diff --git a/configuration/desktop/xserver.nix b/configuration/desktop/xserver.nix index 771119f..61afcb9 100644 --- a/configuration/desktop/xserver.nix +++ b/configuration/desktop/xserver.nix @@ -2,8 +2,8 @@ { services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; services.xserver.excludePackages = with pkgs; [ xterm diff --git a/flake.lock b/flake.lock index 86a0b82..cff961a 100644 --- a/flake.lock +++ b/flake.lock @@ -269,11 +269,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1748520450, - "narHash": "sha256-thTwt6c/qdLg65urUWSENbmwf/ofvujpFNNTcF+iZvI=", + "lastModified": 1750779764, + "narHash": "sha256-JTvJf12NfmiJg+k8zPAvvJIHWA8lzL5SBssQxkwZTwE=", "ref": "lix-2.93", - "rev": "509c94cdb7e11d48e67a5a68c0d5fadfcda7bad5", - "revCount": 4257, + "rev": "175d4c80943403f352ad3ce9ee9a93475a154b91", + "revCount": 4259, "type": "git", "url": "https://git.lix.systems/lix-project/hydra.git" }, @@ -290,6 +290,9 @@ "flake-compat" ], "nix2container": "nix2container", + "nix_2_18": [ + "hydra" + ], "nixpkgs": [ "hydra", "nixpkgs" @@ -298,11 +301,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1747597901, - "narHash": "sha256-jS+P57tXZEl+zvPfEIHFbd1j3xfuWcrcMrcnbm9wWbE=", + "lastModified": 1750762203, + "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=", "ref": "release-2.93", - "rev": "33eaaf02fd3f380e99032b25e741eeeb10573cad", - "revCount": 17846, + "rev": "38b358ce27203f972faa2973cf44ba80c758f46e", + "revCount": 17866, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -324,11 +327,11 @@ ] }, "locked": { - "lastModified": 1748254718, - "narHash": "sha256-Uf6HNA0JctJH4ZdrZ/xb185mT0/XusLxnric9Xhg7Es=", + "lastModified": 1750776670, + "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=", "ref": "release-2.93", - "rev": "3855614ceafe562393472cca5fb2005297889a75", - "revCount": 143, + "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3", + "revCount": 146, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -342,6 +345,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix2container": "nix2container_2", + "nix_2_18": "nix_2_18", "nixpkgs": [ "nixpkgs" ], @@ -349,11 +353,11 @@ "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { - "lastModified": 1747597901, - "narHash": "sha256-jS+P57tXZEl+zvPfEIHFbd1j3xfuWcrcMrcnbm9wWbE=", + "lastModified": 1750762203, + "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=", "ref": "release-2.93", - "rev": "33eaaf02fd3f380e99032b25e741eeeb10573cad", - "revCount": 17846, + "rev": "38b358ce27203f972faa2973cf44ba80c758f46e", + "revCount": 17866, "type": "git", "url": "https://git.lix.systems/lix-project/lix.git" }, @@ -363,6 +367,22 @@ "url": "https://git.lix.systems/lix-project/lix.git" } }, + "lowdown-src": { + "flake": false, + "locked": { + "lastModified": 1633514407, + "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "type": "github" + }, + "original": { + "owner": "kristapsdz", + "repo": "lowdown", + "type": "github" + } + }, "mitel-ommclient2": { "inputs": { "nixpkgs": [ @@ -416,6 +436,34 @@ "type": "github" } }, + "nix_2_18": { + "inputs": { + "flake-compat": [ + "lix", + "flake-compat" + ], + "lowdown-src": "lowdown-src", + "nixpkgs": "nixpkgs_4", + "nixpkgs-regression": [ + "lix", + "nixpkgs-regression" + ] + }, + "locked": { + "lastModified": 1730375271, + "narHash": "sha256-RrOFlDGmRXcVRV2p2HqHGqvzGNyWoD0Dado/BNlJ1SI=", + "owner": "NixOS", + "repo": "nix", + "rev": "0f665ff6779454f2117dcc32e44380cda7f45523", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "2.18.9", + "repo": "nix", + "type": "github" + } + }, "nixos-exporter": { "inputs": { "nixpkgs": [ @@ -550,11 +598,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1748437600, - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", + "lastModified": 1750622754, + "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", + "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1", "type": "github" }, "original": { @@ -566,11 +614,27 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1750776420, - "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "lastModified": 1705033721, + "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { @@ -665,7 +729,7 @@ "lix-module": "lix-module", "nixos-exporter": "nixos-exporter", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-0dc1c7": "nixpkgs-0dc1c7", "nurausstieg": "nurausstieg", "rainbowrss": "rainbowrss", diff --git a/flake.nix b/flake.nix index 0d9d76f..2a5d76c 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,6 @@ }; outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let lib = import ./lib inputs; - helper = lib.flake-helper; localNixpkgs = import ./flake/nixpkgs.nix inputs; in { clerie.hosts = { @@ -135,14 +134,21 @@ }; overlays = { - nixfilesInputs = import ./flake/overlay.nix inputs; - clerie = import ./pkgs/overlay.nix; - default = self.overlays.clerie; + clerie-inputs = import ./flake/inputs-overlay.nix inputs; + clerie-pkgs = import ./pkgs/overlay.nix; + clerie-build-support = import ./pkgs/build-support/overlay.nix; + clerie-overrides = import ./pkgs/overrides/overlay.nix; }; - packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let - pkgs = localNixpkgs.${system}; - in builtins.mapAttrs (name: value: pkgs."${name}") (import ./pkgs/pkgs.nix)); + packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: + let + pkgs = localNixpkgs.${system}; + in + nixpkgs.lib.genAttrs ( + (builtins.attrNames (self.overlays.clerie-pkgs null null)) + ++ (builtins.attrNames (self.overlays.clerie-overrides null null)) + ) (name: pkgs."${name}") + ); inherit lib self; diff --git a/flake/overlay.nix b/flake/inputs-overlay.nix similarity index 100% rename from flake/overlay.nix rename to flake/inputs-overlay.nix diff --git a/flake/nixosConfigurations.nix b/flake/nixosConfigurations.nix index b00570c..8f5f80d 100644 --- a/flake/nixosConfigurations.nix +++ b/flake/nixosConfigurations.nix @@ -10,34 +10,13 @@ let group ? null, modules ? [], }: let - localNixpkgs = nixpkgs.lib.attrByPath [ "nixpkgs-${name}" ] nixpkgs inputs; - in localNixpkgs.lib.nixosSystem { + in self.lib.nixosSystem { system = system; modules = modules ++ [ - self.nixosModules.nixfilesInputs - self.nixosModules.clerie - self.nixosModules.profiles - ({ config, lib, ... }: { # Set hostname networking.hostName = lib.mkDefault name; - # Apply overlays - nixpkgs.overlays = [ - self.overlays.nixfilesInputs - self.overlays.clerie - ]; - - /* - Make the contents of the flake availiable to modules. - Useful for having the monitoring server scraping the - target config from all other servers automatically. - */ - _module.args = { - inputs = inputs; - _nixfiles = self; - }; - # Expose host group to monitoring clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; diff --git a/flake/nixpkgs.nix b/flake/nixpkgs.nix index 08d7246..920fddc 100644 --- a/flake/nixpkgs.nix +++ b/flake/nixpkgs.nix @@ -8,8 +8,10 @@ let import nixpkgs { inherit system; overlays = [ - self.overlays.nixfilesInputs - self.overlays.clerie + self.overlays.clerie-inputs + self.overlays.clerie-pkgs + self.overlays.clerie-build-support + self.overlays.clerie-overrides ]; }; diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix index 7336cac..7961a54 100644 --- a/hosts/web-2/clerie.nix +++ b/hosts/web-2/clerie.nix @@ -27,7 +27,7 @@ root = pkgs.clerie-keys; }; locations."= /ssh/known_hosts" = { - alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix); + alias = pkgs.clerie-ssh-known-hosts + "/known_hosts"; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; diff --git a/lib/default.nix b/lib/default.nix index 0d1d47a..388a1df 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -8,6 +8,7 @@ let lib = { clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix; + nixosSystem = callLibs ./nixosSystem.nix; }; in diff --git a/lib/link-local-wireguard.nix b/lib/link-local-wireguard.nix deleted file mode 100644 index 5361203..0000000 --- a/lib/link-local-wireguard.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: - -rec { - llIPv6 = localIP: peerIP: interface: { - ips = [ - "${localIP}/128" - ]; - postSetup = '' - ip -6 route flush dev ${interface} - ip addr del dev ${interface} ${localIP}/128 && ip addr add dev ${interface} ${localIP}/128 peer ${peerIP}/128 - ''; - }; - llIPv4 = localIP: peerIP: interface: { - ips = [ - "${localIP}/32" - ]; - postSetup = '' - ip -4 route flush dev ${interface} - ip addr del dev ${interface} ${localIP}/32 && ip addr add dev ${interface} ${localIP}/32 peer ${peerIP}/32 - ''; - }; -} diff --git a/lib/nixosSystem.nix b/lib/nixosSystem.nix new file mode 100644 index 0000000..bac3eec --- /dev/null +++ b/lib/nixosSystem.nix @@ -0,0 +1,41 @@ +{ + inputs, + self, + ... +}: + +/* + + nixfiles.lib.nixosSystem, like nixpkgs.lib.nixosSystem but + with nixfiles overlays and modules already populated + +*/ +{ + system ? null, + pkgs ? null, + modules ? [], + ... +}@args: + +let + localNixpkgs = import ../flake/nixpkgs.nix inputs; +in inputs.nixpkgs.lib.nixosSystem ({ + system = system; + pkgs = if pkgs != null then pkgs else localNixpkgs.${system}; + modules = [ + self.nixosModules.nixfilesInputs + self.nixosModules.clerie + self.nixosModules.profiles + ({ config, lib, ... }: { + /* + Make the contents of the flake availiable to modules. + Useful for having the monitoring server scraping the + target config from all other servers automatically. + */ + _module.args = { + inputs = inputs; + _nixfiles = self; + }; + }) + ] ++ modules; +} // builtins.removeAttrs args [ "system" "pkgs" "modules" ] ) diff --git a/pkgs/build-support/overlay.nix b/pkgs/build-support/overlay.nix new file mode 100644 index 0000000..4daaed4 --- /dev/null +++ b/pkgs/build-support/overlay.nix @@ -0,0 +1,7 @@ +final: prev: + +{ + clerie-build-support = { + writePythonScript = final.callPackage ./writePythonScript.nix {}; + }; +} diff --git a/pkgs/build-support/writePythonScript.nix b/pkgs/build-support/writePythonScript.nix new file mode 100644 index 0000000..c670818 --- /dev/null +++ b/pkgs/build-support/writePythonScript.nix @@ -0,0 +1,37 @@ +{ + python3, + writeTextFile, + lib, +}: + +{ + name, + text, + runtimePackages ? ps: [], + pythonPackage ? python3, + meta ? {}, + passthru ? {}, + derivationArgs ? {}, +}: + +let + + pythonWithPackages = pythonPackage.withPackages runtimePackages; + +in writeTextFile { + inherit + name + meta + passthru + derivationArgs + ; + executable = true; + destination = "/bin/${name}"; + allowSubstitutes = true; + preferLocalBuild = false; + text = '' + #!${lib.getExe pythonWithPackages} + + ${text} + ''; +} diff --git a/lib/ssh-known-hosts.nix b/pkgs/clerie-ssh-known-hosts/default.nix similarity index 55% rename from lib/ssh-known-hosts.nix rename to pkgs/clerie-ssh-known-hosts/default.nix index 20c6676..b21fe45 100644 --- a/lib/ssh-known-hosts.nix +++ b/pkgs/clerie-ssh-known-hosts/default.nix @@ -1,13 +1,22 @@ +{ + writeTextFile, +}: + let stripR = str: if (builtins.substring ((builtins.stringLength str) - 1) (builtins.stringLength str) str) == "\n" then stripR (builtins.substring 0 ((builtins.stringLength str) - 1) str) else str; - hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../hosts)); + hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../../hosts)); sshkeyList = map (hostname: { name = hostname; - sshPubkey = stripR (builtins.readFile (../hosts + "/${hostname}/ssh.pub")); + sshPubkey = stripR (builtins.readFile (../../hosts + "/${hostname}/ssh.pub")); }) hostsWithSshPubkey; knownHosts = builtins.concatStringsSep "" (builtins.map ({name, sshPubkey}: '' ${name} ${sshPubkey} ${name}.net.clerie.de ${sshPubkey} '') sshkeyList); -in - knownHosts +in writeTextFile { + name = "clerie-ssh-known-hosts"; + destination = "/known_hosts"; + allowSubstitutes = true; + preferLocalBuild = false; + text = knownHosts; +} diff --git a/pkgs/git-show-link/default.nix b/pkgs/git-show-link/default.nix index 9fe38bb..314a753 100644 --- a/pkgs/git-show-link/default.nix +++ b/pkgs/git-show-link/default.nix @@ -1,13 +1,6 @@ { pkgs, ... }: -pkgs.writeTextFile { +pkgs.clerie-build-support.writePythonScript { name = "git-show-link"; - executable = true; - destination = "/bin/git-show-link"; - allowSubstitutes = true; - preferLocalBuild = false; - text = '' - #!${pkgs.python3.withPackages (ps: with ps; [])}/bin/python3 - ${builtins.readFile ./git-show-link.py} - ''; + text = builtins.readFile ./git-show-link.py; } diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index f2ab5dc..2a6f3ac 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1 +1,30 @@ -final: prev: builtins.mapAttrs (name: value: value final prev) (import ./pkgs.nix) +final: prev: { + clerie-backup = final.callPackage ./clerie-backup {}; + clerie-cleanup-branches = final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {}; + clerie-keys = final.callPackage ./clerie-keys {}; + clerie-ssh-known-hosts = final.callPackage ./clerie-ssh-known-hosts {}; + clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {}; + clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {}; + clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {}; + clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {}; + clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {}; + clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {}; + clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {}; + chromium-incognito = final.callPackage ./chromium-incognito {}; + factorio-launcher = final.callPackage ./factorio-launcher {}; + feeds-dir = final.callPackage ./feeds-dir {}; + git-checkout-github-pr = final.callPackage ./git-checkout-github-pr {}; + git-diff-word = final.callPackage ./git-diff-word {}; + git-pp = final.callPackage ./git-pp {}; + git-show-link = final.callPackage ./git-show-link {}; + nix-remove-result-links = final.callPackage ./nix-remove-result-links {}; + nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; + nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {}; + nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; + nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; + print-afra = final.callPackage ./print-afra {}; + run-with-docker-group = final.callPackage ./run-with-docker-group {}; + ssh-gpg = final.callPackage ./ssh-gpg {}; + update-from-hydra = final.callPackage ./update-from-hydra {}; + uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {}; +} diff --git a/pkgs/overrides/overlay.nix b/pkgs/overrides/overlay.nix new file mode 100644 index 0000000..914a9e3 --- /dev/null +++ b/pkgs/overrides/overlay.nix @@ -0,0 +1,4 @@ +final: prev: { + dino = import ./dino.nix final prev; + xmppc = import ./xmppc.nix final prev; +} diff --git a/pkgs/pkgs.nix b/pkgs/pkgs.nix deleted file mode 100644 index 8e2c444..0000000 --- a/pkgs/pkgs.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - clerie-backup = final: prev: final.callPackage ./clerie-backup {}; - clerie-cleanup-branches = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {}; - clerie-keys = final: prev: final.callPackage ./clerie-keys {}; - clerie-system-remote-install = final: prev: final.callPackage ./clerie-system-remote-install {}; - clerie-system-upgrade = final: prev: final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {}; - clerie-merge-nixfiles-update = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {}; - clerie-sops = final: prev: final.callPackage ./clerie-sops/clerie-sops.nix {}; - clerie-sops-config = final: prev: final.callPackage ./clerie-sops/clerie-sops-config.nix {}; - clerie-sops-edit = final: prev: final.callPackage ./clerie-sops/clerie-sops-edit.nix {}; - clerie-update-nixfiles = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {}; - chromium-incognito = final: prev: final.callPackage ./chromium-incognito {}; - factorio-launcher = final: prev: final.callPackage ./factorio-launcher {}; - feeds-dir = final: prev: final.callPackage ./feeds-dir {}; - git-checkout-github-pr = final: prev: final.callPackage ./git-checkout-github-pr {}; - git-diff-word = final: prev: final.callPackage ./git-diff-word {}; - git-pp = final: prev: final.callPackage ./git-pp {}; - git-show-link = final: prev: final.callPackage ./git-show-link {}; - nix-remove-result-links = final: prev: final.callPackage ./nix-remove-result-links {}; - nixfiles-auto-install = final: prev: final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; - nixfiles-generate-config = final: prev: final.callPackage ./nixfiles/nixfiles-generate-config.nix {}; - nixfiles-generate-backup-secrets = final: prev: final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; - nixfiles-update-ssh-host-keys = final: prev: final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; - print-afra = final: prev: final.callPackage ./print-afra {}; - run-with-docker-group = final: prev: final.callPackage ./run-with-docker-group {}; - ssh-gpg = final: prev: final.callPackage ./ssh-gpg {}; - update-from-hydra = final: prev: final.callPackage ./update-from-hydra {}; - uptimestatus = final: prev: final.python3.pkgs.callPackage ./uptimestatus {}; - - dino = final: prev: import ./overrides/dino.nix final prev; - xmppc = final: prev: import ./overrides/xmppc.nix final prev; -}