about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-02-20 02:05:59 +0300
committerAzat Bahawi <azat@bahawi.net>2023-02-20 02:05:59 +0300
commite40f7d991353ad70984afdf67b25c049190c56bd (patch)
tree295a80114cca78952ed6ed562198d997b496faba
parent2023-02-19 (diff)
2023-02-20
Diffstat (limited to '')
-rw-r--r--.typos.toml (renamed from typos.toml)0
-rw-r--r--flake.lock34
-rw-r--r--flake.nix21
-rw-r--r--modules/common/common/default.nix1
-rw-r--r--modules/common/common/nix/default.nix6
-rw-r--r--modules/common/common/secrets.nix21
-rw-r--r--modules/common/curl.nix2
-rw-r--r--modules/common/emacs/default.nix29
-rw-r--r--modules/common/emacs/doom/config.el2
-rw-r--r--modules/common/git.nix23
-rw-r--r--modules/darwin/common/default.nix1
-rw-r--r--modules/darwin/common/secrets.nix3
-rw-r--r--modules/nixos/common/nix.nix3
-rw-r--r--modules/nixos/common/secrets.nix46
-rw-r--r--modules/nixos/emacs.nix19
-rw-r--r--modules/nixos/git/default.nix189
16 files changed, 187 insertions, 213 deletions
diff --git a/typos.toml b/.typos.toml
index 4270c91..4270c91 100644
--- a/typos.toml
+++ b/.typos.toml
diff --git a/flake.lock b/flake.lock
index 72ae9ea..b13d15f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -291,7 +291,9 @@
     },
     "agenix": {
       "inputs": {
-        "darwin": "darwin",
+        "darwin": [
+          "darwin"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ]
@@ -386,28 +388,6 @@
     "darwin": {
       "inputs": {
         "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1673295039,
-        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "ref": "master",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
-    "darwin_2": {
-      "inputs": {
-        "nixpkgs": [
           "nixpkgs"
         ]
       },
@@ -460,11 +440,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676659814,
-        "narHash": "sha256-D58bW6z0NjqoRCQN8eTERkeN9hs6HBQufxaCPkmyPfs=",
+        "lastModified": 1676830175,
+        "narHash": "sha256-y3Z7+FRPPln6Ok3Grhp0puC8vMMvE7JrKRsZKixw7o4=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "ab0f3828a6305fe7fd8c4909e67c1c2107292486",
+        "rev": "ea14c62958d96e0f7cfead9d09e097b1891bf7c4",
         "type": "github"
       },
       "original": {
@@ -816,7 +796,7 @@
         "agenix": "agenix",
         "arkenfox-nixos": "arkenfox-nixos",
         "azahi-cc": "azahi-cc",
-        "darwin": "darwin_2",
+        "darwin": "darwin",
         "dns-nix": "dns-nix",
         "emacs-overlay": "emacs-overlay",
         "flake-compat": "flake-compat",
diff --git a/flake.nix b/flake.nix
index 855913d..e5bd0b9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -88,14 +88,6 @@
       };
     };
 
-    arkenfox-nixos = {
-      type = "github";
-      owner = "dwarfmaster";
-      repo = "arkenfox-nixos";
-      ref = "main";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     # Waiting for patches[1]. Currently, the new profile feature breaks
     # everything and I don't want to spend 12 hours debugging this shit.
     #
@@ -115,6 +107,14 @@
     #   };
     # };
 
+    arkenfox-nixos = {
+      type = "github";
+      owner = "dwarfmaster";
+      repo = "arkenfox-nixos";
+      ref = "main";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     nix-minecraft = {
       type = "github";
       owner = "Infinidoge";
@@ -191,7 +191,10 @@
       owner = "ryantm";
       repo = "agenix";
       ref = "main";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        darwin.follows = "darwin";
+      };
     };
 
     pre-commit-hooks = {
diff --git a/modules/common/common/default.nix b/modules/common/common/default.nix
index 2bfe7e8..8849ad9 100644
--- a/modules/common/common/default.nix
+++ b/modules/common/common/default.nix
@@ -5,6 +5,7 @@ _: {
     ./locale.nix
     ./networking.nix
     ./nix
+    ./secrets.nix
     ./shell
     ./users.nix
   ];
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index 0898457..378cd36 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -11,7 +11,10 @@
 with lib; {
   _module.args = let
     importNixpkgs = nixpkgs:
-      import nixpkgs {inherit (config.nixpkgs) config localSystem;};
+      import nixpkgs {
+        inherit (config.nixpkgs) config;
+        inherit (this) system;
+      };
   in rec {
     pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; # Impure!
     pkgsMaster = importNixpkgs inputs.nixpkgs-master;
@@ -126,6 +129,7 @@ with lib; {
         telepresence = telepresence2;
         tor-browser = tor-browser-bundle-bin;
       }))
+    agenix.overlays.default
     emacs-overlay.overlay
     nur.overlay
   ];
diff --git a/modules/common/common/secrets.nix b/modules/common/common/secrets.nix
new file mode 100644
index 0000000..e15dea8
--- /dev/null
+++ b/modules/common/common/secrets.nix
@@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  pkgs,
+  this,
+  ...
+}:
+with lib; {
+  imports = [(mkAliasOptionModule ["secrets"] ["age" "secrets"])];
+
+  config = {
+    age.identityPaths =
+      if this.isHeadful
+      then ["${config.my.home}/.ssh/id_${my.ssh.type}"]
+      else
+        map (attr: attr.path) (filter (attr: attr.type == my.ssh.type)
+          config.services.openssh.hostKeys);
+
+    environment.systemPackages = with pkgs; [agenix];
+  };
+}
diff --git a/modules/common/curl.nix b/modules/common/curl.nix
index a48b93e..7c51bbd 100644
--- a/modules/common/curl.nix
+++ b/modules/common/curl.nix
@@ -7,7 +7,7 @@
 with lib; let
   cfg = config.nixfiles.modules.curl;
 in {
-  options.nixfiles.modules.curl.enable = mkEnableOption "cURL.";
+  options.nixfiles.modules.curl.enable = mkEnableOption "cURL";
 
   config = mkIf cfg.enable {
     hm.home.file.".curlrc".text = ''
diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix
index bc4acdc..268d77d 100644
--- a/modules/common/emacs/default.nix
+++ b/modules/common/emacs/default.nix
@@ -1,8 +1,9 @@
 {
   config,
+  inputs,
   lib,
+  localUsername ? lib.my.username,
   pkgs,
-  pkgsStable,
   this,
   ...
 }:
@@ -12,6 +13,11 @@ in {
   options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs";
 
   config = mkIf cfg.enable {
+    secrets.authinfo = {
+      file = "${inputs.self}/secrets/authinfo";
+      owner = localUsername;
+    };
+
     nixfiles.modules = {
       fonts.enable = true;
       git.client.enable = true;
@@ -114,6 +120,8 @@ in {
                 concatMapStringsSep ":" (x: "${x}/bin") extraBins
               }"))
 
+              (appendq! auth-sources '("${config.secrets.authinfo.path}"))
+
               ;; Font must be set to N+2 because otherwise it looks too small.
               (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}"
                                           :size ${toString (config.fontScheme.monospaceFont.size + 2)})
@@ -139,11 +147,23 @@ in {
             (builtins.readFile ./doom/config.el)
           ];
           onChange = with config.hm.programs; ''
-            if [[ -x "''${XDG_CONFIG_HOME:~/.config}/emacs/bin/doom" ]]; then
+            export DOOMDIR="$HOME/.config/doom"
+            export EMACSDIR="$HOME/.config/emacs"
+
+            if [[ ! -d "$EMACSDIR/.git" ]]; then
+              ${git.package}/bin/git clone --depth=1 --branch=master \
+                "https://github.com/doomemacs/doomemacs" "$EMACSDIR"
+            fi
+
+            if [[ ! -d "$DOOMDIR" ]]; then
+              mkdir -p "$DOOMDIR"
+            fi
+
+            if [[ -x "$EMACSDIR/bin/doom" ]]; then
               oldpath="$PATH"
               export PATH="''${PATH:-/bin}:${emacs.package}/bin:${git.package}/bin"
 
-              "''${XDG_CONFIG_HOME:~/.config}/emacs/bin/doom" sync
+              "$EMACSDIR/bin/doom" sync -e -p --force --verbose
 
               export PATH="$oldpath"
               unset oldpath
@@ -155,8 +175,7 @@ in {
       programs.emacs = {
         enable = true;
         package = pkgs.emacs28; # Pin to avoid surprises.
-        # For some reason latest libvterm is not picked up by Emacs.
-        extraPackages = _: with pkgsStable.emacsPackages; [vterm];
+        extraPackages = p: with p; [vterm];
       };
     };
   };
diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el
index 9284e0b..502ca27 100644
--- a/modules/common/emacs/doom/config.el
+++ b/modules/common/emacs/doom/config.el
@@ -84,6 +84,8 @@
 ;;; Nix
 ;;
 
+(setq nix-nixfmt-bin "alejandra")
+
 (after! lsp-mode
   (add-to-list 'lsp-language-id-configuration '(nix-mode . "nix"))
   (lsp-register-client
diff --git a/modules/common/git.nix b/modules/common/git.nix
index 2a0554f..c3ebafc 100644
--- a/modules/common/git.nix
+++ b/modules/common/git.nix
@@ -1,6 +1,8 @@
 {
   config,
+  inputs,
   lib,
+  localUsername ? lib.my.username,
   pkgs,
   ...
 }:
@@ -11,6 +13,27 @@ in {
     mkEnableOption "Git client";
 
   config = mkIf cfg.client.enable {
+    secrets = let
+      # HACK Darwin doesn't support XDG specifications.
+      configHome = "${config.my.home}/.config";
+    in {
+      glab-cli-config = {
+        file = "${inputs.self}/secrets/glab-cli-config";
+        path = "${configHome}/glab-cli/config.yml";
+        owner = localUsername;
+      };
+      gh-hosts = {
+        file = "${inputs.self}/secrets/gh-hosts";
+        path = "${configHome}/gh/hosts.yml";
+        owner = localUsername;
+      };
+      hut = {
+        file = "${inputs.self}/secrets/hut";
+        path = "${configHome}/hut/config";
+        owner = localUsername;
+      };
+    };
+
     hm = {
       home.packages = with pkgs; [glab hut];
 
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
index 149b2d6..b03e431 100644
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@@ -4,6 +4,7 @@ _: {
     ./locale.nix
     ./networking.nix
     ./nix.nix
+    ./secrets.nix
     ./shell.nix
     ./users.nix
   ];
diff --git a/modules/darwin/common/secrets.nix b/modules/darwin/common/secrets.nix
new file mode 100644
index 0000000..0656ae8
--- /dev/null
+++ b/modules/darwin/common/secrets.nix
@@ -0,0 +1,3 @@
+{inputs, ...}: {
+  imports = [inputs.agenix.darwinModules.default];
+}
diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix
index efebe97..410e01d 100644
--- a/modules/nixos/common/nix.nix
+++ b/modules/nixos/common/nix.nix
@@ -14,13 +14,10 @@ in {
   };
 
   config = {
-    nix.settings.trusted-users = ["@wheel"];
-
     nixpkgs = {
       config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages;
 
       overlays = with inputs; [
-        agenix.overlays.default
         nix-minecraft.overlay
         pollymc.overlay
         xmonad-ng.overlays.default
diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix
index 2ee5753..9a82c44 100644
--- a/modules/nixos/common/secrets.nix
+++ b/modules/nixos/common/secrets.nix
@@ -1,45 +1,3 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  this,
-  ...
-}:
-with lib; {
-  imports = [
-    inputs.agenix.nixosModules.default
-    (mkAliasOptionModule ["secrets"] ["age" "secrets"])
-  ];
-
-  config = {
-    age = {
-      identityPaths =
-        if this.isHeadful
-        then ["${config.my.home}/.ssh/id_${my.ssh.type}"]
-        else
-          map (attr: attr.path) (filter (attr: attr.type == my.ssh.type)
-            config.services.openssh.hostKeys);
-
-      # This can be used to auto-add all secrets, thus eliminating the need to
-      # specify path to each envrypted file. The drawback is that this will
-      # expose *all* secrets to all machines and try to decrypt them all even on
-      # machines where the secret will not be used.
-      #
-      # secrets =
-      #   let
-      #     secretsSourceDir = "${inputs.self}/age";
-      #   in
-      #   mapAttrs'
-      #     (name: _:
-      #       nameValuePair name {
-      #         file = "${secretsSourceDir}/${name}";
-      #         owner = mkDefault my.username;
-      #         group = mkDefault config.my.group;
-      #       })
-      #     (builtins.readDir secretsSourceDir);
-    };
-
-    environment.systemPackages = with pkgs; [agenix];
-  };
+{inputs, ...}: {
+  imports = [inputs.agenix.nixosModules.default];
 }
diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix
index e348398..82c2f6e 100644
--- a/modules/nixos/emacs.nix
+++ b/modules/nixos/emacs.nix
@@ -1,6 +1,5 @@
 {
   config,
-  inputs,
   lib,
   ...
 }:
@@ -8,23 +7,11 @@ with lib; let
   cfg = config.nixfiles.modules.emacs;
 in {
   config = mkIf cfg.enable {
-    secrets.authinfo = {
-      file = "${inputs.self}/secrets/authinfo";
-      owner = my.username;
-      inherit (config.my) group;
-    };
-
     nixfiles.modules.x11.enable = true;
 
-    hm = {
-      programs.emacs.extraConfig = mkAfter ''
-        (appendq! auth-sources '("${config.secrets.authinfo.path}"))
-      '';
-
-      services.emacs = {
-        enable = true;
-        client.enable = true;
-      };
+    hm.services.emacs = {
+      enable = true;
+      client.enable = true;
     };
   };
 }
diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix
index 1bf63c7..fd25eec 100644
--- a/modules/nixos/git/default.nix
+++ b/modules/nixos/git/default.nix
@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  inputs,
   pkgs,
   ...
 }:
@@ -24,123 +23,99 @@ in {
     };
   };
 
-  config = mkMerge [
-    (mkIf cfg.client.enable {
-      secrets = {
-        glab-cli-config = {
-          file = "${inputs.self}/secrets/glab-cli-config";
-          path = "${config.dirs.config}/glab-cli/config.yml";
-          owner = my.username;
-          inherit (config.my) group;
-        };
-        gh-hosts = {
-          file = "${inputs.self}/secrets/gh-hosts";
-          path = "${config.dirs.config}/gh/hosts.yml";
-          owner = my.username;
-          inherit (config.my) group;
-        };
-        hut = {
-          file = "${inputs.self}/secrets/hut";
-          path = "${config.dirs.config}/hut/config";
-          owner = my.username;
-          inherit (config.my) group;
-        };
-      };
-    })
-    (mkIf cfg.server.enable {
-      nixfiles.modules.nginx = {
-        enable = true;
-        virtualHosts.${cfg.server.domain} = {
-          locations = {
-            "/".extraConfig = let
-              cgitrc = pkgs.writeText "cgitrc" ''
-                root-title=github sux >:^(
-                root-desc=Homo sum, humani a me nihil alienum puto.
-                footer=
+  config = mkIf cfg.server.enable {
+    nixfiles.modules.nginx = {
+      enable = true;
+      virtualHosts.${cfg.server.domain} = {
+        locations = {
+          "/".extraConfig = let
+            cgitrc = pkgs.writeText "cgitrc" ''
+              root-title=github sux >:^(
+              root-desc=Homo sum, humani a me nihil alienum puto.
+              footer=
 
-                clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL
+              clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL
 
-                logo=/cgit-custom-logo.gif
-                favicon=/cgit-custom-favicon.gif
-                css=/cgit-custom-style.css
+              logo=/cgit-custom-logo.gif
+              favicon=/cgit-custom-favicon.gif
+              css=/cgit-custom-style.css
 
-                about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
-                source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
-                commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh
+              about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
+              source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
+              commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh
 
-                enable-git-config=1
-                enable-gitweb-owner=1
-                remove-suffix=1
+              enable-git-config=1
+              enable-gitweb-owner=1
+              remove-suffix=1
 
-                readme=:README
-                readme=:README.md
-                readme=:README.org
-                readme=:README.txt
-                readme=:readme
-                readme=:readme.md
-                readme=:readme.org
-                readme=:readme.txt
+              readme=:README
+              readme=:README.md
+              readme=:README.org
+              readme=:README.txt
+              readme=:readme
+              readme=:readme.md
+              readme=:readme.org
+              readme=:readme.txt
 
-                scan-path=${config.services.gitolite.dataDir}/repositories
-              '';
-            in ''
-              include ${config.services.nginx.package}/conf/fastcgi_params;
-              fastcgi_split_path_info ^(/?)(.+)$;
-              fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
-              fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
-              fastcgi_param CGIT_CONFIG ${cgitrc};
-              fastcgi_param PATH_INFO $uri;
-              fastcgi_param QUERY_STRING $args;
-              fastcgi_param HTTP_HOST $server_name;
-            '';
-            "~* ^.+(cgit.css|robots.txt)$".extraConfig = ''
-              root ${cfg.server.package}/cgit;
+              scan-path=${config.services.gitolite.dataDir}/repositories
             '';
-            "~* ^.+cgit-custom-logo.gif$".extraConfig = ''
-              alias ${./logo.gif};
-            '';
-            "~* ^.+cgit-custom-favicon.gif$".extraConfig = ''
-              alias ${./favicon.ico};
-            '';
-            "~* ^.+cgit-custom-style.css$".extraConfig = let
-              css = with config.colourScheme;
-                pkgs.writeText "custom.css" ''
-                  @import url("cgit.css");
+          in ''
+            include ${config.services.nginx.package}/conf/fastcgi_params;
+            fastcgi_split_path_info ^(/?)(.+)$;
+            fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+            fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
+            fastcgi_param CGIT_CONFIG ${cgitrc};
+            fastcgi_param PATH_INFO $uri;
+            fastcgi_param QUERY_STRING $args;
+            fastcgi_param HTTP_HOST $server_name;
+          '';
+          "~* ^.+(cgit.css|robots.txt)$".extraConfig = ''
+            root ${cfg.server.package}/cgit;
+          '';
+          "~* ^.+cgit-custom-logo.gif$".extraConfig = ''
+            alias ${./logo.gif};
+          '';
+          "~* ^.+cgit-custom-favicon.gif$".extraConfig = ''
+            alias ${./favicon.ico};
+          '';
+          "~* ^.+cgit-custom-style.css$".extraConfig = let
+            css = with config.colourScheme;
+              pkgs.writeText "custom.css" ''
+                @import url("cgit.css");
 
-                  div#cgit {
-                    font-family: "${config.fontScheme.monospaceFont.family}", monospace;
-                    -moz-tab-size: 4;
-                    tab-size: 4;
-                  }
-                '';
-            in ''
-              alias ${css};
-            '';
-          };
+                div#cgit {
+                  font-family: "${config.fontScheme.monospaceFont.family}", monospace;
+                  -moz-tab-size: 4;
+                  tab-size: 4;
+                }
+              '';
+          in ''
+            alias ${css};
+          '';
         };
       };
+    };
 
-      services = let
-        user = "git";
-        group = "git";
-      in {
-        gitolite = {
-          enable = true;
-          inherit user group;
-          adminPubkey = my.ssh.key;
-          extraGitoliteRc = ''
-            # This allows hiding repositories via "cgit.ignore"[1].
-            #
-            # [1]: https://www.omarpolo.com/post/cgit-gitolite.html
-            $RC{GIT_CONFIG_KEYS} = '.*';
-          '';
-        };
+    services = let
+      user = "git";
+      group = "git";
+    in {
+      gitolite = {
+        enable = true;
+        inherit user group;
+        adminPubkey = my.ssh.key;
+        extraGitoliteRc = ''
+          # This allows hiding repositories via "cgit.ignore"[1].
+          #
+          # [1]: https://www.omarpolo.com/post/cgit-gitolite.html
+          $RC{GIT_CONFIG_KEYS} = '.*';
+        '';
+      };
 
-        fcgiwrap = {
-          enable = true;
-          inherit user group;
-        };
+      fcgiwrap = {
+        enable = true;
+        inherit user group;
       };
-    })
-  ];
+    };
+  };
 }

Consider giving Nix/NixOS a try! <3