flake: restructure · pluie.me/flake@2cd28c2

+16 -47

flake.nix

··· 55 55 56 56 outputs = 57 57 inputs: 58 - let 59 - inherit (inputs.nixpkgs) lib; 60 - packages' = 61 - pkgs': 62 - pkgs'.lib.packagesFromDirectoryRecursive { 63 - inherit (pkgs') callPackage; 64 - directory = ./packages; 65 - }; 66 - specialArgs = { inherit inputs; }; 67 - in 68 58 inputs.flake-parts.lib.mkFlake { inherit inputs; } { 69 - systems = lib.systems.flakeExposed; 70 - 71 - flake = { 72 - overlays.default = final: prev: packages' prev // import ./overlay.nix final prev; 59 + systems = [ 60 + "x86_64-linux" 61 + "x86_64-darwin" 62 + ]; 73 63 74 - # Personal computers 75 - nixosConfigurations.fettuccine = lib.nixosSystem { 76 - modules = [ ./systems/fettuccine ]; 77 - inherit specialArgs; 78 - }; 64 + imports = [ 65 + ./overlay.nix 66 + ./systems/fettuccine 67 + ./systems/pappardelle 68 + ./systems/focaccia 69 + ]; 79 70 80 - nixosConfigurations.pappardelle = lib.nixosSystem { 81 - modules = [ ./systems/pappardelle ]; 82 - inherit specialArgs; 83 - }; 84 - 85 - # Servers 86 - nixosConfigurations.focaccia = lib.nixosSystem { 87 - modules = [ ./systems/focaccia ]; 88 - inherit specialArgs; 89 - }; 90 - 71 + flake = { 91 72 hjemModules = { 92 73 hjem-ext = import ./modules/hjem-ext; 93 74 hjem-ctp = import ./modules/hjem-ctp; 94 75 }; 95 76 96 - # deploy-rs Nodes 97 - deploy.nodes.focaccia = { 98 - sshOpts = [ 99 - "-p" 100 - "42069" 101 - ]; 102 - hostname = "focaccia.pluie.me"; 103 - profiles = { 104 - system = { 105 - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.focaccia; 106 - user = "root"; 107 - sshUser = "root"; 108 - }; 109 - }; 110 - }; 111 - 112 77 # This is highly advised, and will prevent many possible mistakes 113 78 checks = builtins.mapAttrs ( 114 79 _: deployLib: deployLib.deployChecks inputs.self.deploy ··· 118 83 perSystem = 119 84 { 120 85 pkgs, 86 + lib, 121 87 system, 122 88 ... 123 89 }: ··· 128 94 config.allowUnfree = true; 129 95 }; 130 96 131 - packages = packages' pkgs; 97 + packages = lib.packagesFromDirectoryRecursive { 98 + inherit (pkgs) callPackage; 99 + directory = ./packages; 100 + }; 132 101 133 102 devShells.default = pkgs.mkShellNoCC { 134 103 packages = with pkgs; [

+38 -24

overlay.nix

··· 1 1 # May lord have mercy on my soul 2 - final: prev: { 3 - jujutsu = prev.jujutsu.overrideAttrs { 4 - patches = (prev.patches or [ ]) ++ [ 5 - # HACK: I am so sick and tired of not being able to push to Nixpkgs 6 - # because some edgy fucking idiot thought that it's a good idea to not 7 - # specify an email address in a commit 8 - # 9 - # See https://github.com/NixOS/nixpkgs/pull/453871 10 - # See https://github.com/jj-vcs/jj/issues/5723 11 - (prev.fetchpatch2 { 12 - url = "https://github.com/pluiedev/jj/commit/daa88d4dd485ed0c188023d2af8f811fd4db4a14.patch"; 13 - hash = "sha256-F8fp+LXQwuFVVVnYHJAEaQ9dFr6z9tdCkmcKDC39mM8="; 14 - }) 15 - ]; 16 - doCheck = false; 17 - }; 2 + { 3 + self, 4 + ... 5 + }: 6 + { 7 + flake.overlays.default = 8 + final: prev: 9 + let 10 + inherit (prev.stdenv.hostPlatform) system; 18 11 19 - # TODO: Remove when nixpkgs#473189 is available in unstable 20 - vicinae = final.runCommand "vicinae-patched" { } '' 21 - mkdir -p $out 22 - cp -r ${prev.vicinae}/* $out 23 - substituteInPlace $out/share/systemd/user/vicinae.service \ 24 - --replace-fail "/bin/kill" "${final.lib.getExe' final.coreutils "kill"}" \ 25 - --replace-fail "vicinae" "$out/bin/vicinae" 26 - ''; 12 + myPkgs = prev.lib.optionalAttrs (builtins.hasAttr system self.packages) self.packages.${system}; 13 + in 14 + myPkgs 15 + // { 16 + jujutsu = prev.jujutsu.overrideAttrs { 17 + patches = (prev.patches or [ ]) ++ [ 18 + # HACK: I am so sick and tired of not being able to push to Nixpkgs 19 + # because some edgy fucking idiot thought that it's a good idea to not 20 + # specify an email address in a commit 21 + # 22 + # See https://github.com/NixOS/nixpkgs/pull/453871 23 + # See https://github.com/jj-vcs/jj/issues/5723 24 + (prev.fetchpatch2 { 25 + url = "https://github.com/pluiedev/jj/commit/daa88d4dd485ed0c188023d2af8f811fd4db4a14.patch"; 26 + hash = "sha256-F8fp+LXQwuFVVVnYHJAEaQ9dFr6z9tdCkmcKDC39mM8="; 27 + }) 28 + ]; 29 + doCheck = false; 30 + }; 31 + 32 + # TODO: Remove when nixpkgs#473189 is available in unstable 33 + vicinae = final.runCommand "vicinae-patched" { } '' 34 + mkdir -p $out 35 + cp -r ${prev.vicinae}/* $out 36 + substituteInPlace $out/share/systemd/user/vicinae.service \ 37 + --replace-fail "/bin/kill" "${final.lib.getExe' final.coreutils "kill"}" \ 38 + --replace-fail "vicinae" "$out/bin/vicinae" 39 + ''; 40 + }; 27 41 }

+43

systems/fettuccine/configuration.nix

··· 1 + { 2 + config, 3 + lib, 4 + inputs, 5 + ... 6 + }: 7 + { 8 + imports = with inputs.nixos-hardware.nixosModules; [ 9 + ../laptop.nix 10 + ./hardware-configuration.nix 11 + asus-zephyrus-gu603h 12 + ]; 13 + 14 + networking.hostName = "fettuccine"; 15 + 16 + users.users.leah.enable = true; 17 + 18 + # Disable Nvidia's HDMI audio 19 + boot.blacklistedKernelModules = [ "snd_hda_codec_hdmi" ]; 20 + 21 + # Allow CUDA 22 + nixpkgs.config.cudaSupport = true; 23 + 24 + hardware = { 25 + bluetooth.enable = true; 26 + 27 + nvidia = { 28 + # PCI bus IDs are already conveniently set by nixos-hardware 29 + prime.offload.enable = lib.mkForce true; 30 + 31 + # Beta can sometimes be more stable than, well, stable 32 + package = config.boot.kernelPackages.nvidiaPackages.beta; 33 + }; 34 + }; 35 + 36 + # Nix can sometimes overload my poor, poor laptop CPU 37 + # so much that it can freeze my entire system. Amazing. 38 + # Please don't do that. 39 + nix.daemonCPUSchedPolicy = "idle"; 40 + 41 + # This is an ASUS computer after all 42 + services.asusd.enable = true; 43 + }

+4 -36

systems/fettuccine/default.nix

··· 1 1 { 2 - config, 2 + inputs, 3 3 lib, 4 - inputs, 5 4 ... 6 5 }: 7 6 { 8 - imports = with inputs.nixos-hardware.nixosModules; [ 9 - ../laptop.nix 10 - ./hardware-configuration.nix 11 - asus-zephyrus-gu603h 12 - ]; 13 - 14 - networking.hostName = "fettuccine"; 15 - 16 - users.users.leah.enable = true; 17 - 18 - # Disable Nvidia's HDMI audio 19 - boot.blacklistedKernelModules = [ "snd_hda_codec_hdmi" ]; 20 - 21 - # Allow CUDA 22 - nixpkgs.config.cudaSupport = true; 23 - 24 - hardware = { 25 - bluetooth.enable = true; 26 - 27 - nvidia = { 28 - # PCI bus IDs are already conveniently set by nixos-hardware 29 - prime.offload.enable = lib.mkForce true; 30 - 31 - # Beta can sometimes be more stable than, well, stable 32 - package = config.boot.kernelPackages.nvidiaPackages.beta; 33 - }; 7 + flake.nixosConfigurations.fettuccine = lib.nixosSystem { 8 + modules = [ ./configuration.nix ]; 9 + specialArgs = { inherit inputs; }; 34 10 }; 35 - 36 - # Nix can sometimes overload my poor, poor laptop CPU 37 - # so much that it can freeze my entire system. Amazing. 38 - # Please don't do that. 39 - nix.daemonCPUSchedPolicy = "idle"; 40 - 41 - # This is an ASUS computer after all 42 - services.asusd.enable = true; 43 11 }

+76

systems/focaccia/configuration.nix

··· 1 + { 2 + imports = [ 3 + ../common.nix 4 + ./hardware-configuration.nix 5 + ./networking.nix 6 + ../../modules/nixos/hysteria.nix 7 + ]; 8 + 9 + networking = { 10 + hostName = "focaccia"; 11 + domain = "pluie.me"; 12 + firewall = { 13 + allowedUDPPorts = [ 53 ]; 14 + allowedTCPPorts = [ 15 + 80 16 + 443 17 + ]; 18 + }; 19 + }; 20 + 21 + users.users.leah = { 22 + enable = true; 23 + isNormalUser = true; 24 + description = "Leah C"; 25 + extraGroups = [ 26 + "wheel" # 1984 powers 27 + ]; 28 + home = "/home/leah"; 29 + 30 + openssh.authorizedKeys.keys = [ 31 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz" 32 + ]; 33 + }; 34 + 35 + services.openssh = { 36 + enable = true; 37 + ports = [ 42069 ]; 38 + settings.PermitRootLogin = "prohibit-password"; 39 + }; 40 + 41 + programs.mosh = { 42 + enable = true; 43 + openFirewall = true; 44 + }; 45 + 46 + users.users.root.openssh.authorizedKeys.keys = [ 47 + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz'' 48 + ]; 49 + 50 + boot.kernel.sysctl = { 51 + "net.core.rmem_max" = 16777216; 52 + "net.core.wmem_max" = 16777216; 53 + }; 54 + 55 + services.hysteria = { 56 + enable = true; 57 + settings = { 58 + listen = ":53"; 59 + acme = { 60 + domains = [ "focaccia.pluie.me" ]; 61 + email = "srv@acc.pluie.me"; 62 + }; 63 + auth = { 64 + type = "password"; 65 + password._secret = "/var/lib/hysteria/passwd"; 66 + }; 67 + masquerade = { 68 + type = "proxy"; 69 + proxy = { 70 + url = "https://news.ycombinator.com/"; 71 + rewriteHost = true; 72 + }; 73 + }; 74 + }; 75 + }; 76 + }

+15 -74

systems/focaccia/default.nix

··· 1 1 { 2 + self, 3 + inputs, 2 4 lib, 3 - utils, 4 5 ... 5 6 }: 6 - let 7 - settings = { 8 - 9 - }; 10 - in 11 7 { 12 - imports = [ 13 - ../common.nix 14 - ./hardware-configuration.nix 15 - ./networking.nix 16 - ../../modules/nixos/hysteria.nix 17 - ]; 18 - 19 - networking = { 20 - hostName = "focaccia"; 21 - domain = "pluie.me"; 22 - firewall = { 23 - allowedUDPPorts = [ 53 ]; 24 - allowedTCPPorts = [ 25 - 80 26 - 443 27 - ]; 28 - }; 8 + flake.nixosConfigurations.focaccia = lib.nixosSystem { 9 + modules = [ ./configuration.nix ]; 10 + specialArgs = { inherit inputs; }; 29 11 }; 30 12 31 - users.users.leah = { 32 - enable = true; 33 - isNormalUser = true; 34 - description = "Leah C"; 35 - extraGroups = [ 36 - "wheel" # 1984 powers 13 + flake.deploy.nodes.focaccia = { 14 + sshOpts = [ 15 + "-p" 16 + "42069" 37 17 ]; 38 - home = "/home/leah"; 39 - 40 - openssh.authorizedKeys.keys = [ 41 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz" 42 - ]; 43 - }; 44 - 45 - services.openssh = { 46 - enable = true; 47 - ports = [ 42069 ]; 48 - settings.PermitRootLogin = "prohibit-password"; 49 - }; 50 - 51 - programs.mosh = { 52 - enable = true; 53 - openFirewall = true; 54 - }; 55 - 56 - users.users.root.openssh.authorizedKeys.keys = [ 57 - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz'' 58 - ]; 59 - 60 - boot.kernel.sysctl = { 61 - "net.core.rmem_max" = 16777216; 62 - "net.core.wmem_max" = 16777216; 63 - }; 64 - 65 - services.hysteria = { 66 - enable = true; 67 - settings = { 68 - listen = ":53"; 69 - acme = { 70 - domains = [ "focaccia.pluie.me" ]; 71 - email = "srv@acc.pluie.me"; 72 - }; 73 - auth = { 74 - type = "password"; 75 - password._secret = "/var/lib/hysteria/passwd"; 76 - }; 77 - masquerade = { 78 - type = "proxy"; 79 - proxy = { 80 - url = "https://news.ycombinator.com/"; 81 - rewriteHost = true; 82 - }; 18 + hostname = "focaccia.pluie.me"; 19 + profiles = { 20 + system = { 21 + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.focaccia; 22 + user = "root"; 23 + sshUser = "root"; 83 24 }; 84 25 }; 85 26 };

+15

systems/pappardelle/configuration.nix

··· 1 + { 2 + inputs, 3 + ... 4 + }: 5 + { 6 + imports = with inputs.nixos-hardware.nixosModules; [ 7 + ../laptop.nix 8 + ./hardware-configuration.nix 9 + lenovo-ideapad-14iah10 10 + ]; 11 + 12 + hardware.bluetooth.enable = true; 13 + networking.hostName = "pappardelle"; 14 + users.users.leah.enable = true; 15 + }

+5 -9

systems/pappardelle/default.nix

··· 1 1 { 2 2 inputs, 3 + lib, 3 4 ... 4 5 }: 5 6 { 6 - imports = with inputs.nixos-hardware.nixosModules; [ 7 - ../laptop.nix 8 - ./hardware-configuration.nix 9 - lenovo-ideapad-14iah10 10 - ]; 11 - 12 - hardware.bluetooth.enable = true; 13 - networking.hostName = "pappardelle"; 14 - users.users.leah.enable = true; 7 + flake.nixosConfigurations.pappardelle = lib.nixosSystem { 8 + modules = [ ./configuration.nix ]; 9 + specialArgs = { inherit inputs; }; 10 + }; 15 11 }