diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 281c4388..a6b07ba5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,4 +14,4 @@ jobs: system: [aarch64-linux, aarch64-darwin] steps: - uses: actions/checkout@v4 - - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" + - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" -- --show-trace diff --git a/.vscode/extensions.json b/.vscode/extensions.json index db6b5101..4d6c35ec 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -4,7 +4,6 @@ "b4dm4n.nixpkgs-fmt", "jnoortheen.nix-ide", "mattn.lisp", - "thenuprojectcontributors.vscode-nushell-lang", "mkhl.direnv" ] } \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json index ab7e433d..aa1becfb 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,8 @@ { - "nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix", + "search.followSymlinks": false, "editor.defaultFormatter": "B4dM4n.nixpkgs-fmt", "editor.formatOnSave": true, - "editor.formatOnType": true + "editor.formatOnType": true, + "nix.enableLanguageServer": true, + "nix.serverPath": "nixd" } \ No newline at end of file diff --git a/clusters/github-runner/README.md b/clusters/github-runner/README.md index 1bc43b67..c9149522 100644 --- a/clusters/github-runner/README.md +++ b/clusters/github-runner/README.md @@ -13,6 +13,11 @@ While we could use the `nix-darwin` module for Github Runners, we do it the othe - The Linux VM's `/etc/ssh/ssh_host_ed25519_key` is used to authorize itself to connect to the Mac. - The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can. +## Known Issues + +- GitHub token must be provided to avoid the "API rate limit exceeded" error (which can happen if you do all this on your laptop and work around the world). See https://github.com/srid/nixos-config/issues/54 +- GitHub runner might crash due to out of sync time on the VM. If you are Parallels, you should [sync time from Mac](https://kb.parallels.com/113271). + ## Usage - `/systems/darwin.nix` (macOS config) diff --git a/clusters/github-runner/nixos-module.nix b/clusters/github-runner/nixos-module.nix index 6af80a4b..67b10a48 100644 --- a/clusters/github-runner/nixos-module.nix +++ b/clusters/github-runner/nixos-module.nix @@ -19,6 +19,7 @@ let inherit user group tokenFile name; enable = true; replace = true; + ephemeral = true; extraPackages = with pkgs; runner-pkgs ++ [ # Standard nix tools nixci @@ -39,6 +40,11 @@ in users.groups.${group} = { }; nix.settings.trusted-users = [ user ]; + # No way to do this: https://github.com/NixOS/nix/issues/6536 + #nix.extraOptions = '' + # !include /run/keys/nix-conf-gh-token.secret + #''; + # Runners services.github-runners = mkPersonalRunners "srid" repos.srid; diff --git a/clusters/github-runner/repos.nix b/clusters/github-runner/repos.nix index 52f63dbf..0857b9c0 100644 --- a/clusters/github-runner/repos.nix +++ b/clusters/github-runner/repos.nix @@ -6,5 +6,7 @@ nixos-config.num = 2; nixos-flake.num = 2 * 5; perpetuum.num = 2; + emanote.num = 2; + nixci.num = 2; }; } diff --git a/flake.lock b/flake.lock index b8f8973a..a2a94f6d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,36 @@ { "nodes": { + "actualism-app": { + "inputs": { + "cargo-doc-live": "cargo-doc-live", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "process-compose-flake": "process-compose-flake", + "rust-flake": "rust-flake", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1715572711, + "narHash": "sha256-CPZrSwbZBasURURCzoWHb0XCK1dYEmomT8HamOoQ1A8=", + "owner": "srid", + "repo": "actualism-app", + "rev": "62897d3bb3340d0952489195fd8f1f31b12c9c8c", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "actualism-app", + "type": "github" + } + }, "cargo-doc-live": { "locked": { - "lastModified": 1692743000, - "narHash": "sha256-7lxG/r72hECceIir+Y+N3vM0f7FcudZD5cq+KhZj4MI=", + "lastModified": 1713493311, + "narHash": "sha256-fxbzPNIv0o/Y0OEo0r6iAm4Dft1pX08CKtzBl+RKgrE=", "owner": "srid", "repo": "cargo-doc-live", - "rev": "575b9d0733cac0448219d7bc5746ebd594baedb5", + "rev": "b7058f7b4eb131c569a1fcebf966a1149defd7e3", "type": "github" }, "original": { @@ -48,45 +72,46 @@ "crane": { "inputs": { "nixpkgs": [ - "nix-browser", + "actualism-app", + "rust-flake", "nixpkgs" ] }, "locked": { - "lastModified": 1701305027, - "narHash": "sha256-/LUYOjcPn5vam8DJjHBpGGKfGMSDp1P1wUW1Ca4h3yQ=", + "lastModified": 1707685877, + "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", "owner": "ipetkov", "repo": "crane", - "rev": "c53a8c071dc59430bc54b3ad0b58d96252a07ab8", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" }, "original": { "owner": "ipetkov", "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" } }, "crane_2": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixci", + "rust-flake", "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" + ] }, "locked": { - "lastModified": 1693787605, - "narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=", + "lastModified": 1707685877, + "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", "owner": "ipetkov", "repo": "crane", - "rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" }, "original": { "owner": "ipetkov", "repo": "crane", + "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "type": "github" } }, @@ -115,11 +140,11 @@ ] }, "locked": { - "lastModified": 1711099426, - "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "lastModified": 1713532798, + "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", "owner": "numtide", "repo": "devshell", - "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", "type": "github" }, "original": { @@ -128,22 +153,6 @@ "type": "github" } }, - "dioxus-desktop-template": { - "flake": false, - "locked": { - "lastModified": 1701368080, - "narHash": "sha256-mdfaOnccAl3uudxMIEqCSPr5DIOZjnsMaD0dNsd8Am4=", - "owner": "srid", - "repo": "dioxus-desktop-template", - "rev": "3054d7e74e46c97ee7cee4c42ec025fc284faaf6", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "dioxus-desktop-template", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -167,11 +176,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -215,11 +224,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1698579227, - "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f76e870d64779109e41370848074ac4eaa1606ec", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -233,11 +242,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1698882062, - "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -272,11 +281,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -285,16 +294,31 @@ "type": "github" } }, + "flake-root": { + "locked": { + "lastModified": 1713493429, + "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", + "owner": "srid", + "repo": "flake-root", + "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "flake-root", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -308,11 +332,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -375,29 +399,60 @@ "type": "github" } }, - "flake-utils_6": { + "git-hooks": { "inputs": { - "systems": "systems_8" + "flake-compat": "flake-compat_3", + "gitignore": "gitignore_2", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixvim", + "nixpkgs" + ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "nixci", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "nixvim", - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -422,11 +477,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1717052710, + "narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae", "type": "github" }, "original": { @@ -443,11 +498,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1717052710, + "narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae", "type": "github" }, "original": { @@ -456,29 +511,18 @@ "type": "github" } }, - "nix-browser": { - "inputs": { - "cargo-doc-live": "cargo-doc-live", - "crane": "crane", - "dioxus-desktop-template": "dioxus-desktop-template", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs", - "process-compose-flake": "process-compose-flake", - "rust-overlay": "rust-overlay", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, + "just-flake": { "locked": { - "lastModified": 1707643180, - "narHash": "sha256-8s9/OeqqeqbmUb8dwW4Viye795Zyms6E+24Ihw7cz4Q=", + "lastModified": 1713316411, + "narHash": "sha256-NkJfU6H+6vgHkPtZ2ESbZ/h2wnsDQrZvB4vbdUIBx8Q=", "owner": "juspay", - "repo": "nix-browser", - "rev": "d7d33d764d7f0829cbd2160431e091d09a7b0700", + "repo": "just-flake", + "rev": "0e33952a4bcd16cd54ee3aba8111606c237d4526", "type": "github" }, "original": { "owner": "juspay", - "repo": "nix-browser", + "repo": "just-flake", "type": "github" } }, @@ -489,11 +533,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -510,11 +554,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -530,11 +574,11 @@ ] }, "locked": { - "lastModified": 1711249705, - "narHash": "sha256-h/NQECj6mIzF4XR6AQoSpkCnwqAM+ol4+qOdYi2ykmQ=", + "lastModified": 1716772633, + "narHash": "sha256-Idcye44UW+EgjbjCoklf2IDF+XrehV6CVYvxR1omst4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "34519f3bb678a5abbddf7b200ac5347263ee781b", + "rev": "ff80cb4a11bb87f3ce8459be6f16a25ac86eb2ac", "type": "github" }, "original": { @@ -546,21 +590,22 @@ "nixci": { "inputs": { "cargo-doc-live": "cargo-doc-live_2", - "crane": "crane_2", "devour-flake": "devour-flake", "flake-parts": "flake-parts_3", + "just-flake": "just-flake", "nixpkgs": "nixpkgs_3", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", "process-compose-flake": "process-compose-flake_2", - "rust-overlay": "rust-overlay_3", + "rust-flake": "rust-flake_2", "systems": "systems_5", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1711384311, - "narHash": "sha256-WcfkvK0XcnthRYUoyU8iRmisxBl3faRrc/v1KCsnXS4=", + "lastModified": 1717697637, + "narHash": "sha256-IBbblZ5wvS1Y9hDuYW337YjbAXkcj6i/Z6lZesfisBc=", "owner": "srid", "repo": "nixci", - "rev": "594b5a770e0e70efbb4f93a727849fc303116787", + "rev": "6a672e28811f716a8cff5108dc720269d897d246", "type": "github" }, "original": { @@ -571,15 +616,16 @@ }, "nixos-flake": { "locked": { - "lastModified": 1711376798, - "narHash": "sha256-37wawZGSX/dD1rn7TwFJhUdpozC2VPEQXetpfpK/D+w=", + "lastModified": 1718165126, + "narHash": "sha256-M+aW1O01dv6b+MKsGKVLO6dcHqTrGpeToCoz9Ced29o=", "owner": "srid", "repo": "nixos-flake", - "rev": "7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5", + "rev": "02c0ad4030ea97f3e8c470825d9844b0f0eb1f7b", "type": "github" }, "original": { "owner": "srid", + "ref": "deploy", "repo": "nixos-flake", "type": "github" } @@ -620,11 +666,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701237617, - "narHash": "sha256-Ryd8xpNDY9MJnBFDYhB37XSFIxCPVVVXAbInNPa95vs=", + "lastModified": 1715282013, + "narHash": "sha256-GtwK9hQMbN+FxSD2eTioBOi2P47+t3oqnY4ZGJl53+k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85306ef2470ba705c97ce72741d56e42d0264015", + "rev": "cc6431d5598071f0021efc6c009c79e5b5fe1617", "type": "github" }, "original": { @@ -636,38 +682,26 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "dir": "lib", - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "nixpkgs-lib_3": { @@ -690,11 +724,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681358109, - "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", + "lastModified": 1706487304, + "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", + "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", "type": "github" }, "original": { @@ -706,11 +740,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1688590700, - "narHash": "sha256-ZF055rIUP89cVwiLpG5xkJzx00gEuuGFF60Bs/LM3wc=", + "lastModified": 1714763106, + "narHash": "sha256-DrDHo74uTycfpAF+/qxZAMlP/Cpe04BVioJb6fdI0YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f292b4964cb71f9dfbbd30dc9f511d6165cd109b", + "rev": "e9be42459999a253a9f92559b1f5b72e1b44c13d", "type": "github" }, "original": { @@ -767,11 +801,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1711333969, - "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57e6b3a9e4ebec5aa121188301f04a6b8c354c9b", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -802,19 +836,21 @@ "devshell": "devshell", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_4", + "flake-root": "flake-root", + "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin_2", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks" + "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1711456788, - "narHash": "sha256-Aj9dEP/J/my+WWUlw5JRAjYFZJVOZ08jxYXgNHtbb8E=", + "lastModified": 1717081007, + "narHash": "sha256-GNr1i6itjFKGXSco3lcdKe8GxEwrmSYFDUpZyXsXWp4=", "owner": "nix-community", "repo": "nixvim", - "rev": "b8b0c1d58f3259dd0236a5844897aeec3b36b73d", + "rev": "da9bd1f2e8fc8cd8553a76a9e22afd386c18f205", "type": "github" }, "original": { @@ -823,26 +859,26 @@ "type": "github" } }, - "pre-commit-hooks": { + "pre-commit-hooks-nix": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_6", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", "gitignore": "gitignore", "nixpkgs": [ - "nixvim", + "nixci", "nixpkgs" ], "nixpkgs-stable": [ - "nixvim", + "nixci", "nixpkgs" ] }, "locked": { - "lastModified": 1710923068, - "narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=", + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "e611897ddfdde3ed3eaac4758635d7177ff78673", + "rev": "2849da033884f54822af194400f8dff435ada242", "type": "github" }, "original": { @@ -853,11 +889,11 @@ }, "process-compose-flake": { "locked": { - "lastModified": 1701368682, - "narHash": "sha256-YkZbzfOkv68YOX4fK6VQvNHpysyZ/x3gePL3wbo8giA=", + "lastModified": 1715063745, + "narHash": "sha256-kO8gcRHfuKIlsGmFoHUF4lD3CfrRBymIlG2R3OHBEjQ=", "owner": "Platonic-Systems", "repo": "process-compose-flake", - "rev": "8edcd4de7c631eac2ce5f8e2a0782e0ca606da9b", + "rev": "32c069e7ef436b4325ee36503cd02b2863eede53", "type": "github" }, "original": { @@ -883,11 +919,11 @@ }, "root": { "inputs": { + "actualism-app": "actualism-app", "colmena-flake": "colmena-flake", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager", - "nix-browser": "nix-browser", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixci": "nixci", @@ -896,47 +932,67 @@ "nixos-vscode-server": "nixos-vscode-server", "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" } }, - "rust-overlay": { + "rust-flake": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "crane": "crane", + "nixpkgs": [ + "actualism-app", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1701310566, - "narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff", + "lastModified": 1715570778, + "narHash": "sha256-PlWsDmfLHmhrvf2y7rBJP9wKlgMKm4iIP/PX2BdlttI=", + "owner": "juspay", + "repo": "rust-flake", + "rev": "19e41363312bdb34c2b3d6304b84d5d5fccee09d", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "rust-overlay", + "owner": "juspay", + "ref": "extraBuildArgs", + "repo": "rust-flake", "type": "github" } }, - "rust-overlay_2": { + "rust-flake_2": { "inputs": { - "flake-utils": [ - "nixci", - "crane", - "flake-utils" - ], + "crane": "crane_2", "nixpkgs": [ "nixci", - "crane", "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1713345390, + "narHash": "sha256-JukrAWf4u9ECX6XEDcFpQaTGuqjvKl1ecuOOdrstEH4=", + "owner": "juspay", + "repo": "rust-flake", + "rev": "b2535a09c5ed6c33904a59bd4a965aaf14fbddc3", + "type": "github" + }, + "original": { + "owner": "juspay", + "repo": "rust-flake", + "type": "github" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1693707092, - "narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=", + "lastModified": 1715480255, + "narHash": "sha256-gEZl8nYidQwqJhOigJ91JDjoBFoPEWVsd82AKnaE7Go=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56", + "rev": "d690205a4f01ec0930303c4204e5063958e51255", "type": "github" }, "original": { @@ -945,17 +1001,17 @@ "type": "github" } }, - "rust-overlay_3": { + "rust-overlay_2": { "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1694052649, - "narHash": "sha256-+eBEU3dw3/fCfi8ZHFNutINxehMazGkQxqNcpeNbTo4=", + "lastModified": 1701310566, + "narHash": "sha256-CL9J3xUR2Ejni4LysrEGX0IdO+Y4BXCiH/By0lmF3eQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a795148ffbcc77f2b592d50ceebe36147e623a77", + "rev": "6d3c6e185198b8bf7ad639f22404a75aa9a09bff", "type": "github" }, "original": { @@ -1069,34 +1125,19 @@ "type": "github" } }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ - "nix-browser", + "actualism-app", "nixpkgs" ] }, "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", "type": "github" }, "original": { @@ -1124,6 +1165,27 @@ } }, "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715940852, + "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { "inputs": { "nixpkgs": "nixpkgs_8" }, diff --git a/flake.nix b/flake.nix index 467e93c2..0ed5a047 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,7 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixos-flake.url = "github:srid/nixos-flake"; + nixos-flake.url = "github:srid/nixos-flake/deploy"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; colmena-flake.url = "github:juspay/colmena-flake"; @@ -19,9 +19,9 @@ nixos-vscode-server.flake = false; nixos-vscode-server.url = "github:nix-community/nixos-vscode-server"; nixci.url = "github:srid/nixci"; - nix-browser.url = "github:juspay/nix-browser"; nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + actualism-app.url = "github:srid/actualism-app"; # Neovim nixvim.url = "github:nix-community/nixvim"; @@ -57,14 +57,33 @@ [ "op" "read" "op://Personal/nixos-config/${field}" ]; in { - github-runner = { - targetHost = "github-runner"; + immediacy = { + targetHost = "immediacy"; targetUser = "srid"; - keys."github-runner-token.secret" = { - user = "github-runner"; - keyCommand = read1Password "github-runner-token"; + keys."hedgedoc.env" = { + user = "hedgedoc"; + keyCommand = read1Password "hedgedoc.env"; }; }; + github-runner = + let + user = "github-runner"; + in + { + targetHost = "github-runner"; + targetUser = "srid"; + keys = { + "github-runner-token.secret" = { + inherit user; + keyCommand = read1Password "github-runner-token"; + }; + "nix-conf-gh-token.secret" = { + user = "root"; + permissions = "0440"; + keyCommand = read1Password "nix-conf-gh-token"; + }; + }; + }; }; flake = { @@ -77,19 +96,26 @@ nixosConfigurations.github-runner = self.nixos-flake.lib.mkLinuxSystem ./systems/github-runner.nix; + + # Hetzner dedicated + nixosConfigurations.immediacy = + self.nixos-flake.lib.mkLinuxSystem + ./systems/ax41.nix; }; - perSystem = { self', pkgs, lib, config, ... }: { + perSystem = { self', pkgs, system, config, ... }: { # Flake inputs we want to update periodically # Run: `nix run .#update`. - nixos-flake.primary-inputs = [ - "nixpkgs" - "home-manager" - "nix-darwin" - "nixos-flake" - "nix-index-database" - "nixvim" - ]; + nixos-flake = { + primary-inputs = [ + "nixpkgs" + "home-manager" + "nix-darwin" + "nixos-flake" + "nix-index-database" + "nixvim" + ]; + }; treefmt.config = { projectRootFile = "flake.nix"; @@ -98,11 +124,20 @@ formatter = config.treefmt.build.wrapper; packages.default = self'.packages.activate; + devShells.default = pkgs.mkShell { inputsFrom = [ config.treefmt.build.devShell ]; packages = with pkgs; [ just colmena + nixd + ]; + }; + # Make our overlay available to the devShell + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + (import ./packages/overlay.nix { inherit system; flake = { inherit inputs; }; }) ]; }; }; diff --git a/home/_1password.nix b/home/_1password.nix index 98433bde..ad087f0a 100644 --- a/home/_1password.nix +++ b/home/_1password.nix @@ -1,4 +1,7 @@ -{ pkgs, lib, ... }: +{ flake, config, pkgs, lib, ... }: +let + userConfig = flake.config.people.users.${config.home.username}; +in { home.packages = with pkgs; [ _1password @@ -20,4 +23,18 @@ }; }; }; + + # https://developer.1password.com/docs/ssh/git-commit-signing/ + # + # For this to work on GitHub, you must have added the SSH pub key as a signing key, see + # https://1password.community/discussion/comment/667515/#Comment_667515 + programs.git.includes = [{ + condition = "gitdir:~/code/**"; # Personal repos only + contents = { + user.signingKey = userConfig.sshKey; + gpg.format = "ssh"; + gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"; + commit.gpgsign = true; + }; + }]; } diff --git a/home/default.nix b/home/default.nix index 7ef13cac..bea576df 100644 --- a/home/default.nix +++ b/home/default.nix @@ -21,6 +21,7 @@ # ./nushell.nix ./just.nix # ./powershell.nix + ./juspay.nix ]; }; common-linux = { @@ -36,8 +37,7 @@ ./zsh.nix # ./bash.nix # ./kitty.nix - # ./emacs.nix - # ./himalaya.nix + ./himalaya.nix ]; }; }; diff --git a/home/direnv.nix b/home/direnv.nix index b55c2bf9..83b2cfca 100644 --- a/home/direnv.nix +++ b/home/direnv.nix @@ -2,9 +2,8 @@ programs.direnv = { enable = true; nix-direnv.enable = true; - # NOTE: disabled, because causes breakage often - /* config.global = { - strict_env = true; - }; */ + config.global = { + hide_env_diff = true; + }; }; } diff --git a/home/emacs/doom/config.el b/home/emacs/doom/config.el deleted file mode 100644 index c4f74dc9..00000000 --- a/home/emacs/doom/config.el +++ /dev/null @@ -1,76 +0,0 @@ -;;; $DOOMDIR/config.el -*- lexical-binding: t; -*- - -;; Place your private configuration here! Remember, you do not need to run 'doom -;; sync' after modifying this file! - - -;; Some functionality uses this to identify you, e.g. GPG configuration, email -;; clients, file templates and snippets. It is optional. -(setq user-full-name "Sridhar Ratnakumar" - user-mail-address "srid@srid.ca") - -;; Doom exposes five (optional) variables for controlling fonts in Doom: -;; -;; - `doom-font' -- the primary font to use -;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable) -;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for -;; presentations or streaming. -;; - `doom-symbol-font' -- for symbols -;; - `doom-serif-font' -- for the `fixed-pitch-serif' face -;; -;; See 'C-h v doom-font' for documentation and more examples of what they -;; accept. For example: -;; -;;(setq doom-font (font-spec :family "Fira Code" :size 12 :weight 'semi-light) -;; doom-variable-pitch-font (font-spec :family "Fira Sans" :size 13)) -;; -;; If you or Emacs can't find your font, use 'M-x describe-font' to look them -;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to -;; refresh your font settings. If Emacs still can't find your font, it likely -;; wasn't installed correctly. Font issues are rarely Doom issues! - -;; There are two ways to load a theme. Both assume the theme is installed and -;; available. You can either set `doom-theme' or manually load a theme with the -;; `load-theme' function. This is the default: -(setq doom-theme 'doom-one) - -;; This determines the style of line numbers in effect. If set to `nil', line -;; numbers are disabled. For relative line numbers, set this to `relative'. -(setq display-line-numbers-type t) - -;; If you use `org' and don't want your org files in the default location below, -;; change `org-directory'. It must be set before org loads! -(setq org-directory "~/org/") - - -;; Whenever you reconfigure a package, make sure to wrap your config in an -;; `after!' block, otherwise Doom's defaults may override your settings. E.g. -;; -;; (after! PACKAGE -;; (setq x y)) -;; -;; The exceptions to this rule: -;; -;; - Setting file/directory variables (like `org-directory') -;; - Setting variables which explicitly tell you to set them before their -;; package is loaded (see 'C-h v VARIABLE' to look up their documentation). -;; - Setting doom variables (which start with 'doom-' or '+'). -;; -;; Here are some additional functions/macros that will help you configure Doom. -;; -;; - `load!' for loading external *.el files relative to this one -;; - `use-package!' for configuring packages -;; - `after!' for running code after a package has loaded -;; - `add-load-path!' for adding directories to the `load-path', relative to -;; this file. Emacs searches the `load-path' when you load packages with -;; `require' or `use-package'. -;; - `map!' for binding new keys -;; -;; To get information about any of these functions/macros, move the cursor over -;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k'). -;; This will open documentation for it, including demos of how they are used. -;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces, -;; etc). -;; -;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how -;; they are implemented. \ No newline at end of file diff --git a/home/emacs/doom/init.el b/home/emacs/doom/init.el deleted file mode 100644 index c7f36c91..00000000 --- a/home/emacs/doom/init.el +++ /dev/null @@ -1,194 +0,0 @@ -;;; init.el -*- lexical-binding: t; -*- - -;; This file controls what Doom modules are enabled and what order they load -;; in. Remember to run 'doom sync' after modifying it! - -;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's -;; documentation. There you'll find a link to Doom's Module Index where all -;; of our modules are listed, including what flags they support. - -;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or -;; 'C-c c k' for non-vim users) to view its documentation. This works on -;; flags as well (those symbols that start with a plus). -;; -;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its -;; directory (for easy access to its source code). - -(doom! :input - ;;bidi ; (tfel ot) thgir etirw uoy gnipleh - ;;chinese - ;;japanese - ;;layout ; auie,ctsrnm is the superior home row - - :completion - company ; the ultimate code completion backend - ;;helm ; the *other* search engine for love and life - ;;ido ; the other *other* search engine... - ;;ivy ; a search engine for love and life - vertico ; the search engine of the future - - :ui - ;;deft ; notational velocity for Emacs - doom ; what makes DOOM look the way it does - doom-dashboard ; a nifty splash screen for Emacs - ;;doom-quit ; DOOM quit-message prompts when you quit Emacs - ;;(emoji +unicode) ; 🙂 - hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW - ;;hydra - ;;indent-guides ; highlighted indent columns - ;;ligatures ; ligatures and symbols to make your code pretty again - ;;minimap ; show a map of the code on the side - modeline ; snazzy, Atom-inspired modeline, plus API - ;;nav-flash ; blink cursor line after big motions - ;;neotree ; a project drawer, like NERDTree for vim - ophints ; highlight the region an operation acts on - (popup +defaults) ; tame sudden yet inevitable temporary windows - ;;tabs ; a tab bar for Emacs - ;;treemacs ; a project drawer, like neotree but cooler - ;;unicode ; extended unicode support for various languages - (vc-gutter +pretty) ; vcs diff in the fringe - vi-tilde-fringe ; fringe tildes to mark beyond EOB - ;;window-select ; visually switch windows - workspaces ; tab emulation, persistence & separate workspaces - ;;zen ; distraction-free coding or writing - - :editor - (evil +everywhere); come to the dark side, we have cookies - file-templates ; auto-snippets for empty files - fold ; (nigh) universal code folding - ;;(format +onsave) ; automated prettiness - ;;god ; run Emacs commands without modifier keys - ;;lispy ; vim for lisp, for people who don't like vim - ;;multiple-cursors ; editing in many places at once - ;;objed ; text object editing for the innocent - ;;parinfer ; turn lisp into python, sort of - ;;rotate-text ; cycle region at point between text candidates - snippets ; my elves. They type so I don't have to - ;;word-wrap ; soft wrapping with language-aware indent - - :emacs - dired ; making dired pretty [functional] - electric ; smarter, keyword-based electric-indent - ;;ibuffer ; interactive buffer management - undo ; persistent, smarter undo for your inevitable mistakes - vc ; version-control and Emacs, sitting in a tree - - :term - ;;eshell ; the elisp shell that works everywhere - ;;shell ; simple shell REPL for Emacs - ;;term ; basic terminal emulator for Emacs - ;;vterm ; the best terminal emulation in Emacs - - :checkers - syntax ; tasing you for every semicolon you forget - ;;(spell +flyspell) ; tasing you for misspelling mispelling - ;;grammar ; tasing grammar mistake every you make - - :tools - ;;ansible - ;;biblio ; Writes a PhD for you (citation needed) - ;;collab ; buffers with friends - ;;debugger ; FIXME stepping through code, to help you add bugs - ;;direnv - ;;docker - ;;editorconfig ; let someone else argue about tabs vs spaces - ;;ein ; tame Jupyter notebooks with emacs - (eval +overlay) ; run code, run (also, repls) - lookup ; navigate your code and its documentation - ;;lsp ; M-x vscode - magit ; a git porcelain for Emacs - ;;make ; run make tasks from Emacs - ;;pass ; password manager for nerds - ;;pdf ; pdf enhancements - ;;prodigy ; FIXME managing external services & code builders - ;;rgb ; creating color strings - ;;taskrunner ; taskrunner for all your projects - ;;terraform ; infrastructure as code - ;;tmux ; an API for interacting with tmux - ;;tree-sitter ; syntax and parsing, sitting in a tree... - ;;upload ; map local to remote projects via ssh/ftp - - :os - (:if (featurep :system 'macos) macos) ; improve compatibility with macOS - ;;tty ; improve the terminal Emacs experience - - :lang - ;;agda ; types of types of types of types... - ;;beancount ; mind the GAAP - ;;(cc +lsp) ; C > C++ == 1 - ;;clojure ; java with a lisp - ;;common-lisp ; if you've seen one lisp, you've seen them all - ;;coq ; proofs-as-programs - ;;crystal ; ruby at the speed of c - ;;csharp ; unity, .NET, and mono shenanigans - ;;data ; config/data formats - ;;(dart +flutter) ; paint ui and not much else - ;;dhall - ;;elixir ; erlang done right - ;;elm ; care for a cup of TEA? - emacs-lisp ; drown in parentheses - ;;erlang ; an elegant language for a more civilized age - ;;ess ; emacs speaks statistics - ;;factor - ;;faust ; dsp, but you get to keep your soul - ;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER) - ;;fsharp ; ML stands for Microsoft's Language - ;;fstar ; (dependent) types and (monadic) effects and Z3 - ;;gdscript ; the language you waited for - ;;(go +lsp) ; the hipster dialect - ;;(graphql +lsp) ; Give queries a REST - ;;(haskell +lsp) ; a language that's lazier than I am - ;;hy ; readability of scheme w/ speed of python - ;;idris ; a language you can depend on - ;;json ; At least it ain't XML - ;;(java +lsp) ; the poster child for carpal tunnel syndrome - ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) - ;;julia ; a better, faster MATLAB - ;;kotlin ; a better, slicker Java(Script) - ;;latex ; writing papers in Emacs has never been so fun - ;;lean ; for folks with too much to prove - ;;ledger ; be audit you can be - ;;lua ; one-based indices? one-based indices - markdown ; writing docs for people to ignore - ;;nim ; python + lisp at the speed of c - ;;nix ; I hereby declare "nix geht mehr!" - ;;ocaml ; an objective camel - org ; organize your plain life in plain text - ;;php ; perl's insecure younger brother - ;;plantuml ; diagrams for confusing people more - ;;purescript ; javascript, but functional - ;;python ; beautiful is better than ugly - ;;qt ; the 'cutest' gui framework ever - ;;racket ; a DSL for DSLs - ;;raku ; the artist formerly known as perl6 - ;;rest ; Emacs as a REST client - ;;rst ; ReST in peace - ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} - ;;(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() - ;;scala ; java, but good - ;;(scheme +guile) ; a fully conniving family of lisps - sh ; she sells {ba,z,fi}sh shells on the C xor - ;;sml - ;;solidity ; do you need a blockchain? No. - ;;swift ; who asked for emoji variables? - ;;terra ; Earth and Moon in alignment for performance. - ;;web ; the tubes - ;;yaml ; JSON, but readable - ;;zig ; C, but simpler - - :email - ;;(mu4e +org +gmail) - ;;notmuch - ;;(wanderlust +gmail) - - :app - ;;calendar - ;;emms - ;;everywhere ; *leave* Emacs!? You must be joking - ;;irc ; how neckbeards socialize - ;;(rss +org) ; emacs as an RSS reader - ;;twitter ; twitter client https://twitter.com/vnought - - :config - ;;literate - (default +bindings +smartparens)) \ No newline at end of file diff --git a/home/emacs/doom/packages.el b/home/emacs/doom/packages.el deleted file mode 100644 index a809bf9c..00000000 --- a/home/emacs/doom/packages.el +++ /dev/null @@ -1,50 +0,0 @@ -;; -*- no-byte-compile: t; -*- -;;; $DOOMDIR/packages.el - -;; To install a package with Doom you must declare them here and run 'doom sync' -;; on the command line, then restart Emacs for the changes to take effect -- or -;; use 'M-x doom/reload'. - - -;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror: -;; (package! some-package) - -;; To install a package directly from a remote git repo, you must specify a -;; `:recipe'. You'll find documentation on what `:recipe' accepts here: -;; https://github.com/radian-software/straight.el#the-recipe-format -;; (package! another-package -;; :recipe (:host github :repo "username/repo")) - -;; If the package you are trying to install does not contain a PACKAGENAME.el -;; file, or is located in a subdirectory of the repo, you'll need to specify -;; `:files' in the `:recipe': -;; (package! this-package -;; :recipe (:host github :repo "username/repo" -;; :files ("some-file.el" "src/lisp/*.el"))) - -;; If you'd like to disable a package included with Doom, you can do so here -;; with the `:disable' property: -;; (package! builtin-package :disable t) - -;; You can override the recipe of a built in package without having to specify -;; all the properties for `:recipe'. These will inherit the rest of its recipe -;; from Doom or MELPA/ELPA/Emacsmirror: -;; (package! builtin-package :recipe (:nonrecursive t)) -;; (package! builtin-package-2 :recipe (:repo "myfork/package")) - -;; Specify a `:branch' to install a package from a particular branch or tag. -;; This is required for some packages whose default branch isn't 'master' (which -;; our package manager can't deal with; see radian-software/straight.el#279) -;; (package! builtin-package :recipe (:branch "develop")) - -;; Use `:pin' to specify a particular commit to install. -;; (package! builtin-package :pin "1a2b3c4d5e") - - -;; Doom's packages are pinned to a specific commit and updated from release to -;; release. The `unpin!' macro allows you to unpin single packages... -;; (unpin! pinned-package) -;; ...or multiple packages -;; (unpin! pinned-package another-pinned-package) -;; ...Or *all* packages (NOT RECOMMENDED; will likely break things) -;; (unpin! t) \ No newline at end of file diff --git a/home/git.nix b/home/git.nix index bfdf87ba..12601470 100644 --- a/home/git.nix +++ b/home/git.nix @@ -1,6 +1,9 @@ { pkgs, config, flake, ... }: { - home.packages = [ pkgs.git-lfs ]; + home.packages = with pkgs; [ + git-lfs + git-filter-repo + ]; programs.git = { package = pkgs.gitAndTools.gitFull; @@ -35,7 +38,7 @@ }; }; extraConfig = { - init.defaultBranch = "master"; # https://srid.ca/unwoke + init.defaultBranch = "master"; # Undo breakage due to https://srid.ca/luxury-belief core.editor = "nvim"; #protocol.keybase.allow = "always"; credential.helper = "store --file ~/.git-credentials"; diff --git a/home/himalaya.nix b/home/himalaya.nix index e6fc8953..a8e10ed0 100644 --- a/home/himalaya.nix +++ b/home/himalaya.nix @@ -1,4 +1,5 @@ let + # https://pimalaya.org/himalaya/cli/latest/configuration/icloud-mail.html iCloudMailSettings = { imap = { host = "imap.mail.me.com"; @@ -14,7 +15,9 @@ in { home.shellAliases = { H = "himalaya"; + Hr = "himalaya message read"; Hd = "himalaya message delete"; + Hs = "himalaya account sync"; }; programs.himalaya = { @@ -28,10 +31,13 @@ in address = "happyandharmless@icloud.com"; aliases = [ "srid@srid.ca" ]; userName = "happyandharmless"; - passwordCommand = "op read op://Personal/iCloud/himalaya"; + passwordCommand = "op read op://Personal/iCloud-Apple/himalaya"; himalaya = { enable = true; - settings.sync.enable = true; + # Don't forget to run `himalaya account sync` first! + settings.sync = { + enable = true; + }; }; }; }; diff --git a/home/juspay.nix b/home/juspay.nix new file mode 100644 index 00000000..f60c15b2 --- /dev/null +++ b/home/juspay.nix @@ -0,0 +1,37 @@ +# For Juspay work +{ pkgs, lib, ... }: +{ + programs.ssh = { + matchBlocks = { + # Juspay machines (through Tailscale) + vanjaram = { + hostname = "100.83.79.127"; + user = "srid"; + forwardAgent = true; + }; + biryani = { + hostname = "100.97.32.60"; + user = "admin"; + forwardAgent = true; + }; + + # To clone Juspay repos. + # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host + "bitbucket.org" = { + identitiesOnly = true; + identityFile = "~/.ssh/juspay.pub"; + }; + }; + }; + + programs.git = { + # Bitbucket git access and policies + includes = [{ + condition = "gitdir:~/juspay/**"; + contents = { + user.email = "sridhar.ratnakumar@juspay.in"; + }; + }]; + }; +} + diff --git a/home/neovim.nix b/home/neovim.nix index 213c28ab..ae6502b0 100644 --- a/home/neovim.nix +++ b/home/neovim.nix @@ -1,12 +1,14 @@ +{ pkgs, ... }: + { programs.nixvim = { - enable = true; + enable = pkgs.stdenv.isDarwin; # nixvim uses IFD; so not using it on Linux (breaks colmena apply) # Theme colorschemes.tokyonight.enable = true; # Settings - options = { + opts = { expandtab = true; shiftwidth = 2; smartindent = true; @@ -42,7 +44,7 @@ }; telescope = { enable = true; - keymaps = { + settings.keymaps = { "ff" = { desc = "file finder"; action = "find_files"; @@ -53,7 +55,7 @@ }; }; extensions = { - file_browser.enable = true; + file-browser.enable = true; }; }; diff --git a/home/ssh.nix b/home/ssh.nix index 8693b3b0..b332248e 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -2,23 +2,13 @@ { programs.ssh = { enable = true; + + # Note: More defined in juspay.nix matchBlocks = { - vanjaram = { - hostname = "100.83.79.127"; - user = "srid"; - forwardAgent = true; - }; - biryani = { - hostname = "100.97.32.60"; - user = "admin"; + immediacy = { + hostname = "65.109.84.215"; forwardAgent = true; }; - # To clone Juspay repos. - # https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host - "bitbucket.org" = { - identitiesOnly = true; - identityFile = "~/.ssh/juspay.pub"; - }; }; }; } diff --git a/home/terminal.nix b/home/terminal.nix index 22ebeb03..ef9b9a43 100644 --- a/home/terminal.nix +++ b/home/terminal.nix @@ -13,7 +13,6 @@ # Useful for Nix development nixci nix-health - nil nixpkgs-fmt just @@ -26,8 +25,19 @@ fuckport sshuttle-via entr + + # Fonts + cascadia-code + + # Txns + hledger + hledger-web + + gnupg ]; + fonts.fontconfig.enable = true; + home.shellAliases = { e = "nvim"; ee = "nvim $(fzf)"; diff --git a/home/zsh.nix b/home/zsh.nix index 52516703..ac5f453d 100644 --- a/home/zsh.nix +++ b/home/zsh.nix @@ -14,7 +14,7 @@ ]; envExtra = '' - export PATH=/etc/profiles/per-user/$USER/bin:/run/current-system/sw/bin/:/usr/local/bin:$PATH + export PATH=/etc/profiles/per-user/$USER/bin:/nix/var/nix/profiles/system/sw/bin:/usr/local/bin:$PATH # Because, adding it in .ssh/config is not enough. # cf. https://developer.1password.com/docs/ssh/get-started#step-4-configure-your-ssh-or-git-client diff --git a/justfile b/justfile index 1c76443f..d9ab975c 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,34 @@ default: @just --list +# Activate local configuration +[group('main')] +activate: + nix run + +# Format the nix source tree fmt: treefmt -# Deploy to github-runner VM -github-runner: +# Deploy to all remote machines +deploy: colmena apply --build-on-target + +# Deploy to github-runner VM +[group('github-runner')] +gr-deploy: + colmena apply --build-on-target --on github-runner + +# Re-animate the VM that was suspended until now. +[group('github-runner')] +gr-animate: + colmena upload-keys + ssh -t github-runner "sudo systemctl restart --all github-runner-*" + +[group('github-runner')] +gr-inspect: + ssh -t github-runner "sudo systemctl status --all github-runner-*" + +[group('github-runner')] +gr-ssh: + ssh -t github-runner \ No newline at end of file diff --git a/nix-darwin/default.nix b/nix-darwin/default.nix index 7d2c1517..af2dad3b 100644 --- a/nix-darwin/default.nix +++ b/nix-darwin/default.nix @@ -4,7 +4,7 @@ flake = { darwinModules = { my-home = { - home-manager.users.${config.people.myself} = { pkgs, ... }: { + home-manager.users.${config.people.myself} = { imports = [ self.homeModules.common-darwin ]; diff --git a/nixos/actualism-app.nix b/nixos/actualism-app.nix new file mode 100644 index 00000000..7db5738a --- /dev/null +++ b/nixos/actualism-app.nix @@ -0,0 +1,49 @@ +{ flake, pkgs, lib, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + }; + # actualism-app (temp host) + services.nginx = { + enable = true; + virtualHosts."www.actualism.app" = { + enableACME = true; + # addSSL = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "srid@srid.ca"; + }; + systemd.services.actualism-app = { + enable = true; + description = "actualism-app server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = + lib.getExe (pkgs.writeShellApplication { + name = "actualism-app-start"; + text = '' + cd ${pkgs.actualism-app}/ + ${pkgs.actualism-app}/bin/actualism-app + ''; + }); + Restart = "always"; + }; + }; +} diff --git a/nixos/caches/oss.nix b/nixos/caches/oss.nix index 1e35eb76..b5adc66f 100644 --- a/nixos/caches/oss.nix +++ b/nixos/caches/oss.nix @@ -2,11 +2,11 @@ nix.settings.trusted-public-keys = [ #"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nammayatri.cachix.org-1:PiVlgB8hKyYwVtCAGpzTh2z9RsFPhIES6UKs0YB662I=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + # "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; nix.settings.substituters = [ #"https://nix-community.cachix.org" - "https://cache.garnix.io?priority=41" + # "https://cache.garnix.io?priority=41" "https://nammayatri.cachix.org?priority=42" ]; } diff --git a/nixos/disko/trivial.nix b/nixos/disko/trivial.nix index a7fd9812..e3abf4b4 100644 --- a/nixos/disko/trivial.nix +++ b/nixos/disko/trivial.nix @@ -4,8 +4,8 @@ disko.devices = { disk = { main = { - # When using disko-install, we will overwrite this value from the commandline - device = "/dev/disk/by-id/some-disk-id"; + # TODO: Don't hardcode (this file is used by multiple systems) + device = "/dev/nvme0n1"; type = "disk"; content = { type = "gpt"; diff --git a/nixos/hedgedoc.nix b/nixos/hedgedoc.nix new file mode 100644 index 00000000..5f801665 --- /dev/null +++ b/nixos/hedgedoc.nix @@ -0,0 +1,37 @@ +let + domain = "pad.srid.ca"; + port = 9112; +in +{ + services.hedgedoc = { + enable = true; + + # GitHub secrets set in colmena (see flake.nix) + environmentFile = "/run/keys/hedgedoc.env"; + + settings = { + # URL config + inherit domain port; + protocolUseSSL = true; + urlAddPort = false; + allowOrigin = [ "localhost" ]; + + # Accept GitHub users only. + # NOTE: Fine-grained access (eg: whitelist of users) not possible until + # HedgeDoc 2.0 + email = false; + allowAnonymous = false; + }; + }; + + services.nginx = { + virtualHosts.${domain} = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString port}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/nixos/self/primary-as-admin.nix b/nixos/self/primary-as-admin.nix index 6338745e..47c3fd17 100644 --- a/nixos/self/primary-as-admin.nix +++ b/nixos/self/primary-as-admin.nix @@ -6,7 +6,7 @@ users.users = let people = flake.config.people; - myKeys = people.users.${people.myself}.sshKeys; + myKeys = [ people.users.${people.myself}.sshKey ]; in { root.openssh.authorizedKeys.keys = myKeys; diff --git a/packages/overlay.nix b/packages/overlay.nix index f845e682..53fa3d98 100644 --- a/packages/overlay.nix +++ b/packages/overlay.nix @@ -5,5 +5,27 @@ self: super: { twitter-convert = self.callPackage ./twitter-convert { }; sshuttle-via = self.callPackage ./sshuttle-via.nix { }; nixci = flake.inputs.nixci.packages.${system}.default; - nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; + # nix-health = flake.inputs.nix-browser.packages.${system}.nix-health; + actualism-app = flake.inputs.actualism-app.packages.${system}.default; + + # Use just v1.27.0, until upstream upgrades it. + just = super.just.overrideAttrs (oa: rec { + name = "${oa.pname}-${version}"; + version = "1.27.0"; + src = super.fetchFromGitHub { + owner = "casey"; + repo = oa.pname; + rev = "refs/tags/${version}"; + hash = "sha256-xyiIAw8PGMgYPtnnzSExcOgwG64HqC9TbBMTKQVG97k="; + }; + # Overriding `cargoHash` has no effect; we must override the resultant + # `cargoDeps` and set the hash in its `outputHash` attribute. + cargoDeps = oa.cargoDeps.overrideAttrs (super.lib.const { + name = "${name}-vendor.tar.gz"; + inherit src; + outputHash = "sha256-jMurOCr9On+sudgCzIBrPHF+6jCE/6dj5E106cAL2qw="; + }); + + doCheck = false; + }); } diff --git a/systems/ax41.nix b/systems/ax41.nix new file mode 100644 index 00000000..f55407bd --- /dev/null +++ b/systems/ax41.nix @@ -0,0 +1,52 @@ +{ flake, pkgs, lib, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + imports = [ + inputs.disko.nixosModules.disko + self.nixosModules.default + "${self}/nixos/disko/trivial.nix" + "${self}/nixos/nix.nix" + "${self}/nixos/self/primary-as-admin.nix" + "${self}/nixos/docker.nix" + "${self}/nixos/actualism-app.nix" + "${self}/nixos/hedgedoc.nix" + # "${self}/nixos/server/harden/basics.nix" + ]; + + system.stateVersion = "23.11"; + networking.hostName = "immediacy"; + nixpkgs.hostPlatform = "x86_64-linux"; + boot.loader.grub = { + devices = [ "/dev/nvme0n1" ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + hardware.cpu.intel.updateMicrocode = true; + hardware.enableRedistributableFirmware = true; + + # Hetzner networking + networking.useDHCP = false; + networking.interfaces."eth0".ipv4.addresses = [ + { + address = "65.109.84.215"; # your IPv4 here + prefixLength = 24; + } + ]; + networking.interfaces."eth0".ipv6.addresses = [ + { + address = "2a01:4f9:3051:52d3::2"; # Your IPv6 here + prefixLength = 64; + } + ]; + networking.defaultGateway = "65.109.84.193"; + networking.nameservers = [ "8.8.8.8" ]; + + services.openssh.enable = true; + + programs.nix-ld.enable = true; # for vscode server +} diff --git a/systems/github-runner.nix b/systems/github-runner.nix index aaf32553..4b238626 100644 --- a/systems/github-runner.nix +++ b/systems/github-runner.nix @@ -1,4 +1,4 @@ -{ flake, pkgs, lib, ... }: +{ flake, ... }: let inherit (flake) inputs; @@ -10,6 +10,7 @@ in "${self}/nixos/disko/trivial.nix" "${self}/nixos/parallels-vm.nix" "${self}/nixos/nix.nix" + "${self}/nixos/current-location.nix" "${self}/nixos/self/primary-as-admin.nix" "${self}/nixos/server/harden/basics.nix" "${self}/clusters/github-runner/nixos-module.nix" diff --git a/users/config.nix b/users/config.nix index e70daa54..b58c3fc7 100644 --- a/users/config.nix +++ b/users/config.nix @@ -4,12 +4,9 @@ srid = { name = "Sridhar Ratnakumar"; email = "srid@srid.ca"; - sshKeys = [ - # Legacy - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" - # New - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd" - ]; + # Legacy + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd"; }; }; } diff --git a/users/default.nix b/users/default.nix index 96466ae0..25bfe222 100644 --- a/users/default.nix +++ b/users/default.nix @@ -8,10 +8,10 @@ let email = lib.mkOption { type = lib.types.str; }; - sshKeys = lib.mkOption { - type = lib.types.listOf lib.types.str; + sshKey = lib.mkOption { + type = lib.types.str; description = '' - SSH public keys + SSH public key ''; }; };