From 3c48de49f630bf80d375455783c53f1d3a9b71d7 Mon Sep 17 00:00:00 2001 From: Callum Leslie Date: Thu, 5 Sep 2024 09:50:37 +0100 Subject: [PATCH] finally on flake parts just need to remove fup now --- .gitignore | 1 + flake.lock | 108 +++++++++++++++++++++++------ flake.nix | 116 ++++++++++++++++++++------------ hosts/artemis/configuration.nix | 8 ++- hosts/artemis/containers.nix | 2 +- hosts/artemis/default.nix | 7 +- hosts/artemis/ssh.nix | 2 +- hosts/default.nix | 14 ++-- hosts/hermes/configuration.nix | 8 ++- hosts/hermes/containers.nix | 2 +- hosts/hermes/default.nix | 8 +-- hosts/hermes/media.nix | 10 +-- hosts/hermes/ssh.nix | 2 +- lib/keys.nix | 5 ++ modules/default.nix | 7 +- modules/keys.nix | 8 +-- modules/nix.nix | 2 +- modules/secret.nix | 2 +- pre-commit-hooks.nix | 15 ----- secrets/secrets.nix | 2 +- 20 files changed, 206 insertions(+), 123 deletions(-) create mode 100644 lib/keys.nix delete mode 100644 pre-commit-hooks.nix diff --git a/.gitignore b/.gitignore index b2be92b..58399cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ result +.pre-commit-config.yaml diff --git a/flake.lock b/flake.lock index 1fc2844..8aa5df6 100644 --- a/flake.lock +++ b/flake.lock @@ -314,6 +314,24 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -335,7 +353,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -413,7 +431,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1694529238, @@ -593,7 +611,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixvim", "neovim-nightly-overlay", @@ -681,7 +699,7 @@ "neovim-nightly-overlay": { "inputs": { "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", @@ -787,6 +805,18 @@ "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1720386169, @@ -819,9 +849,25 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "neovim-nightly-overlay": "neovim-nightly-overlay", "nixpkgs": [ "unstable" @@ -874,21 +920,6 @@ "type": "github" } }, - "nur": { - "locked": { - "lastModified": 1725450300, - "narHash": "sha256-9/6i4Xv5qwIC3U37lh3v3FZ325D6x6RDIqzKOtl9sYI=", - "owner": "nix-community", - "repo": "NUR", - "rev": "91ebcb1bd65622bf9751881e520e17947ff56bcf", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils_2", @@ -944,13 +975,15 @@ "disko": "disko", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "nixinate": "nixinate", "nixpkgs": "nixpkgs", "nixvim": "nixvim", - "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", "stylix": "stylix", + "systems": "systems_4", + "treefmt-nix": "treefmt-nix_2", "unstable": "unstable", "utils": "utils" } @@ -1035,6 +1068,21 @@ } }, "systems_4": { + "locked": { + "lastModified": 1680978846, + "narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=", + "owner": "nix-systems", + "repo": "x86_64-linux", + "rev": "2ecfcac5e15790ba6ce360ceccddb15ad16d08a8", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "x86_64-linux", + "type": "github" + } + }, + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1071,6 +1119,24 @@ "type": "github" } }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1725271838, + "narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "unstable": { "locked": { "lastModified": 1725103162, diff --git a/flake.nix b/flake.nix index 0a19c48..f439850 100644 --- a/flake.nix +++ b/flake.nix @@ -52,7 +52,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nur.url = "github:nix-community/NUR"; pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs = { @@ -61,73 +60,102 @@ }; }; flake-compat.url = "github:edolstra/flake-compat"; + flake-parts.url = "github:hercules-ci/flake-parts"; + # systems.url = "github:nix-systems/default"; + # systems.url = "github:nix-systems/default-linux"; + systems.url = "github:nix-systems/x86_64-linux"; + treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = { self, disko, nixpkgs, + flake-parts, nixinate, utils, - nur, home-manager, ... } @ inputs: let inherit (utils.lib) mkApp; mods = import ./modules {inherit utils;}; - hosts = import ./hosts {inherit inputs utils;}; + #_nixosConfigurations = import ./hosts {inherit inputs utils mods self;}; overlay = import ./overlays {inherit inputs;}; + mkLinuxSystem = mod: + nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = + [ + inputs.home-manager.nixosModules.home-manager + inputs.stylix.nixosModules.stylix + inputs.agenix.nixosModules.default + { + nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [self.overlays.default]; + } + mod + ] + ++ mods.sharedModules; + }; in - with mods.nixosModules; - utils.lib.mkFlake { - inherit self inputs; + flake-parts.lib.mkFlake {inherit self inputs;} { + imports = [ + inputs.flake-parts.flakeModules.easyOverlay + inputs.pre-commit-hooks.flakeModule + inputs.treefmt-nix.flakeModule + ]; + + systems = import inputs.systems; + + flake = { inherit (mods) homeManagerModules nixosModules; - inherit (hosts) hosts; - supportedSystems = ["x86_64-linux" "aarch64-linux"]; - channelsConfig.allowUnfree = true; - channelsConfig.allowBroken = false; + nixosConfigurations = { + artemis = mkLinuxSystem ./hosts/artemis; + hermes = mkLinuxSystem ./hosts/hermes; + }; + #nixosConfigurations.artemis = inputs.nixpkgs.lib.nixosSystem {}; + }; - channels.nixpkgs.overlaysBuilder = channels: [ - (final: prev: { - inherit (channels) unstable; - }) - ]; + perSystem = { + config, + pkgs, + final, + system, + inputs', + self', + ... + }: { + _module.args.pkgs = inputs'.nixpkgs.legacyPackages.extend self.overlays.default; + overlayAttrs = config.packages // {unstable = inputs.unstable.legacyPackages.${system};}; - channels.unstable.overlaysBuilder = channels: [ - (final: prev: { - jellyfin-ffmpeg = prev.jellyfin-ffmpeg.override { - ffmpeg_6-full = prev.ffmpeg_6-full.override { - withMfx = false; - withVpl = true; - }; - }; - }) - ]; + pre-commit.check.enable = false; + pre-commit.settings.hooks.alejandra.enable = true; - sharedOverlays = [ - overlay - nur.overlay - ]; - - hostDefaults.modules = [home-manager.nixosModules.home-manager inputs.stylix.nixosModules.stylix inputs.agenix.nixosModules.default] ++ mods.sharedModules; - - hostDefaults.extraArgs = { - inherit inputs; + treefmt.config = { + projectRootFile = "flake.nix"; + programs.alejandra.enable = true; }; - outputsBuilder = channels: - with channels.nixpkgs; { - defaultPackage = nixvim; - packages = utils.lib.exportPackages self.overlays channels; + devShells.default = final.mkShell { + meta.description = "Default dev shell"; + inputsFrom = [config.pre-commit.devShell config.treefmt.build.devShell]; + packages = with final; [just git nixvim cachix jq devour-flake agenix deadnix]; + }; - formatter = alejandra; - devShell = mkShell { - packages = [just git nixvim cachix jq devour-flake agenix]; + apps = nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair ("deploy-" + name) value) (nixinate.nixinate.${system} self).nixinate; + + packages = { + nixvim = inputs.nixvim.packages.${system}.default; + agenix = inputs.agenix.packages.${system}.default; + vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; + devour-flake = pkgs.callPackage inputs.devour-flake {}; + jellyfin-ffmpeg = pkgs.jellyfin-ffmpeg.override { + ffmpeg_6-full = pkgs.ffmpeg_6-full.override { + withMfx = false; + withVpl = true; }; }; - overlays = utils.lib.exportOverlays { - inherit (self) pkgs inputs; }; - apps.x86_64-linux = (nixinate.nixinate.x86_64-linux self).nixinate; }; + }; } diff --git a/hosts/artemis/configuration.nix b/hosts/artemis/configuration.nix index 7e28970..7a29ee6 100644 --- a/hosts/artemis/configuration.nix +++ b/hosts/artemis/configuration.nix @@ -2,10 +2,12 @@ config, pkgs, inputs, + self, ... }: let - inherit (inputs.self.nixosModules) keys; + #inherit (self.nixosModules) keys; in { + nixpkgs.hostPlatform = "x86_64-linux"; c.services.mesh = { enable = true; exitNode = false; @@ -13,7 +15,7 @@ in { }; c.services.remote-deploy = { enable = false; - keys = keys.c; + keys = config.keys.c; }; time.timeZone = "Europe/London"; @@ -22,7 +24,7 @@ in { users.users.c = { isNormalUser = true; extraGroups = ["wheel" "networkmanager" "libvirtd" "dialout"]; - openssh.authorizedKeys.keys = keys.c; + openssh.authorizedKeys.keys = config.keys.c; shell = pkgs.fish; packages = with pkgs; []; }; diff --git a/hosts/artemis/containers.nix b/hosts/artemis/containers.nix index 232a7cf..d48fd4d 100644 --- a/hosts/artemis/containers.nix +++ b/hosts/artemis/containers.nix @@ -1,4 +1,4 @@ -{ +{...}: { virtualisation = { libvirtd.enable = true; podman = { diff --git a/hosts/artemis/default.nix b/hosts/artemis/default.nix index 1db9d12..ec8af0e 100644 --- a/hosts/artemis/default.nix +++ b/hosts/artemis/default.nix @@ -1,5 +1,5 @@ -{inputs}: { - modules = [ +{inputs, ...}: { + imports = [ ./hardware-configuration.nix ./configuration.nix ./containers.nix @@ -9,7 +9,4 @@ ./home.nix ./styling.nix ]; - extraArgs = {}; - specialArgs = {}; - system = "x86_64-linux"; } diff --git a/hosts/artemis/ssh.nix b/hosts/artemis/ssh.nix index 3b0fd1e..39db1b9 100644 --- a/hosts/artemis/ssh.nix +++ b/hosts/artemis/ssh.nix @@ -1,4 +1,4 @@ -{ +{...}: { services.openssh = { enable = true; settings = { diff --git a/hosts/default.nix b/hosts/default.nix index d14d2f6..2f8e4e7 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,13 +1,13 @@ { inputs, utils, + mods, + self, + ... }: let - # TODO: function to do this - artemis = import ./artemis {inherit inputs;}; - hermes = import ./hermes {inherit inputs;}; + sharedModules = [inputs.home-manager.nixosModules.home-manager inputs.stylix.nixosModules.stylix inputs.agenix.nixosModules.default] ++ mods.sharedModules; + artemis = import ./artemis {inherit inputs sharedModules;}; + hermes = import ./hermes {inherit inputs sharedModules;}; in { - hosts = { - inherit artemis; - inherit hermes; - }; + hosts = [artemis hermes]; } diff --git a/hosts/hermes/configuration.nix b/hosts/hermes/configuration.nix index 8cc5345..44f7bdb 100644 --- a/hosts/hermes/configuration.nix +++ b/hosts/hermes/configuration.nix @@ -3,10 +3,12 @@ lib, pkgs, inputs, + self, ... }: let - inherit (inputs.self.nixosModules) keys; + #inherit (self.nixosModules) keys; in { + nixpkgs.hostPlatform = "x86_64-linux"; c.services.mesh = { enable = true; exitNode = true; @@ -17,7 +19,7 @@ in { enable = true; host = "media.cleslie.uk"; port = 62480; - keys = keys.c; + keys = config.keys.c; buildOn = "local"; }; @@ -26,7 +28,7 @@ in { users.users.media = { isNormalUser = true; extraGroups = ["wheel" "multimedia"]; - openssh.authorizedKeys.keys = keys.c; + openssh.authorizedKeys.keys = config.keys.c; packages = with pkgs; [ tree nixvim diff --git a/hosts/hermes/containers.nix b/hosts/hermes/containers.nix index 0e92ab1..75b5365 100644 --- a/hosts/hermes/containers.nix +++ b/hosts/hermes/containers.nix @@ -1,4 +1,4 @@ -{ +{...}: { virtualisation = { podman.enable = true; podman.dockerCompat = true; diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix index ca8050d..94aef04 100644 --- a/hosts/hermes/default.nix +++ b/hosts/hermes/default.nix @@ -1,5 +1,5 @@ -{inputs}: { - modules = [ +{inputs, ...}: { + imports = [ ./hardware-configuration.nix ./configuration.nix ./fail2ban.nix @@ -9,8 +9,4 @@ ./media.nix ./headscale.nix ]; - extraArgs = {}; - specialArgs = {}; - system = "x86_64-linux"; - channelName = "unstable"; } diff --git a/hosts/hermes/media.nix b/hosts/hermes/media.nix index d14c997..8280489 100644 --- a/hosts/hermes/media.nix +++ b/hosts/hermes/media.nix @@ -32,11 +32,11 @@ in { "d /var/lib/tdarr/logs 0775 - multimedia - " ]; - nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; - }; + # nixpkgs.config.packageOverrides = pkgs: { + # vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; + # }; - hardware.graphics = { + hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver @@ -44,7 +44,7 @@ in { vaapiVdpau libvdpau-va-gl intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) - vpl-gpu-rt # QSV on 11th gen or newer + unstable.vpl-gpu-rt # QSV on 11th gen or newer #intel-media-sdk # QSV up to 11th gen ]; }; diff --git a/hosts/hermes/ssh.nix b/hosts/hermes/ssh.nix index 6e7ddbc..34bff3f 100644 --- a/hosts/hermes/ssh.nix +++ b/hosts/hermes/ssh.nix @@ -1,4 +1,4 @@ -{ +{...}: { services = { openssh = { enable = true; diff --git a/lib/keys.nix b/lib/keys.nix new file mode 100644 index 0000000..0eb10e3 --- /dev/null +++ b/lib/keys.nix @@ -0,0 +1,5 @@ +{ + c = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDStMNZgO26AhBz+GkwkMnnDL7nfhOblEMz+bXVaDM3M ssh@cleslie.uk" + ]; +} diff --git a/modules/default.nix b/modules/default.nix index 638de14..85c4c88 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,13 +1,13 @@ -{utils}: let +{utils, ...}: let nixosModules = utils.lib.exportModules [ ./nix.nix ./pinentry-fix.nix ./hm.nix ./boot.nix - ./deploy.nix ./keys.nix - ./secret.nix + ./deploy.nix ./tailscale.nix + ./secret.nix ]; homeManagerModules = utils.lib.exportModules [ ./trayscale.nix @@ -17,6 +17,7 @@ nix hm boot + keys deploy tailscale secret diff --git a/modules/keys.nix b/modules/keys.nix index 0eb10e3..661f815 100644 --- a/modules/keys.nix +++ b/modules/keys.nix @@ -1,5 +1,5 @@ -{ - c = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDStMNZgO26AhBz+GkwkMnnDL7nfhOblEMz+bXVaDM3M ssh@cleslie.uk" - ]; +{lib, ...}: { + options.keys = lib.mkOption { + default = import ../lib/keys.nix; + }; } diff --git a/modules/nix.nix b/modules/nix.nix index 24e714d..309f9c2 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,4 +1,4 @@ -{ +{...}: { nix = { gc = { automatic = true; diff --git a/modules/secret.nix b/modules/secret.nix index 06ad9f4..e2c9011 100644 --- a/modules/secret.nix +++ b/modules/secret.nix @@ -1,3 +1,3 @@ -{ +{...}: { imports = [../secrets/secrets-configuration.nix]; } diff --git a/pre-commit-hooks.nix b/pre-commit-hooks.nix deleted file mode 100644 index fcd5653..0000000 --- a/pre-commit-hooks.nix +++ /dev/null @@ -1,15 +0,0 @@ -{inputs, ...}: { - imports = [inputs.pre-commit-hooks.flakeModule]; - - perSystem.pre-commit = { - settings.excludes = ["flake.lock"]; - - settings.hooks = { - alejandra.enable = true; - prettier = { - enable = true; - excludes = [".js" ".md" ".ts"]; - }; - }; - }; -} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 08e52fb..b0f2843 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,5 @@ let - keys = import ../modules/keys.nix; + keys = import ../lib/keys.nix; systems = { hermes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnmnOWpdewwytd15JcnJvJWbIE8hcMu/pp1TPqsvdol"; artemis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILERlCL5ZwP/mmtBNAMtLrUwEDy+tOprUWUmsGBRlTCF";