diff --git a/base.nix b/base.nix index ab1c0c2..8a9ada9 100644 --- a/base.nix +++ b/base.nix @@ -1,19 +1,14 @@ { config, pkgs, lib, inputs, ... }: -let - isTier1 = (builtins.elem config.nixpkgs.system [ "x86_64-linux" "aarch64_linux"]); -in - { imports = let ifExists = p: if builtins.pathExists p then p else {}; in [ ./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR` ./profiles/locale-no.nix + ./profiles/upgrade-diff.nix # results of 'nixos-generate-config' # nice to have if i just dump this flake into /etc/nixos on a clean install (ifExists ./configuration.nix ) (ifExists ./hardware-configuration.nix ) - ] ++ lib.optionals isTier1 [ - ./profiles/upgrade-diff.nix ]; nixpkgs.config.permittedInsecurePackages = [ @@ -33,7 +28,7 @@ in smartmontools testdisk usbutils - ] ++ lib.optionals isTier1 [ + ] ++ lib.optionals (builtins.elem config.nixpkgs.system [ "x86_64-linux" "aarch64_linux"]) [ cage weston ]; diff --git a/flake.nix b/flake.nix index c851ee7..7bdb403 100644 --- a/flake.nix +++ b/flake.nix @@ -214,11 +214,17 @@ nixos = mkConfig extra-modules domain system inputs stateVersion modules hostname; cfg = nixos.config; inherit (nixos.pkgs) lib; + # TODO: make it work, is it faster? + #inherit (inputs.nixpkgs.legacyPackages.${system}) lib; + #nixos = lib.evalModules { modules = [ (mkModule (extra-modules ++ { _module.check = false; }) domain system inputs stateVersion modules hostname) ]; }; + #cfg = nixos.config; in { inherit system; # TODO: cross system - fqdn = cfg.networking.fqdn; - allowedTCPPorts = cfg.networking.firewall.allowedTCPPorts or []; - allowedUDPPorts = cfg.networking.firewall.allowedUDPPorts or []; + inherit (cfg.boot.binfmt) emulatedSystems; + #inherit (cfg.system.build.toplevel) outPath; + inherit (cfg.networking) fqdn; + inherit (cfg.networking.firewall) allowedTCPPorts allowedUDPPorts; + buildMachines = lib.forEach cfg.nix.buildMachines (buildMachine: buildMachine.hostName); users = lib.pipe cfg.users.users [ (lib.filterAttrs (uname: user: user.isNormalUser)) (builtins.mapAttrs (uname: user: { @@ -305,6 +311,9 @@ }; }); + homeModules.jump = ./users/pbsds/modules/jump.nix; + homeModules.micro = ./users/pbsds/modules/micro.nix; + homeConfigurations = forAllSystems ({ system, ... }: let mkHome = user: home: inputs: modules: inputs.home-manager.lib.homeManagerConfiguration { pkgs = inputs.nixpkgs.legacyPackages.${system}; diff --git a/hosts/eple/default.nix b/hosts/eple/default.nix index 7068b89..541bf36 100644 --- a/hosts/eple/default.nix +++ b/hosts/eple/default.nix @@ -18,7 +18,7 @@ ../../profiles/shell/nix-utils.nix #../../profiles/shell/binfmt-emu.nix # qemu won't compile... - ../../profiles/domeneshop-dyndns # TODO: secrets + ../../profiles/domeneshop-dyndns #../../profiles/code-remote #../../profiles/remote-builders #../../profiles/autossh-reverse-tunnels diff --git a/profiles/auto-upgrade.nix b/profiles/auto-upgrade.nix index ea66700..560b18b 100644 --- a/profiles/auto-upgrade.nix +++ b/profiles/auto-upgrade.nix @@ -4,32 +4,17 @@ system.autoUpgrade.enable = true; #system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow` - /** / - # TODO: this doesn't work during 'nix eval' on a non-nixos machine - system.autoUpgrade.flake = "/etc/nixos"; - system.autoUpgrade.flags = [ - "--recreate-lock-file" # fetch new inputs - #"--commit-lock-file" # commit new lock to local git repo - # TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ? - "-L" # print build logs - ]; - #assertions = [ - # { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; } - #]; - /**/ - - /**/ # TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery - # TODO: make /etc/nixos a checkout of repo? - # TODO: update only nixpkgs and unstable + # TODO: make /etc/nixos a writeable checkout of repo? + environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895 + system.autoUpgrade.flake = inputs.self.outPath; # a nix store path #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead? + system.autoUpgrade.flags = [ "--recreate-lock-file" # fetch new inputs "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only "-L" # print build logs ]; - environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895 - /**/ } diff --git a/profiles/autossh-reverse-tunnels/default.nix b/profiles/autossh-reverse-tunnels/default.nix index 155ed63..177a7da 100644 --- a/profiles/autossh-reverse-tunnels/default.nix +++ b/profiles/autossh-reverse-tunnels/default.nix @@ -20,7 +20,7 @@ }; in [ #(mkSshSession {user="root"; name="p7rpi"; host="pi@p7.pbsds.net"; rport=10023; monitoringPort=20000; }) # no mutual signature algorithm - (mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; }) + #(mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; }) (mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; }) ]; diff --git a/users/pbsds/home/profiles/shell.nix b/users/pbsds/home/profiles/shell.nix index 269c7c2..013a196 100644 --- a/users/pbsds/home/profiles/shell.nix +++ b/users/pbsds/home/profiles/shell.nix @@ -30,7 +30,7 @@ ''; imports = [ ../modules/jump.nix ]; - programs.jump.enableBash = true; # TODO: upstream? export in flake? + programs.jump.enableBash = true; programs.nix-index.enable = true; programs.nix-index-database.comma.enable = true; # via nix-index-database flake