the `:disable' property: -;; (package! builtin-package :disable t) - -;; You can override the recipe of a built in package without having to specify -;; all the properties for `:recipe'. These will inherit the rest of its recipe -;; from Doom or MELPA/ELPA/Emacsmirror: -;; (package! builtin-package :recipe (:nonrecursive t)) -;; (package! builtin-package-2 :recipe (:repo "myfork/package")) - -;; Specify a `:branch' to install a package from a particular branch or tag. -;; This is required for some packages whose default branch isn't 'master' (which -;; our package manager can't deal with; see radian-software/straight.el#279) -;; (package! builtin-package :recipe (:branch "develop")) - -;; Use `:pin' to specify a particular commit to install. -;; (package! builtin-package :pin "1a2b3c4d5e") - - -;; Doom's packages are pinned to a specific commit and updated from release to -;; release. The `unpin!' macro allows you to unpin single packages... -;; (unpin! pinned-package) -;; ...or multiple packages -;; (unpin! pinned-package another-pinned-package) -;; ...Or *all* packages (NOT RECOMMENDED; will likely break things) -;; (unpin! t) \ No newline at end of file diff --git a/home/git.nix b/home/git.nix index bfdf87b..1260147 100644 --- a/home/git.nix +++ b/home/git.nix @@ -1,6 +1,9 @@ { pkgs, config, flake, ... }: { - home.packages = [ pkgs.git-lfs ]; + home.packages = with pkgs; [ + git-lfs + git-filter-repo + ]; programs.git = { package = pkgs.gitAndTools.gitFull; @@ -35,7 +38,7 @@ }; }; extraConfig = { - init.defaultBranch = "master"; # https://srid.ca/unwoke + init.defaultBranch = "master"; # Undo breakage due to https://srid.ca/luxury-belief core.editor = "nvim"; #protocol.keybase.allow = "always"; credential.helper = "store --file ~/.git-credentials"; diff --git a/home/himalaya.nix b/home/himalaya.nix index e6fc895..a8e10ed 100644 --- a/home/himalaya.nix +++ b/home/himalaya.nix @@ -1,4 +1,5 @@ let + # https://pimalaya.org/himalaya/cli/latest/configuration/icloud-mail.html iCloudMailSettings = { imap = { host = "imap.mail.me.com"; @@ -14,7 +15,9 @@ in { home.shellAliases = { H = "himalaya"; + Hr = "himalaya message read"; Hd = "himalaya message delete"; + Hs = "himalaya account sync"; }; programs.himalaya = { @@ -28,10 +31,13 @@ in address = "happyandharmless@icloud.com"; aliases = [ "srid@srid.ca" ]; userName = "happyandharmless"; - passwordCommand = "op read op://Personal/iCloud/himalaya"; + passwordCommand = "op read op://Personal/iCloud-Apple/himalaya"; himalaya = { enable = true; - settings.sync.enable = true; + # Don't forget to run `himalaya account sync` first! + settings.sync = { + enable = true; + }; }; }; }; diff --git a/home/juspay.nix b/home/juspay.nix new file mode 100644 index 0000000..f60c15b --- /dev/null +++ b/home/juspay.nix @@ -0,0 +1,37 @@ +# For Juspay work +{ pkgs, lib, ... }: +{ + programs.ssh = { + matchBlocks = { + # Juspay machines (through Tailscale) + vanjaram = { + hostname = "100.83.79.127"; + user = "srid"; + forwardAgent = true; + }; + biryani = { + hostname = "100.97.32.60"; + user = "admin"; + forwardAgent = true; + }; + + # To clone Juspay repos. + # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host + "bitbucket.org" = { + identitiesOnly = true; + identityFile = "~/.ssh/juspay.pub"; + }; + }; + }; + + programs.git = { + # Bitbucket git access and policies + includes = [{ + condition = "gitdir:~/juspay/**"; + contents = { + user.email = "sridhar.ratnakumar@juspay.in"; + }; + }]; + }; +} + diff --git a/home/neovim.nix b/home/neovim.nix index 213c28a..ae6502b 100644 --- a/home/neovim.nix +++ b/home/neovim.nix @@ -1,12 +1,14 @@ +{ pkgs, ... }: + { programs.nixvim = { - enable = true; + enable = pkgs.stdenv.isDarwin; # nixvim uses IFD; so not using it on Linux (breaks colmena apply) # Theme colorschemes.tokyonight.enable = true; # Settings - options = { + opts = { expandtab = true; shiftwidth = 2; smartindent = true; @@ -42,7 +44,7 @@ }; telescope = { enable = true; - keymaps = { + settings.keymaps = { "ff" = { desc = "file finder"; action = "find_files"; @@ -53,7 +55,7 @@ }; }; extensions = { - file_browser.enable = true; + file-browser.enable = true; }; }; diff --git a/home/ssh.nix b/home/ssh.nix index 8693b3b..b332248 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -2,23 +2,13 @@ { programs.ssh = { enable = true; + + # Note: More defined in juspay.nix matchBlocks = { - vanjaram = { - hostname = "100.83.79.127"; - user = "srid"; + immediacy = { + hostname = "65.109.84.215"; forwardAgent = true; }; - biryani = { - hostname = "100.97.32.60"; - user = "admin"; - forwardAgent = true; - }; - # To clone Juspay repos. - # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host - "bitbucket.org" = { - identitiesOnly = true; - identityFile = "~/.ssh/juspay.pub"; - }; }; }; } diff --git a/home/terminal.nix b/home/terminal.nix index 22ebeb0..ef9b9a4 100644 --- a/home/terminal.nix +++ b/home/terminal.nix @@ -13,7 +13,6 @@ # Useful for Nix development nixci nix-health - nil nixpkgs-fmt just @@ -26,8 +25,19 @@ fuckport sshuttle-via entr + + # Fonts + cascadia-code + + # Txns + hledger + hledger-web + + gnupg ]; + fonts.fontconfig.enable = true; + home.shellAliases = { e = "nvim"; ee = "nvim $(fzf)"; diff --git a/home/zsh.nix b/home/zsh.nix index 5251670..ac5f453 100644 --- a/home/zsh.nix +++ b/home/zsh.nix @@ -14,7 +14,7 @@ ]; envExtra = '' - export PATH=/etc/profiles/per-user/$USER/bin:/run/current-system/sw/bin/:/usr/local/bin:$PATH + export PATH=/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/system/sw/bin:/usr/local/bin:$PATH # Because, adding it in .ssh/config is not enough. # cf. https://developer.1password.com/docs/ssh/get-started#step-4-configure-your-ssh-or-git-client diff --git a/justfile b/justfile index 1c76443..d9ab975 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,34 @@ default: @just --list +# Activate local configuration +[group('main')] +activate: + nix run + +# Format the nix source tree fmt: treefmt -# Deploy to github-runner VM -github-runner: +# Deploy to all remote machines +deploy: colmena apply --build-on-target + +# Deploy to github-runner VM +[group('github-runner')] +gr-deploy: + colmena apply --build-on-target --on github-runner + +# Re-animate the VM that was suspended until now. +[group('github-runner')] +gr-animate: + colmena upload-keys + ssh -t github-runner "sudo systemctl restart --all github-runner-*" + +[group('github-runner')] +gr-inspect: + ssh -t github-runner "sudo systemctl status --all github-runner-*" + +[group('github-runner')] +gr-ssh: + ssh -t github-runner \ No newline at end of file diff --git a/nix-darwin/default.nix b/nix-darwin/default.nix index 7d2c151..af2dad3 100644 --- a/nix-darwin/default.nix +++ b/nix-darwin/default.nix @@ -4,7 +4,7 @@ flake = { darwinModules = { my-home = { - home-manager.users.${config.people.myself} = { pkgs, ... }: { + home-manager.users.${config.people.myself} = { imports = [ self.homeModules.common-darwin ]; diff --git a/nixos/actualism-app.nix b/nixos/actualism-app.nix new file mode 100644 index 0000000..7db5738 --- /dev/null +++ b/nixos/actualism-app.nix @@ -0,0 +1,49 @@ +{ flake, pkgs, lib, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + }; + # actualism-app (temp host) + services.nginx = { + enable = true; + virtualHosts."www.actualism.app" = { + enableACME = true; + # addSSL = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "srid@srid.ca"; + }; + systemd.services.actualism-app = { + enable = true; + description = "actualism-app server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = + lib.getExe (pkgs.writeShellApplication { + name = "actualism-app-start"; + text = '' + cd ${pkgs.actualism-app}/ + ${pkgs.actualism-app}/bin/actualism-app + ''; + }); + Restart = "always"; + }; + }; +} diff --git a/nixos/caches/oss.nix b/nixos/caches/oss.nix index 1e35eb7..b5adc66 100644 --- a/nixos/caches/oss.nix +++ b/nixos/caches/oss.nix @@ -2,11 +2,11 @@ nix.settings.trusted-public-keys = [ #"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nammayatri.cachix.org-1:PiVlgB8hKyYwVtCAGpzTh2z9RsFPhIES6UKs0YB662I=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + # "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; nix.settings.substituters = [ #"https://nix-community.cachix.org" - "https://cache.garnix.io?priority=41" + # "https://cache.garnix.io?priority=41" "https://nammayatri.cachix.org?priority=42" ]; } diff --git a/nixos/disko/trivial.nix b/nixos/disko/trivial.nix index a7fd981..e3abf4b 100644 --- a/nixos/disko/trivial.nix +++ b/nixos/disko/trivial.nix @@ -4,8 +4,8 @@ disko.devices = { disk = { main = { - # When using disko-install, we will overwrite this value from the commandline - device = "/dev/disk/by-id/some-disk-id"; + # TODO: Don't hardcode (this file is used by multiple systems) + device = "/dev/nvme0n1"; type = "disk"; content = { type = "gpt"; diff --git a/nixos/hedgedoc.nix b/nixos/hedgedoc.nix new file mode 100644 index 0000000..5f80166 --- /dev/null +++ b/nixos/hedgedoc.nix @@ -0,0 +1,37 @@ +let + domain = "pad.srid.ca"; + port = 9112; +in +{ + services.hedgedoc = { + enable = true; + + # GitHub secrets set in colmena (see flake.nix) + environmentFile = "/run/keys/hedgedoc.env"; + + settings = { + # URL config + inherit domain port; + protocolUseSSL = true; + urlAddPort = false; + allowOrigin = [ "localhost" ]; + + # Accept GitHub users only. + # NOTE: Fine-grained access (eg: whitelist of users) not possible until + # HedgeDoc 2.0 + email = false; + allowAnonymous = false; + }; + }; + + services.nginx = { + virtualHosts.${domain} = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString port}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/nixos/self/primary-as-admin.nix b/nixos/self/primary-as-admin.nix index 6338745..47c3fd1 100644 --- a/nixos/self/primary-as-admin.nix +++ b/nixos/self/primary-as-admin.nix @@ -6,7 +6,7 @@ users.users = let people = flake.config.people; - myKeys = people.users.${people.myself}.sshKeys; + myKeys = [ people.users.${people.myself}.sshKey ]; in { root.openssh.authorizedKeys.keys = myKeys; diff --git a/packages/overlay.nix b/packages/overlay.nix index f845e68..53fa3d9 100644 --- a/packages/overlay.nix +++ b/packages/overlay.nix @@ -5,5 +5,27 @@ self: super: { twitter-convert = self.callPackage ./twitter-convert { }; sshuttle-via = self.callPackage ./sshuttle-via.nix { }; nixci = flake.inputs.nixci.packages.${system}.default; - nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; + # nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; + actualism-app = flake.inputs.actualism-app.packages.${system}.default; + + # Use just v1.27.0, until upstream upgrades it. + just = super.just.overrideAttrs (oa: rec { + name = "${oa.pname}-${version}"; + version = "1.27.0"; + src = super.fetchFromGitHub { + owner = "casey"; + repo = oa.pname; + rev = "refs/tags/${version}"; + hash = "sha256-xyiIAw8PGMgYPtnnzSExcOgwG64HqC9TbBMTKQVG97k="; + }; + # Overriding `cargoHash` has no effect; we must override the resultant + # `cargoDeps` and set the hash in its `outputHash` attribute. + cargoDeps = oa.cargoDeps.overrideAttrs (super.lib.const { + name = "${name}-vendor.tar.gz"; + inherit src; + outputHash = "sha256-jMurOCr9On+sudgCzIBrPHF+6jCE/6dj5E106cAL2qw="; + }); + + doCheck = false; + }); } diff --git a/systems/ax41.nix b/systems/ax41.nix new file mode 100644 index 0000000..f55407b --- /dev/null +++ b/systems/ax41.nix @@ -0,0 +1,52 @@ +{ flake, pkgs, lib, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + imports = [ + inputs.disko.nixosModules.disko + self.nixosModules.default + "${self}/nixos/disko/trivial.nix" + "${self}/nixos/nix.nix" + "${self}/nixos/self/primary-as-admin.nix" + "${self}/nixos/docker.nix" + "${self}/nixos/actualism-app.nix" + "${self}/nixos/hedgedoc.nix" + # "${self}/nixos/server/harden/basics.nix" + ]; + + system.stateVersion = "23.11"; + networking.hostName = "immediacy"; + nixpkgs.hostPlatform = "x86_64-linux"; + boot.loader.grub = { + devices = [ "/dev/nvme0n1" ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + hardware.cpu.intel.updateMicrocode = true; + hardware.enableRedistributableFirmware = true; + + # Hetzner networking + networking.useDHCP = false; + networking.interfaces."eth0".ipv4.addresses = [ + { + address = "65.109.84.215"; # your IPv4 here + prefixLength = 24; + } + ]; + networking.interfaces."eth0".ipv6.addresses = [ + { + address = "2a01:4f9:3051:52d3::2"; # Your IPv6 here + prefixLength = 64; + } + ]; + networking.defaultGateway = "65.109.84.193"; + networking.nameservers = [ "8.8.8.8" ]; + + services.openssh.enable = true; + + programs.nix-ld.enable = true; # for vscode server +} diff --git a/systems/github-runner.nix b/systems/github-runner.nix index aaf3255..4b23862 100644 --- a/systems/github-runner.nix +++ b/systems/github-runner.nix @@ -1,4 +1,4 @@ -{ flake, pkgs, lib, ... }: +{ flake, ... }: let inherit (flake) inputs; @@ -10,6 +10,7 @@ in "${self}/nixos/disko/trivial.nix" "${self}/nixos/parallels-vm.nix" "${self}/nixos/nix.nix" + "${self}/nixos/current-location.nix" "${self}/nixos/self/primary-as-admin.nix" "${self}/nixos/server/harden/basics.nix" "${self}/clusters/github-runner/nixos-module.nix" diff --git a/users/config.nix b/users/config.nix index e70daa5..b58c3fc 100644 --- a/users/config.nix +++ b/users/config.nix @@ -4,12 +4,9 @@ srid = { name = "Sridhar Ratnakumar"; email = "srid@srid.ca"; - sshKeys = [ - # Legacy - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" - # New - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd" - ]; + # Legacy + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd"; }; }; } diff --git a/users/default.nix b/users/default.nix index 96466ae..25bfe22 100644 --- a/users/default.nix +++ b/users/default.nix @@ -8,10 +8,10 @@ let email = lib.mkOption { type = lib.types.str; }; - sshKeys = lib.mkOption { - type = lib.types.listOf lib.types.str; + sshKey = lib.mkOption { + type = lib.types.str; description = '' - SSH public keys + SSH public key ''; }; };