diff options
-rw-r--r-- | darwinConfigurations/mairon/default.nix | 2 | ||||
-rw-r--r-- | flake.lock | 78 | ||||
-rw-r--r-- | modules/common/common/nix/default.nix | 50 | ||||
-rw-r--r-- | modules/common/profiles/dev/containers.nix | 2 | ||||
-rw-r--r-- | modules/common/profiles/dev/default.nix | 7 | ||||
-rw-r--r-- | modules/nixos/plausible-nixpkgs-override.nix | 312 | ||||
-rw-r--r-- | modules/nixos/plausible.nix | 19 | ||||
-rw-r--r-- | nixosConfigurations/eonwe/default.nix | 12 | ||||
-rw-r--r-- | packages/nixfiles.nix | 213 |
9 files changed, 229 insertions, 466 deletions
diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix index 96538ec..00df257 100644 --- a/darwinConfigurations/mairon/default.nix +++ b/darwinConfigurations/mairon/default.nix @@ -26,10 +26,12 @@ with lib; { {name = "burp-suite";} {name = "cocoapods";} {name = "docker";} + {name = "go";} {name = "jetbrains-toolbox";} {name = "obs";} {name = "openlens";} {name = "postman";} + {name = "shadowsocksx-ng";} {name = "vial";} {name = "vnc-viewer";} {name = "wireshark";} diff --git a/flake.lock b/flake.lock index aaff461..7aa25b1 100644 --- a/flake.lock +++ b/flake.lock @@ -13,11 +13,11 @@ ] }, "locked": { - "lastModified": 1694793763, - "narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=", + "lastModified": 1695384796, + "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", "owner": "ryantm", "repo": "agenix", - "rev": "572baca9b0c592f71982fca0790db4ce311e3c75", + "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4", "type": "github" }, "original": { @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1693814299, - "narHash": "sha256-DdmhEwIkd/t8vb7i2HS+M/rzcgSsxufC0F7LCDh0F/I=", + "lastModified": 1695631916, + "narHash": "sha256-/VSzU9MRKB/9EE5EP6vkamC6Ree14hRdzZkdmdGmEFM=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "64bfb7623798d17c0ea0541f7f1488975ab4ff73", + "rev": "4e724d5102a289400ea535429c331b23b3799de5", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1694810318, - "narHash": "sha256-LuvrVj2oj9TzdnnwtQUClqcXjpgwCP01FFVBM7azGV8=", + "lastModified": 1695686713, + "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "80bb201f4925cdda5a7a3c7b1900fb26bb2af2e8", + "rev": "e236a1e598a9a59265897948ac9874c364b9555f", "type": "github" }, "original": { @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1694643239, - "narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=", + "lastModified": 1695738267, + "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d9b88b43524db1591fb3d9410a21428198d75d49", + "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486", "type": "github" }, "original": { @@ -346,11 +346,11 @@ ] }, "locked": { - "lastModified": 1694740557, - "narHash": "sha256-9HZ8cHeSv3uy6xcErO4Eb60lhcov7uXXeUFmqbAcjYs=", + "lastModified": 1695777360, + "narHash": "sha256-dU1Baq0ae2JRCLwg7puSZ8+4lfd401gnQEVHKA4QYH8=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "20d2f5ccd03b8b1549f2b2e92d4d147318bc1296", + "rev": "769afc9e3338697d0ff129ef096a7fde6db3d696", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1694740775, - "narHash": "sha256-cxnaqGPye8mN7WaCpF1TGlcQaSHAyEIgSVImOTuVrsQ=", + "lastModified": 1695777563, + "narHash": "sha256-eRYVpsEgU61yjBRdwEm+fvmwbl1had2GSULpAaB8KWI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d073d60efa6c3400d9de3c91bcddba5c4c419159", + "rev": "c64fa1726fda5190c5f6fe0f1a76262cca1962cd", "type": "github" }, "original": { @@ -389,11 +389,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1694710316, - "narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=", + "lastModified": 1695541019, + "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "570256327eb6ca6f7bebe8d93af49459092a0c43", + "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694760568, - "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", + "lastModified": 1695806987, + "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", + "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1694810993, - "narHash": "sha256-SWYQdFzdcRyGoX4b2G1sZfGwvizrVejBaVB54OUjgBc=", + "lastModified": 1695859332, + "narHash": "sha256-w2a7NW3VtI5FgFPUKslYRGAj5Qb7y4i0I2QO0S/lBMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fb1b6096567f4a5e7e5f195396950a77d8d85d7", + "rev": "248a83fffc10b627da67fa6b25d2c13fc7542628", "type": "github" }, "original": { @@ -437,11 +437,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1694810104, - "narHash": "sha256-9UCF1nno2Cy+a4uu5lScW3cIrfUQAdTteYCDGCeIUWE=", + "lastModified": 1695857902, + "narHash": "sha256-zBTlSQ1TMKdGjZCQk4KrVmDmosq3MQf98ichJ2sXBBE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "15af07fe9e9e8c01dcaaff0e1ee71186c64f04f7", + "rev": "c9ac6ec01314e8ff2669bd723bfb98bb072723b4", "type": "github" }, "original": { @@ -465,11 +465,11 @@ ] }, "locked": { - "lastModified": 1694341786, - "narHash": "sha256-7xp0lZ0Ihx1f9WLYxOWP73PlM0HOa0Wrp3/iF7D++zc=", + "lastModified": 1695804493, + "narHash": "sha256-LcHdI5TjeomY7Q244iKwcZUUwT5uZUUFANORNIoslKY=", "owner": "nix-community", "repo": "nixvim", - "rev": "9e6892e8391a5bcc3727802b6a9fb2b9b52537df", + "rev": "9e448b7ff002505774c53b815726edbb677afea6", "type": "github" }, "original": { @@ -515,11 +515,11 @@ }, "nur": { "locked": { - "lastModified": 1694810691, - "narHash": "sha256-PiJzhZcBIYMAolB3IL8qiYJwERlqxexY0lK0/XRTaAk=", + "lastModified": 1695858410, + "narHash": "sha256-Y/xJxDBhrI8WZGX0L8GDw0vTdFpmh1P10lq9sws6YKo=", "owner": "nix-community", "repo": "NUR", - "rev": "0ea96f83aba38b8e75462f16ae7862285b772b2c", + "rev": "b7a926cb0b29662ee27f382bf1c2aa26608f45ec", "type": "github" }, "original": { @@ -606,11 +606,11 @@ ] }, "locked": { - "lastModified": 1694364351, - "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", + "lastModified": 1695576016, + "narHash": "sha256-71KxwRhTfVuh7kNrg3/edNjYVg9DCyKZl2QIKbhRggg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", + "rev": "cb770e93516a1609652fa8e945a0f310e98f10c0", "type": "github" }, "original": { diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix index d6cd362..dc99434 100644 --- a/modules/common/common/nix/default.nix +++ b/modules/common/common/nix/default.nix @@ -37,6 +37,7 @@ with lib; { experimental-features = concatStringsSep " " [ "flakes" "nix-command" + "recursive-nix" "repl-flake" ]; @@ -123,30 +124,31 @@ with lib; { ) ]; - environment.systemPackages = with pkgs; - optionals this.isHeadful [ - nix-top - nix-tree - ]; + environment = { + systemPackages = with pkgs; + optionals this.isHeadful [ + nix-top + nix-tree + nixfiles + ]; + variables.NIXFILES = "${config.my.home}/src/nixfiles"; + }; - hm.home.file.".nix-defexpr/default.nix".text = - optionalString this.isHeadful - ( + hm.home.file.".nix-defexpr/default.nix".text = let + hostname = strings.escapeNixIdentifier this.hostname; + in + optionalString this.isHeadful '' let - hostname = strings.escapeNixIdentifier this.hostname; - in '' - let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - } // configurations // local._module.args - '' - ); + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + } // configurations // local._module.args + ''; } diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix index 06826f9..61a9f09 100644 --- a/modules/common/profiles/dev/containers.nix +++ b/modules/common/profiles/dev/containers.nix @@ -44,7 +44,7 @@ in { kubelogin-oidc kubent kubernetes-helm - kubescape + # kubescape kubeseal kubespy minikube diff --git a/modules/common/profiles/dev/default.nix b/modules/common/profiles/dev/default.nix index 442a03a..4f2a80f 100644 --- a/modules/common/profiles/dev/default.nix +++ b/modules/common/profiles/dev/default.nix @@ -79,13 +79,14 @@ in { }; packages = with pkgs; [ - htmlq - hydra-check - jq nix-index nix-update nixpkgs-review + hydra-check + jq yq + htmlq + sops ]; }; }; diff --git a/modules/nixos/plausible-nixpkgs-override.nix b/modules/nixos/plausible-nixpkgs-override.nix deleted file mode 100644 index 67fffdc..0000000 --- a/modules/nixos/plausible-nixpkgs-override.nix +++ /dev/null @@ -1,312 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -with lib; let - cfg = config.services.plausible; -in { - options.services.plausible = { - enable = mkEnableOption (lib.mdDoc "plausible"); - - package = mkPackageOptionMD pkgs "plausible" {}; - - releaseCookiePath = mkOption { - type = with types; either str path; - description = lib.mdDoc '' - The path to the file with release cookie. (used for remote connection to the running node). - ''; - }; - - adminUser = { - name = mkOption { - default = "admin"; - type = types.str; - description = lib.mdDoc '' - Name of the admin user that plausible will created on initial startup. - ''; - }; - - email = mkOption { - type = types.str; - example = "admin@localhost"; - description = lib.mdDoc '' - Email-address of the admin-user. - ''; - }; - - passwordFile = mkOption { - type = types.either types.str types.path; - description = lib.mdDoc '' - Path to the file which contains the password of the admin user. - ''; - }; - - activate = mkEnableOption (lib.mdDoc "activating the freshly created admin-user"); - }; - - database = { - clickhouse = { - setup = mkEnableOption (lib.mdDoc "creating a clickhouse instance") // {default = true;}; - url = mkOption { - default = "http://localhost:8123/default"; - type = types.str; - description = lib.mdDoc '' - The URL to be used to connect to `clickhouse`. - ''; - }; - }; - postgres = { - setup = mkEnableOption (lib.mdDoc "creating a postgresql instance") // {default = true;}; - dbname = mkOption { - default = "plausible"; - type = types.str; - description = lib.mdDoc '' - Name of the database to use. - ''; - }; - socket = mkOption { - default = "/run/postgresql"; - type = types.str; - description = lib.mdDoc '' - Path to the UNIX domain-socket to communicate with `postgres`. - ''; - }; - }; - }; - - server = { - disableRegistration = mkOption { - default = true; - type = types.bool; - description = lib.mdDoc '' - Whether to prohibit creating an account in plausible's UI. - ''; - }; - secretKeybaseFile = mkOption { - type = types.either types.path types.str; - description = lib.mdDoc '' - Path to the secret used by the `phoenix`-framework. Instructions - how to generate one are documented in the - [ - framework docs](https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content). - ''; - }; - port = mkOption { - default = 8000; - type = types.port; - description = lib.mdDoc '' - Port where the service should be available. - ''; - }; - baseUrl = mkOption { - type = types.str; - description = lib.mdDoc '' - Public URL where plausible is available. - - Note that `/path` components are currently ignored: - [ - https://github.com/plausible/analytics/issues/1182 - ](https://github.com/plausible/analytics/issues/1182). - ''; - }; - }; - - mail = { - email = mkOption { - default = "hello@plausible.local"; - type = types.str; - description = lib.mdDoc '' - The email id to use for as *from* address of all communications - from Plausible. - ''; - }; - smtp = { - hostAddr = mkOption { - default = "localhost"; - type = types.str; - description = lib.mdDoc '' - The host address of your smtp server. - ''; - }; - hostPort = mkOption { - default = 25; - type = types.port; - description = lib.mdDoc '' - The port of your smtp server. - ''; - }; - user = mkOption { - default = null; - type = types.nullOr types.str; - description = lib.mdDoc '' - The username/email in case SMTP auth is enabled. - ''; - }; - passwordFile = mkOption { - default = null; - type = with types; nullOr (either str path); - description = lib.mdDoc '' - The path to the file with the password in case SMTP auth is enabled. - ''; - }; - enableSSL = mkEnableOption (lib.mdDoc "SSL when connecting to the SMTP server"); - retries = mkOption { - type = types.ints.unsigned; - default = 2; - description = lib.mdDoc '' - Number of retries to make until mailer gives up. - ''; - }; - }; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.adminUser.activate -> cfg.database.postgres.setup; - message = '' - Unable to automatically activate the admin-user if no locally managed DB for - postgres (`services.plausible.database.postgres.setup') is enabled! - ''; - } - ]; - - services = { - postgresql = mkIf cfg.database.postgres.setup { - enable = true; - }; - - clickhouse = mkIf cfg.database.clickhouse.setup { - enable = true; - }; - - epmd.enable = true; - }; - - environment.systemPackages = [cfg.package]; - - systemd.services = mkMerge [ - { - plausible = { - inherit (cfg.package.meta) description; - documentation = ["https://plausible.io/docs/self-hosting"]; - wantedBy = ["multi-user.target"]; - after = - optional cfg.database.clickhouse.setup "clickhouse.service" - ++ optionals cfg.database.postgres.setup [ - "postgresql.service" - "plausible-postgres.service" - ]; - requires = - optional cfg.database.clickhouse.setup "clickhouse.service" - ++ optionals cfg.database.postgres.setup [ - "postgresql.service" - "plausible-postgres.service" - ]; - - environment = - { - # NixOS specific option to avoid that it's trying to write into its store-path. - # See also https://github.com/lau/tzdata#data-directory-and-releases - STORAGE_DIR = "/var/lib/plausible/elixir_tzdata"; - - # Configuration options from - # https://plausible.io/docs/self-hosting-configuration - PORT = toString cfg.server.port; - DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration; - - RELEASE_TMP = "/var/lib/plausible/tmp"; - # Home is needed to connect to the node with iex - HOME = "/var/lib/plausible"; - - ADMIN_USER_NAME = cfg.adminUser.name; - ADMIN_USER_EMAIL = cfg.adminUser.email; - - DATABASE_SOCKET_DIR = cfg.database.postgres.socket; - DATABASE_NAME = cfg.database.postgres.dbname; - CLICKHOUSE_DATABASE_URL = cfg.database.clickhouse.url; - - BASE_URL = cfg.server.baseUrl; - - MAILER_EMAIL = cfg.mail.email; - SMTP_HOST_ADDR = cfg.mail.smtp.hostAddr; - SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort; - SMTP_RETRIES = toString cfg.mail.smtp.retries; - SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL; - - SELFHOST = "true"; - } - // (optionalAttrs (cfg.mail.smtp.user != null) { - SMTP_USER_NAME = cfg.mail.smtp.user; - }); - - path = - [cfg.package] - ++ optional cfg.database.postgres.setup config.services.postgresql.package; - script = '' - export RELEASE_COOKIE="$(< $CREDENTIALS_DIRECTORY/RELEASE_COOKIE )" - export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )" - export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )" - - ${lib.optionalString (cfg.mail.smtp.passwordFile != null) - ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''} - - # setup - ${cfg.package}/createdb.sh - ${cfg.package}/migrate.sh - export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb - ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))" - ${optionalString cfg.adminUser.activate '' - psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';" - ''} - - exec plausible start - ''; - - serviceConfig = { - DynamicUser = true; - PrivateTmp = true; - WorkingDirectory = "/var/lib/plausible"; - StateDirectory = "plausible"; - LoadCredential = - [ - "ADMIN_USER_PWD:${cfg.adminUser.passwordFile}" - "SECRET_KEY_BASE:${cfg.server.secretKeybaseFile}" - "RELEASE_COOKIE:${cfg.releaseCookiePath}" - ] - ++ lib.optionals (cfg.mail.smtp.passwordFile != null) ["SMTP_USER_PWD:${cfg.mail.smtp.passwordFile}"]; - }; - }; - } - (mkIf cfg.database.postgres.setup { - # `plausible' requires the `citext'-extension. - plausible-postgres = { - after = ["postgresql.service"]; - partOf = ["plausible.service"]; - serviceConfig = { - Type = "oneshot"; - User = config.services.postgresql.superUser; - RemainAfterExit = true; - }; - script = with cfg.database.postgres; '' - PSQL() { - ${config.services.postgresql.package}/bin/psql --port=5432 "$@" - } - # check if the database already exists - if ! PSQL -lqt | ${pkgs.coreutils}/bin/cut -d \| -f 1 | ${pkgs.gnugrep}/bin/grep -qw ${dbname} ; then - PSQL -tAc "CREATE ROLE plausible WITH LOGIN;" - PSQL -tAc "CREATE DATABASE ${dbname} WITH OWNER plausible;" - PSQL -d ${dbname} -tAc "CREATE EXTENSION IF NOT EXISTS citext;" - fi - ''; - }; - }) - ]; - }; - - meta.maintainers = with maintainers; [ma27]; - meta.doc = ./plausible.md; -} diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 856b318..6553462 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -2,18 +2,11 @@ config, inputs, lib, - pkgsPr, ... }: with lib; let cfg = config.nixfiles.modules.plausible; in { - disabledModules = ["services/web-apps/plausible.nix"]; - imports = [ - # TODO Wait for https://github.com/NixOS/nixpkgs/pull/253687 - ./plausible-nixpkgs-override.nix - ]; - options.nixfiles.modules.plausible = { enable = mkEnableOption "Plausible Analytics"; @@ -57,12 +50,9 @@ in { nginx = { enable = true; upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://plausible"; - proxyWebsockets = true; - }; - extraConfig = nginxInternalOnly; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://plausible"; + proxyWebsockets = true; }; }; postgresql = { @@ -90,9 +80,6 @@ in { services.plausible = { enable = true; - # TODO Wait for https://github.com/NixOS/nixpkgs/pull/253687 - package = (pkgsPr 253687 "sha256-36nXNVmZDgf//MrM6/VC7W4Vm013tJ6MlXvYQElhRRw=").plausible; - adminUser = { name = "admin"; email = "admin@${my.domain.shire}"; diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix index e7f0187..852dc07 100644 --- a/nixosConfigurations/eonwe/default.nix +++ b/nixosConfigurations/eonwe/default.nix @@ -14,23 +14,22 @@ with lib; { wireguard.client.enable = true; + ipfs.enable = true; syncthing.enable = true; openssh.server.enable = true; + android.enable = true; + beets.enable = true; + bluetooth.enable = true; games = { lutris.enable = true; minecraft.client.enable = true; - steam.enable = true; }; - android.enable = true; - bluetooth.enable = true; - beets.enable = true; libvirtd.enable = true; - qutebrowser.enable = true; mpd.enable = true; - ipfs.enable = true; + qutebrowser.enable = true; }; hm = { @@ -47,6 +46,7 @@ with lib; { radeontop vcmi vial + wireshark xonotic ]; diff --git a/packages/nixfiles.nix b/packages/nixfiles.nix index 47b2c49..3f17edc 100644 --- a/packages/nixfiles.nix +++ b/packages/nixfiles.nix @@ -3,71 +3,154 @@ jq, nix, openssh, + symlinkJoin, writeShellApplication, -}: -writeShellApplication { - name = "nixfiles"; - runtimeInputs = [git jq nix openssh]; - text = '' - cmd="$1" - shift - case "$cmd" in - update) - if (( $# )); then - args=() - for input do args+=(--update-input "$input"); done - exec nix flake lock "." "''${args[@]}" - else - exec nix flake update -v "." - fi - ;; - rev) - nix flake metadata --json nixfiles | - if (( $# )); then - jq -r --arg input "$1" '.locks.nodes[$input].locked.rev' - else - jq -r '.revision // "dirty"' - fi - ;; - repl|eval|build) - args=() - for arg do case $arg in - -w|--wip) args+=(--override-flake config ".") - ;; - *) args+=("$arg") - esac done - set -- "''${args[@]}" - ;;& - repl) - exec nix repl ~/.nix-defexpr "$@" - ;; - eval) - exec nix eval -f ~/.nix-defexpr --json "$@" | jq -r . - ;; - build) - exec nix build -f ~/.nix-defexpr --json "$@" | jq -r . - ;; - home) - attr="nixosConfigurations.$HOSTNAME.config.hm.home.activationPackage" - export VERBOSE=1 - exec nix shell --verbose ".#$attr" "$@" --command home-manager-generation - ;; - specialise) - name="$1" + writeTextDir, + xdg-utils, +}: let + bin = writeShellApplication { + name = "nixfiles"; + + runtimeInputs = [ + git + jq + nix + openssh + xdg-utils + ]; + + # Shamelessly appropriated from https://github.com/ncfavier/config. + # Hopefully Naïm will not sue me for copyright infrigment. + text = '' + nixfiles="''${NIXFILES:-$HOME/src/nixfiles}" + cmd=$1 shift - exec sudo /run/current-system/specialisation/"$name"/bin/switch-to-configuration switch - ;; - revert) - exec sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch - ;; - @*) - host="''${cmd#@}" - hostname="$(ssh -q "$host" 'echo "$HOSTNAME"')" - exec nixos-rebuild -v --flake ".#$hostname" --target-host "$host" --use-remote-sudo "$@" - ;; - *) - exec nixos-rebuild -v --flake . --use-remote-sudo "$cmd" "$@" - ;; - esac + case $cmd in + repl|eval|build|rev) + args=() flakeArgs=() + for arg do case $arg in + -w|--wip) flakeArgs+=(--override-flake nixfiles "$nixfiles");; + *) args+=("$arg") + esac done + set -- "''${args[@]}" + ;;& + + compare) + input=$1 + # shellcheck disable=SC1090 + . <(nix flake metadata --json nixfiles | jq -r --arg input "$input" ' + def browse($url): @sh "xdg-open \($url)"; + .locks.nodes[$input] | + if .locked.type == "github" then + browse("https://github.com/\(.locked.owner)/\(.locked.repo)/compare/\(.locked.rev)...\(.original.ref // "master")") + elif .locked.type == "gitlab" then + browse("https://gitlab.com/\(.locked.owner)/\(.locked.repo)/-/compare/\(.locked.rev)...\(.original.ref // "master")") + else + "echo unsupported input type \(.locked.type) (supported: github, gitlab)" + end + ') + ;; + update) + if (( $# )); then + args=() + for input do args+=(--update-input "$input"); done + exec nix flake lock --refresh "''${args[@]}" "$nixfiles" + else + # https://github.com/NixOS/nix/issues/6095 + exec nix flake update -v --refresh "$nixfiles" + fi + ;; + rev) + if (( $# )); then + expr=inputs.''${1//'/'/.inputs.}.rev + else + expr=self.revision + fi + nix eval "''${flakeArgs[@]}" -f ~/.nix-defexpr --raw "$expr" + echo + ;; + + repl) + exec nix repl "''${flakeArgs[@]}" -f ~/.nix-defexpr "$@";; + eval) + exec nix eval "''${flakeArgs[@]}" -f ~/.nix-defexpr --json "$@" | jq -r .;; + build) + # https://github.com/NixOS/nix/issues/6661 + exec nix-build --log-format bar-with-logs "''${flakeArgs[@]}" ~/.nix-defexpr -A "$@";; + + specialise) + name=$1 + shift + exec sudo /run/current-system/specialisation/"$name"/bin/switch-to-configuration switch;; + revert) + exec sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch;; + + home) + attr=nixosConfigurations."$HOSTNAME".config.hm.home.activationPackage + export VERBOSE=1 + exec nix shell -v ".#$attr" "$@" -c home-manager-generation;; + @*) + host=''${cmd#@} + hostname=$(ssh -q "$host" 'echo "$HOSTNAME"') + exec nixos-rebuild -v --flake ".#$hostname" --target-host "$host" --use-remote-sudo "$@";; + *) + exec nixos-rebuild -v --fast --flake "." --use-remote-sudo "$cmd" "$@";; + esac + ''; + }; + + bashCompletion = writeTextDir "/share/bash-completion/completions/nixfiles" '' + __compreply() { + local completion + while IFS= read -r completion; do + COMPREPLY+=("$completion") + done < <(compgen "$@" -- "$cur") + } + __complete_nix_cmd() { + local skip=$1; shift + COMP_WORDS=("$@" "''${COMP_WORDS[@]:skip}") + (( COMP_CWORD += $# - skip )) + _completion_loader nix + _complete_nix + } + _nixfiles() { + local cur prev words cword + local nixfiles="''${NIXFILES:-$HOME/src/nixfiles}" + _init_completion -n ':=&' + if [[ "$cword" == 1 ]] || [[ "$cword" == 2 && "$prev" == @* ]]; then + if [[ $cur == @* ]]; then + _known_hosts_real -a -- "$cur" + else + __compreply -W 'compare update repl eval bld specialise revert home build build-vm test switch boot' + fi + else case ''${words[1]} in + compare|update|rev) + __complete_nix_cmd "$cword" nix flake lock "$nixfiles" --update-input + ;; + repl|eval|bld) + compreply -W '-w --wip' + ;;& + repl) + __complete_nix_cmd 2 nix repl ~/.nix-defexpr + ;; + eval) + __complete_nix_cmd 2 nix eval -f ~/.nix-defexpr --json + ;; + build) + __complete_nix_cmd 2 nix build -f ~/.nix-defexpr --json + ;; + home) + __complete_nix_cmd 2 nix shell "$nixfiles" + ;; + build|switch) + __complete_nix_cmd 2 nix build "$nixfiles" + ;; + esac fi + } + complete -F _nixfiles nixfiles ''; -} +in + symlinkJoin { + name = "nixfiles"; + paths = [bin bashCompletion]; + } |