From 57baba5d2be5fe26010b90d0a16a018076a2de9a Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 29 Mar 2024 12:33:50 -0400 Subject: [PATCH 01/56] ci: add back emanote --- clusters/github-runner/repos.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/clusters/github-runner/repos.nix b/clusters/github-runner/repos.nix index 52f63db..13b43ee 100644 --- a/clusters/github-runner/repos.nix +++ b/clusters/github-runner/repos.nix @@ -6,5 +6,6 @@ nixos-config.num = 2; nixos-flake.num = 2 * 5; perpetuum.num = 2; + emanote.num = 2; }; } From 6c1a454e21ab44870d4ebae377e7ebed334e2818 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Tue, 2 Apr 2024 17:43:37 +1100 Subject: [PATCH 02/56] just: add gr-animate re-animates the suspended VM --- justfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/justfile b/justfile index 1c76443..1fdf273 100644 --- a/justfile +++ b/justfile @@ -5,5 +5,10 @@ fmt: treefmt # Deploy to github-runner VM -github-runner: +gr-deploy: colmena apply --build-on-target + +# Re-animate the VM that was suspended until now. +gr-animate: + colmena upload-keys + ssh -t github-runner "sudo systemctl start github-runner-*" From 8ca537fdd154070b7b1fd07fefdab9731609ab54 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar <3998+srid@users.noreply.github.com> Date: Tue, 2 Apr 2024 02:50:57 -0400 Subject: [PATCH 03/56] ci: --show-trace --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 281c438..a6b07ba 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,4 +14,4 @@ jobs: system: [aarch64-linux, aarch64-darwin] steps: - uses: actions/checkout@v4 - - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" + - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" -- --show-trace From 3b7f981ec70b749651464d3d2a4f1104a97ca70c Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 3 Apr 2024 10:48:00 +1100 Subject: [PATCH 04/56] just: fix gr-animate, try to --- justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/justfile b/justfile index 1fdf273..61871fa 100644 --- a/justfile +++ b/justfile @@ -11,4 +11,4 @@ gr-deploy: # Re-animate the VM that was suspended until now. gr-animate: colmena upload-keys - ssh -t github-runner "sudo systemctl start github-runner-*" + ssh -t github-runner "sudo systemctl restart --all github-runner-*" From 23d4d205ad5699f05c0d8d343adedc4f442f62f4 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 3 Apr 2024 10:52:20 +1100 Subject: [PATCH 05/56] ssh: add immediacy --- home/ssh.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/ssh.nix b/home/ssh.nix index 8693b3b..d774ee9 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -13,6 +13,10 @@ user = "admin"; forwardAgent = true; }; + immediacy = { + hostname = "65.109.84.215"; + forwardAgent = true; + }; # To clone Juspay repos. # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host "bitbucket.org" = { From aa590e0ada90bf5002d5ddd71a02a162776e5cec Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 3 Apr 2024 16:52:10 +1100 Subject: [PATCH 06/56] refactor: reindent --- flake.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index b32aa4b..d45d83a 100644 --- a/flake.nix +++ b/flake.nix @@ -52,14 +52,20 @@ [ "op" "read" "op://Personal/nixos-config/${field}" ]; in { - github-runner = { - targetHost = "github-runner"; - targetUser = "srid"; - keys."github-runner-token.secret" = { + github-runner = + let user = "github-runner"; - keyCommand = read1Password "github-runner-token"; + in + { + targetHost = "github-runner"; + targetUser = "srid"; + keys = { + "github-runner-token.secret" = { + inherit user; + keyCommand = read1Password "github-runner-token"; + }; + }; }; - }; }; flake = { From a31cdb76f6fb40c4e817603fc4bbf9f60e1f8f86 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 3 Apr 2024 17:25:07 +1100 Subject: [PATCH 07/56] gr: note about api rate limit cf. https://github.com/NixOS/nix/issues/4653 --- clusters/github-runner/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/clusters/github-runner/README.md b/clusters/github-runner/README.md index 1bc43b6..ed20ba4 100644 --- a/clusters/github-runner/README.md +++ b/clusters/github-runner/README.md @@ -13,6 +13,10 @@ While we could use the `nix-darwin` module for Github Runners, we do it the othe - The Linux VM's `/etc/ssh/ssh_host_ed25519_key` is used to authorize itself to connect to the Mac. - The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can. +## Known Issues + +- GitHub token must be provided to avoid the "API rate limit exceeded" error (which can happen if you do all this on your laptop and work around the world). See https://github.com/srid/nixos-config/issues/54 + ## Usage - `/systems/darwin.nix` (macOS config) From 588804857c7bf79cbd23146e6c0b4d7cdba49ec2 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 3 Apr 2024 18:16:54 +1100 Subject: [PATCH 08/56] gh: add github token to linux builder But we can't use it in nix.conf due to https://github.com/NixOS/nix/issues/6536 --- clusters/github-runner/nixos-module.nix | 5 +++++ flake.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/clusters/github-runner/nixos-module.nix b/clusters/github-runner/nixos-module.nix index 6af80a4..9bb6e2f 100644 --- a/clusters/github-runner/nixos-module.nix +++ b/clusters/github-runner/nixos-module.nix @@ -39,6 +39,11 @@ in users.groups.${group} = { }; nix.settings.trusted-users = [ user ]; + # No way to do this: https://github.com/NixOS/nix/issues/6536 + #nix.extraOptions = '' + # !include /run/keys/nix-conf-gh-token.secret + #''; + # Runners services.github-runners = mkPersonalRunners "srid" repos.srid; diff --git a/flake.nix b/flake.nix index d45d83a..9096c2b 100644 --- a/flake.nix +++ b/flake.nix @@ -64,6 +64,11 @@ inherit user; keyCommand = read1Password "github-runner-token"; }; + "nix-conf-gh-token.secret" = { + user = "root"; + permissions = "0440"; + keyCommand = read1Password "nix-conf-gh-token"; + }; }; }; }; From b7f8b9916228fc8557c432118acb9dc02145ef64 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Tue, 2 Apr 2024 20:07:16 -0400 Subject: [PATCH 09/56] remove nix-browser (storage missing ) --- flake.lock | 332 ++++++------------------------------------- flake.nix | 1 - packages/overlay.nix | 2 +- 3 files changed, 42 insertions(+), 293 deletions(-) diff --git a/flake.lock b/flake.lock index b8f8973..b36cd71 100644 --- a/flake.lock +++ b/flake.lock @@ -15,21 +15,6 @@ "type": "github" } }, - "cargo-doc-live_2": { - "locked": { - "lastModified": 1692743000, - "narHash": "sha256-7lxG/r72hECceIir+Y+N3vM0f7FcudZD5cq+KhZj4MI=", - "owner": "srid", - "repo": "cargo-doc-live", - "rev": "575b9d0733cac0448219d7bc5746ebd594baedb5", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "cargo-doc-live", - "type": "github" - } - }, "colmena-flake": { "locked": { "lastModified": 1711493191, @@ -46,35 +31,14 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "nix-browser", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1701305027, - "narHash": "sha256-/LUYOjcPn5vam8DJjHBpGGKfGMSDp1P1wUW1Ca4h3yQ=", - "owner": "ipetkov", - "repo": "crane", - "rev": "c53a8c071dc59430bc54b3ad0b58d96252a07ab8", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixci", "nixpkgs" ], - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay" }, "locked": { "lastModified": 1693787605, @@ -108,7 +72,7 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixvim", "nixpkgs" @@ -128,22 +92,6 @@ "type": "github" } }, - "dioxus-desktop-template": { - "flake": false, - "locked": { - "lastModified": 1701368080, - "narHash": "sha256-mdfaOnccAl3uudxMIEqCSPr5DIOZjnsMaD0dNsd8Am4=", - "owner": "srid", - "repo": "dioxus-desktop-template", - "rev": "3054d7e74e46c97ee7cee4c42ec025fc284faaf6", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "dioxus-desktop-template", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -232,24 +180,6 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, - "locked": { - "lastModified": 1698882062, - "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" - }, "locked": { "lastModified": 1688466019, "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", @@ -264,7 +194,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -290,11 +220,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -305,14 +235,14 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -341,25 +271,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_7" + "systems": "systems_5" }, "locked": { "lastModified": 1701680307, @@ -375,9 +287,9 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_5": { "inputs": { - "systems": "systems_8" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -456,32 +368,6 @@ "type": "github" } }, - "nix-browser": { - "inputs": { - "cargo-doc-live": "cargo-doc-live", - "crane": "crane", - "dioxus-desktop-template": "dioxus-desktop-template", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs", - "process-compose-flake": "process-compose-flake", - "rust-overlay": "rust-overlay", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1707643180, - "narHash": "sha256-8s9/OeqqeqbmUb8dwW4Viye795Zyms6E+24Ihw7cz4Q=", - "owner": "juspay", - "repo": "nix-browser", - "rev": "d7d33d764d7f0829cbd2160431e091d09a7b0700", - "type": "github" - }, - "original": { - "owner": "juspay", - "repo": "nix-browser", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -545,15 +431,15 @@ }, "nixci": { "inputs": { - "cargo-doc-live": "cargo-doc-live_2", - "crane": "crane_2", + "cargo-doc-live": "cargo-doc-live", + "crane": "crane", "devour-flake": "devour-flake", - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_3", - "process-compose-flake": "process-compose-flake_2", - "rust-overlay": "rust-overlay_3", - "systems": "systems_5", - "treefmt-nix": "treefmt-nix_2" + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs", + "process-compose-flake": "process-compose-flake", + "rust-overlay": "rust-overlay_2", + "systems": "systems_3", + "treefmt-nix": "treefmt-nix" }, "locked": { "lastModified": 1711384311, @@ -601,8 +487,8 @@ }, "nixos-vscode-server": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_6" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1684517665, @@ -620,16 +506,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701237617, - "narHash": "sha256-Ryd8xpNDY9MJnBFDYhB37XSFIxCPVVVXAbInNPa95vs=", + "lastModified": 1688590700, + "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85306ef2470ba705c97ce72741d56e42d0264015", + "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -653,24 +539,6 @@ } }, "nixpkgs-lib_2": { - "locked": { - "dir": "lib", - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib_3": { "locked": { "dir": "lib", "lastModified": 1688049487, @@ -705,38 +573,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1688590700, - "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1681358109, - "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -752,7 +588,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1682526928, "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", @@ -765,7 +601,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1711333969, "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", @@ -781,7 +617,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -801,7 +637,7 @@ "inputs": { "devshell": "devshell", "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin_2", "nixpkgs": [ @@ -826,7 +662,7 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -852,21 +688,6 @@ } }, "process-compose-flake": { - "locked": { - "lastModified": 1701368682, - "narHash": "sha256-YkZbzfOkv68YOX4fK6VQvNHpysyZ/x3gePL3wbo8giA=", - "owner": "Platonic-Systems", - "repo": "process-compose-flake", - "rev": "8edcd4de7c631eac2ce5f8e2a0782e0ca606da9b", - "type": "github" - }, - "original": { - "owner": "Platonic-Systems", - "repo": "process-compose-flake", - "type": "github" - } - }, - "process-compose-flake_2": { "locked": { "lastModified": 1693927910, "narHash": "sha256-qPKHnWWzHS2bAi/SsFePQkGFeC2E1jklUjEidfQwYLc=", @@ -887,38 +708,18 @@ "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager", - "nix-browser": "nix-browser", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixci": "nixci", "nixos-flake": "nixos-flake", "nixos-hardware": "nixos-hardware", "nixos-vscode-server": "nixos-vscode-server", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_5", "nixvim": "nixvim", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_2" } }, "rust-overlay": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1701310566, - "narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { "inputs": { "flake-utils": [ "nixci", @@ -945,10 +746,10 @@ "type": "github" } }, - "rust-overlay_3": { + "rust-overlay_2": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1694052649, @@ -1054,60 +855,9 @@ "type": "github" } }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { - "nixpkgs": [ - "nix-browser", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1688026376, @@ -1123,9 +873,9 @@ "type": "github" } }, - "treefmt-nix_3": { + "treefmt-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1689243103, diff --git a/flake.nix b/flake.nix index 9096c2b..764ab01 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,6 @@ nixos-vscode-server.flake = false; nixos-vscode-server.url = "github:nix-community/nixos-vscode-server"; nixci.url = "github:srid/nixci"; - nix-browser.url = "github:juspay/nix-browser"; nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/packages/overlay.nix b/packages/overlay.nix index f845e68..909ec50 100644 --- a/packages/overlay.nix +++ b/packages/overlay.nix @@ -5,5 +5,5 @@ self: super: { twitter-convert = self.callPackage ./twitter-convert { }; sshuttle-via = self.callPackage ./sshuttle-via.nix { }; nixci = flake.inputs.nixci.packages.${system}.default; - nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; + # nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; } From 1eec29e99c155dbf0de2b0cdd482e2fb63b7bae6 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar <3998+srid@users.noreply.github.com> Date: Wed, 3 Apr 2024 03:23:26 -0400 Subject: [PATCH 10/56] Setup ax41 dedicated server (2024) (#53) --- flake.nix | 5 +++++ nixos/disko/trivial.nix | 4 ++-- systems/ax41.nix | 48 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 systems/ax41.nix diff --git a/flake.nix b/flake.nix index 764ab01..cca8e4d 100644 --- a/flake.nix +++ b/flake.nix @@ -82,6 +82,11 @@ nixosConfigurations.github-runner = self.nixos-flake.lib.mkLinuxSystem ./systems/github-runner.nix; + + # Hetzner dedicated + nixosConfigurations.immediacy = + self.nixos-flake.lib.mkLinuxSystem + ./systems/ax41.nix; }; perSystem = { self', pkgs, lib, config, ... }: { diff --git a/nixos/disko/trivial.nix b/nixos/disko/trivial.nix index a7fd981..e3abf4b 100644 --- a/nixos/disko/trivial.nix +++ b/nixos/disko/trivial.nix @@ -4,8 +4,8 @@ disko.devices = { disk = { main = { - # When using disko-install, we will overwrite this value from the commandline - device = "/dev/disk/by-id/some-disk-id"; + # TODO: Don't hardcode (this file is used by multiple systems) + device = "/dev/nvme0n1"; type = "disk"; content = { type = "gpt"; diff --git a/systems/ax41.nix b/systems/ax41.nix new file mode 100644 index 0000000..24d92b5 --- /dev/null +++ b/systems/ax41.nix @@ -0,0 +1,48 @@ +{ flake, pkgs, lib, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + imports = [ + inputs.disko.nixosModules.disko + self.nixosModules.default + "${self}/nixos/disko/trivial.nix" + "${self}/nixos/nix.nix" + "${self}/nixos/self/primary-as-admin.nix" + # "${self}/nixos/server/harden/basics.nix" + ]; + + system.stateVersion = "23.11"; + networking.hostName = "immediacy"; + nixpkgs.hostPlatform = "x86_64-linux"; + boot.loader.grub = { + devices = [ "/dev/nvme0n1" ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + hardware.cpu.intel.updateMicrocode = true; + hardware.enableRedistributableFirmware = true; + + # Hetzner networking + networking.useDHCP = false; + networking.interfaces."eth0".ipv4.addresses = [ + { + address = "65.109.84.215"; # your IPv4 here + prefixLength = 24; + } + ]; + networking.interfaces."eth0".ipv6.addresses = [ + { + address = "2a01:4f9:3051:52d3::2"; # Your IPv6 here + prefixLength = 64; + } + ]; + networking.defaultGateway = "65.109.84.193"; + networking.nameservers = [ "8.8.8.8" ]; + + + services.openssh.enable = true; +} From 1b479ace35eb899dcf6f6407895591b176074a48 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 5 Apr 2024 12:42:19 +1100 Subject: [PATCH 11/56] add git-filter-repo --- home/git.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/home/git.nix b/home/git.nix index bfdf87b..34c0c86 100644 --- a/home/git.nix +++ b/home/git.nix @@ -1,6 +1,9 @@ { pkgs, config, flake, ... }: { - home.packages = [ pkgs.git-lfs ]; + home.packages = with pkgs; [ + git-lfs + git-filter-repo + ]; programs.git = { package = pkgs.gitAndTools.gitFull; From 815ade49b0b82d6f75276aa302a43a37ca26514d Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 5 Apr 2024 12:42:22 +1100 Subject: [PATCH 12/56] remove garnix (slow cache) --- nixos/caches/oss.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/caches/oss.nix b/nixos/caches/oss.nix index 1e35eb7..b5adc66 100644 --- a/nixos/caches/oss.nix +++ b/nixos/caches/oss.nix @@ -2,11 +2,11 @@ nix.settings.trusted-public-keys = [ #"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nammayatri.cachix.org-1:PiVlgB8hKyYwVtCAGpzTh2z9RsFPhIES6UKs0YB662I=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + # "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; nix.settings.substituters = [ #"https://nix-community.cachix.org" - "https://cache.garnix.io?priority=41" + # "https://cache.garnix.io?priority=41" "https://nammayatri.cachix.org?priority=42" ]; } From 57561edf039928aff48fa6a23804b9fb41af4dde Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 7 Apr 2024 19:19:10 +1000 Subject: [PATCH 13/56] Update nixci --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b36cd71..2a208fa 100644 --- a/flake.lock +++ b/flake.lock @@ -442,11 +442,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1711384311, - "narHash": "sha256-WcfkvK0XcnthRYUoyU8iRmisxBl3faRrc/v1KCsnXS4=", + "lastModified": 1712481419, + "narHash": "sha256-RnP5L2pNPKxEJL5dg1KN34hJosW9GMW4NFqYIpjRDfA=", "owner": "srid", "repo": "nixci", - "rev": "594b5a770e0e70efbb4f93a727849fc303116787", + "rev": "ff935409fede5f22b8d651d5dfd1d1b8b9729511", "type": "github" }, "original": { From 3e013371783b208d8dc031182754a03109e73470 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 14 Apr 2024 07:31:41 +1000 Subject: [PATCH 14/56] nix: Update inputs --- flake.lock | 54 ++++++++++++++++++++++++------------------------- home/neovim.nix | 6 +++--- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 2a208fa..b794ffe 100644 --- a/flake.lock +++ b/flake.lock @@ -202,11 +202,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -334,11 +334,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1712989663, + "narHash": "sha256-r2X/DIAyKOLiHoncjcxUk1TENWDTTaigRBaY53Cts/w=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0", "type": "github" }, "original": { @@ -355,11 +355,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1712645849, + "narHash": "sha256-67v20E0gH7nvAaMsah2oRIocnxGO25fATUyzQHIywxQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "40a99619da804a78a0b166e5c6911108c059c3a8", "type": "github" }, "original": { @@ -375,11 +375,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1711763326, + "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083", "type": "github" }, "original": { @@ -396,11 +396,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1711763326, + "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083", "type": "github" }, "original": { @@ -416,11 +416,11 @@ ] }, "locked": { - "lastModified": 1711249705, - "narHash": "sha256-h/NQECj6mIzF4XR6AQoSpkCnwqAM+ol4+qOdYi2ykmQ=", + "lastModified": 1712459390, + "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "34519f3bb678a5abbddf7b200ac5347263ee781b", + "rev": "4676d72d872459e1e3a248d049609f110c570e9a", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1711333969, - "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", + "lastModified": 1712791164, + "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57e6b3a9e4ebec5aa121188301f04a6b8c354c9b", + "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5", "type": "github" }, "original": { @@ -646,11 +646,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1711456788, - "narHash": "sha256-Aj9dEP/J/my+WWUlw5JRAjYFZJVOZ08jxYXgNHtbb8E=", + "lastModified": 1712999311, + "narHash": "sha256-yOfnojxAsP7N1RwKqIc2b2GI6IJNj9hixDBq3R3KuHo=", "owner": "nix-community", "repo": "nixvim", - "rev": "b8b0c1d58f3259dd0236a5844897aeec3b36b73d", + "rev": "ad046c976d0a52512f75cae6154c39dac84dbc65", "type": "github" }, "original": { @@ -674,11 +674,11 @@ ] }, "locked": { - "lastModified": 1710923068, - "narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=", + "lastModified": 1712579741, + "narHash": "sha256-igpsH+pa6yFwYOdah3cFciCk8gw+ytniG9quf5f/q84=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "e611897ddfdde3ed3eaac4758635d7177ff78673", + "rev": "70f504012f0a132ac33e56988e1028d88a48855c", "type": "github" }, "original": { diff --git a/home/neovim.nix b/home/neovim.nix index 213c28a..fbc5236 100644 --- a/home/neovim.nix +++ b/home/neovim.nix @@ -6,7 +6,7 @@ colorschemes.tokyonight.enable = true; # Settings - options = { + opts = { expandtab = true; shiftwidth = 2; smartindent = true; @@ -42,7 +42,7 @@ }; telescope = { enable = true; - keymaps = { + settings.keymaps = { "ff" = { desc = "file finder"; action = "find_files"; @@ -53,7 +53,7 @@ }; }; extensions = { - file_browser.enable = true; + file-browser.enable = true; }; }; From e015d97903da524770d390bf1b12c577751ac16b Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 19 Apr 2024 13:01:05 +1000 Subject: [PATCH 15/56] nix: Update inputs --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index b794ffe..3a60145 100644 --- a/flake.lock +++ b/flake.lock @@ -334,11 +334,11 @@ ] }, "locked": { - "lastModified": 1712989663, - "narHash": "sha256-r2X/DIAyKOLiHoncjcxUk1TENWDTTaigRBaY53Cts/w=", + "lastModified": 1713479280, + "narHash": "sha256-e8+ZgayVccw6h8ay15jM9hXh+sjZDc1XdBGLn3pdYdc=", "owner": "nix-community", "repo": "home-manager", - "rev": "40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0", + "rev": "ff1c3646541316258b1ca64e9b25d4c9cca8e587", "type": "github" }, "original": { @@ -355,11 +355,11 @@ ] }, "locked": { - "lastModified": 1712645849, - "narHash": "sha256-67v20E0gH7nvAaMsah2oRIocnxGO25fATUyzQHIywxQ=", + "lastModified": 1712989663, + "narHash": "sha256-r2X/DIAyKOLiHoncjcxUk1TENWDTTaigRBaY53Cts/w=", "owner": "nix-community", "repo": "home-manager", - "rev": "40a99619da804a78a0b166e5c6911108c059c3a8", + "rev": "40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0", "type": "github" }, "original": { @@ -375,11 +375,11 @@ ] }, "locked": { - "lastModified": 1711763326, - "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=", + "lastModified": 1713492181, + "narHash": "sha256-lMcHk5sy4SBrAiDIPTVaR7kThPTbRdGfLa6Knzr+/VQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083", + "rev": "99b3f9a1f5d2604d542f367d38001dfa40eea7b9", "type": "github" }, "original": { @@ -416,11 +416,11 @@ ] }, "locked": { - "lastModified": 1712459390, - "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=", + "lastModified": 1713067146, + "narHash": "sha256-9D20xjblGKEVRVCnM3qWhiizEa9i6OpK6xQJajwcwOQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "4676d72d872459e1e3a248d049609f110c570e9a", + "rev": "93aed67288be60c9ef6133ba2f8de128f4ef265c", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1712791164, - "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=", + "lastModified": 1713297878, + "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5", + "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", "type": "github" }, "original": { @@ -646,11 +646,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1712999311, - "narHash": "sha256-yOfnojxAsP7N1RwKqIc2b2GI6IJNj9hixDBq3R3KuHo=", + "lastModified": 1713294906, + "narHash": "sha256-xJJZdCBzVFpVppaYyUK4lTTNOnbAxrjhodoJL3Oi91E=", "owner": "nix-community", "repo": "nixvim", - "rev": "ad046c976d0a52512f75cae6154c39dac84dbc65", + "rev": "514a51877df9fe41ffc38c5237e3c4e5327e7607", "type": "github" }, "original": { @@ -674,11 +674,11 @@ ] }, "locked": { - "lastModified": 1712579741, - "narHash": "sha256-igpsH+pa6yFwYOdah3cFciCk8gw+ytniG9quf5f/q84=", + "lastModified": 1712897695, + "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "70f504012f0a132ac33e56988e1028d88a48855c", + "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8", "type": "github" }, "original": { From d9a3687d8193fb1eed19c6b8c919a2e8b8408434 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 24 Apr 2024 18:38:23 +1000 Subject: [PATCH 16/56] nix: Update nixpkgs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3a60145..f1b19bc 100644 --- a/flake.lock +++ b/flake.lock @@ -603,11 +603,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "type": "github" }, "original": { From c37f8e6f2753e43a7cddaec649678a79b910d1bf Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 28 Apr 2024 20:49:21 -0400 Subject: [PATCH 17/56] nix: Update inputs --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f1b19bc..dcc5666 100644 --- a/flake.lock +++ b/flake.lock @@ -79,11 +79,11 @@ ] }, "locked": { - "lastModified": 1711099426, - "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "lastModified": 1713532798, + "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", "owner": "numtide", "repo": "devshell", - "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", "type": "github" }, "original": { @@ -334,11 +334,11 @@ ] }, "locked": { - "lastModified": 1713479280, - "narHash": "sha256-e8+ZgayVccw6h8ay15jM9hXh+sjZDc1XdBGLn3pdYdc=", + "lastModified": 1714343445, + "narHash": "sha256-OzD1P0o46uD3Ix4ZI/g9z3YAeg+4g+W3qctB6bNOReo=", "owner": "nix-community", "repo": "home-manager", - "rev": "ff1c3646541316258b1ca64e9b25d4c9cca8e587", + "rev": "9fe79591c1005ce6f93084ae7f7dab0a2891440d", "type": "github" }, "original": { @@ -355,11 +355,11 @@ ] }, "locked": { - "lastModified": 1712989663, - "narHash": "sha256-r2X/DIAyKOLiHoncjcxUk1TENWDTTaigRBaY53Cts/w=", + "lastModified": 1713992342, + "narHash": "sha256-bW7K4WPo6jhYMo4ZUGoJfog6xJV0XZh8adXqZKunRoc=", "owner": "nix-community", "repo": "home-manager", - "rev": "40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0", + "rev": "2f072c127c041eec36621b8e38a531fe0fe07961", "type": "github" }, "original": { @@ -375,11 +375,11 @@ ] }, "locked": { - "lastModified": 1713492181, - "narHash": "sha256-lMcHk5sy4SBrAiDIPTVaR7kThPTbRdGfLa6Knzr+/VQ=", + "lastModified": 1713946171, + "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "99b3f9a1f5d2604d542f367d38001dfa40eea7b9", + "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7", "type": "github" }, "original": { @@ -396,11 +396,11 @@ ] }, "locked": { - "lastModified": 1711763326, - "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=", + "lastModified": 1713946171, + "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083", + "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7", "type": "github" }, "original": { @@ -416,11 +416,11 @@ ] }, "locked": { - "lastModified": 1713067146, - "narHash": "sha256-9D20xjblGKEVRVCnM3qWhiizEa9i6OpK6xQJajwcwOQ=", + "lastModified": 1714273701, + "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "93aed67288be60c9ef6133ba2f8de128f4ef265c", + "rev": "941c4973c824509e0356be455d89613611f76c8a", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1714253743, + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "type": "github" }, "original": { @@ -646,11 +646,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1713294906, - "narHash": "sha256-xJJZdCBzVFpVppaYyUK4lTTNOnbAxrjhodoJL3Oi91E=", + "lastModified": 1714319855, + "narHash": "sha256-xiHu7LVWEo7eixVPDEnmxntye/zQcsZjRlyhCQ2yNL4=", "owner": "nix-community", "repo": "nixvim", - "rev": "514a51877df9fe41ffc38c5237e3c4e5327e7607", + "rev": "e2e7258267ba4ec81bd6503e968b6cf52cbd3f2a", "type": "github" }, "original": { @@ -674,11 +674,11 @@ ] }, "locked": { - "lastModified": 1712897695, - "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=", + "lastModified": 1713954846, + "narHash": "sha256-RWFafuSb5nkWGu8dDbW7gVb8FOQOPqmX/9MlxUUDguw=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8", + "rev": "6fb82e44254d6a0ece014ec423cb62d92435336f", "type": "github" }, "original": { From 5d572dd44a92f2209df997724c99c7731992d5c4 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 28 Apr 2024 20:49:27 -0400 Subject: [PATCH 18/56] Need nix-ld for vscode --- systems/ax41.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systems/ax41.nix b/systems/ax41.nix index 24d92b5..d8003c3 100644 --- a/systems/ax41.nix +++ b/systems/ax41.nix @@ -43,6 +43,7 @@ in networking.defaultGateway = "65.109.84.193"; networking.nameservers = [ "8.8.8.8" ]; - services.openssh.enable = true; + + programs.nix-ld.enable = true; # for vscode server } From 6237d27e1cbe98847509ab41c285d389788de28f Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 28 Apr 2024 21:09:45 -0400 Subject: [PATCH 19/56] rm nil --- home/terminal.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/terminal.nix b/home/terminal.nix index 22ebeb0..91ef805 100644 --- a/home/terminal.nix +++ b/home/terminal.nix @@ -13,7 +13,6 @@ # Useful for Nix development nixci nix-health - nil nixpkgs-fmt just From 55ad0a320a56c1a99c2e76ce0701190d1983b4a0 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 12 May 2024 20:28:37 -0400 Subject: [PATCH 20/56] ax41: add docker --- systems/ax41.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/ax41.nix b/systems/ax41.nix index d8003c3..c9cf0c1 100644 --- a/systems/ax41.nix +++ b/systems/ax41.nix @@ -11,6 +11,7 @@ in "${self}/nixos/disko/trivial.nix" "${self}/nixos/nix.nix" "${self}/nixos/self/primary-as-admin.nix" + "${self}/nixos/docker.nix" # "${self}/nixos/server/harden/basics.nix" ]; From 88c6fa28f687eb074c7bca2256d00128127b3537 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar <3998+srid@users.noreply.github.com> Date: Mon, 13 May 2024 01:05:18 -0400 Subject: [PATCH 21/56] add actualism-app server (#55) --- flake.lock | 344 ++++++++++++++++++++++++++++++++++------ flake.nix | 1 + nixos/actualism-app.nix | 49 ++++++ packages/overlay.nix | 1 + systems/ax41.nix | 1 + 5 files changed, 350 insertions(+), 46 deletions(-) create mode 100644 nixos/actualism-app.nix diff --git a/flake.lock b/flake.lock index dcc5666..6e53745 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,45 @@ { "nodes": { + "actualism-app": { + "inputs": { + "cargo-doc-live": "cargo-doc-live", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "process-compose-flake": "process-compose-flake", + "rust-flake": "rust-flake", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1715572711, + "narHash": "sha256-CPZrSwbZBasURURCzoWHb0XCK1dYEmomT8HamOoQ1A8=", + "owner": "srid", + "repo": "actualism-app", + "rev": "62897d3bb3340d0952489195fd8f1f31b12c9c8c", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "actualism-app", + "type": "github" + } + }, "cargo-doc-live": { + "locked": { + "lastModified": 1713493311, + "narHash": "sha256-fxbzPNIv0o/Y0OEo0r6iAm4Dft1pX08CKtzBl+RKgrE=", + "owner": "srid", + "repo": "cargo-doc-live", + "rev": "b7058f7b4eb131c569a1fcebf966a1149defd7e3", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "cargo-doc-live", + "type": "github" + } + }, + "cargo-doc-live_2": { "locked": { "lastModified": 1692743000, "narHash": "sha256-7lxG/r72hECceIir+Y+N3vM0f7FcudZD5cq+KhZj4MI=", @@ -31,14 +70,37 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "actualism-app", + "rust-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1707685877, + "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", + "owner": "ipetkov", + "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", + "type": "github" + } + }, + "crane_2": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixci", "nixpkgs" ], - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1693787605, @@ -72,7 +134,7 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixvim", "nixpkgs" @@ -162,6 +224,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, + "locked": { + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, "locked": { "lastModified": 1698579227, "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", @@ -176,9 +256,9 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1688466019, @@ -194,7 +274,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -220,11 +300,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -235,14 +315,14 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -271,7 +351,25 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_7" }, "locked": { "lastModified": 1701680307, @@ -287,9 +385,9 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_6": { "inputs": { - "systems": "systems_6" + "systems": "systems_8" }, "locked": { "lastModified": 1710146030, @@ -431,15 +529,15 @@ }, "nixci": { "inputs": { - "cargo-doc-live": "cargo-doc-live", - "crane": "crane", + "cargo-doc-live": "cargo-doc-live_2", + "crane": "crane_2", "devour-flake": "devour-flake", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs", - "process-compose-flake": "process-compose-flake", - "rust-overlay": "rust-overlay_2", - "systems": "systems_3", - "treefmt-nix": "treefmt-nix" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_3", + "process-compose-flake": "process-compose-flake_2", + "rust-overlay": "rust-overlay_3", + "systems": "systems_5", + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1712481419, @@ -487,8 +585,8 @@ }, "nixos-vscode-server": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1684517665, @@ -506,21 +604,33 @@ }, "nixpkgs": { "locked": { - "lastModified": 1688590700, - "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", + "lastModified": 1715282013, + "narHash": "sha256-GtwK9hQMbN+FxSD2eTioBOi2P47+t3oqnY4ZGJl53+k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", + "rev": "cc6431d5598071f0021efc6c009c79e5b5fe1617", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" + } + }, + "nixpkgs-lib_2": { "locked": { "dir": "lib", "lastModified": 1696019113, @@ -538,7 +648,7 @@ "type": "github" } }, - "nixpkgs-lib_2": { + "nixpkgs-lib_3": { "locked": { "dir": "lib", "lastModified": 1688049487, @@ -557,6 +667,38 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1706487304, + "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1688590700, + "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1681358109, "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", @@ -572,7 +714,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_5": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -588,7 +730,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_6": { "locked": { "lastModified": 1682526928, "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", @@ -601,7 +743,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_7": { "locked": { "lastModified": 1714253743, "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", @@ -617,7 +759,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_8": { "locked": { "lastModified": 1680945546, "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", @@ -637,7 +779,7 @@ "inputs": { "devshell": "devshell", "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin_2", "nixpkgs": [ @@ -662,7 +804,7 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -688,6 +830,21 @@ } }, "process-compose-flake": { + "locked": { + "lastModified": 1715063745, + "narHash": "sha256-kO8gcRHfuKIlsGmFoHUF4lD3CfrRBymIlG2R3OHBEjQ=", + "owner": "Platonic-Systems", + "repo": "process-compose-flake", + "rev": "32c069e7ef436b4325ee36503cd02b2863eede53", + "type": "github" + }, + "original": { + "owner": "Platonic-Systems", + "repo": "process-compose-flake", + "type": "github" + } + }, + "process-compose-flake_2": { "locked": { "lastModified": 1693927910, "narHash": "sha256-qPKHnWWzHS2bAi/SsFePQkGFeC2E1jklUjEidfQwYLc=", @@ -704,9 +861,10 @@ }, "root": { "inputs": { + "actualism-app": "actualism-app", "colmena-flake": "colmena-flake", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", @@ -714,12 +872,55 @@ "nixos-flake": "nixos-flake", "nixos-hardware": "nixos-hardware", "nixos-vscode-server": "nixos-vscode-server", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix_3" + } + }, + "rust-flake": { + "inputs": { + "crane": "crane", + "nixpkgs": [ + "actualism-app", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1715570778, + "narHash": "sha256-PlWsDmfLHmhrvf2y7rBJP9wKlgMKm4iIP/PX2BdlttI=", + "owner": "juspay", + "repo": "rust-flake", + "rev": "19e41363312bdb34c2b3d6304b84d5d5fccee09d", + "type": "github" + }, + "original": { + "owner": "juspay", + "ref": "extraBuildArgs", + "repo": "rust-flake", + "type": "github" } }, "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1715480255, + "narHash": "sha256-gEZl8nYidQwqJhOigJ91JDjoBFoPEWVsd82AKnaE7Go=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "d690205a4f01ec0930303c4204e5063958e51255", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "flake-utils": [ "nixci", @@ -746,10 +947,10 @@ "type": "github" } }, - "rust-overlay_2": { + "rust-overlay_3": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1694052649, @@ -855,9 +1056,60 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "actualism-app", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1688026376, @@ -873,9 +1125,9 @@ "type": "github" } }, - "treefmt-nix_2": { + "treefmt-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1689243103, diff --git a/flake.nix b/flake.nix index cca8e4d..c141208 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,7 @@ nixci.url = "github:srid/nixci"; nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + actualism-app.url = "github:srid/actualism-app"; # Neovim nixvim.url = "github:nix-community/nixvim"; diff --git a/nixos/actualism-app.nix b/nixos/actualism-app.nix new file mode 100644 index 0000000..7db5738 --- /dev/null +++ b/nixos/actualism-app.nix @@ -0,0 +1,49 @@ +{ flake, pkgs, lib, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + }; + # actualism-app (temp host) + services.nginx = { + enable = true; + virtualHosts."www.actualism.app" = { + enableACME = true; + # addSSL = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "srid@srid.ca"; + }; + systemd.services.actualism-app = { + enable = true; + description = "actualism-app server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = + lib.getExe (pkgs.writeShellApplication { + name = "actualism-app-start"; + text = '' + cd ${pkgs.actualism-app}/ + ${pkgs.actualism-app}/bin/actualism-app + ''; + }); + Restart = "always"; + }; + }; +} diff --git a/packages/overlay.nix b/packages/overlay.nix index 909ec50..3b2971f 100644 --- a/packages/overlay.nix +++ b/packages/overlay.nix @@ -6,4 +6,5 @@ self: super: { sshuttle-via = self.callPackage ./sshuttle-via.nix { }; nixci = flake.inputs.nixci.packages.${system}.default; # nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; + actualism-app = flake.inputs.actualism-app.packages.${system}.default; } diff --git a/systems/ax41.nix b/systems/ax41.nix index c9cf0c1..ea84346 100644 --- a/systems/ax41.nix +++ b/systems/ax41.nix @@ -12,6 +12,7 @@ in "${self}/nixos/nix.nix" "${self}/nixos/self/primary-as-admin.nix" "${self}/nixos/docker.nix" + "${self}/nixos/actualism-app.nix" # "${self}/nixos/server/harden/basics.nix" ]; From 2e7dc80fcacad1816a1c4479b7e0702367409132 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 15 May 2024 22:32:15 -0400 Subject: [PATCH 22/56] chore(git): narrow explanation down --- home/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/git.nix b/home/git.nix index 34c0c86..1260147 100644 --- a/home/git.nix +++ b/home/git.nix @@ -38,7 +38,7 @@ }; }; extraConfig = { - init.defaultBranch = "master"; # https://srid.ca/unwoke + init.defaultBranch = "master"; # Undo breakage due to https://srid.ca/luxury-belief core.editor = "nvim"; #protocol.keybase.allow = "always"; credential.helper = "store --file ~/.git-credentials"; From 43d4c4372c293489387ede6993569d03620f8941 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 15 May 2024 22:39:18 -0400 Subject: [PATCH 23/56] feat(ssh): dedicate work config to separate file --- home/default.nix | 1 + home/juspay.nix | 27 +++++++++++++++++++++++++++ home/ssh.nix | 18 ++---------------- 3 files changed, 30 insertions(+), 16 deletions(-) create mode 100644 home/juspay.nix diff --git a/home/default.nix b/home/default.nix index 7ef13ca..617b007 100644 --- a/home/default.nix +++ b/home/default.nix @@ -21,6 +21,7 @@ # ./nushell.nix ./just.nix # ./powershell.nix + ./juspay.nix ]; }; common-linux = { diff --git a/home/juspay.nix b/home/juspay.nix new file mode 100644 index 0000000..8023079 --- /dev/null +++ b/home/juspay.nix @@ -0,0 +1,27 @@ +# For Juspay work +{ pkgs, lib, ... }: +{ + programs.ssh = { + matchBlocks = { + # Juspay machines (through Tailscale) + vanjaram = { + hostname = "100.83.79.127"; + user = "srid"; + forwardAgent = true; + }; + biryani = { + hostname = "100.97.32.60"; + user = "admin"; + forwardAgent = true; + }; + + # To clone Juspay repos. + # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host + "bitbucket.org" = { + identitiesOnly = true; + identityFile = "~/.ssh/juspay.pub"; + }; + }; + }; +} + diff --git a/home/ssh.nix b/home/ssh.nix index d774ee9..b332248 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -2,27 +2,13 @@ { programs.ssh = { enable = true; + + # Note: More defined in juspay.nix matchBlocks = { - vanjaram = { - hostname = "100.83.79.127"; - user = "srid"; - forwardAgent = true; - }; - biryani = { - hostname = "100.97.32.60"; - user = "admin"; - forwardAgent = true; - }; immediacy = { hostname = "65.109.84.215"; forwardAgent = true; }; - # To clone Juspay repos. - # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host - "bitbucket.org" = { - identitiesOnly = true; - identityFile = "~/.ssh/juspay.pub"; - }; }; }; } From 9ff90613404f4a3f017dfc0ce0bdcbd259ba7af2 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 15 May 2024 22:39:49 -0400 Subject: [PATCH 24/56] chore(just): add 'activate' --- justfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/justfile b/justfile index 61871fa..fac8f13 100644 --- a/justfile +++ b/justfile @@ -1,6 +1,11 @@ default: @just --list +# Activate local configuration +activate: + nix run + +# Format the nix source tree fmt: treefmt From c7d8f9bc2f6fba848a025653ee008e0b12991190 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 15 May 2024 23:14:32 -0400 Subject: [PATCH 25/56] chore(nix): Update flake.lock --- flake.lock | 90 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 6e53745..32d95e4 100644 --- a/flake.lock +++ b/flake.lock @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -295,6 +295,21 @@ "type": "github" } }, + "flake-root": { + "locked": { + "lastModified": 1713493429, + "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", + "owner": "srid", + "repo": "flake-root", + "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "flake-root", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -432,11 +447,11 @@ ] }, "locked": { - "lastModified": 1714343445, - "narHash": "sha256-OzD1P0o46uD3Ix4ZI/g9z3YAeg+4g+W3qctB6bNOReo=", + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", "owner": "nix-community", "repo": "home-manager", - "rev": "9fe79591c1005ce6f93084ae7f7dab0a2891440d", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", "type": "github" }, "original": { @@ -453,11 +468,11 @@ ] }, "locked": { - "lastModified": 1713992342, - "narHash": "sha256-bW7K4WPo6jhYMo4ZUGoJfog6xJV0XZh8adXqZKunRoc=", + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f072c127c041eec36621b8e38a531fe0fe07961", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", "type": "github" }, "original": { @@ -473,11 +488,11 @@ ] }, "locked": { - "lastModified": 1713946171, - "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=", + "lastModified": 1715653378, + "narHash": "sha256-6kbg/PI3+SBP17f4T0js3CBsMLVtlD0JqJhDKgzk1mQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7", + "rev": "de8b0d60d6fd34f35abffc46adc94ebaa6996ce2", "type": "github" }, "original": { @@ -514,11 +529,11 @@ ] }, "locked": { - "lastModified": 1714273701, - "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=", + "lastModified": 1715483403, + "narHash": "sha256-WMDuQj7J5jbpXI/X/E6FZRKgBFGcaSTvYyVxPnKE6KU=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "941c4973c824509e0356be455d89613611f76c8a", + "rev": "f9027322f48b427da23746aa359a6510dfcd0228", "type": "github" }, "original": { @@ -745,11 +760,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1714253743, - "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { @@ -780,19 +795,21 @@ "devshell": "devshell", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_4", + "flake-root": "flake-root", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin_2", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks" + "pre-commit-hooks": "pre-commit-hooks", + "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1714319855, - "narHash": "sha256-xiHu7LVWEo7eixVPDEnmxntye/zQcsZjRlyhCQ2yNL4=", + "lastModified": 1715807613, + "narHash": "sha256-3kL4E0Ff9TCvRNxwINzklupY7dcTpl89jTg0PGfBCJc=", "owner": "nix-community", "repo": "nixvim", - "rev": "e2e7258267ba4ec81bd6503e968b6cf52cbd3f2a", + "rev": "6be28a941b39a7cbe4d34b577bd095548f5d1e15", "type": "github" }, "original": { @@ -816,11 +833,11 @@ ] }, "locked": { - "lastModified": 1713954846, - "narHash": "sha256-RWFafuSb5nkWGu8dDbW7gVb8FOQOPqmX/9MlxUUDguw=", + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "6fb82e44254d6a0ece014ec423cb62d92435336f", + "rev": "2849da033884f54822af194400f8dff435ada242", "type": "github" }, "original": { @@ -874,7 +891,7 @@ "nixos-vscode-server": "nixos-vscode-server", "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" } }, "rust-flake": { @@ -1126,6 +1143,27 @@ } }, "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { "inputs": { "nixpkgs": "nixpkgs_8" }, From f5388e798737d63eae4f88508f57fea0dd0b4192 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 15 May 2024 23:38:52 -0400 Subject: [PATCH 26/56] feat(git): per-folder author email --- home/juspay.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/home/juspay.nix b/home/juspay.nix index 8023079..f60c15b 100644 --- a/home/juspay.nix +++ b/home/juspay.nix @@ -23,5 +23,15 @@ }; }; }; + + programs.git = { + # Bitbucket git access and policies + includes = [{ + condition = "gitdir:~/juspay/**"; + contents = { + user.email = "sridhar.ratnakumar@juspay.in"; + }; + }]; + }; } From 168784ea1f2b2bc33cef2d9d7a002be65c867a8c Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sat, 18 May 2024 23:49:06 -0400 Subject: [PATCH 27/56] ci: add nixci --- clusters/github-runner/repos.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/clusters/github-runner/repos.nix b/clusters/github-runner/repos.nix index 13b43ee..0857b9c 100644 --- a/clusters/github-runner/repos.nix +++ b/clusters/github-runner/repos.nix @@ -7,5 +7,6 @@ nixos-flake.num = 2 * 5; perpetuum.num = 2; emanote.num = 2; + nixci.num = 2; }; } From 1f0c08b48662acc944999c90a51d03e122d0dbc6 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sat, 18 May 2024 23:50:31 -0400 Subject: [PATCH 28/56] add cascadia font --- home/terminal.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/terminal.nix b/home/terminal.nix index 91ef805..db24b7e 100644 --- a/home/terminal.nix +++ b/home/terminal.nix @@ -25,8 +25,13 @@ fuckport sshuttle-via entr + + # Fonts + cascadia-code ]; + fonts.fontconfig.enable = true; + home.shellAliases = { e = "nvim"; ee = "nvim $(fzf)"; From 006b1579dbe16e89444078df4ce71bd9cad8e2a3 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sat, 18 May 2024 23:50:52 -0400 Subject: [PATCH 29/56] Update flake-parts --- flake.lock | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 32d95e4..f9cfdde 100644 --- a/flake.lock +++ b/flake.lock @@ -243,11 +243,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1698579227, - "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f76e870d64779109e41370848074ac4eaa1606ec", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -647,20 +647,14 @@ }, "nixpkgs-lib_2": { "locked": { - "dir": "lib", - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "nixpkgs-lib_3": { From f37a033fc3b14715d82641e7eefc7332388cf8eb Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 19 May 2024 09:47:41 -0400 Subject: [PATCH 30/56] vscode: unused ext --- .vscode/extensions.json | 1 - 1 file changed, 1 deletion(-) diff --git a/.vscode/extensions.json b/.vscode/extensions.json index db6b510..4d6c35e 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -4,7 +4,6 @@ "b4dm4n.nixpkgs-fmt", "jnoortheen.nix-ide", "mattn.lisp", - "thenuprojectcontributors.vscode-nushell-lang", "mkhl.direnv" ] } \ No newline at end of file From f94ed2470663116dce1d9cac5cb6e98ae4d0b983 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 19 May 2024 10:11:14 -0400 Subject: [PATCH 31/56] use colmena to deploy linux machine --- flake.nix | 4 ++++ home/neovim.nix | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index c141208..76f0a9f 100644 --- a/flake.nix +++ b/flake.nix @@ -52,6 +52,10 @@ [ "op" "read" "op://Personal/nixos-config/${field}" ]; in { + immediacy = { + targetHost = "immediacy"; + targetUser = "srid"; + }; github-runner = let user = "github-runner"; diff --git a/home/neovim.nix b/home/neovim.nix index fbc5236..ae6502b 100644 --- a/home/neovim.nix +++ b/home/neovim.nix @@ -1,6 +1,8 @@ +{ pkgs, ... }: + { programs.nixvim = { - enable = true; + enable = pkgs.stdenv.isDarwin; # nixvim uses IFD; so not using it on Linux (breaks colmena apply) # Theme colorschemes.tokyonight.enable = true; From 6053722acfbe22ee3f365dc8418cada74da7f19a Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 19 May 2024 10:12:11 -0400 Subject: [PATCH 32/56] add hedgedoc --- flake.nix | 4 ++++ nixos/hedgedoc.nix | 39 +++++++++++++++++++++++++++++++++++++++ systems/ax41.nix | 1 + 3 files changed, 44 insertions(+) create mode 100644 nixos/hedgedoc.nix diff --git a/flake.nix b/flake.nix index 76f0a9f..00fe592 100644 --- a/flake.nix +++ b/flake.nix @@ -55,6 +55,10 @@ immediacy = { targetHost = "immediacy"; targetUser = "srid"; + keys."hedgedoc.env" = { + user = "hedgedoc"; + keyCommand = read1Password "hedgedoc.env"; + }; }; github-runner = let diff --git a/nixos/hedgedoc.nix b/nixos/hedgedoc.nix new file mode 100644 index 0000000..f97bb07 --- /dev/null +++ b/nixos/hedgedoc.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, ... }: + +let + domain = "pad.srid.ca"; + port = 9112; +in +{ + services.hedgedoc = { + enable = true; + + # GitHub secrets set in colmena (see flake.nix) + environmentFile = "/run/keys/hedgedoc.env"; + + settings = { + # URL config + inherit domain port; + protocolUseSSL = true; + urlAddPort = false; + allowOrigin = [ "localhost" ]; + + # Accept GitHub users only. + # NOTE: Fine-grained access (eg: whitelist of users) not possible until + # HedgeDoc 2.0 + email = false; + allowAnonymous = false; + }; + }; + + services.nginx = { + virtualHosts.${domain} = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString port}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/systems/ax41.nix b/systems/ax41.nix index ea84346..f55407b 100644 --- a/systems/ax41.nix +++ b/systems/ax41.nix @@ -13,6 +13,7 @@ in "${self}/nixos/self/primary-as-admin.nix" "${self}/nixos/docker.nix" "${self}/nixos/actualism-app.nix" + "${self}/nixos/hedgedoc.nix" # "${self}/nixos/server/harden/basics.nix" ]; From 6fca65dd26e657fd315f3609eff1812a6a6f9f6c Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar <3998+srid@users.noreply.github.com> Date: Wed, 22 May 2024 14:07:23 -0400 Subject: [PATCH 33/56] chore(readme): add zulip banner --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d0e42c3..1d59b11 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [![AGPL](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://en.wikipedia.org/wiki/Affero_General_Public_License) -[![project chat](https://img.shields.io/badge/zulip-join_chat-brightgreen.svg)](https://nixos.zulipchat.com/#narrow/stream/413948-nixos) +[![project chat](https://img.shields.io/badge/zulip-join_chat-brightgreen.svg)](https://nixos.zulipchat.com/#narrow/stream/413950-nix) [![Harmeless Code of Conduct](https://img.shields.io/badge/harmless-8A2BE2)](https://srid.ca/coc "This project follows the 'Harmlessness Code of Conduct'") This repository contains the Nix / NixOS configuration for all of my systems. See [nixos-flake](https://community.flake.parts/nixos-flake) if you want to create your own configuration from scratch. From d3205277635121db04e2eeb92e6fe76f7809ed71 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 22 May 2024 14:07:49 -0400 Subject: [PATCH 34/56] Revert "chore(readme): add zulip banner" This reverts commit 6fca65dd26e657fd315f3609eff1812a6a6f9f6c. wrong repo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d59b11..d0e42c3 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [![AGPL](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://en.wikipedia.org/wiki/Affero_General_Public_License) -[![project chat](https://img.shields.io/badge/zulip-join_chat-brightgreen.svg)](https://nixos.zulipchat.com/#narrow/stream/413950-nix) +[![project chat](https://img.shields.io/badge/zulip-join_chat-brightgreen.svg)](https://nixos.zulipchat.com/#narrow/stream/413948-nixos) [![Harmeless Code of Conduct](https://img.shields.io/badge/harmless-8A2BE2)](https://srid.ca/coc "This project follows the 'Harmlessness Code of Conduct'") This repository contains the Nix / NixOS configuration for all of my systems. See [nixos-flake](https://community.flake.parts/nixos-flake) if you want to create your own configuration from scratch. From f1cc2af77a3d11412c2637a4f664f28cb6e7081e Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 24 May 2024 17:35:38 -0400 Subject: [PATCH 35/56] nix: Update inputs --- flake.lock | 100 ++++++++++++++++++----------------------------------- 1 file changed, 33 insertions(+), 67 deletions(-) diff --git a/flake.lock b/flake.lock index f9cfdde..862fd5b 100644 --- a/flake.lock +++ b/flake.lock @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -400,24 +400,6 @@ "type": "github" } }, - "flake-utils_6": { - "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -447,11 +429,11 @@ ] }, "locked": { - "lastModified": 1715486357, - "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "lastModified": 1716457508, + "narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "rev": "850cb322046ef1a268449cf1ceda5fd24d930b05", "type": "github" }, "original": { @@ -468,11 +450,11 @@ ] }, "locked": { - "lastModified": 1715486357, - "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "lastModified": 1716448020, + "narHash": "sha256-u1ddoBOILtLVX4NYzqSZ9Qaqusql1M4reLd1fs554hY=", "owner": "nix-community", "repo": "home-manager", - "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "rev": "25dedb0d52c20448f6a63cc346df1adbd6ef417e", "type": "github" }, "original": { @@ -488,11 +470,11 @@ ] }, "locked": { - "lastModified": 1715653378, - "narHash": "sha256-6kbg/PI3+SBP17f4T0js3CBsMLVtlD0JqJhDKgzk1mQ=", + "lastModified": 1716511055, + "narHash": "sha256-5Fe/DGgvMhPEMl9VdVxv3zvwRcwNDmW5eRJ0gk72w7U=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "de8b0d60d6fd34f35abffc46adc94ebaa6996ce2", + "rev": "0bea8222f6e83247dd13b055d83e64bce02ee532", "type": "github" }, "original": { @@ -509,11 +491,11 @@ ] }, "locked": { - "lastModified": 1713946171, - "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=", + "lastModified": 1716329735, + "narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7", + "rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c", "type": "github" }, "original": { @@ -529,11 +511,11 @@ ] }, "locked": { - "lastModified": 1715483403, - "narHash": "sha256-WMDuQj7J5jbpXI/X/E6FZRKgBFGcaSTvYyVxPnKE6KU=", + "lastModified": 1716170277, + "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "f9027322f48b427da23746aa359a6510dfcd0228", + "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", "type": "github" }, "original": { @@ -570,11 +552,11 @@ }, "nixos-flake": { "locked": { - "lastModified": 1711376798, - "narHash": "sha256-37wawZGSX/dD1rn7TwFJhUdpozC2VPEQXetpfpK/D+w=", + "lastModified": 1716406291, + "narHash": "sha256-qHjJ6alc4o3p51hrPp3JGdC5Pbz5EjF+UZq1HbK8av0=", "owner": "srid", "repo": "nixos-flake", - "rev": "7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5", + "rev": "aa9100167350cbdffaa272b0fd382d7c23606b86", "type": "github" }, "original": { @@ -754,11 +736,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1715534503, - "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "lastModified": 1716330097, + "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", + "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", "type": "github" }, "original": { @@ -799,11 +781,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1715807613, - "narHash": "sha256-3kL4E0Ff9TCvRNxwINzklupY7dcTpl89jTg0PGfBCJc=", + "lastModified": 1716566815, + "narHash": "sha256-WO3MF4W1SrSD0lanU1n7dfuHizeSLfDHJNEir9exlcM=", "owner": "nix-community", "repo": "nixvim", - "rev": "6be28a941b39a7cbe4d34b577bd095548f5d1e15", + "rev": "9d858de2e9ab136d1c53d92af62fed8fccf492ab", "type": "github" }, "original": { @@ -815,7 +797,6 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_6", "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -827,11 +808,11 @@ ] }, "locked": { - "lastModified": 1714478972, - "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "2849da033884f54822af194400f8dff435ada242", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", "type": "github" }, "original": { @@ -1082,21 +1063,6 @@ "type": "github" } }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1144,11 +1110,11 @@ ] }, "locked": { - "lastModified": 1714058656, - "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", + "lastModified": 1715940852, + "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", + "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", "type": "github" }, "original": { From ae2b27c138cd0a3720e4a59eefb5a8a2b8a35963 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 26 May 2024 11:13:08 -0400 Subject: [PATCH 36/56] chore(just): improve for github-runner --- justfile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/justfile b/justfile index fac8f13..d04839f 100644 --- a/justfile +++ b/justfile @@ -9,11 +9,21 @@ activate: fmt: treefmt +# Deploy to all remote machines +deploy: + colmena apply --build-on-target + # Deploy to github-runner VM gr-deploy: - colmena apply --build-on-target + colmena apply --build-on-target --on github-runner # Re-animate the VM that was suspended until now. gr-animate: colmena upload-keys ssh -t github-runner "sudo systemctl restart --all github-runner-*" + +gr-inspect: + ssh -t github-runner "sudo systemctl status --all github-runner-*" + +gr-ssh: + ssh -t github-runner \ No newline at end of file From 9e7c294b1cd5e545ad7695f16886657c75da6162 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 26 May 2024 11:19:14 -0400 Subject: [PATCH 37/56] gr: ephemeral --- clusters/github-runner/nixos-module.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/clusters/github-runner/nixos-module.nix b/clusters/github-runner/nixos-module.nix index 9bb6e2f..67b10a4 100644 --- a/clusters/github-runner/nixos-module.nix +++ b/clusters/github-runner/nixos-module.nix @@ -19,6 +19,7 @@ let inherit user group tokenFile name; enable = true; replace = true; + ephemeral = true; extraPackages = with pkgs; runner-pkgs ++ [ # Standard nix tools nixci From 6de934ae7ed523c35b38cd22b5f83af1da2f65cb Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 26 May 2024 14:43:46 -0400 Subject: [PATCH 38/56] Remove last references to emacs Emacs got removed in 397e4e5e230df0e7ef5458928887f7447ebdf139 --- home/default.nix | 1 - home/emacs/doom/config.el | 76 -------------- home/emacs/doom/init.el | 194 ------------------------------------ home/emacs/doom/packages.el | 50 ---------- 4 files changed, 321 deletions(-) delete mode 100644 home/emacs/doom/config.el delete mode 100644 home/emacs/doom/init.el delete mode 100644 home/emacs/doom/packages.el diff --git a/home/default.nix b/home/default.nix index 617b007..3be06ea 100644 --- a/home/default.nix +++ b/home/default.nix @@ -37,7 +37,6 @@ ./zsh.nix # ./bash.nix # ./kitty.nix - # ./emacs.nix # ./himalaya.nix ]; }; diff --git a/home/emacs/doom/config.el b/home/emacs/doom/config.el deleted file mode 100644 index c4f74dc..0000000 --- a/home/emacs/doom/config.el +++ /dev/null @@ -1,76 +0,0 @@ -;;; $DOOMDIR/config.el -*- lexical-binding: t; -*- - -;; Place your private configuration here! Remember, you do not need to run 'doom -;; sync' after modifying this file! - - -;; Some functionality uses this to identify you, e.g. GPG configuration, email -;; clients, file templates and snippets. It is optional. -(setq user-full-name "Sridhar Ratnakumar" - user-mail-address "srid@srid.ca") - -;; Doom exposes five (optional) variables for controlling fonts in Doom: -;; -;; - `doom-font' -- the primary font to use -;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable) -;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for -;; presentations or streaming. -;; - `doom-symbol-font' -- for symbols -;; - `doom-serif-font' -- for the `fixed-pitch-serif' face -;; -;; See 'C-h v doom-font' for documentation and more examples of what they -;; accept. For example: -;; -;;(setq doom-font (font-spec :family "Fira Code" :size 12 :weight 'semi-light) -;; doom-variable-pitch-font (font-spec :family "Fira Sans" :size 13)) -;; -;; If you or Emacs can't find your font, use 'M-x describe-font' to look them -;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to -;; refresh your font settings. If Emacs still can't find your font, it likely -;; wasn't installed correctly. Font issues are rarely Doom issues! - -;; There are two ways to load a theme. Both assume the theme is installed and -;; available. You can either set `doom-theme' or manually load a theme with the -;; `load-theme' function. This is the default: -(setq doom-theme 'doom-one) - -;; This determines the style of line numbers in effect. If set to `nil', line -;; numbers are disabled. For relative line numbers, set this to `relative'. -(setq display-line-numbers-type t) - -;; If you use `org' and don't want your org files in the default location below, -;; change `org-directory'. It must be set before org loads! -(setq org-directory "~/org/") - - -;; Whenever you reconfigure a package, make sure to wrap your config in an -;; `after!' block, otherwise Doom's defaults may override your settings. E.g. -;; -;; (after! PACKAGE -;; (setq x y)) -;; -;; The exceptions to this rule: -;; -;; - Setting file/directory variables (like `org-directory') -;; - Setting variables which explicitly tell you to set them before their -;; package is loaded (see 'C-h v VARIABLE' to look up their documentation). -;; - Setting doom variables (which start with 'doom-' or '+'). -;; -;; Here are some additional functions/macros that will help you configure Doom. -;; -;; - `load!' for loading external *.el files relative to this one -;; - `use-package!' for configuring packages -;; - `after!' for running code after a package has loaded -;; - `add-load-path!' for adding directories to the `load-path', relative to -;; this file. Emacs searches the `load-path' when you load packages with -;; `require' or `use-package'. -;; - `map!' for binding new keys -;; -;; To get information about any of these functions/macros, move the cursor over -;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k'). -;; This will open documentation for it, including demos of how they are used. -;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces, -;; etc). -;; -;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how -;; they are implemented. \ No newline at end of file diff --git a/home/emacs/doom/init.el b/home/emacs/doom/init.el deleted file mode 100644 index c7f36c9..0000000 --- a/home/emacs/doom/init.el +++ /dev/null @@ -1,194 +0,0 @@ -;;; init.el -*- lexical-binding: t; -*- - -;; This file controls what Doom modules are enabled and what order they load -;; in. Remember to run 'doom sync' after modifying it! - -;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's -;; documentation. There you'll find a link to Doom's Module Index where all -;; of our modules are listed, including what flags they support. - -;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or -;; 'C-c c k' for non-vim users) to view its documentation. This works on -;; flags as well (those symbols that start with a plus). -;; -;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its -;; directory (for easy access to its source code). - -(doom! :input - ;;bidi ; (tfel ot) thgir etirw uoy gnipleh - ;;chinese - ;;japanese - ;;layout ; auie,ctsrnm is the superior home row - - :completion - company ; the ultimate code completion backend - ;;helm ; the *other* search engine for love and life - ;;ido ; the other *other* search engine... - ;;ivy ; a search engine for love and life - vertico ; the search engine of the future - - :ui - ;;deft ; notational velocity for Emacs - doom ; what makes DOOM look the way it does - doom-dashboard ; a nifty splash screen for Emacs - ;;doom-quit ; DOOM quit-message prompts when you quit Emacs - ;;(emoji +unicode) ; 🙂 - hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW - ;;hydra - ;;indent-guides ; highlighted indent columns - ;;ligatures ; ligatures and symbols to make your code pretty again - ;;minimap ; show a map of the code on the side - modeline ; snazzy, Atom-inspired modeline, plus API - ;;nav-flash ; blink cursor line after big motions - ;;neotree ; a project drawer, like NERDTree for vim - ophints ; highlight the region an operation acts on - (popup +defaults) ; tame sudden yet inevitable temporary windows - ;;tabs ; a tab bar for Emacs - ;;treemacs ; a project drawer, like neotree but cooler - ;;unicode ; extended unicode support for various languages - (vc-gutter +pretty) ; vcs diff in the fringe - vi-tilde-fringe ; fringe tildes to mark beyond EOB - ;;window-select ; visually switch windows - workspaces ; tab emulation, persistence & separate workspaces - ;;zen ; distraction-free coding or writing - - :editor - (evil +everywhere); come to the dark side, we have cookies - file-templates ; auto-snippets for empty files - fold ; (nigh) universal code folding - ;;(format +onsave) ; automated prettiness - ;;god ; run Emacs commands without modifier keys - ;;lispy ; vim for lisp, for people who don't like vim - ;;multiple-cursors ; editing in many places at once - ;;objed ; text object editing for the innocent - ;;parinfer ; turn lisp into python, sort of - ;;rotate-text ; cycle region at point between text candidates - snippets ; my elves. They type so I don't have to - ;;word-wrap ; soft wrapping with language-aware indent - - :emacs - dired ; making dired pretty [functional] - electric ; smarter, keyword-based electric-indent - ;;ibuffer ; interactive buffer management - undo ; persistent, smarter undo for your inevitable mistakes - vc ; version-control and Emacs, sitting in a tree - - :term - ;;eshell ; the elisp shell that works everywhere - ;;shell ; simple shell REPL for Emacs - ;;term ; basic terminal emulator for Emacs - ;;vterm ; the best terminal emulation in Emacs - - :checkers - syntax ; tasing you for every semicolon you forget - ;;(spell +flyspell) ; tasing you for misspelling mispelling - ;;grammar ; tasing grammar mistake every you make - - :tools - ;;ansible - ;;biblio ; Writes a PhD for you (citation needed) - ;;collab ; buffers with friends - ;;debugger ; FIXME stepping through code, to help you add bugs - ;;direnv - ;;docker - ;;editorconfig ; let someone else argue about tabs vs spaces - ;;ein ; tame Jupyter notebooks with emacs - (eval +overlay) ; run code, run (also, repls) - lookup ; navigate your code and its documentation - ;;lsp ; M-x vscode - magit ; a git porcelain for Emacs - ;;make ; run make tasks from Emacs - ;;pass ; password manager for nerds - ;;pdf ; pdf enhancements - ;;prodigy ; FIXME managing external services & code builders - ;;rgb ; creating color strings - ;;taskrunner ; taskrunner for all your projects - ;;terraform ; infrastructure as code - ;;tmux ; an API for interacting with tmux - ;;tree-sitter ; syntax and parsing, sitting in a tree... - ;;upload ; map local to remote projects via ssh/ftp - - :os - (:if (featurep :system 'macos) macos) ; improve compatibility with macOS - ;;tty ; improve the terminal Emacs experience - - :lang - ;;agda ; types of types of types of types... - ;;beancount ; mind the GAAP - ;;(cc +lsp) ; C > C++ == 1 - ;;clojure ; java with a lisp - ;;common-lisp ; if you've seen one lisp, you've seen them all - ;;coq ; proofs-as-programs - ;;crystal ; ruby at the speed of c - ;;csharp ; unity, .NET, and mono shenanigans - ;;data ; config/data formats - ;;(dart +flutter) ; paint ui and not much else - ;;dhall - ;;elixir ; erlang done right - ;;elm ; care for a cup of TEA? - emacs-lisp ; drown in parentheses - ;;erlang ; an elegant language for a more civilized age - ;;ess ; emacs speaks statistics - ;;factor - ;;faust ; dsp, but you get to keep your soul - ;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER) - ;;fsharp ; ML stands for Microsoft's Language - ;;fstar ; (dependent) types and (monadic) effects and Z3 - ;;gdscript ; the language you waited for - ;;(go +lsp) ; the hipster dialect - ;;(graphql +lsp) ; Give queries a REST - ;;(haskell +lsp) ; a language that's lazier than I am - ;;hy ; readability of scheme w/ speed of python - ;;idris ; a language you can depend on - ;;json ; At least it ain't XML - ;;(java +lsp) ; the poster child for carpal tunnel syndrome - ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) - ;;julia ; a better, faster MATLAB - ;;kotlin ; a better, slicker Java(Script) - ;;latex ; writing papers in Emacs has never been so fun - ;;lean ; for folks with too much to prove - ;;ledger ; be audit you can be - ;;lua ; one-based indices? one-based indices - markdown ; writing docs for people to ignore - ;;nim ; python + lisp at the speed of c - ;;nix ; I hereby declare "nix geht mehr!" - ;;ocaml ; an objective camel - org ; organize your plain life in plain text - ;;php ; perl's insecure younger brother - ;;plantuml ; diagrams for confusing people more - ;;purescript ; javascript, but functional - ;;python ; beautiful is better than ugly - ;;qt ; the 'cutest' gui framework ever - ;;racket ; a DSL for DSLs - ;;raku ; the artist formerly known as perl6 - ;;rest ; Emacs as a REST client - ;;rst ; ReST in peace - ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} - ;;(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() - ;;scala ; java, but good - ;;(scheme +guile) ; a fully conniving family of lisps - sh ; she sells {ba,z,fi}sh shells on the C xor - ;;sml - ;;solidity ; do you need a blockchain? No. - ;;swift ; who asked for emoji variables? - ;;terra ; Earth and Moon in alignment for performance. - ;;web ; the tubes - ;;yaml ; JSON, but readable - ;;zig ; C, but simpler - - :email - ;;(mu4e +org +gmail) - ;;notmuch - ;;(wanderlust +gmail) - - :app - ;;calendar - ;;emms - ;;everywhere ; *leave* Emacs!? You must be joking - ;;irc ; how neckbeards socialize - ;;(rss +org) ; emacs as an RSS reader - ;;twitter ; twitter client https://twitter.com/vnought - - :config - ;;literate - (default +bindings +smartparens)) \ No newline at end of file diff --git a/home/emacs/doom/packages.el b/home/emacs/doom/packages.el deleted file mode 100644 index a809bf9..0000000 --- a/home/emacs/doom/packages.el +++ /dev/null @@ -1,50 +0,0 @@ -;; -*- no-byte-compile: t; -*- -;;; $DOOMDIR/packages.el - -;; To install a package with Doom you must declare them here and run 'doom sync' -;; on the command line, then restart Emacs for the changes to take effect -- or -;; use 'M-x doom/reload'. - - -;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror: -;; (package! some-package) - -;; To install a package directly from a remote git repo, you must specify a -;; `:recipe'. You'll find documentation on what `:recipe' accepts here: -;; https://github.com/radian-software/straight.el#the-recipe-format -;; (package! another-package -;; :recipe (:host github :repo "username/repo")) - -;; If the package you are trying to install does not contain a PACKAGENAME.el -;; file, or is located in a subdirectory of the repo, you'll need to specify -;; `:files' in the `:recipe': -;; (package! this-package -;; :recipe (:host github :repo "username/repo" -;; :files ("some-file.el" "src/lisp/*.el"))) - -;; If you'd like to disable a package included with Doom, you can do so here -;; with the `:disable' property: -;; (package! builtin-package :disable t) - -;; You can override the recipe of a built in package without having to specify -;; all the properties for `:recipe'. These will inherit the rest of its recipe -;; from Doom or MELPA/ELPA/Emacsmirror: -;; (package! builtin-package :recipe (:nonrecursive t)) -;; (package! builtin-package-2 :recipe (:repo "myfork/package")) - -;; Specify a `:branch' to install a package from a particular branch or tag. -;; This is required for some packages whose default branch isn't 'master' (which -;; our package manager can't deal with; see radian-software/straight.el#279) -;; (package! builtin-package :recipe (:branch "develop")) - -;; Use `:pin' to specify a particular commit to install. -;; (package! builtin-package :pin "1a2b3c4d5e") - - -;; Doom's packages are pinned to a specific commit and updated from release to -;; release. The `unpin!' macro allows you to unpin single packages... -;; (unpin! pinned-package) -;; ...or multiple packages -;; (unpin! pinned-package another-pinned-package) -;; ...Or *all* packages (NOT RECOMMENDED; will likely break things) -;; (unpin! t) \ No newline at end of file From c9df7325a1ecd9e6049bc21726fbb3ccd817babb Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 26 May 2024 15:31:35 -0400 Subject: [PATCH 39/56] add nixd --- .vscode/settings.json | 5 +++-- flake.nix | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index ab7e433..9d12b5c 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,7 @@ { - "nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix", "editor.defaultFormatter": "B4dM4n.nixpkgs-fmt", "editor.formatOnSave": true, - "editor.formatOnType": true + "editor.formatOnType": true, + "nix.enableLanguageServer": true, + "nix.serverPath": "nixd" } \ No newline at end of file diff --git a/flake.nix b/flake.nix index 00fe592..a5d8240 100644 --- a/flake.nix +++ b/flake.nix @@ -122,6 +122,7 @@ packages = with pkgs; [ just colmena + nixd ]; }; }; From c6efa50e657c2cf50eac775558231d765dfddb29 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 26 May 2024 15:32:14 -0400 Subject: [PATCH 40/56] Use newer version of just until it is upgraded in nixpkgs, like: https://github.com/NixOS/nixpkgs/pull/311583 --- flake.nix | 10 +++++++++- justfile | 4 ++++ packages/overlay.nix | 21 +++++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a5d8240..f46ddcc 100644 --- a/flake.nix +++ b/flake.nix @@ -98,7 +98,7 @@ ./systems/ax41.nix; }; - perSystem = { self', pkgs, lib, config, ... }: { + perSystem = { self', pkgs, system, config, ... }: { # Flake inputs we want to update periodically # Run: `nix run .#update`. nixos-flake.primary-inputs = [ @@ -117,6 +117,7 @@ formatter = config.treefmt.build.wrapper; packages.default = self'.packages.activate; + devShells.default = pkgs.mkShell { inputsFrom = [ config.treefmt.build.devShell ]; packages = with pkgs; [ @@ -125,6 +126,13 @@ nixd ]; }; + # Make our overlay available to the devShell + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + (import ./packages/overlay.nix { inherit system; flake = { inherit inputs; }; }) + ]; + }; }; }; } diff --git a/justfile b/justfile index d04839f..47b9c2a 100644 --- a/justfile +++ b/justfile @@ -14,16 +14,20 @@ deploy: colmena apply --build-on-target # Deploy to github-runner VM +[group('gr')] gr-deploy: colmena apply --build-on-target --on github-runner # Re-animate the VM that was suspended until now. +[group('gr')] gr-animate: colmena upload-keys ssh -t github-runner "sudo systemctl restart --all github-runner-*" +[group('gr')] gr-inspect: ssh -t github-runner "sudo systemctl status --all github-runner-*" +[group('gr')] gr-ssh: ssh -t github-runner \ No newline at end of file diff --git a/packages/overlay.nix b/packages/overlay.nix index 3b2971f..53fa3d9 100644 --- a/packages/overlay.nix +++ b/packages/overlay.nix @@ -7,4 +7,25 @@ self: super: { nixci = flake.inputs.nixci.packages.${system}.default; # nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; actualism-app = flake.inputs.actualism-app.packages.${system}.default; + + # Use just v1.27.0, until upstream upgrades it. + just = super.just.overrideAttrs (oa: rec { + name = "${oa.pname}-${version}"; + version = "1.27.0"; + src = super.fetchFromGitHub { + owner = "casey"; + repo = oa.pname; + rev = "refs/tags/${version}"; + hash = "sha256-xyiIAw8PGMgYPtnnzSExcOgwG64HqC9TbBMTKQVG97k="; + }; + # Overriding `cargoHash` has no effect; we must override the resultant + # `cargoDeps` and set the hash in its `outputHash` attribute. + cargoDeps = oa.cargoDeps.overrideAttrs (super.lib.const { + name = "${name}-vendor.tar.gz"; + inherit src; + outputHash = "sha256-jMurOCr9On+sudgCzIBrPHF+6jCE/6dj5E106cAL2qw="; + }); + + doCheck = false; + }); } From 70afdfade569a64d565cd2cadde6f955663f6f21 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Mon, 27 May 2024 17:16:55 -0400 Subject: [PATCH 41/56] chore: just, better grouping --- justfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/justfile b/justfile index 47b9c2a..d9ab975 100644 --- a/justfile +++ b/justfile @@ -2,6 +2,7 @@ default: @just --list # Activate local configuration +[group('main')] activate: nix run @@ -14,20 +15,20 @@ deploy: colmena apply --build-on-target # Deploy to github-runner VM -[group('gr')] +[group('github-runner')] gr-deploy: colmena apply --build-on-target --on github-runner # Re-animate the VM that was suspended until now. -[group('gr')] +[group('github-runner')] gr-animate: colmena upload-keys ssh -t github-runner "sudo systemctl restart --all github-runner-*" -[group('gr')] +[group('github-runner')] gr-inspect: ssh -t github-runner "sudo systemctl status --all github-runner-*" -[group('gr')] +[group('github-runner')] gr-ssh: ssh -t github-runner \ No newline at end of file From 73dd7c4ea9bf43a9b320e060876fbded03bbae6f Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Thu, 30 May 2024 14:48:27 -0400 Subject: [PATCH 42/56] direnv: make less verbose --- home/direnv.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/home/direnv.nix b/home/direnv.nix index b55c2bf..83b2cfc 100644 --- a/home/direnv.nix +++ b/home/direnv.nix @@ -2,9 +2,8 @@ programs.direnv = { enable = true; nix-direnv.enable = true; - # NOTE: disabled, because causes breakage often - /* config.global = { - strict_env = true; - }; */ + config.global = { + hide_env_diff = true; + }; }; } From 0300f032ff40382ff679564fdb9b937ce76fd65a Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Thu, 30 May 2024 14:54:08 -0400 Subject: [PATCH 43/56] nix: Update inputs --- flake.lock | 100 ++++++++++++++++++++++++++--------------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/flake.lock b/flake.lock index 862fd5b..9831e76 100644 --- a/flake.lock +++ b/flake.lock @@ -400,11 +400,38 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_3", + "gitignore": "gitignore", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ "nixvim", - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -429,11 +456,11 @@ ] }, "locked": { - "lastModified": 1716457508, - "narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=", + "lastModified": 1717052710, + "narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "850cb322046ef1a268449cf1ceda5fd24d930b05", + "rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae", "type": "github" }, "original": { @@ -450,11 +477,11 @@ ] }, "locked": { - "lastModified": 1716448020, - "narHash": "sha256-u1ddoBOILtLVX4NYzqSZ9Qaqusql1M4reLd1fs554hY=", + "lastModified": 1717052710, + "narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "25dedb0d52c20448f6a63cc346df1adbd6ef417e", + "rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae", "type": "github" }, "original": { @@ -470,11 +497,11 @@ ] }, "locked": { - "lastModified": 1716511055, - "narHash": "sha256-5Fe/DGgvMhPEMl9VdVxv3zvwRcwNDmW5eRJ0gk72w7U=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0bea8222f6e83247dd13b055d83e64bce02ee532", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -491,11 +518,11 @@ ] }, "locked": { - "lastModified": 1716329735, - "narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -511,11 +538,11 @@ ] }, "locked": { - "lastModified": 1716170277, - "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", + "lastModified": 1716772633, + "narHash": "sha256-Idcye44UW+EgjbjCoklf2IDF+XrehV6CVYvxR1omst4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", + "rev": "ff80cb4a11bb87f3ce8459be6f16a25ac86eb2ac", "type": "github" }, "original": { @@ -736,11 +763,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -772,20 +799,20 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_4", "flake-root": "flake-root", + "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin_2", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks", "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1716566815, - "narHash": "sha256-WO3MF4W1SrSD0lanU1n7dfuHizeSLfDHJNEir9exlcM=", + "lastModified": 1717081007, + "narHash": "sha256-GNr1i6itjFKGXSco3lcdKe8GxEwrmSYFDUpZyXsXWp4=", "owner": "nix-community", "repo": "nixvim", - "rev": "9d858de2e9ab136d1c53d92af62fed8fccf492ab", + "rev": "da9bd1f2e8fc8cd8553a76a9e22afd386c18f205", "type": "github" }, "original": { @@ -794,33 +821,6 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat_3", - "gitignore": "gitignore", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716213921, - "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "process-compose-flake": { "locked": { "lastModified": 1715063745, From 8e608ea029038fd404f22c1cf85bc581fe372965 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Thu, 30 May 2024 15:24:50 -0400 Subject: [PATCH 44/56] Re-enable himalaya --- home/default.nix | 2 +- home/himalaya.nix | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/home/default.nix b/home/default.nix index 3be06ea..bea576d 100644 --- a/home/default.nix +++ b/home/default.nix @@ -37,7 +37,7 @@ ./zsh.nix # ./bash.nix # ./kitty.nix - # ./himalaya.nix + ./himalaya.nix ]; }; }; diff --git a/home/himalaya.nix b/home/himalaya.nix index e6fc895..0dcdc92 100644 --- a/home/himalaya.nix +++ b/home/himalaya.nix @@ -1,4 +1,5 @@ let + # https://pimalaya.org/himalaya/cli/latest/configuration/icloud-mail.html iCloudMailSettings = { imap = { host = "imap.mail.me.com"; @@ -28,10 +29,13 @@ in address = "happyandharmless@icloud.com"; aliases = [ "srid@srid.ca" ]; userName = "happyandharmless"; - passwordCommand = "op read op://Personal/iCloud/himalaya"; + passwordCommand = "op read op://Personal/iCloud-Apple/himalaya"; himalaya = { enable = true; - settings.sync.enable = true; + # Disabled because of https://todo.sr.ht/~soywod/pimalaya/213 + settings.sync = { + enable = true; + }; }; }; }; From 3135ebc4f8f65eff6b3ebd4ab5816d38d7b56893 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 31 May 2024 20:51:53 -0400 Subject: [PATCH 45/56] chore(vscode): avoid rg cpu hog --- .vscode/settings.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.vscode/settings.json b/.vscode/settings.json index 9d12b5c..aa1becf 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,4 +1,5 @@ { + "search.followSymlinks": false, "editor.defaultFormatter": "B4dM4n.nixpkgs-fmt", "editor.formatOnSave": true, "editor.formatOnType": true, From b23632ffd3e328841427184ab84dac3c2b82b1d3 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Fri, 31 May 2024 20:52:05 -0400 Subject: [PATCH 46/56] himalaya: improv --- home/himalaya.nix | 4 +++- nix-darwin/default.nix | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/home/himalaya.nix b/home/himalaya.nix index 0dcdc92..a8e10ed 100644 --- a/home/himalaya.nix +++ b/home/himalaya.nix @@ -15,7 +15,9 @@ in { home.shellAliases = { H = "himalaya"; + Hr = "himalaya message read"; Hd = "himalaya message delete"; + Hs = "himalaya account sync"; }; programs.himalaya = { @@ -32,7 +34,7 @@ in passwordCommand = "op read op://Personal/iCloud-Apple/himalaya"; himalaya = { enable = true; - # Disabled because of https://todo.sr.ht/~soywod/pimalaya/213 + # Don't forget to run `himalaya account sync` first! settings.sync = { enable = true; }; diff --git a/nix-darwin/default.nix b/nix-darwin/default.nix index 7d2c151..af2dad3 100644 --- a/nix-darwin/default.nix +++ b/nix-darwin/default.nix @@ -4,7 +4,7 @@ flake = { darwinModules = { my-home = { - home-manager.users.${config.people.myself} = { pkgs, ... }: { + home-manager.users.${config.people.myself} = { imports = [ self.homeModules.common-darwin ]; From 8eb5ce5e418cdafe3e8ecaf9f1753abff3d53be4 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 2 Jun 2024 10:23:57 -0400 Subject: [PATCH 47/56] add hledger --- home/terminal.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/terminal.nix b/home/terminal.nix index db24b7e..0a94d87 100644 --- a/home/terminal.nix +++ b/home/terminal.nix @@ -28,6 +28,10 @@ # Fonts cascadia-code + + # Txns + hledger + hledger-web ]; fonts.fontconfig.enable = true; From 4c58b562d7e0e9a63635985c792f193492e5c1ad Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 2 Jun 2024 10:26:47 -0400 Subject: [PATCH 48/56] me: keep one ssh key --- nixos/self/primary-as-admin.nix | 2 +- users/config.nix | 9 +++------ users/default.nix | 6 +++--- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/self/primary-as-admin.nix b/nixos/self/primary-as-admin.nix index 6338745..47c3fd1 100644 --- a/nixos/self/primary-as-admin.nix +++ b/nixos/self/primary-as-admin.nix @@ -6,7 +6,7 @@ users.users = let people = flake.config.people; - myKeys = people.users.${people.myself}.sshKeys; + myKeys = [ people.users.${people.myself}.sshKey ]; in { root.openssh.authorizedKeys.keys = myKeys; diff --git a/users/config.nix b/users/config.nix index e70daa5..b58c3fc 100644 --- a/users/config.nix +++ b/users/config.nix @@ -4,12 +4,9 @@ srid = { name = "Sridhar Ratnakumar"; email = "srid@srid.ca"; - sshKeys = [ - # Legacy - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" - # New - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd" - ]; + # Legacy + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd"; }; }; } diff --git a/users/default.nix b/users/default.nix index 96466ae..25bfe22 100644 --- a/users/default.nix +++ b/users/default.nix @@ -8,10 +8,10 @@ let email = lib.mkOption { type = lib.types.str; }; - sshKeys = lib.mkOption { - type = lib.types.listOf lib.types.str; + sshKey = lib.mkOption { + type = lib.types.str; description = '' - SSH public keys + SSH public key ''; }; }; From 63ed8d6d4203d9b3ceb87577b09d38e50cfc086e Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 2 Jun 2024 10:34:14 -0400 Subject: [PATCH 49/56] 1password: sign git commits --- home/_1password.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/home/_1password.nix b/home/_1password.nix index 98433bd..ad087f0 100644 --- a/home/_1password.nix +++ b/home/_1password.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ... }: +{ flake, config, pkgs, lib, ... }: +let + userConfig = flake.config.people.users.${config.home.username}; +in { home.packages = with pkgs; [ _1password @@ -20,4 +23,18 @@ }; }; }; + + # https://developer.1password.com/docs/ssh/git-commit-signing/ + # + # For this to work on GitHub, you must have added the SSH pub key as a signing key, see + # https://1password.community/discussion/comment/667515/#Comment_667515 + programs.git.includes = [{ + condition = "gitdir:~/code/**"; # Personal repos only + contents = { + user.signingKey = userConfig.sshKey; + gpg.format = "ssh"; + gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"; + commit.gpgsign = true; + }; + }]; } From a2e38049588cac6632c8917de33e32670f694cf8 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sun, 2 Jun 2024 11:54:04 -0400 Subject: [PATCH 50/56] gr: use current timezone --- nixos/hedgedoc.nix | 2 -- systems/github-runner.nix | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/hedgedoc.nix b/nixos/hedgedoc.nix index f97bb07..5f80166 100644 --- a/nixos/hedgedoc.nix +++ b/nixos/hedgedoc.nix @@ -1,5 +1,3 @@ -{ config, pkgs, lib, ... }: - let domain = "pad.srid.ca"; port = 9112; diff --git a/systems/github-runner.nix b/systems/github-runner.nix index aaf3255..4b23862 100644 --- a/systems/github-runner.nix +++ b/systems/github-runner.nix @@ -1,4 +1,4 @@ -{ flake, pkgs, lib, ... }: +{ flake, ... }: let inherit (flake) inputs; @@ -10,6 +10,7 @@ in "${self}/nixos/disko/trivial.nix" "${self}/nixos/parallels-vm.nix" "${self}/nixos/nix.nix" + "${self}/nixos/current-location.nix" "${self}/nixos/self/primary-as-admin.nix" "${self}/nixos/server/harden/basics.nix" "${self}/clusters/github-runner/nixos-module.nix" From 8b7220cc90bd4949196555d2ec4ddffd0766a45b Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 5 Jun 2024 11:24:56 -0400 Subject: [PATCH 51/56] gr: note about time sync --- clusters/github-runner/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/clusters/github-runner/README.md b/clusters/github-runner/README.md index ed20ba4..c914952 100644 --- a/clusters/github-runner/README.md +++ b/clusters/github-runner/README.md @@ -16,6 +16,7 @@ While we could use the `nix-darwin` module for Github Runners, we do it the othe ## Known Issues - GitHub token must be provided to avoid the "API rate limit exceeded" error (which can happen if you do all this on your laptop and work around the world). See https://github.com/srid/nixos-config/issues/54 +- GitHub runner might crash due to out of sync time on the VM. If you are Parallels, you should [sync time from Mac](https://kb.parallels.com/113271). ## Usage From ff368963ea72dcd2a7aa5219ac117bbacebdd47e Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 5 Jun 2024 11:25:01 -0400 Subject: [PATCH 52/56] add gnupg --- home/terminal.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/terminal.nix b/home/terminal.nix index 0a94d87..ef9b9a4 100644 --- a/home/terminal.nix +++ b/home/terminal.nix @@ -32,6 +32,8 @@ # Txns hledger hledger-web + + gnupg ]; fonts.fontconfig.enable = true; From f1e560296d62c192c6a1a1dd1ca54c237a2cbf96 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Thu, 6 Jun 2024 15:41:27 -0400 Subject: [PATCH 53/56] Update nixci --- flake.lock | 165 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 113 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index 9831e76..94e1b62 100644 --- a/flake.lock +++ b/flake.lock @@ -94,25 +94,24 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixci", + "rust-flake", "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" + ] }, "locked": { - "lastModified": 1693787605, - "narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=", + "lastModified": 1707685877, + "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", "owner": "ipetkov", "repo": "crane", - "rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" }, "original": { "owner": "ipetkov", "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" } }, @@ -177,11 +176,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -333,11 +332,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -403,7 +402,7 @@ "git-hooks": { "inputs": { "flake-compat": "flake-compat_3", - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "nixvim", "nixpkgs" @@ -428,6 +427,28 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "nixci", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -490,6 +511,21 @@ "type": "github" } }, + "just-flake": { + "locked": { + "lastModified": 1713316411, + "narHash": "sha256-NkJfU6H+6vgHkPtZ2ESbZ/h2wnsDQrZvB4vbdUIBx8Q=", + "owner": "juspay", + "repo": "just-flake", + "rev": "0e33952a4bcd16cd54ee3aba8111606c237d4526", + "type": "github" + }, + "original": { + "owner": "juspay", + "repo": "just-flake", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -554,21 +590,22 @@ "nixci": { "inputs": { "cargo-doc-live": "cargo-doc-live_2", - "crane": "crane_2", "devour-flake": "devour-flake", "flake-parts": "flake-parts_3", + "just-flake": "just-flake", "nixpkgs": "nixpkgs_3", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", "process-compose-flake": "process-compose-flake_2", - "rust-overlay": "rust-overlay_3", + "rust-flake": "rust-flake_2", "systems": "systems_5", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1712481419, - "narHash": "sha256-RnP5L2pNPKxEJL5dg1KN34hJosW9GMW4NFqYIpjRDfA=", + "lastModified": 1717697637, + "narHash": "sha256-IBbblZ5wvS1Y9hDuYW337YjbAXkcj6i/Z6lZesfisBc=", "owner": "srid", "repo": "nixci", - "rev": "ff935409fede5f22b8d651d5dfd1d1b8b9729511", + "rev": "6a672e28811f716a8cff5108dc720269d897d246", "type": "github" }, "original": { @@ -702,11 +739,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1688590700, - "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", + "lastModified": 1714763106, + "narHash": "sha256-DrDHo74uTycfpAF+/qxZAMlP/Cpe04BVioJb6fdI0YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", + "rev": "e9be42459999a253a9f92559b1f5b72e1b44c13d", "type": "github" }, "original": { @@ -821,6 +858,34 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", + "gitignore": "gitignore", + "nixpkgs": [ + "nixci", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "2849da033884f54822af194400f8dff435ada242", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "process-compose-flake": { "locked": { "lastModified": 1715063745, @@ -893,6 +958,29 @@ "type": "github" } }, + "rust-flake_2": { + "inputs": { + "crane": "crane_2", + "nixpkgs": [ + "nixci", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1713345390, + "narHash": "sha256-JukrAWf4u9ECX6XEDcFpQaTGuqjvKl1ecuOOdrstEH4=", + "owner": "juspay", + "repo": "rust-flake", + "rev": "b2535a09c5ed6c33904a59bd4a965aaf14fbddc3", + "type": "github" + }, + "original": { + "owner": "juspay", + "repo": "rust-flake", + "type": "github" + } + }, "rust-overlay": { "inputs": { "flake-utils": "flake-utils", @@ -913,43 +1001,16 @@ } }, "rust-overlay_2": { - "inputs": { - "flake-utils": [ - "nixci", - "crane", - "flake-utils" - ], - "nixpkgs": [ - "nixci", - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1693707092, - "narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1694052649, - "narHash": "sha256-+eBEU3dw3/fCfi8ZHFNutINxehMazGkQxqNcpeNbTo4=", + "lastModified": 1701310566, + "narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a795148ffbcc77f2b592d50ceebe36147e623a77", + "rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff", "type": "github" }, "original": { From 535b125ef8119a418d2c24d48d611da1c431f5ff Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 12 Jun 2024 00:06:29 -0400 Subject: [PATCH 54/56] macOS 15 fix for PATH --- home/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/zsh.nix b/home/zsh.nix index 5251670..ac5f453 100644 --- a/home/zsh.nix +++ b/home/zsh.nix @@ -14,7 +14,7 @@ ]; envExtra = '' - export PATH=/etc/profiles/per-user/$USER/bin:/run/current-system/sw/bin/:/usr/local/bin:$PATH + export PATH=/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/system/sw/bin:/usr/local/bin:$PATH # Because, adding it in .ssh/config is not enough. # cf. https://developer.1password.com/docs/ssh/get-started#step-4-configure-your-ssh-or-git-client From 76d27ecf8ea217b959ab5bc37845a22209cdade9 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 12 Jun 2024 00:07:19 -0400 Subject: [PATCH 55/56] refactor --- flake.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index f46ddcc..6b6631b 100644 --- a/flake.nix +++ b/flake.nix @@ -101,14 +101,16 @@ perSystem = { self', pkgs, system, config, ... }: { # Flake inputs we want to update periodically # Run: `nix run .#update`. - nixos-flake.primary-inputs = [ - "nixpkgs" - "home-manager" - "nix-darwin" - "nixos-flake" - "nix-index-database" - "nixvim" - ]; + nixos-flake = { + primary-inputs = [ + "nixpkgs" + "home-manager" + "nix-darwin" + "nixos-flake" + "nix-index-database" + "nixvim" + ]; + }; treefmt.config = { projectRootFile = "flake.nix"; From 3a387ab1aaa8fcf861aa7aded94e3ea818d396c8 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Wed, 12 Jun 2024 00:08:32 -0400 Subject: [PATCH 56/56] Test out nixos-flake PR 54 --- flake.lock | 7 ++++--- flake.nix | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 94e1b62..a2a94f6 100644 --- a/flake.lock +++ b/flake.lock @@ -616,15 +616,16 @@ }, "nixos-flake": { "locked": { - "lastModified": 1716406291, - "narHash": "sha256-qHjJ6alc4o3p51hrPp3JGdC5Pbz5EjF+UZq1HbK8av0=", + "lastModified": 1718165126, + "narHash": "sha256-M+aW1O01dv6b+MKsGKVLO6dcHqTrGpeToCoz9Ced29o=", "owner": "srid", "repo": "nixos-flake", - "rev": "aa9100167350cbdffaa272b0fd382d7c23606b86", + "rev": "02c0ad4030ea97f3e8c470825d9844b0f0eb1f7b", "type": "github" }, "original": { "owner": "srid", + "ref": "deploy", "repo": "nixos-flake", "type": "github" } diff --git a/flake.nix b/flake.nix index 6b6631b..d07ae1d 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,7 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixos-flake.url = "github:srid/nixos-flake"; + nixos-flake.url = "github:srid/nixos-flake/deploy"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; colmena-flake.url = "github:juspay/colmena-flake";