ljdsalkdsalkjdsa

base.nix

@@ -1,19 +1,14 @@
 { config, pkgs, lib, inputs, ... }:
 
-let
-  isTier1 = (builtins.elem config.nixpkgs.system [ "x86_64-linux" "aarch64_linux"]);
-in
-
 {
   imports = let ifExists = p: if builtins.pathExists p then p else {}; in [
     ./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR`
     ./profiles/locale-no.nix
+    ./profiles/upgrade-diff.nix
     # results of 'nixos-generate-config'
     # nice to have if i just dump this flake into /etc/nixos on a clean install
     (ifExists ./configuration.nix )
     (ifExists ./hardware-configuration.nix )
-  ] ++ lib.optionals isTier1 [
-    ./profiles/upgrade-diff.nix
   ];
 
   nixpkgs.config.permittedInsecurePackages = [
@@ -33,7 +28,7 @@ in
     smartmontools
     testdisk
     usbutils
-  ] ++ lib.optionals isTier1 [
+  ] ++ lib.optionals (builtins.elem config.nixpkgs.system [ "x86_64-linux" "aarch64_linux"]) [
     cage
     weston
   ];

flake.nix

@@ -214,11 +214,17 @@
       nixos = mkConfig extra-modules domain system inputs stateVersion modules hostname;
       cfg = nixos.config;
       inherit (nixos.pkgs) lib;
+      # TODO: make it work, is it faster?
+      #inherit (inputs.nixpkgs.legacyPackages.${system}) lib;
+      #nixos = lib.evalModules { modules = [ (mkModule (extra-modules ++ { _module.check = false; }) domain system inputs stateVersion modules hostname) ]; };
+      #cfg = nixos.config;
     in {
       inherit system; # TODO: cross system
-      fqdn = cfg.networking.fqdn;
+      inherit (cfg.boot.binfmt) emulatedSystems;
-      allowedTCPPorts = cfg.networking.firewall.allowedTCPPorts or [];
+      #inherit (cfg.system.build.toplevel) outPath;
-      allowedUDPPorts = cfg.networking.firewall.allowedUDPPorts or [];
+      inherit (cfg.networking) fqdn;
+      inherit (cfg.networking.firewall) allowedTCPPorts allowedUDPPorts;
+      buildMachines = lib.forEach cfg.nix.buildMachines (buildMachine: buildMachine.hostName);
       users = lib.pipe cfg.users.users [
         (lib.filterAttrs  (uname: user: user.isNormalUser))
         (builtins.mapAttrs (uname: user: {
@@ -305,6 +311,9 @@
       };
     });
 
+    homeModules.jump = ./users/pbsds/modules/jump.nix;
+    homeModules.micro = ./users/pbsds/modules/micro.nix;
+
     homeConfigurations = forAllSystems ({ system, ... }: let
       mkHome = user: home: inputs: modules: inputs.home-manager.lib.homeManagerConfiguration {
         pkgs = inputs.nixpkgs.legacyPackages.${system};

hosts/eple/default.nix

@@ -18,7 +18,7 @@
     ../../profiles/shell/nix-utils.nix
     #../../profiles/shell/binfmt-emu.nix # qemu won't compile...
 
-    ../../profiles/domeneshop-dyndns # TODO: secrets
+    ../../profiles/domeneshop-dyndns
     #../../profiles/code-remote
     #../../profiles/remote-builders
     #../../profiles/autossh-reverse-tunnels

profiles/auto-upgrade.nix

@@ -4,32 +4,17 @@
   system.autoUpgrade.enable = true;
   #system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
 
-  /** /
-  # TODO: this doesn't work during 'nix eval' on a non-nixos machine
-  system.autoUpgrade.flake = "/etc/nixos";
-  system.autoUpgrade.flags = [
-    "--recreate-lock-file" # fetch new inputs
-    #"--commit-lock-file"   # commit new lock to local git repo
-    # TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
-    "-L"                   # print build logs
-  ];
-  #assertions = [
-  #  { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
-  #];
-  /**/
-
-  /**/
   # TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
-  # TODO: make /etc/nixos a checkout of repo?
+  # TODO: make /etc/nixos a writeable checkout of repo?
-  # TODO: update only nixpkgs and unstable
+  environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
+
   system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
   #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
+
   system.autoUpgrade.flags = [
     "--recreate-lock-file" # fetch new inputs
     "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
     "-L"                   # print build logs
   ];
-  environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
-  /**/
 
 }

profiles/autossh-reverse-tunnels/default.nix

@@ -20,7 +20,7 @@
     };
   in [
     #(mkSshSession {user="root"; name="p7rpi";    host="pi@p7.pbsds.net";              rport=10023; monitoringPort=20000; }) # no mutual signature algorithm
-    (mkSshSession {user="root"; name="pbuntu";   host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })
+    #(mkSshSession {user="root"; name="pbuntu";   host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })
     (mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; })
   ];
 

users/pbsds/home/profiles/shell.nix

@@ -30,7 +30,7 @@
   '';
 
   imports = [ ../modules/jump.nix ];
-  programs.jump.enableBash = true; # TODO: upstream? export in flake?
+  programs.jump.enableBash = true;
 
   programs.nix-index.enable = true;
   programs.nix-index-database.comma.enable = true; # via nix-index-database flake